Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Issue 629: updated to allow customization of the CLUSTER_ADDR the same… (#709)

Browse source 
* Issue #629 Updates to allow customization of the CLUSTER_ADDR and unit tests to go with it

* Issue-#629 removing extra whitespace I added accidently.

* Issue-#629 fixing extra whitespace added.

* Update values.yaml

Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com>

* Issue #629 adding changelog

Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com>
This commit is contained in:
Stephen Herd 2022-04-14 15:16:39 -07:00 committed by GitHub
parent 4ae52c8bd3
commit 87e456754b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 56 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -11,6 +11,7 @@ Improvements:
* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690) * CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683) * Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710) * Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
## 0.19.0 (January 20th, 2022) ## 0.19.0 (January 20th, 2022)

4
templates/server-statefulset.yaml
View file

@ -109,7 +109,11 @@ spec:
fieldRef: fieldRef:
fieldPath: metadata.name fieldPath: metadata.name
- name: VAULT_CLUSTER_ADDR - name: VAULT_CLUSTER_ADDR
{{- if .Values.server.ha.clusterAddr }}
value: {{ .Values.server.ha.clusterAddr }}
{{- else }}
value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
{{- end }}
{{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
- name: VAULT_RAFT_NODE_ID - name: VAULT_RAFT_NODE_ID
valueFrom: valueFrom:

47
test/unit/server-ha-statefulset.bats
View file

@ -417,7 +417,7 @@ load _helpers
#-------------------------------------------------------------------- #--------------------------------------------------------------------
# VAULT_CLUSTER_ADDR renders # VAULT_CLUSTER_ADDR renders
@test "server/ha-StatefulSet: cluster addr renders" { @test "server/ha-StatefulSet: clusterAddr not set" {
cd `chart_dir` cd `chart_dir`
local object=$(helm template \ local object=$(helm template \
--show-only templates/server-statefulset.yaml \ --show-only templates/server-statefulset.yaml \
@ -431,6 +431,51 @@ load _helpers
[ "${value}" = 'https://$(HOSTNAME).release-name-vault-internal:8201' ] [ "${value}" = 'https://$(HOSTNAME).release-name-vault-internal:8201' ]
} }
@test "server/ha-StatefulSet: clusterAddr set to null" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/server-statefulset.yaml \
--set 'server.ha.enabled=true' \
--set 'server.ha.raft.enabled=true' \
--set 'server.ha.clusterAddr=null' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local value=$(echo $object |
yq -r 'map(select(.name=="VAULT_CLUSTER_ADDR")) | .[] .value' | tee /dev/stderr)
[ "${value}" = 'https://$(HOSTNAME).release-name-vault-internal:8201' ]
}
@test "server/ha-StatefulSet: clusterAddr set to custom url" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/server-statefulset.yaml \
--set 'server.ha.enabled=true' \
--set 'server.ha.raft.enabled=true' \
--set 'server.ha.clusterAddr=https://test.example.com:8201' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local value=$(echo $object |
yq -r 'map(select(.name=="VAULT_CLUSTER_ADDR")) | .[] .value' | tee /dev/stderr)
[ "${value}" = 'https://test.example.com:8201' ]
}
@test "server/ha-StatefulSet: clusterAddr set to custom url with environment variable" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/server-statefulset.yaml \
--set 'server.ha.enabled=true' \
--set 'server.ha.raft.enabled=true' \
--set 'server.ha.clusterAddr=http://$(HOSTNAME).release-name-vault-internal:8201' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local value=$(echo $object |
yq -r 'map(select(.name=="VAULT_CLUSTER_ADDR")) | .[] .value' | tee /dev/stderr)
[ "${value}" = 'http://$(HOSTNAME).release-name-vault-internal:8201' ]
}
#-------------------------------------------------------------------- #--------------------------------------------------------------------
# VAULT_RAFT_NODE_ID renders # VAULT_RAFT_NODE_ID renders

5
values.yaml
View file

@ -680,6 +680,11 @@ server:
# If set to null, this will be set to the Pod IP Address # If set to null, this will be set to the Pod IP Address
apiAddr: null apiAddr: null
# Set the cluster_addr confuguration for Vault HA
# See https://www.vaultproject.io/docs/configuration#cluster_addr
# If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
clusterAddr: null
# Enables Vault's integrated Raft storage. Unlike the typical HA modes where # Enables Vault's integrated Raft storage. Unlike the typical HA modes where
# Vault's persistence is external (such as Consul), enabling Raft mode will create # Vault's persistence is external (such as Consul), enabling Raft mode will create
# persistent volumes for Vault to store data according to the configuration under server.dataStorage. # persistent volumes for Vault to store data according to the configuration under server.dataStorage.