Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update CRDs for Permissive mTLS #2100

Merged
merged 3 commits into from
May 11, 2023
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add allowEnablingPermisiveMutualTLS to mesh config entry
Paul Glass committed May 2, 2023
commit f3ce13decf6054301fb0a79f778f848fa635ce9e
5 changes: 5 additions & 0 deletions charts/consul/templates/crd-meshes.yaml
Original file line number Diff line number Diff line change
@@ -55,6 +55,11 @@ spec:
spec:
description: MeshSpec defines the desired state of Mesh.
properties:
allowEnablingPermissiveMutualTLS:
description: AllowEnablingPermissiveMutualTLS must be true in order
to allow setting MutualTLSMode=permissive in either service-defaults
or proxy-defaults.
type: boolean
http:
description: HTTP defines the HTTP configuration for the service mesh.
properties:
14 changes: 9 additions & 5 deletions control-plane/api/v1alpha1/mesh_types.go
Original file line number Diff line number Diff line change
@@ -51,6 +51,9 @@ type MeshList struct {
type MeshSpec struct {
// TransparentProxy controls the configuration specific to proxies in "transparent" mode. Added in v1.10.0.
TransparentProxy TransparentProxyMeshConfig `json:"transparentProxy,omitempty"`
// AllowEnablingPermissiveMutualTLS must be true in order to allow setting
// MutualTLSMode=permissive in either service-defaults or proxy-defaults.
AllowEnablingPermissiveMutualTLS bool `json:"allowEnablingPermissiveMutualTLS,omitempty"`
// TLS defines the TLS configuration for the service mesh.
TLS *MeshTLSConfig `json:"tls,omitempty"`
// HTTP defines the HTTP configuration for the service mesh.
@@ -192,11 +195,12 @@ func (in *Mesh) SetLastSyncedTime(time *metav1.Time) {

func (in *Mesh) ToConsul(datacenter string) capi.ConfigEntry {
return &capi.MeshConfigEntry{
TransparentProxy: in.Spec.TransparentProxy.toConsul(),
TLS: in.Spec.TLS.toConsul(),
HTTP: in.Spec.HTTP.toConsul(),
Peering: in.Spec.Peering.toConsul(),
Meta: meta(datacenter),
TransparentProxy: in.Spec.TransparentProxy.toConsul(),
AllowEnablingPermissiveMutualTLS: in.Spec.AllowEnablingPermissiveMutualTLS,
TLS: in.Spec.TLS.toConsul(),
HTTP: in.Spec.HTTP.toConsul(),
Peering: in.Spec.Peering.toConsul(),
Meta: meta(datacenter),
}
}

4 changes: 4 additions & 0 deletions control-plane/api/v1alpha1/mesh_types_test.go
Original file line number Diff line number Diff line change
@@ -48,6 +48,7 @@ func TestMesh_MatchesConsul(t *testing.T) {
TransparentProxy: TransparentProxyMeshConfig{
MeshDestinationsOnly: true,
},
AllowEnablingPermissiveMutualTLS: true,
TLS: &MeshTLSConfig{
Incoming: &MeshDirectionalTLSConfig{
TLSMinVersion: "TLSv1_0",
@@ -72,6 +73,7 @@ func TestMesh_MatchesConsul(t *testing.T) {
TransparentProxy: capi.TransparentProxyMeshConfig{
MeshDestinationsOnly: true,
},
AllowEnablingPermissiveMutualTLS: true,
TLS: &capi.MeshTLSConfig{
Incoming: &capi.MeshDirectionalTLSConfig{
TLSMinVersion: "TLSv1_0",
@@ -148,6 +150,7 @@ func TestMesh_ToConsul(t *testing.T) {
TransparentProxy: TransparentProxyMeshConfig{
MeshDestinationsOnly: true,
},
AllowEnablingPermissiveMutualTLS: true,
TLS: &MeshTLSConfig{
Incoming: &MeshDirectionalTLSConfig{
TLSMinVersion: "TLSv1_0",
@@ -172,6 +175,7 @@ func TestMesh_ToConsul(t *testing.T) {
TransparentProxy: capi.TransparentProxyMeshConfig{
MeshDestinationsOnly: true,
},
AllowEnablingPermissiveMutualTLS: true,
TLS: &capi.MeshTLSConfig{
Incoming: &capi.MeshDirectionalTLSConfig{
TLSMinVersion: "TLSv1_0",
Original file line number Diff line number Diff line change
@@ -51,6 +51,11 @@ spec:
spec:
description: MeshSpec defines the desired state of Mesh.
properties:
allowEnablingPermissiveMutualTLS:
description: AllowEnablingPermissiveMutualTLS must be true in order
to allow setting MutualTLSMode=permissive in either service-defaults
or proxy-defaults.
type: boolean
http:
description: HTTP defines the HTTP configuration for the service mesh.
properties: