diff --git a/templates/server-headless-service.yaml b/templates/server-headless-service.yaml index b9069d8..cced609 100644 --- a/templates/server-headless-service.yaml +++ b/templates/server-headless-service.yaml @@ -24,7 +24,7 @@ spec: - name: "{{ include "vault.scheme" . }}" port: {{ .Values.server.service.port }} targetPort: {{ .Values.server.service.targetPort }} - - name: internal + - name: https-internal port: 8201 targetPort: 8201 selector: diff --git a/templates/server-service.yaml b/templates/server-service.yaml index 68a06fb..4d0e289 100644 --- a/templates/server-service.yaml +++ b/templates/server-service.yaml @@ -31,13 +31,13 @@ spec: # since this DNS is also used for join operations. publishNotReadyAddresses: true ports: - - name: http + - name: {{ include "vault.scheme" . }} port: {{ .Values.server.service.port }} targetPort: {{ .Values.server.service.targetPort }} {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} nodePort: {{ .Values.server.service.nodePort }} {{- end }} - - name: internal + - name: https-internal port: 8201 targetPort: 8201 selector: diff --git a/templates/server-statefulset.yaml b/templates/server-statefulset.yaml index 1497889..3b51a62 100644 --- a/templates/server-statefulset.yaml +++ b/templates/server-statefulset.yaml @@ -94,11 +94,11 @@ spec: {{ template "vault.mounts" . }} ports: - containerPort: 8200 - name: http + name: {{ include "vault.scheme" . }} - containerPort: 8201 - name: internal + name: https-internal - containerPort: 8202 - name: replication + name: {{ include "vault.scheme" . }}-rep {{- if .Values.server.readinessProbe.enabled }} readinessProbe: {{- if .Values.server.readinessProbe.path }} diff --git a/templates/ui-service.yaml b/templates/ui-service.yaml index 6d89264..8b8a2c9 100644 --- a/templates/ui-service.yaml +++ b/templates/ui-service.yaml @@ -25,7 +25,7 @@ spec: component: server publishNotReadyAddresses: true ports: - - name: http + - name: {{ include "vault.scheme" . }} port: {{ .Values.ui.externalPort }} targetPort: 8200 {{- if .Values.ui.serviceNodePort }} diff --git a/test/unit/server-service.bats b/test/unit/server-service.bats index e3ae0f2..5821b91 100755 --- a/test/unit/server-service.bats +++ b/test/unit/server-service.bats @@ -388,3 +388,25 @@ load _helpers yq -r '.spec.ports[0].nodePort' | tee /dev/stderr) [ "${actual}" = "null" ] } + +@test "server/Service: vault port name is http, when tlsDisable is true" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-service.yaml \ + --set 'global.tlsDisable=true' \ + . | tee /dev/stderr | + yq -r '.spec.ports | map(select(.port==8200)) | .[] .name' | tee /dev/stderr) + [ "${actual}" = "http" ] +} + +@test "server/Service: vault port name is https, when tlsDisable is false" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-service.yaml \ + --set 'global.tlsDisable=false' \ + . | tee /dev/stderr | + yq -r '.spec.ports | map(select(.port==8200)) | .[] .name' | tee /dev/stderr) + [ "${actual}" = "https" ] +} diff --git a/test/unit/server-statefulset.bats b/test/unit/server-statefulset.bats index b0dc6fb..3d08925 100755 --- a/test/unit/server-statefulset.bats +++ b/test/unit/server-statefulset.bats @@ -892,3 +892,47 @@ load _helpers yq -r '.spec.template.spec.containers[0].lifecycle.preStop.exec.command[2]' | tee /dev/stderr) [[ "${actual}" = "sleep 10 &&"* ]] } + +@test "server/standalone-StatefulSet: vault port name is http, when tlsDisable is true" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'global.tlsDisable=true' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].ports | map(select(.containerPort==8200)) | .[] .name' | tee /dev/stderr) + [ "${actual}" = "http" ] +} + +@test "server/standalone-StatefulSet: vault replication port name is http-rep, when tlsDisable is true" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'global.tlsDisable=true' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].ports | map(select(.containerPort==8202)) | .[] .name' | tee /dev/stderr) + [ "${actual}" = "http-rep" ] +} + +@test "server/standalone-StatefulSet: vault port name is https, when tlsDisable is false" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'global.tlsDisable=false' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].ports | map(select(.containerPort==8200)) | .[] .name' | tee /dev/stderr) + [ "${actual}" = "https" ] +} + +@test "server/standalone-StatefulSet: vault replication port name is https-rep, when tlsDisable is false" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'global.tlsDisable=false' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].ports | map(select(.containerPort==8202)) | .[] .name' | tee /dev/stderr) + [ "${actual}" = "https-rep" ] +} diff --git a/test/unit/ui-service.bats b/test/unit/ui-service.bats index 46cfa88..042e141 100755 --- a/test/unit/ui-service.bats +++ b/test/unit/ui-service.bats @@ -214,3 +214,27 @@ load _helpers yq -r '.metadata.annotations["foo"]' | tee /dev/stderr) [ "${actual}" = "null" ] } + +@test "ui/Service: port name is http, when tlsDisable is true" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/ui-service.yaml \ + --set 'global.tlsDisable=true' \ + --set 'ui.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.ports[0].name' | tee /dev/stderr) + [ "${actual}" = "http" ] +} + +@test "ui/Service: port name is https, when tlsDisable is false" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/ui-service.yaml \ + --set 'global.tlsDisable=false' \ + --set 'ui.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.ports[0].name' | tee /dev/stderr) + [ "${actual}" = "https" ] +}