Add volumes and env vars to helm hook test pod #673
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
Iristyle
force-pushed
the
gh-665-make-vault-test-pod-configurable
branch
from
7a7af2f
to
ab6813f
Compare
Iristyle
force-pushed
the
gh-665-make-vault-test-pod-configurable
branch
9 times, most recently
from
6512fc5
to
bde931c
Compare
Iristyle
commented
Jan 11, 2022
templates/tests/server-test.yaml
Outdated
| @@ -35,6 +37,9 @@ spec: | |||
| fi | |||
|
|
|||
| exit 0 | |||
|
|
|||
| volumeMounts: | |||
| {{ template "vault.mounts" . }} | |||
There was a problem hiding this comment.
This drags in the audit and data volumes which doesn't make sense... shooting for something simpler
Iristyle
force-pushed
the
gh-665-make-vault-test-pod-configurable
branch
from
bde931c
to
e45c3db
Compare
|
I've verified this fixes the TLS issues in the test chart. Logs now look like: |
tvoran
added
enhancement
tvoran
reviewed
Jan 12, 2022
| @@ -537,7 +537,7 @@ load _helpers | |||
| cd `chart_dir` | |||
| local object=$(helm template \ | |||
| --show-only templates/server-statefulset.yaml \ | |||
| --set 'server.stanadlone.enabled=true' \ | |||
| --set 'server.standalone.enabled=true' \ | |||
templates/tests/server-test.yaml
Outdated
Comment on lines
39
to
48
| volumeMounts: | ||
| {{- if .Values.server.volumeMounts }} | ||
| {{- toYaml .Values.server.volumeMounts | nindent 12}} | ||
| {{- end }} | ||
| volumes: | ||
| {{- if .Values.server.volumes }} | ||
| {{- toYaml .Values.server.volumes | nindent 8}} | ||
| {{- end }} |
There was a problem hiding this comment.
I think the indents can be four less (8 and 4) since it's in a Pod instead of a Deployment template.
Suggested change
| volumeMounts: | |
| {{- if .Values.server.volumeMounts }} | |
| {{- toYaml .Values.server.volumeMounts | nindent 12}} | |
| {{- end }} | |
| volumes: | |
| {{- if .Values.server.volumes }} | |
| {{- toYaml .Values.server.volumes | nindent 8}} | |
| {{- end }} | |
| volumeMounts: | |
| {{- if .Values.server.volumeMounts }} | |
| {{- toYaml .Values.server.volumeMounts | nindent 8}} | |
| {{- end }} | |
| volumes: | |
| {{- if .Values.server.volumes }} | |
| {{- toYaml .Values.server.volumes | nindent 4}} | |
| {{- end }} |
There was a problem hiding this comment.
I can re-render and check... but I also did verify that the current indentation works in a live deployment to map the volumes in question.
There was a problem hiding this comment.
You were right on the indentation rendering wrong -- verified with
helm template --show-only templates/tests/server-test.yaml --set 'server.volumes[0].name=plugins' --set 'server.volumes[0].emptyDir={}' --set 'server.volumeMounts[0].name=plugins' --set 'server.volumeMounts[0].mountPath=/usr/local/libexec/vault' --set 'server.volumeMounts[0].readOnly=true' .
Iristyle
force-pushed
the
gh-665-make-vault-test-pod-configurable
branch
2 times, most recently
from
fa5f4a4
to
d1c9508
Compare
|
Follow-on PR at #678 brings some more feature parity to the test pod |
tvoran
reviewed
Jan 19, 2022
- This covers all existing functionality that matches what's present in server-statefulset.bats
Iristyle
force-pushed
the
gh-665-make-vault-test-pod-configurable
branch
from
d1c9508
to
694f2da
Compare
- Properly adhere to the global.enabled flag and the presence of the injector.externalVaultAddr setting, the same way that the servers StatefulSet behaves
- Uses the same extraEnvironmentVars, volumes and volumeMounts set on the server statefulset to configure the Vault server test pod used by the helm test hook - This is necessary in situations where TLS is configured, but the certificates are not affiliated with the k8s CA / part of k8s PKI - Fixes hashicorpGH-665
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix test typo
Add basic server-test Pod tests
present in server-statefulset.bats
Fix server-test helm hook Pod rendering
the injector.externalVaultAddr setting, the same way that
the servers StatefulSet behaves
Uses the same extraEnvironmentVars, volumes and volumeMounts set on
the server statefulset to configure the Vault server test pod used by
the helm test hook
This is necessary in situations where TLS is configured, but the
certificates are not affiliated with the k8s CA / part of k8s PKI
Fixes Test Helm Hook Pod should be more configurable #665