When updating the Vault config (and corresponding)
configmap, we now generate a checksum of the config
and set it as an annotation on both the configmap
and the Vault StatefulSet pod template.
This allows the deployer to know what pods need to
be restarted to pick up the a changed config.
We still recommend using the standard upgrade
[method for Vault on Kubernetes](https://developer.hashicorp.com/vault/tutorials/kubernetes/kubernetes-raft-deployment-guide#upgrading-vault-on-kubernetes),
i.e., using the `OnDelete` strategy
for the Vault StatefulSet, so updating the config
and doing a `helm upgrade` should not trigger the
pods to restart, and then deleting pods one
at a time, starting with the standby pods.
With `kubectl` and `jq`, you can check check which
pods need to be updated by first getting the value
of the current configmap checksum:
```shell
kubectl get pods -o json | jq -r ".items[] | select(.metadata.annotations.\"config/checksum\" != $(kubectl get configmap vault-config -o json | jq '.metadata.annotations."config/checksum"') ) | .metadata.name"
```
Fixes#748.
---------
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
* update documentation with running unit tests using container
* promote bats version to 1.3.0
* Update CONTRIBUTING.md
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Update CONTRIBUTING.md
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
In latest alpine release (3.12) there was an intentional change
to drop python support without specify required version: python2
or python3.
Signed-off-by: Octavian Ionescu <itavyg@gmail.com>
Update chart and tests to Helm 3
Co-authored-by: Matt Piekunka <mpiekunk@users.noreply.github.com>
Co-authored-by: Mike Brancato <mbrancato@users.noreply.github.com>
