From 8cc3fdb167c3a3458deea1a6774f281016cb29ce Mon Sep 17 00:00:00 2001 From: Yong Wen Chua Date: Mon, 27 Apr 2020 23:38:26 +0800 Subject: [PATCH] Add support for setting VAULT_RAFT_NODE_ID environment variable (#269) * Add support for setting VAULT_RAFT_NODE_ID environment variable * Update server-statefulset.yaml * Update server-ha-statefulset.bats --- templates/server-statefulset.yaml | 6 ++++++ test/unit/server-ha-statefulset.bats | 25 +++++++++++++++++++++++-- values.yaml | 12 +++++++----- 3 files changed, 36 insertions(+), 7 deletions(-) diff --git a/templates/server-statefulset.yaml b/templates/server-statefulset.yaml index 3b51a62..545b3d6 100644 --- a/templates/server-statefulset.yaml +++ b/templates/server-statefulset.yaml @@ -87,6 +87,12 @@ spec: fieldPath: metadata.name - name: VAULT_CLUSTER_ADDR value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201" + {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }} + - name: VAULT_RAFT_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + {{- end }} {{ template "vault.envs" . }} {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} diff --git a/test/unit/server-ha-statefulset.bats b/test/unit/server-ha-statefulset.bats index e93bf31..e6d0d58 100755 --- a/test/unit/server-ha-statefulset.bats +++ b/test/unit/server-ha-statefulset.bats @@ -403,7 +403,6 @@ load _helpers [ "${actual}" = "secret_key_1" ] } - #-------------------------------------------------------------------- # VAULT_CLUSTER_ADDR renders @@ -415,7 +414,7 @@ load _helpers --set 'server.ha.raft.enabled=true' \ . | tee /dev/stderr | yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) - + local actual=$(echo $object | yq -r '.[9].name' | tee /dev/stderr) [ "${actual}" = "VAULT_CLUSTER_ADDR" ] @@ -425,6 +424,28 @@ load _helpers [ "${actual}" = 'https://$(HOSTNAME).RELEASE-NAME-vault-internal:8201' ] } +#-------------------------------------------------------------------- +# VAULT_RAFT_NODE_ID renders + +@test "server/ha-StatefulSet: raft node ID renders" { + cd `chart_dir` + local object=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.ha.enabled=true' \ + --set 'server.ha.raft.enabled=true' \ + --set 'server.ha.raft.setNodeId=true' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) + + local actual=$(echo $object | + yq -r '.[10].name' | tee /dev/stderr) + [ "${actual}" = "VAULT_RAFT_NODE_ID" ] + + local actual=$(echo $object | + yq -r '.[10].valueFrom.fieldRef.fieldPath' | tee /dev/stderr) + [ "${actual}" = 'metadata.name' ] +} + #-------------------------------------------------------------------- # storage class diff --git a/values.yaml b/values.yaml index b0b303c..305da7b 100644 --- a/values.yaml +++ b/values.yaml @@ -40,7 +40,7 @@ injector: # Configures the log format of the injector. Supported log formats: "standard", "json". logFormat: "standard" - + # Configures all Vault Agent sidecars to revoke their token when shutting down revokeOnShutdown: false @@ -342,15 +342,17 @@ server: ha: enabled: false replicas: 3 - - # Enables Vault's integrated Raft storage. Unlike the typical HA modes where - # Vault's persistence is external (such as Consul), enabling Raft mode will create + + # Enables Vault's integrated Raft storage. Unlike the typical HA modes where + # Vault's persistence is external (such as Consul), enabling Raft mode will create # persistent volumes for Vault to store data according to the configuration under server.dataStorage. # The Vault cluster will coordinate leader elections and failovers internally. raft: - + # Enables Raft integrated storage enabled: false + # Set the Node Raft ID to the name of the pod + setNodeId: false config: | ui = true