Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
577 commits 11 branches 48 tags 1.4 MiB
Commit graph

243 commits

Author SHA1 Message Date
Bruno FERNANDO
1ccc64788a
feat: add AGENT_INJECT_VAULT_AUTH_PATH option to the injector (#185) 
* Add related unit tests
 2020-03-03 10:32:50 -08:00
Jason O'Donnell
8a6419e623
Update to 0.4.0 (#211) 2020-02-21 14:56:30 -05:00
Theron Voran
2b2b0dd2fa
Added support for external vault (#207) 
Uses Values.injector.externalVaultAddr to control the vault address
env variable and server yaml rendering.

If injector.externalVaultAddr is empty, both the injector and vault
are deployed, with the injector using the local vault. If
injector.externalVaultAddr is not empty, only the injector is
deployed, and it uses the vault at the address specified in
injector.externalVaultAddr.
 2020-02-21 08:16:33 -08:00
Theron Voran
45c9118782
Adding sleep in the preStop lifecycle step (#188) 
Aims to make vault pod termination more graceful with respect to user
requests.
 2020-01-30 09:39:08 -08:00
Yong Wen Chua
eccd71bfe2 Allow configure StatefulSet updateStrategy (#172) 2020-01-18 07:36:45 -05:00
fischerman
4209cbcc2d make shareProcessNamespace configurable (#174) 
* make shareProcessNamespace configurable

* add unit tests
 2020-01-15 05:06:54 -05:00
Jason O'Donnell
ac2925d250
Add extraArgs configurable (#176) 2020-01-14 10:09:20 -05:00
Jason O'Donnell
551f292b6f
Update to 0.3.2 (#166) 2020-01-08 10:05:06 -05:00
Jason O'Donnell
98e7e0a7c9
Update to 0.3.1 (#162) 2020-01-02 12:18:22 -05:00
Jason O'Donnell
7d8ae7df46
Update to 0.3.0 (#154) 2019-12-19 11:49:50 -05:00
Jason O'Donnell
82083061a0
Add vault agent injector (#150) 
* Add vault agent injector

* Fix bug with agent image env

* Fix terraform GKE code

* Cleanup label

* Improve test reliablity

* Lower sleep times in tests

* Standardize image values

* Update values

* Update vault tag
 2019-12-19 10:57:51 -05:00
Jason O'Donnell
268c2418d3
Add configurable nodeport (#152) 2019-12-18 12:22:19 -05:00
Darren Clark
ba6cfe675e Statefulset Liveness Probe failing on standby nodes due to SSL, initial delay and 429 response #137 (#138) 
livenessProbe

 * Set the scheme for vault.scheme to ensure that the check works if tls enabled or not

 * Allow a configurable value initialDelaySeconds rather than the set 5 seconds

 * Set the default initialDelaySeconds to 60 seconds before the probe starts to allow for vault unsealing

 * Set the path to /v1/sys/health?standbyok=true to ensure a 200 response on standbys

readinessProbe

 * Set the path comment to /v1/sys/health?standbyok=true to ensure a 200 response on standbys

 * Set the scheme for vault.scheme to ensure that the check works if tls enabled or not

 * Statefulset liveness probe path check set to /v1/sys/health?standbyok=true

 * Server Statefulset test added for livenessProbe.initialDelaySeconds
 2019-12-16 18:07:23 -05:00
Michael Golowka OR 1=1); DROP TABLE users; --
c390b3f6df Fix typo: serviceaccount -> serviceAccount (#147) 
* Fix typo: serviceaccount -> serviceAccount

* Fix typo in test
 2019-12-11 16:04:57 -05:00
Daniel Mittelman
4a743f655e Promote Docker image version to 1.3.0 (#136) 2019-12-06 09:38:49 -05:00
Holden Omans
a0325cfd14 Configure pod probes (#104) 
* Added option for enabling a livenessprobe

* added option for using http for readinessProbe

* added tests
 2019-11-28 18:24:41 -05:00
Janusz Bialy
2ff7d47c07 Use a standard way to define the container image (#103) 
* use a standard way to define image repo and tag

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* add tests

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* bump chart version

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* Revert "bump chart version"

This reverts commit 74cbc984a7d4cf9098acf78977cdc8598c557550.

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* nest image block inside server

Signed-off-by: Janusz Bialy <jbialy@gmail.com>
 2019-11-28 17:39:28 -05:00
Shahbaz Nazir
faf5a84c5e Add possibility to run sidecars with vault (#87) 
* Add extra containers

* fix template

* add unit tests

* resolve conflicts

* remove duplicate docs

* fix unit tests
 2019-11-21 14:07:41 -05:00
Ivan Aracki
6bef1e19df Fix server.dataStorage explanation link (#115) 2019-11-18 11:59:15 -05:00
Jason O'Donnell
3fbbf7b8df
Remove readOnlyRootFilesystem configurable (#110) 2019-11-12 19:55:31 -05:00
Jason O'Donnell
a5331f5b38
Update for 0.2.0 release (#102) 2019-11-11 10:51:00 -05:00
Sergii
ea0e66760f Add extra label to Ingress (#108) 2019-11-07 11:23:56 -05:00
Luke Barton
04303baa5f Fix bad GCP environment variable example (#101) 2019-10-28 11:56:29 -04:00
Janusz Bialy
a2b2d32e92 Add support for image pull policy and secrets (#92) 
* add image pull policy and pull secrets

Signed-off-by: Janusz Bialy <jbialy@gmail.com>

* add unit tests

Signed-off-by: Janusz Bialy <jbialy@gmail.com>
 2019-10-24 12:58:32 -04:00
Jason O'Donnell
e1b89d6396
Make readOnlyRootFilesystem configurable (#93) 2019-10-24 12:40:19 -04:00
Jason O'Donnell
b41d36c621
Require vault to run as non root (#80) 
* Require vault to run as non root

* Fix unit tests

* Make uid/gid configurable, remove home emptydir
 2019-10-18 12:42:25 -04:00
savagete2860
f7aa2576d0 Add load balancer source range for UI service (#83) 
* add load balancer source range for UI service

* add load balancer source range for UI service

* adding unit test

* adding unit test
 2019-10-18 12:41:53 -04:00
Jason O'Donnell
789a806485
Fix affinity labels in values (#74) 2019-10-07 12:55:52 -04:00
StupidScience
c6adb89d4b added possibility to add extraLabels for server pod (#59) 2019-10-06 15:50:48 -04:00
Alejandro Garrido Mota
9dd6bad741 Support for ingress (#48) 
* Added ingress support

* Added small header with documentation about ingress

* Added unit tests
 2019-09-27 10:42:24 -05:00
Jeff Malnick
1773a5759d
Merge pull request #52 from mogaal/service-annotations 
Service annotations support
 2019-09-26 19:45:51 -07:00
Jason O'Donnell
09f56da548
Remove privileged, add mlock configurable (#50) 2019-09-23 01:11:04 -04:00
Alejandro Garrido Mota
865b98f55d Added support for service annotations 2019-09-11 16:39:25 +01:00
Arun Kumar
3f5b0b7b7e Changed vault service port and targetPort to values file (#43) 
* Changed vault service port and targetPort to values file

* Fixed typo in vaules, adding server-service changes and tests

* Changed port and targetPort to server.service
 2019-09-06 11:13:23 -04:00
Vincent Desjardins
2852fbba9b annotation configuration on service account (#47) 
Signed-off-by: Vincent Desjardins <vdesjardins@gmail.com>
 2019-09-06 10:48:12 -04:00
Alexander Schramm
5a64f9cc9e feat: allow setting loadBalancerIP and externalPort for service-ui (#44) 
* feat: allow setting loadBalancerIP and externalPort for service-ui

* test: remove tests with wrong value

There is no `ui.service.enabled` field, `ui.enabled` is used to create
the service and that is tested in line 29.

* test: loadBalancerIP is used if set.
 2019-09-06 10:27:31 -04:00
Miroslav E. Hadzhiev
4b12c39099 Address K8s Deprecation of Kubelet security controls. Remove Whitespaces. (#24) 2019-08-22 11:05:31 -04:00
Jason O'Donnell
acd1638b28
Add VAULT_API_ADDR as environment var (#26) 2019-08-20 17:09:06 -04:00
Dat Truong
c0f5c7acc0 Add TLS support (#21) 
* Add Secret env vars

* Add custom path for volume mounting

* Add HTTPS support

* Add test for tls

* Simplify network setup

* Make tls_disable true as default

* Update values variable to camelCase
 2019-08-20 11:40:47 -04:00
Amos Kyler
e312f00a03 Support UI service annotations (#19) 
* support ui service annotations

* Update templates/ui-service.yaml

Co-Authored-By: Dat Truong <mr.anhdat@gmail.com>

* fix service annotation indent and write unit tests
 2019-08-16 11:59:51 -04:00
Dat Truong
2154e341ea Add secret env vars and custom mounting path (#16) 
* Add Secret env vars

* Add custom path for volume mounting
 2019-08-14 16:29:07 -04:00
Alexandre Garcia
0b2218d1d9 Only include clusterIp on vault service if set in values (#12) 2019-08-12 09:57:56 -04:00
Jason O'Donnell
0b8aacb590
Add clusterrolebinding, fix service, update Vault (#10) 
* Add clusterrolebinding, fix service, update Vault

* Change authDelegator to false by default

* Clarify clusterIP comment
 2019-08-08 14:14:58 -04:00
Jason O'Donnell
8e1bd927f2
Add tolerations, nodeselector and annotations (#5) 2019-08-05 12:31:06 -04:00
Justin Weissig
21eee8e76d bump to 1.2 (#4) 2019-08-02 16:17:26 -04:00
Jason O'Donnell
b7469914e2
Refactor chart for 1.0, add tests, update TF (#2) 
* Refactor chart for 1.0, add tests, update TF

* Fix typo in helper comment

* Add NOTES for post install instructions

* Fix typo in NOTES

* Fix replication port for enterprise

* Change updateStrategy to OnDelete

* Add icon

* Remove cluster address from config

* Update README, add contributing doc

* Update README

* Change HA replicas to 3
 2019-07-31 14:26:12 -04:00
Jason O'Donnell
ca40087add
Remove unused DNS service (#1) 2019-07-02 13:29:36 -04:00
Clint Shryock
001ff9450f
comment out the auto-unseal blocks 2018-12-03 16:08:20 -06:00
Clint Shryock
0e61f4f581
add/update how disruption budget works 2018-12-03 11:30:50 -06:00
Clint Shryock
81b11691ae
add service disruption back for HA setup 2018-11-30 16:29:46 -06:00
Clint Shryock
66211943e8
update values, single-server and test 2018-11-27 15:45:32 -06:00
Clint Shryock
c4d630f38f
default single server mode 2018-11-27 15:26:48 -06:00
Clint Shryock
34e0b377d9
rename consulHA to serverHA; add dev mode, update config and values 2018-11-26 16:12:03 -06:00
Clint Shryock
666cdb75cc
add dev mode 2018-11-26 15:35:52 -06:00
Clint Shryock
bcc8a8db5f
re-add seperate config map file for single server. Update config/values and statefulsets. Add auto-unseal config to single server 2018-11-26 11:44:05 -06:00
Clint Shryock
616e262518
update values to default 1 server, for easier init/setup 2018-11-20 16:23:39 -06:00
Clint Shryock
3b31f76981
update values to use gcpkms key for auto-unseal 2018-11-20 16:23:16 -06:00
Clint Shryock
b0944d48df
consolidate config-map 2018-11-19 14:49:30 -06:00
Clint Shryock
0d3280254c
update values, correct security spot for contianers 2018-11-16 16:46:29 -06:00
Clint Shryock
61f1b646ea
use '-' for default server 2018-11-16 16:08:00 -06:00
Clint Shryock
70c3d04430
update beta version 2018-11-16 15:52:25 -06:00
Clint Shryock
4011d88c27
snapshot 2018-10-29 10:36:53 -05:00
Clint Shryock
9e8d74de04
Add stateless configuration. Assumes a consul deployed 2018-10-08 16:35:20 -05:00
Clint Shryock
2061e199d4
probably wrong format values 2018-10-05 16:34:07 -05:00
Clint Shryock
69a97d5ba8
remove unused things for default, single pod setup 2018-10-05 16:11:45 -05:00
Clint Shryock
95024c4d3f
minor tweaks 2018-10-04 15:07:41 -05:00
Clint Shryock
d72a939a51
really ugly hack/slash proof-of-concept, forked from consul-helm 2018-10-02 16:14:57 -05:00
Clint Shryock
e1304d0c6b
trim, s/Consul/Vault 2018-09-28 15:45:58 -05:00
Mitchell Hashimoto
71b899159c
add global.imageK8S for consul-k8s 2018-09-25 09:19:19 -05:00
Mitchell Hashimoto
560c461c9b
ability to specify prefix for catalog sync 2018-09-25 09:15:44 -05:00
Mitchell Hashimoto
0931239bee
disable catalog sync by default 2018-09-22 16:45:51 -07:00
Mitchell Hashimoto
f39ac481aa
syncCatalog templates 2018-09-22 16:06:24 -07:00
Mitchell Hashimoto
85538787e7
Unit tests for storageClass 2018-09-22 09:57:36 -07:00
Maciek Misztal
febaab96fa #7 added an optional storageClass to the server-statefuset 2018-09-20 21:35:08 +02:00
Jack Pearkes
d3351086d2
values: update to consul 1.2.3 
Consul 1.2.3 was released today.
 2018-09-13 09:27:29 -07:00
Mitchell Hashimoto
52e069d67f
Fix up helm test to use the local client 2018-09-11 19:43:05 -07:00
Mitchell Hashimoto
64670ed470
Add consul-dns service 2018-09-11 17:53:02 -07:00
Mitchell Hashimoto
2434fe5a43
clients support extraVolumes 2018-09-08 08:35:07 -07:00
Mitchell Hashimoto
2488f92a23
Support extraVolumes for server, will add for client soon 2018-09-08 08:28:13 -07:00
Mitchell Hashimoto
c9a5588264
Move datacenter to global 2018-09-08 07:52:31 -07:00
Mitchell Hashimoto
08ff19831a
support Values.client.resources 2018-09-08 07:50:23 -07:00
Mitchell Hashimoto
71e2fefc62
extraConfig support for consul clients 2018-09-08 07:41:54 -07:00
Mitchell Hashimoto
9d37c9f2f1
Support global.image value 2018-09-05 07:45:54 -07:00
Mitchell Hashimoto
44a9e948c1
disable the connect injection for now since that is wip 2018-09-03 12:57:47 -07:00
Mitchell Hashimoto
fc6d86b96d
test/unit: connect inject Deployment 2018-09-03 09:31:57 -07:00
Mitchell Hashimoto
489a396b4c
test/unit: UI service 2018-09-03 09:15:28 -07:00
Mitchell Hashimoto
5e1e1b1bf6
test/unit: client DaemonSet 2018-09-03 09:08:57 -07:00
Mitchell Hashimoto
fc30ae877e
test/unit: test DisruptionBudget 2018-09-03 08:58:19 -07:00
Mitchell Hashimoto
83fc9d981c
add unit tests that use helm template 2018-09-03 08:42:25 -07:00
Mitchell Hashimoto
d2558a0be3
use globals.domain instead of common in case we refactor later 2018-09-02 16:19:45 -07:00
Mitchell Hashimoto
3a61646b1d
Add global.enabled to disable all components by default 2018-09-02 16:19:11 -07:00
Mitchell Hashimoto
3a55af62fe
Allow overridable inject image, test images 2018-08-21 10:25:37 -07:00
Mitchell Hashimoto
323feba49c
Move chart to top-level 2018-08-18 14:20:04 -07:00