Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new vault-k8s environment variables #219

Merged
merged 5 commits into from
Mar 6, 2020
Merged

Add new vault-k8s environment variables #219

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5764a87
Add new vault-k8s envs
jasonodonnell Mar 6, 2020
e197373
update vault image
jasonodonnell Mar 6, 2020
cb381d2
Add default tests for envs
jasonodonnell Mar 6, 2020
3bec793
Add note about supported log parameters
jasonodonnell Mar 6, 2020
9867854
Fix typo in test name
jasonodonnell Mar 6, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions templates/injector-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,10 @@ spec:
- name: AGENT_INJECT_TLS_AUTO_HOSTS
value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
{{- end }}
- name: AGENT_INJECT_LOG_FORMAT
value: {{ .Values.injector.logFormat | default "standard" }}
- name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
value: {{ .Values.injector.revokeOnShutdown | default false }}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like it needs to be a string (e.g,. "default "false")

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

More details:

$ helm install vault ./ --wait
Error: Deployment in version "v1" cannot be handled as a Deployment: v1.Deployment.Spec: v1.DeploymentSpec.Template: v1.PodTemplateSpec.Spec: v1.PodSpec.Containers: []v1.Container: v1.Container.Env: []v1.EnvVar: v1.EnvVar.Value: ReadString: expects " or n, but found f, error found in #10 byte of ...|,"value":false}],"im|..., bigger context ...|"name":"AGENT_INJECT_REVOKE_ON_SHUTDOWN","value":false}],"image":"hashicorp/vault-k8s:0.3.0","imageP|...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Fixed here: #221

args:
- agent-inject
- 2>&1
Expand Down
99 changes: 99 additions & 0 deletions test/unit/injector-deployment.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,3 +222,102 @@ load _helpers
yq -r '.[3].value' | tee /dev/stderr)
[ "${actual}" = "auth/k8s" ]
}

@test "injector/deployment: default logLevel" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)

local actual=$(echo $object |
yq -r '.[1].name' | tee /dev/stderr)
[ "${actual}" = "AGENT_INJECT_LOG_LEVEL" ]

local actual=$(echo $object |
yq -r '.[1].value' | tee /dev/stderr)
[ "${actual}" = "info" ]
}

@test "injector/deployment: custom logLevel" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
--set 'injector.logLevel=foo' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)

local actual=$(echo $object |
yq -r '.[1].name' | tee /dev/stderr)
[ "${actual}" = "AGENT_INJECT_LOG_LEVEL" ]

local actual=$(echo $object |
yq -r '.[1].value' | tee /dev/stderr)
[ "${actual}" = "foo" ]
}

@test "injector/deployment: default logFormat" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)

local actual=$(echo $object |
yq -r '.[7].name' | tee /dev/stderr)
[ "${actual}" = "AGENT_INJECT_LOG_FORMAT" ]

local actual=$(echo $object |
yq -r '.[7].value' | tee /dev/stderr)
[ "${actual}" = "standard" ]
}

@test "injector/deployment: custom logFormat" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
--set 'injector.logFormat=json' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)

local actual=$(echo $object |
yq -r '.[7].name' | tee /dev/stderr)
[ "${actual}" = "AGENT_INJECT_LOG_FORMAT" ]

local actual=$(echo $object |
yq -r '.[7].value' | tee /dev/stderr)
[ "${actual}" = "json" ]
}

@test "injector/deployment: default revoke on shutdown" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)

local actual=$(echo $object |
yq -r '.[8].name' | tee /dev/stderr)
[ "${actual}" = "AGENT_INJECT_REVOKE_ON_SHUTDOWN" ]

local actual=$(echo $object |
yq -r '.[8].value' | tee /dev/stderr)
[ "${actual}" = "false" ]
}

@test "injector/deployment: custom revoke on shutdown" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
--set 'injector.revokeOnShutdown=true' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)

local actual=$(echo $object |
yq -r '.[8].name' | tee /dev/stderr)
[ "${actual}" = "AGENT_INJECT_REVOKE_ON_SHUTDOWN" ]

local actual=$(echo $object |
yq -r '.[8].value' | tee /dev/stderr)
[ "${actual}" = "true" ]
}
15 changes: 12 additions & 3 deletions values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,19 +22,28 @@ injector:
# image sets the repo and tag of the vault-k8s image to use for the injector.
image:
repository: "hashicorp/vault-k8s"
tag: "0.2.0"
tag: "0.3.0"
pullPolicy: IfNotPresent

# agentImage sets the repo and tag of the Vault image to use for the Vault Agent
# containers. This should be set to the official Vault image. Vault 1.3.1+ is
# required.
agentImage:
repository: "vault"
tag: "1.3.2"
tag: "1.3.3"

# Mount Path of the Vault Kubernetes Auth Method.
authPath: "auth/kubernetes"

# Configures the log verbosity of the injector. Supported log levels: Trace, Debug, Error, Warn, Info
logLevel: "info"

# Configures the log format of the injector. Supported log formats: "standard", "json".
logFormat: "standard"

# Configures all Vault Agent sidecars to revoke their token when shutting down
revokeOnShutdown: false

# namespaceSelector is the selector for restricting the webhook to only
# specific namespaces. This should be set to a multiline string.
# See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
Expand Down Expand Up @@ -79,7 +88,7 @@ server:

image:
repository: "vault"
tag: "1.3.2"
tag: "1.3.3"
# Overrides the default Image Pull Policy
pullPolicy: IfNotPresent

Expand Down