Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add namespace to injector-leader-elector role, rolebinding and secret (#683)

Browse source
This commit is contained in:
Christian 2022-03-16 23:31:59 +01:00 committed by GitHub
parent a81a992b14
commit f59f3d4b13
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 37 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -6,6 +6,7 @@ CHANGES:
Improvements: Improvements:
* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690) * CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
## 0.19.0 (January 20th, 2022) ## 0.19.0 (January 20th, 2022)

1
templates/injector-certs-secret.yaml
View file

@ -3,6 +3,7 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: vault-injector-certs name: vault-injector-certs
namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}

1
templates/injector-role.yaml
View file

@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}

1
templates/injector-rolebinding.yaml
View file

@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}

33
test/unit/injector-leader-elector.bats
View file

@ -87,6 +87,17 @@ load _helpers
[ "${actual}" = "true" ] [ "${actual}" = "true" ]
} }
@test "injector/certs-secret: namespace is set" {
cd `chart_dir`
local actual=$( (helm template \
--show-only templates/injector-certs-secret.yaml \
--set "injector.replicas=2" \
--namespace foo \
. || echo "---") | tee /dev/stderr |
yq '.metadata.namespace' | tee /dev/stderr)
[ "${actual}" = "\"foo\"" ]
}
@test "injector/role: created/skipped as appropriate" { @test "injector/role: created/skipped as appropriate" {
cd `chart_dir` cd `chart_dir`
local actual=$( (helm template \ local actual=$( (helm template \
@ -127,6 +138,17 @@ load _helpers
[ "${actual}" = "true" ] [ "${actual}" = "true" ]
} }
@test "injector/role: namespace is set" {
cd `chart_dir`
local actual=$( (helm template \
--show-only templates/injector-role.yaml \
--set "injector.replicas=2" \
--namespace foo \
. || echo "---") | tee /dev/stderr |
yq '.metadata.namespace' | tee /dev/stderr)
[ "${actual}" = "\"foo\"" ]
}
@test "injector/rolebinding: created/skipped as appropriate" { @test "injector/rolebinding: created/skipped as appropriate" {
cd `chart_dir` cd `chart_dir`
local actual=$( (helm template \ local actual=$( (helm template \
@ -166,3 +188,14 @@ load _helpers
yq 'length > 0' | tee /dev/stderr) yq 'length > 0' | tee /dev/stderr)
[ "${actual}" = "true" ] [ "${actual}" = "true" ]
} }
@test "injector/rolebinding: namespace is set" {
cd `chart_dir`
local actual=$( (helm template \
--show-only templates/injector-rolebinding.yaml \
--set "injector.replicas=2" \
--namespace foo \
. || echo "---") | tee /dev/stderr |
yq '.metadata.namespace' | tee /dev/stderr)
[ "${actual}" = "\"foo\"" ]
}