From b871b107d62ab752ad74c77413298c5c71a5d6c8 Mon Sep 17 00:00:00 2001 From: hc-github-team-consul-core Date: Mon, 23 Sep 2024 15:29:22 -0400 Subject: [PATCH] Backport of [NET-10961] Ignore gke managed namespaces by default into release/1.3.x (#4348) * backport of commit 79f171bfedc5f3f2b73638e174258f5e7063f78a * backport of commit 7d2782ec1673d57fcdb17ba123e8e18c82d14171 * remove spaces --------- Co-authored-by: jm96441n --- .changelog/4333.txt | 3 +++ charts/consul/values.yaml | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 .changelog/4333.txt diff --git a/.changelog/4333.txt b/.changelog/4333.txt new file mode 100644 index 0000000000..bf9ff0167a --- /dev/null +++ b/.changelog/4333.txt @@ -0,0 +1,3 @@ +```release-note:improvement +helm: Exclude gke namespaces from being connect-injected when the connect-inject: default: true value is set. +``` diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml index 24238f86c6..29ac181fbd 100644 --- a/charts/consul/values.yaml +++ b/charts/consul/values.yaml @@ -2709,6 +2709,7 @@ connectInject: # By default, we exclude kube-system since usually users won't # want those pods injected and local-path-storage and openebs so that # Kind (Kubernetes In Docker) and [OpenEBS](https://openebs.io/) respectively can provision Pods used to create PVCs. + # We also exclude gmp-system and gke-managed-cim namespaces that are used by GKE for managing the cluster. # Note that this exclusion is only supported in Kubernetes v1.21.1+. # # Example: @@ -2723,7 +2724,7 @@ connectInject: matchExpressions: - key: "kubernetes.io/metadata.name" operator: "NotIn" - values: ["kube-system","local-path-storage","openebs"] + values: ["kube-system","local-path-storage","openebs","gmp-system","gke-managed-cim"] # List of k8s namespaces to allow Connect sidecar # injection in. If a k8s namespace is not included or is listed in `k8sDenyNamespaces`,