From 5a4c3e69b1d1777e2246729af6a3e5178c73e639 Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Fri, 16 Nov 2018 16:34:10 -0600
Subject: [PATCH] refactoring for statefulset

---
 ...p.yaml => server-ha-config-configmap.yaml} |  0
 templates/server-ha-statefulset.yaml          | 34 +++++++------------
 2 files changed, 13 insertions(+), 21 deletions(-)
 rename templates/{server-storage-configmap.yaml => server-ha-config-configmap.yaml} (100%)

diff --git a/templates/server-storage-configmap.yaml b/templates/server-ha-config-configmap.yaml
similarity index 100%
rename from templates/server-storage-configmap.yaml
rename to templates/server-ha-config-configmap.yaml
diff --git a/templates/server-ha-statefulset.yaml b/templates/server-ha-statefulset.yaml
index eecaf22..c7e4174 100644
--- a/templates/server-ha-statefulset.yaml
+++ b/templates/server-ha-statefulset.yaml
@@ -1,7 +1,7 @@
 # StatefulSet to run the actual vault server cluster.
 {{- if (or (and (ne (.Values.consulHA.enabled | toString) "-") .Values.consulHA.enabled) (and (eq (.Values.consulHA.enabled | toString) "-") .Values.global.enabled)) }}
 apiVersion: apps/v1
-kind: Deployment
+kind: StatefulSet
 metadata:
   name: {{ template "vault.fullname" . }}-ha-server
   labels:
@@ -13,6 +13,13 @@ spec:
   serviceName: {{ template "vault.fullname" . }}-ha-server
   podManagementPolicy: Parallel
   replicas: {{ .Values.consulHA.replicas }}
+  # TODO: add updatePartition option 
+  {{- if (gt (int .Values.consulHA.updatePartition) 0) }}
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      partition: {{ .Values.consulHA.updatePartition }}
+  {{- end }}
   selector:
     matchLabels:
       app: {{ template "vault.name" . }}
@@ -27,23 +34,12 @@ spec:
         release: {{ .Release.Name }}
         component: server
     spec:
-      strategy:
-        type: "RollingUpdate" #default
-        rollingUpdate: 
-          maxSurge: 1
-          maxUnavailable: 0
-      #affinity:
-      #  podAntiAffinity:
-      #    requiredDuringSchedulingIgnoredDuringExecution:
-      #      - labelSelector:
-      #          matchLabels:
-      #            app: {{ template "vault.name" . }}
-      #            release: "{{ .Release.Name }}"
-      #            component: server
-      #        topologyKey: kubernetes.io/hostname
+      #TODO: look at how Consul exposes affinity
       terminationGracePeriodSeconds: 10
       securityContext:
         fsGroup: 1000
+        # TODO: confirm Vault needs this
+        privileged: true
       volumes:
         - name: config
           configMap:
@@ -60,10 +56,6 @@ spec:
         {{- end }}
       containers:
         - name: vault
-          securityContext:
-            fsGroup: 1000
-            # TODO: confirm Vault needs this
-            privileged: true
           image: "{{ default .Values.global.image .Values.consulHA.image }}"
           env:
             - name: HOST_IP
@@ -80,8 +72,7 @@ spec:
                   fieldPath: metadata.namespace
             - name: VAULT_ADDR 
               value: "http://localhost:8200"
-              #- name: VAULT_TEST
-              #- value: "true"
+          #TODO: review how swapping of POD_IP, HOST_IP values is done
           command:
             - "/bin/sh"
             - "-ec"
@@ -112,6 +103,7 @@ spec:
             # NOTE(mitchellh): when our HTTP status endpoints support the
             # proper status codes, we should switch to that. This is temporary.
             # TODO: verify for Vault
+            # Check status; unsealed vault servers return 0
             exec:
               command:
                 - "/bin/sh"