New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add volumes and env vars to helm hook test pod #673
Add volumes and env vars to helm hook test pod #673
Conversation
7a7af2f
to
ab6813f
Compare
6512fc5
to
bde931c
Compare
templates/tests/server-test.yaml
Outdated
@@ -35,6 +37,9 @@ spec: | |||
fi | |||
|
|||
exit 0 | |||
|
|||
volumeMounts: | |||
{{ template "vault.mounts" . }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This drags in the audit
and data
volumes which doesn't make sense... shooting for something simpler
bde931c
to
e45c3db
Compare
I've verified this fixes the TLS issues in the test chart. Logs now look like:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would you mind adding unit tests for these options? I think it's probably time we added a test/unit/server-test.bats
. Should be able to use server-statefulset.bats for examples of testing extraEnvironmentVars
, volumeMounts
, and volumes
.
@@ -537,7 +537,7 @@ load _helpers | |||
cd `chart_dir` | |||
local object=$(helm template \ | |||
--show-only templates/server-statefulset.yaml \ | |||
--set 'server.stanadlone.enabled=true' \ | |||
--set 'server.standalone.enabled=true' \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice catch!
templates/tests/server-test.yaml
Outdated
volumeMounts: | ||
{{- if .Values.server.volumeMounts }} | ||
{{- toYaml .Values.server.volumeMounts | nindent 12}} | ||
{{- end }} | ||
volumes: | ||
{{- if .Values.server.volumes }} | ||
{{- toYaml .Values.server.volumes | nindent 8}} | ||
{{- end }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the indents can be four less (8 and 4) since it's in a Pod instead of a Deployment template.
volumeMounts: | |
{{- if .Values.server.volumeMounts }} | |
{{- toYaml .Values.server.volumeMounts | nindent 12}} | |
{{- end }} | |
volumes: | |
{{- if .Values.server.volumes }} | |
{{- toYaml .Values.server.volumes | nindent 8}} | |
{{- end }} | |
volumeMounts: | |
{{- if .Values.server.volumeMounts }} | |
{{- toYaml .Values.server.volumeMounts | nindent 8}} | |
{{- end }} | |
volumes: | |
{{- if .Values.server.volumes }} | |
{{- toYaml .Values.server.volumes | nindent 4}} | |
{{- end }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can re-render and check... but I also did verify that the current indentation works in a live deployment to map the volumes in question.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You were right on the indentation rendering wrong -- verified with
helm template --show-only templates/tests/server-test.yaml --set 'server.volumes[0].name=plugins' --set 'server.volumes[0].emptyDir={}' --set 'server.volumeMounts[0].name=plugins' --set 'server.volumeMounts[0].mountPath=/usr/local/libexec/vault' --set 'server.volumeMounts[0].readOnly=true' .
fa5f4a4
to
d1c9508
Compare
Follow-on PR at #678 brings some more feature parity to the test pod |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding all the tests. Just one more suggestion and I think we'll be good to go.
- This covers all existing functionality that matches what's present in server-statefulset.bats
d1c9508
to
694f2da
Compare
- Properly adhere to the global.enabled flag and the presence of the injector.externalVaultAddr setting, the same way that the servers StatefulSet behaves
- Uses the same extraEnvironmentVars, volumes and volumeMounts set on the server statefulset to configure the Vault server test pod used by the helm test hook - This is necessary in situations where TLS is configured, but the certificates are not affiliated with the k8s CA / part of k8s PKI - Fixes hashicorpGH-665
Fix test typo
Add basic server-test Pod tests
present in server-statefulset.bats
Fix server-test helm hook Pod rendering
the injector.externalVaultAddr setting, the same way that
the servers StatefulSet behaves
Uses the same extraEnvironmentVars, volumes and volumeMounts set on
the server statefulset to configure the Vault server test pod used by
the helm test hook
This is necessary in situations where TLS is configured, but the
certificates are not affiliated with the k8s CA / part of k8s PKI
Fixes Test Helm Hook Pod should be more configurable #665