VAULT-571 Matching documented behavior and consul
Consul's helm template defaults most of the enabled to the special value
`"-"`, which means to inherit from global. This is what is implied
should happen in Vault as well according to the documentation for the
helm chart:
> [global.enabled] The master enabled/disabled configuration. If this is
> true, most components will be installed by default. If this is false,
> no components will be installed by default and manually opting-in is
> required, such as by setting server.enabled to true.
(https://www.vaultproject.io/docs/platform/k8s/helm/configuration#enabled)
We also simplified the chart logic using a few template helpers.
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
This annotation has been deprecated since Kuberneets 1.8 and the
publishNotReadyAddresses parameter replacing it has been correctly
implemented in Kubernetes 1.11 (see https://github.com/kubernetes/kubernetes/pull/63742)
Changed/added helper functions to detect if the annotations value
is a string or yaml, and apply `tpl` or `toYaml`
accordingly. Defaults are left as `{}` since yaml is more likely
to be used with helm on the command line. This means a warning
will be shown when setting an annotation to a multi-line
string (which has been the existing behavior).
* use port names that map to vault.scheme
* prefix internal/replication port names with vault.scheme
* port names must be 'no more than 15 characters'
* test vault server service port names are prefixed with vault scheme
* test vault server statefulset port names are prefixed with vault scheme
* test vault ui service port names are prefixed with vault scheme
* formatting: replace double quote with single quote
* uncomment accidentally-commented lines
* always set internal port name to https-internal, since it is always https
* prefix headless service internal port name with https
Annotations for various objects were either multi-line strings or yaml
maps strings, so this is making them all multi-line strings for
consistency. Also updated the doc comment for namespaceSelector, since
it's being read as a yaml map (toYaml).
Uses Values.injector.externalVaultAddr to control the vault address
env variable and server yaml rendering.
If injector.externalVaultAddr is empty, both the injector and vault
are deployed, with the injector using the local vault. If
injector.externalVaultAddr is not empty, only the injector is
deployed, and it uses the vault at the address specified in
injector.externalVaultAddr.
Update chart and tests to Helm 3
Co-authored-by: Matt Piekunka <mpiekunk@users.noreply.github.com>
Co-authored-by: Mike Brancato <mbrancato@users.noreply.github.com>
* Changed vault service port and targetPort to values file
* Fixed typo in vaules, adding server-service changes and tests
* Changed port and targetPort to server.service
