- As part of VAULT-571 / #703 in 7109159, a new vault.serverEnabled
template was added (and included in vault.mode)
Various templates were updated accordingly, but those that were
already calling vault.mode had an additonal call to
vault.serverEnabled made which was unnecessary
Remove those
VAULT-571 Matching documented behavior and consul
Consul's helm template defaults most of the enabled to the special value
`"-"`, which means to inherit from global. This is what is implied
should happen in Vault as well according to the documentation for the
helm chart:
> [global.enabled] The master enabled/disabled configuration. If this is
> true, most components will be installed by default. If this is false,
> no components will be installed by default and manually opting-in is
> required, such as by setting server.enabled to true.
(https://www.vaultproject.io/docs/platform/k8s/helm/configuration#enabled)
We also simplified the chart logic using a few template helpers.
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
* Fix test typo
* Add basic server-test Pod tests
- This covers all existing functionality that matches what's
present in server-statefulset.bats
* Fix server-test helm hook Pod rendering
- Properly adhere to the global.enabled flag and the presence of
the injector.externalVaultAddr setting, the same way that
the servers StatefulSet behaves
* Add volumes and env vars to helm hook test pod
- Uses the same extraEnvironmentVars, volumes and volumeMounts set on
the server statefulset to configure the Vault server test pod used by
the helm test hook
- This is necessary in situations where TLS is configured, but the
certificates are not affiliated with the k8s CA / part of k8s PKI
- Fixes GH-665
