Add partition support to ingress and terminating gateways (#728)

hashicorp · Sep 16, 2021 · 72e54a6 · 72e54a6
1 parent 7a1b80b
commit 72e54a6
Show file tree

Hide file tree

Showing 5 changed files with 122 additions and 12 deletions.
diff --git a/charts/consul/templates/ingress-gateways-deployment.yaml b/charts/consul/templates/ingress-gateways-deployment.yaml
@@ -1,6 +1,7 @@
 {{- if .Values.ingressGateways.enabled }}
 {{- if not .Values.connectInject.enabled }}{{ fail "connectInject.enabled must be true" }}{{ end -}}
 {{- if not .Values.client.grpc }}{{ fail "client.grpc must be true" }}{{ end -}}
+{{- if and .Values.global.adminPartitions.enabled (not .Values.global.enableConsulNamespaces) }}{{ fail "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" }}{{ end }}
 {{- if not (or (and (ne (.Values.client.enabled | toString) "-") .Values.client.enabled) (and (eq (.Values.client.enabled | toString) "-") .Values.global.enabled)) }}{{ fail "clients must be enabled" }}{{ end -}}
 {{- if .Values.global.lifecycleSidecarContainer }}{{ fail "global.lifecycleSidecarContainer has been renamed to global.consulSidecarContainer. Please set values using global.consulSidecarContainer." }}{{ end }}
 
@@ -217,6 +218,9 @@ spec:
                   {{- if $root.Values.global.enableConsulNamespaces }}
                   namespace = "{{ (default $defaults.consulNamespace .consulNamespace) }}"
                   {{- end }}
+                  {{- if $root.Values.global.adminPartitions.enabled }}
+                  partition = "{{ $root.Values.global.adminPartitions.name }}"
+                  {{- end }}
                   port = ${WAN_PORT}
                   address = "${WAN_ADDR}"
                   tagged_addresses {
@@ -340,6 +344,9 @@ spec:
             {{- if $root.Values.global.enableConsulNamespaces }}
             - -namespace={{ default $defaults.consulNamespace .consulNamespace }}
             {{- end }}
+            {{- if $root.Values.global.adminPartitions.enabled }}
+            - -partition={{ $root.Values.global.adminPartitions.name }}
+            {{- end }}
           livenessProbe:
             tcpSocket:
               port: 21000
@@ -374,6 +381,9 @@ spec:
                         {{- if $root.Values.global.enableConsulNamespaces }}
                         -namespace={{ default $defaults.consulNamespace .consulNamespace }} \
                         {{- end }}
+                        {{- if $root.Values.global.adminPartitions.enabled }}
+                        -partition={{ $root.Values.global.adminPartitions.name }} \
+                        {{- end }}
                         -id="${POD_NAME}"
 
         # consul-sidecar ensures the ingress gateway is always registered with

diff --git a/charts/consul/templates/terminating-gateways-deployment.yaml b/charts/consul/templates/terminating-gateways-deployment.yaml
@@ -1,6 +1,7 @@
 {{- if .Values.terminatingGateways.enabled }}
 {{- if not .Values.connectInject.enabled }}{{ fail "connectInject.enabled must be true" }}{{ end -}}
 {{- if not .Values.client.grpc }}{{ fail "client.grpc must be true" }}{{ end -}}
+{{- if and .Values.global.adminPartitions.enabled (not .Values.global.enableConsulNamespaces) }}{{ fail "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" }}{{ end }}
 {{- if not (or (and (ne (.Values.client.enabled | toString) "-") .Values.client.enabled) (and (eq (.Values.client.enabled | toString) "-") .Values.global.enabled)) }}{{ fail "clients must be enabled" }}{{ end -}}
 {{- if .Values.global.lifecycleSidecarContainer }}{{ fail "global.lifecycleSidecarContainer has been renamed to global.consulSidecarContainer. Please set values using global.consulSidecarContainer." }}{{ end }}
 
@@ -183,6 +184,9 @@ spec:
                   {{- if $root.Values.global.enableConsulNamespaces }}
                   namespace = "{{ (default $defaults.consulNamespace .consulNamespace) }}"
                   {{- end }}
+                  {{- if $root.Values.global.adminPartitions.enabled }}
+                  partition = "{{ $root.Values.global.adminPartitions.name }}"
+                  {{- end }}
                   address = "${POD_IP}"
                   port = 8443
                   {{- if (and $root.Values.global.metrics.enabled $root.Values.global.metrics.enableGatewayMetrics) }}
@@ -290,6 +294,9 @@ spec:
             {{- if $root.Values.global.enableConsulNamespaces }}
             - -namespace={{ default $defaults.consulNamespace .consulNamespace }}
             {{- end }}
+            {{- if $root.Values.global.adminPartitions.enabled }}
+            - -partition={{ $root.Values.global.adminPartitions.name }}
+            {{- end }}
           livenessProbe:
             tcpSocket:
               port: 8443
@@ -320,6 +327,9 @@ spec:
                       {{- if $root.Values.global.enableConsulNamespaces }}
                       -namespace={{ default $defaults.consulNamespace .consulNamespace }} \
                       {{- end }}
+                      {{- if $root.Values.global.adminPartitions.enabled }}
+                      -partition={{ $root.Values.global.adminPartitions.name }} \
+                      {{- end }}
                       -id="${POD_NAME}"
 
         # consul-sidecar ensures the terminating gateway is always registered with

diff --git a/charts/consul/test/unit/connect-inject-deployment.bats b/charts/consul/test/unit/connect-inject-deployment.bats
@@ -714,18 +714,6 @@ EOF
   [ "${actual}" = "true" ]
 }
 
-@test "connectInject/Deployment: partition name set with .global.adminPartitions.enabled=true" {
-  cd `chart_dir`
-  local actual=$(helm template \
-      -s templates/connect-inject-deployment.yaml  \
-      --set 'connectInject.enabled=true' \
-      --set 'global.adminPartitions.enabled=true' \
-      . | tee /dev/stderr |
-      yq '.spec.template.spec.containers[0].command | any(contains("partition-name=default"))' | tee /dev/stderr)
-
-  [ "${actual}" = "true" ]
-}
-
 @test "connectInject/Deployment: fails if namespaces are disabled and .global.adminPartitions.enabled=true" {
   cd `chart_dir`
   run helm template \

diff --git a/charts/consul/test/unit/ingress-gateways-deployment.bats b/charts/consul/test/unit/ingress-gateways-deployment.bats
@@ -1405,6 +1405,57 @@ EOF
   [ "${actual}" = "true" ]
 }
 
+#--------------------------------------------------------------------
+# partitions
+
+@test "ingressGateways/Deployment: partition command flag is not present by default" {
+  cd `chart_dir`
+  local object=$(helm template \
+      -s templates/ingress-gateways-deployment.yaml  \
+      --set 'ingressGateways.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq -s -r '.[0].spec.template.spec.containers[0]' | tee /dev/stderr)
+
+  local actual=$(echo $object | yq -r '.command | any(contains("-partition"))' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+
+  local actual=$(echo $object | yq -r '.lifecycle.preStop.exec.command | any(contains("-partition"))' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+}
+
+@test "ingressGateways/Deployment: partition command flag is specified through partition name" {
+  cd `chart_dir`
+  local object=$(helm template \
+      -s templates/ingress-gateways-deployment.yaml  \
+      --set 'ingressGateways.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      --set 'global.enableConsulNamespaces=true' \
+      --set 'global.adminPartitions.enabled=true' \
+      --set 'global.adminPartitions.name=default' \
+      . | tee /dev/stderr |
+      yq -s -r '.[0].spec.template.spec.containers[0]' | tee /dev/stderr)
+
+  local actual=$(echo $object | yq -r '.command | any(contains("-partition=default"))' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+
+  local actual=$(echo $object | yq -r '.lifecycle.preStop.exec.command | any(contains("-partition=default"))' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "ingressGateways/Deployment: fails if admin partitions are enabled but namespaces aren't" {
+  cd `chart_dir`
+    run helm template \
+        -s templates/ingress-gateways-deployment.yaml  \
+        --set 'ingressGateways.enabled=true' \
+        --set 'connectInject.enabled=true' \
+        --set 'global.enableConsulNamespaces=false' \
+        --set 'global.adminPartitions.enabled=true' .
+
+    [ "$status" -eq 1 ]
+    [[ "$output" =~ "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" ]]
+}
+
 #--------------------------------------------------------------------
 # multiple gateways
 

diff --git a/charts/consul/test/unit/terminating-gateways-deployment.bats b/charts/consul/test/unit/terminating-gateways-deployment.bats
@@ -1215,6 +1215,57 @@ EOF
   [ "${actual}" = "true" ]
 }
 
+#--------------------------------------------------------------------
+# partitions
+
+@test "terminatingGateways/Deployment: partition command flag is not present by default" {
+  cd `chart_dir`
+  local object=$(helm template \
+      -s templates/terminating-gateways-deployment.yaml  \
+      --set 'terminatingGateways.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq -s -r '.[0].spec.template.spec.containers[0]' | tee /dev/stderr)
+
+  local actual=$(echo $object | yq -r '.command | any(contains("-partition"))' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+
+  local actual=$(echo $object | yq -r '.lifecycle.preStop.exec.command | any(contains("-partition"))' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+}
+
+@test "terminatingGateways/Deployment: partition command flag is specified through partition name" {
+  cd `chart_dir`
+  local object=$(helm template \
+      -s templates/terminating-gateways-deployment.yaml  \
+      --set 'terminatingGateways.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      --set 'global.enableConsulNamespaces=true' \
+      --set 'global.adminPartitions.enabled=true' \
+      --set 'global.adminPartitions.name=default' \
+      . | tee /dev/stderr |
+      yq -s -r '.[0].spec.template.spec.containers[0]' | tee /dev/stderr)
+
+  local actual=$(echo $object | yq -r '.command | any(contains("-partition=default"))' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+
+  local actual=$(echo $object | yq -r '.lifecycle.preStop.exec.command | any(contains("-partition=default"))' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "terminatingGateways/Deployment: fails if admin partitions are enabled but namespaces aren't" {
+  cd `chart_dir`
+    run helm template \
+        -s templates/terminating-gateways-deployment.yaml  \
+        --set 'terminatingGateways.enabled=true' \
+        --set 'connectInject.enabled=true' \
+        --set 'global.enableConsulNamespaces=false' \
+        --set 'global.adminPartitions.enabled=true' .
+
+    [ "$status" -eq 1 ]
+    [[ "$output" =~ "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" ]]
+}
+
 #--------------------------------------------------------------------
 # multiple gateways