diff --git a/charts/consul/templates/_helpers.tpl b/charts/consul/templates/_helpers.tpl index 200b4e5487..1b866888c0 100644 --- a/charts/consul/templates/_helpers.tpl +++ b/charts/consul/templates/_helpers.tpl @@ -193,8 +193,7 @@ This template is for an init container. */}} {{- define "consul.getAutoEncryptClientCA" -}} - name: get-auto-encrypt-client-ca - image: "{{ .Values.global.imageK8S.repository }}:{{ .Values.global.imageK8S.tag }}" - imagePullPolicy: {{ default .Values.global.imagePullPolicy .Values.global.imageK8S.pullPolicy }} + image: {{ .Values.global.imageK8S }} command: - "/bin/sh" - "-ec" diff --git a/charts/consul/templates/api-gateway-controller-deployment.yaml b/charts/consul/templates/api-gateway-controller-deployment.yaml index 510a2f2536..8c5c2fa73e 100644 --- a/charts/consul/templates/api-gateway-controller-deployment.yaml +++ b/charts/consul/templates/api-gateway-controller-deployment.yaml @@ -56,8 +56,7 @@ spec: serviceAccountName: {{ template "consul.fullname" . }}-api-gateway-controller containers: - name: api-gateway-controller - image: "{{ .Values.apiGateway.image.repository }}:{{ .Values.apiGateway.image.tag }}" - imagePullPolicy: {{ default .Values.global.imagePullPolicy .Values.apiGateway.image.pullPolicy }} + image: {{ .Values.apiGateway.image }} ports: - containerPort: 9090 name: sds @@ -220,7 +219,6 @@ spec: {{- if .Values.global.acls.manageSystemACLs }} - name: copy-consul-bin image: {{ .Values.global.image | quote }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} command: - cp - /bin/consul @@ -257,8 +255,7 @@ spec: value: {{ .Values.global.datacenter }} {{- end}} {{- include "consul.consulK8sConsulServerEnvVars" . | nindent 8 }} - image: "{{ .Values.global.imageK8S.repository }}:{{ .Values.global.imageK8S.tag }}" - imagePullPolicy: {{ default .Values.global.imagePullPolicy .Values.global.imageK8S.pullPolicy }} + image: {{ .Values.global.imageK8S }} volumeMounts: - mountPath: /consul/login name: consul-data diff --git a/charts/consul/templates/api-gateway-gatewayclassconfig.yaml b/charts/consul/templates/api-gateway-gatewayclassconfig.yaml index e655abf329..ba0e6c63db 100644 --- a/charts/consul/templates/api-gateway-gatewayclassconfig.yaml +++ b/charts/consul/templates/api-gateway-gatewayclassconfig.yaml @@ -63,8 +63,8 @@ spec: {{- toYaml . | nindent 4 }} {{- end }} image: - consulAPIGateway: "{{ .Values.apiGateway.image.repository }}:{{ .Values.apiGateway.image.tag }}" - envoy: "{{ .Values.apiGateway.imageEnvoy.repository }}:{{ .Values.apiGateway.imageEnvoy.tag }}" + consulAPIGateway: {{ .Values.apiGateway.image }} + envoy: {{ .Values.apiGateway.imageEnvoy }} {{- if .Values.apiGateway.managedGatewayClass.nodeSelector }} nodeSelector: {{ tpl .Values.apiGateway.managedGatewayClass.nodeSelector . | indent 4 | trim }} diff --git a/charts/consul/templates/client-daemonset.yaml b/charts/consul/templates/client-daemonset.yaml index 319525b2d2..09a70b394e 100644 --- a/charts/consul/templates/client-daemonset.yaml +++ b/charts/consul/templates/client-daemonset.yaml @@ -492,8 +492,7 @@ spec: initContainers: {{- if .Values.global.acls.manageSystemACLs }} - name: client-acl-init - image: "{{ .Values.global.imageK8S.repository }}:{{ .Values.global.imageK8S.tag }}" - imagePullPolicy: {{ default .Values.global.imagePullPolicy .Values.global.imageK8S.pullPolicy }} + image: {{ .Values.global.imageK8S }} env: - name: NAMESPACE valueFrom: diff --git a/charts/consul/templates/cni-daemonset.yaml b/charts/consul/templates/cni-daemonset.yaml index e16182f9eb..ae04d9e657 100644 --- a/charts/consul/templates/cni-daemonset.yaml +++ b/charts/consul/templates/cni-daemonset.yaml @@ -60,8 +60,7 @@ spec: containers: # This container installs the consul CNI binaries and CNI network config file on each node - name: install-cni - image: "{{ .Values.global.imageK8S.repository }}:{{ .Values.global.imageK8S.tag }}" - imagePullPolicy: {{ default .Values.global.imagePullPolicy .Values.global.imageK8S.pullPolicy }} + image: {{ .Values.global.imageK8S }} securityContext: privileged: true command: diff --git a/charts/consul/templates/enterprise-license-job.yaml b/charts/consul/templates/enterprise-license-job.yaml index c95946ef19..0122690104 100644 --- a/charts/consul/templates/enterprise-license-job.yaml +++ b/charts/consul/templates/enterprise-license-job.yaml @@ -123,8 +123,7 @@ spec: {{- if .Values.global.acls.manageSystemACLs }} initContainers: - name: ent-license-acl-init - image: "{{ .Values.global.imageK8S.repository }}:{{ .Values.global.imageK8S.tag }}" - imagePullPolicy: {{ default .Values.global.imagePullPolicy .Values.global.imageK8S.pullPolicy }} + image: {{ .Values.global.imageK8S }} command: - "/bin/sh" - "-ec" diff --git a/charts/consul/templates/gateway-cleanup-job.yaml b/charts/consul/templates/gateway-cleanup-job.yaml index c8363914d9..44f032b5fd 100644 --- a/charts/consul/templates/gateway-cleanup-job.yaml +++ b/charts/consul/templates/gateway-cleanup-job.yaml @@ -36,13 +36,12 @@ spec: serviceAccountName: {{ template "consul.fullname" . }}-gateway-cleanup containers: - name: gateway-cleanup - image: "{{ .Values.global.imageK8S.repository }}:{{ .Values.global.imageK8S.tag }}" - imagePullPolicy: {{ default .Values.global.imagePullPolicy .Values.global.imageK8S.pullPolicy }} + image: {{ .Values.global.imageK8S }} command: - consul-k8s-control-plane args: - gateway-cleanup - - -gateway-class-name=consul-api-gateway + - -gateway-class-name=consul - -gateway-class-config-name=consul-api-gateway resources: requests: diff --git a/charts/consul/templates/gateway-resources-job.yaml b/charts/consul/templates/gateway-resources-job.yaml index c8c982e8fe..441e64eb14 100644 --- a/charts/consul/templates/gateway-resources-job.yaml +++ b/charts/consul/templates/gateway-resources-job.yaml @@ -36,15 +36,14 @@ spec: serviceAccountName: {{ template "consul.fullname" . }}-gateway-resources containers: - name: gateway-resources - image: "{{ .Values.global.imageK8S.repository }}:{{ .Values.global.imageK8S.tag }}" - imagePullPolicy: {{ default .Values.global.imagePullPolicy .Values.global.imageK8S.pullPolicy }} + image: {{ .Values.global.imageK8S }} command: - consul-k8s-control-plane args: - gateway-resources - - -gateway-class-name=consul-api-gateway + - -gateway-class-name=consul - -gateway-class-config-name=consul-api-gateway - - -controller-name=hashicorp.com/consul-api-gateway-controller + - -controller-name=consul.hashicorp.com/gateway-controller - -app={{template "consul.name" .}} - -chart={{template "consul.chart" .}} - -heritage={{ .Release.Service }} diff --git a/charts/consul/templates/mesh-gateway-deployment.yaml b/charts/consul/templates/mesh-gateway-deployment.yaml index e9a62674cb..449d6ae492 100644 --- a/charts/consul/templates/mesh-gateway-deployment.yaml +++ b/charts/consul/templates/mesh-gateway-deployment.yaml @@ -120,8 +120,7 @@ spec: {{- end }} initContainers: - name: mesh-gateway-init - image: "{{ .Values.global.imageK8S.repository }}:{{ .Values.global.imageK8S.tag }}" - imagePullPolicy: {{ default .Values.global.imagePullPolicy .Values.global.imageK8S.pullPolicy }} + image: {{ .Values.global.imageK8S }} env: - name: NAMESPACE valueFrom: @@ -179,8 +178,7 @@ spec: {{- end }} containers: - name: mesh-gateway - image: {{ "{{.Values.global.imageConsulDataplane.repository}}:{{.Values.global.imageConsulDataplane.tag}}" | quote }} - imagePullPolicy: {{ default .Values.global.imagePullPolicy .Values.global.imageConsulDataplane.pullPolicy }} + image: {{ .Values.global.imageConsulDataplane | quote }} {{- if .Values.meshGateway.resources }} resources: {{- if eq (typeOf .Values.meshGateway.resources) "string" }} diff --git a/charts/consul/templates/partition-init-job.yaml b/charts/consul/templates/partition-init-job.yaml index 1eda81ea3d..db73ef783b 100644 --- a/charts/consul/templates/partition-init-job.yaml +++ b/charts/consul/templates/partition-init-job.yaml @@ -80,8 +80,7 @@ spec: {{- end }} containers: - name: partition-init-job - image: "{{ .Values.global.imageK8S.repository }}:{{ .Values.global.imageK8S.tag }}" - imagePullPolicy: {{ default .Values.global.imagePullPolicy .Values.global.imageK8S.pullPolicy }} + image: {{ .Values.global.imageK8S }} env: {{- include "consul.consulK8sConsulServerEnvVars" . | nindent 10 }} {{- if (and .Values.global.acls.bootstrapToken.secretName .Values.global.acls.bootstrapToken.secretKey) }} diff --git a/charts/consul/templates/server-acl-init-cleanup-job.yaml b/charts/consul/templates/server-acl-init-cleanup-job.yaml index c507e924dd..35b0877ab4 100644 --- a/charts/consul/templates/server-acl-init-cleanup-job.yaml +++ b/charts/consul/templates/server-acl-init-cleanup-job.yaml @@ -52,8 +52,7 @@ spec: serviceAccountName: {{ template "consul.fullname" . }}-server-acl-init-cleanup containers: - name: server-acl-init-cleanup - image: "{{ .Values.global.imageK8S.repository }}:{{ .Values.global.imageK8S.tag }}" - imagePullPolicy: {{ default .Values.global.imagePullPolicy .Values.global.imageK8S.pullPolicy }} + image: {{ .Values.global.imageK8S }} command: - consul-k8s-control-plane args: diff --git a/charts/consul/templates/server-acl-init-job.yaml b/charts/consul/templates/server-acl-init-job.yaml index 268a9fd19f..e62db41ec2 100644 --- a/charts/consul/templates/server-acl-init-job.yaml +++ b/charts/consul/templates/server-acl-init-job.yaml @@ -121,8 +121,7 @@ spec: {{- end }} containers: - name: server-acl-init-job - image: "{{ .Values.global.imageK8S.repository }}:{{ .Values.global.imageK8S.tag }}" - imagePullPolicy: {{ default .Values.global.imagePullPolicy .Values.global.imageK8S.pullPolicy }} + image: {{ .Values.global.imageK8S }} env: - name: NAMESPACE valueFrom: diff --git a/charts/consul/templates/server-statefulset.yaml b/charts/consul/templates/server-statefulset.yaml index 8159924b47..0bde9b881a 100644 --- a/charts/consul/templates/server-statefulset.yaml +++ b/charts/consul/templates/server-statefulset.yaml @@ -224,8 +224,7 @@ spec: {{- end }} initContainers: - name: locality-init - image: "{{ .Values.global.imageK8S.repository }}:{{ .Values.global.imageK8S.tag }}" - imagePullPolicy: {{ default .Values.global.imagePullPolicy .Values.global.imageK8S.pullPolicy }} + image: {{ .Values.global.imageK8S }} env: - name: NODE_NAME valueFrom: diff --git a/charts/consul/templates/webhook-cert-manager-deployment.yaml b/charts/consul/templates/webhook-cert-manager-deployment.yaml index 2ce20299c9..dd93c039d2 100644 --- a/charts/consul/templates/webhook-cert-manager-deployment.yaml +++ b/charts/consul/templates/webhook-cert-manager-deployment.yaml @@ -49,8 +49,7 @@ spec: -config-file=/bootstrap/config/webhook-config.json \ -deployment-name={{ template "consul.fullname" . }}-webhook-cert-manager \ -deployment-namespace={{ .Release.Namespace }} - image: "{{ .Values.global.imageK8S.repository }}:{{ .Values.global.imageK8S.tag }}" - imagePullPolicy: {{ default .Values.global.imagePullPolicy .Values.global.imageK8S.pullPolicy }} + image: {{ .Values.global.imageK8S }} name: webhook-cert-manager resources: limits: diff --git a/charts/consul/test/unit/api-gateway-controller-clusterrole.bats b/charts/consul/test/unit/api-gateway-controller-clusterrole.bats index 3f3cdd76c7..f26fdfeebd 100644 --- a/charts/consul/test/unit/api-gateway-controller-clusterrole.bats +++ b/charts/consul/test/unit/api-gateway-controller-clusterrole.bats @@ -14,7 +14,7 @@ load _helpers local actual=$(helm template \ -s templates/api-gateway-controller-clusterrole.yaml \ --set 'apiGateway.enabled=true' \ - --set 'apiGateway.image.repository=foo' \ + --set 'apiGateway.image=foo' \ . | tee /dev/stderr | yq 'length > 0' | tee /dev/stderr) [ "${actual}" = "true" ] @@ -26,7 +26,7 @@ load _helpers -s templates/api-gateway-controller-clusterrole.yaml \ --set 'global.enablePodSecurityPolicies=true' \ --set 'apiGateway.enabled=true' \ - --set 'apiGateway.image.repository=foo' \ + --set 'apiGateway.image=foo' \ . | tee /dev/stderr | yq '.rules[] | select((.resources[0] == "podsecuritypolicies") and (.verbs[0] == "use")) | length > 0' | tee /dev/stderr) [ "${actual}" = "true" ] @@ -38,7 +38,7 @@ load _helpers -s templates/api-gateway-controller-clusterrole.yaml \ --set 'global.enablePodSecurityPolicies=true' \ --set 'apiGateway.enabled=true' \ - --set 'apiGateway.image.repository=foo' \ + --set 'apiGateway.image=foo' \ . | tee /dev/stderr | yq '.rules[] | select((.resources[0] == "roles") and (.resources[1] == "rolebindings") and (.verbs | contains(["create","get","list","watch"]))) | length > 0' | tee /dev/stderr) [ "${actual}" = "true" ] diff --git a/charts/consul/test/unit/cni-daemonset.bats b/charts/consul/test/unit/cni-daemonset.bats index 9004f1fb06..675d6b877f 100644 --- a/charts/consul/test/unit/cni-daemonset.bats +++ b/charts/consul/test/unit/cni-daemonset.bats @@ -47,7 +47,7 @@ load _helpers -s templates/cni-daemonset.yaml \ --set 'connectInject.cni.enabled=true' \ --set 'connectInject.enabled=true' \ - --set 'global.imageK8S.repository=foo' \ + --set 'global.imageK8S=foo' \ . | tee /dev/stderr | yq -r '.spec.template.spec.containers[0].image' | tee /dev/stderr) [ "${actual}" = "foo" ] diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml index 6ab7671c69..0e325ca66c 100644 --- a/charts/consul/values.yaml +++ b/charts/consul/values.yaml @@ -52,8 +52,6 @@ global: # Changing the partition name would require an un-install and a re-install with the updated name. # Must be "default" in the server cluster ie the Kubernetes cluster that the Consul server pods are deployed onto. name: "default" - - imagePullPolicy: "Always" # The name (and tag) of the Consul Docker image for clients and servers. # This can be overridden per component. This should be pinned to a specific @@ -68,11 +66,7 @@ global: # image: "hashicorp/consul-enterprise:1.10.0-ent" # ``` # @default: hashicorp/consul: - image: - repository: "docker.mirror.hashicorp.services/hashicorppreview/consul-enterprise" - tag: "1.16-dev" - pullPolicy: "" - + image: docker.mirror.hashicorp.services/hashicorppreview/consul-enterprise:1.16-dev # Array of objects containing image pull secret names that will be applied to each service account. # This can be used to reference image pull secrets if using a custom consul or consul-k8s-control-plane Docker image. @@ -92,10 +86,7 @@ global: # image that is used for functionality such as catalog sync. # This can be overridden per component. # @default: hashicorp/consul-k8s-control-plane: - imageK8S: - repository: "docker.mirror.hashicorp.services/hashicorppreview/consul-k8s-control-plane" - tag: "1.2.0-dev" - pullPolicy: "" + imageK8S: docker.mirror.hashicorp.services/hashicorppreview/consul-k8s-control-plane:1.2.0-dev # The name of the datacenter that the agents should # register as. This can't be changed once the Consul cluster is up and running @@ -566,10 +557,7 @@ global: # The name (and tag) of the consul-dataplane Docker image used for the # connect-injected sidecar proxies and mesh, terminating, and ingress gateways. # @default: hashicorp/consul-dataplane: - imageConsulDataplane: - repository: "hashicorppreview/consul-dataplane" - tag: "1.1-dev" - pullPolicy: "" + imageConsulDataplane: "hashicorppreview/consul-dataplane:1.1-dev" # Configuration for running this Helm chart on the Red Hat OpenShift platform. # This Helm chart currently supports OpenShift v4.x+. @@ -691,10 +679,7 @@ server: # The name of the Docker image (including any tag) for the containers running # Consul server agents. # @type: string - image: - repository: "" - tag: "" - pullPolicy: "" + image: null # The number of server agents to run. This determines the fault tolerance of # the cluster. Please refer to the [deployment table](https://developer.hashicorp.com/consul/docs/architecture/consensus#deployment-table) @@ -1266,11 +1251,8 @@ client: # The name of the Docker image (including any tag) for the containers # running Consul client agents. # @type: string - imageK8S: - repository: "" - tag: "" - pullPolicy: "" - + image: null + # A list of valid [`-retry-join` values](https://developer.hashicorp.com/consul/docs/agent/config/cli-flags#_retry_join). # If this is `null` (default), then the clients will attempt to automatically # join the server cluster running within Kubernetes. @@ -1728,10 +1710,7 @@ syncCatalog: # The name of the Docker image (including any tag) for consul-k8s-control-plane # to run the sync program. # @type: string - image: - repository: "" - tag: "" - pullPolicy: "" + image: null # If true, all valid services in K8S are # synced by default. If false, the service must be [annotated](https://developer.hashicorp.com/consul/docs/k8s/service-sync#enable-and-disable-sync) @@ -1979,10 +1958,7 @@ connectInject: # Image for consul-k8s-control-plane that contains the injector. # @type: string - image: - repository: "" - tag: "" - pullPolicy: "" + image: null # If true, the injector will inject the # Connect sidecar into all pods by default. Otherwise, pods must specify the @@ -2283,7 +2259,6 @@ connectInject: # Defaults to global.image. # @type: string imageConsul: null - imageConsulPullPolicy: "" # Override global log verbosity level. One of "debug", "info", "warn", or "error". # @type: string @@ -3046,17 +3021,12 @@ apiGateway: # # ~> **Note:** Using API Gateway <= 0.4 with external servers requires setting `client.enabled: true`. # @type: string - image: - repository: "" - tag: "" - pullPolicy: "" + image: null + # The name (and tag) of the Envoy Docker image used for the # apiGateway. For other Consul compoenents, imageEnvoy has been replaced with Consul Dataplane. # @default: envoyproxy/envoy: - imageEnvoy: - repository: "envoyproxy/envoy" - tag: "v1.25.1" - pullPolicy: "" + imageEnvoy: "envoyproxy/envoy:v1.25.1" # Override global log verbosity level for api-gateway-controller pods. One of "debug", "info", "warn", or "error". # @type: string @@ -3252,11 +3222,7 @@ telemetryCollector: # The name of the Docker image (including any tag) for the containers running # the consul-telemetry-collector # @type: string - image: - repository: "hashicorp/consul-telemetry-collector" - tag: "0.0.1" - pullPolicy: "" - + image: "hashicorp/consul-telemetry-collector:0.0.1" # The resource settings for consul-telemetry-collector pods. # @recurse: false