Removing the gateway type suffix from the naming conventions for terminating and ingress gateways

acceptance/tests/ingress-gateway/ingress_gateway_namespaces_test.go

@@ -121,7 +121,7 @@ func TestIngressGatewaySingleNamespace(t *testing.T) {
 			require.NoError(t, err)
 			require.Equal(t, true, created, "config entry failed")
 
-			ingressGatewayService := fmt.Sprintf("http://%s-consul-%s-ingress-gateway.%s:8080/", releaseName, igName, ctx.KubectlOptions(t).Namespace)
+			ingressGatewayService := fmt.Sprintf("http://%s-consul-%s.%s:8080/", releaseName, igName, ctx.KubectlOptions(t).Namespace)
 
 			// If ACLs are enabled, test that intentions prevent connections.
 			if c.secure {
@@ -247,7 +247,7 @@ func TestIngressGatewayNamespaceMirroring(t *testing.T) {
 			require.NoError(t, err)
 			require.Equal(t, true, created, "config entry failed")
 
-			ingressGatewayService := fmt.Sprintf("http://%s-consul-%s-ingress-gateway.%s:8080/", releaseName, igName, ctx.KubectlOptions(t).Namespace)
+			ingressGatewayService := fmt.Sprintf("http://%s-consul-%s.%s:8080/", releaseName, igName, ctx.KubectlOptions(t).Namespace)
 
 			// If ACLs are enabled, test that intentions prevent connections.
 			if c.secure {

acceptance/tests/ingress-gateway/ingress_gateway_test.go

@@ -97,7 +97,7 @@ func TestIngressGateway(t *testing.T) {
 				logger.Log(t, "testing intentions prevent ingress")
 				k8s.CheckStaticServerConnectionFailing(t, k8sOptions,
 					staticClientName, "-H", "Host: static-server.ingress.consul",
-					fmt.Sprintf("http://%s-consul-%s-ingress-gateway:8080/", releaseName, igName))
+					fmt.Sprintf("http://%s-consul-%s:8080/", releaseName, igName))
 
 				// Now we create the allow intention.
 				logger.Log(t, "creating ingress-gateway => static-server intention")
@@ -119,7 +119,7 @@ func TestIngressGateway(t *testing.T) {
 			logger.Log(t, "trying calls to ingress gateway")
 			k8s.CheckStaticServerConnectionSuccessful(t, k8sOptions,
 				staticClientName, "-H", "Host: static-server.ingress.consul",
-				fmt.Sprintf("http://%s-consul-%s-ingress-gateway:8080/", releaseName, igName))
+				fmt.Sprintf("http://%s-consul-%s:8080/", releaseName, igName))
 		})
 	}
 }

acceptance/tests/snapshot-agent/snapshot_agent_k8s_secret_test.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"strings"
 	"testing"
+	"time"
 
 	terratestLogger "github.com/gruntwork-io/terratest/modules/logger"
 	"github.com/hashicorp/consul-k8s/acceptance/framework/consul"
@@ -80,6 +81,9 @@ func TestSnapshotAgent_K8sSecret(t *testing.T) {
 	require.NoError(t, err)
 	require.True(t, len(podList.Items) > 0)
 
+	// Wait for 10seconds to allow snapsot to write.
+	time.Sleep(10 * time.Second)
+
 	// Loop through snapshot agents.  Only one will be the leader and have the snapshot files.
 	hasSnapshots := false
 	for _, pod := range podList.Items {

acceptance/tests/snapshot-agent/snapshot_agent_vault_test.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"strings"
 	"testing"
+	"time"
 
 	terratestLogger "github.com/gruntwork-io/terratest/modules/logger"
 	"github.com/hashicorp/consul-k8s/acceptance/framework/consul"
@@ -119,6 +120,9 @@ func TestSnapshotAgent_Vault(t *testing.T) {
 	require.NoError(t, err)
 	require.True(t, len(podList.Items) > 0)
 
+	// Wait for 10seconds to allow snapsot to write.
+	time.Sleep(10 * time.Second)
+
 	// Loop through snapshot agents.  Only one will be the leader and have the snapshot files.
 	hasSnapshots := false
 	for _, pod := range podList.Items {

charts/consul/templates/ingress-gateways-deployment.yaml

@@ -9,6 +9,17 @@
 {{- $defaults := .Values.ingressGateways.defaults }}
 {{- $names := dict }}
 
+{{- /* Check if gateway names are unique. */ -}}
+{{- $gateways := .Values.ingressGateways.gateways }}
+{{- range $outerIngressIndex, $outerIngressVal := $gateways }}
+
+{{- range $innerIngressIndex, $innerIngressVal := $gateways }}
+{{- if (and (ne $outerIngressIndex $innerIngressIndex) (eq $outerIngressVal.name $innerIngressVal.name)) }}
+{{ fail (cat "ingress gateways must have unique names but found duplicate name" $innerIngressVal.name) }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+
 {{- range .Values.ingressGateways.gateways }}
 
 {{- $service := .service }}
@@ -26,15 +37,15 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+  name: {{ template "consul.fullname" $root }}-{{ .name }}
   namespace: {{ $root.Release.Namespace }}
   labels:
     app: {{ template "consul.name" $root }}
     chart: {{ template "consul.chart" $root }}
     heritage: {{ $root.Release.Service }}
     release: {{ $root.Release.Name }}
     component: ingress-gateway
-    ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+    ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
 spec:
   replicas: {{ default $defaults.replicas .replicas }}
   selector:
@@ -44,7 +55,7 @@ spec:
       heritage: {{ $root.Release.Service }}
       release: {{ $root.Release.Name }}
       component: ingress-gateway
-      ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+      ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
   template:
     metadata:
       labels:
@@ -53,7 +64,7 @@ spec:
         heritage: {{ $root.Release.Service }}
         release: {{ $root.Release.Name }}
         component: ingress-gateway
-        ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+        ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
       annotations:
         {{- if (and $root.Values.global.secretsBackend.vault.enabled $root.Values.global.tls.enabled) }}
         "vault.hashicorp.com/agent-init-first": "true"
@@ -92,7 +103,7 @@ spec:
         {{ tpl (default $defaults.tolerations .tolerations) $root | nindent 8 | trim }}
       {{- end }}
       terminationGracePeriodSeconds: {{ default $defaults.terminationGracePeriodSeconds .terminationGracePeriodSeconds }}
-      serviceAccountName: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+      serviceAccountName: {{ template "consul.fullname" $root }}-{{ .name }}
       volumes:
         - name: consul-bin
           emptyDir: {}
@@ -189,7 +200,7 @@ spec:
                   -log-level={{ $root.Values.global.logLevel }} \
                   -log-json={{ $root.Values.global.logJSON }} \
                   -k8s-namespace={{ $root.Release.Namespace }} \
-                  -name={{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway \
+                  -name={{ template "consul.fullname" $root }}-{{ .name }} \
                   -output-file=/tmp/address.txt
                 WAN_ADDR="$(cat /tmp/address.txt)"
                 {{- else }}

charts/consul/templates/ingress-gateways-podsecuritypolicy.yaml

@@ -4,15 +4,15 @@
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
-  name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+  name: {{ template "consul.fullname" $root }}-{{ .name }}
   namespace: {{ $root.Release.Namespace }}
   labels:
     app: {{ template "consul.name" $root }}
     chart: {{ template "consul.chart" $root }}
     heritage: {{ $root.Release.Service }}
     release: {{ $root.Release.Name }}
     component: ingress-gateway
-    ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+    ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
 spec:
   privileged: false
   # Required to prevent escalations to root.

charts/consul/templates/ingress-gateways-role.yaml

@@ -7,28 +7,28 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+  name: {{ template "consul.fullname" $root }}-{{ .name }}
   namespace: {{ $root.Release.Namespace }}
   labels:
     app: {{ template "consul.name" $root }}
     chart: {{ template "consul.chart" $root }}
     heritage: {{ $root.Release.Service }}
     release: {{ $root.Release.Name }}
     component: ingress-gateway
-    ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+    ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
 rules:
   - apiGroups: [""]
     resources:
       - services
     resourceNames:
-      - {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+      - {{ template "consul.fullname" $root }}-{{ .name }}
     verbs:
       - get
 {{- if $root.Values.global.enablePodSecurityPolicies }}
   - apiGroups: ["policy"]
     resources: ["podsecuritypolicies"]
     resourceNames:
-      - {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+      - {{ template "consul.fullname" $root }}-{{ .name }}
     verbs:
       - use
 {{- end }}
@@ -37,7 +37,7 @@ rules:
     resources:
       - secrets
     resourceNames:
-      - {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway-acl-token
+      - {{ template "consul.fullname" $root }}-{{ .name }}-acl-token
     verbs:
       - get
 {{- end }}

charts/consul/templates/ingress-gateways-rolebinding.yaml

@@ -4,22 +4,22 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+  name: {{ template "consul.fullname" $root }}-{{ .name }}
   namespace: {{ $root.Release.Namespace }}
   labels:
     app: {{ template "consul.name" $root }}
     chart: {{ template "consul.chart" $root }}
     heritage: {{ $root.Release.Service }}
     release: {{ $root.Release.Name }}
     component: ingress-gateway
-    ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+    ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+  name: {{ template "consul.fullname" $root }}-{{ .name }}
 subjects:
   - kind: ServiceAccount
-    name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+    name: {{ template "consul.fullname" $root }}-{{ .name }}
 ---
 {{- end }}
 {{- end }}

charts/consul/templates/ingress-gateways-service.yaml

@@ -9,15 +9,15 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+  name: {{ template "consul.fullname" $root }}-{{ .name }}
   namespace: {{ $root.Release.Namespace }}
   labels:
     app: {{ template "consul.name" $root }}
     chart: {{ template "consul.chart" $root }}
     heritage: {{ $root.Release.Service }}
     release: {{ $root.Release.Name }}
     component: ingress-gateway
-    ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+    ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
   {{- if (or $defaults.service.annotations $service.annotations) }}
   # We allow both default annotations and gateway-specific annotations
   annotations:
@@ -33,7 +33,7 @@ spec:
     app: {{ template "consul.name" $root }}
     release: "{{ $root.Release.Name }}"
     component: ingress-gateway
-    ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+    ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
   ports:
     {{- range $index, $ports := (default $defaults.service.ports $service.ports) }}
     - name: gateway-{{ $index }}

charts/consul/templates/ingress-gateways-serviceaccount.yaml

@@ -6,15 +6,15 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+  name: {{ template "consul.fullname" $root }}-{{ .name }}
   namespace: {{ $root.Release.Namespace }}
   labels:
     app: {{ template "consul.name" $root }}
     chart: {{ template "consul.chart" $root }}
     heritage: {{ $root.Release.Service }}
     release: {{ $root.Release.Name }}
     component: ingress-gateway
-    ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway
+    ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
   {{- if (or $defaults.serviceAccount.annotations $serviceAccount.annotations) }}
   annotations:
     {{- if $defaults.serviceAccount.annotations }}

charts/consul/templates/terminating-gateways-deployment.yaml

@@ -9,6 +9,22 @@
 {{- $defaults := .Values.terminatingGateways.defaults }}
 {{- $names := dict }}
 
+{{- $gateways := .Values.terminatingGateways.gateways }}
+{{- range $outerTerminatingIndex, $outerTerminatingVal := $gateways }}
+
+{{- range $innerTerminatingIndex, $innerTerminatingVal := $gateways }}
+{{- if (and (ne $outerTerminatingIndex $innerTerminatingIndex) (eq $outerTerminatingVal.name $innerTerminatingVal.name)) }}
+{{ fail (cat "terminating gateways must have unique names but found duplicate name" $innerTerminatingVal.name) }}
+{{ end -}}
+{{ end -}}
+
+{{- range $outerIngressIndex, $outerIngressVal := $root.Values.ingressGateways.gateways }}
+{{- if (eq $outerTerminatingVal.name $outerIngressVal.name) }}
+{{ fail (cat "terminating gateways cannot have duplicate names of any ingress gateways but found duplicate name" $outerTerminatingVal.name) }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+
 {{- range .Values.terminatingGateways.gateways }}
 
 {{- if empty .name }}
@@ -24,15 +40,15 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway
+  name: {{ template "consul.fullname" $root }}-{{ .name }}
   namespace: {{ $root.Release.Namespace }}
   labels:
     app: {{ template "consul.name" $root }}
     chart: {{ template "consul.chart" $root }}
     heritage: {{ $root.Release.Service }}
     release: {{ $root.Release.Name }}
     component: terminating-gateway
-    terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway
+    terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
 spec:
   replicas: {{ default $defaults.replicas .replicas }}
   selector:
@@ -42,7 +58,7 @@ spec:
       heritage: {{ $root.Release.Service }}
       release: {{ $root.Release.Name }}
       component: terminating-gateway
-      terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway
+      terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
   template:
     metadata:
       labels:
@@ -51,7 +67,7 @@ spec:
         heritage: {{ $root.Release.Service }}
         release: {{ $root.Release.Name }}
         component: terminating-gateway
-        terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway
+        terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
       annotations:
         {{- if (and $root.Values.global.secretsBackend.vault.enabled $root.Values.global.tls.enabled) }}
         "vault.hashicorp.com/agent-init-first": "true"
@@ -90,7 +106,7 @@ spec:
         {{ tpl (default $defaults.tolerations .tolerations) $root | nindent 8 | trim }}
       {{- end }}
       terminationGracePeriodSeconds: 10
-      serviceAccountName: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway
+      serviceAccountName: {{ template "consul.fullname" $root }}-{{ .name }}
       volumes:
         - name: consul-bin
           emptyDir: {}

charts/consul/templates/terminating-gateways-podsecuritypolicy.yaml

@@ -4,15 +4,15 @@
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
-  name:  {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway
+  name:  {{ template "consul.fullname" $root }}-{{ .name }}
   namespace: {{ $root.Release.Namespace }}
   labels:
     app: {{ template "consul.name" $root }}
     chart: {{ template "consul.chart" $root }}
     heritage: {{ $root.Release.Service }}
     release: {{ $root.Release.Name }}
     component: terminating-gateway
-    terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway
+    terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
 spec:
   privileged: false
   # Required to prevent escalations to root.

charts/consul/templates/terminating-gateways-role.yaml

@@ -7,22 +7,22 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name:  {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway
+  name:  {{ template "consul.fullname" $root }}-{{ .name }}
   namespace: {{ $root.Release.Namespace }}
   labels:
     app: {{ template "consul.name" $root }}
     chart: {{ template "consul.chart" $root }}
     heritage: {{ $root.Release.Service }}
     release: {{ $root.Release.Name }}
     component: terminating-gateway
-    terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway
+    terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
 {{- if (or $root.Values.global.acls.manageSystemACLs $root.Values.global.enablePodSecurityPolicies) }}
 rules:
 {{- if $root.Values.global.enablePodSecurityPolicies }}
   - apiGroups: ["policy"]
     resources: ["podsecuritypolicies"]
     resourceNames:
-      -  {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway
+      -  {{ template "consul.fullname" $root }}-{{ .name }}
     verbs:
       - use
 {{- end }}
@@ -31,7 +31,7 @@ rules:
     resources:
       - secrets
     resourceNames:
-      -  {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway-acl-token
+      -  {{ template "consul.fullname" $root }}-{{ .name }}-acl-token
     verbs:
       - get
 {{- end }}