injector: ability to set deployment update strategy (continued) (#661)

Co-authored-by: Jason Hancock <jhancock@netskope.com>

CHANGELOG.md

@@ -3,6 +3,7 @@
 Features:
 * Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
 * Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
 
 ## 0.18.0 (November 17th, 2021)
 

templates/_helpers.tpl

@@ -308,6 +308,21 @@ Sets the injector node selector for pod placement
   {{- end }}
 {{- end -}}
 
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
 {{/*
 Sets extra pod annotations
 */}}

templates/injector-deployment.yaml

@@ -17,6 +17,7 @@ spec:
       app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
       app.kubernetes.io/instance: {{ .Release.Name }}
       component: webhook
+  {{ template "injector.strategy" . }}
   template:
     metadata:
       labels:

test/unit/injector-deployment.bats

@@ -721,3 +721,32 @@ load _helpers
       yq -r 'map(select(.name=="AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL")) | .[] .value' | tee /dev/stderr)
   [ "${value}" = "1m" ]
 }
+
+@test "injector/deployment: strategy default" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/injector-deployment.yaml  \
+      . | tee /dev/stderr |
+      yq -r '.spec.strategy' | tee /dev/stderr)
+  [ "${actual}" = "null" ]
+}
+
+@test "injector/deployment: strategy set as string" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/injector-deployment.yaml  \
+      --set="injector.strategy=testing"  \
+      . | tee /dev/stderr |
+      yq -r '.spec.strategy' | tee /dev/stderr)
+  [ "${actual}" = "testing" ]
+}
+
+@test "injector/deployment: strategy can be set as YAML" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/injector-deployment.yaml \
+      --set 'injector.strategy.rollingUpdate.maxUnavailable=1' \
+      . | tee /dev/stderr |
+      yq -r '.spec.strategy.rollingUpdate.maxUnavailable' | tee /dev/stderr)
+  [ "${actual}" = "1" ]
+}

values.schema.json

@@ -349,6 +349,12 @@
                         }
                     }
                 },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
                 "tolerations": {
                     "type": [
                         "null",

values.yaml

@@ -205,6 +205,15 @@ injector:
   # podDisruptionBudget:
   #   maxUnavailable: 1
 
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+
 server:
   # If not set to true, Vault server will not be installed. See vault.mode in _helpers.tpl for implementation details
   enabled: true