* fix serviceaccount and clusterrole name reference (full name)
* add server.enabled option, align with documentation
* add unit tests
* update server.enabled behaviour to explicit true and update tests
* Make serviceAccount name a configuration option
Follow Helm Best Practices when defining serviceAccount names
https://helm.sh/docs/chart_best_practices/#using-rbac-resources
* Use enabled instead of create for consistency
* Add unit tests for user-defined service account name
* ServiceAccount under server
Co-authored-by: David Holsgrove <david@apnic.net>
* Update ServiceAccount in RoleBindings
to address https://github.com/hashicorp/vault-helm/pull/56#pullrequestreview-297856433
Co-authored-by: David Holsgrove <david@apnic.net>
* Update tests for helm template arg --show-only
Co-authored-by: David Holsgrove <david@apnic.net>
* Fix server-serviceaccount tests
* serviceAccount: rename enabled to create
* statefulSet: add tests for serviceAccount
Co-authored-by: Nick Satterly <nick@diabol.se>
Co-authored-by: David Holsgrove <david@apnic.net>
* Initial commit
* Added openshift flag
* added self signed certificate for service annotation
* added OpenShift flag
* Added OpenShift flag
* cleanup
* Cleanup
* Further cleanup
* Further cleanup
* reverted security context on injector
* Extra corrections
* cleanup
* Removed Raft config for OpenShift, removed generated certs for ha and standby services
* Add openshift flag to global block, route disabled by default, condition for injector in network policy
* Added Unit tests for OpenShift
* Fixed unit test for HA statefulset for OpenShift
* Removed debug log level from stateful set
* Added port 8201 to networkpolicy
* Updated injector image
* Add openshift beta support
* Add openshift beta support
* Remove comments from configs
* Remove vault-k8s note from values
* Change route to use active service when HA
Co-authored-by: Radu Domnu <radu.domnu@sixdx.com>
Co-authored-by: Radu Domnu <radu.domnu@gmail.com>
Changed/added helper functions to detect if the annotations value
is a string or yaml, and apply `tpl` or `toYaml`
accordingly. Defaults are left as `{}` since yaml is more likely
to be used with helm on the command line. This means a warning
will be shown when setting an annotation to a multi-line
string (which has been the existing behavior).
* use port names that map to vault.scheme
* prefix internal/replication port names with vault.scheme
* port names must be 'no more than 15 characters'
* test vault server service port names are prefixed with vault scheme
* test vault server statefulset port names are prefixed with vault scheme
* test vault ui service port names are prefixed with vault scheme
* formatting: replace double quote with single quote
* uncomment accidentally-commented lines
* always set internal port name to https-internal, since it is always https
* prefix headless service internal port name with https
Adds affinity, tolerations, and nodeSelector options for the
injector deployment that are separate from those options on the vault
server statefulset.
Co-authored-by: Sergei Shishov <sergei.shishov@dubizzle.com>
Uses Values.injector.externalVaultAddr to control the vault address
env variable and server yaml rendering.
If injector.externalVaultAddr is empty, both the injector and vault
are deployed, with the injector using the local vault. If
injector.externalVaultAddr is not empty, only the injector is
deployed, and it uses the vault at the address specified in
injector.externalVaultAddr.
Update chart and tests to Helm 3
Co-authored-by: Matt Piekunka <mpiekunk@users.noreply.github.com>
Co-authored-by: Mike Brancato <mbrancato@users.noreply.github.com>
livenessProbe
* Set the scheme for vault.scheme to ensure that the check works if tls enabled or not
* Allow a configurable value initialDelaySeconds rather than the set 5 seconds
* Set the default initialDelaySeconds to 60 seconds before the probe starts to allow for vault unsealing
* Set the path to /v1/sys/health?standbyok=true to ensure a 200 response on standbys
readinessProbe
* Set the path comment to /v1/sys/health?standbyok=true to ensure a 200 response on standbys
* Set the scheme for vault.scheme to ensure that the check works if tls enabled or not
* Statefulset liveness probe path check set to /v1/sys/health?standbyok=true
* Server Statefulset test added for livenessProbe.initialDelaySeconds
* use a standard way to define image repo and tag
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
* add tests
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
* bump chart version
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
* Revert "bump chart version"
This reverts commit 74cbc984a7d4cf9098acf78977cdc8598c557550.
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
* nest image block inside server
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
* add image pull policy and pull secrets
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
* add unit tests
Signed-off-by: Janusz Bialy <jbialy@gmail.com>
