From 0f36ee3a5b536e7b3541a7353b21ef34c0e70ab2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Moreno=20Garc=C3=ADa?= Date: Mon, 27 Apr 2020 16:45:56 +0200 Subject: [PATCH] Change config specification (#213) * Change config specification As it is right now, the specification of the config is done through an string. When using storage backends like PostgreSQL, the password for the database has to be included in the config variable of the values file. This change allows to specify the configuration through a map, making the chart GitOps friendly. Now, sensitive values can be stored in a different values file or passed on deployment time with --set. To have a very generic specification: - I've assumed that the combination stanza (eg. storage) name (eg. file) is unique. - Quoted values for all stanza parameters. I tested a generated configuration in a vault docker image and it seems to work just fine. * Change config format to json * Add conditional formatting * Add config for raft mode --- templates/_helpers.tpl | 4 ++-- templates/server-config-configmap.yaml | 13 ++++++++++++- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 89d23d8..12a006a 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -83,7 +83,7 @@ defined a custom configuration. Additionally iterates over any extra volumes the user may have specified (such as a secret with TLS). */}} {{- define "vault.volumes" -}} - {{- if and (ne .mode "dev") (or (ne .Values.server.standalone.config "") (ne .Values.server.ha.config "")) }} + {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - name: config configMap: name: {{ template "vault.fullname" . }}-config @@ -150,7 +150,7 @@ based on the mode configured. mountPath: /vault/data {{ end }} {{ end }} - {{ if and (ne .mode "dev") (or (ne .Values.server.standalone.config "") (ne .Values.server.ha.config "")) }} + {{ if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }} - name: config mountPath: /vault/config {{ end }} diff --git a/templates/server-config-configmap.yaml b/templates/server-config-configmap.yaml index 6e05850..b8093ad 100644 --- a/templates/server-config-configmap.yaml +++ b/templates/server-config-configmap.yaml @@ -1,7 +1,7 @@ {{ template "vault.mode" . }} {{- if ne .mode "external" }} {{- if and (eq (.Values.global.enabled | toString) "true") (ne .mode "dev") -}} -{{ if or (ne .Values.server.standalone.config "") (ne .Values.server.ha.config "") -}} +{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}} apiVersion: v1 kind: ConfigMap metadata: @@ -14,6 +14,9 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} data: extraconfig-from-values.hcl: |- + {{- if or (eq .mode "ha") (eq .mode "standalone") }} + {{- $type := typeOf (index .Values.server .mode).config }} + {{- if eq $type "string" }} disable_mlock = true {{- if eq .mode "standalone" }} {{ tpl .Values.server.standalone.config . | nindent 4 | trim }} @@ -22,6 +25,14 @@ data: {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }} {{ end }} + {{- else }} + {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }} +{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }} + {{- else }} +{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }} + {{- end }} + {{- end }} + {{- end }} {{- end }} {{- end }} {{- end }}