Skip to content

Commit

Permalink
Merge branch 'main' into net-10843-cannot-add-tolerations-to-apigateway
Browse files Browse the repository at this point in the history
  • Loading branch information
missylbytes authored Sep 23, 2024
2 parents c0c93b1 + 0c37451 commit e52f94c
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 27 deletions.
3 changes: 3 additions & 0 deletions .changelog/4333.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
helm: Exclude gke namespaces from being connect-injected when the connect-inject: default: true value is set.
```
1 change: 1 addition & 0 deletions .github/workflows/pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ jobs:
- check-name: acceptance-cni
- check-name: acceptance-tproxy
- check-name: Unit test helm templates
- check-name: Unit test helm gen
- check-name: Unit test enterprise control plane
- check-name: Unit test control plane
- check-name: Unit test cli
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ generate-external-crds: ## Generate CRDs for externally defined CRDs and copy th

.PHONY: bats-tests
bats-tests: ## Run Helm chart bats tests.
bats --jobs 4 charts/consul/test/unit
docker run -it -v $(CURDIR):/consul-k8s hashicorpdev/consul-helm-test:latest bats --jobs 4 /consul-k8s/charts/consul/test/unit -f "$(TEST_NAME)"

##@ Control Plane Targets

Expand Down
50 changes: 25 additions & 25 deletions charts/consul/test/docker/Test.dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -9,71 +9,71 @@
# a script to configure kubectl, potentially install Helm, and run the tests
# manually. This image only has the dependencies pre-installed.

FROM cimg/go:1.19
FROM cimg/go:1.23.1

# change the user to root so we can install stuff
USER root

ENV BATS_VERSION "1.6.0"
ENV TERRAFORM_VERSION "0.13.5"
ENV BATS_VERSION "1.11.0"
ENV TERRAFORM_VERSION "1.9.6"

RUN apt-get update

# base packages
RUN apt-get install -y \
openssl \
python3 \
python3-pip \
jq
openssl \
python3 \
python3-pip \
jq

# yq
RUN pip3 install yq

# gcloud
RUN echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] http://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && \
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - && \
apt-get update -y && \
apt-get install google-cloud-sdk -y && \
apt-get install google-cloud-sdk-gke-gcloud-auth-plugin
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - && \
apt-get update -y && \
apt-get install google-cloud-sdk -y && \
apt-get install google-cloud-sdk-gke-gcloud-auth-plugin

# terraform
RUN curl -sSL https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip -o /tmp/tf.zip \
&& unzip /tmp/tf.zip \
&& mv ./terraform /usr/local/bin/terraform
&& unzip /tmp/tf.zip \
&& mv ./terraform /usr/local/bin/terraform

# kubectl
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && \
chmod +x ./kubectl && \
mv ./kubectl /usr/local/bin/kubectl
chmod +x ./kubectl && \
mv ./kubectl /usr/local/bin/kubectl

# helm
RUN curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash

# bats
RUN curl -sSL https://github.com/bats-core/bats-core/archive/v${BATS_VERSION}.tar.gz -o /tmp/bats.tgz \
&& tar -zxf /tmp/bats.tgz -C /tmp \
&& /bin/bash /tmp/bats-core-${BATS_VERSION}/install.sh /usr/local
&& tar -zxf /tmp/bats.tgz -C /tmp \
&& /bin/bash /tmp/bats-core-${BATS_VERSION}/install.sh /usr/local

# Azure CLI
RUN curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash

# OpenShift CLI
# https://docs.microsoft.com/en-us/azure/openshift/tutorial-connect-cluster
RUN curl -sSL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz -o /tmp/oc.tar.gz \
&& tar -zxvf /tmp/oc.tar.gz -C /tmp \
&& mv /tmp/oc /usr/local/bin/oc
&& tar -zxvf /tmp/oc.tar.gz -C /tmp \
&& mv /tmp/oc /usr/local/bin/oc

# AWS CLI
RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
&& unzip awscliv2.zip \
&& ./aws/install --bin-dir /usr/local/bin \
&& rm awscliv2.zip \
&& rm -rf ./aws
&& unzip awscliv2.zip \
&& ./aws/install --bin-dir /usr/local/bin \
&& rm awscliv2.zip \
&& rm -rf ./aws

# AWS IAM authenticator
RUN curl -Lo aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v0.5.9/aws-iam-authenticator_0.5.9_linux_amd64 \
&& chmod +x ./aws-iam-authenticator \
&& mv ./aws-iam-authenticator /usr/local/bin/aws-iam-authenticator
&& chmod +x ./aws-iam-authenticator \
&& mv ./aws-iam-authenticator /usr/local/bin/aws-iam-authenticator

# change the user back to what circleci/golang image has
USER circleci
3 changes: 2 additions & 1 deletion charts/consul/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2771,6 +2771,7 @@ connectInject:
# By default, we exclude kube-system since usually users won't
# want those pods injected and local-path-storage and openebs so that
# Kind (Kubernetes In Docker) and [OpenEBS](https://openebs.io/) respectively can provision Pods used to create PVCs.
# We also exclude gmp-system and gke-managed-cim namespaces that are used by GKE for managing the cluster.
# Note that this exclusion is only supported in Kubernetes v1.21.1+.
#
# Example:
Expand All @@ -2785,7 +2786,7 @@ connectInject:
matchExpressions:
- key: "kubernetes.io/metadata.name"
operator: "NotIn"
values: ["kube-system","local-path-storage","openebs"]
values: ["kube-system","local-path-storage","openebs","gmp-system","gke-managed-cim"]
# List of k8s namespaces to allow Connect sidecar
# injection in. If a k8s namespace is not included or is listed in `k8sDenyNamespaces`,
Expand Down

0 comments on commit e52f94c

Please sign in to comment.