Update consul image on prepare-dev and prepare-release (#2180)

Update consul image on prepare-dev and prepare-release

.github/workflows/pr.yml

@@ -5,7 +5,6 @@ on:
 
 # these should be the only settings that you will ever need to change
 env:
-  CONSUL_IMAGE: hashicorppreview/consul-enterprise:1.16-dev # Consul's enterprise version to use in tests. We use this consul image on release branches too
   BRANCH: ${{ github.head_ref || github.ref_name }}
   CONTEXT: "pr"
   SHA: ${{ github.event.pull_request.head.sha || github.sha }}
@@ -22,4 +21,4 @@ jobs:
         repo: hashicorp/consul-k8s-workflows
         ref: main
         token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
-        inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ env.SHA }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}", "consul-image":"${{ env.CONSUL_IMAGE }}" }'
+        inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ env.SHA }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }'

Makefile

@@ -1,5 +1,5 @@
 VERSION = $(shell ./control-plane/build-support/scripts/version.sh control-plane/version/version.go)
-CONSUL_VERSION = $(shell ./control-plane/build-support/scripts/consul-version.sh charts/consul/values.yaml)
+CONSUL_IMAGE_VERSION = $(shell ./control-plane/build-support/scripts/consul-version.sh charts/consul/values.yaml)
 
 # ===========> Helm Targets
 
@@ -162,8 +162,7 @@ version:
 	@echo $(VERSION)
 
 consul-version:
-	@echo $(CONSUL_VERSION)
-
+	@echo $(CONSUL_IMAGE_VERSION)
 
 # ===========> Release Targets
 
@@ -174,7 +173,13 @@ endif
 ifndef RELEASE_DATE
 	$(error RELEASE_DATE is required, use format <Month> <Day>, <Year> (ex. October 4, 2022))
 endif
-	source $(CURDIR)/control-plane/build-support/scripts/functions.sh; prepare_release $(CURDIR) $(RELEASE_VERSION) "$(RELEASE_DATE)" $(LAST_RELEASE_GIT_TAG) $(PRERELEASE_VERSION)
+ifndef LAST_RELEASE_GIT_TAG 
+	$(error LAST_RELEASE_GIT_TAG is required)
+endif
+ifndef CONSUL_VERSION
+	$(error CONSUL_VERSION is required)
+endif
+	source $(CURDIR)/control-plane/build-support/scripts/functions.sh; prepare_release $(CURDIR) $(RELEASE_VERSION) "$(RELEASE_DATE)" $(LAST_RELEASE_GIT_TAG) $(CONSUL_VERSION) $(PRERELEASE_VERSION)
 
 prepare-dev:
 ifndef RELEASE_VERSION
@@ -186,7 +191,10 @@ endif
 ifndef NEXT_RELEASE_VERSION
 	$(error NEXT_RELEASE_VERSION is required)
 endif
-	source $(CURDIR)/control-plane/build-support/scripts/functions.sh; prepare_dev $(CURDIR) $(RELEASE_VERSION) "$(RELEASE_DATE)" $(NEXT_RELEASE_VERSION)
+ifndef NEXT_CONSUL_VERSION
+	$(error NEXT_CONSUL_VERSION is required)
+endif
+	source $(CURDIR)/control-plane/build-support/scripts/functions.sh; prepare_dev $(CURDIR) $(RELEASE_VERSION) "$(RELEASE_DATE)" "" $(NEXT_RELEASE_VERSION) $(NEXT_CONSUL_VERSION)
 
 # ===========> Makefile config
 

charts/consul/Chart.yaml

@@ -4,7 +4,7 @@
 apiVersion: v2
 name: consul
 version: 1.2.0-dev
-appVersion: 1.16-dev
+appVersion: 1.15.1
 kubeVersion: ">=1.22.0-0"
 description: Official HashiCorp Consul Chart
 home: https://www.consul.io
@@ -16,7 +16,7 @@ annotations:
   artifacthub.io/prerelease: true
   artifacthub.io/images: |
     - name: consul
-      image: docker.mirror.hashicorp.services/hashicorppreview/consul-enterprise:1.16-dev
+      image: hashicorp/consul:1.15.1
     - name: consul-k8s-control-plane
       image: docker.mirror.hashicorp.services/hashicorppreview/consul-k8s-control-plane:1.2.0-dev
     - name: consul-dataplane

charts/consul/values.yaml

@@ -66,7 +66,7 @@ global:
   # image: "hashicorp/consul-enterprise:1.10.0-ent"
   # ```
   # @default: hashicorp/consul:<latest version>
-  image: docker.mirror.hashicorp.services/hashicorppreview/consul-enterprise:1.16-dev 
+  image: "hashicorp/consul:1.15.1"
 
   # Array of objects containing image pull secret names that will be applied to each service account.
   # This can be used to reference image pull secrets if using a custom consul or consul-k8s-control-plane Docker image.
@@ -80,7 +80,7 @@ global:
   #   - name: pull-secret-name-2
   # ```
   # @type: array<map>
-  imagePullSecrets: [ ]
+  imagePullSecrets: []
 
   # The name (and tag) of the consul-k8s-control-plane Docker
   # image that is used for functionality such as catalog sync.
@@ -295,7 +295,7 @@ global:
   # Refer to [`-recursor`](https://developer.hashicorp.com/consul/docs/agent/config/cli-flags#_recursor) for more details.
   # If this is an empty array (the default), then Consul DNS will only resolve queries for the Consul top level domain (by default `.consul`).
   # @type: array<string>
-  recursors: [ ]
+  recursors: []
 
   # Enables [TLS](https://developer.hashicorp.com/consul/tutorials/security/tls-encryption-secure)
   # across the cluster to verify authenticity of the Consul servers and clients.
@@ -316,13 +316,13 @@ global:
     # in the server certificate. This is useful when you need to access the
     # Consul server(s) externally, for example, if you're using the UI.
     # @type: array<string>
-    serverAdditionalDNSSANs: [ ]
+    serverAdditionalDNSSANs: []
 
     # A list of additional IP addresses to set as Subject Alternative Names (SANs)
     # in the server certificate. This is useful when you need to access the
     # Consul server(s) externally, for example, if you're using the UI.
     # @type: array<string>
-    serverAdditionalIPSANs: [ ]
+    serverAdditionalIPSANs: []
 
     # If true, `verify_outgoing`, `verify_server_hostname`,
     # and `verify_incoming` for internal RPC communication will be set to `true` for Consul servers and clients.
@@ -389,7 +389,6 @@ global:
 
   # Configure ACLs.
   acls:
-
     # If true, the Helm chart will automatically manage ACL tokens and policies
     # for all Consul and consul-k8s-control-plane components.
     # This requires Consul >= 1.4.
@@ -505,7 +504,7 @@ global:
     # A list of addresses of the primary mesh gateways in the form `<ip>:<port>`.
     # (e.g. ["1.1.1.1:443", "2.3.4.5:443"]
     # @type: array<string>
-    primaryGateways: [ ]
+    primaryGateways: []
 
     # If you are setting `global.federation.enabled` to true and are in a secondary datacenter,
     # set `k8sAuthMethodHost` to the address of the Kubernetes API server of the secondary datacenter.
@@ -655,7 +654,6 @@ global:
 # be disabled if you plan on connecting to a Consul cluster external to
 # the Kube cluster.
 server:
-
   # If true, the chart will install all the resources necessary for a
   # Consul server cluster. If you're running Consul externally and want agents
   # within Kubernetes to join that cluster, this should probably be false.
@@ -910,7 +908,7 @@ server:
   #   with `-config-dir`. This defaults to false.
   #
   # @type: array<map>
-  extraVolumes: [ ]
+  extraVolumes: []
 
   # A list of sidecar containers.
   # Example:
@@ -923,7 +921,7 @@ server:
   #    - ...
   # ```
   # @type: array<map>
-  extraContainers: [ ]
+  extraContainers: []
 
   # This value defines the [affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
   # for server pods. It defaults to allowing only a single server pod on each node, which
@@ -1079,7 +1077,7 @@ server:
   # feature, in case kubernetes cluster is behind egress http proxies. Additionally,
   # it could be used to configure custom consul parameters.
   # @type: map
-  extraEnvironmentVars: { }
+  extraEnvironmentVars: {}
 
   # [Enterprise Only] Values for setting up and running
   # [snapshot agents](https://developer.hashicorp.com/consul/commands/snapshot/agent)
@@ -1135,21 +1133,21 @@ server:
   # as servers, and other settings to limit exposure too many requests, requests
   # waiting for too long, and other runtime considerations.
   limits:
-    # This object specifies configurations that limit the rate of RPC and gRPC 
+    # This object specifies configurations that limit the rate of RPC and gRPC
     # requests on the Consul server. Limiting the rate of gRPC and RPC requests
-    # also limits HTTP requests to the Consul server. 
+    # also limits HTTP requests to the Consul server.
     # https://developer.hashicorp.com/consul/docs/agent/config/config-files#request_limits
-    requestLimits:   
+    requestLimits:
       # Setting for disabling or enabling rate limiting.  If not disabled, it
       # enforces the action that will occur when RequestLimitsReadRate
       # or RequestLimitsWriteRate is exceeded.  The default value of "disabled" will
       # prevent any rate limiting from occuring.  A value of "enforce" will block
       # the request from processings by returning an error.  A value of
-      # "permissive" will not block the request and will allow the request to 
+      # "permissive" will not block the request and will allow the request to
       # continue processing.
       # @type: string
       mode: "disabled"
-      
+
       # Setting that controls how frequently RPC, gRPC, and HTTP
       # queries are allowed to happen. In any large enough time interval, rate
       # limiter limits the rate to RequestLimitsReadRate tokens per second.
@@ -1158,7 +1156,7 @@ server:
       # buckets.
       # @type: integer
       readRate: -1
-      
+
       # Setting that controls how frequently RPC, gRPC, and HTTP
       # writes are allowed to happen. In any large enough time interval, rate
       # limiter limits the rate to RequestLimitsWriteRate tokens per second.
@@ -1187,7 +1185,7 @@ externalServers:
   # should be the same, however, they may be different if you
   # wish to use separate hosts for the HTTPS connections.
   # @type: array<string>
-  hosts: [ ]
+  hosts: []
 
   # The HTTPS port of the Consul servers.
   httpsPort: 8501
@@ -1385,7 +1383,7 @@ client:
   #   with `-config-dir`. This defaults to false.
   #
   # @type: array<map>
-  extraVolumes: [ ]
+  extraVolumes: []
 
   # A list of sidecar containers.
   # Example:
@@ -1398,7 +1396,7 @@ client:
   #    - ...
   # ```
   # @type: array<map>
-  extraContainers: [ ]
+  extraContainers: []
 
   # Toleration Settings for Client pods
   # This should be a multi-line string matching the Toleration array
@@ -1476,7 +1474,7 @@ client:
   # feature, in case kubernetes cluster is behind egress http proxies. Additionally,
   # it could be used to configure custom consul parameters.
   # @type: map
-  extraEnvironmentVars: { }
+  extraEnvironmentVars: {}
 
   # This value defines the [Pod DNS policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy)
   # for client pods to use.
@@ -1570,7 +1568,6 @@ ui:
 
     # Set the port value of the UI service.
     port:
-
       # HTTP port.
       http: 80
 
@@ -1581,7 +1578,6 @@ ui:
     # If not set and using a NodePort service, Kubernetes will automatically assign
     # a port.
     nodePort:
-
       # HTTP node port
       # @type: integer
       http: null
@@ -1634,7 +1630,7 @@ ui:
     # ```
     #
     # @type: array<map>
-    hosts: [ ]
+    hosts: []
 
     # tls is a list of hosts and secret name in an Ingress
     # which tells the Ingress controller to secure the channel.
@@ -1646,7 +1642,7 @@ ui:
     #     secretName: testsecret-tls
     # ```
     # @type: array<map>
-    tls: [ ]
+    tls: []
 
     # Annotations to apply to the UI ingress.
     #
@@ -1737,7 +1733,7 @@ syncCatalog:
   #
   # Note: `k8sDenyNamespaces` takes precedence over values defined here.
   # @type: array<string>
-  k8sAllowNamespaces: [ "*" ]
+  k8sAllowNamespaces: ["*"]
 
   # List of k8s namespaces that should not have their
   # services synced. This list takes precedence over `k8sAllowNamespaces`.
@@ -1747,7 +1743,7 @@ syncCatalog:
   # `["namespace1", "namespace2"]`, then all k8s namespaces besides `namespace1`
   # and `namespace2` will be synced.
   # @type: array<string>
-  k8sDenyNamespaces: [ "kube-system", "kube-public" ]
+  k8sDenyNamespaces: ["kube-system", "kube-public"]
 
   # [DEPRECATED] Use k8sAllowNamespaces and k8sDenyNamespaces instead. For
   # backwards compatibility, if both this and the allow/deny lists are set,
@@ -2166,7 +2162,6 @@ connectInject:
     # @type: map
     meta: null
 
-
   # Configures metrics for Consul Connect services. All values are overridable
   # via annotations on a per-pod basis.
   metrics:
@@ -2326,7 +2321,7 @@ connectInject:
   # `namespaceSelector` takes precedence over both since it is applied first.
   # `kube-system` and `kube-public` are never injected, even if included here.
   # @type: array<string>
-  k8sAllowNamespaces: [ "*" ]
+  k8sAllowNamespaces: ["*"]
 
   # List of k8s namespaces that should not allow Connect
   # sidecar injection. This list takes precedence over `k8sAllowNamespaces`.
@@ -2339,7 +2334,7 @@ connectInject:
   # Note: `namespaceSelector` takes precedence over this since it is applied first.
   # `kube-system` and `kube-public` are never injected.
   # @type: array<string>
-  k8sDenyNamespaces: [ ]
+  k8sDenyNamespaces: []
 
   # [Enterprise Only] These settings manage the connect injector's interaction with
   # Consul namespaces (requires consul-ent v1.7+).
@@ -2724,10 +2719,10 @@ ingressGateways:
       # @default: [{port: 8080, port: 8443}]
       # @recurse: false
       ports:
-      - port: 8080
-        nodePort: null
-      - port: 8443
-        nodePort: null
+        - port: 8080
+          nodePort: null
+        - port: 8443
+          nodePort: null
 
       # Annotations to apply to the ingress gateway service. Annotations defined
       # here will be applied to all ingress gateway services in addition to any
@@ -2852,7 +2847,7 @@ ingressGateways:
   # case of annotations where both will be applied.
   # @type: array<map>
   gateways:
-  - name: ingress-gateway
+    - name: ingress-gateway
 
 # Configuration options for terminating gateways. Default values for all
 # terminating gateways are defined in `terminatingGateways.defaults`. Any of
@@ -2887,7 +2882,7 @@ terminatingGateways:
     #         path: path # secret will now mount to /consul/userconfig/my-secret/path
     # ```
     # @type: array<map>
-    extraVolumes: [ ]
+    extraVolumes: []
 
     # Resource limits for all terminating gateway pods
     # @recurse: false
@@ -2993,7 +2988,7 @@ terminatingGateways:
   # case of annotations where both will be applied.
   # @type: array<map>
   gateways:
-  - name: terminating-gateway
+    - name: terminating-gateway
 
 # [DEPRECATED] Use connectInject.apiGateway instead. This stanza will be removed with the release of Consul 1.17
 # Configuration settings for the Consul API Gateway integration
@@ -3167,7 +3162,6 @@ apiGateway:
 # Configuration settings for the webhook-cert-manager
 # `webhook-cert-manager` ensures that cert bundles are up to date for the mutating webhook.
 webhookCertManager:
-
   # Toleration Settings
   # This should be a multi-line string matching the Toleration array
   # in a PodSpec.