hashicorp · nathancoleman · Apr 14, 2022 · Apr 13, 2022 · Apr 13, 2022 · Apr 13, 2022
@@ -1,5 +1,9 @@
 ## UNRELEASED
 
+BREAKING CHANGES:
+* Helm
+  * API Gateway: Re-use connectInject.consulNamespaces instead of requiring that apiGateway.consulNamespaces have the same value when ACLs are enabled. [[GH-1169](https://github.com/hashicorp/consul-k8s/pull/1169)]
+
 FEATURES:
 * Control Plane
     * Add a `"consul.hashicorp.com/kubernetes-service"` annotation for pods to specify which Kubernetes service they want to use for registration when multiple services target the same pod. [[GH-1150](https://github.com/hashicorp/consul-k8s/pull/1150)]

@@ -77,13 +77,13 @@ spec:
             -sds-server-host {{ template "consul.fullname" . }}-api-gateway-controller.{{ .Release.Namespace }}.svc \
             -k8s-namespace {{ .Release.Namespace }} \
             {{- if .Values.global.enableConsulNamespaces }}
-            {{- if .Values.apiGateway.consulNamespaces.consulDestinationNamespace }}
-            -consul-destination-namespace={{ .Values.apiGateway.consulNamespaces.consulDestinationNamespace }} \
+            {{- if .Values.connectInject.consulNamespaces.consulDestinationNamespace }}
+            -consul-destination-namespace={{ .Values.connectInject.consulNamespaces.consulDestinationNamespace }} \
             {{- end }}
-            {{- if .Values.apiGateway.consulNamespaces.mirroringK8S }}
+            {{- if .Values.connectInject.consulNamespaces.mirroringK8S }}
             -mirroring-k8s=true \
-            {{- if .Values.apiGateway.consulNamespaces.mirroringK8SPrefix }}
-            -mirroring-k8s-prefix={{ .Values.apiGateway.consulNamespaces.mirroringK8SPrefix }} \
+            {{- if .Values.connectInject.consulNamespaces.mirroringK8SPrefix }}
+            -mirroring-k8s-prefix={{ .Values.connectInject.consulNamespaces.mirroringK8SPrefix }} \
             {{- end }}
             {{- end }}
             {{- end }}

@@ -55,7 +55,7 @@ load _helpers
       --set 'apiGateway.enabled=true' \
       --set 'apiGateway.image=bar' \
       --set 'global.enableConsulNamespaces=true' \
-      --set 'apiGateway.consulNamespaces.mirroringK8S=true' \
+      --set 'connectInject.consulNamespaces.mirroringK8S=true' \
       . | tee /dev/stderr |
       yq '.spec.template.spec.containers[0].command | join(" ") | contains("-mirroring-k8s=true")' | tee /dev/stderr)
   [ "${actual}" = "true" ]
@@ -68,8 +68,8 @@ load _helpers
       --set 'apiGateway.enabled=true' \
       --set 'apiGateway.image=bar' \
       --set 'global.enableConsulNamespaces=true' \
-      --set 'apiGateway.consulNamespaces.mirroringK8S=true' \
-      --set 'apiGateway.consulNamespaces.mirroringK8SPrefix=foo' \
+      --set 'connectInject.consulNamespaces.mirroringK8S=true' \
+      --set 'connectInject.consulNamespaces.mirroringK8SPrefix=foo' \
       . | tee /dev/stderr |
       yq '.spec.template.spec.containers[0].command | join(" ") | contains("-mirroring-k8s-prefix=foo")' | tee /dev/stderr)
   [ "${actual}" = "true" ]

@@ -2636,32 +2636,6 @@ apiGateway:
       # @type: string
       service: null
 
-  # [Enterprise Only] These settings manage the API Gateway's interaction with
-  # Consul namespaces (requires consul-ent v1.7+).
-  # Also, `global.enableConsulNamespaces` must be true.
-  consulNamespaces:
-    # Name of the Consul namespace to register all
-    # k8s services into. If the Consul namespace does not already exist,
-    # it will be created. This will be ignored if `mirroringK8S` is true.
-    consulDestinationNamespace: "default"
-
-    # If true, k8s services will be registered into a Consul namespace
-    # of the same name as their k8s namespace, optionally prefixed if
-    # `mirroringK8SPrefix` is set below. If the Consul namespace does not
-    # already exist, it will be created. Turning this on overrides the
-    # `consulDestinationNamespace` setting.
-    # `addK8SNamespaceSuffix` may no longer be needed if enabling this option.
-    # If mirroring is enabled, avoid creating any Consul resources in the following 
-    # Kubernetes namespaces, as Consul currently reserves these namespaces for system use: 
-    # "system", "universal", "operator", "root". 
-    mirroringK8S: false
-
-    # If `mirroringK8S` is set to true, `mirroringK8SPrefix` allows each Consul namespace
-    # to be given a prefix. For example, if `mirroringK8SPrefix` is set to "k8s-", a
-    # service in the k8s `staging` namespace will be registered into the
-    # `k8s-staging` Consul namespace.
-    mirroringK8SPrefix: ""
-
   # Configuration for the ServiceAccount created for the api-gateway component
   serviceAccount:
     # This value defines additional annotations for the client service account. This should be formatted as a multi-line