From 1e8c9e7588d642cc61b36c9949ac463c07382617 Mon Sep 17 00:00:00 2001 From: Joe Rice Date: Wed, 29 May 2024 10:56:07 -0700 Subject: [PATCH] appmesh-controller: v1.13.0-dirty (#1112) Co-authored-by: eks-bot --- stable/appmesh-controller/Chart.yaml | 4 ++-- stable/appmesh-controller/README.md | 2 ++ stable/appmesh-controller/ci/values.yaml | 2 +- stable/appmesh-controller/templates/deployment.yaml | 3 +++ stable/appmesh-controller/templates/pdb.yaml | 6 +++--- stable/appmesh-controller/test.yaml | 4 ++-- stable/appmesh-controller/values.yaml | 8 ++++++-- 7 files changed, 19 insertions(+), 10 deletions(-) diff --git a/stable/appmesh-controller/Chart.yaml b/stable/appmesh-controller/Chart.yaml index ce98cc5e8..679b70f67 100644 --- a/stable/appmesh-controller/Chart.yaml +++ b/stable/appmesh-controller/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: appmesh-controller description: App Mesh controller Helm chart for Kubernetes -version: 1.12.7 -appVersion: 1.12.7 +version: 1.13.0 +appVersion: 1.13.0 home: https://github.com/aws/eks-charts icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: diff --git a/stable/appmesh-controller/README.md b/stable/appmesh-controller/README.md index c3044e944..2e2b0435f 100644 --- a/stable/appmesh-controller/README.md +++ b/stable/appmesh-controller/README.md @@ -449,3 +449,5 @@ Parameter | Description | Default `env` | environment variables to be injected into the appmesh-controller pod | `{}` `livenessProbe` | Liveness probe settings for the controller | (see `values.yaml`) `podDisruptionBudget` | PodDisruptionBudget | `{}` +`tlsMinVersion` | Minimum TLS version for the controller webhook server as shown in [here](https://github.com/kubernetes/component-base/blob/master/cli/flag/ciphersuites_flag.go#L114) | `VersionTLS12` +`tlsCipherSuite` | Comma delimited TLS cipher suites for the controller webhook server as shown [here](https://pkg.go.dev/crypto/tls#pkg-constants) | None \ No newline at end of file diff --git a/stable/appmesh-controller/ci/values.yaml b/stable/appmesh-controller/ci/values.yaml index bc6dfb8f4..c93b7c17a 100644 --- a/stable/appmesh-controller/ci/values.yaml +++ b/stable/appmesh-controller/ci/values.yaml @@ -5,5 +5,5 @@ accountId: 123456789 region: us-west-2 image: repository: public.ecr.aws/appmesh/appmesh-controller - tag: v1.12.7 + tag: v1.13.0 pullPolicy: IfNotPresent diff --git a/stable/appmesh-controller/templates/deployment.yaml b/stable/appmesh-controller/templates/deployment.yaml index 873452cb0..ab46d793d 100644 --- a/stable/appmesh-controller/templates/deployment.yaml +++ b/stable/appmesh-controller/templates/deployment.yaml @@ -124,6 +124,9 @@ spec: # this must be same as livenessProbe port which can be configured - --health-probe-port={{ .Values.livenessProbe.httpGet.port }} - --wait-until-proxy-ready={{ .Values.sidecar.waitUntilProxyReady }} + # TLS configuration + - --tls-min-version={{ .Values.tlsMinVersion }} + - --tls-cipher-suite={{ .Values.tlsCipherSuite }} {{- if .Values.env }} env: {{- range $key, $value := .Values.env }} diff --git a/stable/appmesh-controller/templates/pdb.yaml b/stable/appmesh-controller/templates/pdb.yaml index 326d67ac6..8141234af 100644 --- a/stable/appmesh-controller/templates/pdb.yaml +++ b/stable/appmesh-controller/templates/pdb.yaml @@ -1,10 +1,10 @@ {{- if .Values.podDisruptionBudget }} {{- if gt (int .Values.replicaCount) 1 }} kind: PodDisruptionBudget -apiVersion: policy/v1beta1 +apiVersion: policy/v1 metadata: name: {{ template "appmesh-controller.fullname" . }}-pdb - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} labels: {{ include "appmesh-controller.labels" . | indent 4 }} spec: @@ -15,4 +15,4 @@ spec: app.kubernetes.io/part-of: appmesh {{- toYaml .Values.podDisruptionBudget | nindent 2 }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/stable/appmesh-controller/test.yaml b/stable/appmesh-controller/test.yaml index 40a7c30c7..1234d6ea5 100644 --- a/stable/appmesh-controller/test.yaml +++ b/stable/appmesh-controller/test.yaml @@ -12,13 +12,13 @@ useAwsFIPSEndpoint: false image: repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/amazon/appmesh-controller - tag: v1.12.7 + tag: v1.13.0 pullPolicy: IfNotPresent sidecar: image: repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy - tag: v1.27.2.0-prod + tag: v1.27.3.0-prod # sidecar.logLevel: Envoy log level can be info, warn, error or debug logLevel: info envoyAdminAccessPort: 9901 diff --git a/stable/appmesh-controller/values.yaml b/stable/appmesh-controller/values.yaml index f28e8c2ac..780481da5 100644 --- a/stable/appmesh-controller/values.yaml +++ b/stable/appmesh-controller/values.yaml @@ -13,13 +13,13 @@ useAwsFIPSEndpoint: false image: repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/amazon/appmesh-controller - tag: v1.12.7 + tag: v1.13.0 pullPolicy: IfNotPresent sidecar: image: repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy - tag: v1.27.2.0-prod + tag: v1.27.3.0-prod # sidecar.logLevel: Envoy log level can be info, warn, error or debug logLevel: info envoyAdminAccessPort: 9901 @@ -147,6 +147,10 @@ podDisruptionBudget: {} # Environment variables to set in appmesh-controller pod env: {} +# TLS setting for appmesh-controller +tlsMinVersion: VersionTLS12 +tlsCipherSuite: + #Example #env: # http_proxy: http://proxyserver:3128