Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openbao-helm/test/docker/Test.dockerfile
Christopher Swenson d186b6ff29
Add annotation on config change (#1001) 
When updating the Vault config (and corresponding)
configmap, we now generate a checksum of the config
and set it as an annotation on both the configmap
and the Vault StatefulSet pod template.

This allows the deployer to know what pods need to
be restarted to pick up the a changed config.

We still recommend using the standard upgrade
[method for Vault on Kubernetes](https://developer.hashicorp.com/vault/tutorials/kubernetes/kubernetes-raft-deployment-guide#upgrading-vault-on-kubernetes),
i.e., using the `OnDelete` strategy
for the Vault StatefulSet, so updating the config
and doing a `helm upgrade` should not trigger the
pods to restart, and then deleting pods one
at a time, starting with the standby pods.

With `kubectl` and `jq`, you can check check which
pods need to be updated by first getting the value
of the current configmap checksum:

```shell
kubectl get pods -o json | jq -r ".items[] | select(.metadata.annotations.\"config/checksum\" != $(kubectl get configmap vault-config -o json | jq '.metadata.annotations."config/checksum"') ) | .metadata.name"
```

Fixes #748.

---------

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2024-03-18 11:03:56 -07:00

58 lines
2 KiB
Docker
Raw Blame History

# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
# This Dockerfile installs all the dependencies necessary to run the unit and
# acceptance tests. This image also contains gcloud so you can run tests
# against a GKE cluster easily.
#
# This image has no automatic entrypoint. It is expected that you'll run
# a script to configure kubectl, potentially install Helm, and run the tests
# manually. This image only has the dependencies pre-installed.
FROM docker.mirror.hashicorp.services/alpine:latest
WORKDIR /root
ENV BATS_VERSION "1.3.0"
ENV TERRAFORM_VERSION "0.12.10"
# base packages
RUN apk update && apk add --no-cache --virtual .build-deps \
ca-certificates \
curl \
tar \
bash \
openssl \
py-pip \
git \
make \
jq
# yq
RUN python3 -m venv venv && \
. venv/bin/activate && \
pip install yq && \
ln -s $PWD/venv/bin/yq /usr/local/bin/yq && \
deactivate
# gcloud
RUN curl -OL https://dl.google.com/dl/cloudsdk/channels/rapid/install_google_cloud_sdk.bash && \
bash install_google_cloud_sdk.bash --disable-prompts --install-dir='/root/' && \
ln -s /root/google-cloud-sdk/bin/gcloud /usr/local/bin/gcloud
# terraform
RUN curl -sSL https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip -o /tmp/tf.zip \
&& unzip /tmp/tf.zip \
&& ln -s /root/terraform /usr/local/bin/terraform
# kubectl
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && \
chmod +x ./kubectl && \
mv ./kubectl /usr/local/bin/kubectl
# helm
RUN curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
# bats
RUN curl -sSL https://github.com/bats-core/bats-core/archive/v${BATS_VERSION}.tar.gz -o /tmp/bats.tgz \
&& tar -zxf /tmp/bats.tgz -C /tmp \
&& /bin/bash /tmp/bats-core-$BATS_VERSION/install.sh /usr/local
Reference in a new issue View git blame Copy permalink