rename consulHA to serverHA; add dev mode, update config and values

templates/ha-ui-service.yaml

@@ -3,7 +3,7 @@
 # the agent is installed locally on the node and the NODE_IP should be used.
 # If the node can't run a Vault agent, then this service can be used to
 # communicate directly to a server agent.
-{{- if (and (or (and (ne (.Values.consulHA.enabled | toString) "-") .Values.consulHA.enabled) (and (eq (.Values.consulHA.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.enabled | toString) "-") .Values.ui.enabled) (and (eq (.Values.ui.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.service.enabled | toString) "-") .Values.ui.service.enabled) (and (eq (.Values.ui.service.enabled | toString) "-") .Values.global.enabled))) }}
+{{- if (and (or (and (ne (.Values.serverHA.enabled | toString) "-") .Values.serverHA.enabled) (and (eq (.Values.serverHA.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.enabled | toString) "-") .Values.ui.enabled) (and (eq (.Values.ui.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.service.enabled | toString) "-") .Values.ui.service.enabled) (and (eq (.Values.ui.service.enabled | toString) "-") .Values.global.enabled))) }}
 apiVersion: v1
 kind: Service
 metadata:

templates/server-ha-config-configmap.yaml

@@ -1,9 +1,9 @@
 # StatefulSet to run the actual vault server cluster.
-{{- if (or (and (ne (.Values.consulHA.enabled | toString) "-") .Values.consulHA.enabled) (and (eq (.Values.consulHA.enabled | toString) "-") .Values.global.enabled)) }}
+{{- if (or (and (ne (.Values.serverHA.enabled | toString) "-") .Values.serverHA.enabled) (and (eq (.Values.serverHA.enabled | toString) "-") .Values.global.enabled)) }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ template "vault.fullname" . }}-server-config
+  name: {{ template "vault.fullname" . }}-server-ha-config
   labels:
     app: {{ template "vault.name" . }}
     chart: {{ template "vault.chart" . }}
@@ -11,5 +11,5 @@ metadata:
     release: {{ .Release.Name }}
 data:
   statefulconfig-from-values.hcl: |-
-{{ tpl .Values.consulHA.config . | indent 4 }}
+{{ tpl .Values.serverHA.config . | indent 4 }}
 {{- end }}

templates/server-ha-service.yaml

@@ -4,7 +4,7 @@
 # If the node can't run a Vault agent, then this service can be used to
 # communicate directly to a server agent.
 # TODO: verify for Vault
-{{- if (or (and (ne (.Values.consulHA.enabled | toString) "-") .Values.consulHA.enabled) (and (eq (.Values.consulHA.enabled | toString) "-") .Values.global.enabled)) }}
+{{- if (or (and (ne (.Values.serverHA.enabled | toString) "-") .Values.serverHA.enabled) (and (eq (.Values.serverHA.enabled | toString) "-") .Values.global.enabled)) }}
 apiVersion: v1
 kind: Service
 metadata:

templates/server-ha-statefulset.yaml

@@ -1,5 +1,5 @@
 # StatefulSet to run the actual vault server cluster.
-{{- if (or (and (ne (.Values.consulHA.enabled | toString) "-") .Values.consulHA.enabled) (and (eq (.Values.consulHA.enabled | toString) "-") .Values.global.enabled)) }}
+{{- if (or (and (ne (.Values.serverHA.enabled | toString) "-") .Values.serverHA.enabled) (and (eq (.Values.serverHA.enabled | toString) "-") .Values.global.enabled)) }}
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
@@ -12,13 +12,13 @@ metadata:
 spec:
   serviceName: {{ template "vault.fullname" . }}-ha-server
   podManagementPolicy: Parallel
-  replicas: {{ .Values.consulHA.replicas }}
+  replicas: {{ .Values.serverHA.replicas }}
   # TODO: add updatePartition option 
-  {{- if (gt (int .Values.consulHA.updatePartition) 0) }}
+  {{- if (gt (int .Values.serverHA.updatePartition) 0) }}
   updateStrategy:
     type: RollingUpdate
     rollingUpdate:
-      partition: {{ .Values.consulHA.updatePartition }}
+      partition: {{ .Values.serverHA.updatePartition }}
   {{- end }}
   selector:
     matchLabels:
@@ -41,7 +41,7 @@ spec:
           configMap:
             name: {{ template "vault.fullname" . }}-server-ha-config
             defaultMode: 0755
-        {{- range .Values.consulHA.extraVolumes }}
+        {{- range .Values.serverHA.extraVolumes }}
         - name: userconfig-{{ .name }}
           {{ .type }}:
             {{- if (eq .type "configMap") }}
@@ -56,7 +56,7 @@ spec:
             fsGroup: 1000
             # TODO: confirm Vault needs this
             privileged: true
-          image: "{{ default .Values.global.image .Values.consulHA.image }}"
+          image: "{{ default .Values.global.image .Values.serverHA.image }}"
           env:
             - name: HOST_IP
               valueFrom:
@@ -86,7 +86,7 @@ spec:
           volumeMounts:
             - name: config
               mountPath: /vault/config
-            {{- range .Values.consulHA.extraVolumes }}
+            {{- range .Values.serverHA.extraVolumes }}
             - name: userconfig-{{ .name }}
               readOnly: true
               mountPath: /vault/userconfig/{{ .name }}

values.yaml

@@ -72,7 +72,7 @@ server:
     #   name: my-secret
     #   load: false # if true, will add to `-config-dir` to load by Vault
 
-consulHA:
+serverHA:
   enabled: false
   image: null
   replicas: 1
@@ -136,7 +136,9 @@ ui:
   # on the server nodes. This makes UI access via the service below (if
   # enabled) predictable rather than "any node" if you're running Vault
   # clients as well.
-  enabled: "-"
+  #
+  # This value is used for both Single Server and HA mode setups
+  enabled: false
 
   # True if you want to create a Service entry for the Vault UI.
   #