Add ingress/route configurable to specify active/general service (#570)

* Add ingress/route configurable to specify active/general service

* Update test/unit/server-ingress.bats

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* values.schema.json

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
This commit is contained in:
Jason O'Donnell 2021-07-15 14:15:46 -04:00 committed by GitHub
parent a0d7b84ec2
commit 255cdc7d26
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 109 additions and 37 deletions

View file

@ -4,7 +4,7 @@
{{- if .Values.server.ingress.enabled -}}
{{- $extraPaths := .Values.server.ingress.extraPaths -}}
{{- $serviceName := include "vault.fullname" . -}}
{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }}
{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.ingress.activeService | toString) "true") }}
{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
{{- end }}
{{- $servicePort := .Values.server.service.port -}}

View file

@ -1,33 +1,33 @@
{{- if .Values.global.openshift }}
{{- if ne .mode "external" }}
{{- if .Values.server.route.enabled -}}
{{- $serviceName := include "vault.fullname" . -}}
{{- if eq .mode "ha" }}
{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
{{- end }}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: {{ template "vault.fullname" . }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.server.route.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- template "vault.route.annotations" . }}
spec:
host: {{ .Values.server.route.host }}
to:
kind: Service
name: {{ $serviceName }}
weight: 100
port:
targetPort: 8200
tls:
termination: passthrough
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.global.openshift }}
{{- if ne .mode "external" }}
{{- if .Values.server.route.enabled -}}
{{- $serviceName := include "vault.fullname" . -}}
{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
{{- end }}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: {{ template "vault.fullname" . }}
labels:
helm.sh/chart: {{ include "vault.chart" . }}
app.kubernetes.io/name: {{ include "vault.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.server.route.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- template "vault.route.annotations" . }}
spec:
host: {{ .Values.server.route.host }}
to:
kind: Service
name: {{ $serviceName }}
weight: 100
port:
targetPort: 8200
tls:
termination: passthrough
{{- end }}
{{- end }}
{{- end }}

View file

@ -131,7 +131,7 @@ load _helpers
[ "${actual}" = "nginx" ]
}
@test "server/ingress: uses active service when ha - yaml" {
@test "server/ingress: uses active service when ha by default - yaml" {
cd `chart_dir`
local actual=$(helm template \
@ -145,6 +145,21 @@ load _helpers
[ "${actual}" = "RELEASE-NAME-vault-active" ]
}
@test "server/ingress: uses regular service when configured with ha - yaml" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-ingress.yaml \
--set 'server.ingress.enabled=true' \
--set 'server.ingress.activeService=false' \
--set 'server.dev.enabled=false' \
--set 'server.ha.enabled=true' \
--set 'server.service.enabled=true' \
. | tee /dev/stderr |
yq -r '.spec.rules[0].http.paths[0].backend.serviceName' | tee /dev/stderr)
[ "${actual}" = "RELEASE-NAME-vault" ]
}
@test "server/ingress: uses regular service when not ha - yaml" {
cd `chart_dir`
@ -157,4 +172,19 @@ load _helpers
. | tee /dev/stderr |
yq -r '.spec.rules[0].http.paths[0].backend.serviceName' | tee /dev/stderr)
[ "${actual}" = "RELEASE-NAME-vault" ]
}
}
@test "server/ingress: uses regular service when not ha and activeService is true - yaml" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-ingress.yaml \
--set 'server.ingress.enabled=true' \
--set 'server.ingress.activeService=true' \
--set 'server.dev.enabled=false' \
--set 'server.ha.enabled=false' \
--set 'server.service.enabled=true' \
. | tee /dev/stderr |
yq -r '.spec.rules[0].http.paths[0].backend.serviceName' | tee /dev/stderr)
[ "${actual}" = "RELEASE-NAME-vault" ]
}

View file

@ -102,7 +102,20 @@ load _helpers
[ "${actual}" = "RELEASE-NAME-vault" ]
}
@test "server/route: OpenShift - route points to active service by when HA" {
@test "server/route: OpenShift - route points to main service when not ha and activeService is true" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-route.yaml \
--set 'global.openshift=true' \
--set 'server.route.enabled=true' \
--set 'server.route.activeService=true' \
. | tee /dev/stderr |
yq -r '.spec.to.name' | tee /dev/stderr)
[ "${actual}" = "RELEASE-NAME-vault" ]
}
@test "server/route: OpenShift - route points to active service by when HA by default" {
cd `chart_dir`
local actual=$(helm template \
@ -114,3 +127,17 @@ load _helpers
yq -r '.spec.to.name' | tee /dev/stderr)
[ "${actual}" = "RELEASE-NAME-vault-active" ]
}
@test "server/route: OpenShift - route points to general service by when HA when configured" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-route.yaml \
--set 'global.openshift=true' \
--set 'server.route.enabled=true' \
--set 'server.route.activeService=false' \
--set 'server.ha.enabled=true' \
. | tee /dev/stderr |
yq -r '.spec.to.name' | tee /dev/stderr)
[ "${actual}" = "RELEASE-NAME-vault" ]
}

View file

@ -564,6 +564,9 @@
"ingress": {
"type": "object",
"properties": {
"activeService": {
"type": "boolean"
},
"annotations": {
"type": [
"object",
@ -686,6 +689,9 @@
"route": {
"type": "object",
"properties": {
"activeService": {
"type": "boolean"
},
"annotations": {
"type": [
"object",

View file

@ -259,6 +259,10 @@ server:
# or
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# When HA mode is enabled and K8s service registration is being used,
# configure the ingress to point to the Vault active service.
activeService: true
hosts:
- host: chart-example.local
paths: []
@ -277,6 +281,11 @@ server:
# The created route will be of type passthrough
route:
enabled: false
# When HA mode is enabled and K8s service registration is being used,
# configure the route to point to the Vault active service.
activeService: true
labels: {}
annotations: {}
host: chart-example.local