From 87e456754b7ee5578c17d04ed0622b586182357c Mon Sep 17 00:00:00 2001 From: Stephen Herd Date: Thu, 14 Apr 2022 15:16:39 -0700 Subject: [PATCH] =?UTF-8?q?Issue=20629:=20updated=20to=20allow=20customiza?= =?UTF-8?q?tion=20of=20the=20CLUSTER=5FADDR=20the=20same=E2=80=A6=20(#709)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Issue #629 Updates to allow customization of the CLUSTER_ADDR and unit tests to go with it * Issue-#629 removing extra whitespace I added accidently. * Issue-#629 fixing extra whitespace added. * Update values.yaml Co-authored-by: Joaco Muleiro Beltran * Issue #629 adding changelog Co-authored-by: Joaco Muleiro Beltran --- CHANGELOG.md | 1 + templates/server-statefulset.yaml | 4 +++ test/unit/server-ha-statefulset.bats | 47 +++++++++++++++++++++++++++- values.yaml | 5 +++ 4 files changed, 56 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f02bb83..8454d28 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ Improvements: * CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690) * Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683) * Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710) +* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709) ## 0.19.0 (January 20th, 2022) diff --git a/templates/server-statefulset.yaml b/templates/server-statefulset.yaml index 5cf1597..2cae84f 100644 --- a/templates/server-statefulset.yaml +++ b/templates/server-statefulset.yaml @@ -109,7 +109,11 @@ spec: fieldRef: fieldPath: metadata.name - name: VAULT_CLUSTER_ADDR + {{- if .Values.server.ha.clusterAddr }} + value: {{ .Values.server.ha.clusterAddr }} + {{- else }} value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" + {{- end }} {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} - name: VAULT_RAFT_NODE_ID valueFrom: diff --git a/test/unit/server-ha-statefulset.bats b/test/unit/server-ha-statefulset.bats index 6034cb5..0722c26 100755 --- a/test/unit/server-ha-statefulset.bats +++ b/test/unit/server-ha-statefulset.bats @@ -417,7 +417,7 @@ load _helpers #-------------------------------------------------------------------- # VAULT_CLUSTER_ADDR renders -@test "server/ha-StatefulSet: cluster addr renders" { +@test "server/ha-StatefulSet: clusterAddr not set" { cd `chart_dir` local object=$(helm template \ --show-only templates/server-statefulset.yaml \ @@ -431,6 +431,51 @@ load _helpers [ "${value}" = 'https://$(HOSTNAME).release-name-vault-internal:8201' ] } +@test "server/ha-StatefulSet: clusterAddr set to null" { + cd `chart_dir` + local object=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.ha.enabled=true' \ + --set 'server.ha.raft.enabled=true' \ + --set 'server.ha.clusterAddr=null' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) + + local value=$(echo $object | + yq -r 'map(select(.name=="VAULT_CLUSTER_ADDR")) | .[] .value' | tee /dev/stderr) + [ "${value}" = 'https://$(HOSTNAME).release-name-vault-internal:8201' ] +} + +@test "server/ha-StatefulSet: clusterAddr set to custom url" { + cd `chart_dir` + local object=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.ha.enabled=true' \ + --set 'server.ha.raft.enabled=true' \ + --set 'server.ha.clusterAddr=https://test.example.com:8201' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) + + local value=$(echo $object | + yq -r 'map(select(.name=="VAULT_CLUSTER_ADDR")) | .[] .value' | tee /dev/stderr) + [ "${value}" = 'https://test.example.com:8201' ] +} + +@test "server/ha-StatefulSet: clusterAddr set to custom url with environment variable" { + cd `chart_dir` + local object=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.ha.enabled=true' \ + --set 'server.ha.raft.enabled=true' \ + --set 'server.ha.clusterAddr=http://$(HOSTNAME).release-name-vault-internal:8201' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) + + local value=$(echo $object | + yq -r 'map(select(.name=="VAULT_CLUSTER_ADDR")) | .[] .value' | tee /dev/stderr) + [ "${value}" = 'http://$(HOSTNAME).release-name-vault-internal:8201' ] +} + #-------------------------------------------------------------------- # VAULT_RAFT_NODE_ID renders diff --git a/values.yaml b/values.yaml index 4d967f8..ed4f80f 100644 --- a/values.yaml +++ b/values.yaml @@ -680,6 +680,11 @@ server: # If set to null, this will be set to the Pod IP Address apiAddr: null + # Set the cluster_addr confuguration for Vault HA + # See https://www.vaultproject.io/docs/configuration#cluster_addr + # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201 + clusterAddr: null + # Enables Vault's integrated Raft storage. Unlike the typical HA modes where # Vault's persistence is external (such as Consul), enabling Raft mode will create # persistent volumes for Vault to store data according to the configuration under server.dataStorage.