Support global.name

There was a previously undocumented setting `fullnameOverride` that
would allow controlling the prefix added to each resource. There were
some places where this wasn't being used. Specifically in our
clusterrole's and when running server-acl-init.

This change fixes those locations and utilizes a new flag in
server-acl-init that will respect the override.

It also adds a new value: `global.name` and documents this
value. This value is the same as the `fullnameOverride` value, but it
lives under the global key which fits with the rest of our config
management philosophy (i.e. config that affects the whole chart lives
under the global key).

templates/_helpers.tpl

@@ -1,12 +1,14 @@
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to
-this (by the DNS naming spec). If release name contains chart name it will
-be used as a full name.
+this (by the DNS naming spec). Supports the legacy fullnameOverride setting
+as well as the global.name setting.
 */}}
 {{- define "consul.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else if .Values.global.name -}}
+{{- .Values.global.name | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}

templates/client-clusterrole.yaml

@@ -23,7 +23,7 @@ rules:
     resources:
       - secrets
     resourceNames:
-      - {{ .Release.Name }}-consul-client-acl-token
+      - {{ template "consul.fullname" . }}-client-acl-token
     verbs:
       - get
 {{- end }}

templates/client-daemonset.yaml

@@ -228,7 +228,7 @@ spec:
           - "-ec"
           - |
             consul-k8s acl-init \
-              -secret-name="{{ .Release.Name }}-consul-client-acl-token" \
+              -secret-name="{{ template "consul.fullname" . }}-client-acl-token" \
               -k8s-namespace={{ .Release.Namespace }} \
               -init-type="client"
         volumeMounts:

templates/client-snapshot-agent-clusterrole.yaml

@@ -27,7 +27,7 @@ rules:
     resources:
       - secrets
     resourceNames:
-      - {{ .Release.Name }}-consul-client-snapshot-agent-acl-token
+      - {{ template "consul.fullname" . }}-client-snapshot-agent-acl-token
     verbs:
       - get
 {{- end }}

templates/client-snapshot-agent-deployment.yaml

@@ -65,7 +65,7 @@ spec:
             - name: CONSUL_HTTP_TOKEN
               valueFrom:
                 secretKeyRef:
-                  name: "{{ .Release.Name }}-consul-client-snapshot-agent-acl-token"
+                  name: "{{ template "consul.fullname" . }}-client-snapshot-agent-acl-token"
                   key: "token"
             {{- end}}
           command:
@@ -101,7 +101,7 @@ spec:
           - "-ec"
           - |
             consul-k8s acl-init \
-              -secret-name="{{ .Release.Name }}-consul-client-snapshot-agent-acl-token" \
+              -secret-name="{{ template "consul.fullname" . }}-client-snapshot-agent-acl-token" \
               -k8s-namespace={{ .Release.Namespace }} \
               -init-type="sync"
         volumeMounts:

templates/connect-inject-deployment.yaml

@@ -57,7 +57,7 @@ spec:
                 {{- if .Values.connectInject.overrideAuthMethodName }}
                 -acl-auth-method="{{ .Values.connectInject.overrideAuthMethodName }}" \
                 {{ else if .Values.global.bootstrapACLs }}
-                -acl-auth-method="{{ .Release.Name }}-consul-k8s-auth-method" \
+                -acl-auth-method="{{ template "consul.fullname" . }}-k8s-auth-method" \
                 {{- end }}
                 {{- if .Values.connectInject.centralConfig.enabled }}
                 -enable-central-config=true \

templates/enterprise-license-clusterrole.yaml

@@ -16,7 +16,7 @@ rules:
     resources:
       - secrets
     resourceNames:
-      - {{ .Release.Name }}-consul-enterprise-license-acl-token
+      - {{ template "consul.fullname" . }}-enterprise-license-acl-token
     verbs:
       - get
 {{- end }}

templates/enterprise-license.yaml

@@ -48,7 +48,7 @@ spec:
             - name: CONSUL_HTTP_TOKEN
               valueFrom:
                 secretKeyRef:
-                  name: "{{ .Release.Name }}-consul-enterprise-license-acl-token"
+                  name: "{{ template "consul.fullname" . }}-enterprise-license-acl-token"
                   key: "token"
             {{- end}}
           command: 
@@ -65,7 +65,7 @@ spec:
           - "-ec"
           - |
             consul-k8s acl-init \
-              -secret-name="{{ .Release.Name }}-consul-enterprise-license-acl-token" \
+              -secret-name="{{ template "consul.fullname" . }}-enterprise-license-acl-token" \
               -k8s-namespace={{ .Release.Namespace }} \
               -init-type="sync"
       {{- end }}

templates/mesh-gateway-clusterrole.yaml

@@ -24,7 +24,7 @@ rules:
     resources:
       - secrets
     resourceNames:
-      - {{ .Release.Name }}-consul-mesh-gateway-acl-token
+      - {{ template "consul.fullname" . }}-mesh-gateway-acl-token
     verbs:
       - get
 {{- end }}

templates/mesh-gateway-deployment.yaml

@@ -78,7 +78,7 @@ spec:
             - "-ec"
             - |
               consul-k8s acl-init \
-                -secret-name="{{ .Release.Name }}-consul-mesh-gateway-acl-token" \
+                -secret-name="{{ template "consul.fullname" . }}-mesh-gateway-acl-token" \
                 -k8s-namespace={{ .Release.Namespace }} \
                 -init-type="sync"
         {{- end }}
@@ -111,7 +111,7 @@ spec:
             - name: CONSUL_HTTP_TOKEN
               valueFrom:
                 secretKeyRef:
-                  name: "{{ .Release.Name }}-consul-mesh-gateway-acl-token"
+                  name: "{{ template "consul.fullname" . }}-mesh-gateway-acl-token"
                   key: "token"
             {{- end}}
           command:

templates/server-acl-init-job.yaml

@@ -45,7 +45,8 @@ spec:
             - "-ec"
             - |
               consul-k8s server-acl-init \
-                -release-name={{ .Release.Name }} \
+                -server-label-selector=component=server,app={{ template "consul.name" . }},release={{ .Release.Name }} \
+                -resource-prefix={{ template "consul.fullname" . }} \
                 -k8s-namespace={{ .Release.Namespace }} \
                 {{- if .Values.syncCatalog.enabled }}
                 -create-sync-token=true \

templates/sync-catalog-clusterrole.yaml

@@ -34,7 +34,7 @@ rules:
     resources:
       - secrets
     resourceNames:
-      - {{ .Release.Name }}-consul-catalog-sync-acl-token
+      - {{ template "consul.fullname" . }}-catalog-sync-acl-token
     verbs:
       - get
 {{- end }}

templates/sync-catalog-deployment.yaml

@@ -52,7 +52,7 @@ spec:
             - name: CONSUL_HTTP_TOKEN
               valueFrom:
                 secretKeyRef:
-                  name: "{{ .Release.Name }}-consul-catalog-sync-acl-token"
+                  name: "{{ template "consul.fullname" . }}-catalog-sync-acl-token"
                   key: "token"
             {{- end}}
           command:
@@ -126,7 +126,7 @@ spec:
           - "-ec"
           - |
             consul-k8s acl-init \
-              -secret-name="{{ .Release.Name }}-consul-catalog-sync-acl-token" \
+              -secret-name="{{ template "consul.fullname" . }}-catalog-sync-acl-token" \
               -k8s-namespace={{ .Release.Namespace }} \
               -init-type="sync"
       {{- end }}

values.yaml

@@ -10,6 +10,10 @@ global:
   # opt-in is required, such as by setting `server.enabled` to true.
   enabled: true
 
+  # name sets the prefix used for all resources in the helm chart.
+  # If not set, the prefix will be "<helm release name>-consul".
+  name: null
+
   # domain is the domain Consul will answer DNS queries for
   # (see https://www.consul.io/docs/agent/options.html#_domain) and the domain
   # services synced from Consul into Kubernetes will have,