From 255cdc7d265289c3dd47a630442b331f9bf0a322 Mon Sep 17 00:00:00 2001 From: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Date: Thu, 15 Jul 2021 14:15:46 -0400 Subject: [PATCH] Add ingress/route configurable to specify active/general service (#570) * Add ingress/route configurable to specify active/general service * Update test/unit/server-ingress.bats Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com> * values.schema.json Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com> --- templates/server-ingress.yaml | 2 +- templates/server-route.yaml | 66 +++++++++++++++++------------------ test/unit/server-ingress.bats | 34 ++++++++++++++++-- test/unit/server-route.bats | 29 ++++++++++++++- values.schema.json | 6 ++++ values.yaml | 9 +++++ 6 files changed, 109 insertions(+), 37 deletions(-) diff --git a/templates/server-ingress.yaml b/templates/server-ingress.yaml index deaa0dd..9da020e 100644 --- a/templates/server-ingress.yaml +++ b/templates/server-ingress.yaml @@ -4,7 +4,7 @@ {{- if .Values.server.ingress.enabled -}} {{- $extraPaths := .Values.server.ingress.extraPaths -}} {{- $serviceName := include "vault.fullname" . -}} -{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} +{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.ingress.activeService | toString) "true") }} {{- $serviceName = printf "%s-%s" $serviceName "active" -}} {{- end }} {{- $servicePort := .Values.server.service.port -}} diff --git a/templates/server-route.yaml b/templates/server-route.yaml index 2fccf02..63055db 100644 --- a/templates/server-route.yaml +++ b/templates/server-route.yaml @@ -1,33 +1,33 @@ -{{- if .Values.global.openshift }} -{{- if ne .mode "external" }} -{{- if .Values.server.route.enabled -}} -{{- $serviceName := include "vault.fullname" . -}} -{{- if eq .mode "ha" }} -{{- $serviceName = printf "%s-%s" $serviceName "active" -}} -{{- end }} -kind: Route -apiVersion: route.openshift.io/v1 -metadata: - name: {{ template "vault.fullname" . }} - labels: - helm.sh/chart: {{ include "vault.chart" . }} - app.kubernetes.io/name: {{ include "vault.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.server.route.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- template "vault.route.annotations" . }} -spec: - host: {{ .Values.server.route.host }} - to: - kind: Service - name: {{ $serviceName }} - weight: 100 - port: - targetPort: 8200 - tls: - termination: passthrough -{{- end }} -{{- end }} -{{- end }} +{{- if .Values.global.openshift }} +{{- if ne .mode "external" }} +{{- if .Values.server.route.enabled -}} +{{- $serviceName := include "vault.fullname" . -}} +{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }} +{{- $serviceName = printf "%s-%s" $serviceName "active" -}} +{{- end }} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: {{ template "vault.fullname" . }} + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- with .Values.server.route.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- template "vault.route.annotations" . }} +spec: + host: {{ .Values.server.route.host }} + to: + kind: Service + name: {{ $serviceName }} + weight: 100 + port: + targetPort: 8200 + tls: + termination: passthrough +{{- end }} +{{- end }} +{{- end }} diff --git a/test/unit/server-ingress.bats b/test/unit/server-ingress.bats index bf191c3..68183a5 100755 --- a/test/unit/server-ingress.bats +++ b/test/unit/server-ingress.bats @@ -131,7 +131,7 @@ load _helpers [ "${actual}" = "nginx" ] } -@test "server/ingress: uses active service when ha - yaml" { +@test "server/ingress: uses active service when ha by default - yaml" { cd `chart_dir` local actual=$(helm template \ @@ -145,6 +145,21 @@ load _helpers [ "${actual}" = "RELEASE-NAME-vault-active" ] } +@test "server/ingress: uses regular service when configured with ha - yaml" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-ingress.yaml \ + --set 'server.ingress.enabled=true' \ + --set 'server.ingress.activeService=false' \ + --set 'server.dev.enabled=false' \ + --set 'server.ha.enabled=true' \ + --set 'server.service.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.rules[0].http.paths[0].backend.serviceName' | tee /dev/stderr) + [ "${actual}" = "RELEASE-NAME-vault" ] +} + @test "server/ingress: uses regular service when not ha - yaml" { cd `chart_dir` @@ -157,4 +172,19 @@ load _helpers . | tee /dev/stderr | yq -r '.spec.rules[0].http.paths[0].backend.serviceName' | tee /dev/stderr) [ "${actual}" = "RELEASE-NAME-vault" ] -} \ No newline at end of file +} + +@test "server/ingress: uses regular service when not ha and activeService is true - yaml" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-ingress.yaml \ + --set 'server.ingress.enabled=true' \ + --set 'server.ingress.activeService=true' \ + --set 'server.dev.enabled=false' \ + --set 'server.ha.enabled=false' \ + --set 'server.service.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.rules[0].http.paths[0].backend.serviceName' | tee /dev/stderr) + [ "${actual}" = "RELEASE-NAME-vault" ] +} diff --git a/test/unit/server-route.bats b/test/unit/server-route.bats index f5830e6..d141fb6 100755 --- a/test/unit/server-route.bats +++ b/test/unit/server-route.bats @@ -102,7 +102,20 @@ load _helpers [ "${actual}" = "RELEASE-NAME-vault" ] } -@test "server/route: OpenShift - route points to active service by when HA" { +@test "server/route: OpenShift - route points to main service when not ha and activeService is true" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-route.yaml \ + --set 'global.openshift=true' \ + --set 'server.route.enabled=true' \ + --set 'server.route.activeService=true' \ + . | tee /dev/stderr | + yq -r '.spec.to.name' | tee /dev/stderr) + [ "${actual}" = "RELEASE-NAME-vault" ] +} + +@test "server/route: OpenShift - route points to active service by when HA by default" { cd `chart_dir` local actual=$(helm template \ @@ -114,3 +127,17 @@ load _helpers yq -r '.spec.to.name' | tee /dev/stderr) [ "${actual}" = "RELEASE-NAME-vault-active" ] } + +@test "server/route: OpenShift - route points to general service by when HA when configured" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-route.yaml \ + --set 'global.openshift=true' \ + --set 'server.route.enabled=true' \ + --set 'server.route.activeService=false' \ + --set 'server.ha.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.to.name' | tee /dev/stderr) + [ "${actual}" = "RELEASE-NAME-vault" ] +} diff --git a/values.schema.json b/values.schema.json index d9cbf92..bd07137 100644 --- a/values.schema.json +++ b/values.schema.json @@ -564,6 +564,9 @@ "ingress": { "type": "object", "properties": { + "activeService": { + "type": "boolean" + }, "annotations": { "type": [ "object", @@ -686,6 +689,9 @@ "route": { "type": "object", "properties": { + "activeService": { + "type": "boolean" + }, "annotations": { "type": [ "object", diff --git a/values.yaml b/values.yaml index 1275f31..7287696 100644 --- a/values.yaml +++ b/values.yaml @@ -259,6 +259,10 @@ server: # or # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" + + # When HA mode is enabled and K8s service registration is being used, + # configure the ingress to point to the Vault active service. + activeService: true hosts: - host: chart-example.local paths: [] @@ -277,6 +281,11 @@ server: # The created route will be of type passthrough route: enabled: false + + # When HA mode is enabled and K8s service registration is being used, + # configure the route to point to the Vault active service. + activeService: true + labels: {} annotations: {} host: chart-example.local