Change config specification (#213)

* Change config specification As it is right now, the specification of the config is done through an string. When using storage backends like PostgreSQL, the password for the database has to be included in the config variable of the values file. This change allows to specify the configuration through a map, making the chart GitOps friendly. Now, sensitive values can be stored in a different values file or passed on deployment time with --set. To have a very generic specification: - I've assumed that the combination stanza (eg. storage) name (eg. file) is unique. - Quoted values for all stanza parameters. I tested a generated configuration in a vault docker image and it seems to work just fine. * Change config format to json * Add conditional formatting * Add config for raft mode
hashicorp · Apr 27, 2020 · 0f36ee3 · 0f36ee3
1 parent 1be2446
commit 0f36ee3
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 3 deletions.
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
@@ -83,7 +83,7 @@ defined a custom configuration.  Additionally iterates over any
 extra volumes the user may have specified (such as a secret with TLS).
 */}}
 {{- define "vault.volumes" -}}
-  {{- if and (ne .mode "dev") (or (ne .Values.server.standalone.config "")  (ne .Values.server.ha.config "")) }}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
         - name: config
           configMap:
             name: {{ template "vault.fullname" . }}-config
@@ -150,7 +150,7 @@ based on the mode configured.
               mountPath: /vault/data
     {{ end }}
   {{ end }}
-  {{ if and (ne .mode "dev") (or (ne .Values.server.standalone.config "")  (ne .Values.server.ha.config "")) }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
             - name: config
               mountPath: /vault/config
   {{ end }}

diff --git a/templates/server-config-configmap.yaml b/templates/server-config-configmap.yaml
@@ -1,7 +1,7 @@
 {{ template "vault.mode" . }}
 {{- if ne .mode "external" }}
 {{- if and (eq (.Values.global.enabled | toString) "true") (ne .mode "dev") -}}
-{{ if or (ne .Values.server.standalone.config "")  (ne .Values.server.ha.config "") -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -14,6 +14,9 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 data:
   extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
     disable_mlock = true
   {{- if eq .mode "standalone" }}
     {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
@@ -22,6 +25,14 @@ data:
   {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
     {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
   {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
 {{- end }}
 {{- end }}
 {{- end }}