From e69ef33f0aeba0657bd035168d33f04b344b93e5 Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Wed, 26 Jan 2022 14:06:56 -0500 Subject: [PATCH] Update names based on Luke's comments. --- CHANGELOG.md | 5 +++++ .../connect-inject-authmethod-clusterrole.yaml | 2 +- .../connect-inject-authmethod-clusterrolebinding.yaml | 10 +++++----- .../connect-inject-authmethod-serviceaccount.yaml | 2 +- charts/consul/templates/enterprise-license-job.yaml | 2 +- charts/consul/templates/partition-init-role.yaml | 2 +- charts/consul/templates/server-acl-init-role.yaml | 2 +- .../subcommand/server-acl-init/command_test.go | 6 +++--- .../subcommand/server-acl-init/connect_inject_test.go | 6 +++--- 9 files changed, 21 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ffdd58e75..deb6ad0374 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ ## UNRELEASED +BREAKING CHANGES: +* Helm + * Some Consul components from the Helm chart have been renamed to ensure consistency in naming across the components. + This will not be a breaking change if Consul components are not referred to by name externally. Check the PR for the list of renamed components. [[GH-993](https://github.com/hashicorp/consul-k8s/pull/985)] + FEATURES: * Helm * Support Envoy 1.20.1. [[GH-958](https://github.com/hashicorp/consul-k8s/pull/958)] diff --git a/charts/consul/templates/connect-inject-authmethod-clusterrole.yaml b/charts/consul/templates/connect-inject-authmethod-clusterrole.yaml index 270d726d18..173c2f86aa 100644 --- a/charts/consul/templates/connect-inject-authmethod-clusterrole.yaml +++ b/charts/consul/templates/connect-inject-authmethod-clusterrole.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "consul.fullname" . }}-connect-injector-authmethod + name: {{ template "consul.fullname" . }}-connect-injector labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} diff --git a/charts/consul/templates/connect-inject-authmethod-clusterrolebinding.yaml b/charts/consul/templates/connect-inject-authmethod-clusterrolebinding.yaml index 7e5adf63fe..7be84fdd00 100644 --- a/charts/consul/templates/connect-inject-authmethod-clusterrolebinding.yaml +++ b/charts/consul/templates/connect-inject-authmethod-clusterrolebinding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "consul.fullname" . }}-connect-injector-authmethod-authdelegator + name: {{ template "consul.fullname" . }}-connect-injector-authdelegator labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -16,13 +16,13 @@ roleRef: name: "system:auth-delegator" subjects: - kind: ServiceAccount - name: {{ template "consul.fullname" . }}-connect-injector-authmethod + name: {{ template "consul.fullname" . }}-connect-injector namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "consul.fullname" . }}-connect-injector-authmethod-serviceaccount + name: {{ template "consul.fullname" . }}-connect-injector labels: app: {{ template "consul.name" . }} chart: {{ template "consul.chart" . }} @@ -31,10 +31,10 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ template "consul.fullname" . }}-connect-injector-authmethod + name: {{ template "consul.fullname" . }}-connect-injector subjects: - kind: ServiceAccount - name: {{ template "consul.fullname" . }}-connect-injector-authmethod + name: {{ template "consul.fullname" . }}-connect-injector namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/charts/consul/templates/connect-inject-authmethod-serviceaccount.yaml b/charts/consul/templates/connect-inject-authmethod-serviceaccount.yaml index 621b5d6038..b8a8330334 100644 --- a/charts/consul/templates/connect-inject-authmethod-serviceaccount.yaml +++ b/charts/consul/templates/connect-inject-authmethod-serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ template "consul.fullname" . }}-connect-injector-authmethod + name: {{ template "consul.fullname" . }}-connect-injector namespace: {{ .Release.Namespace }} labels: app: {{ template "consul.name" . }} diff --git a/charts/consul/templates/enterprise-license-job.yaml b/charts/consul/templates/enterprise-license-job.yaml index 1509d9479e..287b30dcc4 100644 --- a/charts/consul/templates/enterprise-license-job.yaml +++ b/charts/consul/templates/enterprise-license-job.yaml @@ -4,7 +4,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ template "consul.fullname" . }}-license + name: {{ template "consul.fullname" . }}-enterprise-license namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/managed-by: {{.Release.Service | quote }} diff --git a/charts/consul/templates/partition-init-role.yaml b/charts/consul/templates/partition-init-role.yaml index 415d7b1e0e..c13a5378eb 100644 --- a/charts/consul/templates/partition-init-role.yaml +++ b/charts/consul/templates/partition-init-role.yaml @@ -26,7 +26,7 @@ rules: resources: - serviceaccounts resourceNames: - - {{ template "consul.fullname" . }}-connect-injector-authmethod + - {{ template "consul.fullname" . }}-connect-injector verbs: - get {{- end }} diff --git a/charts/consul/templates/server-acl-init-role.yaml b/charts/consul/templates/server-acl-init-role.yaml index 15331d155b..e828ae9b3f 100644 --- a/charts/consul/templates/server-acl-init-role.yaml +++ b/charts/consul/templates/server-acl-init-role.yaml @@ -24,7 +24,7 @@ rules: resources: - serviceaccounts resourceNames: - - {{ template "consul.fullname" . }}-connect-injector-authmethod + - {{ template "consul.fullname" . }}-connect-injector verbs: - get {{- end }} diff --git a/control-plane/subcommand/server-acl-init/command_test.go b/control-plane/subcommand/server-acl-init/command_test.go index 6be6363233..bbbc23f2b7 100644 --- a/control-plane/subcommand/server-acl-init/command_test.go +++ b/control-plane/subcommand/server-acl-init/command_test.go @@ -2265,7 +2265,7 @@ func getBootToken(t *testing.T, k8s *fake.Clientset, prefix string, k8sNamespace func setUpK8sServiceAccount(t *testing.T, k8s *fake.Clientset, namespace string) (string, string) { // Create ServiceAccount for the kubernetes auth method if it doesn't exist, // otherwise, do nothing. - serviceAccountName := resourcePrefix + "-connect-injector-authmethod" + serviceAccountName := resourcePrefix + "-connect-injector" sa, _ := k8s.CoreV1().ServiceAccounts(namespace).Get(context.Background(), serviceAccountName, metav1.GetOptions{}) if sa == nil { // Create a service account that references two secrets. @@ -2282,7 +2282,7 @@ func setUpK8sServiceAccount(t *testing.T, k8s *fake.Clientset, namespace string) Name: resourcePrefix + "-some-other-secret", }, { - Name: resourcePrefix + "-connect-injector-authmethod", + Name: resourcePrefix + "-connect-injector", }, }, }, @@ -2297,7 +2297,7 @@ func setUpK8sServiceAccount(t *testing.T, k8s *fake.Clientset, namespace string) require.NoError(t, err) // Create a Kubernetes secret if it doesn't exist, otherwise update it - secretName := resourcePrefix + "-connect-injector-authmethod" + secretName := resourcePrefix + "-connect-injector" secret := &v1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: secretName, diff --git a/control-plane/subcommand/server-acl-init/connect_inject_test.go b/control-plane/subcommand/server-acl-init/connect_inject_test.go index 0338daefc8..a17d635bc1 100644 --- a/control-plane/subcommand/server-acl-init/connect_inject_test.go +++ b/control-plane/subcommand/server-acl-init/connect_inject_test.go @@ -30,8 +30,8 @@ func TestCommand_createAuthMethodTmpl_SecretNotFound(t *testing.T) { ctx: ctx, } - serviceAccountName := resourcePrefix + "-connect-injector-authmethod" - secretName := resourcePrefix + "-connect-injector-authmethod" + serviceAccountName := resourcePrefix + "-connect-injector" + secretName := resourcePrefix + "-connect-injector" // Create a service account referencing secretName sa, _ := k8s.CoreV1().ServiceAccounts(ns).Get(ctx, serviceAccountName, metav1.GetOptions{}) @@ -65,5 +65,5 @@ func TestCommand_createAuthMethodTmpl_SecretNotFound(t *testing.T) { require.NoError(t, err) _, err = cmd.createAuthMethodTmpl("test") - require.EqualError(t, err, "found no secret of type 'kubernetes.io/service-account-token' associated with the release-name-consul-connect-injector-authmethod service account") + require.EqualError(t, err, "found no secret of type 'kubernetes.io/service-account-token' associated with the release-name-consul-connect-injector service account") }