diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 8d4599cae..e29ff5567 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -289,6 +289,7 @@ storage might be desired by the user. - metadata: name: data {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }} + {{- include "vault.dataVolumeClaim.labels" . | nindent 6 }} spec: accessModes: - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }} @@ -303,6 +304,7 @@ storage might be desired by the user. - metadata: name: audit {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }} + {{- include "vault.auditVolumeClaim.labels" . | nindent 6 }} spec: accessModes: - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }} @@ -782,6 +784,21 @@ Sets VolumeClaim annotations for data volume {{- end }} {{- end -}} +{{/* +Sets VolumeClaim labels for data volume +*/}} +{{- define "vault.dataVolumeClaim.labels" -}} + {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.labels) }} + labels: + {{- $tp := typeOf .Values.server.dataStorage.labels }} + {{- if eq $tp "string" }} + {{- tpl .Values.server.dataStorage.labels . | nindent 4 }} + {{- else }} + {{- toYaml .Values.server.dataStorage.labels | nindent 4 }} + {{- end }} + {{- end }} +{{- end -}} + {{/* Sets VolumeClaim annotations for audit volume */}} @@ -797,6 +814,21 @@ Sets VolumeClaim annotations for audit volume {{- end }} {{- end -}} +{{/* +Sets VolumeClaim labels for audit volume +*/}} +{{- define "vault.auditVolumeClaim.labels" -}} + {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.labels) }} + labels: + {{- $tp := typeOf .Values.server.auditStorage.labels }} + {{- if eq $tp "string" }} + {{- tpl .Values.server.auditStorage.labels . | nindent 4 }} + {{- else }} + {{- toYaml .Values.server.auditStorage.labels | nindent 4 }} + {{- end }} + {{- end }} +{{- end -}} + {{/* Set's the container resources if the user has set any. */}} diff --git a/test/unit/server-statefulset.bats b/test/unit/server-statefulset.bats index de3ee2bdd..a6c280b81 100755 --- a/test/unit/server-statefulset.bats +++ b/test/unit/server-statefulset.bats @@ -1898,3 +1898,49 @@ load _helpers yq -r '.spec.template.spec.containers[0].livenessProbe.httpGet.port' | tee /dev/stderr) [ "${actual}" = "8200" ] } + +#-------------------------------------------------------------------- +# labels +@test "server/standalone-StatefulSet: auditStorage volumeClaim labels string" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.auditStorage.enabled=true' \ + --set 'server.auditStorage.labels=vaultIsAwesome: true' \ + . | tee /dev/stderr | + yq -r '.spec.volumeClaimTemplates[1].metadata.labels["vaultIsAwesome"]' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "server/standalone-StatefulSet: dataStorage volumeClaim labels string" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.dataStorage.enabled=true' \ + --set 'server.dataStorage.labels=vaultIsAwesome: true' \ + . | tee /dev/stderr | + yq -r '.spec.volumeClaimTemplates[0].metadata.labels["vaultIsAwesome"]' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "server/standalone-StatefulSet: auditStorage volumeClaim labels yaml" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.auditStorage.enabled=true' \ + --set 'server.auditStorage.labels.vaultIsAwesome=true' \ + . | tee /dev/stderr | + yq -r '.spec.volumeClaimTemplates[1].metadata.labels["vaultIsAwesome"]' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "server/standalone-StatefulSet: dataStorage volumeClaim labels yaml" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.dataStorage.enabled=true' \ + --set 'server.dataStorage.labels.vaultIsAwesome=true' \ + . | tee /dev/stderr | + yq -r '.spec.volumeClaimTemplates[0].metadata.labels["vaultIsAwesome"]' | tee /dev/stderr) + [ "${actual}" = "true" ] +} diff --git a/values.schema.json b/values.schema.json index 6a8b350ce..4199cbc65 100644 --- a/values.schema.json +++ b/values.schema.json @@ -559,6 +559,12 @@ "string" ] }, + "labels": { + "type": [ + "object", + "string" + ] + }, "enabled": { "type": [ "boolean", @@ -599,6 +605,12 @@ "string" ] }, + "labels": { + "type": [ + "object", + "string" + ] + }, "enabled": { "type": [ "boolean", diff --git a/values.yaml b/values.yaml index 781b930af..5af2aa4a2 100644 --- a/values.yaml +++ b/values.yaml @@ -755,6 +755,8 @@ server: accessMode: ReadWriteOnce # Annotations to apply to the PVC annotations: {} + # Labels to apply to the PVC + labels: {} # This configures the Vault Statefulset to create a PVC for audit # logs. Once Vault is deployed, initialized, and unsealed, Vault must @@ -774,6 +776,8 @@ server: accessMode: ReadWriteOnce # Annotations to apply to the PVC annotations: {} + # Labels to apply to the PVC + labels: {} # Run Vault in "dev" mode. This requires no further setup, no state management, # and no initialization. This is useful for experimenting with Vault without