Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactoring for statefulset

Browse source
This commit is contained in:
Clint Shryock 2018-11-16 16:34:10 -06:00
parent 180ba0cd6c
commit 5a4c3e69b1
No known key found for this signature in database
GPG key ID: B7C8F9C70EC5CD29
2 changed files with 13 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
templates/server-storage-configmap.yaml → templates/server-ha-config-configmap.yaml
View file

34
templates/server-ha-statefulset.yaml
View file

@ -1,7 +1,7 @@
# StatefulSet to run the actual vault server cluster. # StatefulSet to run the actual vault server cluster.
{{- if (or (and (ne (.Values.consulHA.enabled | toString) "-") .Values.consulHA.enabled) (and (eq (.Values.consulHA.enabled | toString) "-") .Values.global.enabled)) }} {{- if (or (and (ne (.Values.consulHA.enabled | toString) "-") .Values.consulHA.enabled) (and (eq (.Values.consulHA.enabled | toString) "-") .Values.global.enabled)) }}
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: StatefulSet
metadata: metadata:
name: {{ template "vault.fullname" . }}-ha-server name: {{ template "vault.fullname" . }}-ha-server
labels: labels:
@ -13,6 +13,13 @@ spec:
serviceName: {{ template "vault.fullname" . }}-ha-server serviceName: {{ template "vault.fullname" . }}-ha-server
podManagementPolicy: Parallel podManagementPolicy: Parallel
replicas: {{ .Values.consulHA.replicas }} replicas: {{ .Values.consulHA.replicas }}
# TODO: add updatePartition option
{{- if (gt (int .Values.consulHA.updatePartition) 0) }}
updateStrategy:
type: RollingUpdate
rollingUpdate:
partition: {{ .Values.consulHA.updatePartition }}
{{- end }}
selector: selector:
matchLabels: matchLabels:
app: {{ template "vault.name" . }} app: {{ template "vault.name" . }}
@ -27,23 +34,12 @@ spec:
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: server component: server
spec: spec:
strategy: #TODO: look at how Consul exposes affinity
type: "RollingUpdate" #default
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
#affinity:
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchLabels:
# app: {{ template "vault.name" . }}
# release: "{{ .Release.Name }}"
# component: server
# topologyKey: kubernetes.io/hostname
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10
securityContext: securityContext:
fsGroup: 1000 fsGroup: 1000
# TODO: confirm Vault needs this
privileged: true
volumes: volumes:
- name: config - name: config
configMap: configMap:
@ -60,10 +56,6 @@ spec:
{{- end }} {{- end }}
containers: containers:
- name: vault - name: vault
securityContext:
fsGroup: 1000
# TODO: confirm Vault needs this
privileged: true
image: "{{ default .Values.global.image .Values.consulHA.image }}" image: "{{ default .Values.global.image .Values.consulHA.image }}"
env: env:
- name: HOST_IP - name: HOST_IP
@ -80,8 +72,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: VAULT_ADDR - name: VAULT_ADDR
value: "http://localhost:8200" value: "http://localhost:8200"
#- name: VAULT_TEST #TODO: review how swapping of POD_IP, HOST_IP values is done
#- value: "true"
command: command:
- "/bin/sh" - "/bin/sh"
- "-ec" - "-ec"
@ -112,6 +103,7 @@ spec:
# NOTE(mitchellh): when our HTTP status endpoints support the # NOTE(mitchellh): when our HTTP status endpoints support the
# proper status codes, we should switch to that. This is temporary. # proper status codes, we should switch to that. This is temporary.
# TODO: verify for Vault # TODO: verify for Vault
# Check status; unsealed vault servers return 0
exec: exec:
command: command:
- "/bin/sh" - "/bin/sh"