Merge branch 'develop' of https://github.com/solacedev/vault-helm int…

…o DATAGO-59818/upgrading-vault-to-1.13
SolaceDev · Aug 24, 2023 · 6da1130 · 6da1130
2 parents 23131a2 + da14670
commit 6da1130
Show file tree

Hide file tree

Showing 6 changed files with 95 additions and 57 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -177,7 +177,6 @@ Improvements:
 * Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
 * Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
 
-
 ## 0.13.0 (June 17th, 2021)
 
 Improvements:

diff --git a/templates/csi-daemonset.yaml b/templates/csi-daemonset.yaml
@@ -73,6 +73,13 @@ spec:
             {{- else }}
               value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
             {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
           volumeMounts:
             - name: providervol
               mountPath: "/provider"

diff --git a/templates/server-clusterrolebinding.yaml b/templates/server-clusterrolebinding.yaml
@@ -26,4 +26,4 @@ subjects:
 - kind: ServiceAccount
   name: {{ template "vault.serviceAccount.name" . }}
   namespace: {{ .Release.Namespace }}
-{{ end }}
+{{ end }}
diff --git a/test/unit/injector-deployment.bats b/test/unit/injector-deployment.bats
@@ -1041,58 +1041,4 @@ EOF
   local value=$(echo $object |
       yq -r 'map(select(.name=="AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE")) | .[] .value' | tee /dev/stderr)
   [ "${value}" = "false" ]
-}
-
-@test "injector/deployment: agent default template_config.static_secret_render_interval" {
-  cd `chart_dir`
-  local object=$(helm template \
-      --show-only templates/injector-deployment.yaml  \
-      . | tee /dev/stderr |
-      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
-
-  local value=$(echo $object |
-      yq -r 'map(select(.name=="AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL")) | .[] .value' | tee /dev/stderr)
-  [ "${value}" = "" ]
-}
-
-@test "injector/deployment: can set agent template_config.static_secret_render_interval" {
-  cd `chart_dir`
-  local object=$(helm template \
-      --show-only templates/injector-deployment.yaml  \
-      --set='injector.agentDefaults.templateConfig.staticSecretRenderInterval=1m' \
-      . | tee /dev/stderr |
-      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
-
-  local value=$(echo $object |
-      yq -r 'map(select(.name=="AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL")) | .[] .value' | tee /dev/stderr)
-  [ "${value}" = "1m" ]
-}
-
-@test "injector/deployment: strategy default" {
-  cd `chart_dir`
-  local actual=$(helm template \
-      --show-only templates/injector-deployment.yaml  \
-      . | tee /dev/stderr |
-      yq -r '.spec.strategy' | tee /dev/stderr)
-  [ "${actual}" = "null" ]
-}
-
-@test "injector/deployment: strategy set as string" {
-  cd `chart_dir`
-  local actual=$(helm template \
-      --show-only templates/injector-deployment.yaml  \
-      --set="injector.strategy=testing"  \
-      . | tee /dev/stderr |
-      yq -r '.spec.strategy' | tee /dev/stderr)
-  [ "${actual}" = "testing" ]
-}
-
-@test "injector/deployment: strategy can be set as YAML" {
-  cd `chart_dir`
-  local actual=$(helm template \
-      --show-only templates/injector-deployment.yaml \
-      --set 'injector.strategy.rollingUpdate.maxUnavailable=1' \
-      . | tee /dev/stderr |
-      yq -r '.spec.strategy.rollingUpdate.maxUnavailable' | tee /dev/stderr)
-  [ "${actual}" = "1" ]
-}
+}
diff --git a/test/unit/server-statefulset.bats b/test/unit/server-statefulset.bats
@@ -1913,3 +1913,86 @@ load _helpers
       yq -r -c '.spec.template.spec.containers[0].env[] | select(.name == "VAULT_LICENSE_PATH")' | tee /dev/stderr)
       [ "${actual}" = '' ]
 }
+
+#--------------------------------------------------------------------
+# securityContext
+
+@test "server/standalone-StatefulSet: default statefulSet.securityContext.pod" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.securityContext' | tee /dev/stderr)
+  [ ! "${actual}" = "null" ]
+}
+
+@test "server/standalone-StatefulSet: default statefulSet.securityContext.container" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].securityContext' | tee /dev/stderr)
+  [ ! "${actual}" = "null" ]
+}
+
+@test "server/standalone-StatefulSet: specify statefulSet.securityContext.pod yaml" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml \
+      --set 'server.statefulSet.securityContext.pod.foo=bar' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.securityContext.foo' | tee /dev/stderr)
+  [ "${actual}" = "bar" ]
+}
+
+@test "server/standalone-StatefulSet: specify statefulSet.securityContext.container yaml" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml \
+      --set 'server.statefulSet.securityContext.container.foo=bar' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].securityContext.foo' | tee /dev/stderr)
+  [ "${actual}" = "bar" ]
+}
+
+@test "server/standalone-StatefulSet: specify statefulSet.securityContext.pod yaml string" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml \
+      --set 'server.statefulSet.securityContext.pod=foo: bar' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.securityContext.foo' | tee /dev/stderr)
+  [ "${actual}" = "bar" ]
+}
+
+@test "server/standalone-StatefulSet: specify statefulSet.securityContext.container yaml string" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml \
+      --set 'server.statefulSet.securityContext.container=foo: bar' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].securityContext.foo' | tee /dev/stderr)
+  [ "${actual}" = "bar" ]
+}
+
+#--------------------------------------------------------------------
+# hostNetwork
+
+@test "server/StatefulSet: server.hostNetwork not set" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.hostNetwork' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+}
+
+@test "server/StatefulSet: server.hostNetwork is set" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml \
+      --set 'server.hostNetwork=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.hostNetwork' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
diff --git a/values.schema.json b/values.schema.json
@@ -87,6 +87,9 @@
                         }
                     }
                 },
+                "priorityClassName": {
+                    "type": "string"
+                },
                 "debug": {
                     "type": "boolean"
                 },