Allow overriding VAULT_API_ADDR (#290)

2020-07-14 22:09:43 +08:00 · 2020-07-14 22:09:43 +08:00 · 85b52694f7
commit 85b52694f7
parent ef7df3da77
3 changed files with 47 additions and 0 deletions
--- a/templates/server-statefulset.yaml
+++ b/templates/server-statefulset.yaml
@ -87,7 +87,11 @@ spec:
            - name: VAULT_ADDR
              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
            - name: SKIP_CHOWN
              value: "true"
            - name: SKIP_SETCAP
--- a/test/unit/server-ha-statefulset.bats
+++ b/test/unit/server-ha-statefulset.bats
@ -403,6 +403,44 @@ load _helpers
  [ "${actual}" = "secret_key_1" ]
 }

+#--------------------------------------------------------------------
+# VAULT_API_ADDR renders
+
+@test "server/ha-StatefulSet: api addr renders to Pod IP by default" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.ha.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+     yq -r '.[5].name' | tee /dev/stderr)
+  [ "${actual}" = "VAULT_API_ADDR" ]
+
+  local actual=$(echo $object |
+     yq -r '.[5].value' | tee /dev/stderr)
+  [ "${actual}" = 'http://$(POD_IP):8200' ]
+}
+
+@test "server/ha-StatefulSet: api addr can be overriden" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.ha.enabled=true' \
+      --set 'server.ha.apiAddr="https://example.com:8200"' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+     yq -r '.[5].name' | tee /dev/stderr)
+  [ "${actual}" = "VAULT_API_ADDR" ]
+
+  local actual=$(echo $object |
+     yq -r '.[5].value' | tee /dev/stderr)
+  [ "${actual}" = 'https://example.com:8200' ]
+}
+
 #--------------------------------------------------------------------
 # VAULT_CLUSTER_ADDR renders

--- a/values.yaml
+++ b/values.yaml
@ -387,6 +387,11 @@ server:
    enabled: false
    replicas: 3

+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+
    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
    # Vault's persistence is external (such as Consul), enabling Raft mode will create
    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.