Change config specification (#213)

* Change config specification As it is right now, the specification of the config is done through an string. When using storage backends like PostgreSQL, the password for the database has to be included in the config variable of the values file. This change allows to specify the configuration through a map, making the chart GitOps friendly. Now, sensitive values can be stored in a different values file or passed on deployment time with --set. To have a very generic specification: - I've assumed that the combination stanza (eg. storage) name (eg. file) is unique. - Quoted values for all stanza parameters. I tested a generated configuration in a vault docker image and it seems to work just fine. * Change config format to json * Add conditional formatting * Add config for raft mode
2020-04-27 16:45:56 +02:00 · 2020-04-27 16:45:56 +02:00 · 0f36ee3a5b
commit 0f36ee3a5b
parent 1be24460f3
2 changed files with 14 additions and 3 deletions
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@ -83,7 +83,7 @@ defined a custom configuration.  Additionally iterates over any
 extra volumes the user may have specified (such as a secret with TLS).
 */}}
 {{- define "vault.volumes" -}}
-  {{- if and (ne .mode "dev") (or (ne .Values.server.standalone.config "")  (ne .Values.server.ha.config "")) }}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
        - name: config
          configMap:
            name: {{ template "vault.fullname" . }}-config
@ -150,7 +150,7 @@ based on the mode configured.
              mountPath: /vault/data
    {{ end }}
  {{ end }}
-  {{ if and (ne .mode "dev") (or (ne .Values.server.standalone.config "")  (ne .Values.server.ha.config "")) }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
            - name: config
              mountPath: /vault/config
  {{ end }}
--- a/templates/server-config-configmap.yaml
+++ b/templates/server-config-configmap.yaml
@ -1,7 +1,7 @@
 {{ template "vault.mode" . }}
 {{- if ne .mode "external" }}
 {{- if and (eq (.Values.global.enabled | toString) "true") (ne .mode "dev") -}}
-{{ if or (ne .Values.server.standalone.config "")  (ne .Values.server.ha.config "") -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@ -14,6 +14,9 @@ metadata:
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 data:
  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
    disable_mlock = true
  {{- if eq .mode "standalone" }}
    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
@ -22,6 +25,14 @@ data:
  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
 {{- end }}
 {{- end }}
 {{- end }}