Test with latest kind k8s versions 1.22-1.26. Remove support for old
disruptionbudget and ingress APIs (pre 1.22).
Pin all actions to SHAs, and use the common jira sync.
Update the default Vault version to v1.13.1.
Update chart-verifier used in tests to 1.10.1, also add an openshift
name annotation to Chart.yaml (one of the required checks).
* remove 1.16 from the versions tested in .github/workflows/acceptance.yaml as kind no longer supports creating a k8s 1.16 cluster
* update vault-helm's minimum support k8s version to 1.20 in README and Chart.yaml
* refactor server-ingress's templating and unit tests applied to k8s versions < 1.20
VAULT-571 Matching documented behavior and consul
Consul's helm template defaults most of the enabled to the special value
`"-"`, which means to inherit from global. This is what is implied
should happen in Vault as well according to the documentation for the
helm chart:
> [global.enabled] The master enabled/disabled configuration. If this is
> true, most components will be installed by default. If this is false,
> no components will be installed by default and manually opting-in is
> required, such as by setting server.enabled to true.
(https://www.vaultproject.io/docs/platform/k8s/helm/configuration#enabled)
We also simplified the chart logic using a few template helpers.
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
* Initial commit
* Added openshift flag
* added self signed certificate for service annotation
* added OpenShift flag
* Added OpenShift flag
* cleanup
* Cleanup
* Further cleanup
* Further cleanup
* reverted security context on injector
* Extra corrections
* cleanup
* Removed Raft config for OpenShift, removed generated certs for ha and standby services
* Add openshift flag to global block, route disabled by default, condition for injector in network policy
* Added Unit tests for OpenShift
* Fixed unit test for HA statefulset for OpenShift
* Removed debug log level from stateful set
* Added port 8201 to networkpolicy
* Updated injector image
* Add openshift beta support
* Add openshift beta support
* Remove comments from configs
* Remove vault-k8s note from values
* Change route to use active service when HA
Co-authored-by: Radu Domnu <radu.domnu@sixdx.com>
Co-authored-by: Radu Domnu <radu.domnu@gmail.com>
The apiVersion `extensions/v1beta1` for ingresses has been removed in Kubernetes 1.16 and the new `networking.k8s.io/v1beta1` has to be used now. This conditional keeps compatibility with older Kubernetes versions while using the new apiVersion when available.
Annotations for various objects were either multi-line strings or yaml
maps strings, so this is making them all multi-line strings for
consistency. Also updated the doc comment for namespaceSelector, since
it's being read as a yaml map (toYaml).
Uses Values.injector.externalVaultAddr to control the vault address
env variable and server yaml rendering.
If injector.externalVaultAddr is empty, both the injector and vault
are deployed, with the injector using the local vault. If
injector.externalVaultAddr is not empty, only the injector is
deployed, and it uses the vault at the address specified in
injector.externalVaultAddr.
