Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Standardize resource names across the helm chart #993

Merged
merged 4 commits into from
Jan 26, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ commands:
type: string
consul-k8s-image:
type: string
default: "docker.mirror.hashicorp.services/hashicorpdev/consul-k8s-control-plane:latest"
default: "ashwinvenkatesh/consul-k8s@sha256:33f14b9acffd2d403b45da9bb2330b84bb103caa7a700cda7619416f33d47f1a"
go-path:
type: string
default: "/home/circleci/.go_workspace"
Expand Down
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
## UNRELEASED

BREAKING CHANGES:
* Helm
* Some Consul components from the Helm chart have been renamed to ensure consistency in naming across the components.
This will not be a breaking change if Consul components are not referred to by name externally. Check the PR for the list of renamed components. [[GH-993](https://github.com/hashicorp/consul-k8s/pull/985)]

FEATURES:
* Helm
* Support Envoy 1.20.1. [[GH-958](https://github.com/hashicorp/consul-k8s/pull/958)]
Expand All @@ -11,6 +16,7 @@ IMPROVEMENTS:
* Support `ui.dashboardURLTemplates.service` value for setting [dashboard URL templates](https://www.consul.io/docs/agent/options#ui_config_dashboard_url_templates_service). [[GH-937](https://github.com/hashicorp/consul-k8s/pull/937)]
* Allow using dash-separated names for config entries when using `kubectl`. [[GH-965](https://github.com/hashicorp/consul-k8s/pull/965)]
* Support Pod Security Policies with Vault integration. [[GH-985](https://github.com/hashicorp/consul-k8s/pull/985)]
* Rename Consul resources to remove resource kind suffixes from the resource names to standardize resource names across the Helm chart. [[GH-993](https://github.com/hashicorp/consul-k8s/pull/985)]
* CLI
* Show a diff when upgrading a Consul installation on Kubernetes [[GH-934](https://github.com/hashicorp/consul-k8s/pull/934)]
* Control Plane
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "consul.fullname" . }}-connect-injector-authmethod-role
name: {{ template "consul.fullname" . }}-connect-injector
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "consul.fullname" . }}-connect-injector-authmethod-authdelegator-role-binding
name: {{ template "consul.fullname" . }}-connect-injector-authdelegator
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
Expand All @@ -16,13 +16,13 @@ roleRef:
name: "system:auth-delegator"
subjects:
- kind: ServiceAccount
name: {{ template "consul.fullname" . }}-connect-injector-authmethod-svc-account
name: {{ template "consul.fullname" . }}-connect-injector
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "consul.fullname" . }}-connect-injector-authmethod-serviceaccount-role-binding
name: {{ template "consul.fullname" . }}-connect-injector
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
Expand All @@ -31,10 +31,10 @@ metadata:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "consul.fullname" . }}-connect-injector-authmethod-role
name: {{ template "consul.fullname" . }}-connect-injector
subjects:
- kind: ServiceAccount
name: {{ template "consul.fullname" . }}-connect-injector-authmethod-svc-account
name: {{ template "consul.fullname" . }}-connect-injector
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "consul.fullname" . }}-connect-injector-authmethod-svc-account
name: {{ template "consul.fullname" . }}-connect-injector
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "consul.name" . }}
Expand Down
4 changes: 2 additions & 2 deletions charts/consul/templates/connect-inject-clusterrole.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "consul.fullname" . }}-connect-injector-webhook
name: {{ template "consul.fullname" . }}-connect-injector
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
Expand All @@ -30,7 +30,7 @@ rules:
- apiGroups: ["policy"]
resources: ["podsecuritypolicies"]
resourceNames:
- {{ template "consul.fullname" . }}-connect-injector-webhook
- {{ template "consul.fullname" . }}-connect-injector
verbs:
- use
{{- end }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "consul.fullname" . }}-connect-injector-webhook-admin-role-binding
name: {{ template "consul.fullname" . }}-connect-injector
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
Expand All @@ -12,9 +12,9 @@ metadata:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "consul.fullname" . }}-connect-injector-webhook
name: {{ template "consul.fullname" . }}-connect-injector
subjects:
- kind: ServiceAccount
name: {{ template "consul.fullname" . }}-connect-injector-webhook-svc-account
name: {{ template "consul.fullname" . }}-connect-injector
namespace: {{ .Release.Namespace }}
{{- end }}
4 changes: 2 additions & 2 deletions charts/consul/templates/connect-inject-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "consul.fullname" . }}-connect-injector-webhook-deployment
name: {{ template "consul.fullname" . }}-connect-injector
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "consul.name" . }}
Expand Down Expand Up @@ -50,7 +50,7 @@ spec:
{{- end }}
{{- end }}
spec:
serviceAccountName: {{ template "consul.fullname" . }}-connect-injector-webhook-svc-account
serviceAccountName: {{ template "consul.fullname" . }}-connect-injector
containers:
- name: sidecar-injector
image: "{{ default .Values.global.imageK8S .Values.connectInject.image }}"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,6 @@ roleRef:
name: {{ template "consul.fullname" . }}-connect-inject-leader-election
subjects:
- kind: ServiceAccount
name: {{ template "consul.fullname" . }}-connect-injector-webhook-svc-account
name: {{ template "consul.fullname" . }}-connect-injector
namespace: {{ .Release.Namespace }}
{{- end }}
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: {{ template "consul.fullname" . }}-connect-injector-cfg
name: {{ template "consul.fullname" . }}-connect-injector
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "consul.name" . }}
Expand All @@ -26,7 +26,7 @@ webhooks:
- "v1"
clientConfig:
service:
name: {{ template "consul.fullname" . }}-connect-injector-svc
name: {{ template "consul.fullname" . }}-connect-injector
namespace: {{ .Release.Namespace }}
path: "/mutate"
rules:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "consul.fullname" . }}-connect-injector-webhook
name: {{ template "consul.fullname" . }}-connect-injector
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "consul.name" . }}
Expand Down
2 changes: 1 addition & 1 deletion charts/consul/templates/connect-inject-service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "consul.fullname" . }}-connect-injector-svc
name: {{ template "consul.fullname" . }}-connect-injector
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "consul.name" . }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "consul.fullname" . }}-connect-injector-webhook-svc-account
name: {{ template "consul.fullname" . }}-connect-injector
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "consul.name" . }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: {{ template "consul.fullname" . }}-controller-mutating-webhook-configuration
name: {{ template "consul.fullname" . }}-controller
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "consul.name" . }}
Expand Down
2 changes: 1 addition & 1 deletion charts/consul/templates/enterprise-license-job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "consul.fullname" . }}-license
name: {{ template "consul.fullname" . }}-enterprise-license
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/managed-by: {{.Release.Service | quote }}
Expand Down
2 changes: 1 addition & 1 deletion charts/consul/templates/partition-init-role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ rules:
resources:
- serviceaccounts
resourceNames:
- {{ template "consul.fullname" . }}-connect-injector-authmethod-svc-account
- {{ template "consul.fullname" . }}-connect-injector
verbs:
- get
{{- end }}
Expand Down
2 changes: 1 addition & 1 deletion charts/consul/templates/partition-service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "consul.fullname" . }}-partition-service
name: {{ template "consul.fullname" . }}-partition
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "consul.name" . }}
Expand Down
2 changes: 1 addition & 1 deletion charts/consul/templates/server-acl-init-role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ rules:
resources:
- serviceaccounts
resourceNames:
- {{ template "consul.fullname" . }}-connect-injector-authmethod-svc-account
- {{ template "consul.fullname" . }}-connect-injector
verbs:
- get
{{- end }}
Expand Down
2 changes: 1 addition & 1 deletion charts/consul/templates/ui-ingress.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ apiVersion: networking.k8s.io/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ template "consul.fullname" . }}-ingress
name: {{ template "consul.fullname" . }}-ui
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "consul.name" . }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ rules:
resources:
- podsecuritypolicies
resourceNames:
- {{ template "consul.fullname" . }}-connect-injector-webhook
- {{ template "consul.fullname" . }}-connect-injector
verbs:
- use
{{- end }}
Expand Down
12 changes: 6 additions & 6 deletions charts/consul/templates/webhook-cert-manager-configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,19 +15,19 @@ data:
[
{{- if .Values.connectInject.enabled }}
{
"name": "{{ template "consul.fullname" . }}-connect-injector-cfg",
"name": "{{ template "consul.fullname" . }}-connect-injector",
"tlsAutoHosts": [
"{{ template "consul.fullname" . }}-connect-injector-svc",
"{{ template "consul.fullname" . }}-connect-injector-svc.{{ .Release.Namespace }}",
"{{ template "consul.fullname" . }}-connect-injector-svc.{{ .Release.Namespace }}.svc",
"{{ template "consul.fullname" . }}-connect-injector-svc.{{ .Release.Namespace }}.svc.cluster.local"
"{{ template "consul.fullname" . }}-connect-injector",
"{{ template "consul.fullname" . }}-connect-injector.{{ .Release.Namespace }}",
"{{ template "consul.fullname" . }}-connect-injector.{{ .Release.Namespace }}.svc",
"{{ template "consul.fullname" . }}-connect-injector.{{ .Release.Namespace }}.svc.cluster.local"
lkysow marked this conversation as resolved.
Show resolved Hide resolved
],
"secretName": "{{ template "consul.fullname" . }}-connect-inject-webhook-cert",
"secretNamespace": "{{ .Release.Namespace }}"
}{{- if and .Values.controller.enabled }},{{- end }}{{- end }}
{{- if and .Values.controller.enabled }}
{
"name": "{{ template "consul.fullname" . }}-controller-mutating-webhook-configuration",
"name": "{{ template "consul.fullname" . }}-controller",
"tlsAutoHosts": [
"{{ template "consul.fullname" . }}-controller-webhook",
"{{ template "consul.fullname" . }}-controller-webhook.{{ .Release.Namespace }}",
Expand Down
8 changes: 4 additions & 4 deletions charts/consul/test/unit/webhook-cert-manager-configmap.bats
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ load _helpers
local actual=$(echo $cfg | jq '. | length == 1')
[ "${actual}" = "true" ]

local actual=$(echo $cfg | jq '.[0].name | contains("controller-mutating-webhook-configuration")')
local actual=$(echo $cfg | jq '.[0].name | contains("controller")')
[ "${actual}" = "true" ]
}

Expand All @@ -68,7 +68,7 @@ load _helpers
local actual=$(echo $cfg | jq '. | length == 1')
[ "${actual}" = "true" ]

local actual=$(echo $cfg | jq '.[0].name | contains("controller-mutating-webhook-configuration")')
local actual=$(echo $cfg | jq '.[0].name | contains("controller")')
[ "${actual}" = "false" ]
}

Expand All @@ -85,9 +85,9 @@ load _helpers
local actual=$(echo $cfg | jq '. | length == 2')
[ "${actual}" = "true" ]

local actual=$(echo $cfg | jq '.[0].name | contains("connect-injector-cfg")')
local actual=$(echo $cfg | jq '.[0].name | contains("connect-injector")')
[ "${actual}" = "true" ]

local actual=$(echo $cfg | jq '.[1].name | contains("controller-mutating-webhook-configuration")')
local actual=$(echo $cfg | jq '.[1].name | contains("controller")')
[ "${actual}" = "true" ]
}
6 changes: 3 additions & 3 deletions control-plane/subcommand/server-acl-init/command_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2265,7 +2265,7 @@ func getBootToken(t *testing.T, k8s *fake.Clientset, prefix string, k8sNamespace
func setUpK8sServiceAccount(t *testing.T, k8s *fake.Clientset, namespace string) (string, string) {
// Create ServiceAccount for the kubernetes auth method if it doesn't exist,
// otherwise, do nothing.
serviceAccountName := resourcePrefix + "-connect-injector-authmethod-svc-account"
serviceAccountName := resourcePrefix + "-connect-injector"
sa, _ := k8s.CoreV1().ServiceAccounts(namespace).Get(context.Background(), serviceAccountName, metav1.GetOptions{})
if sa == nil {
// Create a service account that references two secrets.
Expand All @@ -2282,7 +2282,7 @@ func setUpK8sServiceAccount(t *testing.T, k8s *fake.Clientset, namespace string)
Name: resourcePrefix + "-some-other-secret",
},
{
Name: resourcePrefix + "-connect-injector-authmethod-svc-account",
Name: resourcePrefix + "-connect-injector",
},
},
},
Expand All @@ -2297,7 +2297,7 @@ func setUpK8sServiceAccount(t *testing.T, k8s *fake.Clientset, namespace string)
require.NoError(t, err)

// Create a Kubernetes secret if it doesn't exist, otherwise update it
secretName := resourcePrefix + "-connect-injector-authmethod-svc-account"
secretName := resourcePrefix + "-connect-injector"
secret := &v1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: secretName,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ func (c *Command) configureConnectInjectAuthMethod(consulClient *api.Client) err
func (c *Command) createAuthMethodTmpl(authMethodName string) (api.ACLAuthMethod, error) {
// Get the Secret name for the auth method ServiceAccount.
var authMethodServiceAccount *apiv1.ServiceAccount
saName := c.withPrefix("connect-injector-authmethod-svc-account")
saName := c.withPrefix("connect-injector")
err := c.untilSucceeds(fmt.Sprintf("getting %s ServiceAccount", saName),
func() error {
var err error
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ func TestCommand_createAuthMethodTmpl_SecretNotFound(t *testing.T) {
ctx: ctx,
}

serviceAccountName := resourcePrefix + "-connect-injector-authmethod-svc-account"
secretName := resourcePrefix + "-connect-injector-authmethod-svc-account"
serviceAccountName := resourcePrefix + "-connect-injector"
secretName := resourcePrefix + "-connect-injector"

// Create a service account referencing secretName
sa, _ := k8s.CoreV1().ServiceAccounts(ns).Get(ctx, serviceAccountName, metav1.GetOptions{})
Expand Down Expand Up @@ -65,5 +65,5 @@ func TestCommand_createAuthMethodTmpl_SecretNotFound(t *testing.T) {
require.NoError(t, err)

_, err = cmd.createAuthMethodTmpl("test")
require.EqualError(t, err, "found no secret of type 'kubernetes.io/service-account-token' associated with the release-name-consul-connect-injector-authmethod-svc-account service account")
require.EqualError(t, err, "found no secret of type 'kubernetes.io/service-account-token' associated with the release-name-consul-connect-injector service account")
}