From 666cdb75cc076508480e71ad4cb4d851fd996eaf Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Mon, 26 Nov 2018 15:35:52 -0600
Subject: [PATCH] add dev mode

---
 templates/server-dev-statefulset.yaml | 84 +++++++++++++++++++++++++++
 values.yaml                           |  9 +++
 2 files changed, 93 insertions(+)
 create mode 100644 templates/server-dev-statefulset.yaml

diff --git a/templates/server-dev-statefulset.yaml b/templates/server-dev-statefulset.yaml
new file mode 100644
index 0000000..78c926b
--- /dev/null
+++ b/templates/server-dev-statefulset.yaml
@@ -0,0 +1,84 @@
+# StatefulSet to run the actual vault server cluster.
+{{- if (or (and (ne (.Values.dev.enabled | toString) "-") .Values.dev.enabled) (and (eq (.Values.dev.enabled | toString) "-") .Values.global.enabled)) }}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}-dev-server
+  labels:
+    app: {{ template "vault.name" . }}
+    chart: {{ template "vault.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-dev-server
+  podManagementPolicy: Parallel
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ template "vault.name" . }}
+      chart: {{ template "vault.chart" . }}
+      release: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        app: {{ template "vault.name" . }}
+        chart: {{ template "vault.chart" . }}
+        release: {{ .Release.Name }}
+        component: server
+    spec:
+      terminationGracePeriodSeconds: 10
+      volumes:
+      containers:
+        - name: vault
+          securityContext:
+            fsGroup: 1000
+            privileged: true
+          image: "{{ default .Values.global.image .Values.dev.image }}"
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR 
+              value: "http://localhost:8200"
+          command:
+            - "vault"
+            - "server"
+            - "-dev"
+          volumeMounts:
+            {{- range .Values.dev.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: /vault/userconfig/{{ .name }}
+            {{- end }}
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                - vault step-down
+          ports:
+            - containerPort: 8200
+              name: http
+          readinessProbe:
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command:
+                - "/bin/sh"
+                - "-ec"
+                - |
+                  vault status
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 3
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- end }}
diff --git a/values.yaml b/values.yaml
index 003994a..b6bb9a8 100644
--- a/values.yaml
+++ b/values.yaml
@@ -146,3 +146,12 @@ ui:
   service:
     enabled: true
     type: LoadBalancer
+
+# Run Vault in "dev" mode. This requires no further setup, no state management,
+# and no initialization. This is useful for experimenting with Vault without
+# needing to unseal, store keys, et. al. All data is lost on restart - do not
+# use dev mode for anything other than experimenting.
+# See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+dev:
+  enabled: false
+  image: null