diff --git a/charts/consul/test/unit/connect-inject-deployment.bats b/charts/consul/test/unit/connect-inject-deployment.bats index 11c2b7e05c..f0fb8ba347 100755 --- a/charts/consul/test/unit/connect-inject-deployment.bats +++ b/charts/consul/test/unit/connect-inject-deployment.bats @@ -1496,7 +1496,7 @@ load _helpers #-------------------------------------------------------------------- # replicas -@test "connectInject/Deployment: replicas defaults to 2" { +@test "connectInject/Deployment: replicas defaults to 1" { cd `chart_dir` local actual=$(helm template \ -s templates/connect-inject-deployment.yaml \ @@ -1504,7 +1504,7 @@ load _helpers . | tee /dev/stderr | yq '.spec.replicas' | tee /dev/stderr) - [ "${actual}" = "2" ] + [ "${actual}" = "1" ] } @test "connectInject/Deployment: replicas can be set" { diff --git a/charts/consul/test/unit/ingress-gateways-deployment.bats b/charts/consul/test/unit/ingress-gateways-deployment.bats index 506a2a62c0..fac8f5fc27 100644 --- a/charts/consul/test/unit/ingress-gateways-deployment.bats +++ b/charts/consul/test/unit/ingress-gateways-deployment.bats @@ -365,7 +365,7 @@ load _helpers #-------------------------------------------------------------------- # replicas -@test "ingressGateways/Deployment: replicas defaults to 2" { +@test "ingressGateways/Deployment: replicas defaults to 1" { cd `chart_dir` local actual=$(helm template \ -s templates/ingress-gateways-deployment.yaml \ @@ -373,7 +373,7 @@ load _helpers --set 'connectInject.enabled=true' \ . | tee /dev/stderr | yq -s -r '.[0].spec.replicas' | tee /dev/stderr) - [ "${actual}" = "2" ] + [ "${actual}" = "1" ] } @test "ingressGateways/Deployment: replicas can be set through defaults" { @@ -590,15 +590,15 @@ load _helpers #-------------------------------------------------------------------- # affinity -@test "ingressGateways/Deployment: affinity defaults to one per node" { +@test "ingressGateways/Deployment: affinity defaults to null" { cd `chart_dir` local actual=$(helm template \ -s templates/ingress-gateways-deployment.yaml \ --set 'ingressGateways.enabled=true' \ --set 'connectInject.enabled=true' \ . | tee /dev/stderr | - yq -s -r '.[0].spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].topologyKey' | tee /dev/stderr) - [ "${actual}" = "kubernetes.io/hostname" ] + yq -s -r '.[0].spec.template.spec.affinity' | tee /dev/stderr) + [ "${actual}" = "null" ] } @test "ingressGateways/Deployment: affinity can be set through defaults" { diff --git a/charts/consul/test/unit/mesh-gateway-deployment.bats b/charts/consul/test/unit/mesh-gateway-deployment.bats index af42ce2649..ebcc9bcfaf 100755 --- a/charts/consul/test/unit/mesh-gateway-deployment.bats +++ b/charts/consul/test/unit/mesh-gateway-deployment.bats @@ -164,7 +164,7 @@ key2: value2' \ #-------------------------------------------------------------------- # replicas -@test "meshGateway/Deployment: replicas defaults to 2" { +@test "meshGateway/Deployment: replicas defaults to 1" { cd `chart_dir` local actual=$(helm template \ -s templates/mesh-gateway-deployment.yaml \ @@ -172,7 +172,7 @@ key2: value2' \ --set 'connectInject.enabled=true' \ . | tee /dev/stderr | yq -r '.spec.replicas' | tee /dev/stderr) - [ "${actual}" = "2" ] + [ "${actual}" = "1" ] } @test "meshGateway/Deployment: replicas can be overridden" { @@ -190,15 +190,15 @@ key2: value2' \ #-------------------------------------------------------------------- # affinity -@test "meshGateway/Deployment: affinity defaults to one per node" { +@test "meshGateway/Deployment: affinity defaults to null" { cd `chart_dir` local actual=$(helm template \ -s templates/mesh-gateway-deployment.yaml \ --set 'meshGateway.enabled=true' \ --set 'connectInject.enabled=true' \ . | tee /dev/stderr | - yq -r '.spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].topologyKey' | tee /dev/stderr) - [ "${actual}" = "kubernetes.io/hostname" ] + yq -r '.spec.template.spec.affinity' | tee /dev/stderr) + [ "${actual}" = "null" ] } @test "meshGateway/Deployment: affinity can be overridden" { diff --git a/charts/consul/test/unit/terminating-gateways-deployment.bats b/charts/consul/test/unit/terminating-gateways-deployment.bats index 17afd8054e..5c6eca9d9e 100644 --- a/charts/consul/test/unit/terminating-gateways-deployment.bats +++ b/charts/consul/test/unit/terminating-gateways-deployment.bats @@ -403,7 +403,7 @@ load _helpers #-------------------------------------------------------------------- # replicas -@test "terminatingGateways/Deployment: replicas defaults to 2" { +@test "terminatingGateways/Deployment: replicas defaults to 1" { cd `chart_dir` local actual=$(helm template \ -s templates/terminating-gateways-deployment.yaml \ @@ -411,7 +411,7 @@ load _helpers --set 'connectInject.enabled=true' \ . | tee /dev/stderr | yq -s -r '.[0].spec.replicas' | tee /dev/stderr) - [ "${actual}" = "2" ] + [ "${actual}" = "1" ] } @test "terminatingGateways/Deployment: replicas can be set through defaults" { @@ -663,15 +663,15 @@ load _helpers #-------------------------------------------------------------------- # affinity -@test "terminatingGateways/Deployment: affinity defaults to one per node" { +@test "terminatingGateways/Deployment: affinity defaults to null" { cd `chart_dir` local actual=$(helm template \ -s templates/terminating-gateways-deployment.yaml \ --set 'terminatingGateways.enabled=true' \ --set 'connectInject.enabled=true' \ . | tee /dev/stderr | - yq -s -r '.[0].spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].topologyKey' | tee /dev/stderr) - [ "${actual}" = "kubernetes.io/hostname" ] + yq -s -r '.[0].spec.template.spec.affinity' | tee /dev/stderr) + [ "${actual}" = "null" ] } @test "terminatingGateways/Deployment: affinity can be set through defaults" { diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml index 1eb424f4e3..620cd7922a 100644 --- a/charts/consul/values.yaml +++ b/charts/consul/values.yaml @@ -77,7 +77,7 @@ global: # - name: pull-secret-name-2 # ``` # @type: array - imagePullSecrets: [] + imagePullSecrets: [ ] # The name (and tag) of the consul-k8s-control-plane Docker # image that is used for functionality such as catalog sync. @@ -251,7 +251,7 @@ global: # @type: string secretName: null - # Configuration to the Vault Secret that Kubernetes will use on + # Configuration to the Vault Secret that Kubernetes will use on # Kubernetes CRD creation, deletion, and update, to get CA certificates # used issued from vault to send webhooks to the controller. caCert: @@ -316,7 +316,7 @@ global: # See https://www.consul.io/docs/agent/config/cli-flags#_recursor for more details. # If this is an empty array (the default), then Consul DNS will only resolve queries for the Consul top level domain (by default `.consul`). # @type: array - recursors: [] + recursors: [ ] # Enables TLS (https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure) # across the cluster to verify authenticity of the Consul servers and clients. @@ -336,13 +336,13 @@ global: # in the server certificate. This is useful when you need to access the # Consul server(s) externally, for example, if you're using the UI. # @type: array - serverAdditionalDNSSANs: [] + serverAdditionalDNSSANs: [ ] # A list of additional IP addresses to set as Subject Alternative Names (SANs) # in the server certificate. This is useful when you need to access the # Consul server(s) externally, for example, if you're using the UI. # @type: array - serverAdditionalIPSANs: [] + serverAdditionalIPSANs: [ ] # If true, `verify_outgoing`, `verify_server_hostname`, # and `verify_incoming` for internal RPC communication will be set to `true` for Consul servers and clients. @@ -518,7 +518,7 @@ global: # A list of addresses of the primary mesh gateways in the form `:`. # (e.g. ["1.1.1.1:443", "2.3.4.5:443"] # @type: array - primaryGateways: [] + primaryGateways: [ ] # If you are setting `global.federation.enabled` to true and are in a secondary datacenter, # set `k8sAuthMethodHost` to the address of the Kubernetes API server of the secondary datacenter. @@ -910,7 +910,7 @@ server: # with `-config-dir`. This defaults to false. # # @type: array - extraVolumes: [] + extraVolumes: [ ] # A list of sidecar containers. # Example: @@ -923,7 +923,7 @@ server: # - ... # ``` # @type: array - extraContainers: [] + extraContainers: [ ] # This value defines the affinity (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) # for server pods. It defaults to allowing only a single server pod on each node, which @@ -1077,7 +1077,7 @@ server: # feature, in case kubernetes cluster is behind egress http proxies. Additionally, # it could be used to configure custom consul parameters. # @type: map - extraEnvironmentVars: {} + extraEnvironmentVars: { } # [Enterprise Only] Values for setting up and running snapshot agents # (https://consul.io/commands/snapshot/agent) @@ -1147,7 +1147,7 @@ externalServers: # should be the same, however, they may be different if you # wish to use separate hosts for the HTTPS connections. # @type: array - hosts: [] + hosts: [ ] # The HTTPS port of the Consul servers. httpsPort: 8501 @@ -1345,7 +1345,7 @@ client: # with `-config-dir`. This defaults to false. # # @type: array - extraVolumes: [] + extraVolumes: [ ] # A list of sidecar containers. # Example: @@ -1358,7 +1358,7 @@ client: # - ... # ``` # @type: array - extraContainers: [] + extraContainers: [ ] # Toleration Settings for Client pods # This should be a multi-line string matching the Toleration array @@ -1436,7 +1436,7 @@ client: # feature, in case kubernetes cluster is behind egress http proxies. Additionally, # it could be used to configure custom consul parameters. # @type: map - extraEnvironmentVars: {} + extraEnvironmentVars: { } # This value defines the Pod DNS policy (https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) # for client pods to use. @@ -1593,7 +1593,7 @@ ui: # ``` # # @type: array - hosts: [] + hosts: [ ] # tls is a list of hosts and secret name in an Ingress # which tells the Ingress controller to secure the channel. @@ -1605,7 +1605,7 @@ ui: # secretName: testsecret-tls # ``` # @type: array - tls: [] + tls: [ ] # Annotations to apply to the UI ingress. # @@ -1695,7 +1695,7 @@ syncCatalog: # # Note: `k8sDenyNamespaces` takes precedence over values defined here. # @type: array - k8sAllowNamespaces: ["*"] + k8sAllowNamespaces: [ "*" ] # List of k8s namespaces that should not have their # services synced. This list takes precedence over `k8sAllowNamespaces`. @@ -1705,7 +1705,7 @@ syncCatalog: # `["namespace1", "namespace2"]`, then all k8s namespaces besides `namespace1` # and `namespace2` will be synced. # @type: array - k8sDenyNamespaces: ["kube-system", "kube-public"] + k8sDenyNamespaces: [ "kube-system", "kube-public" ] # [DEPRECATED] Use k8sAllowNamespaces and k8sDenyNamespaces instead. For # backwards compatibility, if both this and the allow/deny lists are set, @@ -1888,7 +1888,7 @@ connectInject: enabled: true # The number of deployment replicas. - replicas: 2 + replicas: 1 # Image for consul-k8s-control-plane that contains the injector. # @type: string @@ -2171,7 +2171,7 @@ connectInject: # `namespaceSelector` takes precedence over both since it is applied first. # `kube-system` and `kube-public` are never injected, even if included here. # @type: array - k8sAllowNamespaces: ["*"] + k8sAllowNamespaces: [ "*" ] # List of k8s namespaces that should not allow Connect # sidecar injection. This list takes precedence over `k8sAllowNamespaces`. @@ -2184,7 +2184,7 @@ connectInject: # Note: `namespaceSelector` takes precedence over this since it is applied first. # `kube-system` and `kube-public` are never injected. # @type: array - k8sDenyNamespaces: [] + k8sDenyNamespaces: [ ] # [Enterprise Only] These settings manage the connect injector's interaction with # Consul namespaces (requires consul-ent v1.7+). @@ -2325,7 +2325,7 @@ meshGateway: enabled: false # Number of replicas for the Deployment. - replicas: 2 + replicas: 1 # What gets registered as WAN address for the gateway. wanAddress: @@ -2460,18 +2460,26 @@ meshGateway: memory: "50Mi" cpu: "50m" - # By default, we set an anti-affinity so that two gateway pods won't be - # on the same node. NOTE: Gateways require that Consul client agents are - # also running on the nodes alongside each gateway pod. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: {{ template "consul.name" . }} - release: "{{ .Release.Name }}" - component: mesh-gateway - topologyKey: kubernetes.io/hostname + # This value defines the affinity (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) + # for mesh gateway pods. It defaults to `null` thereby allowing multiple gateway pods on each node. But if one would prefer + # a mode which minimizes risk of the cluster becoming unusable if a node is lost, set this value + # to the value in the example below. + # + # Example: + # + # ```yaml + # affinity: | + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchLabels: + # app: {{ template "consul.name" . }} + # release: "{{ .Release.Name }}" + # component: mesh-gateway + # topologyKey: kubernetes.io/hostname + # ``` + # @type: string + affinity: null # Optional YAML string to specify tolerations. # @type: string @@ -2535,7 +2543,7 @@ ingressGateways: # for a specific gateway. defaults: # Number of replicas for each ingress gateway defined. - replicas: 2 + replicas: 1 # The service options configure the Service that fronts the gateway Deployment. service: @@ -2553,10 +2561,10 @@ ingressGateways: # @default: [{port: 8080, port: 8443}] # @recurse: false ports: - - port: 8080 - nodePort: null - - port: 8443 - nodePort: null + - port: 8080 + nodePort: null + - port: 8443 + nodePort: null # Annotations to apply to the ingress gateway service. Annotations defined # here will be applied to all ingress gateway services in addition to any @@ -2599,18 +2607,26 @@ ingressGateways: memory: "100Mi" cpu: "100m" - # By default, we set an anti-affinity so that two of the same gateway pods - # won't be on the same node. NOTE: Gateways require that Consul client agents are - # also running on the nodes alongside each gateway pod. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: {{ template "consul.name" . }} - release: "{{ .Release.Name }}" - component: ingress-gateway - topologyKey: kubernetes.io/hostname + # This value defines the affinity (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) + # for ingress gateway pods. It defaults to `null` thereby allowing multiple gateway pods on each node. But if one would prefer + # a mode which minimizes risk of the cluster becoming unusable if a node is lost, set this value + # to the value in the example below. + # + # Example: + # + # ```yaml + # affinity: | + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchLabels: + # app: {{ template "consul.name" . }} + # release: "{{ .Release.Name }}" + # component: ingress-gateway + # topologyKey: kubernetes.io/hostname + # ``` + # @type: string + affinity: null # Optional YAML string to specify tolerations. # @type: string @@ -2672,7 +2688,7 @@ ingressGateways: # case of annotations where both will be applied. # @type: array gateways: - - name: ingress-gateway + - name: ingress-gateway # Configuration options for terminating gateways. Default values for all # terminating gateways are defined in `terminatingGateways.defaults`. Any of @@ -2693,7 +2709,7 @@ terminatingGateways: # for a specific gateway. defaults: # Number of replicas for each terminating gateway defined. - replicas: 2 + replicas: 1 # A list of extra volumes to mount. These will be exposed to Consul in the path `/consul/userconfig//`. # @@ -2708,7 +2724,7 @@ terminatingGateways: # path: path # secret will now mount to /consul/userconfig/my-secret/path # ``` # @type: array - extraVolumes: [] + extraVolumes: [ ] # Resource limits for all terminating gateway pods # @recurse: false @@ -2721,18 +2737,26 @@ terminatingGateways: memory: "100Mi" cpu: "100m" - # By default, we set an anti-affinity so that two of the same gateway pods - # won't be on the same node. NOTE: Gateways require that Consul client agents are - # also running on the nodes alongside each gateway pod. - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: {{ template "consul.name" . }} - release: "{{ .Release.Name }}" - component: terminating-gateway - topologyKey: kubernetes.io/hostname + # This value defines the affinity (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) + # for terminating gateway pods. It defaults to `null` thereby allowing multiple gateway pods on each node. But if one would prefer + # a mode which minimizes risk of the cluster becoming unusable if a node is lost, set this value + # to the value in the example below. + # + # Example: + # + # ```yaml + # affinity: | + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchLabels: + # app: {{ template "consul.name" . }} + # release: "{{ .Release.Name }}" + # component: terminating-gateway + # topologyKey: kubernetes.io/hostname + # ``` + # @type: string + affinity: null # Optional YAML string to specify tolerations. # @type: string @@ -2805,7 +2829,7 @@ terminatingGateways: # case of annotations where both will be applied. # @type: array gateways: - - name: terminating-gateway + - name: terminating-gateway # Configuration settings for the Consul API Gateway integration apiGateway: