Support for ingress (#48)
* Added ingress support * Added small header with documentation about ingress * Added unit tests
This commit is contained in:
parent
b1e4660555
commit
9dd6bad741
3 changed files with 106 additions and 0 deletions
41
templates/server-ingress.yaml
Normal file
41
templates/server-ingress.yaml
Normal file
|
@ -0,0 +1,41 @@
|
|||
{{- if .Values.server.ingress.enabled -}}
|
||||
{{- $serviceName := include "vault.fullname" . -}}
|
||||
{{- $servicePort := .Values.server.service.port -}}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ template "vault.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
helm.sh/chart: {{ include "vault.chart" . }}
|
||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- with .Values.server.ingress.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.server.ingress.tls }}
|
||||
tls:
|
||||
{{- range .Values.server.ingress.tls }}
|
||||
- hosts:
|
||||
{{- range .hosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ .secretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.server.ingress.hosts }}
|
||||
- host: {{ .host | quote }}
|
||||
http:
|
||||
paths:
|
||||
{{- range .paths }}
|
||||
- path: {{ . }}
|
||||
backend:
|
||||
serviceName: {{ $serviceName }}
|
||||
servicePort: {{ $servicePort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
47
test/unit/server-ingress.bats
Normal file
47
test/unit/server-ingress.bats
Normal file
|
@ -0,0 +1,47 @@
|
|||
#!/usr/bin/env bats
|
||||
|
||||
load _helpers
|
||||
|
||||
@test "server/ingress: disabled by default" {
|
||||
cd `chart_dir`
|
||||
local actual=$(helm template \
|
||||
-x templates/server-ingress.yaml \
|
||||
. | tee /dev/stderr |
|
||||
yq 'length > 0' | tee /dev/stderr)
|
||||
[ "${actual}" = "false" ]
|
||||
}
|
||||
|
||||
@test "server/ingress: checking host entry gets added and path is /" {
|
||||
cd `chart_dir`
|
||||
local actual=$(helm template \
|
||||
-x templates/server-ingress.yaml \
|
||||
--set 'server.ingress.enabled=true' \
|
||||
--set 'server.ingress.hosts[0].host=test.com' \
|
||||
--set 'server.ingress.hosts[0].paths[0]=/' \
|
||||
. | tee /dev/stderr |
|
||||
yq -r '.spec.rules[0].host' | tee /dev/stderr)
|
||||
[ "${actual}" = 'test.com' ]
|
||||
|
||||
local actual=$(helm template \
|
||||
-x templates/server-ingress.yaml \
|
||||
--set 'server.ingress.enabled=true' \
|
||||
--set 'server.ingress.hosts[0].host=test.com' \
|
||||
--set 'server.ingress.hosts[0].paths[0]=/' \
|
||||
. | tee /dev/stderr |
|
||||
yq -r '.spec.rules[0].http.paths[0].path' | tee /dev/stderr)
|
||||
[ "${actual}" = '/' ]
|
||||
}
|
||||
|
||||
@test "server/ingress: vault backend should be added when I specify a path" {
|
||||
cd `chart_dir`
|
||||
|
||||
local actual=$(helm template \
|
||||
-x templates/server-ingress.yaml \
|
||||
--set 'server.ingress.enabled=true' \
|
||||
--set 'server.ingress.hosts[0].host=test.com' \
|
||||
--set 'server.ingress.hosts[0].paths[0]=/' \
|
||||
. | tee /dev/stderr |
|
||||
yq -r '.spec.rules[0].http.paths[0].backend.serviceName | length > 0' | tee /dev/stderr)
|
||||
[ "${actual}" = "true" ]
|
||||
|
||||
}
|
18
values.yaml
18
values.yaml
|
@ -23,6 +23,24 @@ server:
|
|||
# memory: 256Mi
|
||||
# cpu: 250m
|
||||
|
||||
# Ingress settings
|
||||
# Enabling it a ingress will be created which will manage external access to the
|
||||
# cluster, very useful if you want to expose the Vault UI
|
||||
ingress:
|
||||
enabled: false
|
||||
annotations: {}
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
hosts:
|
||||
- host: chart-example.local
|
||||
paths: []
|
||||
|
||||
tls: []
|
||||
# - secretName: chart-example-tls
|
||||
# hosts:
|
||||
# - chart-example.local
|
||||
|
||||
|
||||
# authDelegator enables a cluster role binding to be attached to the service
|
||||
# account. This cluster role binding can be used to setup Kubernetes auth
|
||||
# method. https://www.vaultproject.io/docs/auth/kubernetes.html
|
||||
|
|
Loading…
Reference in a new issue