From 85b52694f7dc3e454c66a70064a21132259fb6a1 Mon Sep 17 00:00:00 2001
From: Yong Wen Chua <lawliet89@users.noreply.github.com>
Date: Tue, 14 Jul 2020 22:09:43 +0800
Subject: [PATCH] Allow overriding VAULT_API_ADDR (#290)

---
 templates/server-statefulset.yaml    |  4 +++
 test/unit/server-ha-statefulset.bats | 38 ++++++++++++++++++++++++++++
 values.yaml                          |  5 ++++
 3 files changed, 47 insertions(+)

diff --git a/templates/server-statefulset.yaml b/templates/server-statefulset.yaml
index f8a0eb1..7db704c 100644
--- a/templates/server-statefulset.yaml
+++ b/templates/server-statefulset.yaml
@@ -87,7 +87,11 @@ spec:
             - name: VAULT_ADDR
               value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
             - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
               value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
             - name: SKIP_CHOWN
               value: "true"
             - name: SKIP_SETCAP
diff --git a/test/unit/server-ha-statefulset.bats b/test/unit/server-ha-statefulset.bats
index ff5c571..6df4dfe 100755
--- a/test/unit/server-ha-statefulset.bats
+++ b/test/unit/server-ha-statefulset.bats
@@ -403,6 +403,44 @@ load _helpers
   [ "${actual}" = "secret_key_1" ]
 }
 
+#--------------------------------------------------------------------
+# VAULT_API_ADDR renders
+
+@test "server/ha-StatefulSet: api addr renders to Pod IP by default" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.ha.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+     yq -r '.[5].name' | tee /dev/stderr)
+  [ "${actual}" = "VAULT_API_ADDR" ]
+
+  local actual=$(echo $object |
+     yq -r '.[5].value' | tee /dev/stderr)
+  [ "${actual}" = 'http://$(POD_IP):8200' ]
+}
+
+@test "server/ha-StatefulSet: api addr can be overriden" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.ha.enabled=true' \
+      --set 'server.ha.apiAddr="https://example.com:8200"' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+     yq -r '.[5].name' | tee /dev/stderr)
+  [ "${actual}" = "VAULT_API_ADDR" ]
+
+  local actual=$(echo $object |
+     yq -r '.[5].value' | tee /dev/stderr)
+  [ "${actual}" = 'https://example.com:8200' ]
+}
+
 #--------------------------------------------------------------------
 # VAULT_CLUSTER_ADDR renders
 
diff --git a/values.yaml b/values.yaml
index 40f6a9c..f985e59 100644
--- a/values.yaml
+++ b/values.yaml
@@ -387,6 +387,11 @@ server:
     enabled: false
     replicas: 3
 
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+
     # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
     # Vault's persistence is external (such as Consul), enabling Raft mode will create
     # persistent volumes for Vault to store data according to the configuration under server.dataStorage.