Add TransparentProxy fields to ServiceDefaults and ProxyDefaults

- Update webhook versions to only support v1
hashicorp · Apr 22, 2021 · 85a238d · 85a238d
1 parent 34b35d4
commit 85a238d
Show file tree

Hide file tree

Showing 6 changed files with 106 additions and 99 deletions.
diff --git a/templates/connect-inject-mutatingwebhook.yaml b/templates/connect-inject-mutatingwebhook.yaml
@@ -1,10 +1,6 @@
 {{- if (or (and (ne (.Values.connectInject.enabled | toString) "-") .Values.connectInject.enabled) (and (eq (.Values.connectInject.enabled | toString) "-") .Values.global.enabled)) }}
 # The MutatingWebhookConfiguration to enable the Connect injector.
-{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
 apiVersion: admissionregistration.k8s.io/v1
-{{- else }}
-apiVersion: admissionregistration.k8s.io/v1beta1
-{{- end }}
 kind: MutatingWebhookConfiguration
 metadata:
   name: {{ template "consul.fullname" . }}-connect-injector-cfg
@@ -19,18 +15,18 @@ webhooks:
     failurePolicy: Ignore
     sideEffects: None
     admissionReviewVersions:
-      - "v1beta1"
-      - "v1"
+    - "v1beta1"
+    - "v1"
     clientConfig:
       service:
         name: {{ template "consul.fullname" . }}-connect-injector-svc
         namespace: {{ .Release.Namespace }}
         path: "/mutate"
     rules:
-      - operations: [ "CREATE" ]
-        apiGroups: [""]
-        apiVersions: ["v1"]
-        resources: ["pods"]
+    - operations: [ "CREATE" ]
+      apiGroups: [""]
+      apiVersions: ["v1"]
+      resources: ["pods"]
 {{- if .Values.connectInject.namespaceSelector }}
     namespaceSelector:
 {{ tpl .Values.connectInject.namespaceSelector . | indent 6 }}

diff --git a/templates/controller-mutatingwebhookconfiguration.yaml b/templates/controller-mutatingwebhookconfiguration.yaml
@@ -1,9 +1,5 @@
 {{- if .Values.controller.enabled }}
-{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
 apiVersion: admissionregistration.k8s.io/v1
-{{- else }}
-apiVersion: admissionregistration.k8s.io/v1beta1
-{{- end }}
 kind: MutatingWebhookConfiguration
 metadata:
   name: {{ template "consul.fullname" . }}-controller-mutating-webhook-configuration
@@ -22,8 +18,8 @@ webhooks:
       path: /mutate-v1alpha1-proxydefaults
   failurePolicy: Fail
   admissionReviewVersions:
-    - "v1beta1"
-    - "v1"
+  - "v1beta1"
+  - "v1"
   name: mutate-proxydefaults.consul.hashicorp.com
   rules:
     - apiGroups:
@@ -44,19 +40,19 @@ webhooks:
       path: /mutate-v1alpha1-servicedefaults
   failurePolicy: Fail
   admissionReviewVersions:
-    - "v1beta1"
-    - "v1"
+  - "v1beta1"
+  - "v1"
   name: mutate-servicedefaults.consul.hashicorp.com
   rules:
-    - apiGroups:
-      - consul.hashicorp.com
-      apiVersions:
-      - v1alpha1
-      operations:
-      - CREATE
-      - UPDATE
-      resources:
-      - servicedefaults
+  - apiGroups:
+    - consul.hashicorp.com
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - servicedefaults
   sideEffects: None
 - clientConfig:
     caBundle: Cg==
@@ -66,19 +62,19 @@ webhooks:
       path: /mutate-v1alpha1-serviceresolver
   failurePolicy: Fail
   admissionReviewVersions:
-    - "v1beta1"
-    - "v1"
+  - "v1beta1"
+  - "v1"
   name: mutate-serviceresolver.consul.hashicorp.com
   rules:
-    - apiGroups:
-      - consul.hashicorp.com
-      apiVersions:
-      - v1alpha1
-      operations:
-      - CREATE
-      - UPDATE
-      resources:
-      - serviceresolvers
+  - apiGroups:
+    - consul.hashicorp.com
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - serviceresolvers
   sideEffects: None
 - clientConfig:
     caBundle: Cg==
@@ -88,19 +84,19 @@ webhooks:
       path: /mutate-v1alpha1-servicerouter
   failurePolicy: Fail
   admissionReviewVersions:
-    - "v1beta1"
-    - "v1"
+  - "v1beta1"
+  - "v1"
   name: mutate-servicerouter.consul.hashicorp.com
   rules:
-    - apiGroups:
-      - consul.hashicorp.com
-      apiVersions:
-      - v1alpha1
-      operations:
-      - CREATE
-      - UPDATE
-      resources:
-      - servicerouters
+  - apiGroups:
+    - consul.hashicorp.com
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - servicerouters
   sideEffects: None
 - clientConfig:
     caBundle: Cg==
@@ -110,19 +106,19 @@ webhooks:
       path: /mutate-v1alpha1-servicesplitter
   failurePolicy: Fail
   admissionReviewVersions:
-    - "v1beta1"
-    - "v1"
+  - "v1beta1"
+  - "v1"
   name: mutate-servicesplitter.consul.hashicorp.com
   rules:
-    - apiGroups:
-      - consul.hashicorp.com
-      apiVersions:
-      - v1alpha1
-      operations:
-      - CREATE
-      - UPDATE
-      resources:
-      - servicesplitters
+  - apiGroups:
+    - consul.hashicorp.com
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - servicesplitters
   sideEffects: None
 - clientConfig:
     caBundle: Cg==
@@ -132,19 +128,19 @@ webhooks:
       path: /mutate-v1alpha1-serviceintentions
   failurePolicy: Fail
   admissionReviewVersions:
-    - "v1beta1"
-    - "v1"
+  - "v1beta1"
+  - "v1"
   name: mutate-serviceintentions.consul.hashicorp.com
   rules:
-    - apiGroups:
-      - consul.hashicorp.com
-      apiVersions:
-      - v1alpha1
-      operations:
-      - CREATE
-      - UPDATE
-      resources:
-      - serviceintentions
+  - apiGroups:
+    - consul.hashicorp.com
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - serviceintentions
   sideEffects: None
 - clientConfig:
     caBundle: Cg==
@@ -154,19 +150,19 @@ webhooks:
       path: /mutate-v1alpha1-ingressgateway
   failurePolicy: Fail
   admissionReviewVersions:
-    - "v1beta1"
-    - "v1"
+  - "v1beta1"
+  - "v1"
   name: mutate-ingressgateway.consul.hashicorp.com
   rules:
-    - apiGroups:
-        - consul.hashicorp.com
-      apiVersions:
-        - v1alpha1
-      operations:
-        - CREATE
-        - UPDATE
-      resources:
-        - ingressgateways
+  - apiGroups:
+      - consul.hashicorp.com
+    apiVersions:
+      - v1alpha1
+    operations:
+      - CREATE
+      - UPDATE
+    resources:
+      - ingressgateways
   sideEffects: None
 - clientConfig:
     caBundle: Cg==
@@ -176,18 +172,18 @@ webhooks:
       path: /mutate-v1alpha1-terminatinggateway
   failurePolicy: Fail
   admissionReviewVersions:
-    - "v1beta1"
-    - "v1"
+  - "v1beta1"
+  - "v1"
   name: mutate-terminatinggateway.consul.hashicorp.com
   rules:
-    - apiGroups:
-        - consul.hashicorp.com
-      apiVersions:
-        - v1alpha1
-      operations:
-        - CREATE
-        - UPDATE
-      resources:
-        - terminatinggateways
+  - apiGroups:
+      - consul.hashicorp.com
+    apiVersions:
+      - v1alpha1
+    operations:
+      - CREATE
+      - UPDATE
+    resources:
+      - terminatinggateways
   sideEffects: None
 {{- end }}
diff --git a/templates/crd-proxydefaults.yaml b/templates/crd-proxydefaults.yaml
@@ -87,6 +87,13 @@ spec:
                     description: Mode is the mode that should be used for the upstream connection. One of none, local, or remote.
                     type: string
                 type: object
+              transparentProxy:
+                description: TransparentProxy controls configuration specific to proxies in transparent mode.
+                properties:
+                  outboundListenerPort:
+                    description: The port of the listener where outbound application traffic is being redirected to.
+                    type: integer
+                type: object
             type: object
           status:
             properties:

diff --git a/templates/crd-servicedefaults.yaml b/templates/crd-servicedefaults.yaml
@@ -89,6 +89,13 @@ spec:
               protocol:
                 description: Protocol sets the protocol of the service. This is used by Connect proxies for things like observability features and to unlock usage of the service-splitter and service-router config entries for a service.
                 type: string
+              transparentProxy:
+                description: TransparentProxy controls configuration specific to proxies in transparent mode.
+                properties:
+                  outboundListenerPort:
+                    description: The port of the listener where outbound application traffic is being redirected to.
+                    type: integer
+                type: object
             type: object
           status:
             properties:

diff --git a/test/acceptance/go.mod b/test/acceptance/go.mod
@@ -4,8 +4,8 @@ go 1.14
 
 require (
 	github.com/gruntwork-io/terratest v0.31.2
-	github.com/hashicorp/consul/api v1.4.1-0.20201015173526-812fe06d6c64
-	github.com/hashicorp/consul/sdk v0.6.0
+	github.com/hashicorp/consul/api v1.4.1-0.20210415000851-62fcf1ff17cd
+	github.com/hashicorp/consul/sdk v0.7.0
 	github.com/stretchr/testify v1.5.1
 	gopkg.in/yaml.v2 v2.2.8
 	k8s.io/api v0.19.3

diff --git a/test/acceptance/go.sum b/test/acceptance/go.sum
@@ -225,10 +225,10 @@ github.com/gruntwork-io/gruntwork-cli v0.7.0 h1:YgSAmfCj9c61H+zuvHwKfYUwlMhu5arn
 github.com/gruntwork-io/gruntwork-cli v0.7.0/go.mod h1:jp6Z7NcLF2avpY8v71fBx6hds9eOFPELSuD/VPv7w00=
 github.com/gruntwork-io/terratest v0.31.2 h1:xvYHA80MUq5kx670dM18HInewOrrQrAN+XbVVtytUHg=
 github.com/gruntwork-io/terratest v0.31.2/go.mod h1:EEgJie28gX/4AD71IFqgMj6e99KP5mi81hEtzmDjxTo=
-github.com/hashicorp/consul/api v1.4.1-0.20201015173526-812fe06d6c64 h1:8/zXC/mxIXKRqcRACIu/G016QKE/XWWBXsuNnJO3O9s=
-github.com/hashicorp/consul/api v1.4.1-0.20201015173526-812fe06d6c64/go.mod h1:duA0cMzNQkvdlj8Ayz6LmyaMUta7iVW8qY2w2bic/Iw=
-github.com/hashicorp/consul/sdk v0.6.0 h1:FfhMEkwvQl57CildXJyGHnwGGM4HMODGyfjGwNM1Vdw=
-github.com/hashicorp/consul/sdk v0.6.0/go.mod h1:fY08Y9z5SvJqevyZNy6WWPXiG3KwBPAvlcdx16zZ0fM=
+github.com/hashicorp/consul/api v1.4.1-0.20210415000851-62fcf1ff17cd h1:HKntL2binKSK5AFIzsJ9WmfPwjUTRgT5/mCifKVpPt8=
+github.com/hashicorp/consul/api v1.4.1-0.20210415000851-62fcf1ff17cd/go.mod h1:sDjTOq0yUyv5G4h+BqSea7Fn6BU+XbolEz1952UB+mk=
+github.com/hashicorp/consul/sdk v0.7.0 h1:H6R9d008jDcHPQPAqPNuydAshJ4v5/8URdFnUvK/+sc=
+github.com/hashicorp/consul/sdk v0.7.0/go.mod h1:fY08Y9z5SvJqevyZNy6WWPXiG3KwBPAvlcdx16zZ0fM=
 github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM=
@@ -412,6 +412,7 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=