Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
343 commits 11 branches 48 tags 1.4 MiB
Commit graph

112 commits

Author SHA1 Message Date
Ryan Eschinger
4ee82fd984 fix injector env var names for manual tls config (#171) 
AGENT_INJECT_CERT_FILE -> AGENT_INJECT_TLS_CERT_FILE
AGENT_INJECT_KEY_FILE -> AGENT_INJECT_TLS_KEY_FILE

see
611492d04b/subcommand/injector/flags.go (L56)

fixes #170
 2020-01-13 12:49:13 -05:00
Jason O'Donnell
82083061a0
Add vault agent injector (#150) 
* Add vault agent injector

* Fix bug with agent image env

* Fix terraform GKE code

* Cleanup label

* Improve test reliablity

* Lower sleep times in tests

* Standardize image values

* Update values

* Update vault tag
 2019-12-19 10:57:51 -05:00
Jason O'Donnell
268c2418d3
Add configurable nodeport (#152) 2019-12-18 12:22:19 -05:00
Darren Clark
ba6cfe675e Statefulset Liveness Probe failing on standby nodes due to SSL, initial delay and 429 response #137 (#138) 
livenessProbe

 * Set the scheme for vault.scheme to ensure that the check works if tls enabled or not

 * Allow a configurable value initialDelaySeconds rather than the set 5 seconds

 * Set the default initialDelaySeconds to 60 seconds before the probe starts to allow for vault unsealing

 * Set the path to /v1/sys/health?standbyok=true to ensure a 200 response on standbys

readinessProbe

 * Set the path comment to /v1/sys/health?standbyok=true to ensure a 200 response on standbys

 * Set the scheme for vault.scheme to ensure that the check works if tls enabled or not

 * Statefulset liveness probe path check set to /v1/sys/health?standbyok=true

 * Server Statefulset test added for livenessProbe.initialDelaySeconds
 2019-12-16 18:07:23 -05:00
Michael Golowka OR 1=1); DROP TABLE users; --
c390b3f6df Fix typo: serviceaccount -> serviceAccount (#147) 
* Fix typo: serviceaccount -> serviceAccount

* Fix typo in test
 2019-12-11 16:04:57 -05:00
Holden Omans
a0325cfd14 Configure pod probes (#104) 
* Added option for enabling a livenessprobe

* added option for using http for readinessProbe

* added tests
 2019-11-28 18:24:41 -05:00
Janusz Bialy
2ff7d47c07 Use a standard way to define the container image (#103) 
* use a standard way to define image repo and tag

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* add tests

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* bump chart version

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* Revert "bump chart version"

This reverts commit 74cbc984a7d4cf9098acf78977cdc8598c557550.

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* nest image block inside server

Signed-off-by: Janusz Bialy <jbialy@gmail.com>
 2019-11-28 17:39:28 -05:00
Shahbaz Nazir
faf5a84c5e Add possibility to run sidecars with vault (#87) 
* Add extra containers

* fix template

* add unit tests

* resolve conflicts

* remove duplicate docs

* fix unit tests
 2019-11-21 14:07:41 -05:00
Jason O'Donnell
3fbbf7b8df
Remove readOnlyRootFilesystem configurable (#110) 2019-11-12 19:55:31 -05:00
Sergii
ea0e66760f Add extra label to Ingress (#108) 2019-11-07 11:23:56 -05:00
Janusz Bialy
a2b2d32e92 Add support for image pull policy and secrets (#92) 
* add image pull policy and pull secrets

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* add unit tests

Signed-off-by: Janusz Bialy <jbialy@gmail.com>
 2019-10-24 12:58:32 -04:00
Jason O'Donnell
e1b89d6396
Make readOnlyRootFilesystem configurable (#93) 2019-10-24 12:40:19 -04:00
Yves Blusseau
75ceb1af5a Fix PodDisruptionBudget template (#88) 
* Fix bad selectors.
* Fix bad calculation of maxUnavailable.

Signed-off-by: JrCs <90z7oey02@sneakemail.com>
 2019-10-21 09:51:02 -04:00
Jason O'Donnell
b41d36c621
Require vault to run as non root (#80) 
* Require vault to run as non root

* Fix unit tests

* Make uid/gid configurable, remove home emptydir
 2019-10-18 12:42:25 -04:00
savagete2860
f7aa2576d0 Add load balancer source range for UI service (#83) 
* add load balancer source range for UI service

* add load balancer source range for UI service

* adding unit test

* adding unit test
 2019-10-18 12:41:53 -04:00
Jason O'Donnell
9fd0ad6e20
Fix audit storage mount in HA mode (#79) 
* Fix audit storage mount in HA mode

* Add explicit fsgroup
 2019-10-10 10:03:44 -04:00
Ryan Wholey
f957c52acc Add support for setting service type (#65) 2019-10-06 16:06:45 -04:00
Alejandro Garrido Mota
b52b0d3c15 Added unit tests for generic annotations (#64) 2019-10-06 15:58:49 -04:00
StupidScience
c6adb89d4b added possibility to add extraLabels for server pod (#59) 2019-10-06 15:50:48 -04:00
Alejandro Garrido Mota
9dd6bad741 Support for ingress (#48) 
* Added ingress support

* Added small header with documentation about ingress

* Added unit tests
 2019-09-27 10:42:24 -05:00
Jason O'Donnell
09f56da548
Remove privileged, add mlock configurable (#50) 2019-09-23 01:11:04 -04:00
Jason O'Donnell
8f382aab65
Fix ui annotation test (#57) 2019-09-23 00:44:25 -04:00
Arun Kumar
3f5b0b7b7e Changed vault service port and targetPort to values file (#43) 
* Changed vault service port and targetPort to values file

* Fixed typo in vaules, adding server-service changes and tests

* Changed port and targetPort to server.service
 2019-09-06 11:13:23 -04:00
Vincent Desjardins
2852fbba9b annotation configuration on service account (#47) 
Signed-off-by: Vincent Desjardins <vdesjardins@gmail.com>
 2019-09-06 10:48:12 -04:00
Alexander Schramm
5a64f9cc9e feat: allow setting loadBalancerIP and externalPort for service-ui (#44) 
* feat: allow setting loadBalancerIP and externalPort for service-ui

* test: remove tests with wrong value

There is no `ui.service.enabled` field, `ui.enabled` is used to create
the service and that is tested in line 29.

* test: loadBalancerIP is used if set.
 2019-09-06 10:27:31 -04:00
Miroslav E. Hadzhiev
4b12c39099 Address K8s Deprecation of Kubelet security controls. Remove Whitespaces. (#24) 2019-08-22 11:05:31 -04:00
Jason O'Donnell
acd1638b28
Add VAULT_API_ADDR as environment var (#26) 2019-08-20 17:09:06 -04:00
Dat Truong
c0f5c7acc0 Add TLS support (#21) 
* Add Secret env vars

* Add custom path for volume mounting

* Add HTTPS support

* Add test for tls

* Simplify network setup

* Make tls_disable true as default

* Update values variable to camelCase
 2019-08-20 11:40:47 -04:00
Amos Kyler
e312f00a03 Support UI service annotations (#19) 
* support ui service annotations

* Update templates/ui-service.yaml

Co-Authored-By: Dat Truong <mr.anhdat@gmail.com>

* fix service annotation indent and write unit tests
 2019-08-16 11:59:51 -04:00
Dat Truong
2154e341ea Add secret env vars and custom mounting path (#16) 
* Add Secret env vars

* Add custom path for volume mounting
 2019-08-14 16:29:07 -04:00
Jason O'Donnell
0b8aacb590
Add clusterrolebinding, fix service, update Vault (#10) 
* Add clusterrolebinding, fix service, update Vault

* Change authDelegator to false by default

* Clarify clusterIP comment
 2019-08-08 14:14:58 -04:00
Jason O'Donnell
8e1bd927f2
Add tolerations, nodeselector and annotations (#5) 2019-08-05 12:31:06 -04:00
Jason O'Donnell
b7469914e2
Refactor chart for 1.0, add tests, update TF (#2) 
* Refactor chart for 1.0, add tests, update TF

* Fix typo in helper comment

* Add NOTES for post install instructions

* Fix typo in NOTES

* Fix replication port for enterprise

* Change updateStrategy to OnDelete

* Add icon

* Remove cluster address from config

* Update README, add contributing doc

* Update README

* Change HA replicas to 3
 2019-07-31 14:26:12 -04:00
Clint Shryock
51ffe193f8
rename to match HA 2018-12-03 10:44:53 -06:00
Clint Shryock
1d20f9f11f
create seperate configmap test for HA 2018-12-03 10:44:02 -06:00
Clint Shryock
38d245d343
update ha server unit tests 2018-11-30 16:44:38 -06:00
Clint Shryock
81b11691ae
add service disruption back for HA setup 2018-11-30 16:29:46 -06:00
Clint Shryock
21216ec700
remove debug code 2018-11-30 16:05:59 -06:00
Clint Shryock
3dc9474ffc
update defaults for ui-service test 2018-11-30 16:05:40 -06:00
Clint Shryock
fa95b2df84
ha stateful set tests 2018-11-30 16:02:33 -06:00
Clint Shryock
b653371214
update tests 2018-11-30 16:01:25 -06:00
Clint Shryock
b8878a696c
no client 2018-11-29 15:50:49 -06:00
Clint Shryock
66211943e8
update values, single-server and test 2018-11-27 15:45:32 -06:00
Mitchell Hashimoto
71b899159c
add global.imageK8S for consul-k8s 2018-09-25 09:19:19 -05:00
Mitchell Hashimoto
560c461c9b
ability to specify prefix for catalog sync 2018-09-25 09:15:44 -05:00
Mitchell Hashimoto
0931239bee
disable catalog sync by default 2018-09-22 16:45:51 -07:00
Mitchell Hashimoto
f39ac481aa
syncCatalog templates 2018-09-22 16:06:24 -07:00
Mitchell Hashimoto
85538787e7
Unit tests for storageClass 2018-09-22 09:57:36 -07:00
Mitchell Hashimoto
64670ed470
Add consul-dns service 2018-09-11 17:53:02 -07:00
Mitchell Hashimoto
2434fe5a43
clients support extraVolumes 2018-09-08 08:35:07 -07:00
Mitchell Hashimoto
2488f92a23
Support extraVolumes for server, will add for client soon 2018-09-08 08:28:13 -07:00
Mitchell Hashimoto
71e2fefc62
extraConfig support for consul clients 2018-09-08 07:41:54 -07:00
Mitchell Hashimoto
9d37c9f2f1
Support global.image value 2018-09-05 07:45:54 -07:00
Mitchell Hashimoto
a1528eda46
Fix unit tests for change to disable connect inject default 2018-09-03 16:17:22 -07:00
Mitchell Hashimoto
f20934a89d
test/unit: finish inject tests 2018-09-03 09:34:28 -07:00
Mitchell Hashimoto
fc6d86b96d
test/unit: connect inject Deployment 2018-09-03 09:31:57 -07:00
Mitchell Hashimoto
489a396b4c
test/unit: UI service 2018-09-03 09:15:28 -07:00
Mitchell Hashimoto
5e1e1b1bf6
test/unit: client DaemonSet 2018-09-03 09:08:57 -07:00
Mitchell Hashimoto
64f43108f7
test/unit: server StatefulSet 2018-09-03 09:05:59 -07:00
Mitchell Hashimoto
0010bd014b
test/unit: server Service 2018-09-03 09:02:42 -07:00
Mitchell Hashimoto
fc30ae877e
test/unit: test DisruptionBudget 2018-09-03 08:58:19 -07:00
Mitchell Hashimoto
83fc9d981c
add unit tests that use helm template 2018-09-03 08:42:25 -07:00