hashicorp · thisisnotashwin · Oct 29, 2021 · Oct 21, 2021 · Oct 26, 2021 · Oct 27, 2021
@@ -0,0 +1,10 @@
+apiVersion: consul.hashicorp.com/v1alpha1
+kind: ServiceExports
+metadata:
+  name: exports
+spec:
+  services:
+  - name: frontend
+    namespace: frontend
+    consumers:
+    - partition: other
@@ -1,5 +1,5 @@
 resources:
-  - ../../bases/static-client
+  - ../../../bases/static-client
 
 patchesStrategicMerge:
   - patch.yaml
@@ -0,0 +1,10 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: static-client
+spec:
+  template:
+    metadata:
+      annotations:
+        "consul.hashicorp.com/connect-inject": "true"
+        "consul.hashicorp.com/connect-service-upstreams": "static-server.default.default:1234"
@@ -0,0 +1,5 @@
+resources:
+  - ../../../bases/static-client
+
+patchesStrategicMerge:
+  - patch.yaml
@@ -0,0 +1,5 @@
+resources:
+  - ../../../bases/static-client
+
+patchesStrategicMerge:
+  - patch.yaml
@@ -0,0 +1,10 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: static-client
+spec:
+  template:
+    metadata:
+      annotations:
+        "consul.hashicorp.com/connect-inject": "true"
+        "consul.hashicorp.com/connect-service-upstreams": "static-server.ns1.default:1234"
@@ -0,0 +1,5 @@
+resources:
+  - ../../../bases/static-client
+
+patchesStrategicMerge:
+  - patch.yaml
@@ -0,0 +1,10 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: static-client
+spec:
+  template:
+    metadata:
+      annotations:
+        "consul.hashicorp.com/connect-inject": "true"
+        "consul.hashicorp.com/connect-service-upstreams": "static-server.ns1.secondary:1234"
@@ -7,6 +7,7 @@
 {{- if .Values.global.lifecycleSidecarContainer }}{{ fail "global.lifecycleSidecarContainer has been renamed to global.consulSidecarContainer. Please set values using global.consulSidecarContainer." }}{{ end }}
 {{- /* The below test checks if clients are disabled (and if so, fails). We use the conditional from other client files and prepend 'not' */ -}}
 {{- if not (or (and (ne (.Values.client.enabled | toString) "-") .Values.client.enabled) (and (eq (.Values.client.enabled | toString) "-") .Values.global.enabled)) }}{{ fail "clients must be enabled" }}{{ end -}}
+{{- if and .Values.global.adminPartitions.enabled (not .Values.global.enableConsulNamespaces) }}{{ fail "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" }}{{ end }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -185,6 +186,9 @@ spec:
                   {{- end }}
                   port = {{ .Values.meshGateway.containerPort }}
                   address = "${POD_IP}"
+                  {{- if .Values.global.adminPartitions.enabled }}
+                  partition = "{{ .Values.global.adminPartitions.name }}"
+                  {{- end }}
                   tagged_addresses {
                     lan {
                       address = "${POD_IP}"
@@ -291,6 +295,9 @@ spec:
             - connect
             - envoy
             - -mesh-gateway
+            {{- if .Values.global.adminPartitions.enabled }}
+            - -partition={{ .Values.global.adminPartitions.name }}
+            {{- end }}
           livenessProbe:
             tcpSocket:
               port: {{ .Values.meshGateway.containerPort }}

@@ -1475,3 +1475,59 @@ EOF
   [ "$status" -eq 1 ]
   [[ "$output" =~ "meshGateway.globalMode is no longer supported; instead, you must migrate to CRDs (see www.consul.io/docs/k8s/crds/upgrade-to-crds)" ]]
 }
+
+#--------------------------------------------------------------------
+# partitions
+
+@test "meshGateway/Deployment: partitions options disabled by default" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/mesh-gateway-deployment.yaml  \
+      --set 'meshGateway.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      --set 'global.enableConsulNamespaces=true' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.containers[0].command | any(contains("partition"))' | tee /dev/stderr)
+
+  [ "${actual}" = "false" ]
+}
+
+@test "meshGateway/Deployment: partition name set on initContainer with .global.adminPartitions.enabled=true" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/mesh-gateway-deployment.yaml  \
+      --set 'meshGateway.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      --set 'global.adminPartitions.enabled=true' \
+      --set 'global.enableConsulNamespaces=true' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.initContainers[1].command | any(contains("partition = \"default\""))' | tee /dev/stderr)
+
+  [ "${actual}" = "true" ]
+}
+
+@test "meshGateway/Deployment: partition name set on container with .global.adminPartitions.enabled=true" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/mesh-gateway-deployment.yaml  \
+      --set 'meshGateway.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      --set 'global.adminPartitions.enabled=true' \
+      --set 'global.enableConsulNamespaces=true' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.containers[0].command | any(contains("partition=default"))' | tee /dev/stderr)
+
+  [ "${actual}" = "true" ]
+}
+
+@test "meshGateway/Deployment: fails if namespaces are disabled and .global.adminPartitions.enabled=true" {
+  cd `chart_dir`
+  run helm template \
+      -s templates/mesh-gateway-deployment.yaml  \
+      --set 'connectInject.enabled=true' \
+      --set 'global.adminPartitions.enabled=true' \
+      --set 'global.enableConsulNamespaces=false' \
+      --set 'meshGateway.enabled=true' .
+  [ "$status" -eq 1 ]
+  [[ "$output" =~ "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" ]]
+}