Revert "Provide server stateful set DNS names to the ACL init job (ha…

…shicorp#401)" (hashicorp#424)

This reverts commit 847106d.

templates/server-acl-init-job.yaml

@@ -80,18 +80,14 @@ spec:
             - "/bin/sh"
             - "-ec"
             - |
-              CONSUL_FULLNAME="{{template "consul.fullname" . }}"
-
               consul-k8s server-acl-init \
-                {{- range $index := until (.Values.server.replicas | int) }}
-                -server-address="${CONSUL_FULLNAME}-server-{{ $index }}.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc" \
-                {{- end }}
+                -server-label-selector=component=server,app={{ template "consul.name" . }},release={{ .Release.Name }} \
                 -resource-prefix={{ template "consul.fullname" . }} \
                 -k8s-namespace={{ .Release.Namespace }} \
                 {{- if .Values.global.tls.enabled }}
                 -use-https \
                 -consul-ca-cert=/consul/tls/ca/tls.crt \
-                -server-port=8501 \
+                -consul-tls-server-name=server.{{ .Values.global.datacenter }}.{{ .Values.global.domain }} \
                 {{- end }}
                 {{- if .Values.syncCatalog.enabled }}
                 -create-sync-token=true \
@@ -151,6 +147,7 @@ spec:
                 {{- end }}
                 {{- end }}
                 {{- end }}
+                -expected-replicas={{ .Values.server.replicas }}
 {{- end }}
 {{- end }}
 {{- end }}

test/unit/helpers.bats

@@ -101,7 +101,7 @@ load _helpers
   cd `chart_dir`
   # Grep for uses of .Release.Name that aren't using it as a label.
   local actual=$(grep -r '{{ .Release.Name }}' templates/*.yaml | grep -v 'release: ' | tee /dev/stderr )
-  [ "${actual}" = '' ]
+  [ "${actual}" = 'templates/server-acl-init-job.yaml:                -server-label-selector=component=server,app={{ template "consul.name" . }},release={{ .Release.Name }} \' ]
 }
 
 #--------------------------------------------------------------------

test/unit/server-acl-init-job.bats

@@ -77,25 +77,6 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
-@test "serverACLInit/Job: server address is set to the DNS names of the server stateful set" {
-  cd `chart_dir`
-  local command=$(helm template \
-      -x templates/server-acl-init-job.yaml  \
-      --set 'global.acls.manageSystemACLs=true' \
-      . | tee /dev/stderr |
-      yq '.spec.template.spec.containers[0].command' | tee /dev/stderr)
-
-  local actual
-  actual=$(echo $command | jq -r '. | any(contains("-server-address=\"${CONSUL_FULLNAME}-server-0.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc\""))' | tee /dev/stderr)
-  [ "${actual}" = "true" ]
-
-  actual=$(echo $command | jq -r '. | any(contains("-server-address=\"${CONSUL_FULLNAME}-server-1.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc\""))' | tee /dev/stderr)
-  [ "${actual}" = "true" ]
-
-  actual=$(echo $command | jq -r '. | any(contains("-server-address=\"${CONSUL_FULLNAME}-server-2.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc\""))' | tee /dev/stderr)
-  [ "${actual}" = "true" ]
-}
-
 #--------------------------------------------------------------------
 # dns
 
@@ -249,8 +230,8 @@ load _helpers
   actual=$(echo $command | jq -r '. | any(contains("-consul-ca-cert=/consul/tls/ca/tls.crt"))' | tee /dev/stderr)
   [ "${actual}" = "true" ]
 
-  actual=$(echo $command | jq -r '. | any(contains("-server-port=8501"))' | tee /dev/stderr)
-  [ "${actual}" = "true" ]
+    actual=$(echo $command | jq -r '. | any(contains("-consul-tls-server-name=server.dc1.consul"))' | tee /dev/stderr)
+    [ "${actual}" = "true" ]
 }
 
 @test "serverACLInit/Job: can overwrite CA secret with the provided one" {

values.yaml

@@ -169,7 +169,7 @@ global:
 
     # If true, the Helm chart will automatically manage ACL tokens and policies
     # for all Consul and consul-k8s components. This requires servers to be running inside Kubernetes.
-    # Additionally, requires Consul >= 1.4 and consul-k8s >= 0.14.0.
+    # Additionally, requires Consul >= 1.4 and consul-k8s >= 0.10.1.
     manageSystemACLs: false
 
     # If true, an ACL token will be created that can be used in secondary