From 10f2b77bbbbfdeaa1c890397ec975b3676a213b6 Mon Sep 17 00:00:00 2001
From: izturn <44051386+izturn@users.noreply.github.com>
Date: Thu, 1 Aug 2024 21:44:04 +0800
Subject: [PATCH 01/12] update envoy version in Makefile to v1.31.0 (#6594)
Signed-off-by: gang.liu
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 57cdc9a8ffb..bff74428fef 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@ IMAGE := $(REGISTRY)/$(PROJECT)
SRCDIRS := ./cmd ./internal ./apis
LOCAL_BOOTSTRAP_CONFIG = localenvoyconfig.yaml
SECURE_LOCAL_BOOTSTRAP_CONFIG = securelocalenvoyconfig.yaml
-ENVOY_IMAGE = docker.io/envoyproxy/envoy:v1.30.4
+ENVOY_IMAGE = docker.io/envoyproxy/envoy:v1.31.0
GATEWAY_API_VERSION ?= $(shell grep "sigs.k8s.io/gateway-api" go.mod | awk '{print $$2}')
# Used to supply a local Envoy docker container an IP to connect to that is running
From ebfca9efc0e8a36744085e209190d62e4ca72b7d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Aug 2024 08:27:42 -0600
Subject: [PATCH 02/12] build(deps): bump github.com/cert-manager/cert-manager
(#6590)
Bumps [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) from 1.15.1 to 1.15.2.
- [Release notes](https://github.com/cert-manager/cert-manager/releases)
- [Changelog](https://github.com/cert-manager/cert-manager/blob/master/RELEASE.md)
- [Commits](https://github.com/cert-manager/cert-manager/compare/v1.15.1...v1.15.2)
---
updated-dependencies:
- dependency-name: github.com/cert-manager/cert-manager
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
go.mod | 2 +-
go.sum | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/go.mod b/go.mod
index bbb2bc0571f..67f66d9ea07 100644
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,7 @@ require (
github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
github.com/alecthomas/kingpin/v2 v2.4.0
github.com/bombsimon/logrusr/v4 v4.1.0
- github.com/cert-manager/cert-manager v1.15.1
+ github.com/cert-manager/cert-manager v1.15.2
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
github.com/distribution/reference v0.6.0
github.com/envoyproxy/go-control-plane v0.12.1-0.20240111020705-5401a878d8bb
diff --git a/go.sum b/go.sum
index bb6c1fe134f..7eb4401257a 100644
--- a/go.sum
+++ b/go.sum
@@ -70,8 +70,8 @@ github.com/campoy/embedmd v1.0.0/go.mod h1:oxyr9RCiSXg0M3VJ3ks0UGfp98BpSSGr0kpiX
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
-github.com/cert-manager/cert-manager v1.15.1 h1:HSG4k2GlJ2YgTLkZfQzrArNaQpM9+ehDDg550IxAD94=
-github.com/cert-manager/cert-manager v1.15.1/go.mod h1:p98JoGv3J9JhdKU9ngsj2EhWGI6/GlU7kpjWu5lf2js=
+github.com/cert-manager/cert-manager v1.15.2 h1:Mjbvc+FjYeg2928xy7bcS+c+ARxyqBcXM9QypOg1/Uo=
+github.com/cert-manager/cert-manager v1.15.2/go.mod h1:stBge/DTvrhfQMB/93+Y62s+gQgZBsfL1o0C/4AL/mI=
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chigopher/pathlib v0.19.1 h1:RoLlUJc0CqBGwq239cilyhxPNLXTK+HXoASGyGznx5A=
From eb3a2663cda8ba5992be5728059bab15b3747c95 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Aug 2024 08:27:59 -0600
Subject: [PATCH 03/12] build(deps): bump docker/setup-buildx-action from 3.5.0
to 3.6.1 (#6591)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.5.0 to 3.6.1.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/aa33708b10e362ff993539393ff100fa93ed6a27...988b5a0280414f521da01fcc63a27aeeb4b104db)
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/build_main.yaml | 2 +-
.github/workflows/build_tag.yaml | 2 +-
.github/workflows/prbuild.yaml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/build_main.yaml b/.github/workflows/build_main.yaml
index d0f2e263a89..f380fbda486 100644
--- a/.github/workflows/build_main.yaml
+++ b/.github/workflows/build_main.yaml
@@ -21,7 +21,7 @@ jobs:
with:
persist-credentials: false
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0
+ uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
with:
version: latest
- name: Log in to GHCR
diff --git a/.github/workflows/build_tag.yaml b/.github/workflows/build_tag.yaml
index d6f1842b710..582266c345f 100644
--- a/.github/workflows/build_tag.yaml
+++ b/.github/workflows/build_tag.yaml
@@ -31,7 +31,7 @@ jobs:
with:
persist-credentials: false
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0
+ uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
with:
version: latest
- name: Log in to GHCR
diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml
index 674e9ff4006..cf0d91f92a9 100644
--- a/.github/workflows/prbuild.yaml
+++ b/.github/workflows/prbuild.yaml
@@ -103,7 +103,7 @@ jobs:
with:
persist-credentials: false
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0
+ uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
with:
version: latest
- name: Build image
From baeeb3fb6ddeca999fd860f0989076718872a5e6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Aug 2024 08:28:22 -0600
Subject: [PATCH 04/12] build(deps): bump github.com/onsi/gomega from 1.34.0 to
1.34.1 (#6592)
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.34.0 to 1.34.1.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.34.0...v1.34.1)
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
go.mod | 16 ++++++++--------
go.sum | 32 ++++++++++++++++----------------
2 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/go.mod b/go.mod
index 67f66d9ea07..eb9f777afac 100644
--- a/go.mod
+++ b/go.mod
@@ -19,7 +19,7 @@ require (
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
github.com/onsi/ginkgo/v2 v2.19.1
- github.com/onsi/gomega v1.34.0
+ github.com/onsi/gomega v1.34.1
github.com/projectcontour/yages v0.1.0
github.com/prometheus/client_golang v1.19.1
github.com/prometheus/client_model v0.6.1
@@ -120,17 +120,17 @@ require (
github.com/subosito/gotenv v1.4.2 // indirect
github.com/tsaarni/x500dn v1.0.0 // indirect
github.com/xhit/go-str2duration/v2 v2.1.0 // indirect
- golang.org/x/crypto v0.24.0 // indirect
- golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect
+ golang.org/x/crypto v0.25.0 // indirect
+ golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
golang.org/x/image v0.18.0 // indirect
- golang.org/x/mod v0.17.0 // indirect
- golang.org/x/net v0.26.0 // indirect
+ golang.org/x/mod v0.19.0 // indirect
+ golang.org/x/net v0.27.0 // indirect
golang.org/x/sync v0.7.0 // indirect
- golang.org/x/sys v0.21.0 // indirect
- golang.org/x/term v0.21.0 // indirect
+ golang.org/x/sys v0.22.0 // indirect
+ golang.org/x/term v0.22.0 // indirect
golang.org/x/text v0.16.0 // indirect
golang.org/x/time v0.5.0 // indirect
- golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
+ golang.org/x/tools v0.23.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
diff --git a/go.sum b/go.sum
index 7eb4401257a..da78b607a45 100644
--- a/go.sum
+++ b/go.sum
@@ -306,8 +306,8 @@ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
github.com/onsi/ginkgo/v2 v2.19.1 h1:QXgq3Z8Crl5EL1WBAC98A5sEBHARrAJNzAmMxzLcRF0=
github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdrjkPb9zA=
-github.com/onsi/gomega v1.34.0 h1:eSSPsPNp6ZpsG8X1OVmOTxig+CblTc4AxpPBykhe2Os=
-github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo=
+github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
+github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
@@ -413,8 +413,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
-golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -425,8 +425,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=
-golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/image v0.18.0 h1:jGzIakQa/ZXI1I0Fxvaa9W7yP25TqT6cHIHn+6CqvSQ=
@@ -452,8 +452,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
-golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
+golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -486,8 +486,8 @@ golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v
golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
-golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -553,11 +553,11 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
-golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
+golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk=
+golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -624,8 +624,8 @@ golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4f
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
+golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
From 8d46632237f9f0a50bf8ea357bd2fe9bca3addcc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Aug 2024 08:29:39 -0600
Subject: [PATCH 05/12] build(deps): bump golangci/golangci-lint-action from
6.0.1 to 6.1.0 (#6589)
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.0.1 to 6.1.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/a4f60bb28d35aeee14e6880718e0c85ff1882e64...aaa42aa0628b4ae2578232a66b541047968fac86)
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/prbuild.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml
index cf0d91f92a9..c0cb7c740fe 100644
--- a/.github/workflows/prbuild.yaml
+++ b/.github/workflows/prbuild.yaml
@@ -27,7 +27,7 @@ jobs:
with:
persist-credentials: false
- name: golangci-lint
- uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
+ uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
with:
version: v1.56.2
args: --build-tags=e2e,conformance,tools,gcp,oidc,none --out-format=colored-line-number
From bdee0a4df0bb77f4b731d1819a2852433675944d Mon Sep 17 00:00:00 2001
From: Steve Kriss
Date: Thu, 1 Aug 2024 08:59:05 -0600
Subject: [PATCH 06/12] remove unused Makefile variables (#6595)
Removes ENVOY_IMAGE, SRCDIRS, LOCAL_BOOTSTRAP_CONFIG
and SECURE_LOCAL_BOOTSTRAP_CONFIG.
Signed-off-by: Steve Kriss
---
Makefile | 4 ----
1 file changed, 4 deletions(-)
diff --git a/Makefile b/Makefile
index bff74428fef..0159e911f2a 100644
--- a/Makefile
+++ b/Makefile
@@ -3,10 +3,6 @@ PROJECT = contour
MODULE = github.com/$(ORG)/$(PROJECT)
REGISTRY ?= ghcr.io/projectcontour
IMAGE := $(REGISTRY)/$(PROJECT)
-SRCDIRS := ./cmd ./internal ./apis
-LOCAL_BOOTSTRAP_CONFIG = localenvoyconfig.yaml
-SECURE_LOCAL_BOOTSTRAP_CONFIG = securelocalenvoyconfig.yaml
-ENVOY_IMAGE = docker.io/envoyproxy/envoy:v1.31.0
GATEWAY_API_VERSION ?= $(shell grep "sigs.k8s.io/gateway-api" go.mod | awk '{print $$2}')
# Used to supply a local Envoy docker container an IP to connect to that is running
From 87eeac8c21df3070122de2a033d32c16e9e004d8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Aug 2024 09:20:19 -0600
Subject: [PATCH 07/12] build(deps): bump actions/upload-artifact in the
artifact-actions group (#6603)
Bumps the artifact-actions group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact).
Updates `actions/upload-artifact` from 4.3.4 to 4.3.5
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/0b2256b8c012f0828dc542b3febcab082c67f72b...89ef406dd8d7e03cfd12d9e0a4a378f454709029)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: artifact-actions
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/build_tag.yaml | 2 +-
.github/workflows/openssf-scorecard.yaml | 2 +-
.github/workflows/prbuild.yaml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/build_tag.yaml b/.github/workflows/build_tag.yaml
index 582266c345f..5094cbf1d14 100644
--- a/.github/workflows/build_tag.yaml
+++ b/.github/workflows/build_tag.yaml
@@ -84,7 +84,7 @@ jobs:
export CONTOUR_E2E_IMAGE="ghcr.io/projectcontour/contour:$(git describe --tags)"
make setup-kind-cluster run-gateway-conformance cleanup-kind
- name: Upload gateway conformance report
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+ uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
with:
name: gateway-conformance-report
path: gateway-conformance-report/projectcontour-contour-*.yaml
diff --git a/.github/workflows/openssf-scorecard.yaml b/.github/workflows/openssf-scorecard.yaml
index 01060d4a550..0b7672b9fcf 100644
--- a/.github/workflows/openssf-scorecard.yaml
+++ b/.github/workflows/openssf-scorecard.yaml
@@ -32,7 +32,7 @@ jobs:
results_format: sarif
publish_results: true
- name: "Upload artifact"
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+ uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
with:
name: SARIF file
path: results.sarif
diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml
index c0cb7c740fe..c30be2337fc 100644
--- a/.github/workflows/prbuild.yaml
+++ b/.github/workflows/prbuild.yaml
@@ -112,7 +112,7 @@ jobs:
run: |
make multiarch-build
- name: Upload image
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+ uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
with:
name: image
path: image/contour-*.tar
From 4f6d7907bf2412ad47a2dec550411fe15bd2871f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Aug 2024 09:22:10 -0600
Subject: [PATCH 08/12] build(deps): bump golang.org/x/oauth2 from 0.21.0 to
0.22.0 (#6599)
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.21.0 to 0.22.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.21.0...v0.22.0)
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
go.mod | 2 +-
go.sum | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/go.mod b/go.mod
index eb9f777afac..0e5c11bc439 100644
--- a/go.mod
+++ b/go.mod
@@ -29,7 +29,7 @@ require (
github.com/tsaarni/certyaml v0.9.3
github.com/vektra/mockery/v2 v2.43.2
go.uber.org/automaxprocs v1.5.3
- golang.org/x/oauth2 v0.21.0
+ golang.org/x/oauth2 v0.22.0
gonum.org/v1/plot v0.14.0
google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157
google.golang.org/grpc v1.65.0
diff --git a/go.sum b/go.sum
index da78b607a45..430ae0f0a94 100644
--- a/go.sum
+++ b/go.sum
@@ -497,8 +497,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ
golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
-golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
+golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
From d59d534bd702184a9425f6b79b53699e54ba8713 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Aug 2024 09:22:29 -0600
Subject: [PATCH 09/12] build(deps): bump github.com/vektra/mockery/v2 from
2.43.2 to 2.44.1 (#6598)
Bumps [github.com/vektra/mockery/v2](https://github.com/vektra/mockery) from 2.43.2 to 2.44.1.
- [Release notes](https://github.com/vektra/mockery/releases)
- [Changelog](https://github.com/vektra/mockery/blob/master/docs/changelog.md)
- [Commits](https://github.com/vektra/mockery/compare/v2.43.2...v2.44.1)
---
updated-dependencies:
- dependency-name: github.com/vektra/mockery/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
go.mod | 2 +-
go.sum | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/go.mod b/go.mod
index 0e5c11bc439..8ab2c3250ad 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,7 @@ require (
github.com/sirupsen/logrus v1.9.3
github.com/stretchr/testify v1.9.0
github.com/tsaarni/certyaml v0.9.3
- github.com/vektra/mockery/v2 v2.43.2
+ github.com/vektra/mockery/v2 v2.44.1
go.uber.org/automaxprocs v1.5.3
golang.org/x/oauth2 v0.22.0
gonum.org/v1/plot v0.14.0
diff --git a/go.sum b/go.sum
index 430ae0f0a94..84c5d5a54f0 100644
--- a/go.sum
+++ b/go.sum
@@ -380,8 +380,8 @@ github.com/tsaarni/certyaml v0.9.3 h1:m8HHbuUzWVUOmv8IQU9HgVZZ8r5ICExKm++54DJKCs
github.com/tsaarni/certyaml v0.9.3/go.mod h1:hhuU1qYr5re488geArUP4gZWqMUMqGlj4HA2qUyGYLk=
github.com/tsaarni/x500dn v1.0.0 h1:LvaWTkqRpse4VHBhB5uwf3wytokK4vF9IOyNAEyiA+U=
github.com/tsaarni/x500dn v1.0.0/go.mod h1:QaHa3EcUKC4dfCAZmj8+ZRGLKukWgpGv9H3oOCsAbcE=
-github.com/vektra/mockery/v2 v2.43.2 h1:OdivAsQL/uoQ55UnTt25tliRI8kaj5j6caHk9xaAUD0=
-github.com/vektra/mockery/v2 v2.43.2/go.mod h1:XNTE9RIu3deGAGQRVjP1VZxGpQNm0YedZx4oDs3prr8=
+github.com/vektra/mockery/v2 v2.44.1 h1:lfvocO3HklLp68gezPBVaHl+5rKXloGCO7eTEXh71dA=
+github.com/vektra/mockery/v2 v2.44.1/go.mod h1:XNTE9RIu3deGAGQRVjP1VZxGpQNm0YedZx4oDs3prr8=
github.com/xhit/go-str2duration/v2 v2.1.0 h1:lxklc02Drh6ynqX+DdPyp5pCKLUQpRT8bp8Ydu2Bstc=
github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU=
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
From 829d0f3c9804c9b56d2e6ad4bd6d137b90c7c8c8 Mon Sep 17 00:00:00 2001
From: "gang.liu"
Date: Thu, 8 Aug 2024 17:36:56 +0800
Subject: [PATCH 10/12] customize the cert's lifetime
Signed-off-by: gang.liu
---
.../v1alpha1/contourdeployment.go | 7 +++
examples/contour/01-crds.yaml | 7 +++
examples/render/contour-deployment.yaml | 7 +++
.../render/contour-gateway-provisioner.yaml | 7 +++
examples/render/contour-gateway.yaml | 7 +++
examples/render/contour.yaml | 7 +++
internal/provisioner/controller/gateway.go | 5 +++
.../provisioner/controller/gateway_test.go | 43 +++++++++++++++++++
internal/provisioner/model/model.go | 5 +++
internal/provisioner/objects/secret/secret.go | 2 +-
.../docs/main/config/api-reference.html | 14 ++++++
11 files changed, 110 insertions(+), 1 deletion(-)
diff --git a/apis/projectcontour/v1alpha1/contourdeployment.go b/apis/projectcontour/v1alpha1/contourdeployment.go
index b430c2c1ff1..2da9eae7ddd 100644
--- a/apis/projectcontour/v1alpha1/contourdeployment.go
+++ b/apis/projectcontour/v1alpha1/contourdeployment.go
@@ -140,6 +140,13 @@ type ContourSettings struct {
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=42
DisabledFeatures []contour_v1.Feature `json:"disabledFeatures,omitempty"`
+
+ // CertLifetime is the number of days for which certificates will be valid.
+ // defaults to 365.
+ //
+ // +kubebuilder:validation:Minimum=0
+ // +optional
+ CertLifetime uint32 `json:"certLifetime,omitempty" yaml:"certLifetime,omitempty"`
}
// DeploymentSettings contains settings for Deployment resources.
diff --git a/examples/contour/01-crds.yaml b/examples/contour/01-crds.yaml
index 0beece5bc51..f7b9cebc12b 100644
--- a/examples/contour/01-crds.yaml
+++ b/examples/contour/01-crds.yaml
@@ -1416,6 +1416,13 @@ spec:
and associated resources, including things like replica count
for the Deployment, and node placement constraints for the pods.
properties:
+ certLifetime:
+ description: |-
+ CertLifetime is the number of days for which certificates will be valid.
+ defaults to 365.
+ format: int32
+ minimum: 0
+ type: integer
deployment:
description: Deployment describes the settings for running contour
as a `Deployment`.
diff --git a/examples/render/contour-deployment.yaml b/examples/render/contour-deployment.yaml
index 1e085adae27..ba96f2e30e5 100644
--- a/examples/render/contour-deployment.yaml
+++ b/examples/render/contour-deployment.yaml
@@ -1636,6 +1636,13 @@ spec:
and associated resources, including things like replica count
for the Deployment, and node placement constraints for the pods.
properties:
+ certLifetime:
+ description: |-
+ CertLifetime is the number of days for which certificates will be valid.
+ defaults to 365.
+ format: int32
+ minimum: 0
+ type: integer
deployment:
description: Deployment describes the settings for running contour
as a `Deployment`.
diff --git a/examples/render/contour-gateway-provisioner.yaml b/examples/render/contour-gateway-provisioner.yaml
index b3633a2e0cd..cdb1fe65f3f 100644
--- a/examples/render/contour-gateway-provisioner.yaml
+++ b/examples/render/contour-gateway-provisioner.yaml
@@ -1427,6 +1427,13 @@ spec:
and associated resources, including things like replica count
for the Deployment, and node placement constraints for the pods.
properties:
+ certLifetime:
+ description: |-
+ CertLifetime is the number of days for which certificates will be valid.
+ defaults to 365.
+ format: int32
+ minimum: 0
+ type: integer
deployment:
description: Deployment describes the settings for running contour
as a `Deployment`.
diff --git a/examples/render/contour-gateway.yaml b/examples/render/contour-gateway.yaml
index 0db31e989d5..d36cd03c2bc 100644
--- a/examples/render/contour-gateway.yaml
+++ b/examples/render/contour-gateway.yaml
@@ -1452,6 +1452,13 @@ spec:
and associated resources, including things like replica count
for the Deployment, and node placement constraints for the pods.
properties:
+ certLifetime:
+ description: |-
+ CertLifetime is the number of days for which certificates will be valid.
+ defaults to 365.
+ format: int32
+ minimum: 0
+ type: integer
deployment:
description: Deployment describes the settings for running contour
as a `Deployment`.
diff --git a/examples/render/contour.yaml b/examples/render/contour.yaml
index d78bac68c7b..23372c5ba44 100644
--- a/examples/render/contour.yaml
+++ b/examples/render/contour.yaml
@@ -1636,6 +1636,13 @@ spec:
and associated resources, including things like replica count
for the Deployment, and node placement constraints for the pods.
properties:
+ certLifetime:
+ description: |-
+ CertLifetime is the number of days for which certificates will be valid.
+ defaults to 365.
+ format: int32
+ minimum: 0
+ type: integer
deployment:
description: Deployment describes the settings for running contour
as a `Deployment`.
diff --git a/internal/provisioner/controller/gateway.go b/internal/provisioner/controller/gateway.go
index b1daaf114d1..ac36c173dd0 100644
--- a/internal/provisioner/controller/gateway.go
+++ b/internal/provisioner/controller/gateway.go
@@ -262,6 +262,11 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
for k, v := range contourParams.PodAnnotations {
contourModel.Spec.ContourPodAnnotations[k] = v
}
+
+ if contourParams.CertLifetime > 0 {
+ contourModel.Spec.CertLifetime = contourParams.CertLifetime
+ }
+
}
if gatewayClassParams.Spec.Envoy != nil {
diff --git a/internal/provisioner/controller/gateway_test.go b/internal/provisioner/controller/gateway_test.go
index 908ab1094c8..677269d0b52 100644
--- a/internal/provisioner/controller/gateway_test.go
+++ b/internal/provisioner/controller/gateway_test.go
@@ -15,7 +15,10 @@ package controller
import (
"context"
+ "crypto/x509"
+ "encoding/pem"
"testing"
+ "time"
"github.com/go-logr/logr"
"github.com/stretchr/testify/assert"
@@ -1396,6 +1399,32 @@ func TestGatewayReconcile(t *testing.T) {
}
},
},
+ "The generated certificates' lifetime is specified": {
+ gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller),
+ gatewayClassParams: &contour_v1alpha1.ContourDeployment{
+ ObjectMeta: meta_v1.ObjectMeta{
+ Namespace: "projectcontour",
+ Name: "gatewayclass-1-params",
+ },
+ Spec: contour_v1alpha1.ContourDeploymentSpec{
+ Contour: &contour_v1alpha1.ContourSettings{
+ CertLifetime: 123,
+ },
+ },
+ },
+ gateway: makeGateway(),
+ assertions: func(t *testing.T, r *gatewayReconciler, _ *gatewayapi_v1.Gateway, _ error) {
+ s := &core_v1.Secret{
+ ObjectMeta: meta_v1.ObjectMeta{
+ Namespace: "gateway-1",
+ Name: "contourcert-gateway-1",
+ },
+ }
+
+ require.NoError(t, r.client.Get(context.Background(), keyFor(s), s))
+ verifyCert(t, s.Data["ca.crt"], 123)
+ },
+ },
}
for name, tc := range tests {
@@ -1451,3 +1480,17 @@ func assertEnvoyServiceLoadBalancerIP(t *testing.T, gateway *gatewayapi_v1.Gatew
// Verify expected Spec.LoadBalancerIP.
assert.Equal(t, want, envoyService.Spec.LoadBalancerIP)
}
+
+func verifyCert(t *testing.T, certPEM []byte, day int) {
+ block, _ := pem.Decode(certPEM)
+ if block == nil {
+ require.FailNow(t, "decode certificate from PEM form is failed")
+ }
+
+ cert, err := x509.ParseCertificate(block.Bytes)
+ require.NoError(t, err, "parse certificate is failed")
+
+ if cert.NotAfter.After(time.Now().AddDate(0, 0, day)) {
+ require.FailNow(t, "certificate is not valid")
+ }
+}
diff --git a/internal/provisioner/model/model.go b/internal/provisioner/model/model.go
index ea713299bff..28ec1af5f7d 100644
--- a/internal/provisioner/model/model.go
+++ b/internal/provisioner/model/model.go
@@ -79,6 +79,7 @@ func Default(namespace, name string) *Contour {
ResourceAnnotations: map[string]string{},
EnvoyPodAnnotations: map[string]string{},
ContourPodAnnotations: map[string]string{},
+ CertLifetime: 365,
},
}
}
@@ -257,6 +258,10 @@ type ContourSpec struct {
// DisabledFeatures defines an array of resources that will be ignored by
// contour reconciler.
DisabledFeatures []contour_v1.Feature
+
+ // CertLifetime is the number of days for which certificates will be valid.
+ // default to 365
+ CertLifetime uint32
}
func NamespacesToStrings(ns []contour_v1.Namespace) []string {
diff --git a/internal/provisioner/objects/secret/secret.go b/internal/provisioner/objects/secret/secret.go
index ef248a908ba..5a458417506 100644
--- a/internal/provisioner/objects/secret/secret.go
+++ b/internal/provisioner/objects/secret/secret.go
@@ -44,7 +44,7 @@ func EnsureXDSSecrets(ctx context.Context, cli client.Client, contour *model.Con
certs, err := certs.GenerateCerts(
&certs.Configuration{
- Lifetime: 365,
+ Lifetime: uint(contour.Spec.CertLifetime),
Namespace: contour.Namespace,
},
)
diff --git a/site/content/docs/main/config/api-reference.html b/site/content/docs/main/config/api-reference.html
index 57bc87795fd..dad2186f9cf 100644
--- a/site/content/docs/main/config/api-reference.html
+++ b/site/content/docs/main/config/api-reference.html
@@ -6408,6 +6408,20 @@ ContourSettings
contour reconciler.
+
+
+certLifetime
+
+
+uint32
+
+ |
+
+(Optional)
+ CertLifetime is the number of days for which certificates will be valid.
+defaults to 365.
+ |
+
CustomTag
From ab53343b05a7291a5a4378551f03178dd17ead97 Mon Sep 17 00:00:00 2001
From: "gang.liu"
Date: Thu, 8 Aug 2024 18:25:29 +0800
Subject: [PATCH 11/12] add changelog
Signed-off-by: gang.liu
---
changelogs/unreleased/6604-izturn-minor.md | 4 ++++
1 file changed, 4 insertions(+)
create mode 100644 changelogs/unreleased/6604-izturn-minor.md
diff --git a/changelogs/unreleased/6604-izturn-minor.md b/changelogs/unreleased/6604-izturn-minor.md
new file mode 100644
index 00000000000..152fb070292
--- /dev/null
+++ b/changelogs/unreleased/6604-izturn-minor.md
@@ -0,0 +1,4 @@
+
+## Customize the certificate's lifetime
+
+customize the number of days for which certificates will be valid. defaults to 365.
\ No newline at end of file
From 1f6b1ea580b5bb07ced1ddb978dd8e227606e3df Mon Sep 17 00:00:00 2001
From: "gang.liu"
Date: Thu, 8 Aug 2024 18:32:18 +0800
Subject: [PATCH 12/12] make lint happy
Signed-off-by: gang.liu
---
internal/provisioner/controller/gateway_test.go | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/internal/provisioner/controller/gateway_test.go b/internal/provisioner/controller/gateway_test.go
index 677269d0b52..f22e4170b14 100644
--- a/internal/provisioner/controller/gateway_test.go
+++ b/internal/provisioner/controller/gateway_test.go
@@ -1484,13 +1484,19 @@ func assertEnvoyServiceLoadBalancerIP(t *testing.T, gateway *gatewayapi_v1.Gatew
func verifyCert(t *testing.T, certPEM []byte, day int) {
block, _ := pem.Decode(certPEM)
if block == nil {
- require.FailNow(t, "decode certificate from PEM form is failed")
+ require.FailNow(t, "decode the certificate from PEM form is failed")
+ return
+ }
+
+ if block.Bytes == nil {
+ require.FailNow(t, "the certificate is empty")
+ return
}
cert, err := x509.ParseCertificate(block.Bytes)
- require.NoError(t, err, "parse certificate is failed")
+ require.NoError(t, err, "parse the certificate is failed")
if cert.NotAfter.After(time.Now().AddDate(0, 0, day)) {
- require.FailNow(t, "certificate is not valid")
+ require.FailNow(t, "the certificate is not valid")
}
}