Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
525 commits 11 branches 48 tags 1.4 MiB
Commit graph

240 commits

Author SHA1 Message Date
Jason O'Donnell
9d1693ad13
Add new vault-k8s environment variables (#219) 
* Add new vault-k8s envs

* update vault image

* Add default tests for envs

* Add note about supported log parameters

* Fix typo in test name
 2020-03-06 15:03:58 -05:00
Bruno FERNANDO
1ccc64788a
feat: add AGENT_INJECT_VAULT_AUTH_PATH option to the injector (#185) 
* Add related unit tests
 2020-03-03 10:32:50 -08:00
Theron Voran
2b0d91d614
Fix the injector deployment unit test (#212) 
Set namespace manually, so the test service will have a known
namespace.
 2020-02-21 11:39:41 -08:00
Theron Voran
2b2b0dd2fa
Added support for external vault (#207) 
Uses Values.injector.externalVaultAddr to control the vault address
env variable and server yaml rendering.

If injector.externalVaultAddr is empty, both the injector and vault
are deployed, with the injector using the local vault. If
injector.externalVaultAddr is not empty, only the injector is
deployed, and it uses the vault at the address specified in
injector.externalVaultAddr.
 2020-02-21 08:16:33 -08:00
Theron Voran
77b973c17f
Helm 3 support (#195) 
Update chart and tests to Helm 3

Co-authored-by: Matt Piekunka <mpiekunk@users.noreply.github.com>
Co-authored-by: Mike Brancato <mbrancato@users.noreply.github.com>
 2020-02-06 08:44:38 -08:00
Theron Voran
45c9118782
Adding sleep in the preStop lifecycle step (#188) 
Aims to make vault pod termination more graceful with respect to user
requests.
 2020-01-30 09:39:08 -08:00
Yong Wen Chua
eccd71bfe2 Allow configure StatefulSet updateStrategy (#172) 2020-01-18 07:36:45 -05:00
fischerman
4209cbcc2d make shareProcessNamespace configurable (#174) 
* make shareProcessNamespace configurable

* add unit tests
 2020-01-15 05:06:54 -05:00
Jason O'Donnell
ac2925d250
Add extraArgs configurable (#176) 2020-01-14 10:09:20 -05:00
Ryan Eschinger
4ee82fd984 fix injector env var names for manual tls config (#171) 
AGENT_INJECT_CERT_FILE -> AGENT_INJECT_TLS_CERT_FILE
AGENT_INJECT_KEY_FILE -> AGENT_INJECT_TLS_KEY_FILE

see
611492d04b/subcommand/injector/flags.go (L56)

fixes #170
 2020-01-13 12:49:13 -05:00
Jason O'Donnell
82083061a0
Add vault agent injector (#150) 
* Add vault agent injector

* Fix bug with agent image env

* Fix terraform GKE code

* Cleanup label

* Improve test reliablity

* Lower sleep times in tests

* Standardize image values

* Update values

* Update vault tag
 2019-12-19 10:57:51 -05:00
Jason O'Donnell
268c2418d3
Add configurable nodeport (#152) 2019-12-18 12:22:19 -05:00
Darren Clark
ba6cfe675e Statefulset Liveness Probe failing on standby nodes due to SSL, initial delay and 429 response #137 (#138) 
livenessProbe

 * Set the scheme for vault.scheme to ensure that the check works if tls enabled or not

 * Allow a configurable value initialDelaySeconds rather than the set 5 seconds

 * Set the default initialDelaySeconds to 60 seconds before the probe starts to allow for vault unsealing

 * Set the path to /v1/sys/health?standbyok=true to ensure a 200 response on standbys

readinessProbe

 * Set the path comment to /v1/sys/health?standbyok=true to ensure a 200 response on standbys

 * Set the scheme for vault.scheme to ensure that the check works if tls enabled or not

 * Statefulset liveness probe path check set to /v1/sys/health?standbyok=true

 * Server Statefulset test added for livenessProbe.initialDelaySeconds
 2019-12-16 18:07:23 -05:00
Michael Golowka OR 1=1); DROP TABLE users; --
c390b3f6df Fix typo: serviceaccount -> serviceAccount (#147) 
* Fix typo: serviceaccount -> serviceAccount

* Fix typo in test
 2019-12-11 16:04:57 -05:00
Holden Omans
a0325cfd14 Configure pod probes (#104) 
* Added option for enabling a livenessprobe

* added option for using http for readinessProbe

* added tests
 2019-11-28 18:24:41 -05:00
Janusz Bialy
2ff7d47c07 Use a standard way to define the container image (#103) 
* use a standard way to define image repo and tag

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* add tests

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* bump chart version

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* Revert "bump chart version"

This reverts commit 74cbc984a7d4cf9098acf78977cdc8598c557550.

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* nest image block inside server

Signed-off-by: Janusz Bialy <jbialy@gmail.com>
 2019-11-28 17:39:28 -05:00
Shahbaz Nazir
faf5a84c5e Add possibility to run sidecars with vault (#87) 
* Add extra containers

* fix template

* add unit tests

* resolve conflicts

* remove duplicate docs

* fix unit tests
 2019-11-21 14:07:41 -05:00
Jason O'Donnell
3fbbf7b8df
Remove readOnlyRootFilesystem configurable (#110) 2019-11-12 19:55:31 -05:00
Sergii
ea0e66760f Add extra label to Ingress (#108) 2019-11-07 11:23:56 -05:00
Janusz Bialy
a2b2d32e92 Add support for image pull policy and secrets (#92) 
* add image pull policy and pull secrets

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* add unit tests

Signed-off-by: Janusz Bialy <jbialy@gmail.com>
 2019-10-24 12:58:32 -04:00
Jason O'Donnell
e1b89d6396
Make readOnlyRootFilesystem configurable (#93) 2019-10-24 12:40:19 -04:00
Yves Blusseau
75ceb1af5a Fix PodDisruptionBudget template (#88) 
* Fix bad selectors.
* Fix bad calculation of maxUnavailable.

Signed-off-by: JrCs <90z7oey02@sneakemail.com>
 2019-10-21 09:51:02 -04:00
Jason O'Donnell
b41d36c621
Require vault to run as non root (#80) 
* Require vault to run as non root

* Fix unit tests

* Make uid/gid configurable, remove home emptydir
 2019-10-18 12:42:25 -04:00
savagete2860
f7aa2576d0 Add load balancer source range for UI service (#83) 
* add load balancer source range for UI service

* add load balancer source range for UI service

* adding unit test

* adding unit test
 2019-10-18 12:41:53 -04:00
Jason O'Donnell
9fd0ad6e20
Fix audit storage mount in HA mode (#79) 
* Fix audit storage mount in HA mode

* Add explicit fsgroup
 2019-10-10 10:03:44 -04:00
Ryan Wholey
f957c52acc Add support for setting service type (#65) 2019-10-06 16:06:45 -04:00
Alejandro Garrido Mota
b52b0d3c15 Added unit tests for generic annotations (#64) 2019-10-06 15:58:49 -04:00
StupidScience
c6adb89d4b added possibility to add extraLabels for server pod (#59) 2019-10-06 15:50:48 -04:00
Alejandro Garrido Mota
9dd6bad741 Support for ingress (#48) 
* Added ingress support

* Added small header with documentation about ingress

* Added unit tests
 2019-09-27 10:42:24 -05:00
Jason O'Donnell
09f56da548
Remove privileged, add mlock configurable (#50) 2019-09-23 01:11:04 -04:00
Jason O'Donnell
8f382aab65
Fix ui annotation test (#57) 2019-09-23 00:44:25 -04:00
Arun Kumar
3f5b0b7b7e Changed vault service port and targetPort to values file (#43) 
* Changed vault service port and targetPort to values file

* Fixed typo in vaules, adding server-service changes and tests

* Changed port and targetPort to server.service
 2019-09-06 11:13:23 -04:00
Vincent Desjardins
2852fbba9b annotation configuration on service account (#47) 
Signed-off-by: Vincent Desjardins <vdesjardins@gmail.com>
 2019-09-06 10:48:12 -04:00
Alexander Schramm
5a64f9cc9e feat: allow setting loadBalancerIP and externalPort for service-ui (#44) 
* feat: allow setting loadBalancerIP and externalPort for service-ui

* test: remove tests with wrong value

There is no `ui.service.enabled` field, `ui.enabled` is used to create
the service and that is tested in line 29.

* test: loadBalancerIP is used if set.
 2019-09-06 10:27:31 -04:00
Miroslav E. Hadzhiev
4b12c39099 Address K8s Deprecation of Kubelet security controls. Remove Whitespaces. (#24) 2019-08-22 11:05:31 -04:00
Jason O'Donnell
acd1638b28
Add VAULT_API_ADDR as environment var (#26) 2019-08-20 17:09:06 -04:00
Dat Truong
c0f5c7acc0 Add TLS support (#21) 
* Add Secret env vars

* Add custom path for volume mounting

* Add HTTPS support

* Add test for tls

* Simplify network setup

* Make tls_disable true as default

* Update values variable to camelCase
 2019-08-20 11:40:47 -04:00
Amos Kyler
e312f00a03 Support UI service annotations (#19) 
* support ui service annotations

* Update templates/ui-service.yaml

Co-Authored-By: Dat Truong <mr.anhdat@gmail.com>

* fix service annotation indent and write unit tests
 2019-08-16 11:59:51 -04:00
Dat Truong
2154e341ea Add secret env vars and custom mounting path (#16) 
* Add Secret env vars

* Add custom path for volume mounting
 2019-08-14 16:29:07 -04:00
Jason O'Donnell
0b8aacb590
Add clusterrolebinding, fix service, update Vault (#10) 
* Add clusterrolebinding, fix service, update Vault

* Change authDelegator to false by default

* Clarify clusterIP comment
 2019-08-08 14:14:58 -04:00
Jason O'Donnell
db571d8dda
Update helm labels (#8) 2019-08-07 14:55:32 -04:00
Jason O'Donnell
8e1bd927f2
Add tolerations, nodeselector and annotations (#5) 2019-08-05 12:31:06 -04:00
Jason O'Donnell
b7469914e2
Refactor chart for 1.0, add tests, update TF (#2) 
* Refactor chart for 1.0, add tests, update TF

* Fix typo in helper comment

* Add NOTES for post install instructions

* Fix typo in NOTES

* Fix replication port for enterprise

* Change updateStrategy to OnDelete

* Add icon

* Remove cluster address from config

* Update README, add contributing doc

* Update README

* Change HA replicas to 3
 2019-07-31 14:26:12 -04:00
Clint Shryock
51ffe193f8
rename to match HA 2018-12-03 10:44:53 -06:00
Clint Shryock
1d20f9f11f
create seperate configmap test for HA 2018-12-03 10:44:02 -06:00
Clint Shryock
38d245d343
update ha server unit tests 2018-11-30 16:44:38 -06:00
Clint Shryock
81b11691ae
add service disruption back for HA setup 2018-11-30 16:29:46 -06:00
Clint Shryock
21216ec700
remove debug code 2018-11-30 16:05:59 -06:00
Clint Shryock
3dc9474ffc
update defaults for ui-service test 2018-11-30 16:05:40 -06:00
Clint Shryock
fa95b2df84
ha stateful set tests 2018-11-30 16:02:33 -06:00
Clint Shryock
b653371214
update tests 2018-11-30 16:01:25 -06:00
Clint Shryock
b8878a696c
no client 2018-11-29 15:50:49 -06:00
Clint Shryock
20fd374531
update terraform config: specific scopes needed to use auto-unseal. Right now a pre-made service account is used, but will be replaced later 2018-11-29 15:48:02 -06:00
Clint Shryock
0c4195e707
fix typo 2018-11-28 16:55:51 -06:00
Clint Shryock
8156a94a02
update ha vs non-ha test names 2018-11-28 16:54:03 -06:00
Clint Shryock
42600a73fc
update single server acc test, add HA test that installs Consul and runs HA mode 2018-11-28 16:40:37 -06:00
Clint Shryock
6688814862
update acceptance test to check vault single server boots, and is running but sealed and uninitialized 2018-11-28 11:43:24 -06:00
Clint Shryock
66211943e8
update values, single-server and test 2018-11-27 15:45:32 -06:00
Clint Shryock
5d0ffcabe0
snapshot of dev before I switched tasks 2018-10-29 10:36:23 -05:00
Clint Shryock
95024c4d3f
minor tweaks 2018-10-04 15:07:41 -05:00
Clint Shryock
d72a939a51
really ugly hack/slash proof-of-concept, forked from consul-helm 2018-10-02 16:14:57 -05:00
Mitchell Hashimoto
71b899159c
add global.imageK8S for consul-k8s 2018-09-25 09:19:19 -05:00
Mitchell Hashimoto
560c461c9b
ability to specify prefix for catalog sync 2018-09-25 09:15:44 -05:00
Mitchell Hashimoto
0931239bee
disable catalog sync by default 2018-09-22 16:45:51 -07:00
Mitchell Hashimoto
f39ac481aa
syncCatalog templates 2018-09-22 16:06:24 -07:00
Mitchell Hashimoto
85538787e7
Unit tests for storageClass 2018-09-22 09:57:36 -07:00
Mitchell Hashimoto
64670ed470
Add consul-dns service 2018-09-11 17:53:02 -07:00
Mitchell Hashimoto
0db2be6d10
test: terraform uses data source to get latest GKE version 2018-09-11 12:35:16 -07:00
Mitchell Hashimoto
2434fe5a43
clients support extraVolumes 2018-09-08 08:35:07 -07:00
Mitchell Hashimoto
2488f92a23
Support extraVolumes for server, will add for client soon 2018-09-08 08:28:13 -07:00
Mitchell Hashimoto
71e2fefc62
extraConfig support for consul clients 2018-09-08 07:41:54 -07:00
Mitchell Hashimoto
9d37c9f2f1
Support global.image value 2018-09-05 07:45:54 -07:00
Mitchell Hashimoto
a1528eda46
Fix unit tests for change to disable connect inject default 2018-09-03 16:17:22 -07:00
Mitchell Hashimoto
6cc5743936
test/acceptance: fix path to chart 2018-09-03 12:59:36 -07:00
Mitchell Hashimoto
f20934a89d
test/unit: finish inject tests 2018-09-03 09:34:28 -07:00
Mitchell Hashimoto
fc6d86b96d
test/unit: connect inject Deployment 2018-09-03 09:31:57 -07:00
Mitchell Hashimoto
489a396b4c
test/unit: UI service 2018-09-03 09:15:28 -07:00
Mitchell Hashimoto
5e1e1b1bf6
test/unit: client DaemonSet 2018-09-03 09:08:57 -07:00
Mitchell Hashimoto
64f43108f7
test/unit: server StatefulSet 2018-09-03 09:05:59 -07:00
Mitchell Hashimoto
0010bd014b
test/unit: server Service 2018-09-03 09:02:42 -07:00
Mitchell Hashimoto
fc30ae877e
test/unit: test DisruptionBudget 2018-09-03 08:58:19 -07:00
Mitchell Hashimoto
83fc9d981c
add unit tests that use helm template 2018-09-03 08:42:25 -07:00
Mitchell Hashimoto
7ff71983f1
test/docker: add jq to the Test dockerfile 2018-08-21 10:51:40 -07:00
Mitchell Hashimoto
3a55af62fe
Allow overridable inject image, test images 2018-08-21 10:25:37 -07:00
Mitchell Hashimoto
37351656b0
Move tests back directly into test/ 2018-08-20 16:22:42 -07:00
Mitchell Hashimoto
a439289809
test/terraform: can't install helm until kubectl is configured 2018-08-20 16:17:46 -07:00
Mitchell Hashimoto
36e8afc7a0
Move all terraform setup to test/terraform 2018-08-20 16:16:22 -07:00
Mitchell Hashimoto
90ce7e614c
test/terraform: add cluster outputs 2018-08-20 15:54:04 -07:00
Mitchell Hashimoto
c7fa40d247
Initial stuff 2018-08-20 15:26:37 -07:00
Mitchell Hashimoto
323feba49c
Move chart to top-level 2018-08-18 14:20:04 -07:00