Skip to content

Commit

Permalink
Vault injector use HA service as Vault address if available. (hashico…
Browse files Browse the repository at this point in the history 
…rp#1021)
  • Loading branch information
@AdrianFarmadin
AdrianFarmadin committed Nov 5, 2024
1 parent 06948d7 commit 05ea807
Show file tree
Hide file tree
Showing 7 changed files with 58 additions and 5 deletions.
7 changes: 7 additions & 0 deletions templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1112,3 +1112,10 @@ https://github.com/helm/helm/blob/50c22ed7f953fadb32755e5881ba95a92da852b2/pkg/e
{{- $config | nindent 4 | trim }}
{{- end -}}
{{- end -}}
{{/*
vault internal k8s address
*/}}
{{- define "vault.internalAddress" -}}
{{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}{{- if eq .mode "ha" -}}-active{{- end -}}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}
{{- end -}}
2 changes: 1 addition & 1 deletion templates/csi-agent-configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ data:
{{- if .Values.global.externalVaultAddr }}
"address" = "{{ .Values.global.externalVaultAddr }}"
{{- else }}
"address" = "{{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}"
"address" = "{{ include "vault.internalAddress" . }}"
{{- end }}
}
Expand Down
2 changes: 1 addition & 1 deletion templates/csi-daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ spec:
{{- else if .Values.global.externalVaultAddr }}
value: "{{ .Values.global.externalVaultAddr }}"
{{- else }}
value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}
value: {{ include "vault.internalAddress" . }}
{{- end }}
volumeMounts:
- name: providervol
Expand Down
2 changes: 1 addition & 1 deletion templates/injector-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ spec:
{{- else if .Values.injector.externalVaultAddr }}
value: "{{ .Values.injector.externalVaultAddr }}"
{{- else }}
value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}
value: {{ include "vault.internalAddress" . }}
{{- end }}
- name: AGENT_INJECT_VAULT_AUTH_PATH
value: {{ .Values.injector.authPath }}
Expand Down
2 changes: 1 addition & 1 deletion templates/tests/server-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ spec:
imagePullPolicy: {{ .Values.server.image.pullPolicy }}
env:
- name: VAULT_ADDR
value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}
value: {{ include "vault.internalAddress" . }}
{{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
command:
- /bin/sh
Expand Down
24 changes: 23 additions & 1 deletion test/unit/csi-agent-configmap.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,4 +61,26 @@ load _helpers
. | tee /dev/stderr |
yq -r '.data["config.hcl"]' | tee /dev/stderr)
echo "${actual}" | grep "http://vault-outside"
}
}

@test "csi/Agent-ConfigMap: Vault internal addr" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/csi-agent-configmap.yaml \
--set "csi.enabled=true" \
--set 'server.ha.enabled=false' \
. | tee /dev/stderr |
yq -r '.data["config.hcl"]' | tee /dev/stderr)
echo "${actual}" | grep "http://release-name-vault.default.svc:8200"
}

@test "csi/Agent-ConfigMap: Vault internal HA addr" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/csi-agent-configmap.yaml \
--set "csi.enabled=true" \
--set 'server.ha.enabled=true' \
. | tee /dev/stderr |
yq -r '.data["config.hcl"]' | tee /dev/stderr)
echo "${actual}" | grep "http://release-name-vault-active.default.svc:8200"
}
24 changes: 24 additions & 0 deletions test/unit/injector-deployment.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1126,3 +1126,27 @@ EOF
yq -r '.spec.strategy.rollingUpdate.maxUnavailable' | tee /dev/stderr)
[ "${actual}" = "1" ]
}

@test "injector/deployment: internal Vault standalone addr" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
--set 'server.ha.enabled=false' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local value=$(echo $object |
yq -r 'map(select(.name=="AGENT_INJECT_VAULT_ADDR")) | .[] .value' | tee /dev/stderr)
[ "${value}" = "http://release-name-vault.default.svc:8200" ]
}

@test "injector/deployment: internal Vault HA addr" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
--set 'server.ha.enabled=true' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local value=$(echo $object |
yq -r 'map(select(.name=="AGENT_INJECT_VAULT_ADDR")) | .[] .value' | tee /dev/stderr)
[ "${value}" = "http://release-name-vault-active.default.svc:8200" ]
}

0 comments on commit 05ea807

Please sign in to comment.