diff --git a/templates/server-acl-init-job.yaml b/templates/server-acl-init-job.yaml index bf3d441e34..616615689a 100644 --- a/templates/server-acl-init-job.yaml +++ b/templates/server-acl-init-job.yaml @@ -80,14 +80,18 @@ spec: - "/bin/sh" - "-ec" - | + CONSUL_FULLNAME="{{template "consul.fullname" . }}" + consul-k8s server-acl-init \ - -server-label-selector=component=server,app={{ template "consul.name" . }},release={{ .Release.Name }} \ + {{- range $index := until (.Values.server.replicas | int) }} + -server-address="${CONSUL_FULLNAME}-server-{{ $index }}.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc" \ + {{- end }} -resource-prefix={{ template "consul.fullname" . }} \ -k8s-namespace={{ .Release.Namespace }} \ {{- if .Values.global.tls.enabled }} -use-https \ -consul-ca-cert=/consul/tls/ca/tls.crt \ - -consul-tls-server-name=server.{{ .Values.global.datacenter }}.{{ .Values.global.domain }} \ + -server-port=8501 \ {{- end }} {{- if .Values.syncCatalog.enabled }} -create-sync-token=true \ @@ -147,7 +151,6 @@ spec: {{- end }} {{- end }} {{- end }} - -expected-replicas={{ .Values.server.replicas }} {{- end }} {{- end }} {{- end }} diff --git a/test/unit/helpers.bats b/test/unit/helpers.bats index 80e3c3def2..741ad7cb4a 100644 --- a/test/unit/helpers.bats +++ b/test/unit/helpers.bats @@ -101,7 +101,7 @@ load _helpers cd `chart_dir` # Grep for uses of .Release.Name that aren't using it as a label. local actual=$(grep -r '{{ .Release.Name }}' templates/*.yaml | grep -v 'release: ' | tee /dev/stderr ) - [ "${actual}" = 'templates/server-acl-init-job.yaml: -server-label-selector=component=server,app={{ template "consul.name" . }},release={{ .Release.Name }} \' ] + [ "${actual}" = '' ] } #-------------------------------------------------------------------- diff --git a/test/unit/server-acl-init-job.bats b/test/unit/server-acl-init-job.bats index 9ace28d79a..e63e593fe6 100644 --- a/test/unit/server-acl-init-job.bats +++ b/test/unit/server-acl-init-job.bats @@ -77,6 +77,25 @@ load _helpers [ "${actual}" = "true" ] } +@test "serverACLInit/Job: server address is set to the DNS names of the server stateful set" { + cd `chart_dir` + local command=$(helm template \ + -x templates/server-acl-init-job.yaml \ + --set 'global.acls.manageSystemACLs=true' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command' | tee /dev/stderr) + + local actual + actual=$(echo $command | jq -r '. | any(contains("-server-address=\"${CONSUL_FULLNAME}-server-0.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc\""))' | tee /dev/stderr) + [ "${actual}" = "true" ] + + actual=$(echo $command | jq -r '. | any(contains("-server-address=\"${CONSUL_FULLNAME}-server-1.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc\""))' | tee /dev/stderr) + [ "${actual}" = "true" ] + + actual=$(echo $command | jq -r '. | any(contains("-server-address=\"${CONSUL_FULLNAME}-server-2.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc\""))' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + #-------------------------------------------------------------------- # dns @@ -230,8 +249,8 @@ load _helpers actual=$(echo $command | jq -r '. | any(contains("-consul-ca-cert=/consul/tls/ca/tls.crt"))' | tee /dev/stderr) [ "${actual}" = "true" ] - actual=$(echo $command | jq -r '. | any(contains("-consul-tls-server-name=server.dc1.consul"))' | tee /dev/stderr) - [ "${actual}" = "true" ] + actual=$(echo $command | jq -r '. | any(contains("-server-port=8501"))' | tee /dev/stderr) + [ "${actual}" = "true" ] } @test "serverACLInit/Job: can overwrite CA secret with the provided one" { diff --git a/values.yaml b/values.yaml index d88333dd91..5336a25c0f 100644 --- a/values.yaml +++ b/values.yaml @@ -169,7 +169,7 @@ global: # If true, the Helm chart will automatically manage ACL tokens and policies # for all Consul and consul-k8s components. This requires servers to be running inside Kubernetes. - # Additionally, requires Consul >= 1.4 and consul-k8s >= 0.10.1. + # Additionally, requires Consul >= 1.4 and consul-k8s >= 0.14.0. manageSystemACLs: false # If true, an ACL token will be created that can be used in secondary