From 8c0c43873bc83ec680d8f86afd85611b8bd597d0 Mon Sep 17 00:00:00 2001 From: Nathan Coleman Date: Thu, 14 Apr 2022 10:44:31 -0400 Subject: [PATCH] Re-use connectInject.consulNamespaces for API Gateway (#1169) * Re-use connectInject.consulNamespaces for API Gateway * Remove apiGateway.consulNamespaces * Add changelog entry * Mark as breaking change in changelog * Remove stray files. How did those get there? * Update CHANGELOG.md Co-authored-by: Andrew Stucki --- CHANGELOG.md | 4 +++ .../api-gateway-controller-deployment.yaml | 10 +++---- .../api-gateway-controller-deployment.bats | 6 ++--- charts/consul/values.yaml | 26 ------------------- 4 files changed, 12 insertions(+), 34 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cd4d4796eb..cff2f9beeb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ## UNRELEASED +BREAKING CHANGES: +* Helm + * API Gateway: Re-use connectInject.consulNamespaces instead of requiring that apiGateway.consulNamespaces have the same value when ACLs are enabled. [[GH-1169](https://github.com/hashicorp/consul-k8s/pull/1169)] + FEATURES: * Control Plane * Add a `"consul.hashicorp.com/kubernetes-service"` annotation for pods to specify which Kubernetes service they want to use for registration when multiple services target the same pod. [[GH-1150](https://github.com/hashicorp/consul-k8s/pull/1150)] diff --git a/charts/consul/templates/api-gateway-controller-deployment.yaml b/charts/consul/templates/api-gateway-controller-deployment.yaml index eb64c9b58c..f4aaa007cd 100644 --- a/charts/consul/templates/api-gateway-controller-deployment.yaml +++ b/charts/consul/templates/api-gateway-controller-deployment.yaml @@ -77,13 +77,13 @@ spec: -sds-server-host {{ template "consul.fullname" . }}-api-gateway-controller.{{ .Release.Namespace }}.svc \ -k8s-namespace {{ .Release.Namespace }} \ {{- if .Values.global.enableConsulNamespaces }} - {{- if .Values.apiGateway.consulNamespaces.consulDestinationNamespace }} - -consul-destination-namespace={{ .Values.apiGateway.consulNamespaces.consulDestinationNamespace }} \ + {{- if .Values.connectInject.consulNamespaces.consulDestinationNamespace }} + -consul-destination-namespace={{ .Values.connectInject.consulNamespaces.consulDestinationNamespace }} \ {{- end }} - {{- if .Values.apiGateway.consulNamespaces.mirroringK8S }} + {{- if .Values.connectInject.consulNamespaces.mirroringK8S }} -mirroring-k8s=true \ - {{- if .Values.apiGateway.consulNamespaces.mirroringK8SPrefix }} - -mirroring-k8s-prefix={{ .Values.apiGateway.consulNamespaces.mirroringK8SPrefix }} \ + {{- if .Values.connectInject.consulNamespaces.mirroringK8SPrefix }} + -mirroring-k8s-prefix={{ .Values.connectInject.consulNamespaces.mirroringK8SPrefix }} \ {{- end }} {{- end }} {{- end }} diff --git a/charts/consul/test/unit/api-gateway-controller-deployment.bats b/charts/consul/test/unit/api-gateway-controller-deployment.bats index 6e9686d12f..a80b997b61 100755 --- a/charts/consul/test/unit/api-gateway-controller-deployment.bats +++ b/charts/consul/test/unit/api-gateway-controller-deployment.bats @@ -55,7 +55,7 @@ load _helpers --set 'apiGateway.enabled=true' \ --set 'apiGateway.image=bar' \ --set 'global.enableConsulNamespaces=true' \ - --set 'apiGateway.consulNamespaces.mirroringK8S=true' \ + --set 'connectInject.consulNamespaces.mirroringK8S=true' \ . | tee /dev/stderr | yq '.spec.template.spec.containers[0].command | join(" ") | contains("-mirroring-k8s=true")' | tee /dev/stderr) [ "${actual}" = "true" ] @@ -68,8 +68,8 @@ load _helpers --set 'apiGateway.enabled=true' \ --set 'apiGateway.image=bar' \ --set 'global.enableConsulNamespaces=true' \ - --set 'apiGateway.consulNamespaces.mirroringK8S=true' \ - --set 'apiGateway.consulNamespaces.mirroringK8SPrefix=foo' \ + --set 'connectInject.consulNamespaces.mirroringK8S=true' \ + --set 'connectInject.consulNamespaces.mirroringK8SPrefix=foo' \ . | tee /dev/stderr | yq '.spec.template.spec.containers[0].command | join(" ") | contains("-mirroring-k8s-prefix=foo")' | tee /dev/stderr) [ "${actual}" = "true" ] diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml index e7f6711e94..52f50b4e79 100644 --- a/charts/consul/values.yaml +++ b/charts/consul/values.yaml @@ -2636,32 +2636,6 @@ apiGateway: # @type: string service: null - # [Enterprise Only] These settings manage the API Gateway's interaction with - # Consul namespaces (requires consul-ent v1.7+). - # Also, `global.enableConsulNamespaces` must be true. - consulNamespaces: - # Name of the Consul namespace to register all - # k8s services into. If the Consul namespace does not already exist, - # it will be created. This will be ignored if `mirroringK8S` is true. - consulDestinationNamespace: "default" - - # If true, k8s services will be registered into a Consul namespace - # of the same name as their k8s namespace, optionally prefixed if - # `mirroringK8SPrefix` is set below. If the Consul namespace does not - # already exist, it will be created. Turning this on overrides the - # `consulDestinationNamespace` setting. - # `addK8SNamespaceSuffix` may no longer be needed if enabling this option. - # If mirroring is enabled, avoid creating any Consul resources in the following - # Kubernetes namespaces, as Consul currently reserves these namespaces for system use: - # "system", "universal", "operator", "root". - mirroringK8S: false - - # If `mirroringK8S` is set to true, `mirroringK8SPrefix` allows each Consul namespace - # to be given a prefix. For example, if `mirroringK8SPrefix` is set to "k8s-", a - # service in the k8s `staging` namespace will be registered into the - # `k8s-staging` Consul namespace. - mirroringK8SPrefix: "" - # Configuration for the ServiceAccount created for the api-gateway component serviceAccount: # This value defines additional annotations for the client service account. This should be formatted as a multi-line