From 4cc276aff22aefb779eddef6b9833c0784b0f929 Mon Sep 17 00:00:00 2001 From: Nitya Dhanushkodi Date: Wed, 28 Aug 2024 12:52:09 -0700 Subject: [PATCH] [release/1.3.x] config entry: add validate_clusters to mesh config entry (#4265) * only bump consul modules * run make ctrl-generate and ctrl-manifests * bring back a change that gets overwritten by make scripts causing helm tests to fail * fix unit test * bump k8s.io dependencies * fix lint by updating to k8s.io/utils/ptr from k8s.io/utils/pointer * update v2 code from k8s.io/utils/ptr from k8s.io/utils/pointer * update k8s dependencies for cli, cni modules * update consul modules for cli * update sdk in cni since it's lagging --- .changelog/4256.txt | 3 + .github/scripts/skip_check_ci.sh | 3 + Makefile | 16 +- acceptance/go.mod | 2 +- acceptance/go.sum | 4 +- .../api_gateway_gatewayclassconfig_test.go | 16 +- .../crd-controlplanerequestlimits.yaml | 24 +- .../templates/crd-exportedservices.yaml | 34 +- .../templates/crd-gatewayclassconfigs.yaml | 113 ++-- .../crd-gatewayclasses-external.yaml | 9 +- .../consul/templates/crd-gatewaypolicies.yaml | 136 +++-- .../templates/crd-gateways-external.yaml | 9 +- .../templates/crd-grpcroutes-external.yaml | 9 +- charts/consul/templates/crd-grpcroutes.yaml | 502 +++++++++------- .../templates/crd-httproutes-external.yaml | 9 +- charts/consul/templates/crd-httproutes.yaml | 549 ++++++++++-------- .../consul/templates/crd-ingressgateways.yaml | 343 +++++------ charts/consul/templates/crd-jwtproviders.yaml | 276 +++++---- charts/consul/templates/crd-meshes.yaml | 135 +++-- charts/consul/templates/crd-meshservices.yaml | 25 +- .../templates/crd-peeringacceptors.yaml | 24 +- .../consul/templates/crd-peeringdialers.yaml | 24 +- .../templates/crd-proxyconfigurations.yaml | 279 ++++----- .../consul/templates/crd-proxydefaults.yaml | 155 ++--- .../crd-referencegrants-external.yaml | 9 +- .../templates/crd-routeauthfilters.yaml | 108 ++-- .../templates/crd-routeretryfilters.yaml | 24 +- .../templates/crd-routetimeoutfilters.yaml | 26 +- .../consul/templates/crd-samenessgroups.yaml | 50 +- .../consul/templates/crd-servicedefaults.yaml | 471 +++++++-------- .../templates/crd-serviceintentions.yaml | 125 ++-- .../templates/crd-serviceresolvers.yaml | 204 ++++--- .../consul/templates/crd-servicerouters.yaml | 152 ++--- .../templates/crd-servicesplitters.yaml | 96 +-- charts/consul/templates/crd-tcproutes.yaml | 213 ++++--- .../templates/crd-terminatinggateways.yaml | 41 +- .../templates/crd-tlsroutes-external.yaml | 9 +- .../templates/crd-trafficpermissions.yaml | 82 +-- .../templates/crd-udproutes-external.yaml | 9 +- cli/go.mod | 16 +- cli/go.sum | 48 +- control-plane/api-gateway/binding/cleanup.go | 3 + .../api-gateway/binding/cleanup_test.go | 3 + .../api-gateway/common/translation_test.go | 10 +- .../api-gateway/gatekeeper/dataplane.go | 6 +- control-plane/api-gateway/gatekeeper/init.go | 11 +- .../api/auth/v2beta1/zz_generated.deepcopy.go | 1 - .../api/mesh/v2beta1/zz_generated.deepcopy.go | 1 - .../api/v1alpha1/ingressgateway_types_test.go | 22 +- control-plane/api/v1alpha1/mesh_types.go | 8 + control-plane/api/v1alpha1/mesh_types_test.go | 4 + .../v1alpha1/servicedefaults_types_test.go | 62 +- .../api/v1alpha1/zz_generated.deepcopy.go | 1 - .../catalog/to-consul/resource_test.go | 58 +- control-plane/cni/go.mod | 31 +- control-plane/cni/go.sum | 83 ++- ...nsul.hashicorp.com_trafficpermissions.yaml | 82 +-- ...shicorp.com_controlplanerequestlimits.yaml | 24 +- ...consul.hashicorp.com_exportedservices.yaml | 34 +- ...sul.hashicorp.com_gatewayclassconfigs.yaml | 113 ++-- .../consul.hashicorp.com_gatewaypolicies.yaml | 136 +++-- .../consul.hashicorp.com_ingressgateways.yaml | 343 +++++------ .../consul.hashicorp.com_jwtproviders.yaml | 276 +++++---- .../bases/consul.hashicorp.com_meshes.yaml | 135 +++-- .../consul.hashicorp.com_meshservices.yaml | 25 +- ...consul.hashicorp.com_peeringacceptors.yaml | 24 +- .../consul.hashicorp.com_peeringdialers.yaml | 24 +- .../consul.hashicorp.com_proxydefaults.yaml | 155 ++--- ...consul.hashicorp.com_routeauthfilters.yaml | 108 ++-- ...onsul.hashicorp.com_routeretryfilters.yaml | 24 +- ...sul.hashicorp.com_routetimeoutfilters.yaml | 24 +- .../consul.hashicorp.com_samenessgroups.yaml | 50 +- .../consul.hashicorp.com_servicedefaults.yaml | 471 +++++++-------- ...onsul.hashicorp.com_serviceintentions.yaml | 125 ++-- ...consul.hashicorp.com_serviceresolvers.yaml | 204 ++++--- .../consul.hashicorp.com_servicerouters.yaml | 152 ++--- ...consul.hashicorp.com_servicesplitters.yaml | 96 +-- ...sul.hashicorp.com_terminatinggateways.yaml | 41 +- .../mesh.consul.hashicorp.com_grpcroutes.yaml | 502 +++++++++------- .../mesh.consul.hashicorp.com_httproutes.yaml | 549 ++++++++++-------- ...sul.hashicorp.com_proxyconfigurations.yaml | 279 ++++----- .../mesh.consul.hashicorp.com_tcproutes.yaml | 213 ++++--- .../peering/peering_acceptor_controller.go | 4 +- .../peering_acceptor_controller_test.go | 12 +- .../peering/peering_dialer_controller.go | 4 +- .../peering/peering_dialer_controller_test.go | 12 +- .../webhook/consul_dataplane_sidecar.go | 12 +- .../webhook/consul_dataplane_sidecar_test.go | 42 +- .../connect-inject/webhook/container_init.go | 22 +- .../webhook/container_init_test.go | 22 +- control-plane/connect-inject/webhook/dns.go | 6 +- .../connect-inject/webhook/dns_test.go | 10 +- .../webhookv2/consul_dataplane_sidecar.go | 12 +- .../consul_dataplane_sidecar_test.go | 42 +- .../webhookv2/container_init.go | 22 +- .../webhookv2/container_init_test.go | 22 +- control-plane/connect-inject/webhookv2/dns.go | 6 +- .../connect-inject/webhookv2/dns_test.go | 10 +- control-plane/go.mod | 48 +- control-plane/go.sum | 106 ++-- 100 files changed, 5097 insertions(+), 4212 deletions(-) create mode 100644 .changelog/4256.txt diff --git a/.changelog/4256.txt b/.changelog/4256.txt new file mode 100644 index 0000000000..d2279cfce7 --- /dev/null +++ b/.changelog/4256.txt @@ -0,0 +1,3 @@ +```release-note:improvement +config-entry: add validate_clusters to mesh config entry +``` \ No newline at end of file diff --git a/.github/scripts/skip_check_ci.sh b/.github/scripts/skip_check_ci.sh index e69de29bb2..48753c8fa7 100644 --- a/.github/scripts/skip_check_ci.sh +++ b/.github/scripts/skip_check_ci.sh @@ -0,0 +1,3 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + diff --git a/Makefile b/Makefile index 854c1fac80..dcad2a8bea 100644 --- a/Makefile +++ b/Makefile @@ -235,17 +235,17 @@ CONTROLLER_GEN=$(shell which controller-gen) endif .PHONY: ensure-controller-gen-version -ensure-controller-gen-version: ## Ensure controller-gen version is v0.12.1. +ensure-controller-gen-version: ## Ensure controller-gen version is v0.14.0. ifeq (, $(shell which $(CONTROLLER_GEN))) @echo "You don't have $(CONTROLLER_GEN), please install it first." else - ifeq (, $(shell $(CONTROLLER_GEN) --version | grep v0.12.1)) - @echo "controller-gen version is not v0.12.1, uninstall the binary and install the correct version with 'make get-controller-gen'." - @echo "Found version: $(shell $(CONTROLLER_GEN) --version)" - @exit 1 - else - @echo "Found correct version: $(shell $(CONTROLLER_GEN) --version)" - endif +ifeq (, $(shell $(CONTROLLER_GEN) --version | grep v0.14.0)) + @echo "controller-gen version is not v0.14.0, uninstall the binary and install the correct version with 'make get-controller-gen'." + @echo "Found version: $(shell $(CONTROLLER_GEN) --version)" + @exit 1 +else + @echo "Found correct version: $(shell $(CONTROLLER_GEN) --version)" +endif endif .PHONY: add-copyright-header diff --git a/acceptance/go.mod b/acceptance/go.mod index 36554ccd43..4885f87685 100644 --- a/acceptance/go.mod +++ b/acceptance/go.mod @@ -23,7 +23,7 @@ require ( k8s.io/api v0.28.9 k8s.io/apimachinery v0.28.9 k8s.io/client-go v0.28.9 - k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 + k8s.io/utils v0.0.0-20240821151609-f90d01438635 sigs.k8s.io/controller-runtime v0.16.5 sigs.k8s.io/gateway-api v0.7.1 ) diff --git a/acceptance/go.sum b/acceptance/go.sum index 9eb3f1c037..8fbed6c952 100644 --- a/acceptance/go.sum +++ b/acceptance/go.sum @@ -639,8 +639,8 @@ k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20240821151609-f90d01438635 h1:2wThSvJoW/Ncn9TmQEYXRnevZXi2duqHWf5OX9S3zjI= +k8s.io/utils v0.0.0-20240821151609-f90d01438635/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/controller-runtime v0.16.5 h1:yr1cEJbX08xsTW6XEIzT13KHHmIyX8Umvme2cULvFZw= sigs.k8s.io/controller-runtime v0.16.5/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= sigs.k8s.io/gateway-api v0.7.1 h1:Tts2jeepVkPA5rVG/iO+S43s9n7Vp7jCDhZDQYtPigQ= diff --git a/acceptance/tests/api-gateway/api_gateway_gatewayclassconfig_test.go b/acceptance/tests/api-gateway/api_gateway_gatewayclassconfig_test.go index 14ef0e0035..d43d7779a6 100644 --- a/acceptance/tests/api-gateway/api_gateway_gatewayclassconfig_test.go +++ b/acceptance/tests/api-gateway/api_gateway_gatewayclassconfig_test.go @@ -21,7 +21,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" gwv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" ) @@ -32,9 +32,9 @@ import ( // the child gateways. func TestAPIGateway_GatewayClassConfig(t *testing.T) { var ( - defaultInstances = pointer.Int32(2) - maxInstances = pointer.Int32(3) - minInstances = pointer.Int32(1) + defaultInstances = ptr.To(int32(2)) + maxInstances = ptr.To(int32(3)) + minInstances = ptr.To(int32(1)) namespace = "default" gatewayClassName = "gateway-class" @@ -145,16 +145,16 @@ func TestAPIGateway_GatewayClassConfig(t *testing.T) { logger.Log(t, "updating gatewayclassconfig values") err = k8sClient.Get(context.Background(), types.NamespacedName{Name: gatewayClassConfigName, Namespace: namespace}, gatewayClassConfig) require.NoError(t, err) - gatewayClassConfig.Spec.DeploymentSpec.DefaultInstances = pointer.Int32(8) - gatewayClassConfig.Spec.DeploymentSpec.MinInstances = pointer.Int32(5) + gatewayClassConfig.Spec.DeploymentSpec.DefaultInstances = ptr.To(int32(8)) + gatewayClassConfig.Spec.DeploymentSpec.MinInstances = ptr.To(int32(5)) err = k8sClient.Update(context.Background(), gatewayClassConfig) require.NoError(t, err) checkNumberOfInstances(t, k8sClient, consulClient, gateway.Name, gateway.Namespace, defaultInstances, gateway) // Scenario: gateways should be able to scale independently and not get overridden by the controller unless it's above the max - scale(t, k8sClient, gateway.Name, gateway.Namespace, pointer.Int32(*maxInstances+1)) + scale(t, k8sClient, gateway.Name, gateway.Namespace, ptr.To(int32(*maxInstances+1))) checkNumberOfInstances(t, k8sClient, consulClient, gateway.Name, gateway.Namespace, maxInstances, gateway) - scale(t, k8sClient, gateway.Name, gateway.Namespace, pointer.Int32(0)) + scale(t, k8sClient, gateway.Name, gateway.Namespace, ptr.To(int32(0))) checkNumberOfInstances(t, k8sClient, consulClient, gateway.Name, gateway.Namespace, minInstances, gateway) } diff --git a/charts/consul/templates/crd-controlplanerequestlimits.yaml b/charts/consul/templates/crd-controlplanerequestlimits.yaml index 1939a8d373..4e11ceb1c3 100644 --- a/charts/consul/templates/crd-controlplanerequestlimits.yaml +++ b/charts/consul/templates/crd-controlplanerequestlimits.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -36,14 +36,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -155,8 +160,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-exportedservices.yaml b/charts/consul/templates/crd-exportedservices.yaml index 081a2b0cf0..a7fbd87e27 100644 --- a/charts/consul/templates/crd-exportedservices.yaml +++ b/charts/consul/templates/crd-exportedservices.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -41,14 +41,19 @@ spec: description: ExportedServices is the Schema for the exportedservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -56,11 +61,13 @@ spec: description: ExportedServicesSpec defines the desired state of ExportedServices. properties: services: - description: Services is a list of services to be exported and the - list of partitions to expose them to. + description: |- + Services is a list of services to be exported and the list of partitions + to expose them to. items: - description: ExportedService manages the exporting of a service - in the local partition to other partitions. + description: |- + ExportedService manages the exporting of a service in the local partition to + other partitions. properties: consumers: description: Consumers is a list of downstream consumers of @@ -99,8 +106,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-gatewayclassconfigs.yaml b/charts/consul/templates/crd-gatewayclassconfigs.yaml index 130db72a22..b521b5f2b6 100644 --- a/charts/consul/templates/crd-gatewayclassconfigs.yaml +++ b/charts/consul/templates/crd-gatewayclassconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -27,14 +27,19 @@ spec: for Consul API Gateway. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -81,19 +86,24 @@ spec: gateway. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be - set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in - pod.spec.resourceClaims of the Pod where this field - is used. It makes that resource available inside a - container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -109,8 +119,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -119,10 +130,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object type: object @@ -134,9 +146,10 @@ spec: nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must be true for the - pod to fit on a node. Selector which must match a node''s labels - for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object openshiftSCCName: description: The name of the OpenShift SecurityContextConstraints @@ -154,43 +167,43 @@ spec: - LoadBalancer type: string tolerations: - description: 'Tolerations allow the scheduler to schedule nodes with - matching taints. More Info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/' + description: |- + Tolerations allow the scheduler to schedule nodes with matching taints. + More Info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array diff --git a/charts/consul/templates/crd-gatewayclasses-external.yaml b/charts/consul/templates/crd-gatewayclasses-external.yaml index 391637b5f7..93435b7fce 100644 --- a/charts/consul/templates/crd-gatewayclasses-external.yaml +++ b/charts/consul/templates/crd-gatewayclasses-external.yaml @@ -1,21 +1,18 @@ {{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }} -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1538 + gateway.networking.k8s.io/bundle-version: v0.6.2 + gateway.networking.k8s.io/channel: experimental + creationTimestamp: null labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: crd - gateway.networking.k8s.io/bundle-version: v0.6.2 - gateway.networking.k8s.io/channel: experimental - creationTimestamp: null name: gatewayclasses.gateway.networking.k8s.io spec: group: gateway.networking.k8s.io diff --git a/charts/consul/templates/crd-gatewaypolicies.yaml b/charts/consul/templates/crd-gatewaypolicies.yaml index 1cdfa331f5..904b65d607 100644 --- a/charts/consul/templates/crd-gatewaypolicies.yaml +++ b/charts/consul/templates/crd-gatewaypolicies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -39,14 +39,19 @@ spec: description: GatewayPolicy is the Schema for the gatewaypolicies API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -67,9 +72,9 @@ spec: verification information. properties: name: - description: Name is the name of the JWT provider. There - MUST be a corresponding "jwt-provider" config entry - with this name. + description: |- + Name is the name of the JWT provider. There MUST be a corresponding + "jwt-provider" config entry with this name. type: string verifyClaims: description: VerifyClaims is a list of additional claims @@ -85,11 +90,14 @@ spec: type: string type: array value: - description: "Value is the expected value at the - given path: - If the type at the path is a list - then we verify that this value is contained - in the list. \n - If the type at the path is - a string then we verify that this value matches." + description: |- + Value is the expected value at the given path: + - If the type at the path is a list then we verify + that this value is contained in the list. + + + - If the type at the path is a string then we verify + that this value matches. type: string required: - path @@ -118,9 +126,9 @@ spec: verification information. properties: name: - description: Name is the name of the JWT provider. There - MUST be a corresponding "jwt-provider" config entry - with this name. + description: |- + Name is the name of the JWT provider. There MUST be a corresponding + "jwt-provider" config entry with this name. type: string verifyClaims: description: VerifyClaims is a list of additional claims @@ -136,11 +144,14 @@ spec: type: string type: array value: - description: "Value is the expected value at the - given path: - If the type at the path is a list - then we verify that this value is contained - in the list. \n - If the type at the path is - a string then we verify that this value matches." + description: |- + Value is the expected value at the given path: + - If the type at the path is a list then we verify + that this value is contained in the list. + + + - If the type at the path is a string then we verify + that this value matches. type: string required: - path @@ -174,10 +185,11 @@ spec: minLength: 1 type: string namespace: - description: Namespace is the namespace of the referent. When - unspecified, the local namespace is inferred. Even when policy - targets a resource in a different namespace, it may only apply - to traffic originating from the same namespace as the policy. + description: |- + Namespace is the namespace of the referent. When unspecified, the local + namespace is inferred. Even when policy targets a resource in a different + namespace, it may only apply to traffic originating from the same + namespace as the policy. maxLength: 253 minLength: 1 type: string @@ -200,46 +212,53 @@ spec: description: GatewayPolicyStatus defines the observed state of the gateway. properties: conditions: - description: "Conditions describe the current conditions of the Policy. - \n Known condition types are: \n * \"Accepted\" * \"ResolvedRefs\"" + description: |- + Conditions describe the current conditions of the Policy. + + + Known condition types are: + + + * "Accepted" + * "ResolvedRefs" items: description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -253,11 +272,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/charts/consul/templates/crd-gateways-external.yaml b/charts/consul/templates/crd-gateways-external.yaml index ab56d4f5fb..41df34942a 100644 --- a/charts/consul/templates/crd-gateways-external.yaml +++ b/charts/consul/templates/crd-gateways-external.yaml @@ -1,21 +1,18 @@ {{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }} -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1538 + gateway.networking.k8s.io/bundle-version: v0.6.2 + gateway.networking.k8s.io/channel: experimental + creationTimestamp: null labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: crd - gateway.networking.k8s.io/bundle-version: v0.6.2 - gateway.networking.k8s.io/channel: experimental - creationTimestamp: null name: gateways.gateway.networking.k8s.io spec: group: gateway.networking.k8s.io diff --git a/charts/consul/templates/crd-grpcroutes-external.yaml b/charts/consul/templates/crd-grpcroutes-external.yaml index 3e4aa75853..739ed2c659 100644 --- a/charts/consul/templates/crd-grpcroutes-external.yaml +++ b/charts/consul/templates/crd-grpcroutes-external.yaml @@ -1,21 +1,18 @@ {{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }} -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1538 + gateway.networking.k8s.io/bundle-version: v0.6.2 + gateway.networking.k8s.io/channel: experimental + creationTimestamp: null labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: crd - gateway.networking.k8s.io/bundle-version: v0.6.2 - gateway.networking.k8s.io/channel: experimental - creationTimestamp: null name: grpcroutes.gateway.networking.k8s.io spec: group: gateway.networking.k8s.io diff --git a/charts/consul/templates/crd-grpcroutes.yaml b/charts/consul/templates/crd-grpcroutes.yaml index 31812fff35..a9966c41bd 100644 --- a/charts/consul/templates/crd-grpcroutes.yaml +++ b/charts/consul/templates/crd-grpcroutes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -41,44 +41,63 @@ spec: description: GRPCRoute is the Schema for the GRPC Route API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "NOTE: this should align to the GAMMA/gateway-api version, - or at least be easily translatable. \n https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.GRPCRoute - \n This is a Resource type." + description: |- + NOTE: this should align to the GAMMA/gateway-api version, or at least be + easily translatable. + + + https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.GRPCRoute + + + This is a Resource type. properties: hostnames: - description: "Hostnames are the hostnames for which this GRPCRoute - should respond to requests. \n This is only valid for north/south." + description: |- + Hostnames are the hostnames for which this GRPCRoute should respond to requests. + + + This is only valid for north/south. items: type: string type: array parentRefs: - description: "ParentRefs references the resources (usually Services) - that a Route wants to be attached to. \n It is invalid to reference - an identical parent more than once. It is valid to reference multiple - distinct sections within the same parent resource." + description: |- + ParentRefs references the resources (usually Services) that a Route wants + to be attached to. + + + It is invalid to reference an identical parent more than once. It is valid + to reference multiple distinct sections within the same parent resource. items: description: 'NOTE: roughly equivalent to structs.ResourceReference' properties: port: - description: For east/west this is the name of the Consul Service - port to direct traffic to or empty to imply all. For north/south - this is TBD. + description: |- + For east/west this is the name of the Consul Service port to direct traffic to + or empty to imply all. + For north/south this is TBD. type: string ref: - description: For east/west configuration, this should point - to a Service. For north/south it should point to a Gateway. + description: |- + For east/west configuration, this should point to a Service. + For north/south it should point to a Gateway. properties: name: description: Name is the user-given name of the resource @@ -89,43 +108,50 @@ spec: the condition relates to. type: string tenancy: - description: Tenancy identifies the tenancy units (i.e. - partition, namespace) in which the resource resides. + description: |- + Tenancy identifies the tenancy units (i.e. partition, namespace) in which + the resource resides. properties: namespace: - description: "Namespace further isolates resources within - a partition. https://developer.hashicorp.com/consul/docs/enterprise/namespaces - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all namespaces." + description: |- + Namespace further isolates resources within a partition. + https://developer.hashicorp.com/consul/docs/enterprise/namespaces + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all namespaces. type: string partition: - description: "Partition is the topmost administrative - boundary within a cluster. https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all partitions." + description: |- + Partition is the topmost administrative boundary within a cluster. + https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all partitions. type: string peerName: - description: "PeerName identifies which peer the resource - is imported from. https://developer.hashicorp.com/consul/docs/connect/cluster-peering - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all peers." + description: |- + PeerName identifies which peer the resource is imported from. + https://developer.hashicorp.com/consul/docs/connect/cluster-peering + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all peers. type: string type: object type: description: Type identifies the resource's type. properties: group: - description: Group describes the area of functionality - to which this resource type relates (e.g. "catalog", - "authorization"). + description: |- + Group describes the area of functionality to which this resource type + relates (e.g. "catalog", "authorization"). type: string groupVersion: - description: GroupVersion is incremented when sweeping - or backward-incompatible changes are made to the group's - resource types. + description: |- + GroupVersion is incremented when sweeping or backward-incompatible changes + are made to the group's resource types. type: string kind: description: Kind identifies the specific resource type @@ -140,22 +166,31 @@ spec: items: properties: backendRefs: - description: "BackendRefs defines the backend(s) where matching - requests should be sent. Failure behavior here depends on - how many BackendRefs are specified and how many are invalid. - \n If all entries in BackendRefs are invalid, and there are - also no filters specified in this route rule, all traffic - which matches this rule MUST receive a 500 status code. \n - See the GRPCBackendRef definition for the rules about what - makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef - is invalid, 500 status codes MUST be returned for requests - that would have otherwise been routed to an invalid backend. - If multiple backends are specified, and some are invalid, - the proportion of requests that would otherwise have been - routed to an invalid backend MUST receive a 500 status code. - \n For example, if two backends are specified with equal weights, - and one is invalid, 50 percent of traffic must receive a 500. - Implementations may choose how that 50 percent is determined." + description: |- + BackendRefs defines the backend(s) where matching requests should be sent. + Failure behavior here depends on how many BackendRefs are specified and + how many are invalid. + + + If all entries in BackendRefs are invalid, and there are also no filters + specified in this route rule, all traffic which matches this rule MUST + receive a 500 status code. + + + See the GRPCBackendRef definition for the rules about what makes a single + GRPCBackendRef invalid. + + + When a GRPCBackendRef is invalid, 500 status codes MUST be returned for + requests that would have otherwise been routed to an invalid backend. If + multiple backends are specified, and some are invalid, the proportion of + requests that would otherwise have been routed to an invalid backend MUST + receive a 500 status code. + + + For example, if two backends are specified with equal weights, and one is + invalid, 50 percent of traffic must receive a 500. Implementations may + choose how that 50 percent is determined. items: properties: backendRef: @@ -163,10 +198,12 @@ spec: datacenter: type: string port: - description: "For east/west this is the name of the - Consul Service port to direct traffic to or empty - to imply using the same value as the parent ref. - \n For north/south this is TBD." + description: |- + For east/west this is the name of the Consul Service port to direct traffic to + or empty to imply using the same value as the parent ref. + + + For north/south this is TBD. type: string ref: description: For east/west configuration, this should @@ -181,43 +218,49 @@ spec: the resource the condition relates to. type: string tenancy: - description: Tenancy identifies the tenancy units - (i.e. partition, namespace) in which the resource - resides. + description: |- + Tenancy identifies the tenancy units (i.e. partition, namespace) in which + the resource resides. properties: namespace: - description: "Namespace further isolates resources - within a partition. https://developer.hashicorp.com/consul/docs/enterprise/namespaces - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all namespaces." + description: |- + Namespace further isolates resources within a partition. + https://developer.hashicorp.com/consul/docs/enterprise/namespaces + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all namespaces. type: string partition: - description: "Partition is the topmost administrative - boundary within a cluster. https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all partitions." + description: |- + Partition is the topmost administrative boundary within a cluster. + https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all partitions. type: string peerName: - description: "PeerName identifies which peer - the resource is imported from. https://developer.hashicorp.com/consul/docs/connect/cluster-peering - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all peers." + description: |- + PeerName identifies which peer the resource is imported from. + https://developer.hashicorp.com/consul/docs/connect/cluster-peering + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all peers. type: string type: object type: description: Type identifies the resource's type. properties: group: - description: Group describes the area of functionality - to which this resource type relates (e.g. - "catalog", "authorization"). + description: |- + Group describes the area of functionality to which this resource type + relates (e.g. "catalog", "authorization"). type: string groupVersion: - description: GroupVersion is incremented when - sweeping or backward-incompatible changes + description: |- + GroupVersion is incremented when sweeping or backward-incompatible changes are made to the group's resource types. type: string kind: @@ -228,20 +271,20 @@ spec: type: object type: object filters: - description: Filters defined at this level should be executed - if and only if the request is being forwarded to the - backend defined here. + description: |- + Filters defined at this level should be executed if and only if the + request is being forwarded to the backend defined here. items: properties: requestHeaderModifier: - description: RequestHeaderModifier defines a schema - for a filter that modifies request headers. + description: |- + RequestHeaderModifier defines a schema for a filter that modifies request + headers. properties: add: - description: Add adds the given header(s) (name, - value) to the request before the action. It - appends to any existing values associated - with the header name. + description: |- + Add adds the given header(s) (name, value) to the request before the + action. It appends to any existing values associated with the header name. items: properties: name: @@ -251,17 +294,17 @@ spec: type: object type: array remove: - description: Remove the given header(s) from - the HTTP request before the action. The value - of Remove is a list of HTTP header names. - Note that the header names are case-insensitive - (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + description: |- + Remove the given header(s) from the HTTP request before the action. The + value of Remove is a list of HTTP header names. Note that the header names + are case-insensitive (see + https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). items: type: string type: array set: - description: Set overwrites the request with - the given header (name, value) before the + description: |- + Set overwrites the request with the given header (name, value) before the action. items: properties: @@ -273,14 +316,14 @@ spec: type: array type: object responseHeaderModifier: - description: ResponseHeaderModifier defines a schema - for a filter that modifies response headers. + description: |- + ResponseHeaderModifier defines a schema for a filter that modifies + response headers. properties: add: - description: Add adds the given header(s) (name, - value) to the request before the action. It - appends to any existing values associated - with the header name. + description: |- + Add adds the given header(s) (name, value) to the request before the + action. It appends to any existing values associated with the header name. items: properties: name: @@ -290,17 +333,17 @@ spec: type: object type: array remove: - description: Remove the given header(s) from - the HTTP request before the action. The value - of Remove is a list of HTTP header names. - Note that the header names are case-insensitive - (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + description: |- + Remove the given header(s) from the HTTP request before the action. The + value of Remove is a list of HTTP header names. Note that the header names + are case-insensitive (see + https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). items: type: string type: array set: - description: Set overwrites the request with - the given header (name, value) before the + description: |- + Set overwrites the request with the given header (name, value) before the action. items: properties: @@ -312,8 +355,9 @@ spec: type: array type: object urlRewrite: - description: URLRewrite defines a schema for a filter - that modifies a request during forwarding. + description: |- + URLRewrite defines a schema for a filter that modifies a request during + forwarding. properties: pathPrefix: type: string @@ -321,18 +365,19 @@ spec: type: object type: array weight: - description: "Weight specifies the proportion of requests - forwarded to the referenced backend. This is computed - as weight/(sum of all weights in this BackendRefs list). - For non-zero values, there may be some epsilon from - the exact proportion defined here depending on the precision - an implementation supports. Weight is not a percentage - and the sum of weights does not need to equal 100. \n - If only one backend is specified and it has a weight - greater than 0, 100% of the traffic is forwarded to - that backend. If weight is set to 0, no traffic should - be forwarded for this entry. If unspecified, weight - defaults to 1." + description: |- + Weight specifies the proportion of requests forwarded to the referenced + backend. This is computed as weight/(sum of all weights in this + BackendRefs list). For non-zero values, there may be some epsilon from the + exact proportion defined here depending on the precision an implementation + supports. Weight is not a percentage and the sum of weights does not need + to equal 100. + + + If only one backend is specified and it has a weight greater than 0, 100% + of the traffic is forwarded to that backend. If weight is set to 0, no + traffic should be forwarded for this entry. If unspecified, weight defaults + to 1. format: int32 type: integer type: object @@ -341,13 +386,14 @@ spec: items: properties: requestHeaderModifier: - description: RequestHeaderModifier defines a schema for - a filter that modifies request headers. + description: |- + RequestHeaderModifier defines a schema for a filter that modifies request + headers. properties: add: - description: Add adds the given header(s) (name, value) - to the request before the action. It appends to - any existing values associated with the header name. + description: |- + Add adds the given header(s) (name, value) to the request before the + action. It appends to any existing values associated with the header name. items: properties: name: @@ -357,16 +403,18 @@ spec: type: object type: array remove: - description: Remove the given header(s) from the HTTP - request before the action. The value of Remove is - a list of HTTP header names. Note that the header - names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + description: |- + Remove the given header(s) from the HTTP request before the action. The + value of Remove is a list of HTTP header names. Note that the header names + are case-insensitive (see + https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). items: type: string type: array set: - description: Set overwrites the request with the given - header (name, value) before the action. + description: |- + Set overwrites the request with the given header (name, value) before the + action. items: properties: name: @@ -377,13 +425,14 @@ spec: type: array type: object responseHeaderModifier: - description: ResponseHeaderModifier defines a schema for - a filter that modifies response headers. + description: |- + ResponseHeaderModifier defines a schema for a filter that modifies + response headers. properties: add: - description: Add adds the given header(s) (name, value) - to the request before the action. It appends to - any existing values associated with the header name. + description: |- + Add adds the given header(s) (name, value) to the request before the + action. It appends to any existing values associated with the header name. items: properties: name: @@ -393,16 +442,18 @@ spec: type: object type: array remove: - description: Remove the given header(s) from the HTTP - request before the action. The value of Remove is - a list of HTTP header names. Note that the header - names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + description: |- + Remove the given header(s) from the HTTP request before the action. The + value of Remove is a list of HTTP header names. Note that the header names + are case-insensitive (see + https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). items: type: string type: array set: - description: Set overwrites the request with the given - header (name, value) before the action. + description: |- + Set overwrites the request with the given header (name, value) before the + action. items: properties: name: @@ -413,8 +464,9 @@ spec: type: array type: object urlRewrite: - description: URLRewrite defines a schema for a filter - that modifies a request during forwarding. + description: |- + URLRewrite defines a schema for a filter that modifies a request during + forwarding. properties: pathPrefix: type: string @@ -425,24 +477,27 @@ spec: items: properties: headers: - description: Headers specifies gRPC request header matchers. - Multiple match values are ANDed together, meaning, a - request MUST match all the specified headers to select - the route. + description: |- + Headers specifies gRPC request header matchers. Multiple match values are + ANDed together, meaning, a request MUST match all the specified headers to + select the route. items: properties: name: type: string type: - description: "HeaderMatchType specifies the semantics - of how HTTP header values should be compared. - Valid HeaderMatchType values, along with their - conformance levels, are: \n Note that values may - be added to this enum, implementations must ensure - that unknown values will not cause a crash. \n - Unknown values here must result in the implementation - setting the Accepted Condition for the Route to - status: False, with a Reason of UnsupportedValue." + description: |- + HeaderMatchType specifies the semantics of how HTTP header values should be + compared. Valid HeaderMatchType values, along with their conformance levels, + are: + + + Note that values may be added to this enum, implementations must ensure that + unknown values will not cause a crash. + + + Unknown values here must result in the implementation setting the Accepted + Condition for the Route to status: False, with a Reason of UnsupportedValue. enum: - HEADER_MATCH_TYPE_UNSPECIFIED - HEADER_MATCH_TYPE_EXACT @@ -457,26 +512,30 @@ spec: type: object type: array method: - description: Method specifies a gRPC request service/method - matcher. If this field is not specified, all services - and methods will match. + description: |- + Method specifies a gRPC request service/method matcher. If this field is + not specified, all services and methods will match. properties: method: - description: "Value of the method to match against. - If left empty or omitted, will match all services. - \n At least one of Service and Method MUST be a - non-empty string.}" + description: |- + Value of the method to match against. If left empty or omitted, will match + all services. + + + At least one of Service and Method MUST be a non-empty string.} type: string service: - description: "Value of the service to match against. - If left empty or omitted, will match any service. - \n At least one of Service and Method MUST be a - non-empty string." + description: |- + Value of the service to match against. If left empty or omitted, will + match any service. + + + At least one of Service and Method MUST be a non-empty string. type: string type: - description: 'Type specifies how to match against - the service and/or method. Support: Core (Exact - with service and method specified)' + description: |- + Type specifies how to match against the service and/or method. Support: + Core (Exact with service and method specified) enum: - GRPC_METHOD_MATCH_TYPE_UNSPECIFIED - GRPC_METHOD_MATCH_TYPE_EXACT @@ -489,8 +548,9 @@ spec: retries: properties: number: - description: Number is the number of times to retry the - request when a retryable result occurs. + description: |- + Number is the number of times to retry the request when a retryable + result occurs. properties: value: description: The uint32 value. @@ -498,27 +558,30 @@ spec: type: integer type: object onConditions: - description: RetryOn allows setting envoy specific conditions - when a request should be automatically retried. + description: |- + RetryOn allows setting envoy specific conditions when a request should + be automatically retried. items: type: string type: array onConnectFailure: - description: RetryOnConnectFailure allows for connection - failure errors to trigger a retry. + description: |- + RetryOnConnectFailure allows for connection failure errors to trigger a + retry. type: boolean onStatusCodes: - description: RetryOnStatusCodes is a flat list of http response - status codes that are eligible for retry. This again should - be feasible in any reasonable proxy. + description: |- + RetryOnStatusCodes is a flat list of http response status codes that are + eligible for retry. This again should be feasible in any reasonable proxy. items: format: int32 type: integer type: array type: object timeouts: - description: HTTPRouteTimeouts defines timeouts that can be - configured for an HTTPRoute or GRPCRoute. + description: |- + HTTPRouteTimeouts defines timeouts that can be configured for an HTTPRoute + or GRPCRoute. properties: idle: description: Idle specifies the total amount of time permitted @@ -526,44 +589,44 @@ spec: format: duration properties: nanos: - description: Signed fractions of a second at nanosecond - resolution of the span of time. Durations less than - one second are represented with a 0 `seconds` field - and a positive or negative `nanos` field. For durations - of one second or more, a non-zero value for the `nanos` - field must be of the same sign as the `seconds` field. - Must be from -999,999,999 to +999,999,999 inclusive. + description: |- + Signed fractions of a second at nanosecond resolution of the span + of time. Durations less than one second are represented with a 0 + `seconds` field and a positive or negative `nanos` field. For durations + of one second or more, a non-zero value for the `nanos` field must be + of the same sign as the `seconds` field. Must be from -999,999,999 + to +999,999,999 inclusive. format: int32 type: integer seconds: - description: 'Signed seconds of the span of time. Must - be from -315,576,000,000 to +315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * - 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years' + description: |- + Signed seconds of the span of time. Must be from -315,576,000,000 + to +315,576,000,000 inclusive. Note: these bounds are computed from: + 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years format: int64 type: integer type: object request: - description: RequestTimeout is the total amount of time - permitted for the entire downstream request (and retries) - to be processed. + description: |- + RequestTimeout is the total amount of time permitted for the entire + downstream request (and retries) to be processed. format: duration properties: nanos: - description: Signed fractions of a second at nanosecond - resolution of the span of time. Durations less than - one second are represented with a 0 `seconds` field - and a positive or negative `nanos` field. For durations - of one second or more, a non-zero value for the `nanos` - field must be of the same sign as the `seconds` field. - Must be from -999,999,999 to +999,999,999 inclusive. + description: |- + Signed fractions of a second at nanosecond resolution of the span + of time. Durations less than one second are represented with a 0 + `seconds` field and a positive or negative `nanos` field. For durations + of one second or more, a non-zero value for the `nanos` field must be + of the same sign as the `seconds` field. Must be from -999,999,999 + to +999,999,999 inclusive. format: int32 type: integer seconds: - description: 'Signed seconds of the span of time. Must - be from -315,576,000,000 to +315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * - 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years' + description: |- + Signed seconds of the span of time. Must be from -315,576,000,000 + to +315,576,000,000 inclusive. Note: these bounds are computed from: + 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years format: int64 type: integer type: object @@ -577,8 +640,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-httproutes-external.yaml b/charts/consul/templates/crd-httproutes-external.yaml index c89591376a..bba3672d16 100644 --- a/charts/consul/templates/crd-httproutes-external.yaml +++ b/charts/consul/templates/crd-httproutes-external.yaml @@ -1,21 +1,18 @@ {{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }} -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1538 + gateway.networking.k8s.io/bundle-version: v0.6.2 + gateway.networking.k8s.io/channel: experimental + creationTimestamp: null labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: crd - gateway.networking.k8s.io/bundle-version: v0.6.2 - gateway.networking.k8s.io/channel: experimental - creationTimestamp: null name: httproutes.gateway.networking.k8s.io spec: group: gateway.networking.k8s.io diff --git a/charts/consul/templates/crd-httproutes.yaml b/charts/consul/templates/crd-httproutes.yaml index 3da6e1e637..26f88741b0 100644 --- a/charts/consul/templates/crd-httproutes.yaml +++ b/charts/consul/templates/crd-httproutes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -41,44 +41,63 @@ spec: description: HTTPRoute is the Schema for the HTTP Route API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "NOTE: this should align to the GAMMA/gateway-api version, - or at least be easily translatable. \n https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.HTTPRoute - \n This is a Resource type." + description: |- + NOTE: this should align to the GAMMA/gateway-api version, or at least be + easily translatable. + + + https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.HTTPRoute + + + This is a Resource type. properties: hostnames: - description: "Hostnames are the hostnames for which this HTTPRoute - should respond to requests. \n This is only valid for north/south." + description: |- + Hostnames are the hostnames for which this HTTPRoute should respond to requests. + + + This is only valid for north/south. items: type: string type: array parentRefs: - description: "ParentRefs references the resources (usually Services) - that a Route wants to be attached to. \n It is invalid to reference - an identical parent more than once. It is valid to reference multiple - distinct sections within the same parent resource." + description: |- + ParentRefs references the resources (usually Services) that a Route wants + to be attached to. + + + It is invalid to reference an identical parent more than once. It is valid + to reference multiple distinct sections within the same parent resource. items: description: 'NOTE: roughly equivalent to structs.ResourceReference' properties: port: - description: For east/west this is the name of the Consul Service - port to direct traffic to or empty to imply all. For north/south - this is TBD. + description: |- + For east/west this is the name of the Consul Service port to direct traffic to + or empty to imply all. + For north/south this is TBD. type: string ref: - description: For east/west configuration, this should point - to a Service. For north/south it should point to a Gateway. + description: |- + For east/west configuration, this should point to a Service. + For north/south it should point to a Gateway. properties: name: description: Name is the user-given name of the resource @@ -89,43 +108,50 @@ spec: the condition relates to. type: string tenancy: - description: Tenancy identifies the tenancy units (i.e. - partition, namespace) in which the resource resides. + description: |- + Tenancy identifies the tenancy units (i.e. partition, namespace) in which + the resource resides. properties: namespace: - description: "Namespace further isolates resources within - a partition. https://developer.hashicorp.com/consul/docs/enterprise/namespaces - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all namespaces." + description: |- + Namespace further isolates resources within a partition. + https://developer.hashicorp.com/consul/docs/enterprise/namespaces + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all namespaces. type: string partition: - description: "Partition is the topmost administrative - boundary within a cluster. https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all partitions." + description: |- + Partition is the topmost administrative boundary within a cluster. + https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all partitions. type: string peerName: - description: "PeerName identifies which peer the resource - is imported from. https://developer.hashicorp.com/consul/docs/connect/cluster-peering - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all peers." + description: |- + PeerName identifies which peer the resource is imported from. + https://developer.hashicorp.com/consul/docs/connect/cluster-peering + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all peers. type: string type: object type: description: Type identifies the resource's type. properties: group: - description: Group describes the area of functionality - to which this resource type relates (e.g. "catalog", - "authorization"). + description: |- + Group describes the area of functionality to which this resource type + relates (e.g. "catalog", "authorization"). type: string groupVersion: - description: GroupVersion is incremented when sweeping - or backward-incompatible changes are made to the group's - resource types. + description: |- + GroupVersion is incremented when sweeping or backward-incompatible changes + are made to the group's resource types. type: string kind: description: Kind identifies the specific resource type @@ -136,29 +162,42 @@ spec: type: object type: array rules: - description: Rules are a list of HTTP-based routing rules that this - route should use for constructing a routing table. + description: |- + Rules are a list of HTTP-based routing rules that this route should + use for constructing a routing table. items: - description: HTTPRouteRule specifies the routing rules used to determine - what upstream service an HTTP request is routed to. + description: |- + HTTPRouteRule specifies the routing rules used to determine what upstream + service an HTTP request is routed to. properties: backendRefs: - description: "BackendRefs defines the backend(s) where matching - requests should be sent. \n Failure behavior here depends - on how many BackendRefs are specified and how many are invalid. - \n If all entries in BackendRefs are invalid, and there are - also no filters specified in this route rule, all traffic - which matches this rule MUST receive a 500 status code. \n - See the HTTPBackendRef definition for the rules about what - makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef - is invalid, 500 status codes MUST be returned for requests - that would have otherwise been routed to an invalid backend. - If multiple backends are specified, and some are invalid, - the proportion of requests that would otherwise have been - routed to an invalid backend MUST receive a 500 status code. - \n For example, if two backends are specified with equal weights, - and one is invalid, 50 percent of traffic must receive a 500. - Implementations may choose how that 50 percent is determined." + description: |- + BackendRefs defines the backend(s) where matching requests should be sent. + + + Failure behavior here depends on how many BackendRefs are specified and + how many are invalid. + + + If all entries in BackendRefs are invalid, and there are also no filters + specified in this route rule, all traffic which matches this rule MUST + receive a 500 status code. + + + See the HTTPBackendRef definition for the rules about what makes a single + HTTPBackendRef invalid. + + + When a HTTPBackendRef is invalid, 500 status codes MUST be returned for + requests that would have otherwise been routed to an invalid backend. If + multiple backends are specified, and some are invalid, the proportion of + requests that would otherwise have been routed to an invalid backend MUST + receive a 500 status code. + + + For example, if two backends are specified with equal weights, and one is + invalid, 50 percent of traffic must receive a 500. Implementations may + choose how that 50 percent is determined. items: properties: backendRef: @@ -166,10 +205,12 @@ spec: datacenter: type: string port: - description: "For east/west this is the name of the - Consul Service port to direct traffic to or empty - to imply using the same value as the parent ref. - \n For north/south this is TBD." + description: |- + For east/west this is the name of the Consul Service port to direct traffic to + or empty to imply using the same value as the parent ref. + + + For north/south this is TBD. type: string ref: description: For east/west configuration, this should @@ -184,43 +225,49 @@ spec: the resource the condition relates to. type: string tenancy: - description: Tenancy identifies the tenancy units - (i.e. partition, namespace) in which the resource - resides. + description: |- + Tenancy identifies the tenancy units (i.e. partition, namespace) in which + the resource resides. properties: namespace: - description: "Namespace further isolates resources - within a partition. https://developer.hashicorp.com/consul/docs/enterprise/namespaces - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all namespaces." + description: |- + Namespace further isolates resources within a partition. + https://developer.hashicorp.com/consul/docs/enterprise/namespaces + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all namespaces. type: string partition: - description: "Partition is the topmost administrative - boundary within a cluster. https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all partitions." + description: |- + Partition is the topmost administrative boundary within a cluster. + https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all partitions. type: string peerName: - description: "PeerName identifies which peer - the resource is imported from. https://developer.hashicorp.com/consul/docs/connect/cluster-peering - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all peers." + description: |- + PeerName identifies which peer the resource is imported from. + https://developer.hashicorp.com/consul/docs/connect/cluster-peering + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all peers. type: string type: object type: description: Type identifies the resource's type. properties: group: - description: Group describes the area of functionality - to which this resource type relates (e.g. - "catalog", "authorization"). + description: |- + Group describes the area of functionality to which this resource type + relates (e.g. "catalog", "authorization"). type: string groupVersion: - description: GroupVersion is incremented when - sweeping or backward-incompatible changes + description: |- + GroupVersion is incremented when sweeping or backward-incompatible changes are made to the group's resource types. type: string kind: @@ -231,20 +278,20 @@ spec: type: object type: object filters: - description: Filters defined at this level should be executed - if and only if the request is being forwarded to the - backend defined here. + description: |- + Filters defined at this level should be executed if and only if the + request is being forwarded to the backend defined here. items: properties: requestHeaderModifier: - description: RequestHeaderModifier defines a schema - for a filter that modifies request headers. + description: |- + RequestHeaderModifier defines a schema for a filter that modifies request + headers. properties: add: - description: Add adds the given header(s) (name, - value) to the request before the action. It - appends to any existing values associated - with the header name. + description: |- + Add adds the given header(s) (name, value) to the request before the + action. It appends to any existing values associated with the header name. items: properties: name: @@ -254,17 +301,17 @@ spec: type: object type: array remove: - description: Remove the given header(s) from - the HTTP request before the action. The value - of Remove is a list of HTTP header names. - Note that the header names are case-insensitive - (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + description: |- + Remove the given header(s) from the HTTP request before the action. The + value of Remove is a list of HTTP header names. Note that the header names + are case-insensitive (see + https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). items: type: string type: array set: - description: Set overwrites the request with - the given header (name, value) before the + description: |- + Set overwrites the request with the given header (name, value) before the action. items: properties: @@ -276,14 +323,14 @@ spec: type: array type: object responseHeaderModifier: - description: ResponseHeaderModifier defines a schema - for a filter that modifies response headers. + description: |- + ResponseHeaderModifier defines a schema for a filter that modifies + response headers. properties: add: - description: Add adds the given header(s) (name, - value) to the request before the action. It - appends to any existing values associated - with the header name. + description: |- + Add adds the given header(s) (name, value) to the request before the + action. It appends to any existing values associated with the header name. items: properties: name: @@ -293,17 +340,17 @@ spec: type: object type: array remove: - description: Remove the given header(s) from - the HTTP request before the action. The value - of Remove is a list of HTTP header names. - Note that the header names are case-insensitive - (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + description: |- + Remove the given header(s) from the HTTP request before the action. The + value of Remove is a list of HTTP header names. Note that the header names + are case-insensitive (see + https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). items: type: string type: array set: - description: Set overwrites the request with - the given header (name, value) before the + description: |- + Set overwrites the request with the given header (name, value) before the action. items: properties: @@ -315,8 +362,9 @@ spec: type: array type: object urlRewrite: - description: URLRewrite defines a schema for a filter - that modifies a request during forwarding. + description: |- + URLRewrite defines a schema for a filter that modifies a request during + forwarding. properties: pathPrefix: type: string @@ -324,18 +372,19 @@ spec: type: object type: array weight: - description: "Weight specifies the proportion of requests - forwarded to the referenced backend. This is computed - as weight/(sum of all weights in this BackendRefs list). - For non-zero values, there may be some epsilon from - the exact proportion defined here depending on the precision - an implementation supports. Weight is not a percentage - and the sum of weights does not need to equal 100. \n - If only one backend is specified and it has a weight - greater than 0, 100% of the traffic is forwarded to - that backend. If weight is set to 0, no traffic should - be forwarded for this entry. If unspecified, weight - defaults to 1." + description: |- + Weight specifies the proportion of requests forwarded to the referenced + backend. This is computed as weight/(sum of all weights in this + BackendRefs list). For non-zero values, there may be some epsilon from the + exact proportion defined here depending on the precision an implementation + supports. Weight is not a percentage and the sum of weights does not need + to equal 100. + + + If only one backend is specified and it has a weight greater than 0, 100% + of the traffic is forwarded to that backend. If weight is set to 0, no + traffic should be forwarded for this entry. If unspecified, weight defaults + to 1. format: int32 type: integer type: object @@ -344,13 +393,14 @@ spec: items: properties: requestHeaderModifier: - description: RequestHeaderModifier defines a schema for - a filter that modifies request headers. + description: |- + RequestHeaderModifier defines a schema for a filter that modifies request + headers. properties: add: - description: Add adds the given header(s) (name, value) - to the request before the action. It appends to - any existing values associated with the header name. + description: |- + Add adds the given header(s) (name, value) to the request before the + action. It appends to any existing values associated with the header name. items: properties: name: @@ -360,16 +410,18 @@ spec: type: object type: array remove: - description: Remove the given header(s) from the HTTP - request before the action. The value of Remove is - a list of HTTP header names. Note that the header - names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + description: |- + Remove the given header(s) from the HTTP request before the action. The + value of Remove is a list of HTTP header names. Note that the header names + are case-insensitive (see + https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). items: type: string type: array set: - description: Set overwrites the request with the given - header (name, value) before the action. + description: |- + Set overwrites the request with the given header (name, value) before the + action. items: properties: name: @@ -380,13 +432,14 @@ spec: type: array type: object responseHeaderModifier: - description: ResponseHeaderModifier defines a schema for - a filter that modifies response headers. + description: |- + ResponseHeaderModifier defines a schema for a filter that modifies + response headers. properties: add: - description: Add adds the given header(s) (name, value) - to the request before the action. It appends to - any existing values associated with the header name. + description: |- + Add adds the given header(s) (name, value) to the request before the + action. It appends to any existing values associated with the header name. items: properties: name: @@ -396,16 +449,18 @@ spec: type: object type: array remove: - description: Remove the given header(s) from the HTTP - request before the action. The value of Remove is - a list of HTTP header names. Note that the header - names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + description: |- + Remove the given header(s) from the HTTP request before the action. The + value of Remove is a list of HTTP header names. Note that the header names + are case-insensitive (see + https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). items: type: string type: array set: - description: Set overwrites the request with the given - header (name, value) before the action. + description: |- + Set overwrites the request with the given header (name, value) before the + action. items: properties: name: @@ -416,8 +471,9 @@ spec: type: array type: object urlRewrite: - description: URLRewrite defines a schema for a filter - that modifies a request during forwarding. + description: |- + URLRewrite defines a schema for a filter that modifies a request during + forwarding. properties: pathPrefix: type: string @@ -428,10 +484,10 @@ spec: items: properties: headers: - description: Headers specifies HTTP request header matchers. - Multiple match values are ANDed together, meaning, a - request must match all the specified headers to select - the route. + description: |- + Headers specifies HTTP request header matchers. Multiple match values are + ANDed together, meaning, a request must match all the specified headers to + select the route. items: properties: invert: @@ -439,21 +495,23 @@ spec: compat' type: boolean name: - description: "Name is the name of the HTTP Header - to be matched. Name matching MUST be case insensitive. - (See https://tools.ietf.org/html/rfc7230#section-3.2). - \n If multiple entries specify equivalent header - names, only the first entry with an equivalent - name MUST be considered for a match. Subsequent - entries with an equivalent header name MUST be - ignored. Due to the case-insensitivity of header - names, “foo” and “Foo” are considered equivalent. - \n When a header is repeated in an HTTP request, - it is implementation-specific behavior as to how - this is represented. Generally, proxies should - follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 - regarding processing a repeated header, with special - handling for “Set-Cookie”." + description: |- + Name is the name of the HTTP Header to be matched. Name matching MUST be + case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + + + If multiple entries specify equivalent header names, only the first entry + with an equivalent name MUST be considered for a match. Subsequent entries + with an equivalent header name MUST be ignored. Due to the + case-insensitivity of header names, “foo” and “Foo” are considered + equivalent. + + + When a header is repeated in an HTTP request, it is + implementation-specific behavior as to how this is represented. Generally, + proxies should follow the guidance from the RFC: + https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding + processing a repeated header, with special handling for “Set-Cookie”. type: string type: description: Type specifies how to match against @@ -474,14 +532,14 @@ spec: type: object type: array method: - description: Method specifies HTTP method matcher. When - specified, this route will be matched only if the request - has the specified method. + description: |- + Method specifies HTTP method matcher. When specified, this route will be + matched only if the request has the specified method. type: string path: - description: Path specifies a HTTP request path matcher. - If this field is not specified, a default prefix match - on the “/” path is provided. + description: |- + Path specifies a HTTP request path matcher. If this field is not + specified, a default prefix match on the “/” path is provided. properties: type: description: Type specifies how to match against the @@ -498,31 +556,33 @@ spec: type: string type: object queryParams: - description: QueryParams specifies HTTP query parameter - matchers. Multiple match values are ANDed together, - meaning, a request must match all the specified query + description: |- + QueryParams specifies HTTP query parameter matchers. Multiple match values + are ANDed together, meaning, a request must match all the specified query parameters to select the route. items: properties: name: - description: "Name is the name of the HTTP query - param to be matched. This must be an exact string - match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). - \n If multiple entries specify equivalent query - param names, only the first entry with an equivalent - name MUST be considered for a match. Subsequent - entries with an equivalent query param name MUST - be ignored. \n If a query param is repeated in - an HTTP request, the behavior is purposely left - undefined, since different data planes have different - capabilities. However, it is recommended that - implementations should match against the first - value of the param if the data plane supports - it, as this behavior is expected in other load - balancing contexts outside of the Gateway API. - \n Users SHOULD NOT route traffic based on repeated - query params to guard themselves against potential - differences in the implementations." + description: |- + Name is the name of the HTTP query param to be matched. This must be an + exact string match. (See + https://tools.ietf.org/html/rfc7230#section-2.7.3). + + + If multiple entries specify equivalent query param names, only the first + entry with an equivalent name MUST be considered for a match. Subsequent + entries with an equivalent query param name MUST be ignored. + + + If a query param is repeated in an HTTP request, the behavior is purposely + left undefined, since different data planes have different capabilities. + However, it is recommended that implementations should match against the + first value of the param if the data plane supports it, as this behavior + is expected in other load balancing contexts outside of the Gateway API. + + + Users SHOULD NOT route traffic based on repeated query params to guard + themselves against potential differences in the implementations. type: string type: description: Type specifies how to match against @@ -545,8 +605,9 @@ spec: retries: properties: number: - description: Number is the number of times to retry the - request when a retryable result occurs. + description: |- + Number is the number of times to retry the request when a retryable + result occurs. properties: value: description: The uint32 value. @@ -554,27 +615,30 @@ spec: type: integer type: object onConditions: - description: RetryOn allows setting envoy specific conditions - when a request should be automatically retried. + description: |- + RetryOn allows setting envoy specific conditions when a request should + be automatically retried. items: type: string type: array onConnectFailure: - description: RetryOnConnectFailure allows for connection - failure errors to trigger a retry. + description: |- + RetryOnConnectFailure allows for connection failure errors to trigger a + retry. type: boolean onStatusCodes: - description: RetryOnStatusCodes is a flat list of http response - status codes that are eligible for retry. This again should - be feasible in any reasonable proxy. + description: |- + RetryOnStatusCodes is a flat list of http response status codes that are + eligible for retry. This again should be feasible in any reasonable proxy. items: format: int32 type: integer type: array type: object timeouts: - description: HTTPRouteTimeouts defines timeouts that can be - configured for an HTTPRoute or GRPCRoute. + description: |- + HTTPRouteTimeouts defines timeouts that can be configured for an HTTPRoute + or GRPCRoute. properties: idle: description: Idle specifies the total amount of time permitted @@ -582,44 +646,44 @@ spec: format: duration properties: nanos: - description: Signed fractions of a second at nanosecond - resolution of the span of time. Durations less than - one second are represented with a 0 `seconds` field - and a positive or negative `nanos` field. For durations - of one second or more, a non-zero value for the `nanos` - field must be of the same sign as the `seconds` field. - Must be from -999,999,999 to +999,999,999 inclusive. + description: |- + Signed fractions of a second at nanosecond resolution of the span + of time. Durations less than one second are represented with a 0 + `seconds` field and a positive or negative `nanos` field. For durations + of one second or more, a non-zero value for the `nanos` field must be + of the same sign as the `seconds` field. Must be from -999,999,999 + to +999,999,999 inclusive. format: int32 type: integer seconds: - description: 'Signed seconds of the span of time. Must - be from -315,576,000,000 to +315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * - 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years' + description: |- + Signed seconds of the span of time. Must be from -315,576,000,000 + to +315,576,000,000 inclusive. Note: these bounds are computed from: + 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years format: int64 type: integer type: object request: - description: RequestTimeout is the total amount of time - permitted for the entire downstream request (and retries) - to be processed. + description: |- + RequestTimeout is the total amount of time permitted for the entire + downstream request (and retries) to be processed. format: duration properties: nanos: - description: Signed fractions of a second at nanosecond - resolution of the span of time. Durations less than - one second are represented with a 0 `seconds` field - and a positive or negative `nanos` field. For durations - of one second or more, a non-zero value for the `nanos` - field must be of the same sign as the `seconds` field. - Must be from -999,999,999 to +999,999,999 inclusive. + description: |- + Signed fractions of a second at nanosecond resolution of the span + of time. Durations less than one second are represented with a 0 + `seconds` field and a positive or negative `nanos` field. For durations + of one second or more, a non-zero value for the `nanos` field must be + of the same sign as the `seconds` field. Must be from -999,999,999 + to +999,999,999 inclusive. format: int32 type: integer seconds: - description: 'Signed seconds of the span of time. Must - be from -315,576,000,000 to +315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * - 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years' + description: |- + Signed seconds of the span of time. Must be from -315,576,000,000 + to +315,576,000,000 inclusive. Note: these bounds are computed from: + 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years format: int64 type: integer type: object @@ -633,8 +697,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-ingressgateways.yaml b/charts/consul/templates/crd-ingressgateways.yaml index dcbc543525..53649c8667 100644 --- a/charts/consul/templates/crd-ingressgateways.yaml +++ b/charts/consul/templates/crd-ingressgateways.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -41,14 +41,19 @@ spec: description: IngressGateway is the Schema for the ingressgateways API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -59,64 +64,68 @@ spec: description: Defaults is default configuration for all upstream services properties: maxConcurrentRequests: - description: The maximum number of concurrent requests that will - be allowed at a single point in time. Use this to limit HTTP/2 - traffic, since HTTP/2 has many requests per connection. + description: |- + The maximum number of concurrent requests that + will be allowed at a single point in time. Use this to limit HTTP/2 traffic, + since HTTP/2 has many requests per connection. format: int32 type: integer maxConnections: - description: The maximum number of connections a service instance - will be allowed to establish against the given upstream. Use - this to limit HTTP/1.1 traffic, since HTTP/1.1 has a request - per connection. + description: |- + The maximum number of connections a service instance + will be allowed to establish against the given upstream. Use this to limit + HTTP/1.1 traffic, since HTTP/1.1 has a request per connection. format: int32 type: integer maxPendingRequests: - description: The maximum number of requests that will be queued + description: |- + The maximum number of requests that will be queued while waiting for a connection to be established. format: int32 type: integer passiveHealthCheck: - description: PassiveHealthCheck configuration determines how upstream - proxy instances will be monitored for removal from the load - balancing pool. + description: |- + PassiveHealthCheck configuration determines how upstream proxy instances will + be monitored for removal from the load balancing pool. properties: baseEjectionTime: - description: The base time that a host is ejected for. The - real time is equal to the base time multiplied by the number - of times the host has been ejected and is capped by max_ejection_time - (Default 300s). Defaults to 30s. + description: |- + The base time that a host is ejected for. The real time is equal to the base time + multiplied by the number of times the host has been ejected and is capped by + max_ejection_time (Default 300s). Defaults to 30s. type: string enforcingConsecutive5xx: - description: EnforcingConsecutive5xx is the % chance that - a host will be actually ejected when an outlier status is - detected through consecutive 5xx. This setting can be used - to disable ejection or to ramp it up slowly. Ex. Setting - this to 10 will make it a 10% chance that the host will - be ejected. + description: |- + EnforcingConsecutive5xx is the % chance that a host will be actually ejected + when an outlier status is detected through consecutive 5xx. + This setting can be used to disable ejection or to ramp it up slowly. + Ex. Setting this to 10 will make it a 10% chance that the host will be ejected. format: int32 type: integer interval: - description: Interval between health check analysis sweeps. - Each sweep may remove hosts or return hosts to the pool. - Ex. setting this to "10s" will set the interval to 10 seconds. + description: |- + Interval between health check analysis sweeps. Each sweep may remove + hosts or return hosts to the pool. Ex. setting this to "10s" will set + the interval to 10 seconds. type: string maxEjectionPercent: - description: The maximum % of an upstream cluster that can - be ejected due to outlier detection. Defaults to 10% but - will eject at least one host regardless of the value. + description: |- + The maximum % of an upstream cluster that can be ejected due to outlier detection. + Defaults to 10% but will eject at least one host regardless of the value. format: int32 type: integer maxFailures: - description: MaxFailures is the count of consecutive failures - that results in a host being removed from the pool. + description: |- + MaxFailures is the count of consecutive failures that results in a host + being removed from the pool. format: int32 type: integer type: object type: object listeners: - description: Listeners declares what ports the ingress gateway should - listen on, and what services to associated to those ports. + description: |- + Listeners declares what ports the ingress gateway should listen on, and + what services to associated to those ports. items: description: IngressListener manages the configuration for a listener on a specific port. @@ -126,110 +135,119 @@ spec: should listen for traffic. type: integer protocol: - description: 'Protocol declares what type of traffic this listener - is expected to receive. Depending on the protocol, a listener - might support multiplexing services over a single port, or - additional discovery chain features. The current supported - values are: (tcp | http | http2 | grpc).' + description: |- + Protocol declares what type of traffic this listener is expected to + receive. Depending on the protocol, a listener might support multiplexing + services over a single port, or additional discovery chain features. The + current supported values are: (tcp | http | http2 | grpc). type: string services: - description: Services declares the set of services to which - the listener forwards traffic. For "tcp" protocol listeners, - only a single service is allowed. For "http" listeners, multiple - services can be declared. + description: |- + Services declares the set of services to which the listener forwards + traffic. + For "tcp" protocol listeners, only a single service is allowed. + For "http" listeners, multiple services can be declared. items: - description: IngressService manages configuration for services - that are exposed to ingress traffic. + description: |- + IngressService manages configuration for services that are exposed to + ingress traffic. properties: hosts: - description: "Hosts is a list of hostnames which should - be associated to this service on the defined listener. - Only allowed on layer 7 protocols, this will be used - to route traffic to the service by matching the Host - header of the HTTP request. \n If a host is provided - for a service that also has a wildcard specifier defined, - the host will override the wildcard-specifier-provided - \".*\" domain for that listener. \n This - cannot be specified when using the wildcard specifier, - \"*\", or when using a \"tcp\" listener." + description: |- + Hosts is a list of hostnames which should be associated to this service on + the defined listener. Only allowed on layer 7 protocols, this will be used + to route traffic to the service by matching the Host header of the HTTP + request. + + + If a host is provided for a service that also has a wildcard specifier + defined, the host will override the wildcard-specifier-provided + ".*" domain for that listener. + + + This cannot be specified when using the wildcard specifier, "*", or when + using a "tcp" listener. items: type: string type: array maxConcurrentRequests: - description: The maximum number of concurrent requests - that will be allowed at a single point in time. Use - this to limit HTTP/2 traffic, since HTTP/2 has many - requests per connection. + description: |- + The maximum number of concurrent requests that + will be allowed at a single point in time. Use this to limit HTTP/2 traffic, + since HTTP/2 has many requests per connection. format: int32 type: integer maxConnections: - description: The maximum number of connections a service - instance will be allowed to establish against the given - upstream. Use this to limit HTTP/1.1 traffic, since - HTTP/1.1 has a request per connection. + description: |- + The maximum number of connections a service instance + will be allowed to establish against the given upstream. Use this to limit + HTTP/1.1 traffic, since HTTP/1.1 has a request per connection. format: int32 type: integer maxPendingRequests: - description: The maximum number of requests that will - be queued while waiting for a connection to be established. + description: |- + The maximum number of requests that will be queued + while waiting for a connection to be established. format: int32 type: integer name: - description: "Name declares the service to which traffic - should be forwarded. \n This can either be a specific - service, or the wildcard specifier, \"*\". If the wildcard - specifier is provided, the listener must be of \"http\" - protocol and means that the listener will forward traffic - to all services. \n A name can be specified on multiple - listeners, and will be exposed on both of the listeners." + description: |- + Name declares the service to which traffic should be forwarded. + + + This can either be a specific service, or the wildcard specifier, + "*". If the wildcard specifier is provided, the listener must be of "http" + protocol and means that the listener will forward traffic to all services. + + + A name can be specified on multiple listeners, and will be exposed on both + of the listeners. type: string namespace: - description: Namespace is the namespace where the service - is located. Namespacing is a Consul Enterprise feature. + description: |- + Namespace is the namespace where the service is located. + Namespacing is a Consul Enterprise feature. type: string partition: - description: Partition is the admin-partition where the - service is located. Partitioning is a Consul Enterprise - feature. + description: |- + Partition is the admin-partition where the service is located. + Partitioning is a Consul Enterprise feature. type: string passiveHealthCheck: - description: PassiveHealthCheck configuration determines - how upstream proxy instances will be monitored for removal - from the load balancing pool. + description: |- + PassiveHealthCheck configuration determines how upstream proxy instances will + be monitored for removal from the load balancing pool. properties: baseEjectionTime: - description: The base time that a host is ejected - for. The real time is equal to the base time multiplied - by the number of times the host has been ejected - and is capped by max_ejection_time (Default 300s). - Defaults to 30s. + description: |- + The base time that a host is ejected for. The real time is equal to the base time + multiplied by the number of times the host has been ejected and is capped by + max_ejection_time (Default 300s). Defaults to 30s. type: string enforcingConsecutive5xx: - description: EnforcingConsecutive5xx is the % chance - that a host will be actually ejected when an outlier - status is detected through consecutive 5xx. This - setting can be used to disable ejection or to ramp - it up slowly. Ex. Setting this to 10 will make it - a 10% chance that the host will be ejected. + description: |- + EnforcingConsecutive5xx is the % chance that a host will be actually ejected + when an outlier status is detected through consecutive 5xx. + This setting can be used to disable ejection or to ramp it up slowly. + Ex. Setting this to 10 will make it a 10% chance that the host will be ejected. format: int32 type: integer interval: - description: Interval between health check analysis - sweeps. Each sweep may remove hosts or return hosts - to the pool. Ex. setting this to "10s" will set + description: |- + Interval between health check analysis sweeps. Each sweep may remove + hosts or return hosts to the pool. Ex. setting this to "10s" will set the interval to 10 seconds. type: string maxEjectionPercent: - description: The maximum % of an upstream cluster - that can be ejected due to outlier detection. Defaults - to 10% but will eject at least one host regardless - of the value. + description: |- + The maximum % of an upstream cluster that can be ejected due to outlier detection. + Defaults to 10% but will eject at least one host regardless of the value. format: int32 type: integer maxFailures: - description: MaxFailures is the count of consecutive - failures that results in a host being removed from - the pool. + description: |- + MaxFailures is the count of consecutive failures that results in a host + being removed from the pool. format: int32 type: integer type: object @@ -239,50 +257,52 @@ spec: add: additionalProperties: type: string - description: Add is a set of name -> value pairs that - should be appended to the request or response (i.e. - allowing duplicates if the same header already exists). + description: |- + Add is a set of name -> value pairs that should be appended to the request + or response (i.e. allowing duplicates if the same header already exists). type: object remove: - description: Remove is the set of header names that - should be stripped from the request or response. + description: |- + Remove is the set of header names that should be stripped from the request + or response. items: type: string type: array set: additionalProperties: type: string - description: Set is a set of name -> value pairs that - should be added to the request or response, overwriting - any existing header values of the same name. + description: |- + Set is a set of name -> value pairs that should be added to the request or + response, overwriting any existing header values of the same name. type: object type: object responseHeaders: - description: HTTPHeaderModifiers is a set of rules for - HTTP header modification that should be performed by - proxies as the request passes through them. It can operate - on either request or response headers depending on the - context in which it is used. + description: |- + HTTPHeaderModifiers is a set of rules for HTTP header modification that + should be performed by proxies as the request passes through them. It can + operate on either request or response headers depending on the context in + which it is used. properties: add: additionalProperties: type: string - description: Add is a set of name -> value pairs that - should be appended to the request or response (i.e. - allowing duplicates if the same header already exists). + description: |- + Add is a set of name -> value pairs that should be appended to the request + or response (i.e. allowing duplicates if the same header already exists). type: object remove: - description: Remove is the set of header names that - should be stripped from the request or response. + description: |- + Remove is the set of header names that should be stripped from the request + or response. items: type: string type: array set: additionalProperties: type: string - description: Set is a set of name -> value pairs that - should be added to the request or response, overwriting - any existing header values of the same name. + description: |- + Set is a set of name -> value pairs that should be added to the request or + response, overwriting any existing header values of the same name. type: object type: object tls: @@ -299,10 +319,9 @@ spec: from the SDS service. type: string clusterName: - description: ClusterName is the SDS cluster name - to connect to, to retrieve certificates. This - cluster must be specified in the Gateway's bootstrap - configuration. + description: |- + ClusterName is the SDS cluster name to connect to, to retrieve certificates. + This cluster must be specified in the Gateway's bootstrap configuration. type: string type: object type: object @@ -312,9 +331,9 @@ spec: description: TLS config for this listener. properties: cipherSuites: - description: Define a subset of cipher suites to restrict - Only applicable to connections negotiated via TLS 1.2 - or earlier. + description: |- + Define a subset of cipher suites to restrict + Only applicable to connections negotiated via TLS 1.2 or earlier. items: type: string type: array @@ -332,24 +351,23 @@ spec: service. type: string clusterName: - description: ClusterName is the SDS cluster name to - connect to, to retrieve certificates. This cluster - must be specified in the Gateway's bootstrap configuration. + description: |- + ClusterName is the SDS cluster name to connect to, to retrieve certificates. + This cluster must be specified in the Gateway's bootstrap configuration. type: string type: object tlsMaxVersion: - description: TLSMaxVersion sets the default maximum TLS - version supported. Must be greater than or equal to `TLSMinVersion`. - One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or - `TLSv1_3`. If unspecified, Envoy will default to TLS 1.3 - as a max version for incoming connections. + description: |- + TLSMaxVersion sets the default maximum TLS version supported. Must be greater than or equal to `TLSMinVersion`. + One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. + If unspecified, Envoy will default to TLS 1.3 as a max version for incoming connections. type: string tlsMinVersion: - description: TLSMinVersion sets the default minimum TLS - version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, - `TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy v1.22.0 - and newer will default to TLS 1.2 as a min version, while - older releases of Envoy default to TLS 1.0. + description: |- + TLSMinVersion sets the default minimum TLS version supported. + One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. + If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, + while older releases of Envoy default to TLS 1.0. type: string required: - enabled @@ -360,8 +378,9 @@ spec: description: TLS holds the TLS configuration for this gateway. properties: cipherSuites: - description: Define a subset of cipher suites to restrict Only - applicable to connections negotiated via TLS 1.2 or earlier. + description: |- + Define a subset of cipher suites to restrict + Only applicable to connections negotiated via TLS 1.2 or earlier. items: type: string type: array @@ -378,24 +397,23 @@ spec: when fetching the certificate from the SDS service. type: string clusterName: - description: ClusterName is the SDS cluster name to connect - to, to retrieve certificates. This cluster must be specified - in the Gateway's bootstrap configuration. + description: |- + ClusterName is the SDS cluster name to connect to, to retrieve certificates. + This cluster must be specified in the Gateway's bootstrap configuration. type: string type: object tlsMaxVersion: - description: TLSMaxVersion sets the default maximum TLS version - supported. Must be greater than or equal to `TLSMinVersion`. + description: |- + TLSMaxVersion sets the default maximum TLS version supported. Must be greater than or equal to `TLSMinVersion`. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. - If unspecified, Envoy will default to TLS 1.3 as a max version - for incoming connections. + If unspecified, Envoy will default to TLS 1.3 as a max version for incoming connections. type: string tlsMinVersion: - description: TLSMinVersion sets the default minimum TLS version - supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will default - to TLS 1.2 as a min version, while older releases of Envoy default - to TLS 1.0. + description: |- + TLSMinVersion sets the default minimum TLS version supported. + One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. + If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, + while older releases of Envoy default to TLS 1.0. type: string required: - enabled @@ -407,8 +425,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-jwtproviders.yaml b/charts/consul/templates/crd-jwtproviders.yaml index 94c9697b33..b52d77b180 100644 --- a/charts/consul/templates/crd-jwtproviders.yaml +++ b/charts/consul/templates/crd-jwtproviders.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -26,14 +26,19 @@ spec: description: JWTProvider is the Schema for the jwtproviders API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -41,62 +46,79 @@ spec: description: JWTProviderSpec defines the desired state of JWTProvider properties: audiences: - description: Audiences is the set of audiences the JWT is allowed - to access. If specified, all JWTs verified with this provider must - address at least one of these to be considered valid. + description: |- + Audiences is the set of audiences the JWT is allowed to access. + If specified, all JWTs verified with this provider must address + at least one of these to be considered valid. items: type: string type: array cacheConfig: - description: CacheConfig defines configuration for caching the validation - result for previously seen JWTs. Caching results can speed up verification - when individual tokens are expected to be handled multiple times. + description: |- + CacheConfig defines configuration for caching the validation + result for previously seen JWTs. Caching results can speed up + verification when individual tokens are expected to be handled + multiple times. properties: size: - description: "Size specifies the maximum number of JWT verification - results to cache. \n Defaults to 0, meaning that JWT caching - is disabled." + description: |- + Size specifies the maximum number of JWT verification + results to cache. + + + Defaults to 0, meaning that JWT caching is disabled. type: integer type: object clockSkewSeconds: - description: "ClockSkewSeconds specifies the maximum allowable time - difference from clock skew when validating the \"exp\" (Expiration) - and \"nbf\" (Not Before) claims. \n Default value is 30 seconds." + description: |- + ClockSkewSeconds specifies the maximum allowable time difference + from clock skew when validating the "exp" (Expiration) and "nbf" + (Not Before) claims. + + + Default value is 30 seconds. type: integer forwarding: description: Forwarding defines rules for forwarding verified JWTs to the backend. properties: headerName: - description: "HeaderName is a header name to use when forwarding - a verified JWT to the backend. The verified JWT could have been - extracted from any location (query param, header, or cookie). - \n The header value will be base64-URL-encoded, and will not - be padded unless PadForwardPayloadHeader is true." + description: |- + HeaderName is a header name to use when forwarding a verified + JWT to the backend. The verified JWT could have been extracted + from any location (query param, header, or cookie). + + + The header value will be base64-URL-encoded, and will not be + padded unless PadForwardPayloadHeader is true. type: string padForwardPayloadHeader: - description: "PadForwardPayloadHeader determines whether padding - should be added to the base64 encoded token forwarded with ForwardPayloadHeader. - \n Default value is false." + description: |- + PadForwardPayloadHeader determines whether padding should be added + to the base64 encoded token forwarded with ForwardPayloadHeader. + + + Default value is false. type: boolean type: object issuer: - description: Issuer is the entity that must have issued the JWT. This - value must match the "iss" claim of the token. + description: |- + Issuer is the entity that must have issued the JWT. + This value must match the "iss" claim of the token. type: string jsonWebKeySet: - description: JSONWebKeySet defines a JSON Web Key Set, its location - on disk, or the means with which to fetch a key set from a remote - server. + description: |- + JSONWebKeySet defines a JSON Web Key Set, its location on disk, or the + means with which to fetch a key set from a remote server. properties: local: description: Local specifies a local source for the key set. properties: filename: - description: Filename configures a location on disk where - the JWKS can be found. If specified, the file must be present - on the disk of ALL proxies with intentions referencing this - provider. + description: |- + Filename configures a location on disk where the JWKS can be + found. If specified, the file must be present on the disk of ALL + proxies with intentions referencing this provider. type: string jwks: description: JWKS contains a base64 encoded JWKS. @@ -107,62 +129,78 @@ spec: server. properties: cacheDuration: - description: "CacheDuration is the duration after which cached - keys should be expired. \n Default value is 5 minutes." + description: |- + CacheDuration is the duration after which cached keys + should be expired. + + + Default value is 5 minutes. type: string fetchAsynchronously: - description: "FetchAsynchronously indicates that the JWKS - should be fetched when a client request arrives. Client - requests will be paused until the JWKS is fetched. If false, - the proxy listener will wait for the JWKS to be fetched - before being activated. \n Default value is false." + description: |- + FetchAsynchronously indicates that the JWKS should be fetched + when a client request arrives. Client requests will be paused + until the JWKS is fetched. + If false, the proxy listener will wait for the JWKS to be + fetched before being activated. + + + Default value is false. type: boolean jwksCluster: description: JWKSCluster defines how the specified Remote JWKS URI is to be fetched. properties: connectTimeout: - description: The timeout for new network connections to - hosts in the cluster. If not set, a default value of - 5s will be used. + description: |- + The timeout for new network connections to hosts in the cluster. + If not set, a default value of 5s will be used. type: string discoveryType: - description: "DiscoveryType refers to the service discovery - type to use for resolving the cluster. \n This defaults - to STRICT_DNS. Other options include STATIC, LOGICAL_DNS, - EDS or ORIGINAL_DST." + description: |- + DiscoveryType refers to the service discovery type to use for resolving the cluster. + + + This defaults to STRICT_DNS. + Other options include STATIC, LOGICAL_DNS, EDS or ORIGINAL_DST. type: string tlsCertificates: - description: "TLSCertificates refers to the data containing - certificate authority certificates to use in verifying - a presented peer certificate. If not specified and a - peer certificate is presented it will not be verified. - \n Must be either CaCertificateProviderInstance or TrustedCA." + description: |- + TLSCertificates refers to the data containing certificate authority certificates to use + in verifying a presented peer certificate. + If not specified and a peer certificate is presented it will not be verified. + + + Must be either CaCertificateProviderInstance or TrustedCA. properties: caCertificateProviderInstance: description: CaCertificateProviderInstance Certificate provider instance for fetching TLS certificates. properties: certificateName: - description: "CertificateName is used to specify - certificate instances or types. For example, - \"ROOTCA\" to specify a root-certificate (validation - context) or \"example.com\" to specify a certificate - for a particular domain. \n The default value - is the empty string." + description: |- + CertificateName is used to specify certificate instances or types. For example, "ROOTCA" to specify + a root-certificate (validation context) or "example.com" to specify a certificate for a + particular domain. + + + The default value is the empty string. type: string instanceName: - description: "InstanceName refers to the certificate - provider instance name. \n The default value - is \"default\"." + description: |- + InstanceName refers to the certificate provider instance name. + + + The default value is "default". type: string type: object trustedCA: - description: "TrustedCA defines TLS certificate data - containing certificate authority certificates to - use in verifying a presented peer certificate. \n - Exactly one of Filename, EnvironmentVariable, InlineString - or InlineBytes must be specified." + description: |- + TrustedCA defines TLS certificate data containing certificate authority certificates + to use in verifying a presented peer certificate. + + + Exactly one of Filename, EnvironmentVariable, InlineString or InlineBytes must be specified. properties: environmentVariable: type: string @@ -177,33 +215,47 @@ spec: type: object type: object requestTimeoutMs: - description: RequestTimeoutMs is the number of milliseconds - to time out when making a request for the JWKS. + description: |- + RequestTimeoutMs is the number of milliseconds to + time out when making a request for the JWKS. type: integer retryPolicy: - description: "RetryPolicy defines a retry policy for fetching - JWKS. \n There is no retry by default." + description: |- + RetryPolicy defines a retry policy for fetching JWKS. + + + There is no retry by default. properties: numRetries: - description: "NumRetries is the number of times to retry - fetching the JWKS. The retry strategy uses jittered - exponential backoff with a base interval of 1s and max - of 10s. \n Default value is 0." + description: |- + NumRetries is the number of times to retry fetching the JWKS. + The retry strategy uses jittered exponential backoff with + a base interval of 1s and max of 10s. + + + Default value is 0. type: integer retryPolicyBackOff: - description: "Retry's backoff policy. \n Defaults to Envoy's - backoff policy." + description: |- + Retry's backoff policy. + + + Defaults to Envoy's backoff policy. properties: baseInterval: - description: "BaseInterval to be used for the next - back off computation. \n The default value from - envoy is 1s." + description: |- + BaseInterval to be used for the next back off computation. + + + The default value from envoy is 1s. type: string maxInterval: - description: "MaxInternal to be used to specify the - maximum interval between retries. Optional but should - be greater or equal to BaseInterval. \n Defaults - to 10 times BaseInterval." + description: |- + MaxInternal to be used to specify the maximum interval between retries. + Optional but should be greater or equal to BaseInterval. + + + Defaults to 10 times BaseInterval. type: string type: object type: object @@ -214,15 +266,19 @@ spec: type: object type: object locations: - description: 'Locations where the JWT will be present in requests. - Envoy will check all of these locations to extract a JWT. If no - locations are specified Envoy will default to: 1. Authorization - header with Bearer schema: "Authorization: Bearer " 2. accessToken - query parameter.' + description: |- + Locations where the JWT will be present in requests. + Envoy will check all of these locations to extract a JWT. + If no locations are specified Envoy will default to: + 1. Authorization header with Bearer schema: + "Authorization: Bearer " + 2. accessToken query parameter. items: - description: "JWTLocation is a location where the JWT could be present - in requests. \n Only one of Header, QueryParam, or Cookie can - be specified." + description: |- + JWTLocation is a location where the JWT could be present in requests. + + + Only one of Header, QueryParam, or Cookie can be specified. properties: cookie: description: Cookie defines how to extract a JWT from an HTTP @@ -238,26 +294,31 @@ spec: request header. properties: forward: - description: "Forward defines whether the header with the - JWT should be forwarded after the token has been verified. - If false, the header will not be forwarded to the backend. - \n Default value is false." + description: |- + Forward defines whether the header with the JWT should be + forwarded after the token has been verified. If false, the + header will not be forwarded to the backend. + + + Default value is false. type: boolean name: description: Name is the name of the header containing the token. type: string valuePrefix: - description: 'ValuePrefix is an optional prefix that precedes - the token in the header value. For example, "Bearer " - is a standard value prefix for a header named "Authorization", - but the prefix is not part of the token itself: "Authorization: - Bearer "' + description: |- + ValuePrefix is an optional prefix that precedes the token in the + header value. + For example, "Bearer " is a standard value prefix for a header named + "Authorization", but the prefix is not part of the token itself: + "Authorization: Bearer " type: string type: object queryParam: - description: QueryParam defines how to extract a JWT from an - HTTP request query parameter. + description: |- + QueryParam defines how to extract a JWT from an HTTP request + query parameter. properties: name: description: Name is the name of the query param containing @@ -273,8 +334,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-meshes.yaml b/charts/consul/templates/crd-meshes.yaml index f8ce4fc12e..f81e61a2c5 100644 --- a/charts/consul/templates/crd-meshes.yaml +++ b/charts/consul/templates/crd-meshes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -39,14 +39,19 @@ spec: description: Mesh is the Schema for the mesh API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,9 +59,9 @@ spec: description: MeshSpec defines the desired state of Mesh. properties: allowEnablingPermissiveMutualTLS: - description: AllowEnablingPermissiveMutualTLS must be true in order - to allow setting MutualTLSMode=permissive in either service-defaults - or proxy-defaults. + description: |- + AllowEnablingPermissiveMutualTLS must be true in order to allow setting + MutualTLSMode=permissive in either service-defaults or proxy-defaults. type: boolean http: description: HTTP defines the HTTP configuration for the service mesh. @@ -71,80 +76,73 @@ spec: mesh. properties: peerThroughMeshGateways: - description: PeerThroughMeshGateways determines whether peering - traffic between control planes should flow through mesh gateways. - If enabled, Consul servers will advertise mesh gateway addresses - as their own. Additionally, mesh gateways will configure themselves - to expose the local servers using a peering-specific SNI. + description: |- + PeerThroughMeshGateways determines whether peering traffic between + control planes should flow through mesh gateways. If enabled, + Consul servers will advertise mesh gateway addresses as their own. + Additionally, mesh gateways will configure themselves to expose + the local servers using a peering-specific SNI. type: boolean type: object tls: description: TLS defines the TLS configuration for the service mesh. properties: incoming: - description: Incoming defines the TLS configuration for inbound - mTLS connections targeting the public listener on Connect and - TerminatingGateway proxy kinds. + description: |- + Incoming defines the TLS configuration for inbound mTLS connections targeting + the public listener on Connect and TerminatingGateway proxy kinds. properties: cipherSuites: - description: CipherSuites sets the default list of TLS cipher - suites to support when negotiating connections using TLS - 1.2 or earlier. If unspecified, Envoy will use a default - server cipher list. The list of supported cipher suites - can be seen in https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169 - and is dependent on underlying support in Envoy. Future - releases of Envoy may remove currently-supported but insecure - cipher suites, and future releases of Consul may add new - supported cipher suites if any are added to Envoy. + description: |- + CipherSuites sets the default list of TLS cipher suites to support when negotiating connections using TLS 1.2 or earlier. + If unspecified, Envoy will use a default server cipher list. The list of supported cipher suites can be seen in + https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169 and is dependent on underlying support in Envoy. + Future releases of Envoy may remove currently-supported but insecure cipher suites, + and future releases of Consul may add new supported cipher suites if any are added to Envoy. items: type: string type: array tlsMaxVersion: - description: TLSMaxVersion sets the default maximum TLS version - supported. Must be greater than or equal to `TLSMinVersion`. + description: |- + TLSMaxVersion sets the default maximum TLS version supported. Must be greater than or equal to `TLSMinVersion`. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. - If unspecified, Envoy will default to TLS 1.3 as a max version - for incoming connections. + If unspecified, Envoy will default to TLS 1.3 as a max version for incoming connections. type: string tlsMinVersion: - description: TLSMinVersion sets the default minimum TLS version - supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will - default to TLS 1.2 as a min version, while older releases - of Envoy default to TLS 1.0. + description: |- + TLSMinVersion sets the default minimum TLS version supported. + One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. + If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, + while older releases of Envoy default to TLS 1.0. type: string type: object outgoing: - description: Outgoing defines the TLS configuration for outbound - mTLS connections dialing upstreams from Connect and IngressGateway - proxy kinds. + description: |- + Outgoing defines the TLS configuration for outbound mTLS connections dialing upstreams + from Connect and IngressGateway proxy kinds. properties: cipherSuites: - description: CipherSuites sets the default list of TLS cipher - suites to support when negotiating connections using TLS - 1.2 or earlier. If unspecified, Envoy will use a default - server cipher list. The list of supported cipher suites - can be seen in https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169 - and is dependent on underlying support in Envoy. Future - releases of Envoy may remove currently-supported but insecure - cipher suites, and future releases of Consul may add new - supported cipher suites if any are added to Envoy. + description: |- + CipherSuites sets the default list of TLS cipher suites to support when negotiating connections using TLS 1.2 or earlier. + If unspecified, Envoy will use a default server cipher list. The list of supported cipher suites can be seen in + https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169 and is dependent on underlying support in Envoy. + Future releases of Envoy may remove currently-supported but insecure cipher suites, + and future releases of Consul may add new supported cipher suites if any are added to Envoy. items: type: string type: array tlsMaxVersion: - description: TLSMaxVersion sets the default maximum TLS version - supported. Must be greater than or equal to `TLSMinVersion`. + description: |- + TLSMaxVersion sets the default maximum TLS version supported. Must be greater than or equal to `TLSMinVersion`. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. - If unspecified, Envoy will default to TLS 1.3 as a max version - for incoming connections. + If unspecified, Envoy will default to TLS 1.3 as a max version for incoming connections. type: string tlsMinVersion: - description: TLSMinVersion sets the default minimum TLS version - supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will - default to TLS 1.2 as a min version, while older releases - of Envoy default to TLS 1.0. + description: |- + TLSMinVersion sets the default minimum TLS version supported. + One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. + If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, + while older releases of Envoy default to TLS 1.0. type: string type: object type: object @@ -153,13 +151,21 @@ spec: to proxies in "transparent" mode. Added in v1.10.0. properties: meshDestinationsOnly: - description: MeshDestinationsOnly determines whether sidecar proxies - operating in "transparent" mode can proxy traffic to IP addresses - not registered in Consul's catalog. If enabled, traffic will - only be proxied to upstreams with service registrations in the - catalog. + description: |- + MeshDestinationsOnly determines whether sidecar proxies operating in "transparent" mode can proxy traffic + to IP addresses not registered in Consul's catalog. If enabled, traffic will only be proxied to upstreams + with service registrations in the catalog. type: boolean type: object + validateClusters: + description: |- + ValidateClusters controls whether the clusters the route table refers to are validated. The default value is + false. When set to false and a route refers to a cluster that does not exist, the route table loads and routing + to a non-existent cluster results in a 404. When set to true and the route is set to a cluster that do not exist, + the route table will not load. For more information, refer to + [HTTP route configuration in the Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route.proto#envoy-v3-api-field-config-route-v3-routeconfiguration-validate-clusters) + for more details. + type: boolean type: object status: properties: @@ -167,8 +173,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-meshservices.yaml b/charts/consul/templates/crd-meshservices.yaml index a5d36fb966..1623749f63 100644 --- a/charts/consul/templates/crd-meshservices.yaml +++ b/charts/consul/templates/crd-meshservices.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -27,14 +27,19 @@ spec: Service Mesh service. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -45,9 +50,9 @@ spec: description: Name holds the service name for a Consul service. type: string peer: - description: Peer optionally specifies the name of the peer exporting - the Consul service. If not specified, the Consul service is assumed - to be in the local datacenter. + description: |- + Peer optionally specifies the name of the peer exporting the Consul service. + If not specified, the Consul service is assumed to be in the local datacenter. type: string type: object type: object diff --git a/charts/consul/templates/crd-peeringacceptors.yaml b/charts/consul/templates/crd-peeringacceptors.yaml index 2352ba7ad3..60b31d986a 100644 --- a/charts/consul/templates/crd-peeringacceptors.yaml +++ b/charts/consul/templates/crd-peeringacceptors.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -41,14 +41,19 @@ spec: description: PeeringAcceptor is the Schema for the peeringacceptors API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -84,8 +89,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-peeringdialers.yaml b/charts/consul/templates/crd-peeringdialers.yaml index 09991d2091..562c760938 100644 --- a/charts/consul/templates/crd-peeringdialers.yaml +++ b/charts/consul/templates/crd-peeringdialers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -41,14 +41,19 @@ spec: description: PeeringDialer is the Schema for the peeringdialers API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -84,8 +89,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-proxyconfigurations.yaml b/charts/consul/templates/crd-proxyconfigurations.yaml index 9a33bd2bab..464fdfeaae 100644 --- a/charts/consul/templates/crd-proxyconfigurations.yaml +++ b/charts/consul/templates/crd-proxyconfigurations.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -41,14 +41,19 @@ spec: description: ProxyConfiguration is the Schema for the TCP Routes API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -56,7 +61,8 @@ spec: description: This is a Resource type. properties: bootstrapConfig: - description: bootstrap_config is the configuration that requires proxies + description: |- + bootstrap_config is the configuration that requires proxies to be restarted to be applied. properties: dogstatsdUrl: @@ -91,7 +97,8 @@ spec: type: string type: object dynamicConfig: - description: dynamic_config is the configuration that could be changed + description: |- + dynamic_config is the configuration that could be changed dynamically (i.e. without needing restart). properties: accessLogs: @@ -99,17 +106,17 @@ spec: access logs properties: disableListenerLogs: - description: DisableListenerLogs turns off just listener logs - for connections rejected by Envoy because they don't have - a matching listener filter. + description: |- + DisableListenerLogs turns off just listener logs for connections rejected by Envoy because they don't + have a matching listener filter. type: boolean enabled: description: Enabled turns off all access logging type: boolean jsonFormat: - description: The presence of one format string or the other - implies the access log string encoding. Defining both is - invalid. + description: |- + The presence of one format string or the other implies the access log string encoding. + Defining both is invalid. type: string path: description: Path is the output file to write logs @@ -127,24 +134,6 @@ spec: format: int32 type: string type: object - envoyExtensions: - items: - description: EnvoyExtension has configuration for an extension - that patches Envoy resources. - properties: - arguments: - type: object - x-kubernetes-preserve-unknown-fields: true - consulVersion: - type: string - envoyVersion: - type: string - name: - type: string - required: - type: boolean - type: object - type: array exposeConfig: properties: exposePaths: @@ -178,7 +167,7 @@ spec: format: int32 type: string maxInboundConnections: - format: int64 + format: int32 type: integer type: object listenerTracingJson: @@ -191,122 +180,130 @@ spec: properties: connectTimeout: description: "A Duration represents a signed, fixed-length - span of time represented as a count of seconds and fractions - of seconds at nanosecond resolution. It is independent - of any calendar and concepts like \"day\" or \"month\". - It is related to Timestamp in that the difference between - two Timestamp values is a Duration and it can be added - or subtracted from a Timestamp. Range is approximately - +-10,000 years. \n # Examples \n Example 1: Compute Duration - from two Timestamps in pseudo code. \n Timestamp start - = ...; Timestamp end = ...; Duration duration = ...; \n - duration.seconds = end.seconds - start.seconds; duration.nanos - = end.nanos - start.nanos; \n if (duration.seconds < 0 - && duration.nanos > 0) { duration.seconds += 1; duration.nanos - -= 1000000000; } else if (duration.seconds > 0 && duration.nanos - < 0) { duration.seconds -= 1; duration.nanos += 1000000000; - } \n Example 2: Compute Timestamp from Timestamp + Duration - in pseudo code. \n Timestamp start = ...; Duration duration - = ...; Timestamp end = ...; \n end.seconds = start.seconds - + duration.seconds; end.nanos = start.nanos + duration.nanos; - \n if (end.nanos < 0) { end.seconds -= 1; end.nanos += - 1000000000; } else if (end.nanos >= 1000000000) { end.seconds - += 1; end.nanos -= 1000000000; } \n Example 3: Compute - Duration from datetime.timedelta in Python. \n td = datetime.timedelta(days=3, - minutes=10) duration = Duration() duration.FromTimedelta(td) - \n # JSON Mapping \n In JSON format, the Duration type - is encoded as a string rather than an object, where the - string ends in the suffix \"s\" (indicating seconds) and - is preceded by the number of seconds, with nanoseconds - expressed as fractional seconds. For example, 3 seconds - with 0 nanoseconds should be encoded in JSON format as - \"3s\", while 3 seconds and 1 nanosecond should be expressed - in JSON format as \"3.000000001s\", and 3 seconds and - 1 microsecond should be expressed in JSON format as \"3.000001s\"." + span of time represented\nas a count of seconds and fractions + of seconds at nanosecond\nresolution. It is independent + of any calendar and concepts like \"day\"\nor \"month\". + It is related to Timestamp in that the difference between\ntwo + Timestamp values is a Duration and it can be added or + subtracted\nfrom a Timestamp. Range is approximately +-10,000 + years.\n\n\n# Examples\n\n\nExample 1: Compute Duration + from two Timestamps in pseudo code.\n\n\n\tTimestamp start + = ...;\n\tTimestamp end = ...;\n\tDuration duration = + ...;\n\n\n\tduration.seconds = end.seconds - start.seconds;\n\tduration.nanos + = end.nanos - start.nanos;\n\n\n\tif (duration.seconds + < 0 && duration.nanos > 0) {\n\t duration.seconds += + 1;\n\t duration.nanos -= 1000000000;\n\t} else if (duration.seconds + > 0 && duration.nanos < 0) {\n\t duration.seconds -= + 1;\n\t duration.nanos += 1000000000;\n\t}\n\n\nExample + 2: Compute Timestamp from Timestamp + Duration in pseudo + code.\n\n\n\tTimestamp start = ...;\n\tDuration duration + = ...;\n\tTimestamp end = ...;\n\n\n\tend.seconds = start.seconds + + duration.seconds;\n\tend.nanos = start.nanos + duration.nanos;\n\n\n\tif + (end.nanos < 0) {\n\t end.seconds -= 1;\n\t end.nanos + += 1000000000;\n\t} else if (end.nanos >= 1000000000) + {\n\t end.seconds += 1;\n\t end.nanos -= 1000000000;\n\t}\n\n\nExample + 3: Compute Duration from datetime.timedelta in Python.\n\n\n\ttd + = datetime.timedelta(days=3, minutes=10)\n\tduration = + Duration()\n\tduration.FromTimedelta(td)\n\n\n# JSON Mapping\n\n\nIn + JSON format, the Duration type is encoded as a string + rather than an\nobject, where the string ends in the suffix + \"s\" (indicating seconds) and\nis preceded by the number + of seconds, with nanoseconds expressed as\nfractional + seconds. For example, 3 seconds with 0 nanoseconds should + be\nencoded in JSON format as \"3s\", while 3 seconds + and 1 nanosecond should\nbe expressed in JSON format as + \"3.000000001s\", and 3 seconds and 1\nmicrosecond should + be expressed in JSON format as \"3.000001s\"." format: duration properties: nanos: - description: Signed fractions of a second at nanosecond - resolution of the span of time. Durations less than - one second are represented with a 0 `seconds` field - and a positive or negative `nanos` field. For durations - of one second or more, a non-zero value for the `nanos` - field must be of the same sign as the `seconds` field. - Must be from -999,999,999 to +999,999,999 inclusive. + description: |- + Signed fractions of a second at nanosecond resolution of the span + of time. Durations less than one second are represented with a 0 + `seconds` field and a positive or negative `nanos` field. For durations + of one second or more, a non-zero value for the `nanos` field must be + of the same sign as the `seconds` field. Must be from -999,999,999 + to +999,999,999 inclusive. format: int32 type: integer seconds: - description: 'Signed seconds of the span of time. Must - be from -315,576,000,000 to +315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * - 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years' + description: |- + Signed seconds of the span of time. Must be from -315,576,000,000 + to +315,576,000,000 inclusive. Note: these bounds are computed from: + 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years format: int64 type: integer type: object requestTimeout: description: "A Duration represents a signed, fixed-length - span of time represented as a count of seconds and fractions - of seconds at nanosecond resolution. It is independent - of any calendar and concepts like \"day\" or \"month\". - It is related to Timestamp in that the difference between - two Timestamp values is a Duration and it can be added - or subtracted from a Timestamp. Range is approximately - +-10,000 years. \n # Examples \n Example 1: Compute Duration - from two Timestamps in pseudo code. \n Timestamp start - = ...; Timestamp end = ...; Duration duration = ...; \n - duration.seconds = end.seconds - start.seconds; duration.nanos - = end.nanos - start.nanos; \n if (duration.seconds < 0 - && duration.nanos > 0) { duration.seconds += 1; duration.nanos - -= 1000000000; } else if (duration.seconds > 0 && duration.nanos - < 0) { duration.seconds -= 1; duration.nanos += 1000000000; - } \n Example 2: Compute Timestamp from Timestamp + Duration - in pseudo code. \n Timestamp start = ...; Duration duration - = ...; Timestamp end = ...; \n end.seconds = start.seconds - + duration.seconds; end.nanos = start.nanos + duration.nanos; - \n if (end.nanos < 0) { end.seconds -= 1; end.nanos += - 1000000000; } else if (end.nanos >= 1000000000) { end.seconds - += 1; end.nanos -= 1000000000; } \n Example 3: Compute - Duration from datetime.timedelta in Python. \n td = datetime.timedelta(days=3, - minutes=10) duration = Duration() duration.FromTimedelta(td) - \n # JSON Mapping \n In JSON format, the Duration type - is encoded as a string rather than an object, where the - string ends in the suffix \"s\" (indicating seconds) and - is preceded by the number of seconds, with nanoseconds - expressed as fractional seconds. For example, 3 seconds - with 0 nanoseconds should be encoded in JSON format as - \"3s\", while 3 seconds and 1 nanosecond should be expressed - in JSON format as \"3.000000001s\", and 3 seconds and - 1 microsecond should be expressed in JSON format as \"3.000001s\"." + span of time represented\nas a count of seconds and fractions + of seconds at nanosecond\nresolution. It is independent + of any calendar and concepts like \"day\"\nor \"month\". + It is related to Timestamp in that the difference between\ntwo + Timestamp values is a Duration and it can be added or + subtracted\nfrom a Timestamp. Range is approximately +-10,000 + years.\n\n\n# Examples\n\n\nExample 1: Compute Duration + from two Timestamps in pseudo code.\n\n\n\tTimestamp start + = ...;\n\tTimestamp end = ...;\n\tDuration duration = + ...;\n\n\n\tduration.seconds = end.seconds - start.seconds;\n\tduration.nanos + = end.nanos - start.nanos;\n\n\n\tif (duration.seconds + < 0 && duration.nanos > 0) {\n\t duration.seconds += + 1;\n\t duration.nanos -= 1000000000;\n\t} else if (duration.seconds + > 0 && duration.nanos < 0) {\n\t duration.seconds -= + 1;\n\t duration.nanos += 1000000000;\n\t}\n\n\nExample + 2: Compute Timestamp from Timestamp + Duration in pseudo + code.\n\n\n\tTimestamp start = ...;\n\tDuration duration + = ...;\n\tTimestamp end = ...;\n\n\n\tend.seconds = start.seconds + + duration.seconds;\n\tend.nanos = start.nanos + duration.nanos;\n\n\n\tif + (end.nanos < 0) {\n\t end.seconds -= 1;\n\t end.nanos + += 1000000000;\n\t} else if (end.nanos >= 1000000000) + {\n\t end.seconds += 1;\n\t end.nanos -= 1000000000;\n\t}\n\n\nExample + 3: Compute Duration from datetime.timedelta in Python.\n\n\n\ttd + = datetime.timedelta(days=3, minutes=10)\n\tduration = + Duration()\n\tduration.FromTimedelta(td)\n\n\n# JSON Mapping\n\n\nIn + JSON format, the Duration type is encoded as a string + rather than an\nobject, where the string ends in the suffix + \"s\" (indicating seconds) and\nis preceded by the number + of seconds, with nanoseconds expressed as\nfractional + seconds. For example, 3 seconds with 0 nanoseconds should + be\nencoded in JSON format as \"3s\", while 3 seconds + and 1 nanosecond should\nbe expressed in JSON format as + \"3.000000001s\", and 3 seconds and 1\nmicrosecond should + be expressed in JSON format as \"3.000001s\"." format: duration properties: nanos: - description: Signed fractions of a second at nanosecond - resolution of the span of time. Durations less than - one second are represented with a 0 `seconds` field - and a positive or negative `nanos` field. For durations - of one second or more, a non-zero value for the `nanos` - field must be of the same sign as the `seconds` field. - Must be from -999,999,999 to +999,999,999 inclusive. + description: |- + Signed fractions of a second at nanosecond resolution of the span + of time. Durations less than one second are represented with a 0 + `seconds` field and a positive or negative `nanos` field. For durations + of one second or more, a non-zero value for the `nanos` field must be + of the same sign as the `seconds` field. Must be from -999,999,999 + to +999,999,999 inclusive. format: int32 type: integer seconds: - description: 'Signed seconds of the span of time. Must - be from -315,576,000,000 to +315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * - 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years' + description: |- + Signed seconds of the span of time. Must be from -315,576,000,000 + to +315,576,000,000 inclusive. Note: these bounds are computed from: + 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years format: int64 type: integer type: object type: object - description: local_connection is the configuration that should - be used to connect to the local application provided per-port. + description: |- + local_connection is the configuration that should be used + to connect to the local application provided per-port. The map keys should correspond to port names on the workload. type: object localWorkloadAddress: - description: "deprecated: local_workload_address, local_workload_port, - and local_workload_socket_path are deprecated and are only needed - for migration of existing resources. \n Deprecated: Marked as - deprecated in pbmesh/v2beta1/proxy_configuration.proto." + description: |- + deprecated: + local_workload_address, local_workload_port, and local_workload_socket_path + are deprecated and are only needed for migration of existing resources. + + + Deprecated: Marked as deprecated in pbmesh/v2beta1/proxy_configuration.proto. type: string localWorkloadPort: description: 'Deprecated: Marked as deprecated in pbmesh/v2beta1/proxy_configuration.proto.' @@ -344,26 +341,31 @@ spec: transparentProxy: properties: dialedDirectly: - description: dialed_directly indicates whether this proxy - should be dialed using original destination IP in the connection - rather than load balance between all endpoints. + description: |- + dialed_directly indicates whether this proxy should be dialed using original destination IP + in the connection rather than load balance between all endpoints. type: boolean outboundListenerPort: - description: outbound_listener_port is the port for the proxy's - outbound listener. This defaults to 15001. + description: |- + outbound_listener_port is the port for the proxy's outbound listener. + This defaults to 15001. format: int32 type: integer type: object type: object opaqueConfig: - description: "deprecated: prevent usage when using v2 APIs directly. - needed for backwards compatibility \n Deprecated: Marked as deprecated - in pbmesh/v2beta1/proxy_configuration.proto." + description: |- + deprecated: prevent usage when using v2 APIs directly. + needed for backwards compatibility + + + Deprecated: Marked as deprecated in pbmesh/v2beta1/proxy_configuration.proto. type: object x-kubernetes-preserve-unknown-fields: true workloads: - description: Selection of workloads this proxy configuration should - apply to. These can be prefixes or specific workload names. + description: |- + Selection of workloads this proxy configuration should apply to. + These can be prefixes or specific workload names. properties: filter: type: string @@ -383,8 +385,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-proxydefaults.yaml b/charts/consul/templates/crd-proxydefaults.yaml index ce49c9149a..a5fa8178f3 100644 --- a/charts/consul/templates/crd-proxydefaults.yaml +++ b/charts/consul/templates/crd-proxydefaults.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -41,14 +41,19 @@ spec: description: ProxyDefaults is the Schema for the proxydefaults API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -60,37 +65,40 @@ spec: configuration. properties: disableListenerLogs: - description: DisableListenerLogs turns off just listener logs - for connections rejected by Envoy because they don't have a - matching listener filter. + description: |- + DisableListenerLogs turns off just listener logs for connections rejected by Envoy because they don't + have a matching listener filter. type: boolean enabled: description: Enabled turns on all access logging type: boolean jsonFormat: - description: 'JSONFormat is a JSON-formatted string of an Envoy - access log format dictionary. See for more info on formatting: - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#format-dictionaries - Defining JSONFormat and TextFormat is invalid.' + description: |- + JSONFormat is a JSON-formatted string of an Envoy access log format dictionary. + See for more info on formatting: https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#format-dictionaries + Defining JSONFormat and TextFormat is invalid. type: string path: description: Path is the output file to write logs for file-type logging type: string textFormat: - description: 'TextFormat is a representation of Envoy access logs - format. See for more info on formatting: https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#format-strings - Defining JSONFormat and TextFormat is invalid.' + description: |- + TextFormat is a representation of Envoy access logs format. + See for more info on formatting: https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#format-strings + Defining JSONFormat and TextFormat is invalid. type: string type: - description: Type selects the output for logs one of "file", "stderr". - "stdout" + description: |- + Type selects the output for logs + one of "file", "stderr". "stdout" type: string type: object config: - description: Config is an arbitrary map of configuration values used - by Connect proxies. Any values that your proxy allows can be configured - globally here. Supports JSON config values. See https://www.consul.io/docs/connect/proxies/envoy#configuration-formatting + description: |- + Config is an arbitrary map of configuration values used by Connect proxies. + Any values that your proxy allows can be configured globally here. + Supports JSON config values. See https://www.consul.io/docs/connect/proxies/envoy#configuration-formatting type: object x-kubernetes-preserve-unknown-fields: true envoyExtensions: @@ -114,9 +122,9 @@ spec: for Envoy. properties: checks: - description: Checks defines whether paths associated with Consul - checks will be exposed. This flag triggers exposing all HTTP - and GRPC check paths registered for the service. + description: |- + Checks defines whether paths associated with Consul checks will be exposed. + This flag triggers exposing all HTTP and GRPC check paths registered for the service. type: boolean paths: description: Paths is the list of paths exposed through the proxy. @@ -135,7 +143,8 @@ spec: ie. "/metrics". type: string protocol: - description: Protocol describes the upstream's service protocol. + description: |- + Protocol describes the upstream's service protocol. Valid values are "http" and "http2", defaults to "http". type: string type: object @@ -146,14 +155,14 @@ spec: failover. properties: mode: - description: Mode specifies the type of failover that will be - performed. Valid values are "sequential", "" (equivalent to - "sequential") and "order-by-locality". + description: |- + Mode specifies the type of failover that will be performed. Valid values are + "sequential", "" (equivalent to "sequential") and "order-by-locality". type: string regions: - description: Regions is the ordered list of the regions of the - failover targets. Valid values can be "us-west-1", "us-west-2", - and so on. + description: |- + Regions is the ordered list of the regions of the failover targets. + Valid values can be "us-west-1", "us-west-2", and so on. items: type: string type: array @@ -163,59 +172,62 @@ spec: for this service. properties: mode: - description: Mode is the mode that should be used for the upstream - connection. One of none, local, or remote. + description: |- + Mode is the mode that should be used for the upstream connection. + One of none, local, or remote. type: string type: object mode: - description: 'Mode can be one of "direct" or "transparent". "transparent" - represents that inbound and outbound application traffic is being - captured and redirected through the proxy. This mode does not enable - the traffic redirection itself. Instead it signals Consul to configure - Envoy as if traffic is already being redirected. "direct" represents - that the proxy''s listeners must be dialed directly by the local - application and other proxies. Note: This cannot be set using the - CRD and should be set using annotations on the services that are - part of the mesh.' + description: |- + Mode can be one of "direct" or "transparent". "transparent" represents that inbound and outbound + application traffic is being captured and redirected through the proxy. This mode does not + enable the traffic redirection itself. Instead it signals Consul to configure Envoy as if + traffic is already being redirected. "direct" represents that the proxy's listeners must be + dialed directly by the local application and other proxies. + Note: This cannot be set using the CRD and should be set using annotations on the + services that are part of the mesh. type: string mutualTLSMode: - description: 'MutualTLSMode controls whether mutual TLS is required - for all incoming connections when transparent proxy is enabled. - This can be set to "permissive" or "strict". "strict" is the default - which requires mutual TLS for incoming connections. In the insecure - "permissive" mode, connections to the sidecar proxy public listener - port require mutual TLS, but connections to the service port do - not require mutual TLS and are proxied to the application unmodified. - Note: Intentions are not enforced for non-mTLS connections. To keep - your services secure, we recommend using "strict" mode whenever - possible and enabling "permissive" mode only when necessary.' + description: |- + MutualTLSMode controls whether mutual TLS is required for all incoming + connections when transparent proxy is enabled. This can be set to + "permissive" or "strict". "strict" is the default which requires mutual + TLS for incoming connections. In the insecure "permissive" mode, + connections to the sidecar proxy public listener port require mutual + TLS, but connections to the service port do not require mutual TLS and + are proxied to the application unmodified. Note: Intentions are not + enforced for non-mTLS connections. To keep your services secure, we + recommend using "strict" mode whenever possible and enabling + "permissive" mode only when necessary. type: string prioritizeByLocality: - description: PrioritizeByLocality controls whether the locality of - services within the local partition will be used to prioritize connectivity. + description: |- + PrioritizeByLocality controls whether the locality of services within the + local partition will be used to prioritize connectivity. properties: mode: - description: 'Mode specifies the type of prioritization that will - be performed when selecting nodes in the local partition. Valid - values are: "" (default "none"), "none", and "failover".' + description: |- + Mode specifies the type of prioritization that will be performed + when selecting nodes in the local partition. + Valid values are: "" (default "none"), "none", and "failover". type: string type: object transparentProxy: - description: 'TransparentProxy controls configuration specific to - proxies in transparent mode. Note: This cannot be set using the - CRD and should be set using annotations on the services that are - part of the mesh.' + description: |- + TransparentProxy controls configuration specific to proxies in transparent mode. + Note: This cannot be set using the CRD and should be set using annotations on the + services that are part of the mesh. properties: dialedDirectly: - description: DialedDirectly indicates whether transparent proxies - can dial this proxy instance directly. The discovery chain is - not considered when dialing a service instance directly. This - setting is useful when addressing stateful services, such as - a database cluster with a leader node. + description: |- + DialedDirectly indicates whether transparent proxies can dial this proxy instance directly. + The discovery chain is not considered when dialing a service instance directly. + This setting is useful when addressing stateful services, such as a database cluster with a leader node. type: boolean outboundListenerPort: - description: OutboundListenerPort is the port of the listener - where outbound application traffic is being redirected to. + description: |- + OutboundListenerPort is the port of the listener where outbound application + traffic is being redirected to. type: integer type: object type: object @@ -225,8 +237,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-referencegrants-external.yaml b/charts/consul/templates/crd-referencegrants-external.yaml index 6ae177d987..db9cf12027 100644 --- a/charts/consul/templates/crd-referencegrants-external.yaml +++ b/charts/consul/templates/crd-referencegrants-external.yaml @@ -1,21 +1,18 @@ {{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }} -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1538 + gateway.networking.k8s.io/bundle-version: v0.6.2 + gateway.networking.k8s.io/channel: experimental + creationTimestamp: null labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: crd - gateway.networking.k8s.io/bundle-version: v0.6.2 - gateway.networking.k8s.io/channel: experimental - creationTimestamp: null name: referencegrants.gateway.networking.k8s.io spec: group: gateway.networking.k8s.io diff --git a/charts/consul/templates/crd-routeauthfilters.yaml b/charts/consul/templates/crd-routeauthfilters.yaml index a51bf226cd..65403e657a 100644 --- a/charts/consul/templates/crd-routeauthfilters.yaml +++ b/charts/consul/templates/crd-routeauthfilters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -39,14 +39,19 @@ spec: description: RouteAuthFilter is the Schema for the routeauthfilters API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -65,9 +70,9 @@ spec: verification information. properties: name: - description: Name is the name of the JWT provider. There - MUST be a corresponding "jwt-provider" config entry with - this name. + description: |- + Name is the name of the JWT provider. There MUST be a corresponding + "jwt-provider" config entry with this name. type: string verifyClaims: description: VerifyClaims is a list of additional claims @@ -83,11 +88,14 @@ spec: type: string type: array value: - description: "Value is the expected value at the given - path: - If the type at the path is a list then we - verify that this value is contained in the list. - \n - If the type at the path is a string then we - verify that this value matches." + description: |- + Value is the expected value at the given path: + - If the type at the path is a list then we verify + that this value is contained in the list. + + + - If the type at the path is a string then we verify + that this value matches. type: string required: - path @@ -117,46 +125,53 @@ spec: reason: Pending status: Unknown type: ResolvedRefs - description: "Conditions describe the current conditions of the Filter. - \n Known condition types are: \n * \"Accepted\" * \"ResolvedRefs\"" + description: |- + Conditions describe the current conditions of the Filter. + + + Known condition types are: + + + * "Accepted" + * "ResolvedRefs" items: description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -170,11 +185,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/charts/consul/templates/crd-routeretryfilters.yaml b/charts/consul/templates/crd-routeretryfilters.yaml index 14b6062f60..d26dff9c56 100644 --- a/charts/consul/templates/crd-routeretryfilters.yaml +++ b/charts/consul/templates/crd-routeretryfilters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -39,14 +39,19 @@ spec: description: RouteRetryFilter is the Schema for the routeretryfilters API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -75,8 +80,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-routetimeoutfilters.yaml b/charts/consul/templates/crd-routetimeoutfilters.yaml index 95ab50320d..568b025204 100644 --- a/charts/consul/templates/crd-routetimeoutfilters.yaml +++ b/charts/consul/templates/crd-routetimeoutfilters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -40,14 +40,19 @@ spec: API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,8 +60,10 @@ spec: description: RouteTimeoutFilterSpec defines the desired state of RouteTimeoutFilter. properties: idleTimeout: + format: duration type: string requestTimeout: + format: duration type: string type: object status: @@ -65,8 +72,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-samenessgroups.yaml b/charts/consul/templates/crd-samenessgroups.yaml index ea0ad7c8a0..29cd24f361 100644 --- a/charts/consul/templates/crd-samenessgroups.yaml +++ b/charts/consul/templates/crd-samenessgroups.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -41,14 +41,19 @@ spec: description: SamenessGroup is the Schema for the samenessgroups API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -56,27 +61,25 @@ spec: description: SamenessGroupSpec defines the desired state of SamenessGroup. properties: defaultForFailover: - description: DefaultForFailover indicates that upstream requests to - members of the given sameness group will implicitly failover between - members of this sameness group. When DefaultForFailover is true, - the local partition must be a member of the sameness group or IncludeLocal - must be set to true. + description: |- + DefaultForFailover indicates that upstream requests to members of the given sameness group will implicitly failover between members of this sameness group. + When DefaultForFailover is true, the local partition must be a member of the sameness group or IncludeLocal must be set to true. type: boolean includeLocal: - description: IncludeLocal is used to include the local partition as - the first member of the sameness group. The local partition can - only be a member of a single sameness group. + description: |- + IncludeLocal is used to include the local partition as the first member of the sameness group. + The local partition can only be a member of a single sameness group. type: boolean members: - description: Members are the partitions and peers that are part of - the sameness group. If a member of a sameness group does not exist, - it will be ignored. + description: |- + Members are the partitions and peers that are part of the sameness group. + If a member of a sameness group does not exist, it will be ignored. items: properties: partition: - description: The partitions and peers that are part of the sameness - group. A sameness group member cannot define both peer and - partition at the same time. + description: |- + The partitions and peers that are part of the sameness group. + A sameness group member cannot define both peer and partition at the same time. type: string peer: type: string @@ -89,8 +92,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-servicedefaults.yaml b/charts/consul/templates/crd-servicedefaults.yaml index c7e2b5bb2b..a976d0989b 100644 --- a/charts/consul/templates/crd-servicedefaults.yaml +++ b/charts/consul/templates/crd-servicedefaults.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -41,14 +41,19 @@ spec: description: ServiceDefaults is the Schema for the servicedefaults API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -56,27 +61,29 @@ spec: description: ServiceDefaultsSpec defines the desired state of ServiceDefaults. properties: balanceInboundConnections: - description: BalanceInboundConnections sets the strategy for allocating - inbound connections to the service across proxy threads. The only - supported value is exact_balance. By default, no connection balancing - is used. Refer to the Envoy Connection Balance config for details. + description: |- + BalanceInboundConnections sets the strategy for allocating inbound connections to the service across + proxy threads. The only supported value is exact_balance. By default, no connection balancing is used. + Refer to the Envoy Connection Balance config for details. type: string destination: - description: Destination is an address(es)/port combination that represents - an endpoint outside the mesh. This is only valid when the mesh is - configured in "transparent" mode. Destinations live outside of Consul's - catalog, and because of this, they do not require an artificial - node to be created. + description: |- + Destination is an address(es)/port combination that represents an endpoint + outside the mesh. This is only valid when the mesh is configured in "transparent" + mode. Destinations live outside of Consul's catalog, and because of this, they + do not require an artificial node to be created. properties: addresses: - description: Addresses is a list of IPs and/or hostnames that - can be dialed and routed through a terminating gateway. + description: |- + Addresses is a list of IPs and/or hostnames that can be dialed + and routed through a terminating gateway. items: type: string type: array port: - description: Port is the port that can be dialed on any of the - addresses in this Destination. + description: |- + Port is the port that can be dialed on any of the addresses in this + Destination. format: int32 type: integer type: object @@ -101,9 +108,9 @@ spec: for Envoy. properties: checks: - description: Checks defines whether paths associated with Consul - checks will be exposed. This flag triggers exposing all HTTP - and GRPC check paths registered for the service. + description: |- + Checks defines whether paths associated with Consul checks will be exposed. + This flag triggers exposing all HTTP and GRPC check paths registered for the service. type: boolean paths: description: Paths is the list of paths exposed through the proxy. @@ -122,99 +129,107 @@ spec: ie. "/metrics". type: string protocol: - description: Protocol describes the upstream's service protocol. + description: |- + Protocol describes the upstream's service protocol. Valid values are "http" and "http2", defaults to "http". type: string type: object type: array type: object externalSNI: - description: ExternalSNI is an optional setting that allows for the - TLS SNI value to be changed to a non-connect value when federating - with an external system. + description: |- + ExternalSNI is an optional setting that allows for the TLS SNI value + to be changed to a non-connect value when federating with an external system. type: string localConnectTimeoutMs: - description: LocalConnectTimeoutMs is the number of milliseconds allowed - to make connections to the local application instance before timing - out. Defaults to 5000. + description: |- + LocalConnectTimeoutMs is the number of milliseconds allowed to make connections to the local application + instance before timing out. Defaults to 5000. type: integer localRequestTimeoutMs: - description: LocalRequestTimeoutMs is the timeout for HTTP requests - to the local application instance in milliseconds. Applies to HTTP-based - protocols only. If not specified, inherits the Envoy default for + description: |- + LocalRequestTimeoutMs is the timeout for HTTP requests to the local application instance in milliseconds. + Applies to HTTP-based protocols only. If not specified, inherits the Envoy default for route timeouts (15s). type: integer maxInboundConnections: - description: MaxInboundConnections is the maximum number of concurrent - inbound connections to each service instance. Defaults to 0 (using - consul's default) if not set. + description: |- + MaxInboundConnections is the maximum number of concurrent inbound connections to + each service instance. Defaults to 0 (using consul's default) if not set. type: integer meshGateway: description: MeshGateway controls the default mesh gateway configuration for this service. properties: mode: - description: Mode is the mode that should be used for the upstream - connection. One of none, local, or remote. + description: |- + Mode is the mode that should be used for the upstream connection. + One of none, local, or remote. type: string type: object mode: - description: 'Mode can be one of "direct" or "transparent". "transparent" - represents that inbound and outbound application traffic is being - captured and redirected through the proxy. This mode does not enable - the traffic redirection itself. Instead it signals Consul to configure - Envoy as if traffic is already being redirected. "direct" represents - that the proxy''s listeners must be dialed directly by the local - application and other proxies. Note: This cannot be set using the - CRD and should be set using annotations on the services that are - part of the mesh.' + description: |- + Mode can be one of "direct" or "transparent". "transparent" represents that inbound and outbound + application traffic is being captured and redirected through the proxy. This mode does not + enable the traffic redirection itself. Instead it signals Consul to configure Envoy as if + traffic is already being redirected. "direct" represents that the proxy's listeners must be + dialed directly by the local application and other proxies. + Note: This cannot be set using the CRD and should be set using annotations on the + services that are part of the mesh. type: string mutualTLSMode: - description: 'MutualTLSMode controls whether mutual TLS is required - for all incoming connections when transparent proxy is enabled. - This can be set to "permissive" or "strict". "strict" is the default - which requires mutual TLS for incoming connections. In the insecure - "permissive" mode, connections to the sidecar proxy public listener - port require mutual TLS, but connections to the service port do - not require mutual TLS and are proxied to the application unmodified. - Note: Intentions are not enforced for non-mTLS connections. To keep - your services secure, we recommend using "strict" mode whenever - possible and enabling "permissive" mode only when necessary.' + description: |- + MutualTLSMode controls whether mutual TLS is required for all incoming + connections when transparent proxy is enabled. This can be set to + "permissive" or "strict". "strict" is the default which requires mutual + TLS for incoming connections. In the insecure "permissive" mode, + connections to the sidecar proxy public listener port require mutual + TLS, but connections to the service port do not require mutual TLS and + are proxied to the application unmodified. Note: Intentions are not + enforced for non-mTLS connections. To keep your services secure, we + recommend using "strict" mode whenever possible and enabling + "permissive" mode only when necessary. type: string protocol: - description: Protocol sets the protocol of the service. This is used - by Connect proxies for things like observability features and to - unlock usage of the service-splitter and service-router config entries - for a service. + description: |- + Protocol sets the protocol of the service. This is used by Connect proxies for + things like observability features and to unlock usage of the + service-splitter and service-router config entries for a service. type: string rateLimits: - description: RateLimits is rate limiting configuration that is applied - to inbound traffic for a service. Rate limiting is a Consul enterprise - feature. + description: |- + RateLimits is rate limiting configuration that is applied to + inbound traffic for a service. Rate limiting is a Consul enterprise feature. properties: instanceLevel: - description: InstanceLevel represents rate limit configuration + description: |- + InstanceLevel represents rate limit configuration that is applied per service instance. properties: requestsMaxBurst: - description: "RequestsMaxBurst is the maximum number of requests - that can be sent in a burst. Should be equal to or greater - than RequestsPerSecond. If unset, defaults to RequestsPerSecond. - \n Internally, this is the maximum size of the token bucket - used for rate limiting." + description: |- + RequestsMaxBurst is the maximum number of requests that can be sent + in a burst. Should be equal to or greater than RequestsPerSecond. + If unset, defaults to RequestsPerSecond. + + + Internally, this is the maximum size of the token bucket used for rate limiting. type: integer requestsPerSecond: - description: "RequestsPerSecond is the average number of requests - per second that can be made without being throttled. This - field is required if RequestsMaxBurst is set. The allowed - number of requests may exceed RequestsPerSecond up to the - value specified in RequestsMaxBurst. \n Internally, this - is the refill rate of the token bucket used for rate limiting." + description: |- + RequestsPerSecond is the average number of requests per second that can be + made without being throttled. This field is required if RequestsMaxBurst + is set. The allowed number of requests may exceed RequestsPerSecond up to + the value specified in RequestsMaxBurst. + + + Internally, this is the refill rate of the token bucket used for rate limiting. type: integer routes: - description: Routes is a list of rate limits applied to specific - routes. For a given request, the first matching route will - be applied, if any. Overrides any top-level configuration. + description: |- + Routes is a list of rate limits applied to specific routes. + For a given request, the first matching route will be applied, if any. + Overrides any top-level configuration. items: properties: pathExact: @@ -230,94 +245,94 @@ spec: PathPrefix, or PathRegex must be specified. type: string requestsMaxBurst: - description: RequestsMaxBurst is the maximum number - of requests that can be sent in a burst. Should be - equal to or greater than RequestsPerSecond. If unset, - defaults to RequestsPerSecond. Internally, this is - the maximum size of the token bucket used for rate - limiting. + description: |- + RequestsMaxBurst is the maximum number of requests that can be sent + in a burst. Should be equal to or greater than RequestsPerSecond. If unset, + defaults to RequestsPerSecond. Internally, this is the maximum size of the token + bucket used for rate limiting. type: integer requestsPerSecond: - description: RequestsPerSecond is the average number - of requests per second that can be made without being - throttled. This field is required if RequestsMaxBurst - is set. The allowed number of requests may exceed + description: |- + RequestsPerSecond is the average number of requests per + second that can be made without being throttled. This field is required + if RequestsMaxBurst is set. The allowed number of requests may exceed RequestsPerSecond up to the value specified in RequestsMaxBurst. - Internally, this is the refill rate of the token bucket - used for rate limiting. + Internally, this is the refill rate of the token bucket used for rate limiting. type: integer type: object type: array type: object type: object transparentProxy: - description: 'TransparentProxy controls configuration specific to - proxies in transparent mode. Note: This cannot be set using the - CRD and should be set using annotations on the services that are - part of the mesh.' + description: |- + TransparentProxy controls configuration specific to proxies in transparent mode. + Note: This cannot be set using the CRD and should be set using annotations on the + services that are part of the mesh. properties: dialedDirectly: - description: DialedDirectly indicates whether transparent proxies - can dial this proxy instance directly. The discovery chain is - not considered when dialing a service instance directly. This - setting is useful when addressing stateful services, such as - a database cluster with a leader node. + description: |- + DialedDirectly indicates whether transparent proxies can dial this proxy instance directly. + The discovery chain is not considered when dialing a service instance directly. + This setting is useful when addressing stateful services, such as a database cluster with a leader node. type: boolean outboundListenerPort: - description: OutboundListenerPort is the port of the listener - where outbound application traffic is being redirected to. + description: |- + OutboundListenerPort is the port of the listener where outbound application + traffic is being redirected to. type: integer type: object upstreamConfig: - description: UpstreamConfig controls default configuration settings - that apply across all upstreams, and per-upstream configuration - overrides. Note that per-upstream configuration applies across all - federated datacenters to the pairing of source and upstream destination - services. + description: |- + UpstreamConfig controls default configuration settings that apply across all upstreams, + and per-upstream configuration overrides. Note that per-upstream configuration applies + across all federated datacenters to the pairing of source and upstream destination services. properties: defaults: - description: Defaults contains default configuration for all upstreams - of a given service. The name field must be empty. + description: |- + Defaults contains default configuration for all upstreams of a given + service. The name field must be empty. properties: connectTimeoutMs: - description: ConnectTimeoutMs is the number of milliseconds - to timeout making a new connection to this upstream. Defaults - to 5000 (5 seconds) if not set. + description: |- + ConnectTimeoutMs is the number of milliseconds to timeout making a new + connection to this upstream. Defaults to 5000 (5 seconds) if not set. type: integer envoyClusterJSON: - description: 'EnvoyClusterJSON is a complete override ("escape - hatch") for the upstream''s cluster. The Connect client - TLS certificate and context will be injected overriding - any TLS settings present. Note: This escape hatch is NOT - compatible with the discovery chain and will be ignored - if a discovery chain is active.' + description: |- + EnvoyClusterJSON is a complete override ("escape hatch") for the upstream's + cluster. The Connect client TLS certificate and context will be injected + overriding any TLS settings present. + Note: This escape hatch is NOT compatible with the discovery chain and + will be ignored if a discovery chain is active. type: string envoyListenerJSON: - description: 'EnvoyListenerJSON is a complete override ("escape - hatch") for the upstream''s listener. Note: This escape - hatch is NOT compatible with the discovery chain and will - be ignored if a discovery chain is active.' + description: |- + EnvoyListenerJSON is a complete override ("escape hatch") for the upstream's + listener. + Note: This escape hatch is NOT compatible with the discovery chain and + will be ignored if a discovery chain is active. type: string limits: - description: Limits are the set of limits that are applied - to the proxy for a specific upstream of a service instance. + description: |- + Limits are the set of limits that are applied to the proxy for a specific upstream of a + service instance. properties: maxConcurrentRequests: - description: MaxConcurrentRequests is the maximum number - of in-flight requests that will be allowed to the upstream - cluster at a point in time. This is mostly applicable - to HTTP/2 clusters since all HTTP/1.1 requests are limited - by MaxConnections. + description: |- + MaxConcurrentRequests is the maximum number of in-flight requests that will be allowed + to the upstream cluster at a point in time. This is mostly applicable to HTTP/2 + clusters since all HTTP/1.1 requests are limited by MaxConnections. type: integer maxConnections: - description: MaxConnections is the maximum number of connections - the local proxy can make to the upstream service. + description: |- + MaxConnections is the maximum number of connections the local proxy can + make to the upstream service. type: integer maxPendingRequests: - description: MaxPendingRequests is the maximum number - of requests that will be queued waiting for an available - connection. This is mostly applicable to HTTP/1.1 clusters - since all HTTP/2 requests are streamed over a single + description: |- + MaxPendingRequests is the maximum number of requests that will be queued + waiting for an available connection. This is mostly applicable to HTTP/1.1 + clusters since all HTTP/2 requests are streamed over a single connection. type: integer type: object @@ -326,8 +341,9 @@ spec: are configured and used. properties: mode: - description: Mode is the mode that should be used for - the upstream connection. One of none, local, or remote. + description: |- + Mode is the mode that should be used for the upstream connection. + One of none, local, or remote. type: string type: object name: @@ -343,42 +359,40 @@ spec: config entry. type: string passiveHealthCheck: - description: PassiveHealthCheck configuration determines how - upstream proxy instances will be monitored for removal from - the load balancing pool. + description: |- + PassiveHealthCheck configuration determines how upstream proxy instances will + be monitored for removal from the load balancing pool. properties: baseEjectionTime: - description: The base time that a host is ejected for. - The real time is equal to the base time multiplied by - the number of times the host has been ejected and is - capped by max_ejection_time (Default 300s). Defaults - to 30s. + description: |- + The base time that a host is ejected for. The real time is equal to the base time + multiplied by the number of times the host has been ejected and is capped by + max_ejection_time (Default 300s). Defaults to 30s. type: string enforcingConsecutive5xx: - description: EnforcingConsecutive5xx is the % chance that - a host will be actually ejected when an outlier status - is detected through consecutive 5xx. This setting can - be used to disable ejection or to ramp it up slowly. - Ex. Setting this to 10 will make it a 10% chance that - the host will be ejected. + description: |- + EnforcingConsecutive5xx is the % chance that a host will be actually ejected + when an outlier status is detected through consecutive 5xx. + This setting can be used to disable ejection or to ramp it up slowly. + Ex. Setting this to 10 will make it a 10% chance that the host will be ejected. format: int32 type: integer interval: - description: Interval between health check analysis sweeps. - Each sweep may remove hosts or return hosts to the pool. - Ex. setting this to "10s" will set the interval to 10 - seconds. + description: |- + Interval between health check analysis sweeps. Each sweep may remove + hosts or return hosts to the pool. Ex. setting this to "10s" will set + the interval to 10 seconds. type: string maxEjectionPercent: - description: The maximum % of an upstream cluster that - can be ejected due to outlier detection. Defaults to - 10% but will eject at least one host regardless of the - value. + description: |- + The maximum % of an upstream cluster that can be ejected due to outlier detection. + Defaults to 10% but will eject at least one host regardless of the value. format: int32 type: integer maxFailures: - description: MaxFailures is the count of consecutive failures - that results in a host being removed from the pool. + description: |- + MaxFailures is the count of consecutive failures that results in a host + being removed from the pool. format: int32 type: integer type: object @@ -387,59 +401,61 @@ spec: config entry. type: string protocol: - description: Protocol describes the upstream's service protocol. - Valid values are "tcp", "http" and "grpc". Anything else - is treated as tcp. This enables protocol aware features - like per-request metrics and connection pooling, tracing, + description: |- + Protocol describes the upstream's service protocol. Valid values are "tcp", + "http" and "grpc". Anything else is treated as tcp. This enables protocol + aware features like per-request metrics and connection pooling, tracing, routing etc. type: string type: object overrides: - description: Overrides is a slice of per-service configuration. - The name field is required. + description: |- + Overrides is a slice of per-service configuration. The name field is + required. items: properties: connectTimeoutMs: - description: ConnectTimeoutMs is the number of milliseconds - to timeout making a new connection to this upstream. Defaults - to 5000 (5 seconds) if not set. + description: |- + ConnectTimeoutMs is the number of milliseconds to timeout making a new + connection to this upstream. Defaults to 5000 (5 seconds) if not set. type: integer envoyClusterJSON: - description: 'EnvoyClusterJSON is a complete override ("escape - hatch") for the upstream''s cluster. The Connect client - TLS certificate and context will be injected overriding - any TLS settings present. Note: This escape hatch is NOT - compatible with the discovery chain and will be ignored - if a discovery chain is active.' + description: |- + EnvoyClusterJSON is a complete override ("escape hatch") for the upstream's + cluster. The Connect client TLS certificate and context will be injected + overriding any TLS settings present. + Note: This escape hatch is NOT compatible with the discovery chain and + will be ignored if a discovery chain is active. type: string envoyListenerJSON: - description: 'EnvoyListenerJSON is a complete override ("escape - hatch") for the upstream''s listener. Note: This escape - hatch is NOT compatible with the discovery chain and will - be ignored if a discovery chain is active.' + description: |- + EnvoyListenerJSON is a complete override ("escape hatch") for the upstream's + listener. + Note: This escape hatch is NOT compatible with the discovery chain and + will be ignored if a discovery chain is active. type: string limits: - description: Limits are the set of limits that are applied - to the proxy for a specific upstream of a service instance. + description: |- + Limits are the set of limits that are applied to the proxy for a specific upstream of a + service instance. properties: maxConcurrentRequests: - description: MaxConcurrentRequests is the maximum number - of in-flight requests that will be allowed to the - upstream cluster at a point in time. This is mostly - applicable to HTTP/2 clusters since all HTTP/1.1 requests - are limited by MaxConnections. + description: |- + MaxConcurrentRequests is the maximum number of in-flight requests that will be allowed + to the upstream cluster at a point in time. This is mostly applicable to HTTP/2 + clusters since all HTTP/1.1 requests are limited by MaxConnections. type: integer maxConnections: - description: MaxConnections is the maximum number of - connections the local proxy can make to the upstream - service. + description: |- + MaxConnections is the maximum number of connections the local proxy can + make to the upstream service. type: integer maxPendingRequests: - description: MaxPendingRequests is the maximum number - of requests that will be queued waiting for an available - connection. This is mostly applicable to HTTP/1.1 - clusters since all HTTP/2 requests are streamed over - a single connection. + description: |- + MaxPendingRequests is the maximum number of requests that will be queued + waiting for an available connection. This is mostly applicable to HTTP/1.1 + clusters since all HTTP/2 requests are streamed over a single + connection. type: integer type: object meshGateway: @@ -447,8 +463,9 @@ spec: are configured and used. properties: mode: - description: Mode is the mode that should be used for - the upstream connection. One of none, local, or remote. + description: |- + Mode is the mode that should be used for the upstream connection. + One of none, local, or remote. type: string type: object name: @@ -464,43 +481,40 @@ spec: config entry. type: string passiveHealthCheck: - description: PassiveHealthCheck configuration determines - how upstream proxy instances will be monitored for removal - from the load balancing pool. + description: |- + PassiveHealthCheck configuration determines how upstream proxy instances will + be monitored for removal from the load balancing pool. properties: baseEjectionTime: - description: The base time that a host is ejected for. - The real time is equal to the base time multiplied - by the number of times the host has been ejected and - is capped by max_ejection_time (Default 300s). Defaults - to 30s. + description: |- + The base time that a host is ejected for. The real time is equal to the base time + multiplied by the number of times the host has been ejected and is capped by + max_ejection_time (Default 300s). Defaults to 30s. type: string enforcingConsecutive5xx: - description: EnforcingConsecutive5xx is the % chance - that a host will be actually ejected when an outlier - status is detected through consecutive 5xx. This setting - can be used to disable ejection or to ramp it up slowly. - Ex. Setting this to 10 will make it a 10% chance that - the host will be ejected. + description: |- + EnforcingConsecutive5xx is the % chance that a host will be actually ejected + when an outlier status is detected through consecutive 5xx. + This setting can be used to disable ejection or to ramp it up slowly. + Ex. Setting this to 10 will make it a 10% chance that the host will be ejected. format: int32 type: integer interval: - description: Interval between health check analysis - sweeps. Each sweep may remove hosts or return hosts - to the pool. Ex. setting this to "10s" will set the - interval to 10 seconds. + description: |- + Interval between health check analysis sweeps. Each sweep may remove + hosts or return hosts to the pool. Ex. setting this to "10s" will set + the interval to 10 seconds. type: string maxEjectionPercent: - description: The maximum % of an upstream cluster that - can be ejected due to outlier detection. Defaults - to 10% but will eject at least one host regardless - of the value. + description: |- + The maximum % of an upstream cluster that can be ejected due to outlier detection. + Defaults to 10% but will eject at least one host regardless of the value. format: int32 type: integer maxFailures: - description: MaxFailures is the count of consecutive - failures that results in a host being removed from - the pool. + description: |- + MaxFailures is the count of consecutive failures that results in a host + being removed from the pool. format: int32 type: integer type: object @@ -509,10 +523,10 @@ spec: config entry. type: string protocol: - description: Protocol describes the upstream's service protocol. - Valid values are "tcp", "http" and "grpc". Anything else - is treated as tcp. This enables protocol aware features - like per-request metrics and connection pooling, tracing, + description: |- + Protocol describes the upstream's service protocol. Valid values are "tcp", + "http" and "grpc". Anything else is treated as tcp. This enables protocol + aware features like per-request metrics and connection pooling, tracing, routing etc. type: string type: object @@ -525,8 +539,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-serviceintentions.yaml b/charts/consul/templates/crd-serviceintentions.yaml index 75299f016e..72159ec187 100644 --- a/charts/consul/templates/crd-serviceintentions.yaml +++ b/charts/consul/templates/crd-serviceintentions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -41,14 +41,19 @@ spec: description: ServiceIntentions is the Schema for the serviceintentions API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -60,16 +65,16 @@ spec: the authorization granted to. properties: name: - description: Name is the destination of all intentions defined - in this config entry. This may be set to the wildcard character - (*) to match all services that don't otherwise have intentions - defined. + description: |- + Name is the destination of all intentions defined in this config entry. + This may be set to the wildcard character (*) to match + all services that don't otherwise have intentions defined. type: string namespace: - description: Namespace specifies the namespace the config entry - will apply to. This may be set to the wildcard character (*) - to match all services in all namespaces that don't otherwise - have intentions defined. + description: |- + Namespace specifies the namespace the config entry will apply to. + This may be set to the wildcard character (*) to match all services + in all namespaces that don't otherwise have intentions defined. type: string type: object jwt: @@ -82,9 +87,9 @@ spec: items: properties: name: - description: Name is the name of the JWT provider. There - MUST be a corresponding "jwt-provider" config entry with - this name. + description: |- + Name is the name of the JWT provider. There MUST be a corresponding + "jwt-provider" config entry with this name. type: string verifyClaims: description: VerifyClaims is a list of additional claims @@ -98,11 +103,10 @@ spec: type: string type: array value: - description: Value is the expected value at the given - path. If the type at the path is a list then we - verify that this value is contained in the list. - If the type at the path is a string then we verify - that this value matches. + description: |- + Value is the expected value at the given path. If the type at the path + is a list then we verify that this value is contained in the list. If + the type at the path is a string then we verify that this value matches. type: string type: object type: array @@ -110,25 +114,25 @@ spec: type: array type: object sources: - description: Sources is the list of all intention sources and the - authorization granted to those sources. The order of this list does - not matter, but out of convenience Consul will always store this - reverse sorted by intention precedence, as that is the order that - they will be evaluated at enforcement time. + description: |- + Sources is the list of all intention sources and the authorization granted to those sources. + The order of this list does not matter, but out of convenience Consul will always store this + reverse sorted by intention precedence, as that is the order that they will be evaluated at enforcement time. items: properties: action: - description: Action is required for an L4 intention, and should - be set to one of "allow" or "deny" for the action that should - be taken if this intention matches a request. + description: |- + Action is required for an L4 intention, and should be set to one of + "allow" or "deny" for the action that should be taken if this intention matches a request. type: string description: description: Description for the intention. This is not used by Consul, but is presented in API responses to assist tooling. type: string name: - description: Name is the source of the intention. This is the - name of a Consul service. The service doesn't need to be registered. + description: |- + Name is the source of the intention. This is the name of a + Consul service. The service doesn't need to be registered. type: string namespace: description: Namespace is the namespace for the Name parameter. @@ -140,31 +144,28 @@ spec: description: Peer is the peer name for the Name parameter. type: string permissions: - description: Permissions is the list of all additional L7 attributes - that extend the intention match criteria. Permission precedence - is applied top to bottom. For any given request the first - permission to match in the list is terminal and stops further - evaluation. As with L4 intentions, traffic that fails to match - any of the provided permissions in this intention will be - subject to the default intention behavior is defined by the - default ACL policy. This should be omitted for an L4 intention + description: |- + Permissions is the list of all additional L7 attributes that extend the intention match criteria. + Permission precedence is applied top to bottom. For any given request the first permission to match + in the list is terminal and stops further evaluation. As with L4 intentions, traffic that fails to + match any of the provided permissions in this intention will be subject to the default intention + behavior is defined by the default ACL policy. This should be omitted for an L4 intention as it is mutually exclusive with the Action field. items: properties: action: - description: Action is one of "allow" or "deny" for the - action that should be taken if this permission matches - a request. + description: |- + Action is one of "allow" or "deny" for the action that + should be taken if this permission matches a request. type: string http: description: HTTP is a set of HTTP-specific authorization criteria. properties: header: - description: Header is a set of criteria that can - match on HTTP request headers. If more than one - is configured all must match for the overall match - to apply. + description: |- + Header is a set of criteria that can match on HTTP request headers. + If more than one is configured all must match for the overall match to apply. items: properties: exact: @@ -198,10 +199,9 @@ spec: type: object type: array methods: - description: Methods is a list of HTTP methods for - which this match applies. If unspecified all HTTP - methods are matched. If provided the names must - be a valid method. + description: |- + Methods is a list of HTTP methods for which this match applies. If unspecified + all HTTP methods are matched. If provided the names must be a valid method. items: type: string type: array @@ -228,9 +228,9 @@ spec: items: properties: name: - description: Name is the name of the JWT provider. - There MUST be a corresponding "jwt-provider" - config entry with this name. + description: |- + Name is the name of the JWT provider. There MUST be a corresponding + "jwt-provider" config entry with this name. type: string verifyClaims: description: VerifyClaims is a list of additional @@ -244,12 +244,10 @@ spec: type: string type: array value: - description: Value is the expected value - at the given path. If the type at the - path is a list then we verify that this - value is contained in the list. If the - type at the path is a string then we - verify that this value matches. + description: |- + Value is the expected value at the given path. If the type at the path + is a list then we verify that this value is contained in the list. If + the type at the path is a string then we verify that this value matches. type: string type: object type: array @@ -271,8 +269,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-serviceresolvers.yaml b/charts/consul/templates/crd-serviceresolvers.yaml index 6d89125216..9367d6db2c 100644 --- a/charts/consul/templates/crd-serviceresolvers.yaml +++ b/charts/consul/templates/crd-serviceresolvers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -41,14 +41,19 @@ spec: description: ServiceResolver is the Schema for the serviceresolvers API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -56,12 +61,14 @@ spec: description: ServiceResolverSpec defines the desired state of ServiceResolver. properties: connectTimeout: - description: ConnectTimeout is the timeout for establishing new network - connections to this service. + description: |- + ConnectTimeout is the timeout for establishing new network connections + to this service. type: string defaultSubset: - description: DefaultSubset is the subset to use when no explicit subset - is requested. If empty the unnamed subset is used. + description: |- + DefaultSubset is the subset to use when no explicit subset is requested. + If empty the unnamed subset is used. type: string failover: additionalProperties: @@ -73,22 +80,22 @@ spec: type: string type: array namespace: - description: Namespace is the namespace to resolve the requested - service from to form the failover group of instances. If empty - the current namespace is used. + description: |- + Namespace is the namespace to resolve the requested service from to form + the failover group of instances. If empty the current namespace is used. type: string policy: description: Policy specifies the exact mechanism used for failover. properties: mode: - description: Mode specifies the type of failover that will - be performed. Valid values are "sequential", "" (equivalent - to "sequential") and "order-by-locality". + description: |- + Mode specifies the type of failover that will be performed. Valid values are + "sequential", "" (equivalent to "sequential") and "order-by-locality". type: string regions: - description: Regions is the ordered list of the regions - of the failover targets. Valid values can be "us-west-1", - "us-west-2", and so on. + description: |- + Regions is the ordered list of the regions of the failover targets. + Valid values can be "us-west-1", "us-west-2", and so on. items: type: string type: array @@ -98,13 +105,15 @@ spec: to try during failover. type: string service: - description: Service is the service to resolve instead of the - default as the failover group of instances during failover. + description: |- + Service is the service to resolve instead of the default as the failover + group of instances during failover. type: string serviceSubset: - description: ServiceSubset is the named subset of the requested - service to resolve as the failover group of instances. If - empty the default subset for the requested service is used. + description: |- + ServiceSubset is the named subset of the requested service to resolve as + the failover group of instances. If empty the default subset for the + requested service is used. type: string targets: description: Targets specifies a fixed list of failover targets @@ -138,21 +147,25 @@ spec: type: object type: array type: object - description: Failover controls when and how to reroute traffic to - an alternate pool of service instances. The map is keyed by the - service subset it applies to and the special string "*" is a wildcard - that applies to any subset not otherwise specified here. + description: |- + Failover controls when and how to reroute traffic to an alternate pool of + service instances. + The map is keyed by the service subset it applies to and the special + string "*" is a wildcard that applies to any subset not otherwise + specified here. type: object loadBalancer: - description: LoadBalancer determines the load balancing policy and - configuration for services issuing requests to this upstream service. + description: |- + LoadBalancer determines the load balancing policy and configuration for services + issuing requests to this upstream service. properties: hashPolicies: - description: HashPolicies is a list of hash policies to use for - hashing load balancing algorithms. Hash policies are evaluated - individually and combined such that identical lists result in - the same hash. If no hash policies are present, or none are - successfully evaluated, then a random backend host will be selected. + description: |- + HashPolicies is a list of hash policies to use for hashing load balancing algorithms. + Hash policies are evaluated individually and combined such that identical lists + result in the same hash. + If no hash policies are present, or none are successfully evaluated, + then a random backend host will be selected. items: properties: cookieConfig: @@ -172,26 +185,27 @@ spec: type: string type: object field: - description: Field is the attribute type to hash on. Must - be one of "header", "cookie", or "query_parameter". Cannot - be specified along with sourceIP. + description: |- + Field is the attribute type to hash on. + Must be one of "header", "cookie", or "query_parameter". + Cannot be specified along with sourceIP. type: string fieldValue: - description: FieldValue is the value to hash. ie. header - name, cookie name, URL query parameter name Cannot be - specified along with sourceIP. + description: |- + FieldValue is the value to hash. + ie. header name, cookie name, URL query parameter name + Cannot be specified along with sourceIP. type: string sourceIP: - description: SourceIP determines whether the hash should - be of the source IP rather than of a field and field value. + description: |- + SourceIP determines whether the hash should be of the source IP rather than of a field and field value. Cannot be specified along with field or fieldValue. type: boolean terminal: - description: Terminal will short circuit the computation - of the hash when multiple hash policies are present. If - a hash is computed when a Terminal policy is evaluated, - then that hash will be used and subsequent hash policies - will be ignored. + description: |- + Terminal will short circuit the computation of the hash when multiple hash policies are present. + If a hash is computed when a Terminal policy is evaluated, + then that hash will be used and subsequent hash policies will be ignored. type: boolean type: object type: array @@ -226,39 +240,44 @@ spec: type: object type: object prioritizeByLocality: - description: PrioritizeByLocality controls whether the locality of - services within the local partition will be used to prioritize connectivity. + description: |- + PrioritizeByLocality controls whether the locality of services within the + local partition will be used to prioritize connectivity. properties: mode: - description: 'Mode specifies the type of prioritization that will - be performed when selecting nodes in the local partition. Valid - values are: "" (default "none"), "none", and "failover".' + description: |- + Mode specifies the type of prioritization that will be performed + when selecting nodes in the local partition. + Valid values are: "" (default "none"), "none", and "failover". type: string type: object redirect: - description: Redirect when configured, all attempts to resolve the - service this resolver defines will be substituted for the supplied - redirect EXCEPT when the redirect has already been applied. When - substituting the supplied redirect, all other fields besides Kind, - Name, and Redirect will be ignored. + description: |- + Redirect when configured, all attempts to resolve the service this + resolver defines will be substituted for the supplied redirect + EXCEPT when the redirect has already been applied. + When substituting the supplied redirect, all other fields besides + Kind, Name, and Redirect will be ignored. properties: datacenter: - description: Datacenter is the datacenter to resolve the service - from instead of the current one. + description: |- + Datacenter is the datacenter to resolve the service from instead of the + current one. type: string namespace: - description: Namespace is the Consul namespace to resolve the - service from instead of the current namespace. If empty the - current namespace is assumed. + description: |- + Namespace is the Consul namespace to resolve the service from instead of + the current namespace. If empty the current namespace is assumed. type: string partition: - description: Partition is the Consul partition to resolve the - service from instead of the current partition. If empty the - current partition is assumed. + description: |- + Partition is the Consul partition to resolve the service from instead of + the current partition. If empty the current partition is assumed. type: string peer: - description: Peer is the name of the cluster peer to resolve the - service from instead of the current one. + description: |- + Peer is the name of the cluster peer to resolve the service from instead + of the current one. type: string samenessGroup: description: SamenessGroup is the name of the sameness group to @@ -269,37 +288,41 @@ spec: service. type: string serviceSubset: - description: ServiceSubset is a named subset of the given service - to resolve instead of one defined as that service's DefaultSubset - If empty the default subset is used. + description: |- + ServiceSubset is a named subset of the given service to resolve instead + of one defined as that service's DefaultSubset If empty the default + subset is used. type: string type: object requestTimeout: - description: RequestTimeout is the timeout for receiving an HTTP response - from this service before the connection is terminated. + description: |- + RequestTimeout is the timeout for receiving an HTTP response from this + service before the connection is terminated. type: string subsets: additionalProperties: properties: filter: - description: Filter is the filter expression to be used for - selecting instances of the requested service. If empty all - healthy instances are returned. This expression can filter - on the same selectors as the Health API endpoint. + description: |- + Filter is the filter expression to be used for selecting instances of the + requested service. If empty all healthy instances are returned. This + expression can filter on the same selectors as the Health API endpoint. type: string onlyPassing: - description: OnlyPassing specifies the behavior of the resolver's - health check interpretation. If this is set to false, instances - with checks in the passing as well as the warning states will - be considered healthy. If this is set to true, only instances - with checks in the passing state will be considered healthy. + description: |- + OnlyPassing specifies the behavior of the resolver's health check + interpretation. If this is set to false, instances with checks in the + passing as well as the warning states will be considered healthy. If this + is set to true, only instances with checks in the passing state will be + considered healthy. type: boolean type: object - description: Subsets is map of subset name to subset definition for - all usable named subsets of this service. The map key is the name - of the subset and all names must be valid DNS subdomain elements. - This may be empty, in which case only the unnamed default subset - will be usable. + description: |- + Subsets is map of subset name to subset definition for all usable named + subsets of this service. The map key is the name of the subset and all + names must be valid DNS subdomain elements. + This may be empty, in which case only the unnamed default subset will + be usable. type: object type: object status: @@ -308,8 +331,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-servicerouters.yaml b/charts/consul/templates/crd-servicerouters.yaml index dca5aa7fc3..4d62149682 100644 --- a/charts/consul/templates/crd-servicerouters.yaml +++ b/charts/consul/templates/crd-servicerouters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -41,14 +41,19 @@ spec: description: ServiceRouter is the Schema for the servicerouters API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -56,10 +61,11 @@ spec: description: ServiceRouterSpec defines the desired state of ServiceRouter. properties: routes: - description: Routes are the list of routes to consider when processing - L7 requests. The first route to match in the list is terminal and - stops further evaluation. Traffic that fails to match any of the - provided routes will be routed to the default service. + description: |- + Routes are the list of routes to consider when processing L7 requests. + The first route to match in the list is terminal and stops further + evaluation. Traffic that fails to match any of the provided routes will + be routed to the default service. items: properties: destination: @@ -67,13 +73,14 @@ spec: request(s) to a service. properties: idleTimeout: - description: IdleTimeout is total amount of time permitted + description: |- + IdleTimeout is total amount of time permitted for the request stream to be idle. type: string namespace: - description: Namespace is the Consul namespace to resolve - the service from instead of the current namespace. If - empty the current namespace is assumed. + description: |- + Namespace is the Consul namespace to resolve the service from instead of + the current namespace. If empty the current namespace is assumed. type: string numRetries: description: NumRetries is the number of times to retry @@ -81,13 +88,14 @@ spec: format: int32 type: integer partition: - description: Partition is the Consul partition to resolve - the service from instead of the current partition. If - empty the current partition is assumed. + description: |- + Partition is the Consul partition to resolve the service from instead of + the current partition. If empty the current partition is assumed. type: string prefixRewrite: - description: PrefixRewrite defines how to rewrite the HTTP - request path before proxying it to its final destination. + description: |- + PrefixRewrite defines how to rewrite the HTTP request path before proxying + it to its final destination. This requires that either match.http.pathPrefix or match.http.pathExact be configured on this route. type: string @@ -97,61 +105,63 @@ spec: add: additionalProperties: type: string - description: Add is a set of name -> value pairs that - should be appended to the request or response (i.e. - allowing duplicates if the same header already exists). + description: |- + Add is a set of name -> value pairs that should be appended to the request + or response (i.e. allowing duplicates if the same header already exists). type: object remove: - description: Remove is the set of header names that - should be stripped from the request or response. + description: |- + Remove is the set of header names that should be stripped from the request + or response. items: type: string type: array set: additionalProperties: type: string - description: Set is a set of name -> value pairs that - should be added to the request or response, overwriting - any existing header values of the same name. + description: |- + Set is a set of name -> value pairs that should be added to the request or + response, overwriting any existing header values of the same name. type: object type: object requestTimeout: - description: RequestTimeout is the total amount of time - permitted for the entire downstream request (and retries) - to be processed. + description: |- + RequestTimeout is the total amount of time permitted for the entire + downstream request (and retries) to be processed. type: string responseHeaders: - description: HTTPHeaderModifiers is a set of rules for HTTP - header modification that should be performed by proxies - as the request passes through them. It can operate on - either request or response headers depending on the context - in which it is used. + description: |- + HTTPHeaderModifiers is a set of rules for HTTP header modification that + should be performed by proxies as the request passes through them. It can + operate on either request or response headers depending on the context in + which it is used. properties: add: additionalProperties: type: string - description: Add is a set of name -> value pairs that - should be appended to the request or response (i.e. - allowing duplicates if the same header already exists). + description: |- + Add is a set of name -> value pairs that should be appended to the request + or response (i.e. allowing duplicates if the same header already exists). type: object remove: - description: Remove is the set of header names that - should be stripped from the request or response. + description: |- + Remove is the set of header names that should be stripped from the request + or response. items: type: string type: array set: additionalProperties: type: string - description: Set is a set of name -> value pairs that - should be added to the request or response, overwriting - any existing header values of the same name. + description: |- + Set is a set of name -> value pairs that should be added to the request or + response, overwriting any existing header values of the same name. type: object type: object retryOn: - description: RetryOn is a flat list of conditions for Consul - to retry requests based on the response from an upstream - service. + description: |- + RetryOn is a flat list of conditions for Consul to retry requests based on the response from an upstream service. + Refer to the valid conditions here: https://developer.hashicorp.com/consul/docs/connect/config-entries/service-router#routes-destination-retryon items: type: string type: array @@ -167,20 +177,21 @@ spec: type: integer type: array service: - description: Service is the service to resolve instead of - the default service. If empty then the default service - name is used. + description: |- + Service is the service to resolve instead of the default service. + If empty then the default service name is used. type: string serviceSubset: - description: ServiceSubset is a named subset of the given - service to resolve instead of the one defined as that - service's DefaultSubset. If empty, the default subset - is used. + description: |- + ServiceSubset is a named subset of the given service to resolve instead + of the one defined as that service's DefaultSubset. + If empty, the default subset is used. type: string type: object match: - description: Match is a set of criteria that can match incoming - L7 requests. If empty or omitted it acts as a catch-all. + description: |- + Match is a set of criteria that can match incoming L7 requests. + If empty or omitted it acts as a catch-all. properties: http: description: HTTP is a set of http-specific match criteria. @@ -190,9 +201,9 @@ spec: PathPrefix matches to ignore upper/lower casing. type: boolean header: - description: Header is a set of criteria that can match - on HTTP request headers. If more than one is configured - all must match for the overall match to apply. + description: |- + Header is a set of criteria that can match on HTTP request headers. + If more than one is configured all must match for the overall match to apply. items: properties: exact: @@ -227,9 +238,9 @@ spec: type: object type: array methods: - description: Methods is a list of HTTP methods for which - this match applies. If unspecified all http methods - are matched. + description: |- + Methods is a list of HTTP methods for which this match applies. + If unspecified all http methods are matched. items: type: string type: array @@ -246,10 +257,9 @@ spec: on the HTTP request path. type: string queryParam: - description: QueryParam is a set of criteria that can - match on HTTP query parameters. If more than one is - configured all must match for the overall match to - apply. + description: |- + QueryParam is a set of criteria that can match on HTTP query parameters. + If more than one is configured all must match for the overall match to apply. items: properties: exact: @@ -261,8 +271,9 @@ spec: to match on. type: string present: - description: Present will match if the query parameter - with the given name is present with any value. + description: |- + Present will match if the query parameter with the given name is present + with any value. type: boolean regex: description: Regex will match if the query parameter @@ -283,8 +294,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-servicesplitters.yaml b/charts/consul/templates/crd-servicesplitters.yaml index 8d5ed58023..704ad5df98 100644 --- a/charts/consul/templates/crd-servicesplitters.yaml +++ b/charts/consul/templates/crd-servicesplitters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -41,14 +41,19 @@ spec: description: ServiceSplitter is the Schema for the servicesplitters API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -56,20 +61,20 @@ spec: description: ServiceSplitterSpec defines the desired state of ServiceSplitter. properties: splits: - description: Splits defines how much traffic to send to which set - of service instances during a traffic split. The sum of weights - across all splits must add up to 100. + description: |- + Splits defines how much traffic to send to which set of service instances during a traffic split. + The sum of weights across all splits must add up to 100. items: properties: namespace: - description: Namespace is the Consul namespace to resolve the - service from instead of the current namespace. If empty the - current namespace is assumed. + description: |- + Namespace is the Consul namespace to resolve the service from instead of + the current namespace. If empty the current namespace is assumed. type: string partition: - description: Partition is the Consul partition to resolve the - service from instead of the current partition. If empty the - current partition is assumed. + description: |- + Partition is the Consul partition to resolve the service from instead of + the current partition. If empty the current partition is assumed. type: string requestHeaders: description: Allow HTTP header manipulation to be configured. @@ -77,50 +82,52 @@ spec: add: additionalProperties: type: string - description: Add is a set of name -> value pairs that should - be appended to the request or response (i.e. allowing - duplicates if the same header already exists). + description: |- + Add is a set of name -> value pairs that should be appended to the request + or response (i.e. allowing duplicates if the same header already exists). type: object remove: - description: Remove is the set of header names that should - be stripped from the request or response. + description: |- + Remove is the set of header names that should be stripped from the request + or response. items: type: string type: array set: additionalProperties: type: string - description: Set is a set of name -> value pairs that should - be added to the request or response, overwriting any existing - header values of the same name. + description: |- + Set is a set of name -> value pairs that should be added to the request or + response, overwriting any existing header values of the same name. type: object type: object responseHeaders: - description: HTTPHeaderModifiers is a set of rules for HTTP - header modification that should be performed by proxies as - the request passes through them. It can operate on either - request or response headers depending on the context in which - it is used. + description: |- + HTTPHeaderModifiers is a set of rules for HTTP header modification that + should be performed by proxies as the request passes through them. It can + operate on either request or response headers depending on the context in + which it is used. properties: add: additionalProperties: type: string - description: Add is a set of name -> value pairs that should - be appended to the request or response (i.e. allowing - duplicates if the same header already exists). + description: |- + Add is a set of name -> value pairs that should be appended to the request + or response (i.e. allowing duplicates if the same header already exists). type: object remove: - description: Remove is the set of header names that should - be stripped from the request or response. + description: |- + Remove is the set of header names that should be stripped from the request + or response. items: type: string type: array set: additionalProperties: type: string - description: Set is a set of name -> value pairs that should - be added to the request or response, overwriting any existing - header values of the same name. + description: |- + Set is a set of name -> value pairs that should be added to the request or + response, overwriting any existing header values of the same name. type: object type: object service: @@ -128,13 +135,13 @@ spec: default. type: string serviceSubset: - description: ServiceSubset is a named subset of the given service - to resolve instead of one defined as that service's DefaultSubset. - If empty the default subset is used. + description: |- + ServiceSubset is a named subset of the given service to resolve instead of one defined + as that service's DefaultSubset. If empty the default subset is used. type: string weight: - description: Weight is a value between 0 and 100 reflecting - what portion of traffic should be directed to this split. + description: |- + Weight is a value between 0 and 100 reflecting what portion of traffic should be directed to this split. The smallest representable weight is 1/10000 or .01%. type: number type: object @@ -146,8 +153,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-tcproutes.yaml b/charts/consul/templates/crd-tcproutes.yaml index ae9d2cd080..72afbcfc85 100644 --- a/charts/consul/templates/crd-tcproutes.yaml +++ b/charts/consul/templates/crd-tcproutes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -41,38 +41,54 @@ spec: description: TCPRoute is the Schema for the TCP Route API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "NOTE: this should align to the GAMMA/gateway-api version, - or at least be easily translatable. \n https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.TCPRoute - \n This is a Resource type." + description: |- + NOTE: this should align to the GAMMA/gateway-api version, or at least be + easily translatable. + + + https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.TCPRoute + + + This is a Resource type. properties: parentRefs: - description: "ParentRefs references the resources (usually Services) - that a Route wants to be attached to. \n It is invalid to reference - an identical parent more than once. It is valid to reference multiple - distinct sections within the same parent resource." + description: |- + ParentRefs references the resources (usually Services) that a Route wants + to be attached to. + + + It is invalid to reference an identical parent more than once. It is valid + to reference multiple distinct sections within the same parent resource. items: description: 'NOTE: roughly equivalent to structs.ResourceReference' properties: port: - description: For east/west this is the name of the Consul Service - port to direct traffic to or empty to imply all. For north/south - this is TBD. + description: |- + For east/west this is the name of the Consul Service port to direct traffic to + or empty to imply all. + For north/south this is TBD. type: string ref: - description: For east/west configuration, this should point - to a Service. For north/south it should point to a Gateway. + description: |- + For east/west configuration, this should point to a Service. + For north/south it should point to a Gateway. properties: name: description: Name is the user-given name of the resource @@ -83,43 +99,50 @@ spec: the condition relates to. type: string tenancy: - description: Tenancy identifies the tenancy units (i.e. - partition, namespace) in which the resource resides. + description: |- + Tenancy identifies the tenancy units (i.e. partition, namespace) in which + the resource resides. properties: namespace: - description: "Namespace further isolates resources within - a partition. https://developer.hashicorp.com/consul/docs/enterprise/namespaces - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all namespaces." + description: |- + Namespace further isolates resources within a partition. + https://developer.hashicorp.com/consul/docs/enterprise/namespaces + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all namespaces. type: string partition: - description: "Partition is the topmost administrative - boundary within a cluster. https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all partitions." + description: |- + Partition is the topmost administrative boundary within a cluster. + https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all partitions. type: string peerName: - description: "PeerName identifies which peer the resource - is imported from. https://developer.hashicorp.com/consul/docs/connect/cluster-peering - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all peers." + description: |- + PeerName identifies which peer the resource is imported from. + https://developer.hashicorp.com/consul/docs/connect/cluster-peering + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all peers. type: string type: object type: description: Type identifies the resource's type. properties: group: - description: Group describes the area of functionality - to which this resource type relates (e.g. "catalog", - "authorization"). + description: |- + Group describes the area of functionality to which this resource type + relates (e.g. "catalog", "authorization"). type: string groupVersion: - description: GroupVersion is incremented when sweeping - or backward-incompatible changes are made to the group's - resource types. + description: |- + GroupVersion is incremented when sweeping or backward-incompatible changes + are made to the group's resource types. type: string kind: description: Kind identifies the specific resource type @@ -134,13 +157,13 @@ spec: items: properties: backendRefs: - description: BackendRefs defines the backend(s) where matching - requests should be sent. If unspecified or invalid (refers - to a non-existent resource or a Service with no endpoints), - the underlying implementation MUST actively reject connection - attempts to this backend. Connection rejections must respect - weight; if an invalid backend is requested to have 80% of - connections, then 80% of connections must be rejected instead. + description: |- + BackendRefs defines the backend(s) where matching requests should be sent. + If unspecified or invalid (refers to a non-existent resource or a Service + with no endpoints), the underlying implementation MUST actively reject + connection attempts to this backend. Connection rejections must respect + weight; if an invalid backend is requested to have 80% of connections, + then 80% of connections must be rejected instead. items: properties: backendRef: @@ -148,10 +171,12 @@ spec: datacenter: type: string port: - description: "For east/west this is the name of the - Consul Service port to direct traffic to or empty - to imply using the same value as the parent ref. - \n For north/south this is TBD." + description: |- + For east/west this is the name of the Consul Service port to direct traffic to + or empty to imply using the same value as the parent ref. + + + For north/south this is TBD. type: string ref: description: For east/west configuration, this should @@ -166,43 +191,49 @@ spec: the resource the condition relates to. type: string tenancy: - description: Tenancy identifies the tenancy units - (i.e. partition, namespace) in which the resource - resides. + description: |- + Tenancy identifies the tenancy units (i.e. partition, namespace) in which + the resource resides. properties: namespace: - description: "Namespace further isolates resources - within a partition. https://developer.hashicorp.com/consul/docs/enterprise/namespaces - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all namespaces." + description: |- + Namespace further isolates resources within a partition. + https://developer.hashicorp.com/consul/docs/enterprise/namespaces + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all namespaces. type: string partition: - description: "Partition is the topmost administrative - boundary within a cluster. https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all partitions." + description: |- + Partition is the topmost administrative boundary within a cluster. + https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all partitions. type: string peerName: - description: "PeerName identifies which peer - the resource is imported from. https://developer.hashicorp.com/consul/docs/connect/cluster-peering - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all peers." + description: |- + PeerName identifies which peer the resource is imported from. + https://developer.hashicorp.com/consul/docs/connect/cluster-peering + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all peers. type: string type: object type: description: Type identifies the resource's type. properties: group: - description: Group describes the area of functionality - to which this resource type relates (e.g. - "catalog", "authorization"). + description: |- + Group describes the area of functionality to which this resource type + relates (e.g. "catalog", "authorization"). type: string groupVersion: - description: GroupVersion is incremented when - sweeping or backward-incompatible changes + description: |- + GroupVersion is incremented when sweeping or backward-incompatible changes are made to the group's resource types. type: string kind: @@ -213,18 +244,19 @@ spec: type: object type: object weight: - description: "Weight specifies the proportion of requests - forwarded to the referenced backend. This is computed - as weight/(sum of all weights in this BackendRefs list). - For non-zero values, there may be some epsilon from - the exact proportion defined here depending on the precision - an implementation supports. Weight is not a percentage - and the sum of weights does not need to equal 100. \n - If only one backend is specified and it has a weight - greater than 0, 100% of the traffic is forwarded to - that backend. If weight is set to 0, no traffic should - be forwarded for this entry. If unspecified, weight - defaults to 1." + description: |- + Weight specifies the proportion of requests forwarded to the referenced + backend. This is computed as weight/(sum of all weights in this + BackendRefs list). For non-zero values, there may be some epsilon from the + exact proportion defined here depending on the precision an implementation + supports. Weight is not a percentage and the sum of weights does not need + to equal 100. + + + If only one backend is specified and it has a weight greater than 0, 100% + of the traffic is forwarded to that backend. If weight is set to 0, no + traffic should be forwarded for this entry. If unspecified, weight defaults + to 1. format: int32 type: integer type: object @@ -238,8 +270,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-terminatinggateways.yaml b/charts/consul/templates/crd-terminatinggateways.yaml index 565aa63381..415215b077 100644 --- a/charts/consul/templates/crd-terminatinggateways.yaml +++ b/charts/consul/templates/crd-terminatinggateways.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -42,14 +42,19 @@ spec: API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -64,18 +69,19 @@ spec: gateway. properties: caFile: - description: CAFile is the optional path to a CA certificate - to use for TLS connections from the gateway to the linked - service. + description: |- + CAFile is the optional path to a CA certificate to use for TLS connections + from the gateway to the linked service. type: string certFile: - description: CertFile is the optional path to a client certificate - to use for TLS connections from the gateway to the linked - service. + description: |- + CertFile is the optional path to a client certificate to use for TLS connections + from the gateway to the linked service. type: string keyFile: - description: KeyFile is the optional path to a private key to - use for TLS connections from the gateway to the linked service. + description: |- + KeyFile is the optional path to a private key to use for TLS connections + from the gateway to the linked service. type: string name: description: Name is the name of the service, as defined in @@ -97,8 +103,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-tlsroutes-external.yaml b/charts/consul/templates/crd-tlsroutes-external.yaml index dfabd80713..1acd1b973a 100644 --- a/charts/consul/templates/crd-tlsroutes-external.yaml +++ b/charts/consul/templates/crd-tlsroutes-external.yaml @@ -1,21 +1,18 @@ {{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }} -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1538 + gateway.networking.k8s.io/bundle-version: v0.6.2 + gateway.networking.k8s.io/channel: experimental + creationTimestamp: null labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: crd - gateway.networking.k8s.io/bundle-version: v0.6.2 - gateway.networking.k8s.io/channel: experimental - creationTimestamp: null name: tlsroutes.gateway.networking.k8s.io spec: group: gateway.networking.k8s.io diff --git a/charts/consul/templates/crd-trafficpermissions.yaml b/charts/consul/templates/crd-trafficpermissions.yaml index 27ab6f5e3d..7c98673f3c 100644 --- a/charts/consul/templates/crd-trafficpermissions.yaml +++ b/charts/consul/templates/crd-trafficpermissions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -42,32 +42,40 @@ spec: API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: action: - description: "Action can be either allow or deny for the entire object. - It will default to allow. \n If action is allow, we will allow the - connection if one of the rules in Rules matches, in other words, - we will deny all requests except for the ones that match Rules. - If Consul is in default allow mode, then allow actions have no effect - without a deny permission as everything is allowed by default. \n - If action is deny, we will deny the connection if one of the rules - in Rules match, in other words, we will allow all requests except - for the ones that match Rules. If Consul is default deny mode, then - deny permissions have no effect without an allow permission as everything - is denied by default. \n Action unspecified is reserved for compatibility - with the addition of future actions." + description: |- + Action can be either allow or deny for the entire object. It will default to allow. + + + If action is allow, we will allow the connection if one of the rules in Rules matches, in other words, we will deny + all requests except for the ones that match Rules. If Consul is in default allow mode, then allow + actions have no effect without a deny permission as everything is allowed by default. + + + If action is deny, we will deny the connection if one of the rules in Rules match, in other words, + we will allow all requests except for the ones that match Rules. If Consul is default deny mode, + then deny permissions have no effect without an allow permission as everything is denied by default. + + + Action unspecified is reserved for compatibility with the addition of future actions. enum: - ACTION_ALLOW - ACTION_DENY @@ -75,7 +83,8 @@ spec: format: int32 type: string destination: - description: Destination is a configuration of the destination proxies + description: |- + Destination is a configuration of the destination proxies where these traffic permissions should apply. properties: identityName: @@ -88,9 +97,9 @@ spec: description: Permissions is a list of permissions to match on. properties: destinationRules: - description: DestinationRules is a list of rules to apply for - matching sources in this Permission. These rules are specific - to the request or connection that is going to the destination(s) + description: |- + DestinationRules is a list of rules to apply for matching sources in this Permission. + These rules are specific to the request or connection that is going to the destination(s) selected by the TrafficPermissions resource. items: description: DestinationRule contains rules rules to apply @@ -130,8 +139,8 @@ spec: pathRegex: type: string portNames: - description: PortNames is a list of workload ports - to apply this rule to. The ports specified here + description: |- + PortNames is a list of workload ports to apply this rule to. The ports specified here must be the ports used in the connection. items: type: string @@ -156,8 +165,9 @@ spec: type: string type: object methods: - description: Methods is the list of HTTP methods. If no - methods are specified, this rule will apply to all methods. + description: |- + Methods is the list of HTTP methods. If no methods are specified, + this rule will apply to all methods. items: type: string type: array @@ -176,17 +186,18 @@ spec: sources: description: Sources is a list of sources in this traffic permission. items: - description: Source represents the source identity. To specify - any of the wildcard sources, the specific fields need to - be omitted. For example, for a wildcard namespace, identity_name - should be omitted. + description: |- + Source represents the source identity. + To specify any of the wildcard sources, the specific fields need to be omitted. + For example, for a wildcard namespace, identity_name should be omitted. properties: exclude: description: Exclude is a list of sources to exclude from this source. items: - description: ExcludeSource is almost the same as source - but it prevents the addition of matching sources. + description: |- + ExcludeSource is almost the same as source but it prevents the addition of + matching sources. properties: identityName: type: string @@ -221,8 +232,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/charts/consul/templates/crd-udproutes-external.yaml b/charts/consul/templates/crd-udproutes-external.yaml index 935cce22fa..0661b24c1a 100644 --- a/charts/consul/templates/crd-udproutes-external.yaml +++ b/charts/consul/templates/crd-udproutes-external.yaml @@ -1,21 +1,18 @@ {{- if and .Values.connectInject.enabled .Values.connectInject.apiGateway.manageExternalCRDs }} -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1538 + gateway.networking.k8s.io/bundle-version: v0.6.2 + gateway.networking.k8s.io/channel: experimental + creationTimestamp: null labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: crd - gateway.networking.k8s.io/bundle-version: v0.6.2 - gateway.networking.k8s.io/channel: experimental - creationTimestamp: null name: udproutes.gateway.networking.k8s.io spec: group: gateway.networking.k8s.io diff --git a/cli/go.mod b/cli/go.mod index 32c2f36e0e..7e416033ba 100644 --- a/cli/go.mod +++ b/cli/go.mod @@ -13,7 +13,7 @@ require ( github.com/google/go-cmp v0.6.0 github.com/hashicorp/consul-k8s/charts v0.0.0-00010101000000-000000000000 github.com/hashicorp/consul-k8s/version v0.0.0 - github.com/hashicorp/consul/troubleshoot v0.3.0-rc1 + github.com/hashicorp/consul/troubleshoot v0.5.4 github.com/hashicorp/go-hclog v1.5.0 github.com/hashicorp/hcp-sdk-go v0.62.1-0.20230913154003-cf69c0370c54 github.com/kr/text v0.2.0 @@ -24,11 +24,11 @@ require ( github.com/stretchr/testify v1.8.4 golang.org/x/text v0.14.0 helm.sh/helm/v3 v3.14.4 - k8s.io/api v0.29.0 + k8s.io/api v0.29.8 k8s.io/apiextensions-apiserver v0.29.0 - k8s.io/apimachinery v0.29.0 - k8s.io/cli-runtime v0.29.0 - k8s.io/client-go v0.29.0 + k8s.io/apimachinery v0.29.8 + k8s.io/cli-runtime v0.29.8 + k8s.io/client-go v0.29.8 k8s.io/utils v0.0.0-20230726121419-3b25d923346b sigs.k8s.io/yaml v1.3.0 ) @@ -96,8 +96,8 @@ require ( github.com/gorilla/websocket v1.5.0 // indirect github.com/gosuri/uitable v0.0.4 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect - github.com/hashicorp/consul/api v1.22.0-rc1 // indirect - github.com/hashicorp/consul/envoyextensions v0.3.0-rc1 // indirect + github.com/hashicorp/consul/api v1.28.4 // indirect + github.com/hashicorp/consul/envoyextensions v0.5.4 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect @@ -166,7 +166,7 @@ require ( go.opentelemetry.io/proto/otlp v1.0.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect golang.org/x/crypto v0.22.0 // indirect - golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect + golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect golang.org/x/net v0.24.0 // indirect golang.org/x/oauth2 v0.10.0 // indirect golang.org/x/sync v0.6.0 // indirect diff --git a/cli/go.sum b/cli/go.sum index 2b9fc355d5..06e1e2c5c8 100644 --- a/cli/go.sum +++ b/cli/go.sum @@ -100,18 +100,12 @@ github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aB github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbTO1lpcGSkU= -github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v27.1.1+incompatible h1:goaZxOqs4QKxznZjjBWKONQci/MywhtRv2oNn0GkeZE= github.com/docker/cli v27.1.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v25.0.5+incompatible h1:UmQydMduGkrD5nQde1mecF/YnSbTOaPeFIeP5C4W+DE= -github.com/docker/docker v25.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v27.1.1+incompatible h1:hO/M4MtV36kzKldqnA37IWhebRA+LnqqcqDja6kVaKY= github.com/docker/docker v27.1.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= -github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -294,14 +288,16 @@ github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/hashicorp/consul/api v1.22.0-rc1 h1:ePmGqndeMgaI38KUbSA/CqTzeEAIogXyWnfNJzglo70= -github.com/hashicorp/consul/api v1.22.0-rc1/go.mod h1:wtduXtbAqSGtBdi3tyA5SSAYGAG51rBejV9SEUBciMY= -github.com/hashicorp/consul/envoyextensions v0.3.0-rc1 h1:weclrwjvLeX+vxPOyo4b4dCDxSpnDl60Z9K16nnCVnI= -github.com/hashicorp/consul/envoyextensions v0.3.0-rc1/go.mod h1:ckxoPHMiWXAe6dhyxmKsX1XqO4KTV64KWIyTu44z8UI= -github.com/hashicorp/consul/sdk v0.14.0-rc1 h1:PuETOfN0uxl28i0Pq6rK7TBCrIl7psMbL0YTSje4KvM= -github.com/hashicorp/consul/sdk v0.14.0-rc1/go.mod h1:gHYeuDa0+0qRAD6Wwr6yznMBvBwHKoxSBoW5l73+saE= -github.com/hashicorp/consul/troubleshoot v0.3.0-rc1 h1:Z6ZUEKILsf85wA/zXK3XMop6IGtjui4ZZ0bAu+JIAz4= -github.com/hashicorp/consul/troubleshoot v0.3.0-rc1/go.mod h1:2WfcYZ8M4vpLtTv9M5Dp3egqSPZ16l5XsqMpO9QUYxc= +github.com/hashicorp/consul/api v1.28.4 h1:l/d3utZ7ITzIjd8OXznuSTbBnWFHGP2VE8WdGNFrhjE= +github.com/hashicorp/consul/api v1.28.4/go.mod h1:GE+eY9pliiJiUXGchDpTaMVp27rSksHG+U+5jY+uJR4= +github.com/hashicorp/consul/envoyextensions v0.5.4 h1:pMPFgh+TmDQfN7Q73jU4YoiCqixa6J8fjXOXL117ImM= +github.com/hashicorp/consul/envoyextensions v0.5.4/go.mod h1:qecWzOPvLvHVzc1OaI/SVOSJCg0+0mLRd7H+umTjzII= +github.com/hashicorp/consul/proto-public v0.6.1 h1:+uzH3olCrksXYWAYHKqK782CtK9scfqH+Unlw3UHhCg= +github.com/hashicorp/consul/proto-public v0.6.1/go.mod h1:cXXbOg74KBNGajC+o8RlA502Esf0R9prcoJgiOX/2Tg= +github.com/hashicorp/consul/sdk v0.16.0 h1:SE9m0W6DEfgIVCJX7xU+iv/hUl4m/nxqMTnCdMxDpJ8= +github.com/hashicorp/consul/sdk v0.16.0/go.mod h1:7pxqqhqoaPqnBnzXD1StKed62LqJeClzVsUEy85Zr0A= +github.com/hashicorp/consul/troubleshoot v0.5.4 h1:xu3tj3zuMf5IUqVsKHEVxiPGrQR9s3Mc7eQHW1Kz1N4= +github.com/hashicorp/consul/troubleshoot v0.5.4/go.mod h1:SnQJj9N1zSsvlGh01EWGCxWkp67yUy3p5NpOmBBXBDA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -648,8 +644,8 @@ golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4 golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug= -golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 h1:m64FZMko/V45gv0bNmrNYoDEq8U5YUhetc9cBWKS1TQ= +golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63/go.mod h1:0v4NqG35kSWCMzLaMeX+IQrlSnVE/bqGSyC2cz/9Le8= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -762,8 +758,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.12.0 h1:YW6HUoUmYBpwSgyaGaZq1fHjrBjX1rlpZ54T6mu2kss= -golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= +golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= +golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -828,18 +824,18 @@ helm.sh/helm/v3 v3.14.4 h1:6FSpEfqyDalHq3kUr4gOMThhgY55kXUEjdQoyODYnrM= helm.sh/helm/v3 v3.14.4/go.mod h1:Tje7LL4gprZpuBNTbG34d1Xn5NmRT3OWfBRwpOSer9I= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A= -k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA= +k8s.io/api v0.29.8 h1:ZBKg9clWnIGtQ5yGhNwMw2zyyrsIAQaXhZACcYNflQE= +k8s.io/api v0.29.8/go.mod h1:XlGIpmpzKGrtVca7GlgNryZJ19SvQdI808NN7fy1SgQ= k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= -k8s.io/apimachinery v0.29.0 h1:+ACVktwyicPz0oc6MTMLwa2Pw3ouLAfAon1wPLtG48o= -k8s.io/apimachinery v0.29.0/go.mod h1:eVBxQ/cwiJxH58eK/jd/vAk4mrxmVlnpBH5J2GbMeis= +k8s.io/apimachinery v0.29.8 h1:uBHc9WuKiTHClIspJqtR84WNpG0aOGn45HWqxgXkk8Y= +k8s.io/apimachinery v0.29.8/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y= k8s.io/apiserver v0.29.0 h1:Y1xEMjJkP+BIi0GSEv1BBrf1jLU9UPfAnnGGbbDdp7o= k8s.io/apiserver v0.29.0/go.mod h1:31n78PsRKPmfpee7/l9NYEv67u6hOL6AfcE761HapDM= -k8s.io/cli-runtime v0.29.0 h1:q2kC3cex4rOBLfPOnMSzV2BIrrQlx97gxHJs21KxKS4= -k8s.io/cli-runtime v0.29.0/go.mod h1:VKudXp3X7wR45L+nER85YUzOQIru28HQpXr0mTdeCrk= -k8s.io/client-go v0.29.0 h1:KmlDtFcrdUzOYrBhXHgKw5ycWzc3ryPX5mQe0SkG3y8= -k8s.io/client-go v0.29.0/go.mod h1:yLkXH4HKMAywcrD82KMSmfYg2DlE8mepPR4JGSo5n38= +k8s.io/cli-runtime v0.29.8 h1:kVErAPf1v7MOwNO6rBYnf2i4kQ2668Y9pHGO5C1/wSo= +k8s.io/cli-runtime v0.29.8/go.mod h1:c00Fk85K05DtEknMAi1t7ao1MR4nmQ9YlvC+QluvNoY= +k8s.io/client-go v0.29.8 h1:QMRKcIzqE/qawknXcsi51GdIAYN8UP39S/M5KnFu/J0= +k8s.io/client-go v0.29.8/go.mod h1:ZzrAAVrqO2jVXMb8My/jTke8n0a/mIynnA3y/1y1UB0= k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s= k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M= k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= diff --git a/control-plane/api-gateway/binding/cleanup.go b/control-plane/api-gateway/binding/cleanup.go index 3f944718e8..b9bf7363c1 100644 --- a/control-plane/api-gateway/binding/cleanup.go +++ b/control-plane/api-gateway/binding/cleanup.go @@ -1,3 +1,6 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + package binding import ( diff --git a/control-plane/api-gateway/binding/cleanup_test.go b/control-plane/api-gateway/binding/cleanup_test.go index 379944ef38..e6d0d76a14 100644 --- a/control-plane/api-gateway/binding/cleanup_test.go +++ b/control-plane/api-gateway/binding/cleanup_test.go @@ -1,3 +1,6 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + package binding import ( diff --git a/control-plane/api-gateway/common/translation_test.go b/control-plane/api-gateway/common/translation_test.go index 4331e2b77a..e34ce7c410 100644 --- a/control-plane/api-gateway/common/translation_test.go +++ b/control-plane/api-gateway/common/translation_test.go @@ -15,7 +15,7 @@ import ( "testing" "time" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "github.com/google/go-cmp/cmp" @@ -1353,10 +1353,10 @@ func TestTranslator_ToHTTPRoute(t *testing.T) { Namespace: "k8s-ns", }, Spec: v1alpha1.RouteRetryFilterSpec{ - NumRetries: pointer.Uint32(3), + NumRetries: ptr.To(uint32(3)), RetryOn: []string{"cancelled"}, RetryOnStatusCodes: []uint32{500, 502}, - RetryOnConnectFailure: pointer.Bool(false), + RetryOnConnectFailure: ptr.To(false), }, }, @@ -1370,10 +1370,10 @@ func TestTranslator_ToHTTPRoute(t *testing.T) { Namespace: "other-namespace-even-though-same-name", }, Spec: v1alpha1.RouteRetryFilterSpec{ - NumRetries: pointer.Uint32(3), + NumRetries: ptr.To(uint32(3)), RetryOn: []string{"don't"}, RetryOnStatusCodes: []uint32{404}, - RetryOnConnectFailure: pointer.Bool(true), + RetryOnConnectFailure: ptr.To(true), }, }, diff --git a/control-plane/api-gateway/gatekeeper/dataplane.go b/control-plane/api-gateway/gatekeeper/dataplane.go index 090464e9c8..ef48629a7a 100644 --- a/control-plane/api-gateway/gatekeeper/dataplane.go +++ b/control-plane/api-gateway/gatekeeper/dataplane.go @@ -9,7 +9,7 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/hashicorp/consul-k8s/control-plane/api-gateway/common" "github.com/hashicorp/consul-k8s/control-plane/api/v1alpha1" @@ -108,7 +108,7 @@ func consulDataplaneContainer(config common.HelmConfig, gcc v1alpha1.GatewayClas // If running in vanilla K8s, run as root to allow binding to privileged ports; // otherwise, allow the user to be assigned by OpenShift. container.SecurityContext = &corev1.SecurityContext{ - ReadOnlyRootFilesystem: pointer.Bool(true), + ReadOnlyRootFilesystem: ptr.To(true), // Drop any Linux capabilities you'd get as root other than NET_BIND_SERVICE. Capabilities: &corev1.Capabilities{ Add: []corev1.Capability{netBindCapability}, @@ -116,7 +116,7 @@ func consulDataplaneContainer(config common.HelmConfig, gcc v1alpha1.GatewayClas }, } if !config.EnableOpenShift { - container.SecurityContext.RunAsUser = pointer.Int64(0) + container.SecurityContext.RunAsUser = ptr.To(int64(0)) } return container, nil diff --git a/control-plane/api-gateway/gatekeeper/init.go b/control-plane/api-gateway/gatekeeper/init.go index 1d57123fed..76c026c4a6 100644 --- a/control-plane/api-gateway/gatekeeper/init.go +++ b/control-plane/api-gateway/gatekeeper/init.go @@ -10,8 +10,7 @@ import ( "text/template" corev1 "k8s.io/api/core/v1" - - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/hashicorp/consul-k8s/control-plane/api-gateway/common" "github.com/hashicorp/consul-k8s/control-plane/namespaces" @@ -176,10 +175,10 @@ func initContainer(config common.HelmConfig, name, namespace string) (corev1.Con // Openshift Assigns the security context for us, do not enable if it is enabled. if !config.EnableOpenShift { container.SecurityContext = &corev1.SecurityContext{ - RunAsUser: pointer.Int64(initContainersUserAndGroupID), - RunAsGroup: pointer.Int64(initContainersUserAndGroupID), - RunAsNonRoot: pointer.Bool(true), - Privileged: pointer.Bool(false), + RunAsUser: ptr.To(int64(initContainersUserAndGroupID)), + RunAsGroup: ptr.To(int64(initContainersUserAndGroupID)), + RunAsNonRoot: ptr.To(true), + Privileged: ptr.To(false), Capabilities: &corev1.Capabilities{ Drop: []corev1.Capability{"ALL"}, }, diff --git a/control-plane/api/auth/v2beta1/zz_generated.deepcopy.go b/control-plane/api/auth/v2beta1/zz_generated.deepcopy.go index 3aa46646cb..a9d58051ba 100644 --- a/control-plane/api/auth/v2beta1/zz_generated.deepcopy.go +++ b/control-plane/api/auth/v2beta1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Code generated by controller-gen. DO NOT EDIT. diff --git a/control-plane/api/mesh/v2beta1/zz_generated.deepcopy.go b/control-plane/api/mesh/v2beta1/zz_generated.deepcopy.go index 2d7aadbee7..f54f21ddc9 100644 --- a/control-plane/api/mesh/v2beta1/zz_generated.deepcopy.go +++ b/control-plane/api/mesh/v2beta1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Code generated by controller-gen. DO NOT EDIT. diff --git a/control-plane/api/v1alpha1/ingressgateway_types_test.go b/control-plane/api/v1alpha1/ingressgateway_types_test.go index 9250d4b0c6..54cfa64190 100644 --- a/control-plane/api/v1alpha1/ingressgateway_types_test.go +++ b/control-plane/api/v1alpha1/ingressgateway_types_test.go @@ -12,7 +12,7 @@ import ( "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/hashicorp/consul-k8s/control-plane/api/common" ) @@ -77,8 +77,8 @@ func TestIngressGateway_MatchesConsul(t *testing.T) { Duration: 2 * time.Second, }, MaxFailures: uint32(20), - EnforcingConsecutive5xx: pointer.Uint32(100), - MaxEjectionPercent: pointer.Uint32(10), + EnforcingConsecutive5xx: ptr.To(uint32(100)), + MaxEjectionPercent: ptr.To(uint32(10)), BaseEjectionTime: &metav1.Duration{ Duration: 10 * time.Second, }, @@ -185,9 +185,9 @@ func TestIngressGateway_MatchesConsul(t *testing.T) { PassiveHealthCheck: &capi.PassiveHealthCheck{ Interval: 2 * time.Second, MaxFailures: uint32(20), - EnforcingConsecutive5xx: pointer.Uint32(100), - MaxEjectionPercent: pointer.Uint32(10), - BaseEjectionTime: pointer.Duration(10 * time.Second), + EnforcingConsecutive5xx: ptr.To(uint32(100)), + MaxEjectionPercent: ptr.To(uint32(10)), + BaseEjectionTime: ptr.To(10 * time.Second), }, }, Listeners: []capi.IngressListener{ @@ -356,8 +356,8 @@ func TestIngressGateway_ToConsul(t *testing.T) { Duration: 2 * time.Second, }, MaxFailures: uint32(20), - EnforcingConsecutive5xx: pointer.Uint32(100), - MaxEjectionPercent: pointer.Uint32(10), + EnforcingConsecutive5xx: ptr.To(uint32(100)), + MaxEjectionPercent: ptr.To(uint32(10)), BaseEjectionTime: &metav1.Duration{ Duration: 10 * time.Second, }, @@ -464,9 +464,9 @@ func TestIngressGateway_ToConsul(t *testing.T) { PassiveHealthCheck: &capi.PassiveHealthCheck{ Interval: 2 * time.Second, MaxFailures: uint32(20), - EnforcingConsecutive5xx: pointer.Uint32(100), - MaxEjectionPercent: pointer.Uint32(10), - BaseEjectionTime: pointer.Duration(10 * time.Second), + EnforcingConsecutive5xx: ptr.To(uint32(100)), + MaxEjectionPercent: ptr.To(uint32(10)), + BaseEjectionTime: ptr.To(10 * time.Second), }, }, Listeners: []capi.IngressListener{ diff --git a/control-plane/api/v1alpha1/mesh_types.go b/control-plane/api/v1alpha1/mesh_types.go index 162132a47a..4d8a14358b 100644 --- a/control-plane/api/v1alpha1/mesh_types.go +++ b/control-plane/api/v1alpha1/mesh_types.go @@ -60,6 +60,13 @@ type MeshSpec struct { HTTP *MeshHTTPConfig `json:"http,omitempty"` // Peering defines the peering configuration for the service mesh. Peering *PeeringMeshConfig `json:"peering,omitempty"` + // ValidateClusters controls whether the clusters the route table refers to are validated. The default value is + // false. When set to false and a route refers to a cluster that does not exist, the route table loads and routing + // to a non-existent cluster results in a 404. When set to true and the route is set to a cluster that do not exist, + // the route table will not load. For more information, refer to + // [HTTP route configuration in the Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route.proto#envoy-v3-api-field-config-route-v3-routeconfiguration-validate-clusters) + // for more details. + ValidateClusters bool `json:"validateClusters,omitempty"` } // TransparentProxyMeshConfig controls configuration specific to proxies in "transparent" mode. Added in v1.10.0. @@ -200,6 +207,7 @@ func (in *Mesh) ToConsul(datacenter string) capi.ConfigEntry { TLS: in.Spec.TLS.toConsul(), HTTP: in.Spec.HTTP.toConsul(), Peering: in.Spec.Peering.toConsul(), + ValidateClusters: in.Spec.ValidateClusters, Meta: meta(datacenter), } } diff --git a/control-plane/api/v1alpha1/mesh_types_test.go b/control-plane/api/v1alpha1/mesh_types_test.go index f2ea714f60..f5e7ede187 100644 --- a/control-plane/api/v1alpha1/mesh_types_test.go +++ b/control-plane/api/v1alpha1/mesh_types_test.go @@ -48,6 +48,7 @@ func TestMesh_MatchesConsul(t *testing.T) { TransparentProxy: TransparentProxyMeshConfig{ MeshDestinationsOnly: true, }, + ValidateClusters: true, AllowEnablingPermissiveMutualTLS: true, TLS: &MeshTLSConfig{ Incoming: &MeshDirectionalTLSConfig{ @@ -73,6 +74,7 @@ func TestMesh_MatchesConsul(t *testing.T) { TransparentProxy: capi.TransparentProxyMeshConfig{ MeshDestinationsOnly: true, }, + ValidateClusters: true, AllowEnablingPermissiveMutualTLS: true, TLS: &capi.MeshTLSConfig{ Incoming: &capi.MeshDirectionalTLSConfig{ @@ -150,6 +152,7 @@ func TestMesh_ToConsul(t *testing.T) { TransparentProxy: TransparentProxyMeshConfig{ MeshDestinationsOnly: true, }, + ValidateClusters: true, AllowEnablingPermissiveMutualTLS: true, TLS: &MeshTLSConfig{ Incoming: &MeshDirectionalTLSConfig{ @@ -175,6 +178,7 @@ func TestMesh_ToConsul(t *testing.T) { TransparentProxy: capi.TransparentProxyMeshConfig{ MeshDestinationsOnly: true, }, + ValidateClusters: true, AllowEnablingPermissiveMutualTLS: true, TLS: &capi.MeshTLSConfig{ Incoming: &capi.MeshDirectionalTLSConfig{ diff --git a/control-plane/api/v1alpha1/servicedefaults_types_test.go b/control-plane/api/v1alpha1/servicedefaults_types_test.go index 7cfe606385..0287999d1a 100644 --- a/control-plane/api/v1alpha1/servicedefaults_types_test.go +++ b/control-plane/api/v1alpha1/servicedefaults_types_test.go @@ -12,7 +12,7 @@ import ( "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/hashicorp/consul-k8s/control-plane/api/common" ) @@ -90,8 +90,8 @@ func TestServiceDefaults_ToConsul(t *testing.T) { Duration: 2 * time.Second, }, MaxFailures: uint32(20), - EnforcingConsecutive5xx: pointer.Uint32(100), - MaxEjectionPercent: pointer.Uint32(10), + EnforcingConsecutive5xx: ptr.To(uint32(100)), + MaxEjectionPercent: ptr.To(uint32(10)), BaseEjectionTime: &metav1.Duration{ Duration: 10 * time.Second, }, @@ -119,8 +119,8 @@ func TestServiceDefaults_ToConsul(t *testing.T) { Duration: 2 * time.Second, }, MaxFailures: uint32(10), - EnforcingConsecutive5xx: pointer.Uint32(60), - MaxEjectionPercent: pointer.Uint32(20), + EnforcingConsecutive5xx: ptr.To(uint32(60)), + MaxEjectionPercent: ptr.To(uint32(20)), BaseEjectionTime: &metav1.Duration{ Duration: 20 * time.Second, }, @@ -147,8 +147,8 @@ func TestServiceDefaults_ToConsul(t *testing.T) { Duration: 2 * time.Second, }, MaxFailures: uint32(10), - EnforcingConsecutive5xx: pointer.Uint32(60), - MaxEjectionPercent: pointer.Uint32(30), + EnforcingConsecutive5xx: ptr.To(uint32(60)), + MaxEjectionPercent: ptr.To(uint32(30)), BaseEjectionTime: &metav1.Duration{ Duration: 30 * time.Second, }, @@ -245,9 +245,9 @@ func TestServiceDefaults_ToConsul(t *testing.T) { PassiveHealthCheck: &capi.PassiveHealthCheck{ Interval: 2 * time.Second, MaxFailures: uint32(20), - EnforcingConsecutive5xx: pointer.Uint32(100), - MaxEjectionPercent: pointer.Uint32(10), - BaseEjectionTime: pointer.Duration(10 * time.Second), + EnforcingConsecutive5xx: ptr.To(uint32(100)), + MaxEjectionPercent: ptr.To(uint32(10)), + BaseEjectionTime: ptr.To(10 * time.Second), }, MeshGateway: capi.MeshGatewayConfig{ Mode: "local", @@ -270,9 +270,9 @@ func TestServiceDefaults_ToConsul(t *testing.T) { PassiveHealthCheck: &capi.PassiveHealthCheck{ Interval: 2 * time.Second, MaxFailures: uint32(10), - EnforcingConsecutive5xx: pointer.Uint32(60), - MaxEjectionPercent: pointer.Uint32(20), - BaseEjectionTime: pointer.Duration(20 * time.Second), + EnforcingConsecutive5xx: ptr.To(uint32(60)), + MaxEjectionPercent: ptr.To(uint32(20)), + BaseEjectionTime: ptr.To(20 * time.Second), }, MeshGateway: capi.MeshGatewayConfig{ Mode: "remote", @@ -294,9 +294,9 @@ func TestServiceDefaults_ToConsul(t *testing.T) { PassiveHealthCheck: &capi.PassiveHealthCheck{ Interval: 2 * time.Second, MaxFailures: uint32(10), - EnforcingConsecutive5xx: pointer.Uint32(60), - MaxEjectionPercent: pointer.Uint32(30), - BaseEjectionTime: pointer.Duration(30 * time.Second), + EnforcingConsecutive5xx: ptr.To(uint32(60)), + MaxEjectionPercent: ptr.To(uint32(30)), + BaseEjectionTime: ptr.To(30 * time.Second), }, MeshGateway: capi.MeshGatewayConfig{ Mode: "remote", @@ -525,8 +525,8 @@ func TestServiceDefaults_MatchesConsul(t *testing.T) { Duration: 2 * time.Second, }, MaxFailures: uint32(20), - EnforcingConsecutive5xx: pointer.Uint32(100), - MaxEjectionPercent: pointer.Uint32(10), + EnforcingConsecutive5xx: ptr.To(uint32(100)), + MaxEjectionPercent: ptr.To(uint32(10)), BaseEjectionTime: &metav1.Duration{ Duration: 10 * time.Second, }, @@ -553,8 +553,8 @@ func TestServiceDefaults_MatchesConsul(t *testing.T) { Duration: 2 * time.Second, }, MaxFailures: uint32(10), - EnforcingConsecutive5xx: pointer.Uint32(60), - MaxEjectionPercent: pointer.Uint32(20), + EnforcingConsecutive5xx: ptr.To(uint32(60)), + MaxEjectionPercent: ptr.To(uint32(20)), BaseEjectionTime: &metav1.Duration{ Duration: 20 * time.Second, }, @@ -579,8 +579,8 @@ func TestServiceDefaults_MatchesConsul(t *testing.T) { Duration: 2 * time.Second, }, MaxFailures: uint32(10), - EnforcingConsecutive5xx: pointer.Uint32(60), - MaxEjectionPercent: pointer.Uint32(30), + EnforcingConsecutive5xx: ptr.To(uint32(60)), + MaxEjectionPercent: ptr.To(uint32(30)), BaseEjectionTime: &metav1.Duration{ Duration: 30 * time.Second, }, @@ -672,9 +672,9 @@ func TestServiceDefaults_MatchesConsul(t *testing.T) { PassiveHealthCheck: &capi.PassiveHealthCheck{ Interval: 2 * time.Second, MaxFailures: uint32(20), - EnforcingConsecutive5xx: pointer.Uint32(100), - MaxEjectionPercent: pointer.Uint32(10), - BaseEjectionTime: pointer.Duration(10 * time.Second), + EnforcingConsecutive5xx: ptr.To(uint32(100)), + MaxEjectionPercent: ptr.To(uint32(10)), + BaseEjectionTime: ptr.To(10 * time.Second), }, MeshGateway: capi.MeshGatewayConfig{ Mode: "local", @@ -696,9 +696,9 @@ func TestServiceDefaults_MatchesConsul(t *testing.T) { PassiveHealthCheck: &capi.PassiveHealthCheck{ Interval: 2 * time.Second, MaxFailures: uint32(10), - EnforcingConsecutive5xx: pointer.Uint32(60), - MaxEjectionPercent: pointer.Uint32(20), - BaseEjectionTime: pointer.Duration(20 * time.Second), + EnforcingConsecutive5xx: ptr.To(uint32(60)), + MaxEjectionPercent: ptr.To(uint32(20)), + BaseEjectionTime: ptr.To(20 * time.Second), }, MeshGateway: capi.MeshGatewayConfig{ Mode: "remote", @@ -720,9 +720,9 @@ func TestServiceDefaults_MatchesConsul(t *testing.T) { PassiveHealthCheck: &capi.PassiveHealthCheck{ Interval: 2 * time.Second, MaxFailures: uint32(10), - EnforcingConsecutive5xx: pointer.Uint32(60), - MaxEjectionPercent: pointer.Uint32(30), - BaseEjectionTime: pointer.Duration(30 * time.Second), + EnforcingConsecutive5xx: ptr.To(uint32(60)), + MaxEjectionPercent: ptr.To(uint32(30)), + BaseEjectionTime: ptr.To(30 * time.Second), }, MeshGateway: capi.MeshGatewayConfig{ Mode: "remote", diff --git a/control-plane/api/v1alpha1/zz_generated.deepcopy.go b/control-plane/api/v1alpha1/zz_generated.deepcopy.go index 320f05510f..d894b4e305 100644 --- a/control-plane/api/v1alpha1/zz_generated.deepcopy.go +++ b/control-plane/api/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Code generated by controller-gen. DO NOT EDIT. diff --git a/control-plane/catalog/to-consul/resource_test.go b/control-plane/catalog/to-consul/resource_test.go index 8ccc54780f..41cd37bcce 100644 --- a/control-plane/catalog/to-consul/resource_test.go +++ b/control-plane/catalog/to-consul/resource_test.go @@ -21,7 +21,7 @@ import ( "k8s.io/apimachinery/pkg/util/rand" "k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes/fake" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) const nodeName1 = "ip-10-11-12-13.ec2.internal" @@ -778,23 +778,23 @@ func TestServiceResource_lbRegisterEndpoints(t *testing.T) { { Addresses: []string{"8.8.8.8"}, Conditions: discoveryv1.EndpointConditions{ - Ready: pointer.Bool(true), - Serving: pointer.Bool(true), - Terminating: pointer.Bool(false), + Ready: ptr.To(true), + Serving: ptr.To(true), + Terminating: ptr.To(false), }, TargetRef: &corev1.ObjectReference{Kind: "pod", Name: "foo", Namespace: metav1.NamespaceDefault}, NodeName: &node1.Name, - Zone: pointer.String("us-west-2a"), + Zone: ptr.To("us-west-2a"), }, }, Ports: []discoveryv1.EndpointPort{ { - Name: pointer.String("http"), - Port: pointer.Int32(8080), + Name: ptr.To("http"), + Port: ptr.To(int32(8080)), }, { - Name: pointer.String("rpc"), - Port: pointer.Int32(2000), + Name: ptr.To("rpc"), + Port: ptr.To(int32(2000)), }, }, }, @@ -926,23 +926,23 @@ func TestServiceResource_nodePort_singleEndpoint(t *testing.T) { { Addresses: []string{"1.2.3.4"}, Conditions: discoveryv1.EndpointConditions{ - Ready: pointer.Bool(true), - Serving: pointer.Bool(true), - Terminating: pointer.Bool(false), + Ready: ptr.To(true), + Serving: ptr.To(true), + Terminating: ptr.To(false), }, TargetRef: &corev1.ObjectReference{Kind: "pod", Name: "foo", Namespace: metav1.NamespaceDefault}, NodeName: &node1.Name, - Zone: pointer.String("us-west-2a"), + Zone: ptr.To("us-west-2a"), }, }, Ports: []discoveryv1.EndpointPort{ { - Name: pointer.String("http"), - Port: pointer.Int32(8080), + Name: ptr.To("http"), + Port: ptr.To(int32(8080)), }, { - Name: pointer.String("rpc"), - Port: pointer.Int32(2000), + Name: ptr.To("rpc"), + Port: ptr.To(int32(2000)), }, }, }, @@ -2147,33 +2147,33 @@ func createEndpointSlice(t *testing.T, client *fake.Clientset, serviceName strin { Addresses: []string{"1.1.1.1"}, Conditions: discoveryv1.EndpointConditions{ - Ready: pointer.Bool(true), - Serving: pointer.Bool(true), - Terminating: pointer.Bool(false), + Ready: ptr.To(true), + Serving: ptr.To(true), + Terminating: ptr.To(false), }, TargetRef: &targetRef, NodeName: &node1, - Zone: pointer.String("us-west-2a"), + Zone: ptr.To("us-west-2a"), }, { Addresses: []string{"2.2.2.2"}, Conditions: discoveryv1.EndpointConditions{ - Ready: pointer.Bool(true), - Serving: pointer.Bool(true), - Terminating: pointer.Bool(false), + Ready: ptr.To(true), + Serving: ptr.To(true), + Terminating: ptr.To(false), }, NodeName: &node2, - Zone: pointer.String("us-west-2b"), + Zone: ptr.To("us-west-2b"), }, }, Ports: []discoveryv1.EndpointPort{ { - Name: pointer.String("http"), - Port: pointer.Int32(8080), + Name: ptr.To("http"), + Port: ptr.To(int32(8080)), }, { - Name: pointer.String("rpc"), - Port: pointer.Int32(2000), + Name: ptr.To("rpc"), + Port: ptr.To(int32(2000)), }, }, }, diff --git a/control-plane/cni/go.mod b/control-plane/cni/go.mod index 451d5fd8a3..a7bca94d58 100644 --- a/control-plane/cni/go.mod +++ b/control-plane/cni/go.mod @@ -6,27 +6,26 @@ require ( github.com/containernetworking/cni v1.1.2 github.com/containernetworking/plugins v1.2.0 github.com/hashicorp/consul-k8s/version v0.0.0 - github.com/hashicorp/consul/sdk v0.13.1 - github.com/hashicorp/go-hclog v1.2.2 + github.com/hashicorp/consul/sdk v0.16.0 + github.com/hashicorp/go-hclog v1.5.0 github.com/stretchr/testify v1.8.4 - k8s.io/api v0.28.9 - k8s.io/apimachinery v0.28.9 - k8s.io/client-go v0.28.9 + k8s.io/api v0.29.8 + k8s.io/apimachinery v0.29.8 + k8s.io/client-go v0.29.8 ) require ( - github.com/davecgh/go-spew v1.1.1 // indirect - github.com/emicklei/go-restful/v3 v3.10.1 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/fatih/color v1.16.0 // indirect - github.com/go-logr/logr v1.2.4 // indirect + github.com/go-logr/logr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect - github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.3.0 // indirect github.com/imdario/mergo v0.3.13 // indirect @@ -39,7 +38,7 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/spf13/pflag v1.0.5 // indirect golang.org/x/net v0.24.0 // indirect golang.org/x/oauth2 v0.10.0 // indirect @@ -52,14 +51,14 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/klog/v2 v2.100.1 // indirect - k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect - k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect + k8s.io/klog/v2 v2.110.1 // indirect + k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect + k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) -replace github.com/hashicorp/consul/sdk => github.com/hashicorp/consul/sdk v0.4.1-0.20221021205723-cc843c4be892 +go 1.21 -go 1.20 +toolchain go1.22.6 diff --git a/control-plane/cni/go.sum b/control-plane/cni/go.sum index f0ed8dd22a..f75d59dc52 100644 --- a/control-plane/cni/go.sum +++ b/control-plane/cni/go.sum @@ -7,22 +7,20 @@ github.com/containernetworking/plugins v1.2.0 h1:SWgg3dQG1yzUo4d9iD8cwSVh1VqI+bP github.com/containernetworking/plugins v1.2.0/go.mod h1:/VjX4uHecW5vVimFa1wkG4s+r/s9qIfPdqlLF4TW8c4= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ= -github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= @@ -31,6 +29,7 @@ github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/ github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -51,22 +50,21 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/hashicorp/consul/sdk v0.4.1-0.20221021205723-cc843c4be892 h1:jw0NwPmNPr5CxAU04hACdj61JSaJBKZ0FdBo+kwfNp4= -github.com/hashicorp/consul/sdk v0.4.1-0.20221021205723-cc843c4be892/go.mod h1:yPkX5Q6CsxTFMjQQDJwzeNmUUF5NUGGbrDsv9wTb8cw= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-hclog v1.2.2 h1:ihRI7YFwcZdiSD7SIenIhHfQH3OuDvWerAUBZbeQS3M= -github.com/hashicorp/go-hclog v1.2.2/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/consul/sdk v0.16.0 h1:SE9m0W6DEfgIVCJX7xU+iv/hUl4m/nxqMTnCdMxDpJ8= +github.com/hashicorp/consul/sdk v0.16.0/go.mod h1:7pxqqhqoaPqnBnzXD1StKed62LqJeClzVsUEy85Zr0A= +github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= +github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= @@ -77,23 +75,19 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= -github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= @@ -113,25 +107,26 @@ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108 github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= -github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE= +github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= +github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= -github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= +github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= @@ -164,12 +159,9 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -181,7 +173,6 @@ golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -204,6 +195,7 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= +golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -221,7 +213,6 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= @@ -238,21 +229,21 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.28.9 h1:E7VEXXCAlSrp+08zq4zgd+ko6Ttu0Mw+XoXlIkDTVW0= -k8s.io/api v0.28.9/go.mod h1:AnCsDYf3SHjfa8mPG5LGYf+iF4mie+3peLQR51MMCgw= -k8s.io/apimachinery v0.28.9 h1:aXz4Zxsw+Pk4KhBerAtKRxNN1uSMWKfciL/iOdBfXvA= -k8s.io/apimachinery v0.28.9/go.mod h1:zUG757HaKs6Dc3iGtKjzIpBfqTM4yiRsEe3/E7NX15o= -k8s.io/client-go v0.28.9 h1:mmMvejwc/KDjMLmDpyaxkWNzlWRCJ6ht7Qsbsnwn39Y= -k8s.io/client-go v0.28.9/go.mod h1:GFDy3rUNId++WGrr0hRaBrs+y1eZz5JtVZODEalhRMo= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= -k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/api v0.29.8 h1:ZBKg9clWnIGtQ5yGhNwMw2zyyrsIAQaXhZACcYNflQE= +k8s.io/api v0.29.8/go.mod h1:XlGIpmpzKGrtVca7GlgNryZJ19SvQdI808NN7fy1SgQ= +k8s.io/apimachinery v0.29.8 h1:uBHc9WuKiTHClIspJqtR84WNpG0aOGn45HWqxgXkk8Y= +k8s.io/apimachinery v0.29.8/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y= +k8s.io/client-go v0.29.8 h1:QMRKcIzqE/qawknXcsi51GdIAYN8UP39S/M5KnFu/J0= +k8s.io/client-go v0.29.8/go.mod h1:ZzrAAVrqO2jVXMb8My/jTke8n0a/mIynnA3y/1y1UB0= +k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= +k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/control-plane/config/crd/bases/auth.consul.hashicorp.com_trafficpermissions.yaml b/control-plane/config/crd/bases/auth.consul.hashicorp.com_trafficpermissions.yaml index 3a7699dce4..2b616d0d3a 100644 --- a/control-plane/config/crd/bases/auth.consul.hashicorp.com_trafficpermissions.yaml +++ b/control-plane/config/crd/bases/auth.consul.hashicorp.com_trafficpermissions.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: trafficpermissions.auth.consul.hashicorp.com spec: group: auth.consul.hashicorp.com @@ -38,32 +38,40 @@ spec: API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: action: - description: "Action can be either allow or deny for the entire object. - It will default to allow. \n If action is allow, we will allow the - connection if one of the rules in Rules matches, in other words, - we will deny all requests except for the ones that match Rules. - If Consul is in default allow mode, then allow actions have no effect - without a deny permission as everything is allowed by default. \n - If action is deny, we will deny the connection if one of the rules - in Rules match, in other words, we will allow all requests except - for the ones that match Rules. If Consul is default deny mode, then - deny permissions have no effect without an allow permission as everything - is denied by default. \n Action unspecified is reserved for compatibility - with the addition of future actions." + description: |- + Action can be either allow or deny for the entire object. It will default to allow. + + + If action is allow, we will allow the connection if one of the rules in Rules matches, in other words, we will deny + all requests except for the ones that match Rules. If Consul is in default allow mode, then allow + actions have no effect without a deny permission as everything is allowed by default. + + + If action is deny, we will deny the connection if one of the rules in Rules match, in other words, + we will allow all requests except for the ones that match Rules. If Consul is default deny mode, + then deny permissions have no effect without an allow permission as everything is denied by default. + + + Action unspecified is reserved for compatibility with the addition of future actions. enum: - ACTION_ALLOW - ACTION_DENY @@ -71,7 +79,8 @@ spec: format: int32 type: string destination: - description: Destination is a configuration of the destination proxies + description: |- + Destination is a configuration of the destination proxies where these traffic permissions should apply. properties: identityName: @@ -84,9 +93,9 @@ spec: description: Permissions is a list of permissions to match on. properties: destinationRules: - description: DestinationRules is a list of rules to apply for - matching sources in this Permission. These rules are specific - to the request or connection that is going to the destination(s) + description: |- + DestinationRules is a list of rules to apply for matching sources in this Permission. + These rules are specific to the request or connection that is going to the destination(s) selected by the TrafficPermissions resource. items: description: DestinationRule contains rules rules to apply @@ -126,8 +135,8 @@ spec: pathRegex: type: string portNames: - description: PortNames is a list of workload ports - to apply this rule to. The ports specified here + description: |- + PortNames is a list of workload ports to apply this rule to. The ports specified here must be the ports used in the connection. items: type: string @@ -152,8 +161,9 @@ spec: type: string type: object methods: - description: Methods is the list of HTTP methods. If no - methods are specified, this rule will apply to all methods. + description: |- + Methods is the list of HTTP methods. If no methods are specified, + this rule will apply to all methods. items: type: string type: array @@ -172,17 +182,18 @@ spec: sources: description: Sources is a list of sources in this traffic permission. items: - description: Source represents the source identity. To specify - any of the wildcard sources, the specific fields need to - be omitted. For example, for a wildcard namespace, identity_name - should be omitted. + description: |- + Source represents the source identity. + To specify any of the wildcard sources, the specific fields need to be omitted. + For example, for a wildcard namespace, identity_name should be omitted. properties: exclude: description: Exclude is a list of sources to exclude from this source. items: - description: ExcludeSource is almost the same as source - but it prevents the addition of matching sources. + description: |- + ExcludeSource is almost the same as source but it prevents the addition of + matching sources. properties: identityName: type: string @@ -217,8 +228,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_controlplanerequestlimits.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_controlplanerequestlimits.yaml index 49fc1ae135..44c9e79e2e 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_controlplanerequestlimits.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_controlplanerequestlimits.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: controlplanerequestlimits.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -32,14 +32,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -151,8 +156,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_exportedservices.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_exportedservices.yaml index 22f816cb18..d10bbf6ae9 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_exportedservices.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_exportedservices.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: exportedservices.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -37,14 +37,19 @@ spec: description: ExportedServices is the Schema for the exportedservices API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -52,11 +57,13 @@ spec: description: ExportedServicesSpec defines the desired state of ExportedServices. properties: services: - description: Services is a list of services to be exported and the - list of partitions to expose them to. + description: |- + Services is a list of services to be exported and the list of partitions + to expose them to. items: - description: ExportedService manages the exporting of a service - in the local partition to other partitions. + description: |- + ExportedService manages the exporting of a service in the local partition to + other partitions. properties: consumers: description: Consumers is a list of downstream consumers of @@ -95,8 +102,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_gatewayclassconfigs.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_gatewayclassconfigs.yaml index ff3158f2a7..20d6bb2ddc 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_gatewayclassconfigs.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_gatewayclassconfigs.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: gatewayclassconfigs.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -23,14 +23,19 @@ spec: for Consul API Gateway. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -77,19 +82,24 @@ spec: gateway. properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be - set for containers." + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in - pod.spec.resourceClaims of the Pod where this field - is used. It makes that resource available inside a - container. + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. type: string required: - name @@ -105,8 +115,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -115,10 +126,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object type: object @@ -130,9 +142,10 @@ spec: nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must be true for the - pod to fit on a node. Selector which must match a node''s labels - for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object openshiftSCCName: description: The name of the OpenShift SecurityContextConstraints @@ -150,43 +163,43 @@ spec: - LoadBalancer type: string tolerations: - description: 'Tolerations allow the scheduler to schedule nodes with - matching taints. More Info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/' + description: |- + Tolerations allow the scheduler to schedule nodes with matching taints. + More Info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_gatewaypolicies.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_gatewaypolicies.yaml index e12db4cf20..7c75ef44ce 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_gatewaypolicies.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_gatewaypolicies.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: gatewaypolicies.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -35,14 +35,19 @@ spec: description: GatewayPolicy is the Schema for the gatewaypolicies API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -63,9 +68,9 @@ spec: verification information. properties: name: - description: Name is the name of the JWT provider. There - MUST be a corresponding "jwt-provider" config entry - with this name. + description: |- + Name is the name of the JWT provider. There MUST be a corresponding + "jwt-provider" config entry with this name. type: string verifyClaims: description: VerifyClaims is a list of additional claims @@ -81,11 +86,14 @@ spec: type: string type: array value: - description: "Value is the expected value at the - given path: - If the type at the path is a list - then we verify that this value is contained - in the list. \n - If the type at the path is - a string then we verify that this value matches." + description: |- + Value is the expected value at the given path: + - If the type at the path is a list then we verify + that this value is contained in the list. + + + - If the type at the path is a string then we verify + that this value matches. type: string required: - path @@ -114,9 +122,9 @@ spec: verification information. properties: name: - description: Name is the name of the JWT provider. There - MUST be a corresponding "jwt-provider" config entry - with this name. + description: |- + Name is the name of the JWT provider. There MUST be a corresponding + "jwt-provider" config entry with this name. type: string verifyClaims: description: VerifyClaims is a list of additional claims @@ -132,11 +140,14 @@ spec: type: string type: array value: - description: "Value is the expected value at the - given path: - If the type at the path is a list - then we verify that this value is contained - in the list. \n - If the type at the path is - a string then we verify that this value matches." + description: |- + Value is the expected value at the given path: + - If the type at the path is a list then we verify + that this value is contained in the list. + + + - If the type at the path is a string then we verify + that this value matches. type: string required: - path @@ -170,10 +181,11 @@ spec: minLength: 1 type: string namespace: - description: Namespace is the namespace of the referent. When - unspecified, the local namespace is inferred. Even when policy - targets a resource in a different namespace, it may only apply - to traffic originating from the same namespace as the policy. + description: |- + Namespace is the namespace of the referent. When unspecified, the local + namespace is inferred. Even when policy targets a resource in a different + namespace, it may only apply to traffic originating from the same + namespace as the policy. maxLength: 253 minLength: 1 type: string @@ -196,46 +208,53 @@ spec: description: GatewayPolicyStatus defines the observed state of the gateway. properties: conditions: - description: "Conditions describe the current conditions of the Policy. - \n Known condition types are: \n * \"Accepted\" * \"ResolvedRefs\"" + description: |- + Conditions describe the current conditions of the Policy. + + + Known condition types are: + + + * "Accepted" + * "ResolvedRefs" items: description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -249,11 +268,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml index 79450327cb..701ef754b5 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_ingressgateways.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: ingressgateways.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -37,14 +37,19 @@ spec: description: IngressGateway is the Schema for the ingressgateways API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,64 +60,68 @@ spec: description: Defaults is default configuration for all upstream services properties: maxConcurrentRequests: - description: The maximum number of concurrent requests that will - be allowed at a single point in time. Use this to limit HTTP/2 - traffic, since HTTP/2 has many requests per connection. + description: |- + The maximum number of concurrent requests that + will be allowed at a single point in time. Use this to limit HTTP/2 traffic, + since HTTP/2 has many requests per connection. format: int32 type: integer maxConnections: - description: The maximum number of connections a service instance - will be allowed to establish against the given upstream. Use - this to limit HTTP/1.1 traffic, since HTTP/1.1 has a request - per connection. + description: |- + The maximum number of connections a service instance + will be allowed to establish against the given upstream. Use this to limit + HTTP/1.1 traffic, since HTTP/1.1 has a request per connection. format: int32 type: integer maxPendingRequests: - description: The maximum number of requests that will be queued + description: |- + The maximum number of requests that will be queued while waiting for a connection to be established. format: int32 type: integer passiveHealthCheck: - description: PassiveHealthCheck configuration determines how upstream - proxy instances will be monitored for removal from the load - balancing pool. + description: |- + PassiveHealthCheck configuration determines how upstream proxy instances will + be monitored for removal from the load balancing pool. properties: baseEjectionTime: - description: The base time that a host is ejected for. The - real time is equal to the base time multiplied by the number - of times the host has been ejected and is capped by max_ejection_time - (Default 300s). Defaults to 30s. + description: |- + The base time that a host is ejected for. The real time is equal to the base time + multiplied by the number of times the host has been ejected and is capped by + max_ejection_time (Default 300s). Defaults to 30s. type: string enforcingConsecutive5xx: - description: EnforcingConsecutive5xx is the % chance that - a host will be actually ejected when an outlier status is - detected through consecutive 5xx. This setting can be used - to disable ejection or to ramp it up slowly. Ex. Setting - this to 10 will make it a 10% chance that the host will - be ejected. + description: |- + EnforcingConsecutive5xx is the % chance that a host will be actually ejected + when an outlier status is detected through consecutive 5xx. + This setting can be used to disable ejection or to ramp it up slowly. + Ex. Setting this to 10 will make it a 10% chance that the host will be ejected. format: int32 type: integer interval: - description: Interval between health check analysis sweeps. - Each sweep may remove hosts or return hosts to the pool. - Ex. setting this to "10s" will set the interval to 10 seconds. + description: |- + Interval between health check analysis sweeps. Each sweep may remove + hosts or return hosts to the pool. Ex. setting this to "10s" will set + the interval to 10 seconds. type: string maxEjectionPercent: - description: The maximum % of an upstream cluster that can - be ejected due to outlier detection. Defaults to 10% but - will eject at least one host regardless of the value. + description: |- + The maximum % of an upstream cluster that can be ejected due to outlier detection. + Defaults to 10% but will eject at least one host regardless of the value. format: int32 type: integer maxFailures: - description: MaxFailures is the count of consecutive failures - that results in a host being removed from the pool. + description: |- + MaxFailures is the count of consecutive failures that results in a host + being removed from the pool. format: int32 type: integer type: object type: object listeners: - description: Listeners declares what ports the ingress gateway should - listen on, and what services to associated to those ports. + description: |- + Listeners declares what ports the ingress gateway should listen on, and + what services to associated to those ports. items: description: IngressListener manages the configuration for a listener on a specific port. @@ -122,110 +131,119 @@ spec: should listen for traffic. type: integer protocol: - description: 'Protocol declares what type of traffic this listener - is expected to receive. Depending on the protocol, a listener - might support multiplexing services over a single port, or - additional discovery chain features. The current supported - values are: (tcp | http | http2 | grpc).' + description: |- + Protocol declares what type of traffic this listener is expected to + receive. Depending on the protocol, a listener might support multiplexing + services over a single port, or additional discovery chain features. The + current supported values are: (tcp | http | http2 | grpc). type: string services: - description: Services declares the set of services to which - the listener forwards traffic. For "tcp" protocol listeners, - only a single service is allowed. For "http" listeners, multiple - services can be declared. + description: |- + Services declares the set of services to which the listener forwards + traffic. + For "tcp" protocol listeners, only a single service is allowed. + For "http" listeners, multiple services can be declared. items: - description: IngressService manages configuration for services - that are exposed to ingress traffic. + description: |- + IngressService manages configuration for services that are exposed to + ingress traffic. properties: hosts: - description: "Hosts is a list of hostnames which should - be associated to this service on the defined listener. - Only allowed on layer 7 protocols, this will be used - to route traffic to the service by matching the Host - header of the HTTP request. \n If a host is provided - for a service that also has a wildcard specifier defined, - the host will override the wildcard-specifier-provided - \".*\" domain for that listener. \n This - cannot be specified when using the wildcard specifier, - \"*\", or when using a \"tcp\" listener." + description: |- + Hosts is a list of hostnames which should be associated to this service on + the defined listener. Only allowed on layer 7 protocols, this will be used + to route traffic to the service by matching the Host header of the HTTP + request. + + + If a host is provided for a service that also has a wildcard specifier + defined, the host will override the wildcard-specifier-provided + ".*" domain for that listener. + + + This cannot be specified when using the wildcard specifier, "*", or when + using a "tcp" listener. items: type: string type: array maxConcurrentRequests: - description: The maximum number of concurrent requests - that will be allowed at a single point in time. Use - this to limit HTTP/2 traffic, since HTTP/2 has many - requests per connection. + description: |- + The maximum number of concurrent requests that + will be allowed at a single point in time. Use this to limit HTTP/2 traffic, + since HTTP/2 has many requests per connection. format: int32 type: integer maxConnections: - description: The maximum number of connections a service - instance will be allowed to establish against the given - upstream. Use this to limit HTTP/1.1 traffic, since - HTTP/1.1 has a request per connection. + description: |- + The maximum number of connections a service instance + will be allowed to establish against the given upstream. Use this to limit + HTTP/1.1 traffic, since HTTP/1.1 has a request per connection. format: int32 type: integer maxPendingRequests: - description: The maximum number of requests that will - be queued while waiting for a connection to be established. + description: |- + The maximum number of requests that will be queued + while waiting for a connection to be established. format: int32 type: integer name: - description: "Name declares the service to which traffic - should be forwarded. \n This can either be a specific - service, or the wildcard specifier, \"*\". If the wildcard - specifier is provided, the listener must be of \"http\" - protocol and means that the listener will forward traffic - to all services. \n A name can be specified on multiple - listeners, and will be exposed on both of the listeners." + description: |- + Name declares the service to which traffic should be forwarded. + + + This can either be a specific service, or the wildcard specifier, + "*". If the wildcard specifier is provided, the listener must be of "http" + protocol and means that the listener will forward traffic to all services. + + + A name can be specified on multiple listeners, and will be exposed on both + of the listeners. type: string namespace: - description: Namespace is the namespace where the service - is located. Namespacing is a Consul Enterprise feature. + description: |- + Namespace is the namespace where the service is located. + Namespacing is a Consul Enterprise feature. type: string partition: - description: Partition is the admin-partition where the - service is located. Partitioning is a Consul Enterprise - feature. + description: |- + Partition is the admin-partition where the service is located. + Partitioning is a Consul Enterprise feature. type: string passiveHealthCheck: - description: PassiveHealthCheck configuration determines - how upstream proxy instances will be monitored for removal - from the load balancing pool. + description: |- + PassiveHealthCheck configuration determines how upstream proxy instances will + be monitored for removal from the load balancing pool. properties: baseEjectionTime: - description: The base time that a host is ejected - for. The real time is equal to the base time multiplied - by the number of times the host has been ejected - and is capped by max_ejection_time (Default 300s). - Defaults to 30s. + description: |- + The base time that a host is ejected for. The real time is equal to the base time + multiplied by the number of times the host has been ejected and is capped by + max_ejection_time (Default 300s). Defaults to 30s. type: string enforcingConsecutive5xx: - description: EnforcingConsecutive5xx is the % chance - that a host will be actually ejected when an outlier - status is detected through consecutive 5xx. This - setting can be used to disable ejection or to ramp - it up slowly. Ex. Setting this to 10 will make it - a 10% chance that the host will be ejected. + description: |- + EnforcingConsecutive5xx is the % chance that a host will be actually ejected + when an outlier status is detected through consecutive 5xx. + This setting can be used to disable ejection or to ramp it up slowly. + Ex. Setting this to 10 will make it a 10% chance that the host will be ejected. format: int32 type: integer interval: - description: Interval between health check analysis - sweeps. Each sweep may remove hosts or return hosts - to the pool. Ex. setting this to "10s" will set + description: |- + Interval between health check analysis sweeps. Each sweep may remove + hosts or return hosts to the pool. Ex. setting this to "10s" will set the interval to 10 seconds. type: string maxEjectionPercent: - description: The maximum % of an upstream cluster - that can be ejected due to outlier detection. Defaults - to 10% but will eject at least one host regardless - of the value. + description: |- + The maximum % of an upstream cluster that can be ejected due to outlier detection. + Defaults to 10% but will eject at least one host regardless of the value. format: int32 type: integer maxFailures: - description: MaxFailures is the count of consecutive - failures that results in a host being removed from - the pool. + description: |- + MaxFailures is the count of consecutive failures that results in a host + being removed from the pool. format: int32 type: integer type: object @@ -235,50 +253,52 @@ spec: add: additionalProperties: type: string - description: Add is a set of name -> value pairs that - should be appended to the request or response (i.e. - allowing duplicates if the same header already exists). + description: |- + Add is a set of name -> value pairs that should be appended to the request + or response (i.e. allowing duplicates if the same header already exists). type: object remove: - description: Remove is the set of header names that - should be stripped from the request or response. + description: |- + Remove is the set of header names that should be stripped from the request + or response. items: type: string type: array set: additionalProperties: type: string - description: Set is a set of name -> value pairs that - should be added to the request or response, overwriting - any existing header values of the same name. + description: |- + Set is a set of name -> value pairs that should be added to the request or + response, overwriting any existing header values of the same name. type: object type: object responseHeaders: - description: HTTPHeaderModifiers is a set of rules for - HTTP header modification that should be performed by - proxies as the request passes through them. It can operate - on either request or response headers depending on the - context in which it is used. + description: |- + HTTPHeaderModifiers is a set of rules for HTTP header modification that + should be performed by proxies as the request passes through them. It can + operate on either request or response headers depending on the context in + which it is used. properties: add: additionalProperties: type: string - description: Add is a set of name -> value pairs that - should be appended to the request or response (i.e. - allowing duplicates if the same header already exists). + description: |- + Add is a set of name -> value pairs that should be appended to the request + or response (i.e. allowing duplicates if the same header already exists). type: object remove: - description: Remove is the set of header names that - should be stripped from the request or response. + description: |- + Remove is the set of header names that should be stripped from the request + or response. items: type: string type: array set: additionalProperties: type: string - description: Set is a set of name -> value pairs that - should be added to the request or response, overwriting - any existing header values of the same name. + description: |- + Set is a set of name -> value pairs that should be added to the request or + response, overwriting any existing header values of the same name. type: object type: object tls: @@ -295,10 +315,9 @@ spec: from the SDS service. type: string clusterName: - description: ClusterName is the SDS cluster name - to connect to, to retrieve certificates. This - cluster must be specified in the Gateway's bootstrap - configuration. + description: |- + ClusterName is the SDS cluster name to connect to, to retrieve certificates. + This cluster must be specified in the Gateway's bootstrap configuration. type: string type: object type: object @@ -308,9 +327,9 @@ spec: description: TLS config for this listener. properties: cipherSuites: - description: Define a subset of cipher suites to restrict - Only applicable to connections negotiated via TLS 1.2 - or earlier. + description: |- + Define a subset of cipher suites to restrict + Only applicable to connections negotiated via TLS 1.2 or earlier. items: type: string type: array @@ -328,24 +347,23 @@ spec: service. type: string clusterName: - description: ClusterName is the SDS cluster name to - connect to, to retrieve certificates. This cluster - must be specified in the Gateway's bootstrap configuration. + description: |- + ClusterName is the SDS cluster name to connect to, to retrieve certificates. + This cluster must be specified in the Gateway's bootstrap configuration. type: string type: object tlsMaxVersion: - description: TLSMaxVersion sets the default maximum TLS - version supported. Must be greater than or equal to `TLSMinVersion`. - One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or - `TLSv1_3`. If unspecified, Envoy will default to TLS 1.3 - as a max version for incoming connections. + description: |- + TLSMaxVersion sets the default maximum TLS version supported. Must be greater than or equal to `TLSMinVersion`. + One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. + If unspecified, Envoy will default to TLS 1.3 as a max version for incoming connections. type: string tlsMinVersion: - description: TLSMinVersion sets the default minimum TLS - version supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, - `TLSv1_2`, or `TLSv1_3`. If unspecified, Envoy v1.22.0 - and newer will default to TLS 1.2 as a min version, while - older releases of Envoy default to TLS 1.0. + description: |- + TLSMinVersion sets the default minimum TLS version supported. + One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. + If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, + while older releases of Envoy default to TLS 1.0. type: string required: - enabled @@ -356,8 +374,9 @@ spec: description: TLS holds the TLS configuration for this gateway. properties: cipherSuites: - description: Define a subset of cipher suites to restrict Only - applicable to connections negotiated via TLS 1.2 or earlier. + description: |- + Define a subset of cipher suites to restrict + Only applicable to connections negotiated via TLS 1.2 or earlier. items: type: string type: array @@ -374,24 +393,23 @@ spec: when fetching the certificate from the SDS service. type: string clusterName: - description: ClusterName is the SDS cluster name to connect - to, to retrieve certificates. This cluster must be specified - in the Gateway's bootstrap configuration. + description: |- + ClusterName is the SDS cluster name to connect to, to retrieve certificates. + This cluster must be specified in the Gateway's bootstrap configuration. type: string type: object tlsMaxVersion: - description: TLSMaxVersion sets the default maximum TLS version - supported. Must be greater than or equal to `TLSMinVersion`. + description: |- + TLSMaxVersion sets the default maximum TLS version supported. Must be greater than or equal to `TLSMinVersion`. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. - If unspecified, Envoy will default to TLS 1.3 as a max version - for incoming connections. + If unspecified, Envoy will default to TLS 1.3 as a max version for incoming connections. type: string tlsMinVersion: - description: TLSMinVersion sets the default minimum TLS version - supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will default - to TLS 1.2 as a min version, while older releases of Envoy default - to TLS 1.0. + description: |- + TLSMinVersion sets the default minimum TLS version supported. + One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. + If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, + while older releases of Envoy default to TLS 1.0. type: string required: - enabled @@ -403,8 +421,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_jwtproviders.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_jwtproviders.yaml index df234ae1eb..7fc78372cf 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_jwtproviders.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_jwtproviders.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: jwtproviders.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -22,14 +22,19 @@ spec: description: JWTProvider is the Schema for the jwtproviders API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -37,62 +42,79 @@ spec: description: JWTProviderSpec defines the desired state of JWTProvider properties: audiences: - description: Audiences is the set of audiences the JWT is allowed - to access. If specified, all JWTs verified with this provider must - address at least one of these to be considered valid. + description: |- + Audiences is the set of audiences the JWT is allowed to access. + If specified, all JWTs verified with this provider must address + at least one of these to be considered valid. items: type: string type: array cacheConfig: - description: CacheConfig defines configuration for caching the validation - result for previously seen JWTs. Caching results can speed up verification - when individual tokens are expected to be handled multiple times. + description: |- + CacheConfig defines configuration for caching the validation + result for previously seen JWTs. Caching results can speed up + verification when individual tokens are expected to be handled + multiple times. properties: size: - description: "Size specifies the maximum number of JWT verification - results to cache. \n Defaults to 0, meaning that JWT caching - is disabled." + description: |- + Size specifies the maximum number of JWT verification + results to cache. + + + Defaults to 0, meaning that JWT caching is disabled. type: integer type: object clockSkewSeconds: - description: "ClockSkewSeconds specifies the maximum allowable time - difference from clock skew when validating the \"exp\" (Expiration) - and \"nbf\" (Not Before) claims. \n Default value is 30 seconds." + description: |- + ClockSkewSeconds specifies the maximum allowable time difference + from clock skew when validating the "exp" (Expiration) and "nbf" + (Not Before) claims. + + + Default value is 30 seconds. type: integer forwarding: description: Forwarding defines rules for forwarding verified JWTs to the backend. properties: headerName: - description: "HeaderName is a header name to use when forwarding - a verified JWT to the backend. The verified JWT could have been - extracted from any location (query param, header, or cookie). - \n The header value will be base64-URL-encoded, and will not - be padded unless PadForwardPayloadHeader is true." + description: |- + HeaderName is a header name to use when forwarding a verified + JWT to the backend. The verified JWT could have been extracted + from any location (query param, header, or cookie). + + + The header value will be base64-URL-encoded, and will not be + padded unless PadForwardPayloadHeader is true. type: string padForwardPayloadHeader: - description: "PadForwardPayloadHeader determines whether padding - should be added to the base64 encoded token forwarded with ForwardPayloadHeader. - \n Default value is false." + description: |- + PadForwardPayloadHeader determines whether padding should be added + to the base64 encoded token forwarded with ForwardPayloadHeader. + + + Default value is false. type: boolean type: object issuer: - description: Issuer is the entity that must have issued the JWT. This - value must match the "iss" claim of the token. + description: |- + Issuer is the entity that must have issued the JWT. + This value must match the "iss" claim of the token. type: string jsonWebKeySet: - description: JSONWebKeySet defines a JSON Web Key Set, its location - on disk, or the means with which to fetch a key set from a remote - server. + description: |- + JSONWebKeySet defines a JSON Web Key Set, its location on disk, or the + means with which to fetch a key set from a remote server. properties: local: description: Local specifies a local source for the key set. properties: filename: - description: Filename configures a location on disk where - the JWKS can be found. If specified, the file must be present - on the disk of ALL proxies with intentions referencing this - provider. + description: |- + Filename configures a location on disk where the JWKS can be + found. If specified, the file must be present on the disk of ALL + proxies with intentions referencing this provider. type: string jwks: description: JWKS contains a base64 encoded JWKS. @@ -103,62 +125,78 @@ spec: server. properties: cacheDuration: - description: "CacheDuration is the duration after which cached - keys should be expired. \n Default value is 5 minutes." + description: |- + CacheDuration is the duration after which cached keys + should be expired. + + + Default value is 5 minutes. type: string fetchAsynchronously: - description: "FetchAsynchronously indicates that the JWKS - should be fetched when a client request arrives. Client - requests will be paused until the JWKS is fetched. If false, - the proxy listener will wait for the JWKS to be fetched - before being activated. \n Default value is false." + description: |- + FetchAsynchronously indicates that the JWKS should be fetched + when a client request arrives. Client requests will be paused + until the JWKS is fetched. + If false, the proxy listener will wait for the JWKS to be + fetched before being activated. + + + Default value is false. type: boolean jwksCluster: description: JWKSCluster defines how the specified Remote JWKS URI is to be fetched. properties: connectTimeout: - description: The timeout for new network connections to - hosts in the cluster. If not set, a default value of - 5s will be used. + description: |- + The timeout for new network connections to hosts in the cluster. + If not set, a default value of 5s will be used. type: string discoveryType: - description: "DiscoveryType refers to the service discovery - type to use for resolving the cluster. \n This defaults - to STRICT_DNS. Other options include STATIC, LOGICAL_DNS, - EDS or ORIGINAL_DST." + description: |- + DiscoveryType refers to the service discovery type to use for resolving the cluster. + + + This defaults to STRICT_DNS. + Other options include STATIC, LOGICAL_DNS, EDS or ORIGINAL_DST. type: string tlsCertificates: - description: "TLSCertificates refers to the data containing - certificate authority certificates to use in verifying - a presented peer certificate. If not specified and a - peer certificate is presented it will not be verified. - \n Must be either CaCertificateProviderInstance or TrustedCA." + description: |- + TLSCertificates refers to the data containing certificate authority certificates to use + in verifying a presented peer certificate. + If not specified and a peer certificate is presented it will not be verified. + + + Must be either CaCertificateProviderInstance or TrustedCA. properties: caCertificateProviderInstance: description: CaCertificateProviderInstance Certificate provider instance for fetching TLS certificates. properties: certificateName: - description: "CertificateName is used to specify - certificate instances or types. For example, - \"ROOTCA\" to specify a root-certificate (validation - context) or \"example.com\" to specify a certificate - for a particular domain. \n The default value - is the empty string." + description: |- + CertificateName is used to specify certificate instances or types. For example, "ROOTCA" to specify + a root-certificate (validation context) or "example.com" to specify a certificate for a + particular domain. + + + The default value is the empty string. type: string instanceName: - description: "InstanceName refers to the certificate - provider instance name. \n The default value - is \"default\"." + description: |- + InstanceName refers to the certificate provider instance name. + + + The default value is "default". type: string type: object trustedCA: - description: "TrustedCA defines TLS certificate data - containing certificate authority certificates to - use in verifying a presented peer certificate. \n - Exactly one of Filename, EnvironmentVariable, InlineString - or InlineBytes must be specified." + description: |- + TrustedCA defines TLS certificate data containing certificate authority certificates + to use in verifying a presented peer certificate. + + + Exactly one of Filename, EnvironmentVariable, InlineString or InlineBytes must be specified. properties: environmentVariable: type: string @@ -173,33 +211,47 @@ spec: type: object type: object requestTimeoutMs: - description: RequestTimeoutMs is the number of milliseconds - to time out when making a request for the JWKS. + description: |- + RequestTimeoutMs is the number of milliseconds to + time out when making a request for the JWKS. type: integer retryPolicy: - description: "RetryPolicy defines a retry policy for fetching - JWKS. \n There is no retry by default." + description: |- + RetryPolicy defines a retry policy for fetching JWKS. + + + There is no retry by default. properties: numRetries: - description: "NumRetries is the number of times to retry - fetching the JWKS. The retry strategy uses jittered - exponential backoff with a base interval of 1s and max - of 10s. \n Default value is 0." + description: |- + NumRetries is the number of times to retry fetching the JWKS. + The retry strategy uses jittered exponential backoff with + a base interval of 1s and max of 10s. + + + Default value is 0. type: integer retryPolicyBackOff: - description: "Retry's backoff policy. \n Defaults to Envoy's - backoff policy." + description: |- + Retry's backoff policy. + + + Defaults to Envoy's backoff policy. properties: baseInterval: - description: "BaseInterval to be used for the next - back off computation. \n The default value from - envoy is 1s." + description: |- + BaseInterval to be used for the next back off computation. + + + The default value from envoy is 1s. type: string maxInterval: - description: "MaxInternal to be used to specify the - maximum interval between retries. Optional but should - be greater or equal to BaseInterval. \n Defaults - to 10 times BaseInterval." + description: |- + MaxInternal to be used to specify the maximum interval between retries. + Optional but should be greater or equal to BaseInterval. + + + Defaults to 10 times BaseInterval. type: string type: object type: object @@ -210,15 +262,19 @@ spec: type: object type: object locations: - description: 'Locations where the JWT will be present in requests. - Envoy will check all of these locations to extract a JWT. If no - locations are specified Envoy will default to: 1. Authorization - header with Bearer schema: "Authorization: Bearer " 2. accessToken - query parameter.' + description: |- + Locations where the JWT will be present in requests. + Envoy will check all of these locations to extract a JWT. + If no locations are specified Envoy will default to: + 1. Authorization header with Bearer schema: + "Authorization: Bearer " + 2. accessToken query parameter. items: - description: "JWTLocation is a location where the JWT could be present - in requests. \n Only one of Header, QueryParam, or Cookie can - be specified." + description: |- + JWTLocation is a location where the JWT could be present in requests. + + + Only one of Header, QueryParam, or Cookie can be specified. properties: cookie: description: Cookie defines how to extract a JWT from an HTTP @@ -234,26 +290,31 @@ spec: request header. properties: forward: - description: "Forward defines whether the header with the - JWT should be forwarded after the token has been verified. - If false, the header will not be forwarded to the backend. - \n Default value is false." + description: |- + Forward defines whether the header with the JWT should be + forwarded after the token has been verified. If false, the + header will not be forwarded to the backend. + + + Default value is false. type: boolean name: description: Name is the name of the header containing the token. type: string valuePrefix: - description: 'ValuePrefix is an optional prefix that precedes - the token in the header value. For example, "Bearer " - is a standard value prefix for a header named "Authorization", - but the prefix is not part of the token itself: "Authorization: - Bearer "' + description: |- + ValuePrefix is an optional prefix that precedes the token in the + header value. + For example, "Bearer " is a standard value prefix for a header named + "Authorization", but the prefix is not part of the token itself: + "Authorization: Bearer " type: string type: object queryParam: - description: QueryParam defines how to extract a JWT from an - HTTP request query parameter. + description: |- + QueryParam defines how to extract a JWT from an HTTP request + query parameter. properties: name: description: Name is the name of the query param containing @@ -269,8 +330,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_meshes.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_meshes.yaml index 3c22a4842e..c5c15b3c5d 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_meshes.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_meshes.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshes.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -35,14 +35,19 @@ spec: description: Mesh is the Schema for the mesh API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -50,9 +55,9 @@ spec: description: MeshSpec defines the desired state of Mesh. properties: allowEnablingPermissiveMutualTLS: - description: AllowEnablingPermissiveMutualTLS must be true in order - to allow setting MutualTLSMode=permissive in either service-defaults - or proxy-defaults. + description: |- + AllowEnablingPermissiveMutualTLS must be true in order to allow setting + MutualTLSMode=permissive in either service-defaults or proxy-defaults. type: boolean http: description: HTTP defines the HTTP configuration for the service mesh. @@ -67,80 +72,73 @@ spec: mesh. properties: peerThroughMeshGateways: - description: PeerThroughMeshGateways determines whether peering - traffic between control planes should flow through mesh gateways. - If enabled, Consul servers will advertise mesh gateway addresses - as their own. Additionally, mesh gateways will configure themselves - to expose the local servers using a peering-specific SNI. + description: |- + PeerThroughMeshGateways determines whether peering traffic between + control planes should flow through mesh gateways. If enabled, + Consul servers will advertise mesh gateway addresses as their own. + Additionally, mesh gateways will configure themselves to expose + the local servers using a peering-specific SNI. type: boolean type: object tls: description: TLS defines the TLS configuration for the service mesh. properties: incoming: - description: Incoming defines the TLS configuration for inbound - mTLS connections targeting the public listener on Connect and - TerminatingGateway proxy kinds. + description: |- + Incoming defines the TLS configuration for inbound mTLS connections targeting + the public listener on Connect and TerminatingGateway proxy kinds. properties: cipherSuites: - description: CipherSuites sets the default list of TLS cipher - suites to support when negotiating connections using TLS - 1.2 or earlier. If unspecified, Envoy will use a default - server cipher list. The list of supported cipher suites - can be seen in https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169 - and is dependent on underlying support in Envoy. Future - releases of Envoy may remove currently-supported but insecure - cipher suites, and future releases of Consul may add new - supported cipher suites if any are added to Envoy. + description: |- + CipherSuites sets the default list of TLS cipher suites to support when negotiating connections using TLS 1.2 or earlier. + If unspecified, Envoy will use a default server cipher list. The list of supported cipher suites can be seen in + https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169 and is dependent on underlying support in Envoy. + Future releases of Envoy may remove currently-supported but insecure cipher suites, + and future releases of Consul may add new supported cipher suites if any are added to Envoy. items: type: string type: array tlsMaxVersion: - description: TLSMaxVersion sets the default maximum TLS version - supported. Must be greater than or equal to `TLSMinVersion`. + description: |- + TLSMaxVersion sets the default maximum TLS version supported. Must be greater than or equal to `TLSMinVersion`. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. - If unspecified, Envoy will default to TLS 1.3 as a max version - for incoming connections. + If unspecified, Envoy will default to TLS 1.3 as a max version for incoming connections. type: string tlsMinVersion: - description: TLSMinVersion sets the default minimum TLS version - supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will - default to TLS 1.2 as a min version, while older releases - of Envoy default to TLS 1.0. + description: |- + TLSMinVersion sets the default minimum TLS version supported. + One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. + If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, + while older releases of Envoy default to TLS 1.0. type: string type: object outgoing: - description: Outgoing defines the TLS configuration for outbound - mTLS connections dialing upstreams from Connect and IngressGateway - proxy kinds. + description: |- + Outgoing defines the TLS configuration for outbound mTLS connections dialing upstreams + from Connect and IngressGateway proxy kinds. properties: cipherSuites: - description: CipherSuites sets the default list of TLS cipher - suites to support when negotiating connections using TLS - 1.2 or earlier. If unspecified, Envoy will use a default - server cipher list. The list of supported cipher suites - can be seen in https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169 - and is dependent on underlying support in Envoy. Future - releases of Envoy may remove currently-supported but insecure - cipher suites, and future releases of Consul may add new - supported cipher suites if any are added to Envoy. + description: |- + CipherSuites sets the default list of TLS cipher suites to support when negotiating connections using TLS 1.2 or earlier. + If unspecified, Envoy will use a default server cipher list. The list of supported cipher suites can be seen in + https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169 and is dependent on underlying support in Envoy. + Future releases of Envoy may remove currently-supported but insecure cipher suites, + and future releases of Consul may add new supported cipher suites if any are added to Envoy. items: type: string type: array tlsMaxVersion: - description: TLSMaxVersion sets the default maximum TLS version - supported. Must be greater than or equal to `TLSMinVersion`. + description: |- + TLSMaxVersion sets the default maximum TLS version supported. Must be greater than or equal to `TLSMinVersion`. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. - If unspecified, Envoy will default to TLS 1.3 as a max version - for incoming connections. + If unspecified, Envoy will default to TLS 1.3 as a max version for incoming connections. type: string tlsMinVersion: - description: TLSMinVersion sets the default minimum TLS version - supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, - or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will - default to TLS 1.2 as a min version, while older releases - of Envoy default to TLS 1.0. + description: |- + TLSMinVersion sets the default minimum TLS version supported. + One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`. + If unspecified, Envoy v1.22.0 and newer will default to TLS 1.2 as a min version, + while older releases of Envoy default to TLS 1.0. type: string type: object type: object @@ -149,13 +147,21 @@ spec: to proxies in "transparent" mode. Added in v1.10.0. properties: meshDestinationsOnly: - description: MeshDestinationsOnly determines whether sidecar proxies - operating in "transparent" mode can proxy traffic to IP addresses - not registered in Consul's catalog. If enabled, traffic will - only be proxied to upstreams with service registrations in the - catalog. + description: |- + MeshDestinationsOnly determines whether sidecar proxies operating in "transparent" mode can proxy traffic + to IP addresses not registered in Consul's catalog. If enabled, traffic will only be proxied to upstreams + with service registrations in the catalog. type: boolean type: object + validateClusters: + description: |- + ValidateClusters controls whether the clusters the route table refers to are validated. The default value is + false. When set to false and a route refers to a cluster that does not exist, the route table loads and routing + to a non-existent cluster results in a 404. When set to true and the route is set to a cluster that do not exist, + the route table will not load. For more information, refer to + [HTTP route configuration in the Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route.proto#envoy-v3-api-field-config-route-v3-routeconfiguration-validate-clusters) + for more details. + type: boolean type: object status: properties: @@ -163,8 +169,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_meshservices.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_meshservices.yaml index 9eccd85cad..3e6f90d558 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_meshservices.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_meshservices.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: meshservices.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -23,14 +23,19 @@ spec: Service Mesh service. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -41,9 +46,9 @@ spec: description: Name holds the service name for a Consul service. type: string peer: - description: Peer optionally specifies the name of the peer exporting - the Consul service. If not specified, the Consul service is assumed - to be in the local datacenter. + description: |- + Peer optionally specifies the name of the peer exporting the Consul service. + If not specified, the Consul service is assumed to be in the local datacenter. type: string type: object type: object diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_peeringacceptors.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_peeringacceptors.yaml index b568a94962..40b3f86dd8 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_peeringacceptors.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_peeringacceptors.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: peeringacceptors.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -37,14 +37,19 @@ spec: description: PeeringAcceptor is the Schema for the peeringacceptors API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -80,8 +85,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_peeringdialers.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_peeringdialers.yaml index ebf64adf67..04892b2f6c 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_peeringdialers.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_peeringdialers.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: peeringdialers.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -37,14 +37,19 @@ spec: description: PeeringDialer is the Schema for the peeringdialers API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -80,8 +85,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_proxydefaults.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_proxydefaults.yaml index 20f2faeb63..491da3b137 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_proxydefaults.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_proxydefaults.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: proxydefaults.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -37,14 +37,19 @@ spec: description: ProxyDefaults is the Schema for the proxydefaults API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -56,37 +61,40 @@ spec: configuration. properties: disableListenerLogs: - description: DisableListenerLogs turns off just listener logs - for connections rejected by Envoy because they don't have a - matching listener filter. + description: |- + DisableListenerLogs turns off just listener logs for connections rejected by Envoy because they don't + have a matching listener filter. type: boolean enabled: description: Enabled turns on all access logging type: boolean jsonFormat: - description: 'JSONFormat is a JSON-formatted string of an Envoy - access log format dictionary. See for more info on formatting: - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#format-dictionaries - Defining JSONFormat and TextFormat is invalid.' + description: |- + JSONFormat is a JSON-formatted string of an Envoy access log format dictionary. + See for more info on formatting: https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#format-dictionaries + Defining JSONFormat and TextFormat is invalid. type: string path: description: Path is the output file to write logs for file-type logging type: string textFormat: - description: 'TextFormat is a representation of Envoy access logs - format. See for more info on formatting: https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#format-strings - Defining JSONFormat and TextFormat is invalid.' + description: |- + TextFormat is a representation of Envoy access logs format. + See for more info on formatting: https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#format-strings + Defining JSONFormat and TextFormat is invalid. type: string type: - description: Type selects the output for logs one of "file", "stderr". - "stdout" + description: |- + Type selects the output for logs + one of "file", "stderr". "stdout" type: string type: object config: - description: Config is an arbitrary map of configuration values used - by Connect proxies. Any values that your proxy allows can be configured - globally here. Supports JSON config values. See https://www.consul.io/docs/connect/proxies/envoy#configuration-formatting + description: |- + Config is an arbitrary map of configuration values used by Connect proxies. + Any values that your proxy allows can be configured globally here. + Supports JSON config values. See https://www.consul.io/docs/connect/proxies/envoy#configuration-formatting type: object x-kubernetes-preserve-unknown-fields: true envoyExtensions: @@ -110,9 +118,9 @@ spec: for Envoy. properties: checks: - description: Checks defines whether paths associated with Consul - checks will be exposed. This flag triggers exposing all HTTP - and GRPC check paths registered for the service. + description: |- + Checks defines whether paths associated with Consul checks will be exposed. + This flag triggers exposing all HTTP and GRPC check paths registered for the service. type: boolean paths: description: Paths is the list of paths exposed through the proxy. @@ -131,7 +139,8 @@ spec: ie. "/metrics". type: string protocol: - description: Protocol describes the upstream's service protocol. + description: |- + Protocol describes the upstream's service protocol. Valid values are "http" and "http2", defaults to "http". type: string type: object @@ -142,14 +151,14 @@ spec: failover. properties: mode: - description: Mode specifies the type of failover that will be - performed. Valid values are "sequential", "" (equivalent to - "sequential") and "order-by-locality". + description: |- + Mode specifies the type of failover that will be performed. Valid values are + "sequential", "" (equivalent to "sequential") and "order-by-locality". type: string regions: - description: Regions is the ordered list of the regions of the - failover targets. Valid values can be "us-west-1", "us-west-2", - and so on. + description: |- + Regions is the ordered list of the regions of the failover targets. + Valid values can be "us-west-1", "us-west-2", and so on. items: type: string type: array @@ -159,59 +168,62 @@ spec: for this service. properties: mode: - description: Mode is the mode that should be used for the upstream - connection. One of none, local, or remote. + description: |- + Mode is the mode that should be used for the upstream connection. + One of none, local, or remote. type: string type: object mode: - description: 'Mode can be one of "direct" or "transparent". "transparent" - represents that inbound and outbound application traffic is being - captured and redirected through the proxy. This mode does not enable - the traffic redirection itself. Instead it signals Consul to configure - Envoy as if traffic is already being redirected. "direct" represents - that the proxy''s listeners must be dialed directly by the local - application and other proxies. Note: This cannot be set using the - CRD and should be set using annotations on the services that are - part of the mesh.' + description: |- + Mode can be one of "direct" or "transparent". "transparent" represents that inbound and outbound + application traffic is being captured and redirected through the proxy. This mode does not + enable the traffic redirection itself. Instead it signals Consul to configure Envoy as if + traffic is already being redirected. "direct" represents that the proxy's listeners must be + dialed directly by the local application and other proxies. + Note: This cannot be set using the CRD and should be set using annotations on the + services that are part of the mesh. type: string mutualTLSMode: - description: 'MutualTLSMode controls whether mutual TLS is required - for all incoming connections when transparent proxy is enabled. - This can be set to "permissive" or "strict". "strict" is the default - which requires mutual TLS for incoming connections. In the insecure - "permissive" mode, connections to the sidecar proxy public listener - port require mutual TLS, but connections to the service port do - not require mutual TLS and are proxied to the application unmodified. - Note: Intentions are not enforced for non-mTLS connections. To keep - your services secure, we recommend using "strict" mode whenever - possible and enabling "permissive" mode only when necessary.' + description: |- + MutualTLSMode controls whether mutual TLS is required for all incoming + connections when transparent proxy is enabled. This can be set to + "permissive" or "strict". "strict" is the default which requires mutual + TLS for incoming connections. In the insecure "permissive" mode, + connections to the sidecar proxy public listener port require mutual + TLS, but connections to the service port do not require mutual TLS and + are proxied to the application unmodified. Note: Intentions are not + enforced for non-mTLS connections. To keep your services secure, we + recommend using "strict" mode whenever possible and enabling + "permissive" mode only when necessary. type: string prioritizeByLocality: - description: PrioritizeByLocality controls whether the locality of - services within the local partition will be used to prioritize connectivity. + description: |- + PrioritizeByLocality controls whether the locality of services within the + local partition will be used to prioritize connectivity. properties: mode: - description: 'Mode specifies the type of prioritization that will - be performed when selecting nodes in the local partition. Valid - values are: "" (default "none"), "none", and "failover".' + description: |- + Mode specifies the type of prioritization that will be performed + when selecting nodes in the local partition. + Valid values are: "" (default "none"), "none", and "failover". type: string type: object transparentProxy: - description: 'TransparentProxy controls configuration specific to - proxies in transparent mode. Note: This cannot be set using the - CRD and should be set using annotations on the services that are - part of the mesh.' + description: |- + TransparentProxy controls configuration specific to proxies in transparent mode. + Note: This cannot be set using the CRD and should be set using annotations on the + services that are part of the mesh. properties: dialedDirectly: - description: DialedDirectly indicates whether transparent proxies - can dial this proxy instance directly. The discovery chain is - not considered when dialing a service instance directly. This - setting is useful when addressing stateful services, such as - a database cluster with a leader node. + description: |- + DialedDirectly indicates whether transparent proxies can dial this proxy instance directly. + The discovery chain is not considered when dialing a service instance directly. + This setting is useful when addressing stateful services, such as a database cluster with a leader node. type: boolean outboundListenerPort: - description: OutboundListenerPort is the port of the listener - where outbound application traffic is being redirected to. + description: |- + OutboundListenerPort is the port of the listener where outbound application + traffic is being redirected to. type: integer type: object type: object @@ -221,8 +233,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_routeauthfilters.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_routeauthfilters.yaml index 5072fdf391..27cf6933ec 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_routeauthfilters.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_routeauthfilters.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: routeauthfilters.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -35,14 +35,19 @@ spec: description: RouteAuthFilter is the Schema for the routeauthfilters API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -61,9 +66,9 @@ spec: verification information. properties: name: - description: Name is the name of the JWT provider. There - MUST be a corresponding "jwt-provider" config entry with - this name. + description: |- + Name is the name of the JWT provider. There MUST be a corresponding + "jwt-provider" config entry with this name. type: string verifyClaims: description: VerifyClaims is a list of additional claims @@ -79,11 +84,14 @@ spec: type: string type: array value: - description: "Value is the expected value at the given - path: - If the type at the path is a list then we - verify that this value is contained in the list. - \n - If the type at the path is a string then we - verify that this value matches." + description: |- + Value is the expected value at the given path: + - If the type at the path is a list then we verify + that this value is contained in the list. + + + - If the type at the path is a string then we verify + that this value matches. type: string required: - path @@ -113,46 +121,53 @@ spec: reason: Pending status: Unknown type: ResolvedRefs - description: "Conditions describe the current conditions of the Filter. - \n Known condition types are: \n * \"Accepted\" * \"ResolvedRefs\"" + description: |- + Conditions describe the current conditions of the Filter. + + + Known condition types are: + + + * "Accepted" + * "ResolvedRefs" items: description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -166,11 +181,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_routeretryfilters.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_routeretryfilters.yaml index 8fa61cb683..7bea32a5fc 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_routeretryfilters.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_routeretryfilters.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: routeretryfilters.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -35,14 +35,19 @@ spec: description: RouteRetryFilter is the Schema for the routeretryfilters API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -71,8 +76,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_routetimeoutfilters.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_routetimeoutfilters.yaml index f6cc00f840..a19aa989ab 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_routetimeoutfilters.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_routetimeoutfilters.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: routetimeoutfilters.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -36,14 +36,19 @@ spec: API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -63,8 +68,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_samenessgroups.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_samenessgroups.yaml index 4274efffc8..c4e46a763f 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_samenessgroups.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_samenessgroups.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: samenessgroups.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -37,14 +37,19 @@ spec: description: SamenessGroup is the Schema for the samenessgroups API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -52,27 +57,25 @@ spec: description: SamenessGroupSpec defines the desired state of SamenessGroup. properties: defaultForFailover: - description: DefaultForFailover indicates that upstream requests to - members of the given sameness group will implicitly failover between - members of this sameness group. When DefaultForFailover is true, - the local partition must be a member of the sameness group or IncludeLocal - must be set to true. + description: |- + DefaultForFailover indicates that upstream requests to members of the given sameness group will implicitly failover between members of this sameness group. + When DefaultForFailover is true, the local partition must be a member of the sameness group or IncludeLocal must be set to true. type: boolean includeLocal: - description: IncludeLocal is used to include the local partition as - the first member of the sameness group. The local partition can - only be a member of a single sameness group. + description: |- + IncludeLocal is used to include the local partition as the first member of the sameness group. + The local partition can only be a member of a single sameness group. type: boolean members: - description: Members are the partitions and peers that are part of - the sameness group. If a member of a sameness group does not exist, - it will be ignored. + description: |- + Members are the partitions and peers that are part of the sameness group. + If a member of a sameness group does not exist, it will be ignored. items: properties: partition: - description: The partitions and peers that are part of the sameness - group. A sameness group member cannot define both peer and - partition at the same time. + description: |- + The partitions and peers that are part of the sameness group. + A sameness group member cannot define both peer and partition at the same time. type: string peer: type: string @@ -85,8 +88,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_servicedefaults.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_servicedefaults.yaml index 7e7bcfaacc..21dada749b 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_servicedefaults.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_servicedefaults.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: servicedefaults.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -37,14 +37,19 @@ spec: description: ServiceDefaults is the Schema for the servicedefaults API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -52,27 +57,29 @@ spec: description: ServiceDefaultsSpec defines the desired state of ServiceDefaults. properties: balanceInboundConnections: - description: BalanceInboundConnections sets the strategy for allocating - inbound connections to the service across proxy threads. The only - supported value is exact_balance. By default, no connection balancing - is used. Refer to the Envoy Connection Balance config for details. + description: |- + BalanceInboundConnections sets the strategy for allocating inbound connections to the service across + proxy threads. The only supported value is exact_balance. By default, no connection balancing is used. + Refer to the Envoy Connection Balance config for details. type: string destination: - description: Destination is an address(es)/port combination that represents - an endpoint outside the mesh. This is only valid when the mesh is - configured in "transparent" mode. Destinations live outside of Consul's - catalog, and because of this, they do not require an artificial - node to be created. + description: |- + Destination is an address(es)/port combination that represents an endpoint + outside the mesh. This is only valid when the mesh is configured in "transparent" + mode. Destinations live outside of Consul's catalog, and because of this, they + do not require an artificial node to be created. properties: addresses: - description: Addresses is a list of IPs and/or hostnames that - can be dialed and routed through a terminating gateway. + description: |- + Addresses is a list of IPs and/or hostnames that can be dialed + and routed through a terminating gateway. items: type: string type: array port: - description: Port is the port that can be dialed on any of the - addresses in this Destination. + description: |- + Port is the port that can be dialed on any of the addresses in this + Destination. format: int32 type: integer type: object @@ -97,9 +104,9 @@ spec: for Envoy. properties: checks: - description: Checks defines whether paths associated with Consul - checks will be exposed. This flag triggers exposing all HTTP - and GRPC check paths registered for the service. + description: |- + Checks defines whether paths associated with Consul checks will be exposed. + This flag triggers exposing all HTTP and GRPC check paths registered for the service. type: boolean paths: description: Paths is the list of paths exposed through the proxy. @@ -118,99 +125,107 @@ spec: ie. "/metrics". type: string protocol: - description: Protocol describes the upstream's service protocol. + description: |- + Protocol describes the upstream's service protocol. Valid values are "http" and "http2", defaults to "http". type: string type: object type: array type: object externalSNI: - description: ExternalSNI is an optional setting that allows for the - TLS SNI value to be changed to a non-connect value when federating - with an external system. + description: |- + ExternalSNI is an optional setting that allows for the TLS SNI value + to be changed to a non-connect value when federating with an external system. type: string localConnectTimeoutMs: - description: LocalConnectTimeoutMs is the number of milliseconds allowed - to make connections to the local application instance before timing - out. Defaults to 5000. + description: |- + LocalConnectTimeoutMs is the number of milliseconds allowed to make connections to the local application + instance before timing out. Defaults to 5000. type: integer localRequestTimeoutMs: - description: LocalRequestTimeoutMs is the timeout for HTTP requests - to the local application instance in milliseconds. Applies to HTTP-based - protocols only. If not specified, inherits the Envoy default for + description: |- + LocalRequestTimeoutMs is the timeout for HTTP requests to the local application instance in milliseconds. + Applies to HTTP-based protocols only. If not specified, inherits the Envoy default for route timeouts (15s). type: integer maxInboundConnections: - description: MaxInboundConnections is the maximum number of concurrent - inbound connections to each service instance. Defaults to 0 (using - consul's default) if not set. + description: |- + MaxInboundConnections is the maximum number of concurrent inbound connections to + each service instance. Defaults to 0 (using consul's default) if not set. type: integer meshGateway: description: MeshGateway controls the default mesh gateway configuration for this service. properties: mode: - description: Mode is the mode that should be used for the upstream - connection. One of none, local, or remote. + description: |- + Mode is the mode that should be used for the upstream connection. + One of none, local, or remote. type: string type: object mode: - description: 'Mode can be one of "direct" or "transparent". "transparent" - represents that inbound and outbound application traffic is being - captured and redirected through the proxy. This mode does not enable - the traffic redirection itself. Instead it signals Consul to configure - Envoy as if traffic is already being redirected. "direct" represents - that the proxy''s listeners must be dialed directly by the local - application and other proxies. Note: This cannot be set using the - CRD and should be set using annotations on the services that are - part of the mesh.' + description: |- + Mode can be one of "direct" or "transparent". "transparent" represents that inbound and outbound + application traffic is being captured and redirected through the proxy. This mode does not + enable the traffic redirection itself. Instead it signals Consul to configure Envoy as if + traffic is already being redirected. "direct" represents that the proxy's listeners must be + dialed directly by the local application and other proxies. + Note: This cannot be set using the CRD and should be set using annotations on the + services that are part of the mesh. type: string mutualTLSMode: - description: 'MutualTLSMode controls whether mutual TLS is required - for all incoming connections when transparent proxy is enabled. - This can be set to "permissive" or "strict". "strict" is the default - which requires mutual TLS for incoming connections. In the insecure - "permissive" mode, connections to the sidecar proxy public listener - port require mutual TLS, but connections to the service port do - not require mutual TLS and are proxied to the application unmodified. - Note: Intentions are not enforced for non-mTLS connections. To keep - your services secure, we recommend using "strict" mode whenever - possible and enabling "permissive" mode only when necessary.' + description: |- + MutualTLSMode controls whether mutual TLS is required for all incoming + connections when transparent proxy is enabled. This can be set to + "permissive" or "strict". "strict" is the default which requires mutual + TLS for incoming connections. In the insecure "permissive" mode, + connections to the sidecar proxy public listener port require mutual + TLS, but connections to the service port do not require mutual TLS and + are proxied to the application unmodified. Note: Intentions are not + enforced for non-mTLS connections. To keep your services secure, we + recommend using "strict" mode whenever possible and enabling + "permissive" mode only when necessary. type: string protocol: - description: Protocol sets the protocol of the service. This is used - by Connect proxies for things like observability features and to - unlock usage of the service-splitter and service-router config entries - for a service. + description: |- + Protocol sets the protocol of the service. This is used by Connect proxies for + things like observability features and to unlock usage of the + service-splitter and service-router config entries for a service. type: string rateLimits: - description: RateLimits is rate limiting configuration that is applied - to inbound traffic for a service. Rate limiting is a Consul enterprise - feature. + description: |- + RateLimits is rate limiting configuration that is applied to + inbound traffic for a service. Rate limiting is a Consul enterprise feature. properties: instanceLevel: - description: InstanceLevel represents rate limit configuration + description: |- + InstanceLevel represents rate limit configuration that is applied per service instance. properties: requestsMaxBurst: - description: "RequestsMaxBurst is the maximum number of requests - that can be sent in a burst. Should be equal to or greater - than RequestsPerSecond. If unset, defaults to RequestsPerSecond. - \n Internally, this is the maximum size of the token bucket - used for rate limiting." + description: |- + RequestsMaxBurst is the maximum number of requests that can be sent + in a burst. Should be equal to or greater than RequestsPerSecond. + If unset, defaults to RequestsPerSecond. + + + Internally, this is the maximum size of the token bucket used for rate limiting. type: integer requestsPerSecond: - description: "RequestsPerSecond is the average number of requests - per second that can be made without being throttled. This - field is required if RequestsMaxBurst is set. The allowed - number of requests may exceed RequestsPerSecond up to the - value specified in RequestsMaxBurst. \n Internally, this - is the refill rate of the token bucket used for rate limiting." + description: |- + RequestsPerSecond is the average number of requests per second that can be + made without being throttled. This field is required if RequestsMaxBurst + is set. The allowed number of requests may exceed RequestsPerSecond up to + the value specified in RequestsMaxBurst. + + + Internally, this is the refill rate of the token bucket used for rate limiting. type: integer routes: - description: Routes is a list of rate limits applied to specific - routes. For a given request, the first matching route will - be applied, if any. Overrides any top-level configuration. + description: |- + Routes is a list of rate limits applied to specific routes. + For a given request, the first matching route will be applied, if any. + Overrides any top-level configuration. items: properties: pathExact: @@ -226,94 +241,94 @@ spec: PathPrefix, or PathRegex must be specified. type: string requestsMaxBurst: - description: RequestsMaxBurst is the maximum number - of requests that can be sent in a burst. Should be - equal to or greater than RequestsPerSecond. If unset, - defaults to RequestsPerSecond. Internally, this is - the maximum size of the token bucket used for rate - limiting. + description: |- + RequestsMaxBurst is the maximum number of requests that can be sent + in a burst. Should be equal to or greater than RequestsPerSecond. If unset, + defaults to RequestsPerSecond. Internally, this is the maximum size of the token + bucket used for rate limiting. type: integer requestsPerSecond: - description: RequestsPerSecond is the average number - of requests per second that can be made without being - throttled. This field is required if RequestsMaxBurst - is set. The allowed number of requests may exceed + description: |- + RequestsPerSecond is the average number of requests per + second that can be made without being throttled. This field is required + if RequestsMaxBurst is set. The allowed number of requests may exceed RequestsPerSecond up to the value specified in RequestsMaxBurst. - Internally, this is the refill rate of the token bucket - used for rate limiting. + Internally, this is the refill rate of the token bucket used for rate limiting. type: integer type: object type: array type: object type: object transparentProxy: - description: 'TransparentProxy controls configuration specific to - proxies in transparent mode. Note: This cannot be set using the - CRD and should be set using annotations on the services that are - part of the mesh.' + description: |- + TransparentProxy controls configuration specific to proxies in transparent mode. + Note: This cannot be set using the CRD and should be set using annotations on the + services that are part of the mesh. properties: dialedDirectly: - description: DialedDirectly indicates whether transparent proxies - can dial this proxy instance directly. The discovery chain is - not considered when dialing a service instance directly. This - setting is useful when addressing stateful services, such as - a database cluster with a leader node. + description: |- + DialedDirectly indicates whether transparent proxies can dial this proxy instance directly. + The discovery chain is not considered when dialing a service instance directly. + This setting is useful when addressing stateful services, such as a database cluster with a leader node. type: boolean outboundListenerPort: - description: OutboundListenerPort is the port of the listener - where outbound application traffic is being redirected to. + description: |- + OutboundListenerPort is the port of the listener where outbound application + traffic is being redirected to. type: integer type: object upstreamConfig: - description: UpstreamConfig controls default configuration settings - that apply across all upstreams, and per-upstream configuration - overrides. Note that per-upstream configuration applies across all - federated datacenters to the pairing of source and upstream destination - services. + description: |- + UpstreamConfig controls default configuration settings that apply across all upstreams, + and per-upstream configuration overrides. Note that per-upstream configuration applies + across all federated datacenters to the pairing of source and upstream destination services. properties: defaults: - description: Defaults contains default configuration for all upstreams - of a given service. The name field must be empty. + description: |- + Defaults contains default configuration for all upstreams of a given + service. The name field must be empty. properties: connectTimeoutMs: - description: ConnectTimeoutMs is the number of milliseconds - to timeout making a new connection to this upstream. Defaults - to 5000 (5 seconds) if not set. + description: |- + ConnectTimeoutMs is the number of milliseconds to timeout making a new + connection to this upstream. Defaults to 5000 (5 seconds) if not set. type: integer envoyClusterJSON: - description: 'EnvoyClusterJSON is a complete override ("escape - hatch") for the upstream''s cluster. The Connect client - TLS certificate and context will be injected overriding - any TLS settings present. Note: This escape hatch is NOT - compatible with the discovery chain and will be ignored - if a discovery chain is active.' + description: |- + EnvoyClusterJSON is a complete override ("escape hatch") for the upstream's + cluster. The Connect client TLS certificate and context will be injected + overriding any TLS settings present. + Note: This escape hatch is NOT compatible with the discovery chain and + will be ignored if a discovery chain is active. type: string envoyListenerJSON: - description: 'EnvoyListenerJSON is a complete override ("escape - hatch") for the upstream''s listener. Note: This escape - hatch is NOT compatible with the discovery chain and will - be ignored if a discovery chain is active.' + description: |- + EnvoyListenerJSON is a complete override ("escape hatch") for the upstream's + listener. + Note: This escape hatch is NOT compatible with the discovery chain and + will be ignored if a discovery chain is active. type: string limits: - description: Limits are the set of limits that are applied - to the proxy for a specific upstream of a service instance. + description: |- + Limits are the set of limits that are applied to the proxy for a specific upstream of a + service instance. properties: maxConcurrentRequests: - description: MaxConcurrentRequests is the maximum number - of in-flight requests that will be allowed to the upstream - cluster at a point in time. This is mostly applicable - to HTTP/2 clusters since all HTTP/1.1 requests are limited - by MaxConnections. + description: |- + MaxConcurrentRequests is the maximum number of in-flight requests that will be allowed + to the upstream cluster at a point in time. This is mostly applicable to HTTP/2 + clusters since all HTTP/1.1 requests are limited by MaxConnections. type: integer maxConnections: - description: MaxConnections is the maximum number of connections - the local proxy can make to the upstream service. + description: |- + MaxConnections is the maximum number of connections the local proxy can + make to the upstream service. type: integer maxPendingRequests: - description: MaxPendingRequests is the maximum number - of requests that will be queued waiting for an available - connection. This is mostly applicable to HTTP/1.1 clusters - since all HTTP/2 requests are streamed over a single + description: |- + MaxPendingRequests is the maximum number of requests that will be queued + waiting for an available connection. This is mostly applicable to HTTP/1.1 + clusters since all HTTP/2 requests are streamed over a single connection. type: integer type: object @@ -322,8 +337,9 @@ spec: are configured and used. properties: mode: - description: Mode is the mode that should be used for - the upstream connection. One of none, local, or remote. + description: |- + Mode is the mode that should be used for the upstream connection. + One of none, local, or remote. type: string type: object name: @@ -339,42 +355,40 @@ spec: config entry. type: string passiveHealthCheck: - description: PassiveHealthCheck configuration determines how - upstream proxy instances will be monitored for removal from - the load balancing pool. + description: |- + PassiveHealthCheck configuration determines how upstream proxy instances will + be monitored for removal from the load balancing pool. properties: baseEjectionTime: - description: The base time that a host is ejected for. - The real time is equal to the base time multiplied by - the number of times the host has been ejected and is - capped by max_ejection_time (Default 300s). Defaults - to 30s. + description: |- + The base time that a host is ejected for. The real time is equal to the base time + multiplied by the number of times the host has been ejected and is capped by + max_ejection_time (Default 300s). Defaults to 30s. type: string enforcingConsecutive5xx: - description: EnforcingConsecutive5xx is the % chance that - a host will be actually ejected when an outlier status - is detected through consecutive 5xx. This setting can - be used to disable ejection or to ramp it up slowly. - Ex. Setting this to 10 will make it a 10% chance that - the host will be ejected. + description: |- + EnforcingConsecutive5xx is the % chance that a host will be actually ejected + when an outlier status is detected through consecutive 5xx. + This setting can be used to disable ejection or to ramp it up slowly. + Ex. Setting this to 10 will make it a 10% chance that the host will be ejected. format: int32 type: integer interval: - description: Interval between health check analysis sweeps. - Each sweep may remove hosts or return hosts to the pool. - Ex. setting this to "10s" will set the interval to 10 - seconds. + description: |- + Interval between health check analysis sweeps. Each sweep may remove + hosts or return hosts to the pool. Ex. setting this to "10s" will set + the interval to 10 seconds. type: string maxEjectionPercent: - description: The maximum % of an upstream cluster that - can be ejected due to outlier detection. Defaults to - 10% but will eject at least one host regardless of the - value. + description: |- + The maximum % of an upstream cluster that can be ejected due to outlier detection. + Defaults to 10% but will eject at least one host regardless of the value. format: int32 type: integer maxFailures: - description: MaxFailures is the count of consecutive failures - that results in a host being removed from the pool. + description: |- + MaxFailures is the count of consecutive failures that results in a host + being removed from the pool. format: int32 type: integer type: object @@ -383,59 +397,61 @@ spec: config entry. type: string protocol: - description: Protocol describes the upstream's service protocol. - Valid values are "tcp", "http" and "grpc". Anything else - is treated as tcp. This enables protocol aware features - like per-request metrics and connection pooling, tracing, + description: |- + Protocol describes the upstream's service protocol. Valid values are "tcp", + "http" and "grpc". Anything else is treated as tcp. This enables protocol + aware features like per-request metrics and connection pooling, tracing, routing etc. type: string type: object overrides: - description: Overrides is a slice of per-service configuration. - The name field is required. + description: |- + Overrides is a slice of per-service configuration. The name field is + required. items: properties: connectTimeoutMs: - description: ConnectTimeoutMs is the number of milliseconds - to timeout making a new connection to this upstream. Defaults - to 5000 (5 seconds) if not set. + description: |- + ConnectTimeoutMs is the number of milliseconds to timeout making a new + connection to this upstream. Defaults to 5000 (5 seconds) if not set. type: integer envoyClusterJSON: - description: 'EnvoyClusterJSON is a complete override ("escape - hatch") for the upstream''s cluster. The Connect client - TLS certificate and context will be injected overriding - any TLS settings present. Note: This escape hatch is NOT - compatible with the discovery chain and will be ignored - if a discovery chain is active.' + description: |- + EnvoyClusterJSON is a complete override ("escape hatch") for the upstream's + cluster. The Connect client TLS certificate and context will be injected + overriding any TLS settings present. + Note: This escape hatch is NOT compatible with the discovery chain and + will be ignored if a discovery chain is active. type: string envoyListenerJSON: - description: 'EnvoyListenerJSON is a complete override ("escape - hatch") for the upstream''s listener. Note: This escape - hatch is NOT compatible with the discovery chain and will - be ignored if a discovery chain is active.' + description: |- + EnvoyListenerJSON is a complete override ("escape hatch") for the upstream's + listener. + Note: This escape hatch is NOT compatible with the discovery chain and + will be ignored if a discovery chain is active. type: string limits: - description: Limits are the set of limits that are applied - to the proxy for a specific upstream of a service instance. + description: |- + Limits are the set of limits that are applied to the proxy for a specific upstream of a + service instance. properties: maxConcurrentRequests: - description: MaxConcurrentRequests is the maximum number - of in-flight requests that will be allowed to the - upstream cluster at a point in time. This is mostly - applicable to HTTP/2 clusters since all HTTP/1.1 requests - are limited by MaxConnections. + description: |- + MaxConcurrentRequests is the maximum number of in-flight requests that will be allowed + to the upstream cluster at a point in time. This is mostly applicable to HTTP/2 + clusters since all HTTP/1.1 requests are limited by MaxConnections. type: integer maxConnections: - description: MaxConnections is the maximum number of - connections the local proxy can make to the upstream - service. + description: |- + MaxConnections is the maximum number of connections the local proxy can + make to the upstream service. type: integer maxPendingRequests: - description: MaxPendingRequests is the maximum number - of requests that will be queued waiting for an available - connection. This is mostly applicable to HTTP/1.1 - clusters since all HTTP/2 requests are streamed over - a single connection. + description: |- + MaxPendingRequests is the maximum number of requests that will be queued + waiting for an available connection. This is mostly applicable to HTTP/1.1 + clusters since all HTTP/2 requests are streamed over a single + connection. type: integer type: object meshGateway: @@ -443,8 +459,9 @@ spec: are configured and used. properties: mode: - description: Mode is the mode that should be used for - the upstream connection. One of none, local, or remote. + description: |- + Mode is the mode that should be used for the upstream connection. + One of none, local, or remote. type: string type: object name: @@ -460,43 +477,40 @@ spec: config entry. type: string passiveHealthCheck: - description: PassiveHealthCheck configuration determines - how upstream proxy instances will be monitored for removal - from the load balancing pool. + description: |- + PassiveHealthCheck configuration determines how upstream proxy instances will + be monitored for removal from the load balancing pool. properties: baseEjectionTime: - description: The base time that a host is ejected for. - The real time is equal to the base time multiplied - by the number of times the host has been ejected and - is capped by max_ejection_time (Default 300s). Defaults - to 30s. + description: |- + The base time that a host is ejected for. The real time is equal to the base time + multiplied by the number of times the host has been ejected and is capped by + max_ejection_time (Default 300s). Defaults to 30s. type: string enforcingConsecutive5xx: - description: EnforcingConsecutive5xx is the % chance - that a host will be actually ejected when an outlier - status is detected through consecutive 5xx. This setting - can be used to disable ejection or to ramp it up slowly. - Ex. Setting this to 10 will make it a 10% chance that - the host will be ejected. + description: |- + EnforcingConsecutive5xx is the % chance that a host will be actually ejected + when an outlier status is detected through consecutive 5xx. + This setting can be used to disable ejection or to ramp it up slowly. + Ex. Setting this to 10 will make it a 10% chance that the host will be ejected. format: int32 type: integer interval: - description: Interval between health check analysis - sweeps. Each sweep may remove hosts or return hosts - to the pool. Ex. setting this to "10s" will set the - interval to 10 seconds. + description: |- + Interval between health check analysis sweeps. Each sweep may remove + hosts or return hosts to the pool. Ex. setting this to "10s" will set + the interval to 10 seconds. type: string maxEjectionPercent: - description: The maximum % of an upstream cluster that - can be ejected due to outlier detection. Defaults - to 10% but will eject at least one host regardless - of the value. + description: |- + The maximum % of an upstream cluster that can be ejected due to outlier detection. + Defaults to 10% but will eject at least one host regardless of the value. format: int32 type: integer maxFailures: - description: MaxFailures is the count of consecutive - failures that results in a host being removed from - the pool. + description: |- + MaxFailures is the count of consecutive failures that results in a host + being removed from the pool. format: int32 type: integer type: object @@ -505,10 +519,10 @@ spec: config entry. type: string protocol: - description: Protocol describes the upstream's service protocol. - Valid values are "tcp", "http" and "grpc". Anything else - is treated as tcp. This enables protocol aware features - like per-request metrics and connection pooling, tracing, + description: |- + Protocol describes the upstream's service protocol. Valid values are "tcp", + "http" and "grpc". Anything else is treated as tcp. This enables protocol + aware features like per-request metrics and connection pooling, tracing, routing etc. type: string type: object @@ -521,8 +535,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_serviceintentions.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_serviceintentions.yaml index 4718ee24e5..957295b18e 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_serviceintentions.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_serviceintentions.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: serviceintentions.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -37,14 +37,19 @@ spec: description: ServiceIntentions is the Schema for the serviceintentions API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -56,16 +61,16 @@ spec: the authorization granted to. properties: name: - description: Name is the destination of all intentions defined - in this config entry. This may be set to the wildcard character - (*) to match all services that don't otherwise have intentions - defined. + description: |- + Name is the destination of all intentions defined in this config entry. + This may be set to the wildcard character (*) to match + all services that don't otherwise have intentions defined. type: string namespace: - description: Namespace specifies the namespace the config entry - will apply to. This may be set to the wildcard character (*) - to match all services in all namespaces that don't otherwise - have intentions defined. + description: |- + Namespace specifies the namespace the config entry will apply to. + This may be set to the wildcard character (*) to match all services + in all namespaces that don't otherwise have intentions defined. type: string type: object jwt: @@ -78,9 +83,9 @@ spec: items: properties: name: - description: Name is the name of the JWT provider. There - MUST be a corresponding "jwt-provider" config entry with - this name. + description: |- + Name is the name of the JWT provider. There MUST be a corresponding + "jwt-provider" config entry with this name. type: string verifyClaims: description: VerifyClaims is a list of additional claims @@ -94,11 +99,10 @@ spec: type: string type: array value: - description: Value is the expected value at the given - path. If the type at the path is a list then we - verify that this value is contained in the list. - If the type at the path is a string then we verify - that this value matches. + description: |- + Value is the expected value at the given path. If the type at the path + is a list then we verify that this value is contained in the list. If + the type at the path is a string then we verify that this value matches. type: string type: object type: array @@ -106,25 +110,25 @@ spec: type: array type: object sources: - description: Sources is the list of all intention sources and the - authorization granted to those sources. The order of this list does - not matter, but out of convenience Consul will always store this - reverse sorted by intention precedence, as that is the order that - they will be evaluated at enforcement time. + description: |- + Sources is the list of all intention sources and the authorization granted to those sources. + The order of this list does not matter, but out of convenience Consul will always store this + reverse sorted by intention precedence, as that is the order that they will be evaluated at enforcement time. items: properties: action: - description: Action is required for an L4 intention, and should - be set to one of "allow" or "deny" for the action that should - be taken if this intention matches a request. + description: |- + Action is required for an L4 intention, and should be set to one of + "allow" or "deny" for the action that should be taken if this intention matches a request. type: string description: description: Description for the intention. This is not used by Consul, but is presented in API responses to assist tooling. type: string name: - description: Name is the source of the intention. This is the - name of a Consul service. The service doesn't need to be registered. + description: |- + Name is the source of the intention. This is the name of a + Consul service. The service doesn't need to be registered. type: string namespace: description: Namespace is the namespace for the Name parameter. @@ -136,31 +140,28 @@ spec: description: Peer is the peer name for the Name parameter. type: string permissions: - description: Permissions is the list of all additional L7 attributes - that extend the intention match criteria. Permission precedence - is applied top to bottom. For any given request the first - permission to match in the list is terminal and stops further - evaluation. As with L4 intentions, traffic that fails to match - any of the provided permissions in this intention will be - subject to the default intention behavior is defined by the - default ACL policy. This should be omitted for an L4 intention + description: |- + Permissions is the list of all additional L7 attributes that extend the intention match criteria. + Permission precedence is applied top to bottom. For any given request the first permission to match + in the list is terminal and stops further evaluation. As with L4 intentions, traffic that fails to + match any of the provided permissions in this intention will be subject to the default intention + behavior is defined by the default ACL policy. This should be omitted for an L4 intention as it is mutually exclusive with the Action field. items: properties: action: - description: Action is one of "allow" or "deny" for the - action that should be taken if this permission matches - a request. + description: |- + Action is one of "allow" or "deny" for the action that + should be taken if this permission matches a request. type: string http: description: HTTP is a set of HTTP-specific authorization criteria. properties: header: - description: Header is a set of criteria that can - match on HTTP request headers. If more than one - is configured all must match for the overall match - to apply. + description: |- + Header is a set of criteria that can match on HTTP request headers. + If more than one is configured all must match for the overall match to apply. items: properties: exact: @@ -194,10 +195,9 @@ spec: type: object type: array methods: - description: Methods is a list of HTTP methods for - which this match applies. If unspecified all HTTP - methods are matched. If provided the names must - be a valid method. + description: |- + Methods is a list of HTTP methods for which this match applies. If unspecified + all HTTP methods are matched. If provided the names must be a valid method. items: type: string type: array @@ -224,9 +224,9 @@ spec: items: properties: name: - description: Name is the name of the JWT provider. - There MUST be a corresponding "jwt-provider" - config entry with this name. + description: |- + Name is the name of the JWT provider. There MUST be a corresponding + "jwt-provider" config entry with this name. type: string verifyClaims: description: VerifyClaims is a list of additional @@ -240,12 +240,10 @@ spec: type: string type: array value: - description: Value is the expected value - at the given path. If the type at the - path is a list then we verify that this - value is contained in the list. If the - type at the path is a string then we - verify that this value matches. + description: |- + Value is the expected value at the given path. If the type at the path + is a list then we verify that this value is contained in the list. If + the type at the path is a string then we verify that this value matches. type: string type: object type: array @@ -267,8 +265,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_serviceresolvers.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_serviceresolvers.yaml index a1e3844b9c..703f9b7bdd 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_serviceresolvers.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_serviceresolvers.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: serviceresolvers.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -37,14 +37,19 @@ spec: description: ServiceResolver is the Schema for the serviceresolvers API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -52,12 +57,14 @@ spec: description: ServiceResolverSpec defines the desired state of ServiceResolver. properties: connectTimeout: - description: ConnectTimeout is the timeout for establishing new network - connections to this service. + description: |- + ConnectTimeout is the timeout for establishing new network connections + to this service. type: string defaultSubset: - description: DefaultSubset is the subset to use when no explicit subset - is requested. If empty the unnamed subset is used. + description: |- + DefaultSubset is the subset to use when no explicit subset is requested. + If empty the unnamed subset is used. type: string failover: additionalProperties: @@ -69,22 +76,22 @@ spec: type: string type: array namespace: - description: Namespace is the namespace to resolve the requested - service from to form the failover group of instances. If empty - the current namespace is used. + description: |- + Namespace is the namespace to resolve the requested service from to form + the failover group of instances. If empty the current namespace is used. type: string policy: description: Policy specifies the exact mechanism used for failover. properties: mode: - description: Mode specifies the type of failover that will - be performed. Valid values are "sequential", "" (equivalent - to "sequential") and "order-by-locality". + description: |- + Mode specifies the type of failover that will be performed. Valid values are + "sequential", "" (equivalent to "sequential") and "order-by-locality". type: string regions: - description: Regions is the ordered list of the regions - of the failover targets. Valid values can be "us-west-1", - "us-west-2", and so on. + description: |- + Regions is the ordered list of the regions of the failover targets. + Valid values can be "us-west-1", "us-west-2", and so on. items: type: string type: array @@ -94,13 +101,15 @@ spec: to try during failover. type: string service: - description: Service is the service to resolve instead of the - default as the failover group of instances during failover. + description: |- + Service is the service to resolve instead of the default as the failover + group of instances during failover. type: string serviceSubset: - description: ServiceSubset is the named subset of the requested - service to resolve as the failover group of instances. If - empty the default subset for the requested service is used. + description: |- + ServiceSubset is the named subset of the requested service to resolve as + the failover group of instances. If empty the default subset for the + requested service is used. type: string targets: description: Targets specifies a fixed list of failover targets @@ -134,21 +143,25 @@ spec: type: object type: array type: object - description: Failover controls when and how to reroute traffic to - an alternate pool of service instances. The map is keyed by the - service subset it applies to and the special string "*" is a wildcard - that applies to any subset not otherwise specified here. + description: |- + Failover controls when and how to reroute traffic to an alternate pool of + service instances. + The map is keyed by the service subset it applies to and the special + string "*" is a wildcard that applies to any subset not otherwise + specified here. type: object loadBalancer: - description: LoadBalancer determines the load balancing policy and - configuration for services issuing requests to this upstream service. + description: |- + LoadBalancer determines the load balancing policy and configuration for services + issuing requests to this upstream service. properties: hashPolicies: - description: HashPolicies is a list of hash policies to use for - hashing load balancing algorithms. Hash policies are evaluated - individually and combined such that identical lists result in - the same hash. If no hash policies are present, or none are - successfully evaluated, then a random backend host will be selected. + description: |- + HashPolicies is a list of hash policies to use for hashing load balancing algorithms. + Hash policies are evaluated individually and combined such that identical lists + result in the same hash. + If no hash policies are present, or none are successfully evaluated, + then a random backend host will be selected. items: properties: cookieConfig: @@ -168,26 +181,27 @@ spec: type: string type: object field: - description: Field is the attribute type to hash on. Must - be one of "header", "cookie", or "query_parameter". Cannot - be specified along with sourceIP. + description: |- + Field is the attribute type to hash on. + Must be one of "header", "cookie", or "query_parameter". + Cannot be specified along with sourceIP. type: string fieldValue: - description: FieldValue is the value to hash. ie. header - name, cookie name, URL query parameter name Cannot be - specified along with sourceIP. + description: |- + FieldValue is the value to hash. + ie. header name, cookie name, URL query parameter name + Cannot be specified along with sourceIP. type: string sourceIP: - description: SourceIP determines whether the hash should - be of the source IP rather than of a field and field value. + description: |- + SourceIP determines whether the hash should be of the source IP rather than of a field and field value. Cannot be specified along with field or fieldValue. type: boolean terminal: - description: Terminal will short circuit the computation - of the hash when multiple hash policies are present. If - a hash is computed when a Terminal policy is evaluated, - then that hash will be used and subsequent hash policies - will be ignored. + description: |- + Terminal will short circuit the computation of the hash when multiple hash policies are present. + If a hash is computed when a Terminal policy is evaluated, + then that hash will be used and subsequent hash policies will be ignored. type: boolean type: object type: array @@ -222,39 +236,44 @@ spec: type: object type: object prioritizeByLocality: - description: PrioritizeByLocality controls whether the locality of - services within the local partition will be used to prioritize connectivity. + description: |- + PrioritizeByLocality controls whether the locality of services within the + local partition will be used to prioritize connectivity. properties: mode: - description: 'Mode specifies the type of prioritization that will - be performed when selecting nodes in the local partition. Valid - values are: "" (default "none"), "none", and "failover".' + description: |- + Mode specifies the type of prioritization that will be performed + when selecting nodes in the local partition. + Valid values are: "" (default "none"), "none", and "failover". type: string type: object redirect: - description: Redirect when configured, all attempts to resolve the - service this resolver defines will be substituted for the supplied - redirect EXCEPT when the redirect has already been applied. When - substituting the supplied redirect, all other fields besides Kind, - Name, and Redirect will be ignored. + description: |- + Redirect when configured, all attempts to resolve the service this + resolver defines will be substituted for the supplied redirect + EXCEPT when the redirect has already been applied. + When substituting the supplied redirect, all other fields besides + Kind, Name, and Redirect will be ignored. properties: datacenter: - description: Datacenter is the datacenter to resolve the service - from instead of the current one. + description: |- + Datacenter is the datacenter to resolve the service from instead of the + current one. type: string namespace: - description: Namespace is the Consul namespace to resolve the - service from instead of the current namespace. If empty the - current namespace is assumed. + description: |- + Namespace is the Consul namespace to resolve the service from instead of + the current namespace. If empty the current namespace is assumed. type: string partition: - description: Partition is the Consul partition to resolve the - service from instead of the current partition. If empty the - current partition is assumed. + description: |- + Partition is the Consul partition to resolve the service from instead of + the current partition. If empty the current partition is assumed. type: string peer: - description: Peer is the name of the cluster peer to resolve the - service from instead of the current one. + description: |- + Peer is the name of the cluster peer to resolve the service from instead + of the current one. type: string samenessGroup: description: SamenessGroup is the name of the sameness group to @@ -265,37 +284,41 @@ spec: service. type: string serviceSubset: - description: ServiceSubset is a named subset of the given service - to resolve instead of one defined as that service's DefaultSubset - If empty the default subset is used. + description: |- + ServiceSubset is a named subset of the given service to resolve instead + of one defined as that service's DefaultSubset If empty the default + subset is used. type: string type: object requestTimeout: - description: RequestTimeout is the timeout for receiving an HTTP response - from this service before the connection is terminated. + description: |- + RequestTimeout is the timeout for receiving an HTTP response from this + service before the connection is terminated. type: string subsets: additionalProperties: properties: filter: - description: Filter is the filter expression to be used for - selecting instances of the requested service. If empty all - healthy instances are returned. This expression can filter - on the same selectors as the Health API endpoint. + description: |- + Filter is the filter expression to be used for selecting instances of the + requested service. If empty all healthy instances are returned. This + expression can filter on the same selectors as the Health API endpoint. type: string onlyPassing: - description: OnlyPassing specifies the behavior of the resolver's - health check interpretation. If this is set to false, instances - with checks in the passing as well as the warning states will - be considered healthy. If this is set to true, only instances - with checks in the passing state will be considered healthy. + description: |- + OnlyPassing specifies the behavior of the resolver's health check + interpretation. If this is set to false, instances with checks in the + passing as well as the warning states will be considered healthy. If this + is set to true, only instances with checks in the passing state will be + considered healthy. type: boolean type: object - description: Subsets is map of subset name to subset definition for - all usable named subsets of this service. The map key is the name - of the subset and all names must be valid DNS subdomain elements. - This may be empty, in which case only the unnamed default subset - will be usable. + description: |- + Subsets is map of subset name to subset definition for all usable named + subsets of this service. The map key is the name of the subset and all + names must be valid DNS subdomain elements. + This may be empty, in which case only the unnamed default subset will + be usable. type: object type: object status: @@ -304,8 +327,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_servicerouters.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_servicerouters.yaml index 4c982dbf8e..a58a5a1b43 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_servicerouters.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_servicerouters.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: servicerouters.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -37,14 +37,19 @@ spec: description: ServiceRouter is the Schema for the servicerouters API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -52,10 +57,11 @@ spec: description: ServiceRouterSpec defines the desired state of ServiceRouter. properties: routes: - description: Routes are the list of routes to consider when processing - L7 requests. The first route to match in the list is terminal and - stops further evaluation. Traffic that fails to match any of the - provided routes will be routed to the default service. + description: |- + Routes are the list of routes to consider when processing L7 requests. + The first route to match in the list is terminal and stops further + evaluation. Traffic that fails to match any of the provided routes will + be routed to the default service. items: properties: destination: @@ -63,13 +69,14 @@ spec: request(s) to a service. properties: idleTimeout: - description: IdleTimeout is total amount of time permitted + description: |- + IdleTimeout is total amount of time permitted for the request stream to be idle. type: string namespace: - description: Namespace is the Consul namespace to resolve - the service from instead of the current namespace. If - empty the current namespace is assumed. + description: |- + Namespace is the Consul namespace to resolve the service from instead of + the current namespace. If empty the current namespace is assumed. type: string numRetries: description: NumRetries is the number of times to retry @@ -77,13 +84,14 @@ spec: format: int32 type: integer partition: - description: Partition is the Consul partition to resolve - the service from instead of the current partition. If - empty the current partition is assumed. + description: |- + Partition is the Consul partition to resolve the service from instead of + the current partition. If empty the current partition is assumed. type: string prefixRewrite: - description: PrefixRewrite defines how to rewrite the HTTP - request path before proxying it to its final destination. + description: |- + PrefixRewrite defines how to rewrite the HTTP request path before proxying + it to its final destination. This requires that either match.http.pathPrefix or match.http.pathExact be configured on this route. type: string @@ -93,61 +101,63 @@ spec: add: additionalProperties: type: string - description: Add is a set of name -> value pairs that - should be appended to the request or response (i.e. - allowing duplicates if the same header already exists). + description: |- + Add is a set of name -> value pairs that should be appended to the request + or response (i.e. allowing duplicates if the same header already exists). type: object remove: - description: Remove is the set of header names that - should be stripped from the request or response. + description: |- + Remove is the set of header names that should be stripped from the request + or response. items: type: string type: array set: additionalProperties: type: string - description: Set is a set of name -> value pairs that - should be added to the request or response, overwriting - any existing header values of the same name. + description: |- + Set is a set of name -> value pairs that should be added to the request or + response, overwriting any existing header values of the same name. type: object type: object requestTimeout: - description: RequestTimeout is the total amount of time - permitted for the entire downstream request (and retries) - to be processed. + description: |- + RequestTimeout is the total amount of time permitted for the entire + downstream request (and retries) to be processed. type: string responseHeaders: - description: HTTPHeaderModifiers is a set of rules for HTTP - header modification that should be performed by proxies - as the request passes through them. It can operate on - either request or response headers depending on the context - in which it is used. + description: |- + HTTPHeaderModifiers is a set of rules for HTTP header modification that + should be performed by proxies as the request passes through them. It can + operate on either request or response headers depending on the context in + which it is used. properties: add: additionalProperties: type: string - description: Add is a set of name -> value pairs that - should be appended to the request or response (i.e. - allowing duplicates if the same header already exists). + description: |- + Add is a set of name -> value pairs that should be appended to the request + or response (i.e. allowing duplicates if the same header already exists). type: object remove: - description: Remove is the set of header names that - should be stripped from the request or response. + description: |- + Remove is the set of header names that should be stripped from the request + or response. items: type: string type: array set: additionalProperties: type: string - description: Set is a set of name -> value pairs that - should be added to the request or response, overwriting - any existing header values of the same name. + description: |- + Set is a set of name -> value pairs that should be added to the request or + response, overwriting any existing header values of the same name. type: object type: object retryOn: - description: RetryOn is a flat list of conditions for Consul - to retry requests based on the response from an upstream - service. + description: |- + RetryOn is a flat list of conditions for Consul to retry requests based on the response from an upstream service. + Refer to the valid conditions here: https://developer.hashicorp.com/consul/docs/connect/config-entries/service-router#routes-destination-retryon items: type: string type: array @@ -163,20 +173,21 @@ spec: type: integer type: array service: - description: Service is the service to resolve instead of - the default service. If empty then the default service - name is used. + description: |- + Service is the service to resolve instead of the default service. + If empty then the default service name is used. type: string serviceSubset: - description: ServiceSubset is a named subset of the given - service to resolve instead of the one defined as that - service's DefaultSubset. If empty, the default subset - is used. + description: |- + ServiceSubset is a named subset of the given service to resolve instead + of the one defined as that service's DefaultSubset. + If empty, the default subset is used. type: string type: object match: - description: Match is a set of criteria that can match incoming - L7 requests. If empty or omitted it acts as a catch-all. + description: |- + Match is a set of criteria that can match incoming L7 requests. + If empty or omitted it acts as a catch-all. properties: http: description: HTTP is a set of http-specific match criteria. @@ -186,9 +197,9 @@ spec: PathPrefix matches to ignore upper/lower casing. type: boolean header: - description: Header is a set of criteria that can match - on HTTP request headers. If more than one is configured - all must match for the overall match to apply. + description: |- + Header is a set of criteria that can match on HTTP request headers. + If more than one is configured all must match for the overall match to apply. items: properties: exact: @@ -223,9 +234,9 @@ spec: type: object type: array methods: - description: Methods is a list of HTTP methods for which - this match applies. If unspecified all http methods - are matched. + description: |- + Methods is a list of HTTP methods for which this match applies. + If unspecified all http methods are matched. items: type: string type: array @@ -242,10 +253,9 @@ spec: on the HTTP request path. type: string queryParam: - description: QueryParam is a set of criteria that can - match on HTTP query parameters. If more than one is - configured all must match for the overall match to - apply. + description: |- + QueryParam is a set of criteria that can match on HTTP query parameters. + If more than one is configured all must match for the overall match to apply. items: properties: exact: @@ -257,8 +267,9 @@ spec: to match on. type: string present: - description: Present will match if the query parameter - with the given name is present with any value. + description: |- + Present will match if the query parameter with the given name is present + with any value. type: boolean regex: description: Regex will match if the query parameter @@ -279,8 +290,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_servicesplitters.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_servicesplitters.yaml index 36f9c9f6c9..9dd719a93c 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_servicesplitters.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_servicesplitters.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: servicesplitters.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -37,14 +37,19 @@ spec: description: ServiceSplitter is the Schema for the servicesplitters API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -52,20 +57,20 @@ spec: description: ServiceSplitterSpec defines the desired state of ServiceSplitter. properties: splits: - description: Splits defines how much traffic to send to which set - of service instances during a traffic split. The sum of weights - across all splits must add up to 100. + description: |- + Splits defines how much traffic to send to which set of service instances during a traffic split. + The sum of weights across all splits must add up to 100. items: properties: namespace: - description: Namespace is the Consul namespace to resolve the - service from instead of the current namespace. If empty the - current namespace is assumed. + description: |- + Namespace is the Consul namespace to resolve the service from instead of + the current namespace. If empty the current namespace is assumed. type: string partition: - description: Partition is the Consul partition to resolve the - service from instead of the current partition. If empty the - current partition is assumed. + description: |- + Partition is the Consul partition to resolve the service from instead of + the current partition. If empty the current partition is assumed. type: string requestHeaders: description: Allow HTTP header manipulation to be configured. @@ -73,50 +78,52 @@ spec: add: additionalProperties: type: string - description: Add is a set of name -> value pairs that should - be appended to the request or response (i.e. allowing - duplicates if the same header already exists). + description: |- + Add is a set of name -> value pairs that should be appended to the request + or response (i.e. allowing duplicates if the same header already exists). type: object remove: - description: Remove is the set of header names that should - be stripped from the request or response. + description: |- + Remove is the set of header names that should be stripped from the request + or response. items: type: string type: array set: additionalProperties: type: string - description: Set is a set of name -> value pairs that should - be added to the request or response, overwriting any existing - header values of the same name. + description: |- + Set is a set of name -> value pairs that should be added to the request or + response, overwriting any existing header values of the same name. type: object type: object responseHeaders: - description: HTTPHeaderModifiers is a set of rules for HTTP - header modification that should be performed by proxies as - the request passes through them. It can operate on either - request or response headers depending on the context in which - it is used. + description: |- + HTTPHeaderModifiers is a set of rules for HTTP header modification that + should be performed by proxies as the request passes through them. It can + operate on either request or response headers depending on the context in + which it is used. properties: add: additionalProperties: type: string - description: Add is a set of name -> value pairs that should - be appended to the request or response (i.e. allowing - duplicates if the same header already exists). + description: |- + Add is a set of name -> value pairs that should be appended to the request + or response (i.e. allowing duplicates if the same header already exists). type: object remove: - description: Remove is the set of header names that should - be stripped from the request or response. + description: |- + Remove is the set of header names that should be stripped from the request + or response. items: type: string type: array set: additionalProperties: type: string - description: Set is a set of name -> value pairs that should - be added to the request or response, overwriting any existing - header values of the same name. + description: |- + Set is a set of name -> value pairs that should be added to the request or + response, overwriting any existing header values of the same name. type: object type: object service: @@ -124,13 +131,13 @@ spec: default. type: string serviceSubset: - description: ServiceSubset is a named subset of the given service - to resolve instead of one defined as that service's DefaultSubset. - If empty the default subset is used. + description: |- + ServiceSubset is a named subset of the given service to resolve instead of one defined + as that service's DefaultSubset. If empty the default subset is used. type: string weight: - description: Weight is a value between 0 and 100 reflecting - what portion of traffic should be directed to this split. + description: |- + Weight is a value between 0 and 100 reflecting what portion of traffic should be directed to this split. The smallest representable weight is 1/10000 or .01%. type: number type: object @@ -142,8 +149,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/consul.hashicorp.com_terminatinggateways.yaml b/control-plane/config/crd/bases/consul.hashicorp.com_terminatinggateways.yaml index 7f22c65d09..44c3ddc50a 100644 --- a/control-plane/config/crd/bases/consul.hashicorp.com_terminatinggateways.yaml +++ b/control-plane/config/crd/bases/consul.hashicorp.com_terminatinggateways.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: terminatinggateways.consul.hashicorp.com spec: group: consul.hashicorp.com @@ -38,14 +38,19 @@ spec: API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -60,18 +65,19 @@ spec: gateway. properties: caFile: - description: CAFile is the optional path to a CA certificate - to use for TLS connections from the gateway to the linked - service. + description: |- + CAFile is the optional path to a CA certificate to use for TLS connections + from the gateway to the linked service. type: string certFile: - description: CertFile is the optional path to a client certificate - to use for TLS connections from the gateway to the linked - service. + description: |- + CertFile is the optional path to a client certificate to use for TLS connections + from the gateway to the linked service. type: string keyFile: - description: KeyFile is the optional path to a private key to - use for TLS connections from the gateway to the linked service. + description: |- + KeyFile is the optional path to a private key to use for TLS connections + from the gateway to the linked service. type: string name: description: Name is the name of the service, as defined in @@ -93,8 +99,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/mesh.consul.hashicorp.com_grpcroutes.yaml b/control-plane/config/crd/bases/mesh.consul.hashicorp.com_grpcroutes.yaml index fda3e4255e..ddd3d52a62 100644 --- a/control-plane/config/crd/bases/mesh.consul.hashicorp.com_grpcroutes.yaml +++ b/control-plane/config/crd/bases/mesh.consul.hashicorp.com_grpcroutes.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: grpcroutes.mesh.consul.hashicorp.com spec: group: mesh.consul.hashicorp.com @@ -37,44 +37,63 @@ spec: description: GRPCRoute is the Schema for the GRPC Route API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "NOTE: this should align to the GAMMA/gateway-api version, - or at least be easily translatable. \n https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.GRPCRoute - \n This is a Resource type." + description: |- + NOTE: this should align to the GAMMA/gateway-api version, or at least be + easily translatable. + + + https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.GRPCRoute + + + This is a Resource type. properties: hostnames: - description: "Hostnames are the hostnames for which this GRPCRoute - should respond to requests. \n This is only valid for north/south." + description: |- + Hostnames are the hostnames for which this GRPCRoute should respond to requests. + + + This is only valid for north/south. items: type: string type: array parentRefs: - description: "ParentRefs references the resources (usually Services) - that a Route wants to be attached to. \n It is invalid to reference - an identical parent more than once. It is valid to reference multiple - distinct sections within the same parent resource." + description: |- + ParentRefs references the resources (usually Services) that a Route wants + to be attached to. + + + It is invalid to reference an identical parent more than once. It is valid + to reference multiple distinct sections within the same parent resource. items: description: 'NOTE: roughly equivalent to structs.ResourceReference' properties: port: - description: For east/west this is the name of the Consul Service - port to direct traffic to or empty to imply all. For north/south - this is TBD. + description: |- + For east/west this is the name of the Consul Service port to direct traffic to + or empty to imply all. + For north/south this is TBD. type: string ref: - description: For east/west configuration, this should point - to a Service. For north/south it should point to a Gateway. + description: |- + For east/west configuration, this should point to a Service. + For north/south it should point to a Gateway. properties: name: description: Name is the user-given name of the resource @@ -85,43 +104,50 @@ spec: the condition relates to. type: string tenancy: - description: Tenancy identifies the tenancy units (i.e. - partition, namespace) in which the resource resides. + description: |- + Tenancy identifies the tenancy units (i.e. partition, namespace) in which + the resource resides. properties: namespace: - description: "Namespace further isolates resources within - a partition. https://developer.hashicorp.com/consul/docs/enterprise/namespaces - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all namespaces." + description: |- + Namespace further isolates resources within a partition. + https://developer.hashicorp.com/consul/docs/enterprise/namespaces + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all namespaces. type: string partition: - description: "Partition is the topmost administrative - boundary within a cluster. https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all partitions." + description: |- + Partition is the topmost administrative boundary within a cluster. + https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all partitions. type: string peerName: - description: "PeerName identifies which peer the resource - is imported from. https://developer.hashicorp.com/consul/docs/connect/cluster-peering - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all peers." + description: |- + PeerName identifies which peer the resource is imported from. + https://developer.hashicorp.com/consul/docs/connect/cluster-peering + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all peers. type: string type: object type: description: Type identifies the resource's type. properties: group: - description: Group describes the area of functionality - to which this resource type relates (e.g. "catalog", - "authorization"). + description: |- + Group describes the area of functionality to which this resource type + relates (e.g. "catalog", "authorization"). type: string groupVersion: - description: GroupVersion is incremented when sweeping - or backward-incompatible changes are made to the group's - resource types. + description: |- + GroupVersion is incremented when sweeping or backward-incompatible changes + are made to the group's resource types. type: string kind: description: Kind identifies the specific resource type @@ -136,22 +162,31 @@ spec: items: properties: backendRefs: - description: "BackendRefs defines the backend(s) where matching - requests should be sent. Failure behavior here depends on - how many BackendRefs are specified and how many are invalid. - \n If all entries in BackendRefs are invalid, and there are - also no filters specified in this route rule, all traffic - which matches this rule MUST receive a 500 status code. \n - See the GRPCBackendRef definition for the rules about what - makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef - is invalid, 500 status codes MUST be returned for requests - that would have otherwise been routed to an invalid backend. - If multiple backends are specified, and some are invalid, - the proportion of requests that would otherwise have been - routed to an invalid backend MUST receive a 500 status code. - \n For example, if two backends are specified with equal weights, - and one is invalid, 50 percent of traffic must receive a 500. - Implementations may choose how that 50 percent is determined." + description: |- + BackendRefs defines the backend(s) where matching requests should be sent. + Failure behavior here depends on how many BackendRefs are specified and + how many are invalid. + + + If all entries in BackendRefs are invalid, and there are also no filters + specified in this route rule, all traffic which matches this rule MUST + receive a 500 status code. + + + See the GRPCBackendRef definition for the rules about what makes a single + GRPCBackendRef invalid. + + + When a GRPCBackendRef is invalid, 500 status codes MUST be returned for + requests that would have otherwise been routed to an invalid backend. If + multiple backends are specified, and some are invalid, the proportion of + requests that would otherwise have been routed to an invalid backend MUST + receive a 500 status code. + + + For example, if two backends are specified with equal weights, and one is + invalid, 50 percent of traffic must receive a 500. Implementations may + choose how that 50 percent is determined. items: properties: backendRef: @@ -159,10 +194,12 @@ spec: datacenter: type: string port: - description: "For east/west this is the name of the - Consul Service port to direct traffic to or empty - to imply using the same value as the parent ref. - \n For north/south this is TBD." + description: |- + For east/west this is the name of the Consul Service port to direct traffic to + or empty to imply using the same value as the parent ref. + + + For north/south this is TBD. type: string ref: description: For east/west configuration, this should @@ -177,43 +214,49 @@ spec: the resource the condition relates to. type: string tenancy: - description: Tenancy identifies the tenancy units - (i.e. partition, namespace) in which the resource - resides. + description: |- + Tenancy identifies the tenancy units (i.e. partition, namespace) in which + the resource resides. properties: namespace: - description: "Namespace further isolates resources - within a partition. https://developer.hashicorp.com/consul/docs/enterprise/namespaces - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all namespaces." + description: |- + Namespace further isolates resources within a partition. + https://developer.hashicorp.com/consul/docs/enterprise/namespaces + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all namespaces. type: string partition: - description: "Partition is the topmost administrative - boundary within a cluster. https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all partitions." + description: |- + Partition is the topmost administrative boundary within a cluster. + https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all partitions. type: string peerName: - description: "PeerName identifies which peer - the resource is imported from. https://developer.hashicorp.com/consul/docs/connect/cluster-peering - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all peers." + description: |- + PeerName identifies which peer the resource is imported from. + https://developer.hashicorp.com/consul/docs/connect/cluster-peering + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all peers. type: string type: object type: description: Type identifies the resource's type. properties: group: - description: Group describes the area of functionality - to which this resource type relates (e.g. - "catalog", "authorization"). + description: |- + Group describes the area of functionality to which this resource type + relates (e.g. "catalog", "authorization"). type: string groupVersion: - description: GroupVersion is incremented when - sweeping or backward-incompatible changes + description: |- + GroupVersion is incremented when sweeping or backward-incompatible changes are made to the group's resource types. type: string kind: @@ -224,20 +267,20 @@ spec: type: object type: object filters: - description: Filters defined at this level should be executed - if and only if the request is being forwarded to the - backend defined here. + description: |- + Filters defined at this level should be executed if and only if the + request is being forwarded to the backend defined here. items: properties: requestHeaderModifier: - description: RequestHeaderModifier defines a schema - for a filter that modifies request headers. + description: |- + RequestHeaderModifier defines a schema for a filter that modifies request + headers. properties: add: - description: Add adds the given header(s) (name, - value) to the request before the action. It - appends to any existing values associated - with the header name. + description: |- + Add adds the given header(s) (name, value) to the request before the + action. It appends to any existing values associated with the header name. items: properties: name: @@ -247,17 +290,17 @@ spec: type: object type: array remove: - description: Remove the given header(s) from - the HTTP request before the action. The value - of Remove is a list of HTTP header names. - Note that the header names are case-insensitive - (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + description: |- + Remove the given header(s) from the HTTP request before the action. The + value of Remove is a list of HTTP header names. Note that the header names + are case-insensitive (see + https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). items: type: string type: array set: - description: Set overwrites the request with - the given header (name, value) before the + description: |- + Set overwrites the request with the given header (name, value) before the action. items: properties: @@ -269,14 +312,14 @@ spec: type: array type: object responseHeaderModifier: - description: ResponseHeaderModifier defines a schema - for a filter that modifies response headers. + description: |- + ResponseHeaderModifier defines a schema for a filter that modifies + response headers. properties: add: - description: Add adds the given header(s) (name, - value) to the request before the action. It - appends to any existing values associated - with the header name. + description: |- + Add adds the given header(s) (name, value) to the request before the + action. It appends to any existing values associated with the header name. items: properties: name: @@ -286,17 +329,17 @@ spec: type: object type: array remove: - description: Remove the given header(s) from - the HTTP request before the action. The value - of Remove is a list of HTTP header names. - Note that the header names are case-insensitive - (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + description: |- + Remove the given header(s) from the HTTP request before the action. The + value of Remove is a list of HTTP header names. Note that the header names + are case-insensitive (see + https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). items: type: string type: array set: - description: Set overwrites the request with - the given header (name, value) before the + description: |- + Set overwrites the request with the given header (name, value) before the action. items: properties: @@ -308,8 +351,9 @@ spec: type: array type: object urlRewrite: - description: URLRewrite defines a schema for a filter - that modifies a request during forwarding. + description: |- + URLRewrite defines a schema for a filter that modifies a request during + forwarding. properties: pathPrefix: type: string @@ -317,18 +361,19 @@ spec: type: object type: array weight: - description: "Weight specifies the proportion of requests - forwarded to the referenced backend. This is computed - as weight/(sum of all weights in this BackendRefs list). - For non-zero values, there may be some epsilon from - the exact proportion defined here depending on the precision - an implementation supports. Weight is not a percentage - and the sum of weights does not need to equal 100. \n - If only one backend is specified and it has a weight - greater than 0, 100% of the traffic is forwarded to - that backend. If weight is set to 0, no traffic should - be forwarded for this entry. If unspecified, weight - defaults to 1." + description: |- + Weight specifies the proportion of requests forwarded to the referenced + backend. This is computed as weight/(sum of all weights in this + BackendRefs list). For non-zero values, there may be some epsilon from the + exact proportion defined here depending on the precision an implementation + supports. Weight is not a percentage and the sum of weights does not need + to equal 100. + + + If only one backend is specified and it has a weight greater than 0, 100% + of the traffic is forwarded to that backend. If weight is set to 0, no + traffic should be forwarded for this entry. If unspecified, weight defaults + to 1. format: int32 type: integer type: object @@ -337,13 +382,14 @@ spec: items: properties: requestHeaderModifier: - description: RequestHeaderModifier defines a schema for - a filter that modifies request headers. + description: |- + RequestHeaderModifier defines a schema for a filter that modifies request + headers. properties: add: - description: Add adds the given header(s) (name, value) - to the request before the action. It appends to - any existing values associated with the header name. + description: |- + Add adds the given header(s) (name, value) to the request before the + action. It appends to any existing values associated with the header name. items: properties: name: @@ -353,16 +399,18 @@ spec: type: object type: array remove: - description: Remove the given header(s) from the HTTP - request before the action. The value of Remove is - a list of HTTP header names. Note that the header - names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + description: |- + Remove the given header(s) from the HTTP request before the action. The + value of Remove is a list of HTTP header names. Note that the header names + are case-insensitive (see + https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). items: type: string type: array set: - description: Set overwrites the request with the given - header (name, value) before the action. + description: |- + Set overwrites the request with the given header (name, value) before the + action. items: properties: name: @@ -373,13 +421,14 @@ spec: type: array type: object responseHeaderModifier: - description: ResponseHeaderModifier defines a schema for - a filter that modifies response headers. + description: |- + ResponseHeaderModifier defines a schema for a filter that modifies + response headers. properties: add: - description: Add adds the given header(s) (name, value) - to the request before the action. It appends to - any existing values associated with the header name. + description: |- + Add adds the given header(s) (name, value) to the request before the + action. It appends to any existing values associated with the header name. items: properties: name: @@ -389,16 +438,18 @@ spec: type: object type: array remove: - description: Remove the given header(s) from the HTTP - request before the action. The value of Remove is - a list of HTTP header names. Note that the header - names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + description: |- + Remove the given header(s) from the HTTP request before the action. The + value of Remove is a list of HTTP header names. Note that the header names + are case-insensitive (see + https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). items: type: string type: array set: - description: Set overwrites the request with the given - header (name, value) before the action. + description: |- + Set overwrites the request with the given header (name, value) before the + action. items: properties: name: @@ -409,8 +460,9 @@ spec: type: array type: object urlRewrite: - description: URLRewrite defines a schema for a filter - that modifies a request during forwarding. + description: |- + URLRewrite defines a schema for a filter that modifies a request during + forwarding. properties: pathPrefix: type: string @@ -421,24 +473,27 @@ spec: items: properties: headers: - description: Headers specifies gRPC request header matchers. - Multiple match values are ANDed together, meaning, a - request MUST match all the specified headers to select - the route. + description: |- + Headers specifies gRPC request header matchers. Multiple match values are + ANDed together, meaning, a request MUST match all the specified headers to + select the route. items: properties: name: type: string type: - description: "HeaderMatchType specifies the semantics - of how HTTP header values should be compared. - Valid HeaderMatchType values, along with their - conformance levels, are: \n Note that values may - be added to this enum, implementations must ensure - that unknown values will not cause a crash. \n - Unknown values here must result in the implementation - setting the Accepted Condition for the Route to - status: False, with a Reason of UnsupportedValue." + description: |- + HeaderMatchType specifies the semantics of how HTTP header values should be + compared. Valid HeaderMatchType values, along with their conformance levels, + are: + + + Note that values may be added to this enum, implementations must ensure that + unknown values will not cause a crash. + + + Unknown values here must result in the implementation setting the Accepted + Condition for the Route to status: False, with a Reason of UnsupportedValue. enum: - HEADER_MATCH_TYPE_UNSPECIFIED - HEADER_MATCH_TYPE_EXACT @@ -453,26 +508,30 @@ spec: type: object type: array method: - description: Method specifies a gRPC request service/method - matcher. If this field is not specified, all services - and methods will match. + description: |- + Method specifies a gRPC request service/method matcher. If this field is + not specified, all services and methods will match. properties: method: - description: "Value of the method to match against. - If left empty or omitted, will match all services. - \n At least one of Service and Method MUST be a - non-empty string.}" + description: |- + Value of the method to match against. If left empty or omitted, will match + all services. + + + At least one of Service and Method MUST be a non-empty string.} type: string service: - description: "Value of the service to match against. - If left empty or omitted, will match any service. - \n At least one of Service and Method MUST be a - non-empty string." + description: |- + Value of the service to match against. If left empty or omitted, will + match any service. + + + At least one of Service and Method MUST be a non-empty string. type: string type: - description: 'Type specifies how to match against - the service and/or method. Support: Core (Exact - with service and method specified)' + description: |- + Type specifies how to match against the service and/or method. Support: + Core (Exact with service and method specified) enum: - GRPC_METHOD_MATCH_TYPE_UNSPECIFIED - GRPC_METHOD_MATCH_TYPE_EXACT @@ -485,8 +544,9 @@ spec: retries: properties: number: - description: Number is the number of times to retry the - request when a retryable result occurs. + description: |- + Number is the number of times to retry the request when a retryable + result occurs. properties: value: description: The uint32 value. @@ -494,27 +554,30 @@ spec: type: integer type: object onConditions: - description: RetryOn allows setting envoy specific conditions - when a request should be automatically retried. + description: |- + RetryOn allows setting envoy specific conditions when a request should + be automatically retried. items: type: string type: array onConnectFailure: - description: RetryOnConnectFailure allows for connection - failure errors to trigger a retry. + description: |- + RetryOnConnectFailure allows for connection failure errors to trigger a + retry. type: boolean onStatusCodes: - description: RetryOnStatusCodes is a flat list of http response - status codes that are eligible for retry. This again should - be feasible in any reasonable proxy. + description: |- + RetryOnStatusCodes is a flat list of http response status codes that are + eligible for retry. This again should be feasible in any reasonable proxy. items: format: int32 type: integer type: array type: object timeouts: - description: HTTPRouteTimeouts defines timeouts that can be - configured for an HTTPRoute or GRPCRoute. + description: |- + HTTPRouteTimeouts defines timeouts that can be configured for an HTTPRoute + or GRPCRoute. properties: idle: description: Idle specifies the total amount of time permitted @@ -522,44 +585,44 @@ spec: format: duration properties: nanos: - description: Signed fractions of a second at nanosecond - resolution of the span of time. Durations less than - one second are represented with a 0 `seconds` field - and a positive or negative `nanos` field. For durations - of one second or more, a non-zero value for the `nanos` - field must be of the same sign as the `seconds` field. - Must be from -999,999,999 to +999,999,999 inclusive. + description: |- + Signed fractions of a second at nanosecond resolution of the span + of time. Durations less than one second are represented with a 0 + `seconds` field and a positive or negative `nanos` field. For durations + of one second or more, a non-zero value for the `nanos` field must be + of the same sign as the `seconds` field. Must be from -999,999,999 + to +999,999,999 inclusive. format: int32 type: integer seconds: - description: 'Signed seconds of the span of time. Must - be from -315,576,000,000 to +315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * - 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years' + description: |- + Signed seconds of the span of time. Must be from -315,576,000,000 + to +315,576,000,000 inclusive. Note: these bounds are computed from: + 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years format: int64 type: integer type: object request: - description: RequestTimeout is the total amount of time - permitted for the entire downstream request (and retries) - to be processed. + description: |- + RequestTimeout is the total amount of time permitted for the entire + downstream request (and retries) to be processed. format: duration properties: nanos: - description: Signed fractions of a second at nanosecond - resolution of the span of time. Durations less than - one second are represented with a 0 `seconds` field - and a positive or negative `nanos` field. For durations - of one second or more, a non-zero value for the `nanos` - field must be of the same sign as the `seconds` field. - Must be from -999,999,999 to +999,999,999 inclusive. + description: |- + Signed fractions of a second at nanosecond resolution of the span + of time. Durations less than one second are represented with a 0 + `seconds` field and a positive or negative `nanos` field. For durations + of one second or more, a non-zero value for the `nanos` field must be + of the same sign as the `seconds` field. Must be from -999,999,999 + to +999,999,999 inclusive. format: int32 type: integer seconds: - description: 'Signed seconds of the span of time. Must - be from -315,576,000,000 to +315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * - 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years' + description: |- + Signed seconds of the span of time. Must be from -315,576,000,000 + to +315,576,000,000 inclusive. Note: these bounds are computed from: + 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years format: int64 type: integer type: object @@ -573,8 +636,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/mesh.consul.hashicorp.com_httproutes.yaml b/control-plane/config/crd/bases/mesh.consul.hashicorp.com_httproutes.yaml index 46bf7162a6..765084639b 100644 --- a/control-plane/config/crd/bases/mesh.consul.hashicorp.com_httproutes.yaml +++ b/control-plane/config/crd/bases/mesh.consul.hashicorp.com_httproutes.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: httproutes.mesh.consul.hashicorp.com spec: group: mesh.consul.hashicorp.com @@ -37,44 +37,63 @@ spec: description: HTTPRoute is the Schema for the HTTP Route API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "NOTE: this should align to the GAMMA/gateway-api version, - or at least be easily translatable. \n https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.HTTPRoute - \n This is a Resource type." + description: |- + NOTE: this should align to the GAMMA/gateway-api version, or at least be + easily translatable. + + + https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.HTTPRoute + + + This is a Resource type. properties: hostnames: - description: "Hostnames are the hostnames for which this HTTPRoute - should respond to requests. \n This is only valid for north/south." + description: |- + Hostnames are the hostnames for which this HTTPRoute should respond to requests. + + + This is only valid for north/south. items: type: string type: array parentRefs: - description: "ParentRefs references the resources (usually Services) - that a Route wants to be attached to. \n It is invalid to reference - an identical parent more than once. It is valid to reference multiple - distinct sections within the same parent resource." + description: |- + ParentRefs references the resources (usually Services) that a Route wants + to be attached to. + + + It is invalid to reference an identical parent more than once. It is valid + to reference multiple distinct sections within the same parent resource. items: description: 'NOTE: roughly equivalent to structs.ResourceReference' properties: port: - description: For east/west this is the name of the Consul Service - port to direct traffic to or empty to imply all. For north/south - this is TBD. + description: |- + For east/west this is the name of the Consul Service port to direct traffic to + or empty to imply all. + For north/south this is TBD. type: string ref: - description: For east/west configuration, this should point - to a Service. For north/south it should point to a Gateway. + description: |- + For east/west configuration, this should point to a Service. + For north/south it should point to a Gateway. properties: name: description: Name is the user-given name of the resource @@ -85,43 +104,50 @@ spec: the condition relates to. type: string tenancy: - description: Tenancy identifies the tenancy units (i.e. - partition, namespace) in which the resource resides. + description: |- + Tenancy identifies the tenancy units (i.e. partition, namespace) in which + the resource resides. properties: namespace: - description: "Namespace further isolates resources within - a partition. https://developer.hashicorp.com/consul/docs/enterprise/namespaces - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all namespaces." + description: |- + Namespace further isolates resources within a partition. + https://developer.hashicorp.com/consul/docs/enterprise/namespaces + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all namespaces. type: string partition: - description: "Partition is the topmost administrative - boundary within a cluster. https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all partitions." + description: |- + Partition is the topmost administrative boundary within a cluster. + https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all partitions. type: string peerName: - description: "PeerName identifies which peer the resource - is imported from. https://developer.hashicorp.com/consul/docs/connect/cluster-peering - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all peers." + description: |- + PeerName identifies which peer the resource is imported from. + https://developer.hashicorp.com/consul/docs/connect/cluster-peering + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all peers. type: string type: object type: description: Type identifies the resource's type. properties: group: - description: Group describes the area of functionality - to which this resource type relates (e.g. "catalog", - "authorization"). + description: |- + Group describes the area of functionality to which this resource type + relates (e.g. "catalog", "authorization"). type: string groupVersion: - description: GroupVersion is incremented when sweeping - or backward-incompatible changes are made to the group's - resource types. + description: |- + GroupVersion is incremented when sweeping or backward-incompatible changes + are made to the group's resource types. type: string kind: description: Kind identifies the specific resource type @@ -132,29 +158,42 @@ spec: type: object type: array rules: - description: Rules are a list of HTTP-based routing rules that this - route should use for constructing a routing table. + description: |- + Rules are a list of HTTP-based routing rules that this route should + use for constructing a routing table. items: - description: HTTPRouteRule specifies the routing rules used to determine - what upstream service an HTTP request is routed to. + description: |- + HTTPRouteRule specifies the routing rules used to determine what upstream + service an HTTP request is routed to. properties: backendRefs: - description: "BackendRefs defines the backend(s) where matching - requests should be sent. \n Failure behavior here depends - on how many BackendRefs are specified and how many are invalid. - \n If all entries in BackendRefs are invalid, and there are - also no filters specified in this route rule, all traffic - which matches this rule MUST receive a 500 status code. \n - See the HTTPBackendRef definition for the rules about what - makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef - is invalid, 500 status codes MUST be returned for requests - that would have otherwise been routed to an invalid backend. - If multiple backends are specified, and some are invalid, - the proportion of requests that would otherwise have been - routed to an invalid backend MUST receive a 500 status code. - \n For example, if two backends are specified with equal weights, - and one is invalid, 50 percent of traffic must receive a 500. - Implementations may choose how that 50 percent is determined." + description: |- + BackendRefs defines the backend(s) where matching requests should be sent. + + + Failure behavior here depends on how many BackendRefs are specified and + how many are invalid. + + + If all entries in BackendRefs are invalid, and there are also no filters + specified in this route rule, all traffic which matches this rule MUST + receive a 500 status code. + + + See the HTTPBackendRef definition for the rules about what makes a single + HTTPBackendRef invalid. + + + When a HTTPBackendRef is invalid, 500 status codes MUST be returned for + requests that would have otherwise been routed to an invalid backend. If + multiple backends are specified, and some are invalid, the proportion of + requests that would otherwise have been routed to an invalid backend MUST + receive a 500 status code. + + + For example, if two backends are specified with equal weights, and one is + invalid, 50 percent of traffic must receive a 500. Implementations may + choose how that 50 percent is determined. items: properties: backendRef: @@ -162,10 +201,12 @@ spec: datacenter: type: string port: - description: "For east/west this is the name of the - Consul Service port to direct traffic to or empty - to imply using the same value as the parent ref. - \n For north/south this is TBD." + description: |- + For east/west this is the name of the Consul Service port to direct traffic to + or empty to imply using the same value as the parent ref. + + + For north/south this is TBD. type: string ref: description: For east/west configuration, this should @@ -180,43 +221,49 @@ spec: the resource the condition relates to. type: string tenancy: - description: Tenancy identifies the tenancy units - (i.e. partition, namespace) in which the resource - resides. + description: |- + Tenancy identifies the tenancy units (i.e. partition, namespace) in which + the resource resides. properties: namespace: - description: "Namespace further isolates resources - within a partition. https://developer.hashicorp.com/consul/docs/enterprise/namespaces - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all namespaces." + description: |- + Namespace further isolates resources within a partition. + https://developer.hashicorp.com/consul/docs/enterprise/namespaces + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all namespaces. type: string partition: - description: "Partition is the topmost administrative - boundary within a cluster. https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all partitions." + description: |- + Partition is the topmost administrative boundary within a cluster. + https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all partitions. type: string peerName: - description: "PeerName identifies which peer - the resource is imported from. https://developer.hashicorp.com/consul/docs/connect/cluster-peering - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all peers." + description: |- + PeerName identifies which peer the resource is imported from. + https://developer.hashicorp.com/consul/docs/connect/cluster-peering + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all peers. type: string type: object type: description: Type identifies the resource's type. properties: group: - description: Group describes the area of functionality - to which this resource type relates (e.g. - "catalog", "authorization"). + description: |- + Group describes the area of functionality to which this resource type + relates (e.g. "catalog", "authorization"). type: string groupVersion: - description: GroupVersion is incremented when - sweeping or backward-incompatible changes + description: |- + GroupVersion is incremented when sweeping or backward-incompatible changes are made to the group's resource types. type: string kind: @@ -227,20 +274,20 @@ spec: type: object type: object filters: - description: Filters defined at this level should be executed - if and only if the request is being forwarded to the - backend defined here. + description: |- + Filters defined at this level should be executed if and only if the + request is being forwarded to the backend defined here. items: properties: requestHeaderModifier: - description: RequestHeaderModifier defines a schema - for a filter that modifies request headers. + description: |- + RequestHeaderModifier defines a schema for a filter that modifies request + headers. properties: add: - description: Add adds the given header(s) (name, - value) to the request before the action. It - appends to any existing values associated - with the header name. + description: |- + Add adds the given header(s) (name, value) to the request before the + action. It appends to any existing values associated with the header name. items: properties: name: @@ -250,17 +297,17 @@ spec: type: object type: array remove: - description: Remove the given header(s) from - the HTTP request before the action. The value - of Remove is a list of HTTP header names. - Note that the header names are case-insensitive - (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + description: |- + Remove the given header(s) from the HTTP request before the action. The + value of Remove is a list of HTTP header names. Note that the header names + are case-insensitive (see + https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). items: type: string type: array set: - description: Set overwrites the request with - the given header (name, value) before the + description: |- + Set overwrites the request with the given header (name, value) before the action. items: properties: @@ -272,14 +319,14 @@ spec: type: array type: object responseHeaderModifier: - description: ResponseHeaderModifier defines a schema - for a filter that modifies response headers. + description: |- + ResponseHeaderModifier defines a schema for a filter that modifies + response headers. properties: add: - description: Add adds the given header(s) (name, - value) to the request before the action. It - appends to any existing values associated - with the header name. + description: |- + Add adds the given header(s) (name, value) to the request before the + action. It appends to any existing values associated with the header name. items: properties: name: @@ -289,17 +336,17 @@ spec: type: object type: array remove: - description: Remove the given header(s) from - the HTTP request before the action. The value - of Remove is a list of HTTP header names. - Note that the header names are case-insensitive - (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + description: |- + Remove the given header(s) from the HTTP request before the action. The + value of Remove is a list of HTTP header names. Note that the header names + are case-insensitive (see + https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). items: type: string type: array set: - description: Set overwrites the request with - the given header (name, value) before the + description: |- + Set overwrites the request with the given header (name, value) before the action. items: properties: @@ -311,8 +358,9 @@ spec: type: array type: object urlRewrite: - description: URLRewrite defines a schema for a filter - that modifies a request during forwarding. + description: |- + URLRewrite defines a schema for a filter that modifies a request during + forwarding. properties: pathPrefix: type: string @@ -320,18 +368,19 @@ spec: type: object type: array weight: - description: "Weight specifies the proportion of requests - forwarded to the referenced backend. This is computed - as weight/(sum of all weights in this BackendRefs list). - For non-zero values, there may be some epsilon from - the exact proportion defined here depending on the precision - an implementation supports. Weight is not a percentage - and the sum of weights does not need to equal 100. \n - If only one backend is specified and it has a weight - greater than 0, 100% of the traffic is forwarded to - that backend. If weight is set to 0, no traffic should - be forwarded for this entry. If unspecified, weight - defaults to 1." + description: |- + Weight specifies the proportion of requests forwarded to the referenced + backend. This is computed as weight/(sum of all weights in this + BackendRefs list). For non-zero values, there may be some epsilon from the + exact proportion defined here depending on the precision an implementation + supports. Weight is not a percentage and the sum of weights does not need + to equal 100. + + + If only one backend is specified and it has a weight greater than 0, 100% + of the traffic is forwarded to that backend. If weight is set to 0, no + traffic should be forwarded for this entry. If unspecified, weight defaults + to 1. format: int32 type: integer type: object @@ -340,13 +389,14 @@ spec: items: properties: requestHeaderModifier: - description: RequestHeaderModifier defines a schema for - a filter that modifies request headers. + description: |- + RequestHeaderModifier defines a schema for a filter that modifies request + headers. properties: add: - description: Add adds the given header(s) (name, value) - to the request before the action. It appends to - any existing values associated with the header name. + description: |- + Add adds the given header(s) (name, value) to the request before the + action. It appends to any existing values associated with the header name. items: properties: name: @@ -356,16 +406,18 @@ spec: type: object type: array remove: - description: Remove the given header(s) from the HTTP - request before the action. The value of Remove is - a list of HTTP header names. Note that the header - names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + description: |- + Remove the given header(s) from the HTTP request before the action. The + value of Remove is a list of HTTP header names. Note that the header names + are case-insensitive (see + https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). items: type: string type: array set: - description: Set overwrites the request with the given - header (name, value) before the action. + description: |- + Set overwrites the request with the given header (name, value) before the + action. items: properties: name: @@ -376,13 +428,14 @@ spec: type: array type: object responseHeaderModifier: - description: ResponseHeaderModifier defines a schema for - a filter that modifies response headers. + description: |- + ResponseHeaderModifier defines a schema for a filter that modifies + response headers. properties: add: - description: Add adds the given header(s) (name, value) - to the request before the action. It appends to - any existing values associated with the header name. + description: |- + Add adds the given header(s) (name, value) to the request before the + action. It appends to any existing values associated with the header name. items: properties: name: @@ -392,16 +445,18 @@ spec: type: object type: array remove: - description: Remove the given header(s) from the HTTP - request before the action. The value of Remove is - a list of HTTP header names. Note that the header - names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + description: |- + Remove the given header(s) from the HTTP request before the action. The + value of Remove is a list of HTTP header names. Note that the header names + are case-insensitive (see + https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). items: type: string type: array set: - description: Set overwrites the request with the given - header (name, value) before the action. + description: |- + Set overwrites the request with the given header (name, value) before the + action. items: properties: name: @@ -412,8 +467,9 @@ spec: type: array type: object urlRewrite: - description: URLRewrite defines a schema for a filter - that modifies a request during forwarding. + description: |- + URLRewrite defines a schema for a filter that modifies a request during + forwarding. properties: pathPrefix: type: string @@ -424,10 +480,10 @@ spec: items: properties: headers: - description: Headers specifies HTTP request header matchers. - Multiple match values are ANDed together, meaning, a - request must match all the specified headers to select - the route. + description: |- + Headers specifies HTTP request header matchers. Multiple match values are + ANDed together, meaning, a request must match all the specified headers to + select the route. items: properties: invert: @@ -435,21 +491,23 @@ spec: compat' type: boolean name: - description: "Name is the name of the HTTP Header - to be matched. Name matching MUST be case insensitive. - (See https://tools.ietf.org/html/rfc7230#section-3.2). - \n If multiple entries specify equivalent header - names, only the first entry with an equivalent - name MUST be considered for a match. Subsequent - entries with an equivalent header name MUST be - ignored. Due to the case-insensitivity of header - names, “foo” and “Foo” are considered equivalent. - \n When a header is repeated in an HTTP request, - it is implementation-specific behavior as to how - this is represented. Generally, proxies should - follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 - regarding processing a repeated header, with special - handling for “Set-Cookie”." + description: |- + Name is the name of the HTTP Header to be matched. Name matching MUST be + case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + + + If multiple entries specify equivalent header names, only the first entry + with an equivalent name MUST be considered for a match. Subsequent entries + with an equivalent header name MUST be ignored. Due to the + case-insensitivity of header names, “foo” and “Foo” are considered + equivalent. + + + When a header is repeated in an HTTP request, it is + implementation-specific behavior as to how this is represented. Generally, + proxies should follow the guidance from the RFC: + https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding + processing a repeated header, with special handling for “Set-Cookie”. type: string type: description: Type specifies how to match against @@ -470,14 +528,14 @@ spec: type: object type: array method: - description: Method specifies HTTP method matcher. When - specified, this route will be matched only if the request - has the specified method. + description: |- + Method specifies HTTP method matcher. When specified, this route will be + matched only if the request has the specified method. type: string path: - description: Path specifies a HTTP request path matcher. - If this field is not specified, a default prefix match - on the “/” path is provided. + description: |- + Path specifies a HTTP request path matcher. If this field is not + specified, a default prefix match on the “/” path is provided. properties: type: description: Type specifies how to match against the @@ -494,31 +552,33 @@ spec: type: string type: object queryParams: - description: QueryParams specifies HTTP query parameter - matchers. Multiple match values are ANDed together, - meaning, a request must match all the specified query + description: |- + QueryParams specifies HTTP query parameter matchers. Multiple match values + are ANDed together, meaning, a request must match all the specified query parameters to select the route. items: properties: name: - description: "Name is the name of the HTTP query - param to be matched. This must be an exact string - match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). - \n If multiple entries specify equivalent query - param names, only the first entry with an equivalent - name MUST be considered for a match. Subsequent - entries with an equivalent query param name MUST - be ignored. \n If a query param is repeated in - an HTTP request, the behavior is purposely left - undefined, since different data planes have different - capabilities. However, it is recommended that - implementations should match against the first - value of the param if the data plane supports - it, as this behavior is expected in other load - balancing contexts outside of the Gateway API. - \n Users SHOULD NOT route traffic based on repeated - query params to guard themselves against potential - differences in the implementations." + description: |- + Name is the name of the HTTP query param to be matched. This must be an + exact string match. (See + https://tools.ietf.org/html/rfc7230#section-2.7.3). + + + If multiple entries specify equivalent query param names, only the first + entry with an equivalent name MUST be considered for a match. Subsequent + entries with an equivalent query param name MUST be ignored. + + + If a query param is repeated in an HTTP request, the behavior is purposely + left undefined, since different data planes have different capabilities. + However, it is recommended that implementations should match against the + first value of the param if the data plane supports it, as this behavior + is expected in other load balancing contexts outside of the Gateway API. + + + Users SHOULD NOT route traffic based on repeated query params to guard + themselves against potential differences in the implementations. type: string type: description: Type specifies how to match against @@ -541,8 +601,9 @@ spec: retries: properties: number: - description: Number is the number of times to retry the - request when a retryable result occurs. + description: |- + Number is the number of times to retry the request when a retryable + result occurs. properties: value: description: The uint32 value. @@ -550,27 +611,30 @@ spec: type: integer type: object onConditions: - description: RetryOn allows setting envoy specific conditions - when a request should be automatically retried. + description: |- + RetryOn allows setting envoy specific conditions when a request should + be automatically retried. items: type: string type: array onConnectFailure: - description: RetryOnConnectFailure allows for connection - failure errors to trigger a retry. + description: |- + RetryOnConnectFailure allows for connection failure errors to trigger a + retry. type: boolean onStatusCodes: - description: RetryOnStatusCodes is a flat list of http response - status codes that are eligible for retry. This again should - be feasible in any reasonable proxy. + description: |- + RetryOnStatusCodes is a flat list of http response status codes that are + eligible for retry. This again should be feasible in any reasonable proxy. items: format: int32 type: integer type: array type: object timeouts: - description: HTTPRouteTimeouts defines timeouts that can be - configured for an HTTPRoute or GRPCRoute. + description: |- + HTTPRouteTimeouts defines timeouts that can be configured for an HTTPRoute + or GRPCRoute. properties: idle: description: Idle specifies the total amount of time permitted @@ -578,44 +642,44 @@ spec: format: duration properties: nanos: - description: Signed fractions of a second at nanosecond - resolution of the span of time. Durations less than - one second are represented with a 0 `seconds` field - and a positive or negative `nanos` field. For durations - of one second or more, a non-zero value for the `nanos` - field must be of the same sign as the `seconds` field. - Must be from -999,999,999 to +999,999,999 inclusive. + description: |- + Signed fractions of a second at nanosecond resolution of the span + of time. Durations less than one second are represented with a 0 + `seconds` field and a positive or negative `nanos` field. For durations + of one second or more, a non-zero value for the `nanos` field must be + of the same sign as the `seconds` field. Must be from -999,999,999 + to +999,999,999 inclusive. format: int32 type: integer seconds: - description: 'Signed seconds of the span of time. Must - be from -315,576,000,000 to +315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * - 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years' + description: |- + Signed seconds of the span of time. Must be from -315,576,000,000 + to +315,576,000,000 inclusive. Note: these bounds are computed from: + 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years format: int64 type: integer type: object request: - description: RequestTimeout is the total amount of time - permitted for the entire downstream request (and retries) - to be processed. + description: |- + RequestTimeout is the total amount of time permitted for the entire + downstream request (and retries) to be processed. format: duration properties: nanos: - description: Signed fractions of a second at nanosecond - resolution of the span of time. Durations less than - one second are represented with a 0 `seconds` field - and a positive or negative `nanos` field. For durations - of one second or more, a non-zero value for the `nanos` - field must be of the same sign as the `seconds` field. - Must be from -999,999,999 to +999,999,999 inclusive. + description: |- + Signed fractions of a second at nanosecond resolution of the span + of time. Durations less than one second are represented with a 0 + `seconds` field and a positive or negative `nanos` field. For durations + of one second or more, a non-zero value for the `nanos` field must be + of the same sign as the `seconds` field. Must be from -999,999,999 + to +999,999,999 inclusive. format: int32 type: integer seconds: - description: 'Signed seconds of the span of time. Must - be from -315,576,000,000 to +315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * - 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years' + description: |- + Signed seconds of the span of time. Must be from -315,576,000,000 + to +315,576,000,000 inclusive. Note: these bounds are computed from: + 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years format: int64 type: integer type: object @@ -629,8 +693,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/mesh.consul.hashicorp.com_proxyconfigurations.yaml b/control-plane/config/crd/bases/mesh.consul.hashicorp.com_proxyconfigurations.yaml index 1d15b34111..7fc7a22d2b 100644 --- a/control-plane/config/crd/bases/mesh.consul.hashicorp.com_proxyconfigurations.yaml +++ b/control-plane/config/crd/bases/mesh.consul.hashicorp.com_proxyconfigurations.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: proxyconfigurations.mesh.consul.hashicorp.com spec: group: mesh.consul.hashicorp.com @@ -37,14 +37,19 @@ spec: description: ProxyConfiguration is the Schema for the TCP Routes API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -52,7 +57,8 @@ spec: description: This is a Resource type. properties: bootstrapConfig: - description: bootstrap_config is the configuration that requires proxies + description: |- + bootstrap_config is the configuration that requires proxies to be restarted to be applied. properties: dogstatsdUrl: @@ -87,7 +93,8 @@ spec: type: string type: object dynamicConfig: - description: dynamic_config is the configuration that could be changed + description: |- + dynamic_config is the configuration that could be changed dynamically (i.e. without needing restart). properties: accessLogs: @@ -95,17 +102,17 @@ spec: access logs properties: disableListenerLogs: - description: DisableListenerLogs turns off just listener logs - for connections rejected by Envoy because they don't have - a matching listener filter. + description: |- + DisableListenerLogs turns off just listener logs for connections rejected by Envoy because they don't + have a matching listener filter. type: boolean enabled: description: Enabled turns off all access logging type: boolean jsonFormat: - description: The presence of one format string or the other - implies the access log string encoding. Defining both is - invalid. + description: |- + The presence of one format string or the other implies the access log string encoding. + Defining both is invalid. type: string path: description: Path is the output file to write logs @@ -123,24 +130,6 @@ spec: format: int32 type: string type: object - envoyExtensions: - items: - description: EnvoyExtension has configuration for an extension - that patches Envoy resources. - properties: - arguments: - type: object - x-kubernetes-preserve-unknown-fields: true - consulVersion: - type: string - envoyVersion: - type: string - name: - type: string - required: - type: boolean - type: object - type: array exposeConfig: properties: exposePaths: @@ -174,7 +163,7 @@ spec: format: int32 type: string maxInboundConnections: - format: int64 + format: int32 type: integer type: object listenerTracingJson: @@ -187,122 +176,130 @@ spec: properties: connectTimeout: description: "A Duration represents a signed, fixed-length - span of time represented as a count of seconds and fractions - of seconds at nanosecond resolution. It is independent - of any calendar and concepts like \"day\" or \"month\". - It is related to Timestamp in that the difference between - two Timestamp values is a Duration and it can be added - or subtracted from a Timestamp. Range is approximately - +-10,000 years. \n # Examples \n Example 1: Compute Duration - from two Timestamps in pseudo code. \n Timestamp start - = ...; Timestamp end = ...; Duration duration = ...; \n - duration.seconds = end.seconds - start.seconds; duration.nanos - = end.nanos - start.nanos; \n if (duration.seconds < 0 - && duration.nanos > 0) { duration.seconds += 1; duration.nanos - -= 1000000000; } else if (duration.seconds > 0 && duration.nanos - < 0) { duration.seconds -= 1; duration.nanos += 1000000000; - } \n Example 2: Compute Timestamp from Timestamp + Duration - in pseudo code. \n Timestamp start = ...; Duration duration - = ...; Timestamp end = ...; \n end.seconds = start.seconds - + duration.seconds; end.nanos = start.nanos + duration.nanos; - \n if (end.nanos < 0) { end.seconds -= 1; end.nanos += - 1000000000; } else if (end.nanos >= 1000000000) { end.seconds - += 1; end.nanos -= 1000000000; } \n Example 3: Compute - Duration from datetime.timedelta in Python. \n td = datetime.timedelta(days=3, - minutes=10) duration = Duration() duration.FromTimedelta(td) - \n # JSON Mapping \n In JSON format, the Duration type - is encoded as a string rather than an object, where the - string ends in the suffix \"s\" (indicating seconds) and - is preceded by the number of seconds, with nanoseconds - expressed as fractional seconds. For example, 3 seconds - with 0 nanoseconds should be encoded in JSON format as - \"3s\", while 3 seconds and 1 nanosecond should be expressed - in JSON format as \"3.000000001s\", and 3 seconds and - 1 microsecond should be expressed in JSON format as \"3.000001s\"." + span of time represented\nas a count of seconds and fractions + of seconds at nanosecond\nresolution. It is independent + of any calendar and concepts like \"day\"\nor \"month\". + It is related to Timestamp in that the difference between\ntwo + Timestamp values is a Duration and it can be added or + subtracted\nfrom a Timestamp. Range is approximately +-10,000 + years.\n\n\n# Examples\n\n\nExample 1: Compute Duration + from two Timestamps in pseudo code.\n\n\n\tTimestamp start + = ...;\n\tTimestamp end = ...;\n\tDuration duration = + ...;\n\n\n\tduration.seconds = end.seconds - start.seconds;\n\tduration.nanos + = end.nanos - start.nanos;\n\n\n\tif (duration.seconds + < 0 && duration.nanos > 0) {\n\t duration.seconds += + 1;\n\t duration.nanos -= 1000000000;\n\t} else if (duration.seconds + > 0 && duration.nanos < 0) {\n\t duration.seconds -= + 1;\n\t duration.nanos += 1000000000;\n\t}\n\n\nExample + 2: Compute Timestamp from Timestamp + Duration in pseudo + code.\n\n\n\tTimestamp start = ...;\n\tDuration duration + = ...;\n\tTimestamp end = ...;\n\n\n\tend.seconds = start.seconds + + duration.seconds;\n\tend.nanos = start.nanos + duration.nanos;\n\n\n\tif + (end.nanos < 0) {\n\t end.seconds -= 1;\n\t end.nanos + += 1000000000;\n\t} else if (end.nanos >= 1000000000) + {\n\t end.seconds += 1;\n\t end.nanos -= 1000000000;\n\t}\n\n\nExample + 3: Compute Duration from datetime.timedelta in Python.\n\n\n\ttd + = datetime.timedelta(days=3, minutes=10)\n\tduration = + Duration()\n\tduration.FromTimedelta(td)\n\n\n# JSON Mapping\n\n\nIn + JSON format, the Duration type is encoded as a string + rather than an\nobject, where the string ends in the suffix + \"s\" (indicating seconds) and\nis preceded by the number + of seconds, with nanoseconds expressed as\nfractional + seconds. For example, 3 seconds with 0 nanoseconds should + be\nencoded in JSON format as \"3s\", while 3 seconds + and 1 nanosecond should\nbe expressed in JSON format as + \"3.000000001s\", and 3 seconds and 1\nmicrosecond should + be expressed in JSON format as \"3.000001s\"." format: duration properties: nanos: - description: Signed fractions of a second at nanosecond - resolution of the span of time. Durations less than - one second are represented with a 0 `seconds` field - and a positive or negative `nanos` field. For durations - of one second or more, a non-zero value for the `nanos` - field must be of the same sign as the `seconds` field. - Must be from -999,999,999 to +999,999,999 inclusive. + description: |- + Signed fractions of a second at nanosecond resolution of the span + of time. Durations less than one second are represented with a 0 + `seconds` field and a positive or negative `nanos` field. For durations + of one second or more, a non-zero value for the `nanos` field must be + of the same sign as the `seconds` field. Must be from -999,999,999 + to +999,999,999 inclusive. format: int32 type: integer seconds: - description: 'Signed seconds of the span of time. Must - be from -315,576,000,000 to +315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * - 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years' + description: |- + Signed seconds of the span of time. Must be from -315,576,000,000 + to +315,576,000,000 inclusive. Note: these bounds are computed from: + 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years format: int64 type: integer type: object requestTimeout: description: "A Duration represents a signed, fixed-length - span of time represented as a count of seconds and fractions - of seconds at nanosecond resolution. It is independent - of any calendar and concepts like \"day\" or \"month\". - It is related to Timestamp in that the difference between - two Timestamp values is a Duration and it can be added - or subtracted from a Timestamp. Range is approximately - +-10,000 years. \n # Examples \n Example 1: Compute Duration - from two Timestamps in pseudo code. \n Timestamp start - = ...; Timestamp end = ...; Duration duration = ...; \n - duration.seconds = end.seconds - start.seconds; duration.nanos - = end.nanos - start.nanos; \n if (duration.seconds < 0 - && duration.nanos > 0) { duration.seconds += 1; duration.nanos - -= 1000000000; } else if (duration.seconds > 0 && duration.nanos - < 0) { duration.seconds -= 1; duration.nanos += 1000000000; - } \n Example 2: Compute Timestamp from Timestamp + Duration - in pseudo code. \n Timestamp start = ...; Duration duration - = ...; Timestamp end = ...; \n end.seconds = start.seconds - + duration.seconds; end.nanos = start.nanos + duration.nanos; - \n if (end.nanos < 0) { end.seconds -= 1; end.nanos += - 1000000000; } else if (end.nanos >= 1000000000) { end.seconds - += 1; end.nanos -= 1000000000; } \n Example 3: Compute - Duration from datetime.timedelta in Python. \n td = datetime.timedelta(days=3, - minutes=10) duration = Duration() duration.FromTimedelta(td) - \n # JSON Mapping \n In JSON format, the Duration type - is encoded as a string rather than an object, where the - string ends in the suffix \"s\" (indicating seconds) and - is preceded by the number of seconds, with nanoseconds - expressed as fractional seconds. For example, 3 seconds - with 0 nanoseconds should be encoded in JSON format as - \"3s\", while 3 seconds and 1 nanosecond should be expressed - in JSON format as \"3.000000001s\", and 3 seconds and - 1 microsecond should be expressed in JSON format as \"3.000001s\"." + span of time represented\nas a count of seconds and fractions + of seconds at nanosecond\nresolution. It is independent + of any calendar and concepts like \"day\"\nor \"month\". + It is related to Timestamp in that the difference between\ntwo + Timestamp values is a Duration and it can be added or + subtracted\nfrom a Timestamp. Range is approximately +-10,000 + years.\n\n\n# Examples\n\n\nExample 1: Compute Duration + from two Timestamps in pseudo code.\n\n\n\tTimestamp start + = ...;\n\tTimestamp end = ...;\n\tDuration duration = + ...;\n\n\n\tduration.seconds = end.seconds - start.seconds;\n\tduration.nanos + = end.nanos - start.nanos;\n\n\n\tif (duration.seconds + < 0 && duration.nanos > 0) {\n\t duration.seconds += + 1;\n\t duration.nanos -= 1000000000;\n\t} else if (duration.seconds + > 0 && duration.nanos < 0) {\n\t duration.seconds -= + 1;\n\t duration.nanos += 1000000000;\n\t}\n\n\nExample + 2: Compute Timestamp from Timestamp + Duration in pseudo + code.\n\n\n\tTimestamp start = ...;\n\tDuration duration + = ...;\n\tTimestamp end = ...;\n\n\n\tend.seconds = start.seconds + + duration.seconds;\n\tend.nanos = start.nanos + duration.nanos;\n\n\n\tif + (end.nanos < 0) {\n\t end.seconds -= 1;\n\t end.nanos + += 1000000000;\n\t} else if (end.nanos >= 1000000000) + {\n\t end.seconds += 1;\n\t end.nanos -= 1000000000;\n\t}\n\n\nExample + 3: Compute Duration from datetime.timedelta in Python.\n\n\n\ttd + = datetime.timedelta(days=3, minutes=10)\n\tduration = + Duration()\n\tduration.FromTimedelta(td)\n\n\n# JSON Mapping\n\n\nIn + JSON format, the Duration type is encoded as a string + rather than an\nobject, where the string ends in the suffix + \"s\" (indicating seconds) and\nis preceded by the number + of seconds, with nanoseconds expressed as\nfractional + seconds. For example, 3 seconds with 0 nanoseconds should + be\nencoded in JSON format as \"3s\", while 3 seconds + and 1 nanosecond should\nbe expressed in JSON format as + \"3.000000001s\", and 3 seconds and 1\nmicrosecond should + be expressed in JSON format as \"3.000001s\"." format: duration properties: nanos: - description: Signed fractions of a second at nanosecond - resolution of the span of time. Durations less than - one second are represented with a 0 `seconds` field - and a positive or negative `nanos` field. For durations - of one second or more, a non-zero value for the `nanos` - field must be of the same sign as the `seconds` field. - Must be from -999,999,999 to +999,999,999 inclusive. + description: |- + Signed fractions of a second at nanosecond resolution of the span + of time. Durations less than one second are represented with a 0 + `seconds` field and a positive or negative `nanos` field. For durations + of one second or more, a non-zero value for the `nanos` field must be + of the same sign as the `seconds` field. Must be from -999,999,999 + to +999,999,999 inclusive. format: int32 type: integer seconds: - description: 'Signed seconds of the span of time. Must - be from -315,576,000,000 to +315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * - 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years' + description: |- + Signed seconds of the span of time. Must be from -315,576,000,000 + to +315,576,000,000 inclusive. Note: these bounds are computed from: + 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years format: int64 type: integer type: object type: object - description: local_connection is the configuration that should - be used to connect to the local application provided per-port. + description: |- + local_connection is the configuration that should be used + to connect to the local application provided per-port. The map keys should correspond to port names on the workload. type: object localWorkloadAddress: - description: "deprecated: local_workload_address, local_workload_port, - and local_workload_socket_path are deprecated and are only needed - for migration of existing resources. \n Deprecated: Marked as - deprecated in pbmesh/v2beta1/proxy_configuration.proto." + description: |- + deprecated: + local_workload_address, local_workload_port, and local_workload_socket_path + are deprecated and are only needed for migration of existing resources. + + + Deprecated: Marked as deprecated in pbmesh/v2beta1/proxy_configuration.proto. type: string localWorkloadPort: description: 'Deprecated: Marked as deprecated in pbmesh/v2beta1/proxy_configuration.proto.' @@ -340,26 +337,31 @@ spec: transparentProxy: properties: dialedDirectly: - description: dialed_directly indicates whether this proxy - should be dialed using original destination IP in the connection - rather than load balance between all endpoints. + description: |- + dialed_directly indicates whether this proxy should be dialed using original destination IP + in the connection rather than load balance between all endpoints. type: boolean outboundListenerPort: - description: outbound_listener_port is the port for the proxy's - outbound listener. This defaults to 15001. + description: |- + outbound_listener_port is the port for the proxy's outbound listener. + This defaults to 15001. format: int32 type: integer type: object type: object opaqueConfig: - description: "deprecated: prevent usage when using v2 APIs directly. - needed for backwards compatibility \n Deprecated: Marked as deprecated - in pbmesh/v2beta1/proxy_configuration.proto." + description: |- + deprecated: prevent usage when using v2 APIs directly. + needed for backwards compatibility + + + Deprecated: Marked as deprecated in pbmesh/v2beta1/proxy_configuration.proto. type: object x-kubernetes-preserve-unknown-fields: true workloads: - description: Selection of workloads this proxy configuration should - apply to. These can be prefixes or specific workload names. + description: |- + Selection of workloads this proxy configuration should apply to. + These can be prefixes or specific workload names. properties: filter: type: string @@ -379,8 +381,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/config/crd/bases/mesh.consul.hashicorp.com_tcproutes.yaml b/control-plane/config/crd/bases/mesh.consul.hashicorp.com_tcproutes.yaml index 21a3a9c5ec..3494e3575f 100644 --- a/control-plane/config/crd/bases/mesh.consul.hashicorp.com_tcproutes.yaml +++ b/control-plane/config/crd/bases/mesh.consul.hashicorp.com_tcproutes.yaml @@ -5,7 +5,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: tcproutes.mesh.consul.hashicorp.com spec: group: mesh.consul.hashicorp.com @@ -37,38 +37,54 @@ spec: description: TCPRoute is the Schema for the TCP Route API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: "NOTE: this should align to the GAMMA/gateway-api version, - or at least be easily translatable. \n https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.TCPRoute - \n This is a Resource type." + description: |- + NOTE: this should align to the GAMMA/gateway-api version, or at least be + easily translatable. + + + https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.TCPRoute + + + This is a Resource type. properties: parentRefs: - description: "ParentRefs references the resources (usually Services) - that a Route wants to be attached to. \n It is invalid to reference - an identical parent more than once. It is valid to reference multiple - distinct sections within the same parent resource." + description: |- + ParentRefs references the resources (usually Services) that a Route wants + to be attached to. + + + It is invalid to reference an identical parent more than once. It is valid + to reference multiple distinct sections within the same parent resource. items: description: 'NOTE: roughly equivalent to structs.ResourceReference' properties: port: - description: For east/west this is the name of the Consul Service - port to direct traffic to or empty to imply all. For north/south - this is TBD. + description: |- + For east/west this is the name of the Consul Service port to direct traffic to + or empty to imply all. + For north/south this is TBD. type: string ref: - description: For east/west configuration, this should point - to a Service. For north/south it should point to a Gateway. + description: |- + For east/west configuration, this should point to a Service. + For north/south it should point to a Gateway. properties: name: description: Name is the user-given name of the resource @@ -79,43 +95,50 @@ spec: the condition relates to. type: string tenancy: - description: Tenancy identifies the tenancy units (i.e. - partition, namespace) in which the resource resides. + description: |- + Tenancy identifies the tenancy units (i.e. partition, namespace) in which + the resource resides. properties: namespace: - description: "Namespace further isolates resources within - a partition. https://developer.hashicorp.com/consul/docs/enterprise/namespaces - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all namespaces." + description: |- + Namespace further isolates resources within a partition. + https://developer.hashicorp.com/consul/docs/enterprise/namespaces + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all namespaces. type: string partition: - description: "Partition is the topmost administrative - boundary within a cluster. https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all partitions." + description: |- + Partition is the topmost administrative boundary within a cluster. + https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all partitions. type: string peerName: - description: "PeerName identifies which peer the resource - is imported from. https://developer.hashicorp.com/consul/docs/connect/cluster-peering - \n When using the List and WatchList endpoints, provide - the wildcard value \"*\" to list resources across - all peers." + description: |- + PeerName identifies which peer the resource is imported from. + https://developer.hashicorp.com/consul/docs/connect/cluster-peering + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all peers. type: string type: object type: description: Type identifies the resource's type. properties: group: - description: Group describes the area of functionality - to which this resource type relates (e.g. "catalog", - "authorization"). + description: |- + Group describes the area of functionality to which this resource type + relates (e.g. "catalog", "authorization"). type: string groupVersion: - description: GroupVersion is incremented when sweeping - or backward-incompatible changes are made to the group's - resource types. + description: |- + GroupVersion is incremented when sweeping or backward-incompatible changes + are made to the group's resource types. type: string kind: description: Kind identifies the specific resource type @@ -130,13 +153,13 @@ spec: items: properties: backendRefs: - description: BackendRefs defines the backend(s) where matching - requests should be sent. If unspecified or invalid (refers - to a non-existent resource or a Service with no endpoints), - the underlying implementation MUST actively reject connection - attempts to this backend. Connection rejections must respect - weight; if an invalid backend is requested to have 80% of - connections, then 80% of connections must be rejected instead. + description: |- + BackendRefs defines the backend(s) where matching requests should be sent. + If unspecified or invalid (refers to a non-existent resource or a Service + with no endpoints), the underlying implementation MUST actively reject + connection attempts to this backend. Connection rejections must respect + weight; if an invalid backend is requested to have 80% of connections, + then 80% of connections must be rejected instead. items: properties: backendRef: @@ -144,10 +167,12 @@ spec: datacenter: type: string port: - description: "For east/west this is the name of the - Consul Service port to direct traffic to or empty - to imply using the same value as the parent ref. - \n For north/south this is TBD." + description: |- + For east/west this is the name of the Consul Service port to direct traffic to + or empty to imply using the same value as the parent ref. + + + For north/south this is TBD. type: string ref: description: For east/west configuration, this should @@ -162,43 +187,49 @@ spec: the resource the condition relates to. type: string tenancy: - description: Tenancy identifies the tenancy units - (i.e. partition, namespace) in which the resource - resides. + description: |- + Tenancy identifies the tenancy units (i.e. partition, namespace) in which + the resource resides. properties: namespace: - description: "Namespace further isolates resources - within a partition. https://developer.hashicorp.com/consul/docs/enterprise/namespaces - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all namespaces." + description: |- + Namespace further isolates resources within a partition. + https://developer.hashicorp.com/consul/docs/enterprise/namespaces + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all namespaces. type: string partition: - description: "Partition is the topmost administrative - boundary within a cluster. https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all partitions." + description: |- + Partition is the topmost administrative boundary within a cluster. + https://developer.hashicorp.com/consul/docs/enterprise/admin-partitions + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all partitions. type: string peerName: - description: "PeerName identifies which peer - the resource is imported from. https://developer.hashicorp.com/consul/docs/connect/cluster-peering - \n When using the List and WatchList endpoints, - provide the wildcard value \"*\" to list - resources across all peers." + description: |- + PeerName identifies which peer the resource is imported from. + https://developer.hashicorp.com/consul/docs/connect/cluster-peering + + + When using the List and WatchList endpoints, provide the wildcard value "*" + to list resources across all peers. type: string type: object type: description: Type identifies the resource's type. properties: group: - description: Group describes the area of functionality - to which this resource type relates (e.g. - "catalog", "authorization"). + description: |- + Group describes the area of functionality to which this resource type + relates (e.g. "catalog", "authorization"). type: string groupVersion: - description: GroupVersion is incremented when - sweeping or backward-incompatible changes + description: |- + GroupVersion is incremented when sweeping or backward-incompatible changes are made to the group's resource types. type: string kind: @@ -209,18 +240,19 @@ spec: type: object type: object weight: - description: "Weight specifies the proportion of requests - forwarded to the referenced backend. This is computed - as weight/(sum of all weights in this BackendRefs list). - For non-zero values, there may be some epsilon from - the exact proportion defined here depending on the precision - an implementation supports. Weight is not a percentage - and the sum of weights does not need to equal 100. \n - If only one backend is specified and it has a weight - greater than 0, 100% of the traffic is forwarded to - that backend. If weight is set to 0, no traffic should - be forwarded for this entry. If unspecified, weight - defaults to 1." + description: |- + Weight specifies the proportion of requests forwarded to the referenced + backend. This is computed as weight/(sum of all weights in this + BackendRefs list). For non-zero values, there may be some epsilon from the + exact proportion defined here depending on the precision an implementation + supports. Weight is not a percentage and the sum of weights does not need + to equal 100. + + + If only one backend is specified and it has a weight greater than 0, 100% + of the traffic is forwarded to that backend. If weight is set to 0, no + traffic should be forwarded for this entry. If unspecified, weight defaults + to 1. format: int32 type: integer type: object @@ -234,8 +266,9 @@ spec: description: Conditions indicate the latest available observations of a resource's current state. items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Conditions define a readiness condition for a Consul resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: description: LastTransitionTime is the last time the condition diff --git a/control-plane/connect-inject/controllers/peering/peering_acceptor_controller.go b/control-plane/connect-inject/controllers/peering/peering_acceptor_controller.go index bc1318f1d5..e2ae67aba4 100644 --- a/control-plane/connect-inject/controllers/peering/peering_acceptor_controller.go +++ b/control-plane/connect-inject/controllers/peering/peering_acceptor_controller.go @@ -17,7 +17,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" "sigs.k8s.io/controller-runtime/pkg/client" @@ -266,7 +266,7 @@ func (r *AcceptorController) updateStatus(ctx context.Context, acceptorObjKey ty return err } if acceptor.Status.LatestPeeringVersion == nil || *acceptor.Status.LatestPeeringVersion < peeringVersion { - acceptor.Status.LatestPeeringVersion = pointer.Uint64(peeringVersion) + acceptor.Status.LatestPeeringVersion = ptr.To(uint64(peeringVersion)) } } err := r.Status().Update(ctx, acceptor) diff --git a/control-plane/connect-inject/controllers/peering/peering_acceptor_controller_test.go b/control-plane/connect-inject/controllers/peering/peering_acceptor_controller_test.go index 2ebba835e3..7c5a778ac7 100644 --- a/control-plane/connect-inject/controllers/peering/peering_acceptor_controller_test.go +++ b/control-plane/connect-inject/controllers/peering/peering_acceptor_controller_test.go @@ -19,7 +19,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/reconcile" @@ -244,7 +244,7 @@ func TestReconcile_CreateUpdatePeeringAcceptor(t *testing.T) { Backend: "kubernetes", }, }, - LatestPeeringVersion: pointer.Uint64(2), + LatestPeeringVersion: ptr.To(uint64(2)), }, expectedConsulPeerings: []*api.Peering{ { @@ -709,7 +709,7 @@ func TestReconcile_VersionAnnotation(t *testing.T) { }, ResourceVersion: "some-old-sha", }, - LatestPeeringVersion: pointer.Uint64(3), + LatestPeeringVersion: ptr.To(uint64(3)), }, }, "is no/op if annotation value is equal to value in status": { @@ -725,7 +725,7 @@ func TestReconcile_VersionAnnotation(t *testing.T) { }, ResourceVersion: "some-old-sha", }, - LatestPeeringVersion: pointer.Uint64(3), + LatestPeeringVersion: ptr.To(uint64(3)), }, }, "updates if annotation value is greater than value in status": { @@ -740,7 +740,7 @@ func TestReconcile_VersionAnnotation(t *testing.T) { Backend: "kubernetes", }, }, - LatestPeeringVersion: pointer.Uint64(4), + LatestPeeringVersion: ptr.To(uint64(4)), }, }, } @@ -771,7 +771,7 @@ func TestReconcile_VersionAnnotation(t *testing.T) { }, ResourceVersion: "some-old-sha", }, - LatestPeeringVersion: pointer.Uint64(3), + LatestPeeringVersion: ptr.To(uint64(3)), }, } secret := createSecret("acceptor-created-secret", "default", "data", "some-data") diff --git a/control-plane/connect-inject/controllers/peering/peering_dialer_controller.go b/control-plane/connect-inject/controllers/peering/peering_dialer_controller.go index bc6475bf1a..69b70631d8 100644 --- a/control-plane/connect-inject/controllers/peering/peering_dialer_controller.go +++ b/control-plane/connect-inject/controllers/peering/peering_dialer_controller.go @@ -17,7 +17,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" "sigs.k8s.io/controller-runtime/pkg/client" @@ -235,7 +235,7 @@ func (r *PeeringDialerController) updateStatus(ctx context.Context, dialerObjKey return err } if dialer.Status.LatestPeeringVersion == nil || *dialer.Status.LatestPeeringVersion < peeringVersion { - dialer.Status.LatestPeeringVersion = pointer.Uint64(peeringVersion) + dialer.Status.LatestPeeringVersion = ptr.To(uint64(peeringVersion)) } } err := r.Status().Update(ctx, dialer) diff --git a/control-plane/connect-inject/controllers/peering/peering_dialer_controller_test.go b/control-plane/connect-inject/controllers/peering/peering_dialer_controller_test.go index 6026d1e534..e759ca4e4c 100644 --- a/control-plane/connect-inject/controllers/peering/peering_dialer_controller_test.go +++ b/control-plane/connect-inject/controllers/peering/peering_dialer_controller_test.go @@ -20,7 +20,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/reconcile" @@ -246,7 +246,7 @@ func TestReconcile_CreateUpdatePeeringDialer(t *testing.T) { Backend: "kubernetes", }, }, - LatestPeeringVersion: pointer.Uint64(2), + LatestPeeringVersion: ptr.To(uint64(2)), }, peeringExists: true, }, @@ -400,7 +400,7 @@ func TestReconcile_VersionAnnotationPeeringDialer(t *testing.T) { Backend: "kubernetes", }, }, - LatestPeeringVersion: pointer.Uint64(3), + LatestPeeringVersion: ptr.To(uint64(3)), }, }, "is no/op if annotation value is equal to value in status": { @@ -415,7 +415,7 @@ func TestReconcile_VersionAnnotationPeeringDialer(t *testing.T) { Backend: "kubernetes", }, }, - LatestPeeringVersion: pointer.Uint64(3), + LatestPeeringVersion: ptr.To(uint64(3)), }, }, "updates if annotation value is greater than value in status": { @@ -430,7 +430,7 @@ func TestReconcile_VersionAnnotationPeeringDialer(t *testing.T) { Backend: "kubernetes", }, }, - LatestPeeringVersion: pointer.Uint64(4), + LatestPeeringVersion: ptr.To(uint64(4)), }, }, } @@ -482,7 +482,7 @@ func TestReconcile_VersionAnnotationPeeringDialer(t *testing.T) { }, ResourceVersion: "latest-version", }, - LatestPeeringVersion: pointer.Uint64(3), + LatestPeeringVersion: ptr.To(uint64(3)), }, } // Create fake k8s client diff --git a/control-plane/connect-inject/webhook/consul_dataplane_sidecar.go b/control-plane/connect-inject/webhook/consul_dataplane_sidecar.go index 13bf3f7bd1..6fcb136099 100644 --- a/control-plane/connect-inject/webhook/consul_dataplane_sidecar.go +++ b/control-plane/connect-inject/webhook/consul_dataplane_sidecar.go @@ -13,7 +13,7 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/hashicorp/consul-k8s/control-plane/connect-inject/common" "github.com/hashicorp/consul-k8s/control-plane/connect-inject/constants" @@ -229,11 +229,11 @@ func (w *MeshWebhook) consulDataplaneSidecar(namespace corev1.Namespace, pod cor } } container.SecurityContext = &corev1.SecurityContext{ - RunAsUser: pointer.Int64(sidecarUserAndGroupID), - RunAsGroup: pointer.Int64(sidecarUserAndGroupID), - RunAsNonRoot: pointer.Bool(true), - AllowPrivilegeEscalation: pointer.Bool(false), - ReadOnlyRootFilesystem: pointer.Bool(true), + RunAsUser: ptr.To(int64(sidecarUserAndGroupID)), + RunAsGroup: ptr.To(int64(sidecarUserAndGroupID)), + RunAsNonRoot: ptr.To(true), + AllowPrivilegeEscalation: ptr.To(false), + ReadOnlyRootFilesystem: ptr.To(true), } } diff --git a/control-plane/connect-inject/webhook/consul_dataplane_sidecar_test.go b/control-plane/connect-inject/webhook/consul_dataplane_sidecar_test.go index ae1f50e795..ea33f60133 100644 --- a/control-plane/connect-inject/webhook/consul_dataplane_sidecar_test.go +++ b/control-plane/connect-inject/webhook/consul_dataplane_sidecar_test.go @@ -14,7 +14,7 @@ import ( "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/hashicorp/consul-k8s/control-plane/connect-inject/constants" "github.com/hashicorp/consul-k8s/control-plane/connect-inject/lifecycle" @@ -803,22 +803,22 @@ func TestHandlerConsulDataplaneSidecar_withSecurityContext(t *testing.T) { tproxyEnabled: false, openShiftEnabled: false, expSecurityContext: &corev1.SecurityContext{ - RunAsUser: pointer.Int64(sidecarUserAndGroupID), - RunAsGroup: pointer.Int64(sidecarUserAndGroupID), - RunAsNonRoot: pointer.Bool(true), - ReadOnlyRootFilesystem: pointer.Bool(true), - AllowPrivilegeEscalation: pointer.Bool(false), + RunAsUser: ptr.To(int64(sidecarUserAndGroupID)), + RunAsGroup: ptr.To(int64(sidecarUserAndGroupID)), + RunAsNonRoot: ptr.To(true), + ReadOnlyRootFilesystem: ptr.To(true), + AllowPrivilegeEscalation: ptr.To(false), }, }, "tproxy enabled; openshift disabled": { tproxyEnabled: true, openShiftEnabled: false, expSecurityContext: &corev1.SecurityContext{ - RunAsUser: pointer.Int64(sidecarUserAndGroupID), - RunAsGroup: pointer.Int64(sidecarUserAndGroupID), - RunAsNonRoot: pointer.Bool(true), - ReadOnlyRootFilesystem: pointer.Bool(true), - AllowPrivilegeEscalation: pointer.Bool(false), + RunAsUser: ptr.To(int64(sidecarUserAndGroupID)), + RunAsGroup: ptr.To(int64(sidecarUserAndGroupID)), + RunAsNonRoot: ptr.To(true), + ReadOnlyRootFilesystem: ptr.To(true), + AllowPrivilegeEscalation: ptr.To(false), }, }, "tproxy disabled; openshift enabled": { @@ -830,11 +830,11 @@ func TestHandlerConsulDataplaneSidecar_withSecurityContext(t *testing.T) { tproxyEnabled: true, openShiftEnabled: true, expSecurityContext: &corev1.SecurityContext{ - RunAsUser: pointer.Int64(sidecarUserAndGroupID), - RunAsGroup: pointer.Int64(sidecarUserAndGroupID), - RunAsNonRoot: pointer.Bool(true), - ReadOnlyRootFilesystem: pointer.Bool(true), - AllowPrivilegeEscalation: pointer.Bool(false), + RunAsUser: ptr.To(int64(sidecarUserAndGroupID)), + RunAsGroup: ptr.To(int64(sidecarUserAndGroupID)), + RunAsNonRoot: ptr.To(true), + ReadOnlyRootFilesystem: ptr.To(true), + AllowPrivilegeEscalation: ptr.To(false), }, }, } @@ -882,7 +882,7 @@ func TestHandlerConsulDataplaneSidecar_FailsWithDuplicatePodSecurityContextUID(t }, }, SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(sidecarUserAndGroupID), + RunAsUser: ptr.To(int64(sidecarUserAndGroupID)), }, }, } @@ -910,14 +910,14 @@ func TestHandlerConsulDataplaneSidecar_FailsWithDuplicateContainerSecurityContex Name: "web", // Setting RunAsUser: 1 should succeed. SecurityContext: &corev1.SecurityContext{ - RunAsUser: pointer.Int64(1), + RunAsUser: ptr.To(int64(1)), }, }, { Name: "app", // Setting RunAsUser: 5995 should fail. SecurityContext: &corev1.SecurityContext{ - RunAsUser: pointer.Int64(sidecarUserAndGroupID), + RunAsUser: ptr.To(int64(sidecarUserAndGroupID)), }, Image: "not-consul-dataplane", }, @@ -937,14 +937,14 @@ func TestHandlerConsulDataplaneSidecar_FailsWithDuplicateContainerSecurityContex Name: "web", // Setting RunAsUser: 1 should succeed. SecurityContext: &corev1.SecurityContext{ - RunAsUser: pointer.Int64(1), + RunAsUser: ptr.To(int64(1)), }, }, { Name: "sidecar", // Setting RunAsUser: 5995 should succeed if the image matches h.ImageConsulDataplane. SecurityContext: &corev1.SecurityContext{ - RunAsUser: pointer.Int64(sidecarUserAndGroupID), + RunAsUser: ptr.To(int64(sidecarUserAndGroupID)), }, Image: "envoy", }, diff --git a/control-plane/connect-inject/webhook/container_init.go b/control-plane/connect-inject/webhook/container_init.go index effee89150..3586848023 100644 --- a/control-plane/connect-inject/webhook/container_init.go +++ b/control-plane/connect-inject/webhook/container_init.go @@ -13,7 +13,7 @@ import ( "github.com/hashicorp/consul-k8s/control-plane/connect-inject/common" "github.com/hashicorp/consul-k8s/control-plane/connect-inject/constants" corev1 "k8s.io/api/core/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) const ( @@ -245,26 +245,26 @@ func (w *MeshWebhook) containerInit(namespace corev1.Namespace, pod corev1.Pod, // Running consul connect redirect-traffic with iptables // requires both being a root user and having NET_ADMIN capability. container.SecurityContext = &corev1.SecurityContext{ - RunAsUser: pointer.Int64(rootUserAndGroupID), - RunAsGroup: pointer.Int64(rootUserAndGroupID), + RunAsUser: ptr.To(int64(rootUserAndGroupID)), + RunAsGroup: ptr.To(int64(rootUserAndGroupID)), // RunAsNonRoot overrides any setting in the Pod so that we can still run as root here as required. - RunAsNonRoot: pointer.Bool(false), - Privileged: pointer.Bool(privileged), + RunAsNonRoot: ptr.To(false), + Privileged: ptr.To(privileged), Capabilities: &corev1.Capabilities{ Add: []corev1.Capability{netAdminCapability}, }, } } else { container.SecurityContext = &corev1.SecurityContext{ - RunAsUser: pointer.Int64(initContainersUserAndGroupID), - RunAsGroup: pointer.Int64(initContainersUserAndGroupID), - RunAsNonRoot: pointer.Bool(true), - Privileged: pointer.Bool(privileged), + RunAsUser: ptr.To(int64(initContainersUserAndGroupID)), + RunAsGroup: ptr.To(int64(initContainersUserAndGroupID)), + RunAsNonRoot: ptr.To(true), + Privileged: ptr.To(privileged), Capabilities: &corev1.Capabilities{ Drop: []corev1.Capability{"ALL"}, }, - ReadOnlyRootFilesystem: pointer.Bool(true), - AllowPrivilegeEscalation: pointer.Bool(false), + ReadOnlyRootFilesystem: ptr.To(true), + AllowPrivilegeEscalation: ptr.To(false), } } } diff --git a/control-plane/connect-inject/webhook/container_init_test.go b/control-plane/connect-inject/webhook/container_init_test.go index 8feac95b84..dac78d8ad8 100644 --- a/control-plane/connect-inject/webhook/container_init_test.go +++ b/control-plane/connect-inject/webhook/container_init_test.go @@ -16,7 +16,7 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) const k8sNamespace = "k8snamespace" @@ -295,22 +295,22 @@ func TestHandlerContainerInit_transparentProxy(t *testing.T) { var expectedSecurityContext *corev1.SecurityContext if c.cniEnabled { expectedSecurityContext = &corev1.SecurityContext{ - RunAsUser: pointer.Int64(initContainersUserAndGroupID), - RunAsGroup: pointer.Int64(initContainersUserAndGroupID), - RunAsNonRoot: pointer.Bool(true), - Privileged: pointer.Bool(privileged), + RunAsUser: ptr.To(int64(initContainersUserAndGroupID)), + RunAsGroup: ptr.To(int64(initContainersUserAndGroupID)), + RunAsNonRoot: ptr.To(true), + Privileged: ptr.To(privileged), Capabilities: &corev1.Capabilities{ Drop: []corev1.Capability{"ALL"}, }, - ReadOnlyRootFilesystem: pointer.Bool(true), - AllowPrivilegeEscalation: pointer.Bool(false), + ReadOnlyRootFilesystem: ptr.To(true), + AllowPrivilegeEscalation: ptr.To(false), } } else if c.expTproxyEnabled { expectedSecurityContext = &corev1.SecurityContext{ - RunAsUser: pointer.Int64(0), - RunAsGroup: pointer.Int64(0), - RunAsNonRoot: pointer.Bool(false), - Privileged: pointer.Bool(privileged), + RunAsUser: ptr.To(int64(0)), + RunAsGroup: ptr.To(int64(0)), + RunAsNonRoot: ptr.To(false), + Privileged: ptr.To(privileged), Capabilities: &corev1.Capabilities{ Add: []corev1.Capability{netAdminCapability}, }, diff --git a/control-plane/connect-inject/webhook/dns.go b/control-plane/connect-inject/webhook/dns.go index 3f73928ece..9f2bde1cdf 100644 --- a/control-plane/connect-inject/webhook/dns.go +++ b/control-plane/connect-inject/webhook/dns.go @@ -9,7 +9,7 @@ import ( "github.com/miekg/dns" corev1 "k8s.io/api/core/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) const ( @@ -55,13 +55,13 @@ func (w *MeshWebhook) configureDNS(pod *corev1.Pod, k8sNS string) error { if cfg.Timeout != defaultDNSOptionTimeout { options = append(options, corev1.PodDNSConfigOption{ Name: "timeout", - Value: pointer.String(strconv.Itoa(cfg.Timeout)), + Value: ptr.To(strconv.Itoa(cfg.Timeout)), }) } if cfg.Attempts != defaultDNSOptionAttempts { options = append(options, corev1.PodDNSConfigOption{ Name: "attempts", - Value: pointer.String(strconv.Itoa(cfg.Attempts)), + Value: ptr.To(strconv.Itoa(cfg.Attempts)), }) } diff --git a/control-plane/connect-inject/webhook/dns_test.go b/control-plane/connect-inject/webhook/dns_test.go index e8d718557e..c5a8c976b9 100644 --- a/control-plane/connect-inject/webhook/dns_test.go +++ b/control-plane/connect-inject/webhook/dns_test.go @@ -9,7 +9,7 @@ import ( "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) func TestMeshWebhook_configureDNS(t *testing.T) { @@ -40,15 +40,15 @@ options ndots:5 timeout:6 attempts:3`, Options: []corev1.PodDNSConfigOption{ { Name: "ndots", - Value: pointer.String("5"), + Value: ptr.To("5"), }, { Name: "timeout", - Value: pointer.String("6"), + Value: ptr.To("6"), }, { Name: "attempts", - Value: pointer.String("3"), + Value: ptr.To("3"), }, }, }, @@ -65,7 +65,7 @@ options ndots:5`, Options: []corev1.PodDNSConfigOption{ { Name: "ndots", - Value: pointer.String("5"), + Value: ptr.To("5"), }, }, }, diff --git a/control-plane/connect-inject/webhookv2/consul_dataplane_sidecar.go b/control-plane/connect-inject/webhookv2/consul_dataplane_sidecar.go index d94dbeaaac..e49e3b44e3 100644 --- a/control-plane/connect-inject/webhookv2/consul_dataplane_sidecar.go +++ b/control-plane/connect-inject/webhookv2/consul_dataplane_sidecar.go @@ -13,7 +13,7 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/hashicorp/consul-k8s/control-plane/connect-inject/common" "github.com/hashicorp/consul-k8s/control-plane/connect-inject/constants" @@ -193,11 +193,11 @@ func (w *MeshWebhook) consulDataplaneSidecar(namespace corev1.Namespace, pod cor } } container.SecurityContext = &corev1.SecurityContext{ - RunAsUser: pointer.Int64(sidecarUserAndGroupID), - RunAsGroup: pointer.Int64(sidecarUserAndGroupID), - RunAsNonRoot: pointer.Bool(true), - ReadOnlyRootFilesystem: pointer.Bool(true), - AllowPrivilegeEscalation: pointer.Bool(false), + RunAsUser: ptr.To(int64(sidecarUserAndGroupID)), + RunAsGroup: ptr.To(int64(sidecarUserAndGroupID)), + RunAsNonRoot: ptr.To(true), + ReadOnlyRootFilesystem: ptr.To(true), + AllowPrivilegeEscalation: ptr.To(false), } } diff --git a/control-plane/connect-inject/webhookv2/consul_dataplane_sidecar_test.go b/control-plane/connect-inject/webhookv2/consul_dataplane_sidecar_test.go index 3b5fb3c0c7..e5eb319a02 100644 --- a/control-plane/connect-inject/webhookv2/consul_dataplane_sidecar_test.go +++ b/control-plane/connect-inject/webhookv2/consul_dataplane_sidecar_test.go @@ -14,7 +14,7 @@ import ( "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/hashicorp/consul-k8s/control-plane/connect-inject/constants" "github.com/hashicorp/consul-k8s/control-plane/connect-inject/lifecycle" @@ -467,22 +467,22 @@ func TestHandlerConsulDataplaneSidecar_withSecurityContext(t *testing.T) { tproxyEnabled: false, openShiftEnabled: false, expSecurityContext: &corev1.SecurityContext{ - RunAsUser: pointer.Int64(sidecarUserAndGroupID), - RunAsGroup: pointer.Int64(sidecarUserAndGroupID), - RunAsNonRoot: pointer.Bool(true), - ReadOnlyRootFilesystem: pointer.Bool(true), - AllowPrivilegeEscalation: pointer.Bool(false), + RunAsUser: ptr.To(int64(sidecarUserAndGroupID)), + RunAsGroup: ptr.To(int64(sidecarUserAndGroupID)), + RunAsNonRoot: ptr.To(true), + ReadOnlyRootFilesystem: ptr.To(true), + AllowPrivilegeEscalation: ptr.To(false), }, }, "tproxy enabled; openshift disabled": { tproxyEnabled: true, openShiftEnabled: false, expSecurityContext: &corev1.SecurityContext{ - RunAsUser: pointer.Int64(sidecarUserAndGroupID), - RunAsGroup: pointer.Int64(sidecarUserAndGroupID), - RunAsNonRoot: pointer.Bool(true), - ReadOnlyRootFilesystem: pointer.Bool(true), - AllowPrivilegeEscalation: pointer.Bool(false), + RunAsUser: ptr.To(int64(sidecarUserAndGroupID)), + RunAsGroup: ptr.To(int64(sidecarUserAndGroupID)), + RunAsNonRoot: ptr.To(true), + ReadOnlyRootFilesystem: ptr.To(true), + AllowPrivilegeEscalation: ptr.To(false), }, }, "tproxy disabled; openshift enabled": { @@ -494,11 +494,11 @@ func TestHandlerConsulDataplaneSidecar_withSecurityContext(t *testing.T) { tproxyEnabled: true, openShiftEnabled: true, expSecurityContext: &corev1.SecurityContext{ - RunAsUser: pointer.Int64(sidecarUserAndGroupID), - RunAsGroup: pointer.Int64(sidecarUserAndGroupID), - RunAsNonRoot: pointer.Bool(true), - ReadOnlyRootFilesystem: pointer.Bool(true), - AllowPrivilegeEscalation: pointer.Bool(false), + RunAsUser: ptr.To(int64(sidecarUserAndGroupID)), + RunAsGroup: ptr.To(int64(sidecarUserAndGroupID)), + RunAsNonRoot: ptr.To(true), + ReadOnlyRootFilesystem: ptr.To(true), + AllowPrivilegeEscalation: ptr.To(false), }, }, } @@ -546,7 +546,7 @@ func TestHandlerConsulDataplaneSidecar_FailsWithDuplicatePodSecurityContextUID(t }, }, SecurityContext: &corev1.PodSecurityContext{ - RunAsUser: pointer.Int64(sidecarUserAndGroupID), + RunAsUser: ptr.To(int64(sidecarUserAndGroupID)), }, }, } @@ -574,14 +574,14 @@ func TestHandlerConsulDataplaneSidecar_FailsWithDuplicateContainerSecurityContex Name: "web", // Setting RunAsUser: 1 should succeed. SecurityContext: &corev1.SecurityContext{ - RunAsUser: pointer.Int64(1), + RunAsUser: ptr.To(int64(1)), }, }, { Name: "app", // Setting RunAsUser: 5995 should fail. SecurityContext: &corev1.SecurityContext{ - RunAsUser: pointer.Int64(sidecarUserAndGroupID), + RunAsUser: ptr.To(int64(sidecarUserAndGroupID)), }, Image: "not-consul-dataplane", }, @@ -601,14 +601,14 @@ func TestHandlerConsulDataplaneSidecar_FailsWithDuplicateContainerSecurityContex Name: "web", // Setting RunAsUser: 1 should succeed. SecurityContext: &corev1.SecurityContext{ - RunAsUser: pointer.Int64(1), + RunAsUser: ptr.To(int64(1)), }, }, { Name: "sidecar", // Setting RunAsUser: 5995 should succeed if the image matches h.ImageConsulDataplane. SecurityContext: &corev1.SecurityContext{ - RunAsUser: pointer.Int64(sidecarUserAndGroupID), + RunAsUser: ptr.To(int64(sidecarUserAndGroupID)), }, Image: "envoy", }, diff --git a/control-plane/connect-inject/webhookv2/container_init.go b/control-plane/connect-inject/webhookv2/container_init.go index f393c5ebe0..68afb423ac 100644 --- a/control-plane/connect-inject/webhookv2/container_init.go +++ b/control-plane/connect-inject/webhookv2/container_init.go @@ -10,7 +10,7 @@ import ( "text/template" corev1 "k8s.io/api/core/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/hashicorp/consul-k8s/control-plane/connect-inject/common" "github.com/hashicorp/consul-k8s/control-plane/connect-inject/constants" @@ -214,26 +214,26 @@ func (w *MeshWebhook) containerInit(namespace corev1.Namespace, pod corev1.Pod) // Running consul mesh-init redirect-traffic with iptables // requires both being a root user and having NET_ADMIN capability. container.SecurityContext = &corev1.SecurityContext{ - RunAsUser: pointer.Int64(rootUserAndGroupID), - RunAsGroup: pointer.Int64(rootUserAndGroupID), + RunAsUser: ptr.To(int64(rootUserAndGroupID)), + RunAsGroup: ptr.To(int64(rootUserAndGroupID)), // RunAsNonRoot overrides any setting in the Pod so that we can still run as root here as required. - RunAsNonRoot: pointer.Bool(false), - Privileged: pointer.Bool(privileged), + RunAsNonRoot: ptr.To(false), + Privileged: ptr.To(privileged), Capabilities: &corev1.Capabilities{ Add: []corev1.Capability{netAdminCapability}, }, } } else { container.SecurityContext = &corev1.SecurityContext{ - RunAsUser: pointer.Int64(initContainersUserAndGroupID), - RunAsGroup: pointer.Int64(initContainersUserAndGroupID), - RunAsNonRoot: pointer.Bool(true), - Privileged: pointer.Bool(privileged), + RunAsUser: ptr.To(int64(initContainersUserAndGroupID)), + RunAsGroup: ptr.To(int64(initContainersUserAndGroupID)), + RunAsNonRoot: ptr.To(true), + Privileged: ptr.To(privileged), Capabilities: &corev1.Capabilities{ Drop: []corev1.Capability{"ALL"}, }, - ReadOnlyRootFilesystem: pointer.Bool(true), - AllowPrivilegeEscalation: pointer.Bool(false), + ReadOnlyRootFilesystem: ptr.To(true), + AllowPrivilegeEscalation: ptr.To(false), } } } diff --git a/control-plane/connect-inject/webhookv2/container_init_test.go b/control-plane/connect-inject/webhookv2/container_init_test.go index b85ecd3ba5..7bf6ad0633 100644 --- a/control-plane/connect-inject/webhookv2/container_init_test.go +++ b/control-plane/connect-inject/webhookv2/container_init_test.go @@ -13,7 +13,7 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/hashicorp/consul-k8s/control-plane/connect-inject/constants" "github.com/hashicorp/consul-k8s/control-plane/consul" @@ -286,22 +286,22 @@ func TestHandlerContainerInit_transparentProxy(t *testing.T) { var expectedSecurityContext *corev1.SecurityContext if c.cniEnabled { expectedSecurityContext = &corev1.SecurityContext{ - RunAsUser: pointer.Int64(initContainersUserAndGroupID), - RunAsGroup: pointer.Int64(initContainersUserAndGroupID), - RunAsNonRoot: pointer.Bool(true), - Privileged: pointer.Bool(privileged), + RunAsUser: ptr.To(int64(initContainersUserAndGroupID)), + RunAsGroup: ptr.To(int64(initContainersUserAndGroupID)), + RunAsNonRoot: ptr.To(true), + Privileged: ptr.To(privileged), Capabilities: &corev1.Capabilities{ Drop: []corev1.Capability{"ALL"}, }, - ReadOnlyRootFilesystem: pointer.Bool(true), - AllowPrivilegeEscalation: pointer.Bool(false), + ReadOnlyRootFilesystem: ptr.To(true), + AllowPrivilegeEscalation: ptr.To(false), } } else if c.expTproxyEnabled { expectedSecurityContext = &corev1.SecurityContext{ - RunAsUser: pointer.Int64(0), - RunAsGroup: pointer.Int64(0), - RunAsNonRoot: pointer.Bool(false), - Privileged: pointer.Bool(privileged), + RunAsUser: ptr.To(int64(0)), + RunAsGroup: ptr.To(int64(0)), + RunAsNonRoot: ptr.To(false), + Privileged: ptr.To(privileged), Capabilities: &corev1.Capabilities{ Add: []corev1.Capability{netAdminCapability}, }, diff --git a/control-plane/connect-inject/webhookv2/dns.go b/control-plane/connect-inject/webhookv2/dns.go index 883c9ed034..d1ba994460 100644 --- a/control-plane/connect-inject/webhookv2/dns.go +++ b/control-plane/connect-inject/webhookv2/dns.go @@ -9,7 +9,7 @@ import ( "github.com/miekg/dns" corev1 "k8s.io/api/core/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) const ( @@ -55,13 +55,13 @@ func (w *MeshWebhook) configureDNS(pod *corev1.Pod, k8sNS string) error { if cfg.Timeout != defaultDNSOptionTimeout { options = append(options, corev1.PodDNSConfigOption{ Name: "timeout", - Value: pointer.String(strconv.Itoa(cfg.Timeout)), + Value: ptr.To(strconv.Itoa(cfg.Timeout)), }) } if cfg.Attempts != defaultDNSOptionAttempts { options = append(options, corev1.PodDNSConfigOption{ Name: "attempts", - Value: pointer.String(strconv.Itoa(cfg.Attempts)), + Value: ptr.To(strconv.Itoa(cfg.Attempts)), }) } diff --git a/control-plane/connect-inject/webhookv2/dns_test.go b/control-plane/connect-inject/webhookv2/dns_test.go index e7a380b271..ae2e544df1 100644 --- a/control-plane/connect-inject/webhookv2/dns_test.go +++ b/control-plane/connect-inject/webhookv2/dns_test.go @@ -9,7 +9,7 @@ import ( "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) func TestMeshWebhook_configureDNS(t *testing.T) { @@ -40,15 +40,15 @@ options ndots:5 timeout:6 attempts:3`, Options: []corev1.PodDNSConfigOption{ { Name: "ndots", - Value: pointer.String("5"), + Value: ptr.To("5"), }, { Name: "timeout", - Value: pointer.String("6"), + Value: ptr.To("6"), }, { Name: "attempts", - Value: pointer.String("3"), + Value: ptr.To("3"), }, }, }, @@ -65,7 +65,7 @@ options ndots:5`, Options: []corev1.PodDNSConfigOption{ { Name: "ndots", - Value: pointer.String("5"), + Value: ptr.To("5"), }, }, }, diff --git a/control-plane/go.mod b/control-plane/go.mod index 2116eafef5..14253c962e 100644 --- a/control-plane/go.mod +++ b/control-plane/go.mod @@ -9,15 +9,15 @@ require ( github.com/deckarep/golang-set/v2 v2.6.0 github.com/evanphx/json-patch v5.6.0+incompatible github.com/fsnotify/fsnotify v1.6.0 - github.com/go-logr/logr v1.2.4 - github.com/google/go-cmp v0.5.9 + github.com/go-logr/logr v1.3.0 + github.com/google/go-cmp v0.6.0 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 github.com/hashicorp/consul-k8s/control-plane/cni v0.0.0-20230825213844-4ea04860c5ed github.com/hashicorp/consul-k8s/version v0.0.0 github.com/hashicorp/consul-server-connection-manager v0.1.6 - github.com/hashicorp/consul/api v1.10.1-0.20240122160221-1c7e9443cbcd + github.com/hashicorp/consul/api v1.27.2 github.com/hashicorp/consul/proto-public v0.5.1 - github.com/hashicorp/consul/sdk v0.15.0 + github.com/hashicorp/consul/sdk v0.16.0 github.com/hashicorp/go-bexpr v0.1.11 github.com/hashicorp/go-discover v0.0.0-20230519164032-214571b6a530 github.com/hashicorp/go-hclog v1.6.3 @@ -35,18 +35,18 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/stretchr/testify v1.8.4 go.uber.org/zap v1.25.0 - golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 - golang.org/x/text v0.14.0 + golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 + golang.org/x/text v0.17.0 golang.org/x/time v0.3.0 gomodules.xyz/jsonpatch/v2 v2.4.0 google.golang.org/grpc v1.58.3 google.golang.org/protobuf v1.33.0 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.28.9 - k8s.io/apimachinery v0.28.9 - k8s.io/client-go v0.28.9 - k8s.io/klog/v2 v2.100.1 - k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 + k8s.io/api v0.29.8 + k8s.io/apimachinery v0.29.8 + k8s.io/client-go v0.29.8 + k8s.io/klog/v2 v2.110.1 + k8s.io/utils v0.0.0-20230726121419-3b25d923346b sigs.k8s.io/controller-runtime v0.16.5 sigs.k8s.io/gateway-api v0.7.1 ) @@ -79,7 +79,7 @@ require ( github.com/dimchansky/utfbom v1.1.0 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect - github.com/fatih/color v1.16.0 // indirect + github.com/fatih/color v1.17.0 // indirect github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect github.com/go-jose/go-jose/v3 v3.0.3 // indirect github.com/go-logr/zapr v1.2.4 // indirect @@ -104,7 +104,7 @@ require ( github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/hashicorp/go-sockaddr v1.0.2 // indirect - github.com/hashicorp/golang-lru v0.5.4 // indirect + github.com/hashicorp/golang-lru v1.0.2 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/hashicorp/mdns v1.0.4 // indirect github.com/hashicorp/vic v1.5.1-0.20190403131502-bbfe86ec9443 // indirect @@ -142,14 +142,14 @@ require ( github.com/vmware/govmomi v0.18.0 // indirect go.opencensus.io v0.24.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.22.0 // indirect - golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.24.0 // indirect + golang.org/x/crypto v0.26.0 // indirect + golang.org/x/mod v0.20.0 // indirect + golang.org/x/net v0.28.0 // indirect golang.org/x/oauth2 v0.10.0 // indirect - golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.19.0 // indirect - golang.org/x/tools v0.16.1 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/sys v0.24.0 // indirect + golang.org/x/term v0.23.0 // indirect + golang.org/x/tools v0.24.0 // indirect google.golang.org/api v0.126.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect @@ -158,10 +158,12 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/apiextensions-apiserver v0.28.3 // indirect k8s.io/component-base v0.28.3 // indirect - k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect + k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) -go 1.20 +go 1.21 + +toolchain go1.22.6 diff --git a/control-plane/go.sum b/control-plane/go.sum index 241cd34a1a..f7c41efd72 100644 --- a/control-plane/go.sum +++ b/control-plane/go.sum @@ -35,6 +35,7 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af h1:DBNMBMuMiWYu0b+8KMJuWmfCkcxl09JwdlqwDZZ6U14= +github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -51,6 +52,7 @@ github.com/aws/aws-sdk-go v1.44.262 h1:gyXpcJptWoNkK+DiAiaBltlreoWKQXjAIh6FRh60F github.com/aws/aws-sdk-go v1.44.262/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A= +github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -98,6 +100,7 @@ github.com/digitalocean/godo v1.7.5/go.mod h1:h6faOIcZ8lWIwNQ+DN7b3CgX4Kwby5T+nb github.com/dimchansky/utfbom v1.1.0 h1:FcM3g+nofKgUteL8dm/UpdRXNC9KmADgTpLKsu0TRo4= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dnaeon/go-vcr v1.0.1 h1:r8L/HqC0Hje5AXMu1ooW8oyQyOFv4GxqpL0nRP7SLLY= +github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -113,8 +116,8 @@ github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2Vvl github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= +github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= @@ -129,9 +132,9 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= @@ -143,7 +146,9 @@ github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw= +github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -170,6 +175,7 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= +github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -179,8 +185,9 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-querystring v0.0.0-20170111101155-53e6ce116135 h1:zLTLjkaOFEFIOxY5BWLFLwh+cL8vOBW4XJ2aqLE/Tf0= github.com/google/go-querystring v0.0.0-20170111101155-53e6ce116135/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -188,6 +195,7 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc= github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= @@ -206,12 +214,12 @@ github.com/hashicorp/consul-k8s/control-plane/cni v0.0.0-20230825213844-4ea04860 github.com/hashicorp/consul-k8s/control-plane/cni v0.0.0-20230825213844-4ea04860c5ed/go.mod h1:mwODEC+VTCA1LY/m2RUG4S2c5lNRvBcsvqaMJtMLLos= github.com/hashicorp/consul-server-connection-manager v0.1.6 h1:ktj8Fi+dRXn9hhM+FXsfEJayhzzgTqfH08Ne5M6Fmug= github.com/hashicorp/consul-server-connection-manager v0.1.6/go.mod h1:HngMIv57MT+pqCVeRQMa1eTB5dqnyMm8uxjyv+Hn8cs= -github.com/hashicorp/consul/api v1.10.1-0.20240122160221-1c7e9443cbcd h1:M98X+hMQSPtK5xpAFuSGlgh4eE2py9UNmB1S6w6/a6c= -github.com/hashicorp/consul/api v1.10.1-0.20240122160221-1c7e9443cbcd/go.mod h1:gInwZGrnWlE1Vvq6rSD5pUf6qwNa69NTLLknbdwQRUk= +github.com/hashicorp/consul/api v1.27.2 h1:zsAbIIaydKeAXo56TILS99Brwhm7LNq4kcaJ0HX3jZU= +github.com/hashicorp/consul/api v1.27.2/go.mod h1:wINl0Kzn39L6ucX3ApP2DdI8JhCxkYx8KS8p99Gm69w= github.com/hashicorp/consul/proto-public v0.5.1 h1:g4xHZ7rJ56iktDi1uThKp+IbvHrP6nveZeGVt2Qw5x0= github.com/hashicorp/consul/proto-public v0.5.1/go.mod h1:SayEhfXS3DQDnW/vKSZXvkwDObg7XK60KTfrJcp0wrg= -github.com/hashicorp/consul/sdk v0.15.0 h1:2qK9nDrr4tiJKRoxPGhm6B7xJjLVIQqkjiab2M4aKjU= -github.com/hashicorp/consul/sdk v0.15.0/go.mod h1:r/OmRRPbHOe0yxNahLw7G9x5WG17E1BIECMtCjcPSNo= +github.com/hashicorp/consul/sdk v0.16.0 h1:SE9m0W6DEfgIVCJX7xU+iv/hUl4m/nxqMTnCdMxDpJ8= +github.com/hashicorp/consul/sdk v0.16.0/go.mod h1:7pxqqhqoaPqnBnzXD1StKed62LqJeClzVsUEy85Zr0A= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -229,6 +237,7 @@ github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJ github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI= +github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= @@ -256,8 +265,8 @@ github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= -github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= +github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= @@ -276,6 +285,7 @@ github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1: github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da h1:FjHUJJ7oBW4G/9j1KzlHaXL09LyMVM9rupS39lncbXk= +github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da/go.mod h1:ks+b9deReOc7jgqp+e7LuFiCBH6Rm5hL32cLcEAArb4= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= @@ -297,6 +307,7 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -358,11 +369,13 @@ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108 github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= -github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU= +github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= +github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= -github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= +github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= +github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/packethost/packngo v0.1.1-0.20180711074735-b9cb5096f54c h1:vwpFWvAO8DeIZfFeqASzZfsxuWPno9ncAebBEP0N3uE= github.com/packethost/packngo v0.1.1-0.20180711074735-b9cb5096f54c/go.mod h1:otzZQXgoO96RTzDB/Hycg0qZcXZsWJGJRSXbmEIJ+4M= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -402,6 +415,7 @@ github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03 h1:Wdi9nwnhFNAlseAOe github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03/go.mod h1:gRAiPF5C5Nd0eyyRdqIu9qTiFSoZzpTq727b5B8fkkU= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= @@ -449,6 +463,7 @@ go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqe go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= +go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= @@ -465,11 +480,11 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= +golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= +golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 h1:m64FZMko/V45gv0bNmrNYoDEq8U5YUhetc9cBWKS1TQ= -golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63/go.mod h1:0v4NqG35kSWCMzLaMeX+IQrlSnVE/bqGSyC2cz/9Le8= +golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 h1:kx6Ds3MlpiUHKj7syVnbp57++8WpuKPcR5yjLBjvLEA= +golang.org/x/exp v0.0.0-20240823005443-9b4947da3948/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -479,8 +494,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= -golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= +golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -509,8 +524,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= +golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8= @@ -524,8 +539,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -569,16 +584,16 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= +golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= +golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -588,8 +603,9 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -606,8 +622,8 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= -golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= +golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= +golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -625,7 +641,9 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 h1:Z0hjGZePRE0ZBWotvtrwxFNrNE9CUAGtplaDK5NNI/g= +google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98/go.mod h1:S7mY02OqCJTD0E1OiQy1F72PWFB4bZJ87cAtLPYgDR0= google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98 h1:FmF5cCW94Ij59cfpoLiwTgodWmm60eEV0CjlsVg2fuw= +google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ= google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 h1:bVf09lpb+OJbByTj913DRJioFFAjf/ZGxEz7MajTp2U= google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -678,29 +696,29 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.28.9 h1:E7VEXXCAlSrp+08zq4zgd+ko6Ttu0Mw+XoXlIkDTVW0= -k8s.io/api v0.28.9/go.mod h1:AnCsDYf3SHjfa8mPG5LGYf+iF4mie+3peLQR51MMCgw= +k8s.io/api v0.29.8 h1:ZBKg9clWnIGtQ5yGhNwMw2zyyrsIAQaXhZACcYNflQE= +k8s.io/api v0.29.8/go.mod h1:XlGIpmpzKGrtVca7GlgNryZJ19SvQdI808NN7fy1SgQ= k8s.io/apiextensions-apiserver v0.28.3 h1:Od7DEnhXHnHPZG+W9I97/fSQkVpVPQx2diy+2EtmY08= k8s.io/apiextensions-apiserver v0.28.3/go.mod h1:NE1XJZ4On0hS11aWWJUTNkmVB03j9LM7gJSisbRt8Lc= -k8s.io/apimachinery v0.28.9 h1:aXz4Zxsw+Pk4KhBerAtKRxNN1uSMWKfciL/iOdBfXvA= -k8s.io/apimachinery v0.28.9/go.mod h1:zUG757HaKs6Dc3iGtKjzIpBfqTM4yiRsEe3/E7NX15o= -k8s.io/client-go v0.28.9 h1:mmMvejwc/KDjMLmDpyaxkWNzlWRCJ6ht7Qsbsnwn39Y= -k8s.io/client-go v0.28.9/go.mod h1:GFDy3rUNId++WGrr0hRaBrs+y1eZz5JtVZODEalhRMo= +k8s.io/apimachinery v0.29.8 h1:uBHc9WuKiTHClIspJqtR84WNpG0aOGn45HWqxgXkk8Y= +k8s.io/apimachinery v0.29.8/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y= +k8s.io/client-go v0.29.8 h1:QMRKcIzqE/qawknXcsi51GdIAYN8UP39S/M5KnFu/J0= +k8s.io/client-go v0.29.8/go.mod h1:ZzrAAVrqO2jVXMb8My/jTke8n0a/mIynnA3y/1y1UB0= k8s.io/component-base v0.28.3 h1:rDy68eHKxq/80RiMb2Ld/tbH8uAE75JdCqJyi6lXMzI= k8s.io/component-base v0.28.3/go.mod h1:fDJ6vpVNSk6cRo5wmDa6eKIG7UlIQkaFmZN2fYgIUD8= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= -k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= +k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/controller-runtime v0.16.5 h1:yr1cEJbX08xsTW6XEIzT13KHHmIyX8Umvme2cULvFZw= sigs.k8s.io/controller-runtime v0.16.5/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= sigs.k8s.io/gateway-api v0.7.1 h1:Tts2jeepVkPA5rVG/iO+S43s9n7Vp7jCDhZDQYtPigQ= sigs.k8s.io/gateway-api v0.7.1/go.mod h1:Xv0+ZMxX0lu1nSSDIIPEfbVztgNZ+3cfiYrJsa2Ooso= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=