Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix secret injector integration

Browse source 
Signed-off-by: Jan Martens <jan@martens.eu.org>
This commit is contained in:
Jan Martens 2024-10-06 22:48:48 +02:00
parent 3dd2dec9e3
commit c5b02f372f
No known key found for this signature in database
3 changed files with 37 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/openbao/values.yaml
View file

@ -71,7 +71,7 @@ injector:
# -- image repo to use for k8s image
repository: "hashicorp/vault-k8s"
# -- image tag to use for k8s image
tag: "1.3.1"
tag: "1.4.2"
# -- image pull policy to use for k8s image. if tag is "latest", set to "Always"
pullPolicy: IfNotPresent

2
test/acceptance/injector-test/job.yaml
View file

@ -38,5 +38,5 @@ spec:
- "/bin/sh"
- "-ec"
args:
- "/usr/bin/pg_dump $(cat /openbao/secrets/db-creds) --no-owner > /dev/stdout"
- "/usr/bin/pg_dump $(cat /vault/secrets/db-creds) --no-owner > /dev/stdout"
restartPolicy: Never

58
test/acceptance/injector.bats
View file

@ -2,46 +2,46 @@
load _helpers
# @test "injector: testing deployment" {
# cd `chart_dir`
@test "injector: testing deployment" {
cd `chart_dir`
# kubectl delete namespace acceptance --ignore-not-found=true
# kubectl create namespace acceptance
# kubectl config set-context --current --namespace=acceptance
kubectl delete namespace acceptance --ignore-not-found=true
kubectl create namespace acceptance
kubectl config set-context --current --namespace=acceptance
# kubectl create -f ../../test/acceptance/injector-test/pg-deployment.yaml
# sleep 5
# wait_for_ready $(kubectl get pod -l app=postgres -o jsonpath="{.items[0].metadata.name}")
kubectl create -f ../../test/acceptance/injector-test/pg-deployment.yaml
sleep 5
wait_for_ready $(kubectl get pod -l app=postgres -o jsonpath="{.items[0].metadata.name}")
# kubectl create secret generic test \
# --from-file ../../test/acceptance/injector-test/pgdump-policy.hcl \
# --from-file ../../test/acceptance/injector-test/bootstrap.sh
kubectl create secret generic test \
--from-file ../../test/acceptance/injector-test/pgdump-policy.hcl \
--from-file ../../test/acceptance/injector-test/bootstrap.sh
# kubectl label secret test app=openbao-agent-demo
kubectl label secret test app=openbao-agent-demo
# helm install "$(name_prefix)" \
# --set="server.extraVolumes[0].type=secret" \
# --set="server.extraVolumes[0].name=test" .
# wait_for_running $(name_prefix)-0
helm install "$(name_prefix)" \
--set="server.extraVolumes[0].type=secret" \
--set="server.extraVolumes[0].name=test" .
wait_for_running $(name_prefix)-0
# wait_for_ready $(kubectl get pod -l component=webhook -o jsonpath="{.items[0].metadata.name}")
wait_for_ready $(kubectl get pod -l component=webhook -o jsonpath="{.items[0].metadata.name}")
# kubectl exec -ti "$(name_prefix)-0" -- /bin/sh -c "cp /openbao/userconfig/test/bootstrap.sh /tmp/bootstrap.sh && chmod +x /tmp/bootstrap.sh && /tmp/bootstrap.sh"
# sleep 5
kubectl exec -ti "$(name_prefix)-0" -- /bin/sh -c "cp /openbao/userconfig/test/bootstrap.sh /tmp/bootstrap.sh && chmod +x /tmp/bootstrap.sh && /tmp/bootstrap.sh"
sleep 5
# # Sealed, not initialized
# local sealed_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
# jq -r '.sealed' )
# [ "${sealed_status}" == "false" ]
# Sealed, not initialized
local sealed_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
jq -r '.sealed' )
[ "${sealed_status}" == "false" ]
# local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
# jq -r '.initialized')
# [ "${init_status}" == "true" ]
local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
jq -r '.initialized')
[ "${init_status}" == "true" ]
# kubectl create -f ../../test/acceptance/injector-test/job.yaml
# wait_for_complete_job "pgdump"
# }
kubectl create -f ../../test/acceptance/injector-test/job.yaml
wait_for_complete_job "pgdump"
}
# Clean up
teardown() {