diff --git a/templates/server-acl-init-job.yaml b/templates/server-acl-init-job.yaml index 616615689a..bf3d441e34 100644 --- a/templates/server-acl-init-job.yaml +++ b/templates/server-acl-init-job.yaml @@ -80,18 +80,14 @@ spec: - "/bin/sh" - "-ec" - | - CONSUL_FULLNAME="{{template "consul.fullname" . }}" - consul-k8s server-acl-init \ - {{- range $index := until (.Values.server.replicas | int) }} - -server-address="${CONSUL_FULLNAME}-server-{{ $index }}.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc" \ - {{- end }} + -server-label-selector=component=server,app={{ template "consul.name" . }},release={{ .Release.Name }} \ -resource-prefix={{ template "consul.fullname" . }} \ -k8s-namespace={{ .Release.Namespace }} \ {{- if .Values.global.tls.enabled }} -use-https \ -consul-ca-cert=/consul/tls/ca/tls.crt \ - -server-port=8501 \ + -consul-tls-server-name=server.{{ .Values.global.datacenter }}.{{ .Values.global.domain }} \ {{- end }} {{- if .Values.syncCatalog.enabled }} -create-sync-token=true \ @@ -151,6 +147,7 @@ spec: {{- end }} {{- end }} {{- end }} + -expected-replicas={{ .Values.server.replicas }} {{- end }} {{- end }} {{- end }} diff --git a/test/unit/helpers.bats b/test/unit/helpers.bats index 741ad7cb4a..80e3c3def2 100644 --- a/test/unit/helpers.bats +++ b/test/unit/helpers.bats @@ -101,7 +101,7 @@ load _helpers cd `chart_dir` # Grep for uses of .Release.Name that aren't using it as a label. local actual=$(grep -r '{{ .Release.Name }}' templates/*.yaml | grep -v 'release: ' | tee /dev/stderr ) - [ "${actual}" = '' ] + [ "${actual}" = 'templates/server-acl-init-job.yaml: -server-label-selector=component=server,app={{ template "consul.name" . }},release={{ .Release.Name }} \' ] } #-------------------------------------------------------------------- diff --git a/test/unit/server-acl-init-job.bats b/test/unit/server-acl-init-job.bats index e63e593fe6..9ace28d79a 100644 --- a/test/unit/server-acl-init-job.bats +++ b/test/unit/server-acl-init-job.bats @@ -77,25 +77,6 @@ load _helpers [ "${actual}" = "true" ] } -@test "serverACLInit/Job: server address is set to the DNS names of the server stateful set" { - cd `chart_dir` - local command=$(helm template \ - -x templates/server-acl-init-job.yaml \ - --set 'global.acls.manageSystemACLs=true' \ - . | tee /dev/stderr | - yq '.spec.template.spec.containers[0].command' | tee /dev/stderr) - - local actual - actual=$(echo $command | jq -r '. | any(contains("-server-address=\"${CONSUL_FULLNAME}-server-0.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc\""))' | tee /dev/stderr) - [ "${actual}" = "true" ] - - actual=$(echo $command | jq -r '. | any(contains("-server-address=\"${CONSUL_FULLNAME}-server-1.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc\""))' | tee /dev/stderr) - [ "${actual}" = "true" ] - - actual=$(echo $command | jq -r '. | any(contains("-server-address=\"${CONSUL_FULLNAME}-server-2.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc\""))' | tee /dev/stderr) - [ "${actual}" = "true" ] -} - #-------------------------------------------------------------------- # dns @@ -249,8 +230,8 @@ load _helpers actual=$(echo $command | jq -r '. | any(contains("-consul-ca-cert=/consul/tls/ca/tls.crt"))' | tee /dev/stderr) [ "${actual}" = "true" ] - actual=$(echo $command | jq -r '. | any(contains("-server-port=8501"))' | tee /dev/stderr) - [ "${actual}" = "true" ] + actual=$(echo $command | jq -r '. | any(contains("-consul-tls-server-name=server.dc1.consul"))' | tee /dev/stderr) + [ "${actual}" = "true" ] } @test "serverACLInit/Job: can overwrite CA secret with the provided one" { diff --git a/values.yaml b/values.yaml index 5336a25c0f..d88333dd91 100644 --- a/values.yaml +++ b/values.yaml @@ -169,7 +169,7 @@ global: # If true, the Helm chart will automatically manage ACL tokens and policies # for all Consul and consul-k8s components. This requires servers to be running inside Kubernetes. - # Additionally, requires Consul >= 1.4 and consul-k8s >= 0.14.0. + # Additionally, requires Consul >= 1.4 and consul-k8s >= 0.10.1. manageSystemACLs: false # If true, an ACL token will be created that can be used in secondary