Sets up a vault-enterprise license for autoloading on vault
startup. Mounts an existing secret to /vault/license and sets
VAULT_LICENSE_PATH appropriately.
change maxUnavailable from `null` to `integer` to enable upgrade from
0.11.0 to 0.12.0 when using the specific variable.
* Also allow null value
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
* add test for server.ha.disruptionBudget.maxUnavailable
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Generated the schema using the helm schema-gen plugin, and added extra
data types to fields that allow it, such as annotations, tolerations,
enabled, etc. Enabled the "contains-value-schema" chart-verifier test.
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats
test, and configured to run it in CI. Some verification tests that
haven't been addressed yet are skipped.
* update documentation with running unit tests using container
* promote bats version to 1.3.0
* Update CONTRIBUTING.md
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* Update CONTRIBUTING.md
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* configure the agent port
* add unit test
* remove default
* remove default
* Update values.yaml
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
* fix serviceaccount and clusterrole name reference (full name)
* add server.enabled option, align with documentation
* add unit tests
* update server.enabled behaviour to explicit true and update tests
* don't set VAULT_DEV_ROOT_TOKEN_ID by default in dev mode
* don't template environment variables that no longer exist
* fix tests after removing VAULT_DEV_ROOT_TOKEN_ID env variable
* removed a typo
* allow overriding VAULT_DEV_ROOT_TOKEN_ID in dev mode
* correct ambiguous description
* don't set default values in templates for visibility, update tests and set uncomment devRootToken in values.yaml
* Update devRootToken description
We want Vault to perform token reviews with Kubernetes even if we are
using an external Vault.
We need to create the ServiceAccount, Secret and ClusterRoleBinding with
the system:auth-delegator role to enable delegated authentication and
authorization checks [1].
These SA and RBAC objects are created when we deploy the Vault server.
In order to enable the creation of these objects when using an external
Vault, we remove the condition on external mode.
User might want to provide a sensible name (in global.serviceAccount.name) to the service
account such as: vault-auth.
refs #376
[1] https://www.vaultproject.io/docs/auth/kubernetes#configuring-kubernetes
