From 96cba089e378f30a3fad4c829ad44d712e4f841a Mon Sep 17 00:00:00 2001
From: Nathan Coleman <nathan.coleman@hashicorp.com>
Date: Thu, 22 Sep 2022 17:27:53 -0400
Subject: [PATCH 1/3] Allow the API Gateway controller to create and update
 Secrets

---
 charts/consul/templates/api-gateway-controller-clusterrole.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/charts/consul/templates/api-gateway-controller-clusterrole.yaml b/charts/consul/templates/api-gateway-controller-clusterrole.yaml
index 5253fd349c..cce6b5b6c6 100644
--- a/charts/consul/templates/api-gateway-controller-clusterrole.yaml
+++ b/charts/consul/templates/api-gateway-controller-clusterrole.yaml
@@ -92,8 +92,10 @@ rules:
   resources:
   - secrets
   verbs:
+  - create
   - get
   - list
+  - update
   - watch
 - apiGroups:
   - ""

From b3fcc2876a6fd82457089e114c4140168aa1d9db Mon Sep 17 00:00:00 2001
From: Nathan Coleman <nathan.coleman@hashicorp.com>
Date: Tue, 27 Sep 2022 14:36:28 -0400
Subject: [PATCH 2/3] Add changelog entry

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1320714741..3b6f3eb84e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ BUG FIXES:
 IMPROVEMENTS:
 * Helm:
   * API Gateway: Set primary datacenter flag when deploying controller into secondary datacenter with federation enabled [[GH-1511](https://github.com/hashicorp/consul-k8s/pull/1511)]
+  * API Gateway: Allow controller to create and update Secrets in order to support distroless Envoy images [[GH-1542](https://github.com/hashicorp/consul-k8s/pull/1542)]
 * Control-plane:
   * Support escaped commas in service tag annotations for pods which use `consul.hashicorp.com/connect-service-tags` or `consul.hashicorp.com/service-tags`. [[GH-1532](https://github.com/hashicorp/consul-k8s/pull/1532)]
 

From 5d07c8dc43d4d123fbc731d62991b827937c1409 Mon Sep 17 00:00:00 2001
From: Nathan Coleman <nathandanielcoleman@gmail.com>
Date: Tue, 27 Sep 2022 18:51:02 -0400
Subject: [PATCH 3/3] Update CHANGELOG.md

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3b6f3eb84e..9cf185b1cb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,7 +18,7 @@ BUG FIXES:
 IMPROVEMENTS:
 * Helm:
   * API Gateway: Set primary datacenter flag when deploying controller into secondary datacenter with federation enabled [[GH-1511](https://github.com/hashicorp/consul-k8s/pull/1511)]
-  * API Gateway: Allow controller to create and update Secrets in order to support distroless Envoy images [[GH-1542](https://github.com/hashicorp/consul-k8s/pull/1542)]
+  * API Gateway: Allow controller to create and update Secrets for storing Consul CA cert alongside gateway Deployments [[GH-1542](https://github.com/hashicorp/consul-k8s/pull/1542)]
 * Control-plane:
   * Support escaped commas in service tag annotations for pods which use `consul.hashicorp.com/connect-service-tags` or `consul.hashicorp.com/service-tags`. [[GH-1532](https://github.com/hashicorp/consul-k8s/pull/1532)]