diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index ec9e773..9cc9b97 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -4,7 +4,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "consul.fullname" -}} +{{- define "vault.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -20,14 +20,14 @@ be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "consul.chart" -}} +{{- define "vault.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Expand the name of the chart. */}} -{{- define "consul.name" -}} +{{- define "vault.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -35,7 +35,7 @@ Expand the name of the chart. Compute the maximum number of unavailable replicas for the PodDisruptionBudget. This defaults to (n/2)-1 where n is the number of members of the server cluster. */}} -{{- define "consul.pdb.maxUnavailable" -}} +{{- define "vault.pdb.maxUnavailable" -}} {{- if .Values.server.disruptionBudget.maxUnavailable -}} {{ .Values.server.disruptionBudget.maxUnavailable -}} {{- else -}} diff --git a/templates/client-config-configmap.yaml b/templates/client-config-configmap.yaml deleted file mode 100644 index 1bf88ba..0000000 --- a/templates/client-config-configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# ConfigMap with extra configuration specified directly to the chart -# for client agents only. -{{- if (or (and (ne (.Values.client.enabled | toString) "-") .Values.client.enabled) (and (eq (.Values.client.enabled | toString) "-") .Values.global.enabled)) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "consul.fullname" . }}-client-config - labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -data: - extra-from-values.json: |- -{{ tpl .Values.client.extraConfig . | indent 4 }} -{{- end }} diff --git a/templates/client-daemonset.yaml b/templates/client-daemonset.yaml deleted file mode 100644 index 10a332c..0000000 --- a/templates/client-daemonset.yaml +++ /dev/null @@ -1,139 +0,0 @@ -# DaemonSet to run the Consul clients on every node. -{{- if (or (and (ne (.Values.client.enabled | toString) "-") .Values.client.enabled) (and (eq (.Values.client.enabled | toString) "-") .Values.global.enabled)) }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "consul.fullname" . }} - labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} - release: {{ .Release.Name }} - component: client - hasDNS: "true" - template: - metadata: - labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} - release: {{ .Release.Name }} - component: client - hasDNS: "true" - annotations: - "consul.hashicorp.com/connect-inject": "false" - spec: - terminationGracePeriodSeconds: 10 - - # Consul agents require a directory for data, even clients. The data - # is okay to be wiped though if the Pod is removed, so just use an - # emptyDir volume. - volumes: - - name: data - emptyDir: {} - - name: config - configMap: - name: {{ template "consul.fullname" . }}-client-config - {{- range .Values.client.extraVolumes }} - - name: userconfig-{{ .name }} - {{ .type }}: - {{- if (eq .type "configMap") }} - name: {{ .name }} - {{- else if (eq .type "secret") }} - secretName: {{ .name }} - {{- end }} - {{- end }} - - containers: - - name: consul - image: "{{ default .Values.global.image .Values.client.image }}" - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - command: - - "/bin/sh" - - "-ec" - - | - CONSUL_FULLNAME="{{template "consul.fullname" . }}" - - exec /bin/consul agent \ - -advertise="${POD_IP}" \ - -bind=0.0.0.0 \ - -client=0.0.0.0 \ - -config-dir=/consul/config \ - {{- range .Values.client.extraVolumes }} - {{- if .load }} - -config-dir=/consul/userconfig/{{ .name }} - {{- end }} - {{- end }} - -datacenter={{ .Values.global.datacenter }} \ - -data-dir=/consul/data \ - {{- if (.Values.client.join) and (gt (len .Values.client.join) 0) }} - {{- range $value := .Values.client.join }} - -retry-join={{ $value }} \ - {{- end }} - {{- else }} - {{- if .Values.server.enabled }} - {{- range $index := until (.Values.server.replicas | int) }} - -retry-join=${CONSUL_FULLNAME}-server-{{ $index }}.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc \ - {{- end }} - {{- end }} - {{- end }} - -domain={{ .Values.global.domain }} - volumeMounts: - - name: data - mountPath: /consul/data - - name: config - mountPath: /consul/config - {{- range .Values.client.extraVolumes }} - - name: userconfig-{{ .name }} - readOnly: true - mountPath: /consul/userconfig/{{ .name }} - {{- end }} - lifecycle: - preStop: - exec: - command: - - /bin/sh - - -c - - consul leave - ports: - - containerPort: 8500 - hostPort: 8500 - name: http - - containerPort: 8301 - name: serflan - - containerPort: 8302 - name: serfwan - - containerPort: 8300 - name: server - - containerPort: 8600 - name: dns-tcp - protocol: "TCP" - - containerPort: 8600 - name: dns-udp - protocol: "UDP" - readinessProbe: - # NOTE(mitchellh): when our HTTP status endpoints support the - # proper status codes, we should switch to that. This is temporary. - exec: - command: - - "/bin/sh" - - "-ec" - - | - curl http://127.0.0.1:8500/v1/status/leader 2>/dev/null | \ - grep -E '".+"' - resources: -{{ toYaml .Values.client.resources | indent 12 }} -{{- end }} diff --git a/templates/connect-inject-deployment.yaml b/templates/connect-inject-deployment.yaml deleted file mode 100644 index d5b4980..0000000 --- a/templates/connect-inject-deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# The deployment for running the Connect sidecar injector -{{- if (or (and (ne (.Values.connectInject.enabled | toString) "-") .Values.connectInject.enabled) (and (eq (.Values.connectInject.enabled | toString) "-") .Values.global.enabled)) }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "consul.fullname" . }}-connect-injector-webhook-deployment - labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: 1 - selector: - matchLabels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} - release: {{ .Release.Name }} - component: connect-injector - template: - metadata: - labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} - release: {{ .Release.Name }} - component: connect-injector - spec: - containers: - - name: sidecar-injector - image: "{{ .Values.connectInject.image }}" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - command: - - "/bin/sh" - - "-ec" - - | - CONSUL_FULLNAME="{{template "consul.fullname" . }}" - - consul-k8s inject \ - -default-inject={{ .Values.connectInject.default }} \ - -listen=:8080 \ -{{- if .Values.connectInject.certs.secretName }} - -tls-cert-file=/etc/connect-injector/certs/{{ .Values.connectInject.certs.certName }} - -tls-key-file=/etc/connect-injector/certs/{{ .Values.connectInject.certs.keyName }} -{{- else }} - -tls-auto=consul-connect-injector-cfg \ - -tls-auto-hosts=${CONSUL_FULLNAME}-connect-injector-svc,${CONSUL_FULLNAME}-connect-injector-svc.${NAMESPACE},${CONSUL_FULLNAME}-connect-injector-svc.${NAMESPACE}.svc -{{- end }} - livenessProbe: - tcpSocket: - port: 8080 - failureThreshold: 2 - initialDelaySeconds: 1 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /health/ready - port: 8080 - scheme: HTTPS - failureThreshold: 2 - initialDelaySeconds: 2 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 5 -{{- if .Values.connectInject.certs.secretName }} - volumeMounts: - - name: certs - mountPath: /etc/connect-injector/certs - readOnly: true - volumes: - - name: certs - secret: - secretName: {{ .Values.connectInject.certs.secretName }} -{{- end }} -{{- end }} diff --git a/templates/connect-inject-mutatingwebhook.yaml b/templates/connect-inject-mutatingwebhook.yaml deleted file mode 100644 index 7d95357..0000000 --- a/templates/connect-inject-mutatingwebhook.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# The MutatingWebhookConfiguration to enable the Connect injector. -{{- if (or (and (ne (.Values.connectInject.enabled | toString) "-") .Values.connectInject.enabled) (and (eq (.Values.connectInject.enabled | toString) "-") .Values.global.enabled)) }} -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "consul.fullname" . }}-connect-injector-cfg - labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -webhooks: - - name: {{ template "consul.fullname" . }}-connect-injector.consul.hashicorp.com - clientConfig: - service: - name: {{ template "consul.fullname" . }}-connect-injector-svc - namespace: default - path: "/mutate" - caBundle: {{ .Values.connectInject.caBundle }} - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] -{{- if .Values.connectInject.namespaceSelector }} - namespaceSelector: -{{ tpl .Values.connectInject.namespaceSelector . | indent 6 }} -{{- end }} -{{- end }} diff --git a/templates/connect-inject-service.yaml b/templates/connect-inject-service.yaml deleted file mode 100644 index 86a13ca..0000000 --- a/templates/connect-inject-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# The service for the Connect sidecar injector -{{- if (or (and (ne (.Values.connectInject.enabled | toString) "-") .Values.connectInject.enabled) (and (eq (.Values.connectInject.enabled | toString) "-") .Values.global.enabled)) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "consul.fullname" . }}-connect-injector-svc - labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - port: 443 - targetPort: 8080 - selector: - app: {{ template "consul.name" . }} - release: "{{ .Release.Name }}" - component: connect-injector -{{- end }} - diff --git a/templates/dns-service.yaml b/templates/dns-service.yaml index 40846fb..351cfda 100644 --- a/templates/dns-service.yaml +++ b/templates/dns-service.yaml @@ -1,12 +1,13 @@ -# Service for Consul DNS. +# Service for Vault DNS. +# TODO: verify for Vault {{- if (or (and (ne (.Values.dns.enabled | toString) "-") .Values.dns.enabled) (and (eq (.Values.dns.enabled | toString) "-") .Values.global.enabled)) }} apiVersion: v1 kind: Service metadata: - name: {{ template "consul.fullname" . }}-dns + name: {{ template "vault.fullname" . }}-dns labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} + app: {{ template "vault.name" . }} + chart: {{ template "vault.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: @@ -20,7 +21,7 @@ spec: protocol: "UDP" targetPort: dns-udp selector: - app: {{ template "consul.name" . }} + app: {{ template "vault.name" . }} release: "{{ .Release.Name }}" hasDNS: "true" {{- end }} diff --git a/templates/server-config-configmap.yaml b/templates/server-config-configmap.yaml index 41b1f2f..8bd190e 100644 --- a/templates/server-config-configmap.yaml +++ b/templates/server-config-configmap.yaml @@ -1,12 +1,12 @@ -# StatefulSet to run the actual Consul server cluster. +# StatefulSet to run the actual vault server cluster. {{- if (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "consul.fullname" . }}-server-config + name: {{ template "vault.fullname" . }}-server-config labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} + app: {{ template "vault.name" . }} + chart: {{ template "vault.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} data: diff --git a/templates/server-service.yaml b/templates/server-service.yaml index 902abe0..884f7ad 100644 --- a/templates/server-service.yaml +++ b/templates/server-service.yaml @@ -1,16 +1,17 @@ -# Headless service for Consul server DNS entries. This service should only -# point to Consul servers. For access to an agent, one should assume that +# Headless service for Vault server DNS entries. This service should only +# point to Vault servers. For access to an agent, one should assume that # the agent is installed locally on the node and the NODE_IP should be used. -# If the node can't run a Consul agent, then this service can be used to +# If the node can't run a Vault agent, then this service can be used to # communicate directly to a server agent. +# TODO: verify for Vault {{- if (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) }} apiVersion: v1 kind: Service metadata: - name: {{ template "consul.fullname" . }}-server + name: {{ template "vault.fullname" . }}-server labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} + app: {{ template "vault.name" . }} + chart: {{ template "vault.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} annotations: @@ -55,7 +56,7 @@ spec: port: 8600 targetPort: dns-udp selector: - app: {{ template "consul.name" . }} + app: {{ template "vault.name" . }} release: "{{ .Release.Name }}" component: server {{- end }} diff --git a/templates/server-statefulset.yaml b/templates/server-statefulset.yaml index cd9e008..c399efc 100644 --- a/templates/server-statefulset.yaml +++ b/templates/server-statefulset.yaml @@ -1,16 +1,16 @@ -# StatefulSet to run the actual Consul server cluster. +# StatefulSet to run the actual vault server cluster. {{- if (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) }} apiVersion: apps/v1 kind: StatefulSet metadata: - name: {{ template "consul.fullname" . }}-server + name: {{ template "vault.fullname" . }}-server labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} + app: {{ template "vault.name" . }} + chart: {{ template "vault.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: - serviceName: {{ template "consul.fullname" . }}-server + serviceName: {{ template "vault.fullname" . }}-server podManagementPolicy: Parallel replicas: {{ .Values.server.replicas }} {{- if (gt (int .Values.server.updatePartition) 0) }} @@ -21,28 +21,26 @@ spec: {{- end }} selector: matchLabels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} + app: {{ template "vault.name" . }} + chart: {{ template "vault.chart" . }} release: {{ .Release.Name }} component: server hasDNS: "true" template: metadata: labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} + app: {{ template "vault.name" . }} + chart: {{ template "vault.chart" . }} release: {{ .Release.Name }} component: server hasDNS: "true" - annotations: - "consul.hashicorp.com/connect-inject": "false" spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: - app: {{ template "consul.name" . }} + app: {{ template "vault.name" . }} release: "{{ .Release.Name }}" component: server topologyKey: kubernetes.io/hostname @@ -52,7 +50,7 @@ spec: volumes: - name: config configMap: - name: {{ template "consul.fullname" . }}-server-config + name: {{ template "vault.fullname" . }}-server-config {{- range .Values.server.extraVolumes }} - name: userconfig-{{ .name }} {{ .type }}: @@ -63,7 +61,7 @@ spec: {{- end }} {{- end }} containers: - - name: consul + - name: vault image: "{{ default .Values.global.image .Values.server.image }}" env: - name: POD_IP @@ -75,44 +73,47 @@ spec: fieldRef: fieldPath: metadata.namespace command: - - "/bin/sh" - - "-ec" - - | - CONSUL_FULLNAME="{{template "consul.fullname" . }}" + - "" + # should give us dev server + #- "/bin/sh" + #- "-ec" + #- | + #vault_FULLNAME="{{template "vault.fullname" . }}" - exec /bin/consul agent \ - -advertise="${POD_IP}" \ - -bind=0.0.0.0 \ - -bootstrap-expect={{ .Values.server.bootstrapExpect }} \ - -client=0.0.0.0 \ - -config-dir=/consul/config \ - {{- range .Values.server.extraVolumes }} - {{- if .load }} - -config-dir=/consul/userconfig/{{ .name }} - {{- end }} - {{- end }} - -datacenter={{ .Values.global.datacenter }} \ - -data-dir=/consul/data \ - -domain={{ .Values.global.domain }} \ - {{- if .Values.server.connect }} - -hcl="connect { enabled = true }" \ - {{- end }} - {{- if .Values.ui.enabled }} - -ui \ - {{- end }} - {{- range $index := until (.Values.server.replicas | int) }} - -retry-join=${CONSUL_FULLNAME}-server-{{ $index }}.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc \ - {{- end }} - -server + #exec "hello vault" + #exec /bin/vault agent \ + # -advertise="${POD_IP}" \ + # -bind=0.0.0.0 \ + # -bootstrap-expect={{ .Values.server.bootstrapExpect }} \ + # -client=0.0.0.0 \ + # -config-dir=/vault/config \ + # {{- range .Values.server.extraVolumes }} + # {{- if .load }} + # -config-dir=/vault/userconfig/{{ .name }} + # {{- end }} + # {{- end }} + # -datacenter={{ .Values.global.datacenter }} \ + # -data-dir=/vault/data \ + # -domain={{ .Values.global.domain }} \ + # {{- if .Values.server.connect }} + # -hcl="connect { enabled = true }" \ + # {{- end }} + # {{- if .Values.ui.enabled }} + # -ui \ + # {{- end }} + # {{- range $index := until (.Values.server.replicas | int) }} + # -retry-join=${vault_FULLNAME}-server-{{ $index }}.${vault_FULLNAME}-server.${NAMESPACE}.svc \ + # {{- end }} + # -server volumeMounts: - name: data - mountPath: /consul/data + mountPath: /vault/data - name: config - mountPath: /consul/config + mountPath: /vault/config {{- range .Values.server.extraVolumes }} - name: userconfig-{{ .name }} readOnly: true - mountPath: /consul/userconfig/{{ .name }} + mountPath: /vault/userconfig/{{ .name }} {{- end }} lifecycle: preStop: @@ -120,7 +121,7 @@ spec: command: - /bin/sh - -c - - consul leave + - vault leave ports: - containerPort: 8500 name: http @@ -139,13 +140,14 @@ spec: readinessProbe: # NOTE(mitchellh): when our HTTP status endpoints support the # proper status codes, we should switch to that. This is temporary. - exec: - command: - - "/bin/sh" - - "-ec" - - | - curl http://127.0.0.1:8500/v1/status/leader 2>/dev/null | \ - grep -E '".+"' + # TODO: verify for Vault + #exec: + # command: + # - "/bin/sh" + # - "-ec" + # - | + # curl http://127.0.0.1:8500/v1/status/leader 2>/dev/null | \ + # grep -E '".+"' failureThreshold: 2 initialDelaySeconds: 5 periodSeconds: 3 diff --git a/templates/sync-catalog-deployment.yaml b/templates/sync-catalog-deployment.yaml deleted file mode 100644 index 937891d..0000000 --- a/templates/sync-catalog-deployment.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# The deployment for running the Connect sidecar injector -{{- if (or (and (ne (.Values.syncCatalog.enabled | toString) "-") .Values.syncCatalog.enabled) (and (eq (.Values.syncCatalog.enabled | toString) "-") .Values.global.enabled)) }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "consul.fullname" . }}-sync-catalog - labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: 1 - selector: - matchLabels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} - release: {{ .Release.Name }} - component: sync-catalog - template: - metadata: - labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} - release: {{ .Release.Name }} - component: sync-catalog - spec: - containers: - - name: consul-sync-catalog - image: "{{ default .Values.global.imageK8S .Values.syncCatalog.image }}" - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - command: - - "/bin/sh" - - "-ec" - - | - consul-k8s sync-catalog \ - -http-addr=${HOST_IP}:8500 \ - {{- if (not .Values.syncCatalog.toConsul) }} - -to-consul=false \ - {{- end }} - {{- if (not .Values.syncCatalog.toK8S) }} - -to-k8s=false \ - {{- end }} - -consul-domain={{ .Values.global.domain }} \ - {{- if .Values.syncCatalog.k8sPrefix }} - -k8s-service-prefix="{{ .Values.syncCatalog.k8sPrefix}}" \ - {{- end }} - -k8s-write-namespace=${NAMESPACE} -{{- end }} diff --git a/templates/ui-service.yaml b/templates/ui-service.yaml index f0c9784..5246672 100644 --- a/templates/ui-service.yaml +++ b/templates/ui-service.yaml @@ -1,21 +1,21 @@ -# Headless service for Consul server DNS entries. This service should only -# point to Consul servers. For access to an agent, one should assume that +# Headless service for Vault server DNS entries. This service should only +# point to Vault servers. For access to an agent, one should assume that # the agent is installed locally on the node and the NODE_IP should be used. -# If the node can't run a Consul agent, then this service can be used to +# If the node can't run a Vault agent, then this service can be used to # communicate directly to a server agent. {{- if (and (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.enabled | toString) "-") .Values.ui.enabled) (and (eq (.Values.ui.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.service.enabled | toString) "-") .Values.ui.service.enabled) (and (eq (.Values.ui.service.enabled | toString) "-") .Values.global.enabled))) }} apiVersion: v1 kind: Service metadata: - name: {{ template "consul.fullname" . }}-ui + name: {{ template "vault.fullname" . }}-ui labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} + app: {{ template "vault.name" . }} + chart: {{ template "vault.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: selector: - app: {{ template "consul.name" . }} + app: {{ template "vault.name" . }} release: "{{ .Release.Name }}" component: server ports: