partitions

hashicorp · Feb 7, 2022 · a28f01f · a28f01f
1 parent f4d1a89
commit a28f01f
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/charts/consul/templates/controller-deployment.yaml b/charts/consul/templates/controller-deployment.yaml
@@ -84,6 +84,10 @@ spec:
           - |
             consul-k8s-control-plane acl-init \
               -acl-auth-method="{{ template "consul.fullname" . }}-k8s-component-auth-method" \
+              {{- if .Values.global.adminPartitions.enabled }}
+              -enable-partitions=true \
+              -partition={{ .Values.global.adminPartitions.name }} \
+              {{- end }}
               -k8s-namespace={{ .Release.Namespace }}
         resources:
           requests:

diff --git a/control-plane/subcommand/acl-init/command.go b/control-plane/subcommand/acl-init/command.go
@@ -61,6 +61,10 @@ type Command struct {
 	flagK8SNSMirroringPrefix       string // Prefix added to Consul namespaces created when mirroring
 	flagCrossNamespaceACLPolicy    string // The name of the ACL policy to add to every created namespace if ACLs are enabled
 
+	// Flags to support partitions.
+	flagEnablePartitions bool   // true if Admin Partitions are enabled
+	flagPartitionName    string // name of the Admin Partition
+
 	bearerTokenFile string // Location of the bearer token. Default is /var/run/secrets/kubernetes.io/serviceaccount/token.
 	tokenSinkFile   string // Location to write the output token. Default is defaultTokenSinkFile.
 
@@ -109,6 +113,10 @@ func (c *Command) init() {
 	c.flags.StringVar(&c.flagCrossNamespaceACLPolicy, "consul-cross-namespace-acl-policy", "",
 		"[Enterprise Only] Name of the ACL policy to attach to all created Consul namespaces to allow service "+
 			"discovery across Consul namespaces. Only necessary if ACLs are enabled.")
+	c.flags.BoolVar(&c.flagEnablePartitions, "enable-partitions", false,
+		"[Enterprise Only] Enables Admin Partitions")
+	c.flags.StringVar(&c.flagPartitionName, "partition", "",
+		"[Enterprise Only] Name of the Admin Partition")
 
 	if c.bearerTokenFile == "" {
 		c.bearerTokenFile = defaultBearerTokenFile
@@ -163,6 +171,9 @@ func (c *Command) Run(args []string) int {
 
 	if c.flagACLAuthMethod != "" {
 		cfg := api.DefaultConfig()
+		if c.flagEnablePartitions {
+			cfg.Partition = c.flagPartitionName
+		}
 		c.http.MergeOntoConfig(cfg)
 		if c.consulClient == nil {
 			c.consulClient, err = consul.NewClient(cfg)