* NET-6945 - Replace usage of deprecated Envoy field envoy.config.core.v3.HeaderValueOption.append
* update proto for v2 and then update xds v2 logic
* add changelog
* Update 20078.txt to be consistent with existing changelog entries
* swap enum values tomatch envoy.
* NET-6946 - Replace usage of deprecated Envoy field envoy.config.route.v3.HeaderMatcher.safe_regex_match
* removing unrelated changes
* update golden files
* do not set engine type
We've noticed runners appearing to become resource-starved during heavy
CI traffic. While we should try to prevent this by limiting the
scanner's CPU consumption, increasing the runner size should help in the
interim.
* NET-6426 Create ProxyStateTemplate when reconciling MeshGateway resource
* Add TODO for switching fetch method based on gateway type
* Use gateway-kind in workload metadata instead of owner reference
* Create ProxyStateTemplate builder for gatewayproxy controller
* Update to use new controller interface
* Add copyright headers
* Set correct name for ProxyStateTemplate identity reference
* Generate empty ProxyStateTemplate by fetching MeshGateway
This cheats and looks up the MeshGateway directly. In the future, we will need a Workload => xGateway mapper
* Specify owner reference when writing ProxyStateTemplate
* Update dependency mapper to account for multiple controllers per resource type
* Regenerate v2 resource dependencies map
* Add helpful trace logs, tag TODOs with ticket identifiers
* NET-6899 Create name-aligned Service when reconciling MeshGateway resource
The Service has an owner reference added to it indicating that it belongs to a MeshGateway
* Specify port list when creating Service
* Use constants, add TODO w/ ticket reference
* Include gateway-kind in metadata of Service resource
* security: re-enable security scan release block
This was previously disabled due to an unresolved false-positive CVE.
Re-enabling both secrets and OSV + Go Modules scanning, which per our
current scan results should not be a blocker to future releases.
* security: run security scans on main and release branches
* NET-6663 Modify sidecarproxy controller to skip xGateway resources
* Check workload metadata after nil-check for workload
* Add test asserting that workloads with meta gateway-kind are ignored
* Use more common pattern for map access to increase readability
This commit fixes an issue where the partition was not properly set
on the peering query failover target created from sameness-groups.
Before this change, it was always empty, meaning that the data
would be queried with respect to the default partition always. This
resulted in a situation where a PQ that was attempting to use a
sameness-group for failover would select peers from the default
partition, rather than the partition of the sameness-group itself.
Due to the unintuitive behavior of GHA w.r.t. implicit status check
`success()`, test results were only being uploaded on success (failures
presumably came from retried tests that passed).
* cli: Deprecate the `-admin-access-log-path` flag from `consul connect envoy` command in favor of: `-admin-access-log-config`.
* fix changelog
* add in documentation change.
* updating usage of http2_protocol_options and access_log_path
* add changelog
* update template for AdminAccessLogConfig
* remove mucking with AdminAccessLogConfig