Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added webhook-certs volume mount to sidecar injector (#545)

Browse source 
* Removed webhook-certs volume mount from leader-elector container

* Added test: injector deployment manual TLS adds volume mount
This commit is contained in:
Ricardo Gândara Pinto 2021-06-10 23:32:22 +01:00 committed by GitHub
parent 637087fa70
commit d27121c223
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
templates/injector-deployment.yaml
View file

@ -131,6 +131,12 @@ spec:
periodSeconds: 2 periodSeconds: 2
successThreshold: 1 successThreshold: 1
timeoutSeconds: 5 timeoutSeconds: 5
{{- if .Values.injector.certs.secretName }}
volumeMounts:
- name: webhook-certs
mountPath: /etc/webhook/certs
readOnly: true
{{- end }}
{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }} {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
- name: leader-elector - name: leader-elector
image: {{ .Values.injector.leaderElector.image.repository }}:{{ .Values.injector.leaderElector.image.tag }} image: {{ .Values.injector.leaderElector.image.repository }}:{{ .Values.injector.leaderElector.image.tag }}
@ -161,10 +167,6 @@ spec:
timeoutSeconds: 5 timeoutSeconds: 5
{{- end }} {{- end }}
{{- if .Values.injector.certs.secretName }} {{- if .Values.injector.certs.secretName }}
volumeMounts:
- name: webhook-certs
mountPath: /etc/webhook/certs
readOnly: true
volumes: volumes:
- name: webhook-certs - name: webhook-certs
secret: secret:

18
test/unit/injector-deployment.bats
View file

@ -168,6 +168,24 @@ load _helpers
[ "${value}" = "RELEASE-NAME-vault-agent-injector-svc,RELEASE-NAME-vault-agent-injector-svc.${namespace:-default},RELEASE-NAME-vault-agent-injector-svc.${namespace:-default}.svc" ] [ "${value}" = "RELEASE-NAME-vault-agent-injector-svc,RELEASE-NAME-vault-agent-injector-svc.${namespace:-default},RELEASE-NAME-vault-agent-injector-svc.${namespace:-default}.svc" ]
} }
@test "injector/deployment: manual TLS adds volume mount" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
--set 'injector.enabled=true' \
--set 'injector.certs.secretName=vault-tls' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].volumeMounts[] | select(.name == "webhook-certs")' | tee /dev/stderr)
local actual=$(echo $object |
yq -r '.mountPath' | tee /dev/stderr)
[ "${actual}" = "/etc/webhook/certs" ]
local actual=$(echo $object |
yq -r '.readOnly' | tee /dev/stderr)
[ "${actual}" = "true" ]
}
@test "injector/deployment: with externalVaultAddr" { @test "injector/deployment: with externalVaultAddr" {
cd `chart_dir` cd `chart_dir`
local object=$(helm template \ local object=$(helm template \