Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
466 commits 11 branches 48 tags 1.4 MiB
Commit graph

207 commits

Author SHA1 Message Date
Michele Baldessari
92da512577
allow injection of TLS config for OpenShift routes (#686) 
* Add some tests on top of #396

* convert server-route.yaml to unix newlines

* changelog

Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
 2022-01-19 22:37:26 -08:00
Ethan J. Brown
e629dc9d65
Add volumes and env vars to helm hook test pod (#673) 
* Fix test typo

* Add basic server-test Pod tests

 - This covers all existing functionality that matches what's
   present in server-statefulset.bats

* Fix server-test helm hook Pod rendering

 - Properly adhere to the global.enabled flag and the presence of
   the injector.externalVaultAddr setting, the same way that
   the servers StatefulSet behaves

* Add volumes and env vars to helm hook test pod

 - Uses the same extraEnvironmentVars, volumes and volumeMounts set on
   the server statefulset to configure the Vault server test pod used by
   the helm test hook
 - This is necessary in situations where TLS is configured, but the
   certificates are not affiliated with the k8s CA / part of k8s PKI

 - Fixes GH-665
 2022-01-19 18:55:56 -08:00
Jacob Mammoliti
a84a61fdb6
add namespace support for openshift route (#679) 2022-01-14 15:19:22 -08:00
Vadim Grek
0043023c09
csi: ability to set priorityClassName for csi daemonset pods (#670) 2022-01-04 14:10:56 -08:00
Theron Voran
0c0b6e34f4
injector: ability to set deployment update strategy (continued) (#661) 
Co-authored-by: Jason Hancock <jhancock@netskope.com>
 2021-12-16 11:21:36 -08:00
Takumi Sue
248397f663
Make terminationGracePeriodSeconds configurable (#659) 
Make terminationGracePeriodSeconds configurable for server pod
 2021-12-14 18:15:11 -08:00
Eric Miller
609444d9d9
Configurable PodDisruptionBudget for Injector (#653) 2021-12-13 23:38:00 -08:00
Theron Voran
0375b184b3
remove support for the leader-elector container (#649) 2021-11-17 13:06:03 -08:00
Kaito Ii
c47ff33551
add staticSecretRenderInterval to injector (#621) 
* make staticSecretRenderInterval default to empty string

* update values schema to add staticSecretRenderInterval

* add test for default value

* adding changelog entry

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
 2021-11-05 19:07:25 -07:00
Tim Collins
c09c50f9d6
Add option for Ingress pathType (#634) 2021-10-25 11:30:06 -04:00
Theron Voran
3b1bb783be
Add server.ingress.ingressClassName (#630) 
Co-authored-by: Joel Cressy <joel@jtcressy.net>
 2021-10-21 09:23:45 -07:00
Toni Tauro
6914c4d877
fix(csi-ds): mountpoint-dir same mountpath in pod (#628) 
* fix(csi-ds): mountpoint-dir same mountpath in pod

Signed-off-by: Toni Tauro <toni.tauro@adfinis.com>

* Update Chart.yaml

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
 2021-10-19 15:06:07 -04:00
Ben Ash
d96a4287fa
Feat: add externalTrafficPolicy support (#626) 
- externalTrafficPolicy can be set for both the ui and server services.
  It is only supported for NodePort or LoadBalancer service types.
 2021-10-18 09:45:52 -04:00
Vladislav Rumjantsev
72c485dd2c
ingress stable networking api (#590) 
* Moved ingress to stable networking api

* lower versions support

* ingress disabled by default

* added tests for old k8s
 2021-10-08 17:13:21 -07:00
Theron Voran
5a864f7cbb
Adding support for the old leader-elector (#607) 
Adds the leader-elector container support that was removed in
PR #568. The new vault-k8s uses an internal mechanism for leader
determination, so this is just for backwards compatibility, and can
be removed in the near future.

* mark the endpoint as deprecated

* add a new useContainer option for leaderElector

Default to not deploying the old leader-elector container, unless
injector.leaderElector.useContainer is `true`.
 2021-09-15 18:43:04 -07:00
Toni Tauro
23e0348842
feat(csi): make provider hostPaths configurable (#603) 
*  add configurable values for providersDir and kubeletRootDir

Signed-off-by: Toni Tauro <toni.tauro@adfinis.com>

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
 2021-09-15 14:12:24 -04:00
Theron Voran
d31f942d3e
Support vault-k8s internal leader election (#568) 2021-08-31 15:16:06 -07:00
Theron Voran
f7ab37fd50
Add injector.webhookAnnotations chart option (#584) 2021-08-16 13:49:26 -07:00
Maxime Bruneau
c9c23b1a9b
Add imagePullSecrets on server test (#572) 
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
 2021-08-11 17:01:58 -07:00
Ben Ash
64b4d88c72
feature: imagePullSecrets from string array. (#576) 
* allow configuring imagePullSecrets from an array of strings in
  addition to the already supported array of maps
 2021-07-23 12:05:24 -04:00
Jason O'Donnell
255cdc7d26
Add ingress/route configurable to specify active/general service (#570) 
* Add ingress/route configurable to specify active/general service

* Update test/unit/server-ingress.bats

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* values.schema.json

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
 2021-07-15 14:15:46 -04:00
Ben Ash
1e4709cc46
feature: Support configuring various properties as YAML directly. (#565) 
* feature: Support configuring various properties as YAML directly.
Supported properties include: pod tolerations, pod affinity, and node selectors.
 2021-07-07 19:07:58 -04:00
Calvin Leung Huang
14d1f97edd
injector: add templateConfig.exitOnRetryFailure annotation (#560) 
* injector: add templateConfig.exitOnRetryFailure annotation

* update values.schema.json
 2021-07-06 09:49:48 -07:00
Theron Voran
4d23074cd3
Adding server.enterpriseLicense (#547) 
Sets up a vault-enterprise license for autoloading on vault
startup. Mounts an existing secret to /vault/license and sets
VAULT_LICENSE_PATH appropriately.
 2021-06-11 13:29:30 -07:00
Ricardo Gândara Pinto
d27121c223
Added webhook-certs volume mount to sidecar injector (#545) 
* Removed webhook-certs volume mount from leader-elector container

* Added test: injector deployment manual TLS adds volume mount
 2021-06-10 15:32:22 -07:00
Theron Voran
3593739160
Adding helm test for vault server (#531) 
Also adds acceptance test for 'helm test' and updates the
chart-verifier version.
 2021-05-27 17:09:50 -07:00
Iñigo Horcajo
4c71c268b9
Add UI targetPort option (#437) 
Use custom `targetPort` for UI service. See the usecase in https://github.com/hashicorp/vault-helm/issues/385#issuecomment-749560213
 2021-05-25 10:20:23 -04:00
Tom Proctor
030d3cd89d
Add extraArgs value for CSI (#526) 2021-05-21 12:48:21 +01:00
mehmetsalgar
0ab15dfb84
[Issue-520] tolerations for csi-daemonset (#521) 
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
 2021-05-17 17:14:19 -07:00
mehmetsalgar
92aed2cbee
Add ImagePullSecrets to CSI daemonset (#519) 2021-05-12 12:06:54 +01:00
Tom Proctor
be1721fc84
Remove redundant logic (#434) 2021-04-14 14:53:52 +01:00
Javier Criado Marcos
088ce89dc1
[injector] Add port name in injector service (#495) 
* [injector] Add port name in injector service

* [injector] Hardcore port to https
 2021-04-13 11:20:31 -04:00
Jason O'Donnell
bf5783ef6b
Add injector agent default overrides (#493) 
* Add injector agent default overrides

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
 2021-04-12 17:01:14 -04:00
Hamza ZOUHAIR
d8c2d2058c
Custom value of agent port (#489) 
* configure the agent port

* add unit test

* remove default

* remove default

* Update values.yaml

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
 2021-04-12 16:59:38 -04:00
Jason O'Donnell
ec67b5dd45
Add logLevel and logFormat values for Vault (#488) 
* Add logLevel and logFormat values for Vault

* Add configurable tests

* Update order of log levels

* Update values.yaml

* Update per review

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
 2021-04-08 11:18:16 -04:00
Sam Marshall
bfbeba256a
feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (#460) 
Refs #361
 2021-04-08 10:09:19 -04:00
Paul Witt
a2a07b2a02
add hostNetwork value to injector deployment (#471) 
* add hostNetwork value to injector deployment

* adding unit tests
 2021-04-08 10:03:56 -04:00
Arie Lev
7a71c0fec4
fix csi helm deployment (#486) 
* fix serviceaccount and clusterrole name reference (full name)

* add server.enabled option, align with documentation

* add unit tests

* update server.enabled behaviour to explicit true and update tests
 2021-04-06 14:56:11 +01:00
Jason O'Donnell
7fd6959cdc
Add volumes and mounts support for CSI (#479) 
* Remove extraVolumes from CSI, add volumes and mounts

* Add better example
 2021-03-25 10:21:21 -04:00
Tom Proctor
102f9e49e2
Target vault-csi-provider release 0.1.0 (#475) 2021-03-25 09:02:36 -04:00
Tom Proctor
4c1d79f46e
Add CSI secrets store provider (#461) 2021-03-19 14:14:38 +00:00
guru1306
690ee410ef
Add objectSelector to webhookconfiguration (#456) 2021-02-19 23:02:04 -05:00
Theron Voran
69a3dc618d
Set VAULT_DEV_LISTEN_ADDRESS in dev mode (#446) 
Binds vault to 0.0.0.0 in dev mode so that external traffic is
accepted.
 2021-01-15 15:42:50 -08:00
Jason O'Donnell
3cc33172d9
Add extra time to initial probe delay (#440) 2021-01-05 13:51:28 -05:00
Tom Proctor
e6b4969acc
Support deploying multiple injector replicas with auto-TLS (#436) 2021-01-05 11:14:00 +00:00
Volodymyr Stoiko
f8e6aab4ee
Allow configurable egress for server network policy (#389) 
* Allow configurable egress

* Add test for networkpolicy egress in server

* Allow egress configuration

* Fix test

* Fix networkPolicy test

* Fix test
 2020-12-16 12:30:24 -05:00
Jason O'Donnell
cc20c0b3c1
Add allowPrivilegeEscalation=false to pods (#429) 
* Add allowPrivilegeEscalation=false to pods

* Add openshift check

* Add injector openshift check
 2020-12-14 14:14:29 -05:00
Logi
a11a75d1b5
support extraLabels for vault-agent-injector (#428) 
* support extraLabels for vault-agent-injector

* added unit test for extraLabels

* fix test

* added injector.extraLabels as empty map to values file
 2020-12-07 11:28:06 -05:00
Bruno FERNANDO
73e90a1308
feat: add annotations to injector service (#425) 2020-12-07 10:31:54 -05:00
Yong Wen Chua
94adad8335
Update mutating webhook API Version (#408) 
* Update mutating webhook API Version

* Set to ignore by default

* Remove extra `-`

* Add required fields
 2020-12-07 10:18:25 -05:00