Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

use port names that map to vault.scheme (#223)

Browse source 
* use port names that map to vault.scheme

* prefix internal/replication port names with vault.scheme

* port names must be 'no more than 15 characters'

* test vault server service port names are prefixed with vault scheme

* test vault server statefulset port names are prefixed with vault scheme

* test vault ui service port names are prefixed with vault scheme

* formatting: replace double quote with single quote

* uncomment accidentally-commented lines

* always set internal port name to https-internal, since it is always https

* prefix headless service internal port name with https
This commit is contained in:
Javad Karabi 2020-04-13 10:48:23 -05:00 committed by GitHub
parent 0e115513c2
commit 374ea22c02
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 97 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
templates/server-headless-service.yaml
View file

@ -24,7 +24,7 @@ spec:
- name: "{{ include "vault.scheme" . }}" - name: "{{ include "vault.scheme" . }}"
port: {{ .Values.server.service.port }} port: {{ .Values.server.service.port }}
targetPort: {{ .Values.server.service.targetPort }} targetPort: {{ .Values.server.service.targetPort }}
- name: internal - name: https-internal
port: 8201 port: 8201
targetPort: 8201 targetPort: 8201
selector: selector:

4
templates/server-service.yaml
View file

@ -31,13 +31,13 @@ spec:
# since this DNS is also used for join operations. # since this DNS is also used for join operations.
publishNotReadyAddresses: true publishNotReadyAddresses: true
ports: ports:
- name: http - name: {{ include "vault.scheme" . }}
port: {{ .Values.server.service.port }} port: {{ .Values.server.service.port }}
targetPort: {{ .Values.server.service.targetPort }} targetPort: {{ .Values.server.service.targetPort }}
{{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
nodePort: {{ .Values.server.service.nodePort }} nodePort: {{ .Values.server.service.nodePort }}
{{- end }} {{- end }}
- name: internal - name: https-internal
port: 8201 port: 8201
targetPort: 8201 targetPort: 8201
selector: selector:

6
templates/server-statefulset.yaml
View file

@ -94,11 +94,11 @@ spec:
{{ template "vault.mounts" . }} {{ template "vault.mounts" . }}
ports: ports:
- containerPort: 8200 - containerPort: 8200
name: http name: {{ include "vault.scheme" . }}
- containerPort: 8201 - containerPort: 8201
name: internal name: https-internal
- containerPort: 8202 - containerPort: 8202
name: replication name: {{ include "vault.scheme" . }}-rep
{{- if .Values.server.readinessProbe.enabled }} {{- if .Values.server.readinessProbe.enabled }}
readinessProbe: readinessProbe:
{{- if .Values.server.readinessProbe.path }} {{- if .Values.server.readinessProbe.path }}

2
templates/ui-service.yaml
View file

@ -25,7 +25,7 @@ spec:
component: server component: server
publishNotReadyAddresses: true publishNotReadyAddresses: true
ports: ports:
- name: http - name: {{ include "vault.scheme" . }}
port: {{ .Values.ui.externalPort }} port: {{ .Values.ui.externalPort }}
targetPort: 8200 targetPort: 8200
{{- if .Values.ui.serviceNodePort }} {{- if .Values.ui.serviceNodePort }}

22
test/unit/server-service.bats
View file

@ -388,3 +388,25 @@ load _helpers
yq -r '.spec.ports[0].nodePort' | tee /dev/stderr) yq -r '.spec.ports[0].nodePort' | tee /dev/stderr)
[ "${actual}" = "null" ] [ "${actual}" = "null" ]
} }
@test "server/Service: vault port name is http, when tlsDisable is true" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-service.yaml \
--set 'global.tlsDisable=true' \
. | tee /dev/stderr |
yq -r '.spec.ports | map(select(.port==8200)) | .[] .name' | tee /dev/stderr)
[ "${actual}" = "http" ]
}
@test "server/Service: vault port name is https, when tlsDisable is false" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-service.yaml \
--set 'global.tlsDisable=false' \
. | tee /dev/stderr |
yq -r '.spec.ports | map(select(.port==8200)) | .[] .name' | tee /dev/stderr)
[ "${actual}" = "https" ]
}

44
test/unit/server-statefulset.bats
View file

@ -892,3 +892,47 @@ load _helpers
yq -r '.spec.template.spec.containers[0].lifecycle.preStop.exec.command[2]' | tee /dev/stderr) yq -r '.spec.template.spec.containers[0].lifecycle.preStop.exec.command[2]' | tee /dev/stderr)
[[ "${actual}" = "sleep 10 &&"* ]] [[ "${actual}" = "sleep 10 &&"* ]]
} }
@test "server/standalone-StatefulSet: vault port name is http, when tlsDisable is true" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-statefulset.yaml \
--set 'global.tlsDisable=true' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].ports | map(select(.containerPort==8200)) | .[] .name' | tee /dev/stderr)
[ "${actual}" = "http" ]
}
@test "server/standalone-StatefulSet: vault replication port name is http-rep, when tlsDisable is true" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-statefulset.yaml \
--set 'global.tlsDisable=true' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].ports | map(select(.containerPort==8202)) | .[] .name' | tee /dev/stderr)
[ "${actual}" = "http-rep" ]
}
@test "server/standalone-StatefulSet: vault port name is https, when tlsDisable is false" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-statefulset.yaml \
--set 'global.tlsDisable=false' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].ports | map(select(.containerPort==8200)) | .[] .name' | tee /dev/stderr)
[ "${actual}" = "https" ]
}
@test "server/standalone-StatefulSet: vault replication port name is https-rep, when tlsDisable is false" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/server-statefulset.yaml \
--set 'global.tlsDisable=false' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].ports | map(select(.containerPort==8202)) | .[] .name' | tee /dev/stderr)
[ "${actual}" = "https-rep" ]
}

24
test/unit/ui-service.bats
View file

@ -214,3 +214,27 @@ load _helpers
yq -r '.metadata.annotations["foo"]' | tee /dev/stderr) yq -r '.metadata.annotations["foo"]' | tee /dev/stderr)
[ "${actual}" = "null" ] [ "${actual}" = "null" ]
} }
@test "ui/Service: port name is http, when tlsDisable is true" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/ui-service.yaml \
--set 'global.tlsDisable=true' \
--set 'ui.enabled=true' \
. | tee /dev/stderr |
yq -r '.spec.ports[0].name' | tee /dev/stderr)
[ "${actual}" = "http" ]
}
@test "ui/Service: port name is https, when tlsDisable is false" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/ui-service.yaml \
--set 'global.tlsDisable=false' \
--set 'ui.enabled=true' \
. | tee /dev/stderr |
yq -r '.spec.ports[0].name' | tee /dev/stderr)
[ "${actual}" = "https" ]
}