Backport of update service config crds, update passive health check into release/0.49.x

.circleci/config.yml

@@ -46,8 +46,8 @@ commands:
             chmod +x ./kubectl
             sudo mv ./kubectl /usr/local/bin/kubectl
 
-            wget https://get.helm.sh/helm-v3.7.0-linux-amd64.tar.gz
-            tar -zxvf helm-v3.7.0-linux-amd64.tar.gz
+            wget https://get.helm.sh/helm-v3.9.4-linux-amd64.tar.gz
+            tar -zxvf helm-v3.9.4-linux-amd64.tar.gz
             sudo mv linux-amd64/helm /usr/local/bin/helm
   create-kind-clusters:
     parameters:
@@ -110,9 +110,10 @@ commands:
                   do
                     if ! gotestsum --no-summary=all --jsonfile=jsonfile-${pkg////-} -- $pkg -p 1 -timeout 2h -failfast \
                           << parameters.additional-flags >> \
-                          ${ENABLE_ENTERPRISE:+-enable-enterprise} \
                           -enable-multi-cluster \
+                          ${ENABLE_ENTERPRISE:+-enable-enterprise} \
                           -debug-directory="$TEST_RESULTS/debug" \
+                          -consul-image=hashicorppreview/consul-enterprise:1.14-dev \
                           -consul-k8s-image=<< parameters.consul-k8s-image >>
                     then
                       echo "Tests in ${pkg} failed, aborting early"
@@ -485,7 +486,7 @@ jobs:
 
   unit-test-helm-templates:
     docker:
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.12.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
 
     steps:
       - checkout
@@ -596,7 +597,7 @@ jobs:
   ##########################
   cleanup-gcp-resources:
     docker:
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.12.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
     steps:
       - run:
           name: cleanup leftover resources
@@ -614,7 +615,7 @@ jobs:
 
   cleanup-azure-resources:
     docker:
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.12.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
     steps:
       - run:
           name: cleanup leftover resources
@@ -632,7 +633,7 @@ jobs:
 
   cleanup-eks-resources:
     docker:
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.12.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
     steps:
       - checkout
       - run:
@@ -657,9 +658,10 @@ jobs:
     parallelism: 2
     environment:
       - TEST_RESULTS: /tmp/test-results
+      - USE_GKE_GCLOUD_AUTH_PLUGIN: true
     docker:
       # This image is built from test/docker/Test.dockerfile
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.12.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
 
     steps:
       - run:
@@ -725,9 +727,10 @@ jobs:
     parallelism: 2
     environment:
       - TEST_RESULTS: /tmp/test-results
+      - USE_GKE_GCLOUD_AUTH_PLUGIN: true
     docker:
       # This image is built from test/docker/Test.dockerfile
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.12.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
 
     steps:
       - run:
@@ -795,7 +798,7 @@ jobs:
       - TEST_RESULTS: /tmp/test-results
     docker:
       # This image is built from test/docker/Test.dockerfile
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.12.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
 
     steps:
       - checkout
@@ -852,7 +855,7 @@ jobs:
       - TEST_RESULTS: /tmp/test-results
     docker:
       # This image is built from test/docker/Test.dockerfile
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.12.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
 
     steps:
       - checkout
@@ -908,7 +911,7 @@ jobs:
       - TEST_RESULTS: /tmp/test-results
     docker:
       # This image is built from test/docker/Test.dockerfile
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.12.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
 
     steps:
       - checkout
@@ -971,7 +974,7 @@ jobs:
       - TEST_RESULTS: /tmp/test-results
     docker:
       # This image is built from test/docker/Test.dockerfile
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.12.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
 
     steps:
       - checkout
@@ -1034,7 +1037,7 @@ jobs:
     parallelism: 1
     docker:
       # This image is built from test/docker/Test.dockerfile
-      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.12.0
+      - image: docker.mirror.hashicorp.services/hashicorpdev/consul-helm-test:0.14.0
 
     steps:
       - checkout
@@ -1217,14 +1220,14 @@ workflows:
           context: consul-ci
           requires:
             - dev-upload-docker
-      - acceptance-tproxy-cni:
-          context: consul-ci
-          requires:
-            - dev-upload-docker
-      - acceptance-tproxy:
-          context: consul-ci
-          requires:
-            - dev-upload-docker
+#      - acceptance-tproxy-cni:
+#          context: consul-ci
+#          requires:
+#            - dev-upload-docker
+#      - acceptance-tproxy:
+#          context: consul-ci
+#          requires:
+#            - dev-upload-docker
   nightly-acceptance-tests:
     triggers:
       - schedule:

.github/workflows/backport.yml

@@ -14,7 +14,7 @@ jobs:
     container: hashicorpdev/backport-assistant:0.2.5
     steps:
       - name: Run Backport Assistant
-        run: backport-assistant backport -automerge
+        run: backport-assistant backport -automerge -merge-method=squash
         env:
           BACKPORT_LABEL_REGEXP: "backport/(?P<target>\\d+\\.\\d+\\.x)"
           BACKPORT_TARGET_TEMPLATE: "release/{{.target}}"

CHANGELOG.md

@@ -1,19 +1,23 @@
-## UNRELEASED
+## 0.49.0 (September 29, 2022)
 
 FEATURES:
 * CLI:
   * Add support for tab autocompletion [[GH-1437](https://github.com/hashicorp/consul-k8s/pull/1501)]
+* Consul CNI Plugin
+  * Support for OpenShift and Multus CNI plugin [[GH-1527](https://github.com/hashicorp/consul-k8s/pull/1527)]
 
 BUG FIXES:
 * Control plane
   * Use global ACL auth method to provision ACL tokens for API Gateway in secondary datacenter [[GH-1481](https://github.com/hashicorp/consul-k8s/pull/1481)]
+  * Peering: pass new `use_auto_cert` value to gRPC TLS config when auto-encrypt is enabled. [[GH-1541](https://github.com/hashicorp/consul-k8s/pull/1541)]
 * Helm:
   * Only create Federation Secret Job when server.updatePartition is 0 [[GH-1512](https://github.com/hashicorp/consul-k8s/pull/1512)]
   * Fixes a typo in the templating of `global.connectInject.disruptionBudget.maxUnavailable`. [[GH-1530](https://github.com/hashicorp/consul-k8s/pull/1530)]
 
 IMPROVEMENTS:
 * Helm:
   * API Gateway: Set primary datacenter flag when deploying controller into secondary datacenter with federation enabled [[GH-1511](https://github.com/hashicorp/consul-k8s/pull/1511)]
+  * API Gateway: Allow controller to create and update Secrets for storing Consul CA cert alongside gateway Deployments [[GH-1542](https://github.com/hashicorp/consul-k8s/pull/1542)]
 * Control-plane:
   * Support escaped commas in service tag annotations for pods which use `consul.hashicorp.com/connect-service-tags` or `consul.hashicorp.com/service-tags`. [[GH-1532](https://github.com/hashicorp/consul-k8s/pull/1532)]
 

CONTRIBUTING.md

@@ -876,7 +876,7 @@ func TestExample(t *testing.T) {
 }
 ```
 
-Please see [mesh gateway tests](acceptance/tests/mesh-gateway/mesh_gateway_test.go)
+Please see [wan federation tests](acceptance/tests/wan-federation/wan_federation_test.go)
 for an example of how to use write a test that uses multiple contexts.
 
 #### Writing Assertions

README.md

@@ -66,7 +66,7 @@ use Consul with Kubernetes, please see the
 [Consul and Kubernetes documentation](https://www.consul.io/docs/platform/k8s/index.html).
 
 ### Prerequisites
-  * **Helm 3.2+** (Helm 2 is not supported)
+  * **Helm 3.6+** 
   * **Kubernetes 1.21-1.24** - This is the earliest version of Kubernetes tested.
     It is possible that this chart works with earlier versions, but it is
     untested.

acceptance/framework/consul/helm_cluster.go

@@ -35,6 +35,10 @@ type HelmCluster struct {
 	// a bootstrap token from a Kubernetes secret stored in the cluster.
 	ACLToken string
 
+	// SkipCheckForPreviousInstallations is a toggle for skipping the check
+	// if there are any previous installations of this Helm chart in the cluster.
+	SkipCheckForPreviousInstallations bool
+
 	ctx                environment.TestContext
 	helmOptions        *helm.Options
 	releaseName        string
@@ -109,7 +113,9 @@ func (h *HelmCluster) Create(t *testing.T) {
 	})
 
 	// Fail if there are any existing installations of the Helm chart.
-	helpers.CheckForPriorInstallations(t, h.kubernetesClient, h.helmOptions, "consul-helm", "chart=consul-helm")
+	if !h.SkipCheckForPreviousInstallations {
+		helpers.CheckForPriorInstallations(t, h.kubernetesClient, h.helmOptions, "consul-helm", "chart=consul-helm")
+	}
 
 	chartName := config.HelmChartPath
 	if h.helmOptions.Version != config.HelmChartPath {
@@ -565,9 +571,8 @@ func configureSCCs(t *testing.T, client kubernetes.Interface, cfg *config.TestCo
 
 func defaultValues() map[string]string {
 	values := map[string]string{
-		"server.replicas":              "1",
-		"connectInject.envoyExtraArgs": "--log-level debug",
-		"connectInject.logLevel":       "debug",
+		"global.logLevel": "debug",
+		"server.replicas": "1",
 		// Disable DNS since enabling it changes the policy for the anonymous token,
 		// which could result in tests passing due to that token having privileges to read services
 		// (false positive).

acceptance/framework/consul/helm_cluster_test.go

@@ -23,41 +23,38 @@ func TestNewHelmCluster(t *testing.T) {
 			name:       "defaults are used when no helmValues are set",
 			helmValues: map[string]string{},
 			want: map[string]string{
-				"global.image":                                  "test-config-image",
-				"server.replicas":                               "1",
-				"connectInject.envoyExtraArgs":                  "--log-level debug",
-				"connectInject.logLevel":                        "debug",
+				"global.image":    "test-config-image",
+				"global.logLevel": "debug",
+				"server.replicas": "1",
 				"connectInject.transparentProxy.defaultEnabled": "false",
-				"dns.enabled":                                   "false",
-				"server.extraConfig":                            `"{\"log_level\": \"TRACE\"}"`,
-				"client.extraConfig":                            `"{\"log_level\": \"TRACE\"}"`,
+				"dns.enabled":        "false",
+				"server.extraConfig": `"{\"log_level\": \"TRACE\"}"`,
+				"client.extraConfig": `"{\"log_level\": \"TRACE\"}"`,
 			},
 		},
 		{
 			name: "when using helmValues, defaults are overridden",
 			helmValues: map[string]string{
-				"global.image":                                  "test-image",
-				"server.bootstrapExpect":                        "3",
-				"server.replicas":                               "3",
-				"connectInject.envoyExtraArgs":                  "--foo",
-				"connectInject.logLevel":                        "debug",
+				"global.image":           "test-image",
+				"global.logLevel":        "debug",
+				"server.bootstrapExpect": "3",
+				"server.replicas":        "3",
 				"connectInject.transparentProxy.defaultEnabled": "true",
-				"dns.enabled":                                   "true",
-				"server.extraConfig":                            `"{\"foo\": \"bar\"}"`,
-				"client.extraConfig":                            `"{\"foo\": \"bar\"}"`,
-				"feature.enabled":                               "true",
+				"dns.enabled":        "true",
+				"server.extraConfig": `"{\"foo\": \"bar\"}"`,
+				"client.extraConfig": `"{\"foo\": \"bar\"}"`,
+				"feature.enabled":    "true",
 			},
 			want: map[string]string{
-				"global.image":                                  "test-image",
-				"server.bootstrapExpect":                        "3",
-				"server.replicas":                               "3",
-				"connectInject.envoyExtraArgs":                  "--foo",
-				"connectInject.logLevel":                        "debug",
+				"global.image":           "test-image",
+				"global.logLevel":        "debug",
+				"server.bootstrapExpect": "3",
+				"server.replicas":        "3",
 				"connectInject.transparentProxy.defaultEnabled": "true",
-				"dns.enabled":                                   "true",
-				"server.extraConfig":                            `"{\"foo\": \"bar\"}"`,
-				"client.extraConfig":                            `"{\"foo\": \"bar\"}"`,
-				"feature.enabled":                               "true",
+				"dns.enabled":        "true",
+				"server.extraConfig": `"{\"foo\": \"bar\"}"`,
+				"client.extraConfig": `"{\"foo\": \"bar\"}"`,
+				"feature.enabled":    "true",
 			},
 		},
 	}

acceptance/go.sum

@@ -324,11 +324,8 @@ github.com/gruntwork-io/terratest v0.31.2 h1:xvYHA80MUq5kx670dM18HInewOrrQrAN+Xb
 github.com/gruntwork-io/terratest v0.31.2/go.mod h1:EEgJie28gX/4AD71IFqgMj6e99KP5mi81hEtzmDjxTo=
 github.com/hashicorp/consul-k8s/control-plane v0.0.0-20211207212234-aea9efea5638 h1:z68s6H6O3RjxDmNvou/2/3UBrsJkrMcNzI0IQN5scAM=
 github.com/hashicorp/consul-k8s/control-plane v0.0.0-20211207212234-aea9efea5638/go.mod h1:7ZeaiADGbvJDuoWAT8UKj6KCcLsFUk+34OkUGMVtdXg=
-github.com/hashicorp/consul/api v1.10.1-0.20220726130109-a6a79d6811df h1:CCh336XUGPaMNqMkzRAeEL0BFin7LhX729xy3IxE5Y4=
-github.com/hashicorp/consul/api v1.10.1-0.20220726130109-a6a79d6811df/go.mod h1:bcaw5CSZ7NE9qfOfKCI1xb7ZKjzu/MyvQkCLTfqLqxQ=
 github.com/hashicorp/consul/api v1.14.0 h1:Y64GIJ8hYTu+tuGekwO4G4ardXoiCivX9wv1iP/kihk=
 github.com/hashicorp/consul/api v1.14.0/go.mod h1:bcaw5CSZ7NE9qfOfKCI1xb7ZKjzu/MyvQkCLTfqLqxQ=
-github.com/hashicorp/consul/sdk v0.10.0 h1:rGLEh2AWK4K0KCMvqWAz2EYxQqgciIfMagWZ0nVe5MI=
 github.com/hashicorp/consul/sdk v0.10.0/go.mod h1:yPkX5Q6CsxTFMjQQDJwzeNmUUF5NUGGbrDsv9wTb8cw=
 github.com/hashicorp/consul/sdk v0.11.0 h1:HRzj8YSCln2yGgCumN5CL8lYlD3gBurnervJRJAZyC4=
 github.com/hashicorp/consul/sdk v0.11.0/go.mod h1:yPkX5Q6CsxTFMjQQDJwzeNmUUF5NUGGbrDsv9wTb8cw=