diff --git a/templates/server-statefulset.yaml b/templates/server-statefulset.yaml index bc2b450..7d25ef2 100644 --- a/templates/server-statefulset.yaml +++ b/templates/server-statefulset.yaml @@ -86,7 +86,13 @@ spec: name: internal - containerPort: 8202 name: replication + {{- if .Values.server.readinessProbe.enabled }} readinessProbe: + {{- if .Values.server.readinessProbe.path }} + httpGet: + path: {{ .Values.server.readinessProbe.path | quote }} + port: 8200 + {{- else }} # Check status; unsealed vault servers return 0 # The exit code reflects the seal status: # 0 - unsealed @@ -94,11 +100,23 @@ spec: # 2 - sealed exec: command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"] + {{- end }} failureThreshold: 2 initialDelaySeconds: 5 periodSeconds: 3 successThreshold: 1 timeoutSeconds: 5 + {{- end }} + {{- if .Values.server.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.server.livenessProbe.path | quote }} + port: 8200 + initialDelaySeconds: 5 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 5 + {{- end }} {{- if .Values.server.extraContainers }} {{ toYaml .Values.server.extraContainers | nindent 8}} {{- end }} diff --git a/test/unit/server-statefulset.bats b/test/unit/server-statefulset.bats index fe38222..6aa3fbb 100755 --- a/test/unit/server-statefulset.bats +++ b/test/unit/server-statefulset.bats @@ -741,3 +741,45 @@ load _helpers yq -r '.spec.template.spec.securityContext.fsGroup' | tee /dev/stderr) [ "${actual}" = "2000" ] } + +#-------------------------------------------------------------------- +# health checks + +@test "server/standalone-StatefulSet: readinessProbe default" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/server-statefulset.yaml \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].readinessProbe.exec.command[2]' | tee /dev/stderr) + [ "${actual}" = "vault status -tls-skip-verify" ] +} + +@test "server/standalone-StatefulSet: readinessProbe configurable" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/server-statefulset.yaml \ + --set 'server.readinessProbe.enabled=false' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].readinessProbe' | tee /dev/stderr) + [ "${actual}" = "null" ] +} + + +@test "server/standalone-StatefulSet: livenessProbe default" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/server-statefulset.yaml \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].livenessProbe' | tee /dev/stderr) + [ "${actual}" = "null" ] +} + +@test "server/standalone-StatefulSet: livenessProbe configurable" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/server-statefulset.yaml \ + --set 'server.livenessProbe.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.template.spec.containers[0].livenessProbe.httpGet.path' | tee /dev/stderr) + [ "${actual}" = "/v1/sys/health?standbyok" ] +} \ No newline at end of file diff --git a/values.yaml b/values.yaml index 970da68..bbf2f7e 100644 --- a/values.yaml +++ b/values.yaml @@ -60,6 +60,16 @@ server: extraContainers: null + # Used to define custom readinessProbe settings + readinessProbe: + enabled: true + # If you need to use a http path instead of the default exec + # path: /v1/sys/health?standbyok + # Used to enable a livenessProbe for the pods + livenessProbe: + enabled: false + path: /v1/sys/health?standbyok + # extraEnvironmentVars is a list of extra enviroment variables to set with the stateful set. These could be # used to include variables required for auto-unseal. extraEnvironmentVars: {} @@ -134,7 +144,7 @@ server: targetPort: 8200 # Extra annotations for the service definition annotations: {} - + # This configures the Vault Statefulset to create a PVC for data # storage when using the file backend. # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more @@ -251,7 +261,7 @@ server: # Definition of the serviceaccount used to run Vault. serviceaccount: annotations: {} - + # Vault UI ui: # True if you want to create a Service entry for the Vault UI.