Add new vault-k8s environment variables (#219)
* Add new vault-k8s envs * update vault image * Add default tests for envs * Add note about supported log parameters * Fix typo in test name
This commit is contained in:
parent
9d92922c9d
commit
9d1693ad13
3 changed files with 115 additions and 3 deletions
|
@ -60,6 +60,10 @@ spec:
|
|||
- name: AGENT_INJECT_TLS_AUTO_HOSTS
|
||||
value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
|
||||
{{- end }}
|
||||
- name: AGENT_INJECT_LOG_FORMAT
|
||||
value: {{ .Values.injector.logFormat | default "standard" }}
|
||||
- name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
|
||||
value: {{ .Values.injector.revokeOnShutdown | default false }}
|
||||
args:
|
||||
- agent-inject
|
||||
- 2>&1
|
||||
|
|
|
@ -222,3 +222,102 @@ load _helpers
|
|||
yq -r '.[3].value' | tee /dev/stderr)
|
||||
[ "${actual}" = "auth/k8s" ]
|
||||
}
|
||||
|
||||
@test "injector/deployment: default logLevel" {
|
||||
cd `chart_dir`
|
||||
local object=$(helm template \
|
||||
--show-only templates/injector-deployment.yaml \
|
||||
. | tee /dev/stderr |
|
||||
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
|
||||
|
||||
local actual=$(echo $object |
|
||||
yq -r '.[1].name' | tee /dev/stderr)
|
||||
[ "${actual}" = "AGENT_INJECT_LOG_LEVEL" ]
|
||||
|
||||
local actual=$(echo $object |
|
||||
yq -r '.[1].value' | tee /dev/stderr)
|
||||
[ "${actual}" = "info" ]
|
||||
}
|
||||
|
||||
@test "injector/deployment: custom logLevel" {
|
||||
cd `chart_dir`
|
||||
local object=$(helm template \
|
||||
--show-only templates/injector-deployment.yaml \
|
||||
--set 'injector.logLevel=foo' \
|
||||
. | tee /dev/stderr |
|
||||
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
|
||||
|
||||
local actual=$(echo $object |
|
||||
yq -r '.[1].name' | tee /dev/stderr)
|
||||
[ "${actual}" = "AGENT_INJECT_LOG_LEVEL" ]
|
||||
|
||||
local actual=$(echo $object |
|
||||
yq -r '.[1].value' | tee /dev/stderr)
|
||||
[ "${actual}" = "foo" ]
|
||||
}
|
||||
|
||||
@test "injector/deployment: default logFormat" {
|
||||
cd `chart_dir`
|
||||
local object=$(helm template \
|
||||
--show-only templates/injector-deployment.yaml \
|
||||
. | tee /dev/stderr |
|
||||
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
|
||||
|
||||
local actual=$(echo $object |
|
||||
yq -r '.[7].name' | tee /dev/stderr)
|
||||
[ "${actual}" = "AGENT_INJECT_LOG_FORMAT" ]
|
||||
|
||||
local actual=$(echo $object |
|
||||
yq -r '.[7].value' | tee /dev/stderr)
|
||||
[ "${actual}" = "standard" ]
|
||||
}
|
||||
|
||||
@test "injector/deployment: custom logFormat" {
|
||||
cd `chart_dir`
|
||||
local object=$(helm template \
|
||||
--show-only templates/injector-deployment.yaml \
|
||||
--set 'injector.logFormat=json' \
|
||||
. | tee /dev/stderr |
|
||||
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
|
||||
|
||||
local actual=$(echo $object |
|
||||
yq -r '.[7].name' | tee /dev/stderr)
|
||||
[ "${actual}" = "AGENT_INJECT_LOG_FORMAT" ]
|
||||
|
||||
local actual=$(echo $object |
|
||||
yq -r '.[7].value' | tee /dev/stderr)
|
||||
[ "${actual}" = "json" ]
|
||||
}
|
||||
|
||||
@test "injector/deployment: default revoke on shutdown" {
|
||||
cd `chart_dir`
|
||||
local object=$(helm template \
|
||||
--show-only templates/injector-deployment.yaml \
|
||||
. | tee /dev/stderr |
|
||||
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
|
||||
|
||||
local actual=$(echo $object |
|
||||
yq -r '.[8].name' | tee /dev/stderr)
|
||||
[ "${actual}" = "AGENT_INJECT_REVOKE_ON_SHUTDOWN" ]
|
||||
|
||||
local actual=$(echo $object |
|
||||
yq -r '.[8].value' | tee /dev/stderr)
|
||||
[ "${actual}" = "false" ]
|
||||
}
|
||||
|
||||
@test "injector/deployment: custom revoke on shutdown" {
|
||||
cd `chart_dir`
|
||||
local object=$(helm template \
|
||||
--show-only templates/injector-deployment.yaml \
|
||||
--set 'injector.revokeOnShutdown=true' \
|
||||
. | tee /dev/stderr |
|
||||
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
|
||||
|
||||
local actual=$(echo $object |
|
||||
yq -r '.[8].name' | tee /dev/stderr)
|
||||
[ "${actual}" = "AGENT_INJECT_REVOKE_ON_SHUTDOWN" ]
|
||||
|
||||
local actual=$(echo $object |
|
||||
yq -r '.[8].value' | tee /dev/stderr)
|
||||
[ "${actual}" = "true" ]
|
||||
}
|
||||
|
|
15
values.yaml
15
values.yaml
|
@ -22,7 +22,7 @@ injector:
|
|||
# image sets the repo and tag of the vault-k8s image to use for the injector.
|
||||
image:
|
||||
repository: "hashicorp/vault-k8s"
|
||||
tag: "0.2.0"
|
||||
tag: "0.3.0"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# agentImage sets the repo and tag of the Vault image to use for the Vault Agent
|
||||
|
@ -30,11 +30,20 @@ injector:
|
|||
# required.
|
||||
agentImage:
|
||||
repository: "vault"
|
||||
tag: "1.3.2"
|
||||
tag: "1.3.3"
|
||||
|
||||
# Mount Path of the Vault Kubernetes Auth Method.
|
||||
authPath: "auth/kubernetes"
|
||||
|
||||
# Configures the log verbosity of the injector. Supported log levels: Trace, Debug, Error, Warn, Info
|
||||
logLevel: "info"
|
||||
|
||||
# Configures the log format of the injector. Supported log formats: "standard", "json".
|
||||
logFormat: "standard"
|
||||
|
||||
# Configures all Vault Agent sidecars to revoke their token when shutting down
|
||||
revokeOnShutdown: false
|
||||
|
||||
# namespaceSelector is the selector for restricting the webhook to only
|
||||
# specific namespaces. This should be set to a multiline string.
|
||||
# See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
|
||||
|
@ -79,7 +88,7 @@ server:
|
|||
|
||||
image:
|
||||
repository: "vault"
|
||||
tag: "1.3.2"
|
||||
tag: "1.3.3"
|
||||
# Overrides the default Image Pull Policy
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
|
|
Loading…
Reference in a new issue