feature: Support configuring various properties as YAML directly. (#565)

* feature: Support configuring various properties as YAML directly.
Supported properties include: pod tolerations, pod affinity, and node selectors.
This commit is contained in:
Ben Ash 2021-07-07 19:07:58 -04:00 committed by GitHub
parent 14d1f97edd
commit 1e4709cc46
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 172 additions and 33 deletions

1
.gitignore vendored
View file

@ -10,3 +10,4 @@ vaul-helm-dev-creds.json
./test/unit/vaul-helm-dev-creds.json
./test/acceptance/values.yaml
./test/acceptance/values.yml
.idea

View file

@ -4,6 +4,9 @@ CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
ACCEPTANCE_TESTS?=acceptance
# filter bats unit tests to run.
UNIT_TESTS_FILTER?='.*'
# Generate json schema for chart values. See test/README.md for more details.
values-schema:
helm schema-gen values.yaml > values.schema.json
@ -12,7 +15,7 @@ test-image:
@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
test-unit:
@docker run -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats /helm-test/test/unit
@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
test-bats: test-unit test-acceptance

View file

@ -224,7 +224,12 @@ Set's the affinity for pod placement when running in standalone and HA modes.
{{- define "vault.affinity" -}}
{{- if and (ne .mode "dev") .Values.server.affinity }}
affinity:
{{ tpl .Values.server.affinity . | nindent 8 | trim }}
{{ $tp := typeOf .Values.server.affinity }}
{{- if eq $tp "string" }}
{{- tpl .Values.server.affinity . | nindent 8 | trim }}
{{- else }}
{{- toYaml .Values.server.affinity | nindent 8 }}
{{- end }}
{{ end }}
{{- end -}}
@ -234,17 +239,27 @@ Sets the injector affinity for pod placement
{{- define "injector.affinity" -}}
{{- if .Values.injector.affinity }}
affinity:
{{ tpl .Values.injector.affinity . | nindent 8 | trim }}
{{ $tp := typeOf .Values.injector.affinity }}
{{- if eq $tp "string" }}
{{- tpl .Values.injector.affinity . | nindent 8 | trim }}
{{- else }}
{{- toYaml .Values.injector.affinity | nindent 8 }}
{{- end }}
{{ end }}
{{- end -}}
{{/*
Set's the toleration for pod placement when running in standalone and HA modes.
Sets the toleration for pod placement when running in standalone and HA modes.
*/}}
{{- define "vault.tolerations" -}}
{{- if and (ne .mode "dev") .Values.server.tolerations }}
tolerations:
{{- $tp := typeOf .Values.server.tolerations }}
{{- if eq $tp "string" }}
{{ tpl .Values.server.tolerations . | nindent 8 | trim }}
{{- else }}
{{- toYaml .Values.server.tolerations | nindent 8 }}
{{- end }}
{{- end }}
{{- end -}}
@ -254,7 +269,12 @@ Sets the injector toleration for pod placement
{{- define "injector.tolerations" -}}
{{- if .Values.injector.tolerations }}
tolerations:
{{- $tp := typeOf .Values.injector.tolerations }}
{{- if eq $tp "string" }}
{{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
{{- else }}
{{- toYaml .Values.injector.tolerations | nindent 8 }}
{{- end }}
{{- end }}
{{- end -}}
@ -264,7 +284,12 @@ Set's the node selector for pod placement when running in standalone and HA mode
{{- define "vault.nodeselector" -}}
{{- if and (ne .mode "dev") .Values.server.nodeSelector }}
nodeSelector:
{{ tpl .Values.server.nodeSelector . | indent 8 | trim }}
{{- $tp := typeOf .Values.server.nodeSelector }}
{{- if eq $tp "string" }}
{{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
{{- else }}
{{- toYaml .Values.server.nodeSelector | nindent 8 }}
{{- end }}
{{- end }}
{{- end -}}
@ -274,7 +299,12 @@ Sets the injector node selector for pod placement
{{- define "injector.nodeselector" -}}
{{- if .Values.injector.nodeSelector }}
nodeSelector:
{{ tpl .Values.injector.nodeSelector . | indent 8 | trim }}
{{- $tp := typeOf .Values.injector.nodeSelector }}
{{- if eq $tp "string" }}
{{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
{{- else }}
{{- toYaml .Values.injector.nodeSelector | nindent 8 }}
{{- end }}
{{- end }}
{{- end -}}
@ -519,7 +549,12 @@ Sets the injector toleration for pod placement
{{- define "csi.pod.tolerations" -}}
{{- if .Values.csi.pod.tolerations }}
tolerations:
{{- $tp := typeOf .Values.csi.pod.tolerations }}
{{- if eq $tp "string" }}
{{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
{{- else }}
{{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
{{- end }}
{{- end }}
{{- end -}}

View file

@ -246,7 +246,7 @@ load _helpers
[ "${actual}" = "true" ]
}
@test "csi/daemonset: tolerations can be set" {
@test "csi/daemonset: tolerations can be set as string" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/csi-daemonset.yaml \
@ -257,6 +257,17 @@ load _helpers
[ "${actual}" = "true" ]
}
@test "csi/daemonset: tolerations can be set as YAML" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/csi-daemonset.yaml \
--set 'csi.enabled=true' \
--set "csi.pod.tolerations[0].foo=bar,csi.pod.tolerations[1].baz=qux" \
. | tee /dev/stderr |
yq '.spec.template.spec.tolerations == [{"foo": "bar"}, {"baz": "qux"}]' | tee /dev/stderr)
[ "${actual}" = "true" ]
}
#--------------------------------------------------------------------
# volumes

View file

@ -432,7 +432,7 @@ load _helpers
[ "${actual}" = "false" ]
}
@test "injector/deployment: affinity can be set" {
@test "injector/deployment: affinity can be set as string" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/injector-deployment.yaml \
@ -442,6 +442,16 @@ load _helpers
[ "${actual}" = "true" ]
}
@test "injector/deployment: affinity can be set as YAML" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/injector-deployment.yaml \
--set 'injector.affinity.podAntiAffinity=foobar' \
. | tee /dev/stderr |
yq '.spec.template.spec.affinity.podAntiAffinity == "foobar"' | tee /dev/stderr)
[ "${actual}" = "true" ]
}
#--------------------------------------------------------------------
# tolerations
@ -454,7 +464,7 @@ load _helpers
[ "${actual}" = "true" ]
}
@test "injector/deployment: tolerations can be set" {
@test "injector/deployment: tolerations can be set as string" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/injector-deployment.yaml \
@ -464,6 +474,16 @@ load _helpers
[ "${actual}" = "true" ]
}
@test "injector/deployment: tolerations can be set as YAML" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/injector-deployment.yaml \
--set "injector.tolerations[0].foo=bar,injector.tolerations[1].baz=qux" \
. | tee /dev/stderr |
yq '.spec.template.spec.tolerations == [{"foo": "bar"}, {"baz": "qux"}]' | tee /dev/stderr)
[ "${actual}" = "true" ]
}
#--------------------------------------------------------------------
# nodeSelector
@ -476,7 +496,7 @@ load _helpers
[ "${actual}" = "null" ]
}
@test "injector/deployment: nodeSelector can be set" {
@test "injector/deployment: nodeSelector can be set as string" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/injector-deployment.yaml \
@ -486,6 +506,17 @@ load _helpers
[ "${actual}" = "testing" ]
}
@test "injector/deployment: nodeSelector can be set as YAML" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/injector-deployment.yaml \
--set "injector.nodeSelector.beta\.kubernetes\.io/arch=amd64" \
. | tee /dev/stderr |
yq '.spec.template.spec.nodeSelector == {"beta.kubernetes.io/arch": "amd64"}' | tee /dev/stderr)
[ "${actual}" = "true" ]
}
#--------------------------------------------------------------------
# priorityClassName

View file

@ -571,7 +571,7 @@ load _helpers
[ "${actual}" = "null" ]
}
@test "server/ha-StatefulSet: specified nodeSelector" {
@test "server/ha-StatefulSet: specified nodeSelector as string" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-statefulset.yaml \
@ -582,6 +582,17 @@ load _helpers
[ "${actual}" = "testing" ]
}
@test "server/ha-StatefulSet: nodeSelector can be set as YAML" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-statefulset.yaml \
--set 'server.ha.enabled=true' \
--set "server.nodeSelector.beta\.kubernetes\.io/arch=amd64" \
. | tee /dev/stderr |
yq '.spec.template.spec.nodeSelector == {"beta.kubernetes.io/arch": "amd64"}' | tee /dev/stderr)
[ "${actual}" = "true" ]
}
#--------------------------------------------------------------------
# Security Contexts
@test "server/ha-StatefulSet: uid default" {

View file

@ -738,7 +738,7 @@ load _helpers
[ "${actual}" = "true" ]
}
@test "server/standalone-StatefulSet: affinity can be set" {
@test "server/standalone-StatefulSet: affinity can be set as string" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-statefulset.yaml \
@ -748,6 +748,17 @@ load _helpers
[ "${actual}" = "true" ]
}
@test "server/standalone-StatefulSet: affinity can be set as YAML" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-statefulset.yaml \
--set 'server.affinity.podAntiAffinity=foobar' \
. | tee /dev/stderr |
yq '.spec.template.spec.affinity.podAntiAffinity == "foobar"' | tee /dev/stderr)
[ "${actual}" = "true" ]
}
@test "server/standalone-StatefulSet: tolerations not set by default" {
cd `chart_dir`
local actual=$(helm template \
@ -757,7 +768,7 @@ load _helpers
[ "${actual}" = "true" ]
}
@test "server/standalone-StatefulSet: tolerations can be set" {
@test "server/standalone-StatefulSet: tolerations can be set as string" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-statefulset.yaml \
@ -767,6 +778,16 @@ load _helpers
[ "${actual}" = "true" ]
}
@test "server/standalone-StatefulSet: tolerations can be set as YAML" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-statefulset.yaml \
--set "server.tolerations[0].foo=bar,server.tolerations[1].baz=qux" \
. | tee /dev/stderr |
yq '.spec.template.spec.tolerations == [{"foo": "bar"}, {"baz": "qux"}]' | tee /dev/stderr)
[ "${actual}" = "true" ]
}
@test "server/standalone-StatefulSet: nodeSelector is not set by default" {
cd `chart_dir`
local actual=$(helm template \
@ -776,7 +797,7 @@ load _helpers
[ "${actual}" = "null" ]
}
@test "server/standalone-StatefulSet: specified nodeSelector" {
@test "server/standalone-StatefulSet: specified nodeSelector as string" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-statefulset.yaml \
@ -786,6 +807,16 @@ load _helpers
[ "${actual}" = "testing" ]
}
@test "server/standalone-StatefulSet: nodeSelector can be set as YAML" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-statefulset.yaml \
--set "server.nodeSelector.beta\.kubernetes\.io/arch=amd64" \
. | tee /dev/stderr |
yq '.spec.template.spec.nodeSelector == {"beta.kubernetes.io/arch": "amd64"}' | tee /dev/stderr)
[ "${actual}" = "true" ]
}
#--------------------------------------------------------------------
# extraInitContainers

View file

@ -80,7 +80,11 @@
]
},
"tolerations": {
"type": ["null", "string"]
"type": [
"null",
"array",
"string"
]
}
}
},
@ -167,7 +171,10 @@
"type": "object",
"properties": {
"affinity": {
"type": "string"
"type": [
"object",
"string"
]
},
"agentDefaults": {
"type": "object",
@ -309,7 +316,11 @@
"type": "object"
},
"nodeSelector": {
"type": ["null", "string"]
"type": [
"null",
"object",
"string"
]
},
"objectSelector": {
"type": "object"
@ -343,6 +354,7 @@
"tolerations": {
"type": [
"null",
"array",
"string"
]
}
@ -352,7 +364,10 @@
"type": "object",
"properties": {
"affinity": {
"type": "string"
"type": [
"object",
"string"
]
},
"annotations": {
"type": [
@ -629,6 +644,7 @@
"nodeSelector": {
"type": [
"null",
"object",
"string"
]
},
@ -755,6 +771,7 @@
"tolerations": {
"type": [
"null",
"array",
"string"
]
},

View file

@ -151,8 +151,7 @@ injector:
# KUBERNETES_SERVICE_HOST: kubernetes.default.svc
# Affinity Settings for injector pods
# This should be a multi-line string matching the affinity section of a
# PodSpec.
# This can either be multi-line string or YAML matching the PodSpec's affinity field.
# Commenting out or setting as empty the affinity variable, will allow
# deployment of multiple replicas to single node services such as Minikube.
affinity: |
@ -166,16 +165,16 @@ injector:
topologyKey: kubernetes.io/hostname
# Toleration Settings for injector pods
# This should be a multi-line string matching the Toleration array
# This should be either a multi-line string or YAML matching the Toleration array
# in a PodSpec.
tolerations: null
tolerations: []
# nodeSelector labels for injector pod assignment, formatted as a muli-line string.
# nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
# Example:
# nodeSelector: |
# nodeSelector:
# beta.kubernetes.io/arch: amd64
nodeSelector: null
nodeSelector: {}
# Priority class for injector pods
priorityClassName: ""
@ -397,10 +396,10 @@ server:
# name: plugins
# readOnly: true
# Affinity Settings
# Commenting out or setting as empty the affinity variable, will allow
# deployment to single node services such as Minikube
# This should be either a multi-line string or YAML matching the PodSpec's affinity field.
affinity: |
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
@ -412,16 +411,16 @@ server:
topologyKey: kubernetes.io/hostname
# Toleration Settings for server pods
# This should be a multi-line string matching the Toleration array
# This should be either a multi-line string or YAML matching the Toleration array
# in a PodSpec.
tolerations: null
tolerations: []
# nodeSelector labels for server pod assignment, formatted as a muli-line string.
# nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
# Example:
# nodeSelector: |
# nodeSelector:
# beta.kubernetes.io/arch: amd64
nodeSelector: null
nodeSelector: {}
# Enables network policy for server pods
networkPolicy:
@ -753,9 +752,9 @@ csi:
annotations: {}
# Toleration Settings for provider pods
# This should be a multi-line string matching the Toleration array
# This should be either a multi-line string or YAML matching the Toleration array
# in a PodSpec.
tolerations: null
tolerations: []
serviceAccount:
# Extra annotations for the serviceAccount definition. This can either be