eca526b1ce
Prepare for 0.21.0 release CHANGES: * `vault-k8s` updated to 0.17.0. (this) * `vault-csi-provider` updated to 1.2.0 (this) * `vault` updated to 1.11.2 (this) * Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744) * Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745) * CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745) Features: * server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767) * csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767) * injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767) * Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610) * Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753) |
||
|---|---|---|
| .. | ||
| acceptance | ||
| chart | ||
| docker | ||
| kind | ||
| terraform | ||
| unit | ||
| README.md | ||
Vault Helm Tests
Running Vault Helm Acceptance tests
The Makefile at the top level of this repo contains a few target that should help with running acceptance tests in your own GKE instance or in a kind cluster.
Note that for the Vault Enterprise tests to pass, a VAULT_LICENSE_CI environment variable needs to be set to the contents of a valid Vault Enterprise license.
Running in a GKE cluster
- Set the
GOOGLE_CREDENTIALSandCLOUDSDK_CORE_PROJECTvariables at the top of the file.GOOGLE_CREDENTIALSshould contain the local path to your Google Cloud Platform account credentials in JSON format.CLOUDSDK_CORE_PROJECTshould be set to the ID of your GCP project. - Run
make test-imageto create the docker image (with dependencies installed) that will be re-used in the below steps. - Run
make test-provisionto provision the GKE cluster using terraform. - Run
make test-acceptanceto run the acceptance tests in this already provisioned cluster. - You can choose to only run certain tests by setting the ACCEPTANCE_TESTS variable and re-running the above target.
- Run
make test-destroywhen you have finished testing and want to tear-down and remove the cluster.
Running in a kind cluster
- Run
make test-acceptance LOCAL_ACCEPTANCE_TESTS=true - You can choose to only run certain tests by setting the
ACCEPTANCE_TESTSvariable and re-running the above target. - Run
make delete-kindwhen you have finished testing and want to tear-down and remove the cluster. - You can set an alternate kind cluster name by specifying the
KIND_CLUSTER_NAMEvariable for any of the above targets. - You can set an alternate K8S version by specifying the
KIND_K8S_VERSIONvariable for any of the above targets.
See kind-quick-start if you don't have kind installed on your system.
Running chart verification tests
If chart-verifier is built and available in your PATH, run:
bats test/chart/verifier.bats
Or if you'd rather use the latest chart-verifier docker container, set USE_DOCKER:
USE_DOCKER=true bats test/chart/verifier.bats
Generating the values json schema
There is a make target for generating values.schema.json:
make values-schema
It relies on the helm schema-gen plugin. Note that some manual editing will be required, since several properties accept multiple data types.
Helm test
Vault Helm also contains a simple helm test under templates/tests/ that may be run against a helm release:
helm test <RELEASE_NAME>