Revert "Revert "Provide server stateful set DNS names to the ACL init…

… job (hashicorp#401)" (hashicorp#424)" This reverts commit 409f95b.
ndhanushkodi · Apr 16, 2020 · f89be18 · f89be18
1 parent 409f95b
commit f89be18
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 7 deletions.
diff --git a/templates/server-acl-init-job.yaml b/templates/server-acl-init-job.yaml
@@ -80,14 +80,18 @@ spec:
             - "/bin/sh"
             - "-ec"
             - |
+              CONSUL_FULLNAME="{{template "consul.fullname" . }}"
+
               consul-k8s server-acl-init \
-                -server-label-selector=component=server,app={{ template "consul.name" . }},release={{ .Release.Name }} \
+                {{- range $index := until (.Values.server.replicas | int) }}
+                -server-address="${CONSUL_FULLNAME}-server-{{ $index }}.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc" \
+                {{- end }}
                 -resource-prefix={{ template "consul.fullname" . }} \
                 -k8s-namespace={{ .Release.Namespace }} \
                 {{- if .Values.global.tls.enabled }}
                 -use-https \
                 -consul-ca-cert=/consul/tls/ca/tls.crt \
-                -consul-tls-server-name=server.{{ .Values.global.datacenter }}.{{ .Values.global.domain }} \
+                -server-port=8501 \
                 {{- end }}
                 {{- if .Values.syncCatalog.enabled }}
                 -create-sync-token=true \
@@ -147,7 +151,6 @@ spec:
                 {{- end }}
                 {{- end }}
                 {{- end }}
-                -expected-replicas={{ .Values.server.replicas }}
 {{- end }}
 {{- end }}
 {{- end }}
diff --git a/test/unit/helpers.bats b/test/unit/helpers.bats
@@ -101,7 +101,7 @@ load _helpers
   cd `chart_dir`
   # Grep for uses of .Release.Name that aren't using it as a label.
   local actual=$(grep -r '{{ .Release.Name }}' templates/*.yaml | grep -v 'release: ' | tee /dev/stderr )
-  [ "${actual}" = 'templates/server-acl-init-job.yaml:                -server-label-selector=component=server,app={{ template "consul.name" . }},release={{ .Release.Name }} \' ]
+  [ "${actual}" = '' ]
 }
 
 #--------------------------------------------------------------------

diff --git a/test/unit/server-acl-init-job.bats b/test/unit/server-acl-init-job.bats
@@ -77,6 +77,25 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
+@test "serverACLInit/Job: server address is set to the DNS names of the server stateful set" {
+  cd `chart_dir`
+  local command=$(helm template \
+      -x templates/server-acl-init-job.yaml  \
+      --set 'global.acls.manageSystemACLs=true' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.containers[0].command' | tee /dev/stderr)
+
+  local actual
+  actual=$(echo $command | jq -r '. | any(contains("-server-address=\"${CONSUL_FULLNAME}-server-0.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc\""))' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+
+  actual=$(echo $command | jq -r '. | any(contains("-server-address=\"${CONSUL_FULLNAME}-server-1.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc\""))' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+
+  actual=$(echo $command | jq -r '. | any(contains("-server-address=\"${CONSUL_FULLNAME}-server-2.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc\""))' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
 #--------------------------------------------------------------------
 # dns
 
@@ -230,8 +249,8 @@ load _helpers
   actual=$(echo $command | jq -r '. | any(contains("-consul-ca-cert=/consul/tls/ca/tls.crt"))' | tee /dev/stderr)
   [ "${actual}" = "true" ]
 
-    actual=$(echo $command | jq -r '. | any(contains("-consul-tls-server-name=server.dc1.consul"))' | tee /dev/stderr)
-    [ "${actual}" = "true" ]
+  actual=$(echo $command | jq -r '. | any(contains("-server-port=8501"))' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
 }
 
 @test "serverACLInit/Job: can overwrite CA secret with the provided one" {

diff --git a/values.yaml b/values.yaml
@@ -169,7 +169,7 @@ global:
 
     # If true, the Helm chart will automatically manage ACL tokens and policies
     # for all Consul and consul-k8s components. This requires servers to be running inside Kubernetes.
-    # Additionally, requires Consul >= 1.4 and consul-k8s >= 0.10.1.
+    # Additionally, requires Consul >= 1.4 and consul-k8s >= 0.14.0.
     manageSystemACLs: false
 
     # If true, an ACL token will be created that can be used in secondary