feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)

* Add objectSelector to webhookconfiguration (hashicorp#456) * changelog++ * Add CSI secrets store provider (hashicorp#461) * updating acceptance tests to k8s 1.17 on gke (hashicorp#473) * changelog++ * Target vault-csi-provider release 0.1.0 (hashicorp#475) * Update to 0.10.0 (hashicorp#477) * Update to v0.10.0 * Fix typo * Add csi link in changelog * Add volumes and mounts support for CSI (hashicorp#479) * Remove extraVolumes from CSI, add volumes and mounts * Add better example * changelog++ * Remove extra word in readme (hashicorp#482) * fix csi helm deployment (hashicorp#486) * fix serviceaccount and clusterrole name reference (full name) * add server.enabled option, align with documentation * add unit tests * update server.enabled behaviour to explicit true and update tests * changelog++ * add hostNetwork value to injector deployment (hashicorp#471) * add hostNetwork value to injector deployment * adding unit tests * changelog++ * feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (hashicorp#460) Refs hashicorp#361 * changelog++ * Add logLevel and logFormat values for Vault (hashicorp#488) * Add logLevel and logFormat values for Vault * Add configurable tests * Update order of log levels * Update values.yaml * Update per review * Update test/unit/server-statefulset.bats Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> * Update test/unit/server-statefulset.bats Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> * changelog++ * Custom value of agent port (hashicorp#489) * configure the agent port * add unit test * remove default * remove default * Update values.yaml Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * changelog++ * Add injector agent default overrides (hashicorp#493) * Add injector agent default overrides * Update test/unit/injector-deployment.bats Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Update test/unit/injector-deployment.bats Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Update test/unit/injector-deployment.bats Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * changelog++ * [injector] Add port name in injector service (hashicorp#495) * [injector] Add port name in injector service * [injector] Hardcore port to https * changelog++ * Fix injector unit test failing (hashicorp#496) * Fix injector unit test failing * Add null check * Add default if unset for CI * Remove redundant logic (hashicorp#434) * Update to v0.11.0 (hashicorp#497) * Add container based tests documentation (hashicorp#492) * update documentation with running unit tests using container * promote bats version to 1.3.0 * Update CONTRIBUTING.md Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * Update CONTRIBUTING.md Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * Set kubeVersion and added chart-verifier tests (hashicorp#510) Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats test, and configured to run it in CI. Some verification tests that haven't been addressed yet are skipped. * changelog++ * match kubeVersion on semver pre-releases (hashicorp#512) Since clouds like GKE set their kubeVersion as a pre-release (e.g. v1.17.17-gke.6700) * Add ImagePullSecrets to CSI daemonset (hashicorp#519) * changelog++ * changelog++ * fix CONTRIBUTING.md (hashicorp#501) * updating to use new dedicated context and token (hashicorp#515) * added values json schema (hashicorp#513) Generated the schema using the helm schema-gen plugin, and added extra data types to fields that allow it, such as annotations, tolerations, enabled, etc. Enabled the "contains-value-schema" chart-verifier test. Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * changelog++ * [Issue-520] tolerations for csi-daemonset (hashicorp#521) Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * changelog++ * Add extraArgs value for CSI (hashicorp#526) * changelog++ * add schema unit tests (hashicorp#530) * Add UI targetPort option (hashicorp#437) Use custom `targetPort` for UI service. See the usecase in hashicorp#385 (comment) * changelog++ * Update to v0.12.0 (hashicorp#532) * Update to v0.12.0 * Update values.schema.json * Fix schema types * revert image repo * Adding helm test for vault server (hashicorp#531) Also adds acceptance test for 'helm test' and updates the chart-verifier version. * changelog++ * fix ui.serviceNodePort schema (hashicorp#537) UI service nodePort defaults to null, but is set as an integer * changelog++ * change maxUnavailable to integer (hashicorp#535) change maxUnavailable from `null` to `integer` to enable upgrade from 0.11.0 to 0.12.0 when using the specific variable. * Also allow null value Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * add test for server.ha.disruptionBudget.maxUnavailable Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * changelog++ * use vault-helm-test:0.2.0 (hashicorp#543) * Added webhook-certs volume mount to sidecar injector (hashicorp#545) * Removed webhook-certs volume mount from leader-elector container * Added test: injector deployment manual TLS adds volume mount * changelog++ * Adding server.enterpriseLicense (hashicorp#547) Sets up a vault-enterprise license for autoloading on vault startup. Mounts an existing secret to /vault/license and sets VAULT_LICENSE_PATH appropriately. * changelog++ * Add openshift overrides (hashicorp#549) Adds default overrides for OpenShift (values.openshift.yaml) and uses them in the chart-verifier tests. * changelog++ * Update to v0.13.0 (hashicorp#554) * Explain this fork in the README * Adding support for LoadBalancerIP field in ServiceSpec * DATAGO-13861: Adding support for logrotate * DATAGO-13861: Adding audit log rotation and shipment to datdog * Fixing minor typos and removing extra lines * DATAGO-13861: Adding support for logrotate * DATAGO-13861: Adding audit log rotation and shipment to datdog * Fixing minor typos and removing extra lines * feat(DATAGO-27002): Upgrade to 1.7.9 * chore(DATAGO-27002): Fix doc issue Co-authored-by: guru1306 <tguru.ece@gmail.com> Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Paul <paul.coignet@datadoghq.com> Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com> Co-authored-by: Paul Witt <paul_witt@discovery.com> Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com> Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com> Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com> Co-authored-by: mehmetsalgar <salgarm@gmx.de> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Iñigo Horcajo <inigohu@gmail.com> Co-authored-by: Rule88 <rule88@users.noreply.github.com> Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com> Co-authored-by: Julian Setiawan <julian.setiawan@solace.com> Co-authored-by: marcboudreau <marc.boudreau@solace.com> Co-authored-by: Hadie Laham <hadie.laham@solace.com>
SolaceDev · Jul 31, 2023 · 8972bbd · 8972bbd
1 parent 84b5cd1
commit 8972bbd
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 54 deletions.
diff --git a/README.md b/README.md
@@ -46,6 +46,7 @@ Please see the many options supported in the `values.yaml`
 file. These are also fully documented directly on the
 [Vault website](https://www.vaultproject.io/docs/platform/k8s/helm.html).
 
+
 ## Customizations
 
 This Helm chart has been customized in the following ways:

diff --git a/templates/injector-deployment.yaml b/templates/injector-deployment.yaml
@@ -140,6 +140,42 @@ spec:
             periodSeconds: 2
             successThreshold: 1
             timeoutSeconds: 5
+        {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) (eq (.Values.injector.leaderElector.useContainer | toString) "true") }}
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+        {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+        - name: leader-elector
+          image: {{ .Values.injector.leaderElector.image.repository }}:{{ .Values.injector.leaderElector.image.tag }}
+          args:
+            - --election={{ template "vault.fullname" . }}-agent-injector-leader
+            - --election-namespace={{ .Release.Namespace }}
+            - --http=0.0.0.0:4040
+            - --ttl={{ .Values.injector.leaderElector.ttl }}
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 4040
+              scheme: HTTP
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 4040
+              scheme: HTTP
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+        {{- end }}
 {{- if .Values.injector.certs.secretName }}
           volumeMounts:
             - name: webhook-certs

diff --git a/test/unit/injector-deployment.bats b/test/unit/injector-deployment.bats
@@ -913,57 +913,3 @@ EOF
       yq -r 'map(select(.name=="AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE")) | .[] .value' | tee /dev/stderr)
   [ "${value}" = "false" ]
 }
-
-@test "injector/deployment: agent default template_config.static_secret_render_interval" {
-  cd `chart_dir`
-  local object=$(helm template \
-      --show-only templates/injector-deployment.yaml  \
-      . | tee /dev/stderr |
-      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
-
-  local value=$(echo $object |
-      yq -r 'map(select(.name=="AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL")) | .[] .value' | tee /dev/stderr)
-  [ "${value}" = "" ]
-}
-
-@test "injector/deployment: can set agent template_config.static_secret_render_interval" {
-  cd `chart_dir`
-  local object=$(helm template \
-      --show-only templates/injector-deployment.yaml  \
-      --set='injector.agentDefaults.templateConfig.staticSecretRenderInterval=1m' \
-      . | tee /dev/stderr |
-      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
-
-  local value=$(echo $object |
-      yq -r 'map(select(.name=="AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL")) | .[] .value' | tee /dev/stderr)
-  [ "${value}" = "1m" ]
-}
-
-@test "injector/deployment: strategy default" {
-  cd `chart_dir`
-  local actual=$(helm template \
-      --show-only templates/injector-deployment.yaml  \
-      . | tee /dev/stderr |
-      yq -r '.spec.strategy' | tee /dev/stderr)
-  [ "${actual}" = "null" ]
-}
-
-@test "injector/deployment: strategy set as string" {
-  cd `chart_dir`
-  local actual=$(helm template \
-      --show-only templates/injector-deployment.yaml  \
-      --set="injector.strategy=testing"  \
-      . | tee /dev/stderr |
-      yq -r '.spec.strategy' | tee /dev/stderr)
-  [ "${actual}" = "testing" ]
-}
-
-@test "injector/deployment: strategy can be set as YAML" {
-  cd `chart_dir`
-  local actual=$(helm template \
-      --show-only templates/injector-deployment.yaml \
-      --set 'injector.strategy.rollingUpdate.maxUnavailable=1' \
-      . | tee /dev/stderr |
-      yq -r '.spec.strategy.rollingUpdate.maxUnavailable' | tee /dev/stderr)
-  [ "${actual}" = "1" ]
-}