Add ingress/route configurable to specify active/general service (#570)

* Add ingress/route configurable to specify active/general service * Update test/unit/server-ingress.bats Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com> * values.schema.json Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
2021-07-15 14:15:46 -04:00 · 2021-07-15 14:15:46 -04:00 · 255cdc7d26
commit 255cdc7d26
parent a0d7b84ec2
6 changed files with 109 additions and 37 deletions
--- a/templates/server-ingress.yaml
+++ b/templates/server-ingress.yaml
@ -4,7 +4,7 @@
 {{- if .Values.server.ingress.enabled -}}
 {{- $extraPaths := .Values.server.ingress.extraPaths -}}
 {{- $serviceName := include "vault.fullname" . -}}
-{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.ingress.activeService | toString) "true") }}
 {{- $serviceName = printf "%s-%s" $serviceName "active" -}}
 {{- end }}
 {{- $servicePort := .Values.server.service.port -}}
--- a/templates/server-route.yaml
+++ b/templates/server-route.yaml
@ -1,33 +1,33 @@
-{{- if .Values.global.openshift }}
+{{- if .Values.global.openshift }}
-{{- if ne .mode "external" }}
+{{- if ne .mode "external" }}
-{{- if .Values.server.route.enabled -}}
+{{- if .Values.server.route.enabled -}}
-{{- $serviceName := include "vault.fullname" . -}}
+{{- $serviceName := include "vault.fullname" . -}}
-{{- if eq .mode "ha" }}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
-{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
-{{- end }}
+{{- end }}
-kind: Route
+kind: Route
-apiVersion: route.openshift.io/v1
+apiVersion: route.openshift.io/v1
-metadata:
+metadata:
-  name: {{ template "vault.fullname" . }}
+  name: {{ template "vault.fullname" . }}
-  labels:
+  labels:
-    helm.sh/chart: {{ include "vault.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    {{- with .Values.server.route.labels }}
+    {{- with .Values.server.route.labels }}
-      {{- toYaml . | nindent 4 }}
+      {{- toYaml . | nindent 4 }}
-    {{- end }}
+    {{- end }}
-  {{- template "vault.route.annotations" . }}
+  {{- template "vault.route.annotations" . }}
-spec:
+spec:
-  host: {{ .Values.server.route.host }}
+  host: {{ .Values.server.route.host }}
-  to:
+  to:
-    kind: Service
+    kind: Service
-    name: {{ $serviceName }}
+    name: {{ $serviceName }}
-    weight: 100
+    weight: 100
-  port:
+  port:
-    targetPort: 8200
+    targetPort: 8200
-  tls:
+  tls:
-    termination: passthrough
+    termination: passthrough
-{{- end }}
+{{- end }}
-{{- end }}
+{{- end }}
-{{- end }}
+{{- end }}
--- a/test/unit/server-ingress.bats
+++ b/test/unit/server-ingress.bats
@ -131,7 +131,7 @@ load _helpers
  [ "${actual}" = "nginx" ]
 }
-@test "server/ingress: uses active service when ha - yaml" {
+@test "server/ingress: uses active service when ha by default - yaml" {
  cd `chart_dir`
  local actual=$(helm template \
@ -145,6 +145,21 @@ load _helpers
  [ "${actual}" = "RELEASE-NAME-vault-active" ]
 }
@test "server/ingress: uses regular service when configured with ha - yaml" {
  cd `chart_dir`
  local actual=$(helm template \
      --show-only templates/server-ingress.yaml \
      --set 'server.ingress.enabled=true' \
      --set 'server.ingress.activeService=false' \
      --set 'server.dev.enabled=false' \
      --set 'server.ha.enabled=true' \
      --set 'server.service.enabled=true' \
      . | tee /dev/stderr |
      yq -r '.spec.rules[0].http.paths[0].backend.serviceName' | tee /dev/stderr)
  [ "${actual}" = "RELEASE-NAME-vault" ]
 }
@test "server/ingress: uses regular service when not ha - yaml" {
  cd `chart_dir`
@ -157,4 +172,19 @@ load _helpers
      . | tee /dev/stderr |
      yq -r '.spec.rules[0].http.paths[0].backend.serviceName' | tee /dev/stderr)
  [ "${actual}" = "RELEASE-NAME-vault" ]
-}
+}
@test "server/ingress: uses regular service when not ha and activeService is true - yaml" {
  cd `chart_dir`
  local actual=$(helm template \
      --show-only templates/server-ingress.yaml \
      --set 'server.ingress.enabled=true' \
      --set 'server.ingress.activeService=true' \
      --set 'server.dev.enabled=false' \
      --set 'server.ha.enabled=false' \
      --set 'server.service.enabled=true' \
      . | tee /dev/stderr |
      yq -r '.spec.rules[0].http.paths[0].backend.serviceName' | tee /dev/stderr)
  [ "${actual}" = "RELEASE-NAME-vault" ]
 }
--- a/test/unit/server-route.bats
+++ b/test/unit/server-route.bats
@ -102,7 +102,20 @@ load _helpers
  [ "${actual}" = "RELEASE-NAME-vault" ]
 }
-@test "server/route: OpenShift - route points to active service by when HA" {
+@test "server/route: OpenShift - route points to main service when not ha and activeService is true" {
  cd `chart_dir`
  local actual=$(helm template \
      --show-only templates/server-route.yaml \
      --set 'global.openshift=true' \
      --set 'server.route.enabled=true' \
      --set 'server.route.activeService=true' \
      . | tee /dev/stderr |
      yq -r '.spec.to.name' | tee /dev/stderr)
  [ "${actual}" = "RELEASE-NAME-vault" ]
 }
@test "server/route: OpenShift - route points to active service by when HA by default" {
  cd `chart_dir`
  local actual=$(helm template \
@ -114,3 +127,17 @@ load _helpers
      yq -r '.spec.to.name' | tee /dev/stderr)
  [ "${actual}" = "RELEASE-NAME-vault-active" ]
 }
@test "server/route: OpenShift - route points to general service by when HA when configured" {
  cd `chart_dir`
  local actual=$(helm template \
      --show-only templates/server-route.yaml \
      --set 'global.openshift=true' \
      --set 'server.route.enabled=true' \
      --set 'server.route.activeService=false' \
      --set 'server.ha.enabled=true' \
      . | tee /dev/stderr |
      yq -r '.spec.to.name' | tee /dev/stderr)
  [ "${actual}" = "RELEASE-NAME-vault" ]
 }
--- a/values.schema.json
+++ b/values.schema.json
@ -564,6 +564,9 @@
                "ingress": {
                    "type": "object",
                    "properties": {
                        "activeService": {
                            "type": "boolean"
                        },
                        "annotations": {
                            "type": [
                                "object",
@ -686,6 +689,9 @@
                "route": {
                    "type": "object",
                    "properties": {
                        "activeService": {
                            "type": "boolean"
                        },
                        "annotations": {
                            "type": [
                                "object",
--- a/values.yaml
+++ b/values.yaml
@ -259,6 +259,10 @@ server:
      #   or
      # kubernetes.io/ingress.class: nginx
      # kubernetes.io/tls-acme: "true"
    # When HA mode is enabled and K8s service registration is being used,
    # configure the ingress to point to the Vault active service.
    activeService: true
    hosts:
      - host: chart-example.local
        paths: []
@ -277,6 +281,11 @@ server:
  # The created route will be of type passthrough
  route:
    enabled: false
    # When HA mode is enabled and K8s service registration is being used,
    # configure the route to point to the Vault active service.
    activeService: true
    labels: {}
    annotations: {}
    host: chart-example.local