diff --git a/templates/sync-catalog-deployment.yaml b/templates/sync-catalog-deployment.yaml new file mode 100644 index 0000000..6568cb9 --- /dev/null +++ b/templates/sync-catalog-deployment.yaml @@ -0,0 +1,54 @@ +# The deployment for running the Connect sidecar injector +{{- if (or (and (ne (.Values.syncCatalog.enabled | toString) "-") .Values.syncCatalog.enabled) (and (eq (.Values.syncCatalog.enabled | toString) "-") .Values.global.enabled)) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "consul.fullname" . }}-sync-catalog + labels: + app: {{ template "consul.name" . }} + chart: {{ template "consul.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "consul.name" . }} + chart: {{ template "consul.chart" . }} + release: {{ .Release.Name }} + component: sync-catalog + template: + metadata: + labels: + app: {{ template "consul.name" . }} + chart: {{ template "consul.chart" . }} + release: {{ .Release.Name }} + component: sync-catalog + spec: + containers: + - name: consul-sync-catalog + image: "{{ .Values.syncCatalog.image }}" + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + command: + - "/bin/sh" + - "-ec" + - | + consul-k8s sync-catalog \ + -http-addr=${HOST_IP}:8500 \ + {{- if (not .Values.syncCatalog.toConsul) }} + -to-consul=false \ + {{- end }} + {{- if (not .Values.syncCatalog.toK8S) }} + -to-k8s=false \ + {{- end }} + -consul-domain={{ .Values.global.domain }} \ + -k8s-write-namespace=${NAMESPACE} +{{- end }} diff --git a/test/unit/sync-catalog-deployment.bats b/test/unit/sync-catalog-deployment.bats new file mode 100755 index 0000000..842b94c --- /dev/null +++ b/test/unit/sync-catalog-deployment.bats @@ -0,0 +1,101 @@ +#!/usr/bin/env bats + +load _helpers + +@test "syncCatalog/Deployment: enabled by default" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/sync-catalog-deployment.yaml \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "syncCatalog/Deployment: enable with global.enabled false" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/sync-catalog-deployment.yaml \ + --set 'global.enabled=false' \ + --set 'syncCatalog.enabled=true' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "syncCatalog/Deployment: disable with syncCatalog.enabled" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/sync-catalog-deployment.yaml \ + --set 'syncCatalog.enabled=false' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "syncCatalog/Deployment: disable with global.enabled" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/sync-catalog-deployment.yaml \ + --set 'global.enabled=false' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +#-------------------------------------------------------------------- +# toConsul and toK8S + +@test "syncCatalog/Deployment: bidirectional by default" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/sync-catalog-deployment.yaml \ + --set 'syncCatalog.enabled=true' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command | any(contains("-to-consul"))' | tee /dev/stderr) + [ "${actual}" = "false" ] + + local actual=$(helm template \ + -x templates/sync-catalog-deployment.yaml \ + --set 'syncCatalog.enabled=true' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command | any(contains("-to-k8s"))' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "syncCatalog/Deployment: to-k8s only" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/sync-catalog-deployment.yaml \ + --set 'syncCatalog.enabled=true' \ + --set 'syncCatalog.toConsul=false' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command | any(contains("-to-consul=false"))' | tee /dev/stderr) + [ "${actual}" = "true" ] + + local actual=$(helm template \ + -x templates/sync-catalog-deployment.yaml \ + --set 'syncCatalog.enabled=true' \ + --set 'syncCatalog.toConsul=false' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command | any(contains("-to-k8s"))' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "syncCatalog/Deployment: to-consul only" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/sync-catalog-deployment.yaml \ + --set 'syncCatalog.enabled=true' \ + --set 'syncCatalog.toK8S=false' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command | any(contains("-to-k8s=false"))' | tee /dev/stderr) + [ "${actual}" = "true" ] + + local actual=$(helm template \ + -x templates/sync-catalog-deployment.yaml \ + --set 'syncCatalog.enabled=true' \ + --set 'syncCatalog.toK8S=false' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command | any(contains("-to-consul"))' | tee /dev/stderr) + [ "${actual}" = "false" ] +} diff --git a/values.yaml b/values.yaml index 925277d..4c0bdc4 100644 --- a/values.yaml +++ b/values.yaml @@ -125,6 +125,24 @@ ui: enabled: true type: null +# syncCatalog will run the catalog sync process to sync K8S with Consul +# services. This can run bidirectional (default) or unidirectionally (Consul +# to K8S or K8S to Consul only). +# +# This process assumes that a Consul agent is available on the host IP. +# This is done automatically if clients are enabled. If clients are not +# enabled then set the node selection so that it chooses a node with a +# Consul agent. +syncCatalog: + # True if you want to enable the catalog sync. "-" for default. + enabled: "-" + image: null + + # toConsul and toK8S control whether syncing is enabled to Consul or K8S + # as a destination. If both of these are disabled, the sync will do nothing. + toConsul: true + toK8S: true + # ConnectInject will enable the automatic Connect sidecar injector. connectInject: enabled: false # "-" disable this by default for now until the image is public