diff --git a/templates/server-statefulset.yaml b/templates/server-statefulset.yaml index b315da0..9d051f8 100644 --- a/templates/server-statefulset.yaml +++ b/templates/server-statefulset.yaml @@ -71,9 +71,16 @@ spec: - name: VAULT_ADDR value: "http://localhost:8200" command: - - "vault" - - "server" - - "-config=/vault/config/" + - "/bin/sh" + - "-ec" + - | + vault server -config=/vault/config/ \ + {{- range .Values.server.extraVolumes }} + {{- if .load }} + -config-dir=/vault/userconfig/{{ .name }} \ + {{- end }} + {{- end }} + volumeMounts: - name: data mountPath: /vault/data diff --git a/test/unit/server-statefulset.bats b/test/unit/server-statefulset.bats index edce616..e99356a 100755 --- a/test/unit/server-statefulset.bats +++ b/test/unit/server-statefulset.bats @@ -65,8 +65,9 @@ load _helpers #-------------------------------------------------------------------- # updateStrategy +# Single-Server does not include an update strategy -@test "server/StatefulSet: no updateStrategy when not updating" { +@test "server/StatefulSet: no updateStrategy" { cd `chart_dir` local actual=$(helm template \ -x templates/server-statefulset.yaml \ @@ -75,23 +76,6 @@ load _helpers [ "${actual}" = "null" ] } -@test "server/StatefulSet: updateStrategy during update" { - cd `chart_dir` - local actual=$(helm template \ - -x templates/server-statefulset.yaml \ - --set 'server.updatePartition=2' \ - . | tee /dev/stderr | - yq -r '.spec.updateStrategy.type' | tee /dev/stderr) - [ "${actual}" = "RollingUpdate" ] - - local actual=$(helm template \ - -x templates/server-statefulset.yaml \ - --set 'server.updatePartition=2' \ - . | tee /dev/stderr | - yq -r '.spec.updateStrategy.rollingUpdate.partition' | tee /dev/stderr) - [ "${actual}" = "2" ] -} - #-------------------------------------------------------------------- # extraVolumes @@ -128,7 +112,7 @@ load _helpers local actual=$(echo $object | yq -r '.mountPath' | tee /dev/stderr) - [ "${actual}" = "/consul/userconfig/foo" ] + [ "${actual}" = "/vault/userconfig/foo" ] # Doesn't load it local actual=$(helm template \ @@ -173,7 +157,7 @@ load _helpers local actual=$(echo $object | yq -r '.mountPath' | tee /dev/stderr) - [ "${actual}" = "/consul/userconfig/foo" ] + [ "${actual}" = "/vault/userconfig/foo" ] # Doesn't load it local actual=$(helm template \ @@ -193,7 +177,7 @@ load _helpers --set 'server.extraVolumes[0].name=foo' \ --set 'server.extraVolumes[0].load=true' \ . | tee /dev/stderr | - yq -r '.spec.template.spec.containers[0].command | map(select(test("/consul/userconfig/foo"))) | length' | tee /dev/stderr) + yq -r '.spec.template.spec.containers[0].command | map(select(test("/vault/userconfig/foo"))) | length' | tee /dev/stderr) [ "${actual}" = "1" ] } @@ -219,4 +203,3 @@ load _helpers yq -r '.spec.volumeClaimTemplates[0].spec.storageClassName' | tee /dev/stderr) [ "${actual}" = "foo" ] } - diff --git a/values.yaml b/values.yaml index de7a9d0..e4d6f92 100644 --- a/values.yaml +++ b/values.yaml @@ -70,7 +70,7 @@ server: extraVolumes: [] # - type: secret (or "configMap") # name: my-secret - # load: false # if true, will add to `-config-dir` to load by Vault + # load: false # if true, will add to `-config` to load by Vault serverHA: enabled: false @@ -121,6 +121,14 @@ serverHA: crypto_key = "vault-init" } + # extraVolumes is a list of extra volumes to mount. These will be exposed + # to Vault in the path `/vault/userconfig//`. The value below is + # an array of objects, examples are shown below. + extraVolumes: [] + # - type: secret (or "configMap") + # name: my-secret + # load: false # if true, will add to `-config` to load by Vault + # Configuration for DNS configuration within the Kubernetes cluster. # This creates a service that routes to all agents (client or server) # for serving DNS requests. This DOES NOT automatically configure kube-dns