VAULT-571 Matching documented behavior and consul
Consul's helm template defaults most of the enabled to the special value
`"-"`, which means to inherit from global. This is what is implied
should happen in Vault as well according to the documentation for the
helm chart:
> [global.enabled] The master enabled/disabled configuration. If this is
> true, most components will be installed by default. If this is false,
> no components will be installed by default and manually opting-in is
> required, such as by setting server.enabled to true.
(https://www.vaultproject.io/docs/platform/k8s/helm/configuration#enabled)
We also simplified the chart logic using a few template helpers.
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
* Add configuration options for Vault UI service
- Configure to select active Vault pod only
- Configure to not publish unready address
* Create active label only on HA
* use port names that map to vault.scheme
* prefix internal/replication port names with vault.scheme
* port names must be 'no more than 15 characters'
* test vault server service port names are prefixed with vault scheme
* test vault server statefulset port names are prefixed with vault scheme
* test vault ui service port names are prefixed with vault scheme
* formatting: replace double quote with single quote
* uncomment accidentally-commented lines
* always set internal port name to https-internal, since it is always https
* prefix headless service internal port name with https
Uses Values.injector.externalVaultAddr to control the vault address
env variable and server yaml rendering.
If injector.externalVaultAddr is empty, both the injector and vault
are deployed, with the injector using the local vault. If
injector.externalVaultAddr is not empty, only the injector is
deployed, and it uses the vault at the address specified in
injector.externalVaultAddr.
Update chart and tests to Helm 3
Co-authored-by: Matt Piekunka <mpiekunk@users.noreply.github.com>
Co-authored-by: Mike Brancato <mbrancato@users.noreply.github.com>
* feat: allow setting loadBalancerIP and externalPort for service-ui
* test: remove tests with wrong value
There is no `ui.service.enabled` field, `ui.enabled` is used to create
the service and that is tested in line 29.
* test: loadBalancerIP is used if set.
* Add Secret env vars
* Add custom path for volume mounting
* Add HTTPS support
* Add test for tls
* Simplify network setup
* Make tls_disable true as default
* Update values variable to camelCase
* support ui service annotations
* Update templates/ui-service.yaml
Co-Authored-By: Dat Truong <mr.anhdat@gmail.com>
* fix service annotation indent and write unit tests
