Add new vault-k8s environment variables (#219)

* Add new vault-k8s envs

* update vault image

* Add default tests for envs

* Add note about supported log parameters

* Fix typo in test name
This commit is contained in:
Jason O'Donnell 2020-03-06 15:03:58 -05:00 committed by GitHub
parent 9d92922c9d
commit 9d1693ad13
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 115 additions and 3 deletions

View file

@ -60,6 +60,10 @@ spec:
- name: AGENT_INJECT_TLS_AUTO_HOSTS
value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
{{- end }}
- name: AGENT_INJECT_LOG_FORMAT
value: {{ .Values.injector.logFormat | default "standard" }}
- name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
value: {{ .Values.injector.revokeOnShutdown | default false }}
args:
- agent-inject
- 2>&1

View file

@ -222,3 +222,102 @@ load _helpers
yq -r '.[3].value' | tee /dev/stderr)
[ "${actual}" = "auth/k8s" ]
}
@test "injector/deployment: default logLevel" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object |
yq -r '.[1].name' | tee /dev/stderr)
[ "${actual}" = "AGENT_INJECT_LOG_LEVEL" ]
local actual=$(echo $object |
yq -r '.[1].value' | tee /dev/stderr)
[ "${actual}" = "info" ]
}
@test "injector/deployment: custom logLevel" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
--set 'injector.logLevel=foo' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object |
yq -r '.[1].name' | tee /dev/stderr)
[ "${actual}" = "AGENT_INJECT_LOG_LEVEL" ]
local actual=$(echo $object |
yq -r '.[1].value' | tee /dev/stderr)
[ "${actual}" = "foo" ]
}
@test "injector/deployment: default logFormat" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object |
yq -r '.[7].name' | tee /dev/stderr)
[ "${actual}" = "AGENT_INJECT_LOG_FORMAT" ]
local actual=$(echo $object |
yq -r '.[7].value' | tee /dev/stderr)
[ "${actual}" = "standard" ]
}
@test "injector/deployment: custom logFormat" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
--set 'injector.logFormat=json' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object |
yq -r '.[7].name' | tee /dev/stderr)
[ "${actual}" = "AGENT_INJECT_LOG_FORMAT" ]
local actual=$(echo $object |
yq -r '.[7].value' | tee /dev/stderr)
[ "${actual}" = "json" ]
}
@test "injector/deployment: default revoke on shutdown" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object |
yq -r '.[8].name' | tee /dev/stderr)
[ "${actual}" = "AGENT_INJECT_REVOKE_ON_SHUTDOWN" ]
local actual=$(echo $object |
yq -r '.[8].value' | tee /dev/stderr)
[ "${actual}" = "false" ]
}
@test "injector/deployment: custom revoke on shutdown" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
--set 'injector.revokeOnShutdown=true' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object |
yq -r '.[8].name' | tee /dev/stderr)
[ "${actual}" = "AGENT_INJECT_REVOKE_ON_SHUTDOWN" ]
local actual=$(echo $object |
yq -r '.[8].value' | tee /dev/stderr)
[ "${actual}" = "true" ]
}

View file

@ -22,7 +22,7 @@ injector:
# image sets the repo and tag of the vault-k8s image to use for the injector.
image:
repository: "hashicorp/vault-k8s"
tag: "0.2.0"
tag: "0.3.0"
pullPolicy: IfNotPresent
# agentImage sets the repo and tag of the Vault image to use for the Vault Agent
@ -30,11 +30,20 @@ injector:
# required.
agentImage:
repository: "vault"
tag: "1.3.2"
tag: "1.3.3"
# Mount Path of the Vault Kubernetes Auth Method.
authPath: "auth/kubernetes"
# Configures the log verbosity of the injector. Supported log levels: Trace, Debug, Error, Warn, Info
logLevel: "info"
# Configures the log format of the injector. Supported log formats: "standard", "json".
logFormat: "standard"
# Configures all Vault Agent sidecars to revoke their token when shutting down
revokeOnShutdown: false
# namespaceSelector is the selector for restricting the webhook to only
# specific namespaces. This should be set to a multiline string.
# See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
@ -79,7 +88,7 @@ server:
image:
repository: "vault"
tag: "1.3.2"
tag: "1.3.3"
# Overrides the default Image Pull Policy
pullPolicy: IfNotPresent