Add ingress/route configurable to specify active/general service (#570)

* Add ingress/route configurable to specify active/general service * Update test/unit/server-ingress.bats Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com> * values.schema.json Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
hashicorp · Jul 15, 2021 · 255cdc7 · 255cdc7
1 parent a0d7b84
commit 255cdc7
Show file tree

Hide file tree

Showing 6 changed files with 109 additions and 37 deletions.
diff --git a/templates/server-ingress.yaml b/templates/server-ingress.yaml
@@ -4,7 +4,7 @@
 {{- if .Values.server.ingress.enabled -}}
 {{- $extraPaths := .Values.server.ingress.extraPaths -}}
 {{- $serviceName := include "vault.fullname" . -}}
-{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.ingress.activeService | toString) "true") }}
 {{- $serviceName = printf "%s-%s" $serviceName "active" -}}
 {{- end }}
 {{- $servicePort := .Values.server.service.port -}}

diff --git a/templates/server-route.yaml b/templates/server-route.yaml
@@ -1,33 +1,33 @@
-{{- if .Values.global.openshift }}
-{{- if ne .mode "external" }}
-{{- if .Values.server.route.enabled -}}
-{{- $serviceName := include "vault.fullname" . -}}
-{{- if eq .mode "ha" }}
-{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
-{{- end }}
-kind: Route
-apiVersion: route.openshift.io/v1
-metadata:
-  name: {{ template "vault.fullname" . }}
-  labels:
-    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "vault.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    {{- with .Values.server.route.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- template "vault.route.annotations" . }}
-spec:
-  host: {{ .Values.server.route.host }}
-  to:
-    kind: Service
-    name: {{ $serviceName }}
-    weight: 100
-  port:
-    targetPort: 8200
-  tls:
-    termination: passthrough
-{{- end }}
-{{- end }}
-{{- end }}
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    termination: passthrough
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/test/unit/server-ingress.bats b/test/unit/server-ingress.bats
@@ -131,7 +131,7 @@ load _helpers
   [ "${actual}" = "nginx" ]
 }
 
-@test "server/ingress: uses active service when ha - yaml" {
+@test "server/ingress: uses active service when ha by default - yaml" {
   cd `chart_dir`
 
   local actual=$(helm template \
@@ -145,6 +145,21 @@ load _helpers
   [ "${actual}" = "RELEASE-NAME-vault-active" ]
 }
 
+@test "server/ingress: uses regular service when configured with ha - yaml" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/server-ingress.yaml \
+      --set 'server.ingress.enabled=true' \
+      --set 'server.ingress.activeService=false' \
+      --set 'server.dev.enabled=false' \
+      --set 'server.ha.enabled=true' \
+      --set 'server.service.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.rules[0].http.paths[0].backend.serviceName' | tee /dev/stderr)
+  [ "${actual}" = "RELEASE-NAME-vault" ]
+}
+
 @test "server/ingress: uses regular service when not ha - yaml" {
   cd `chart_dir`
 
@@ -157,4 +172,19 @@ load _helpers
       . | tee /dev/stderr |
       yq -r '.spec.rules[0].http.paths[0].backend.serviceName' | tee /dev/stderr)
   [ "${actual}" = "RELEASE-NAME-vault" ]
-}
+}
+
+@test "server/ingress: uses regular service when not ha and activeService is true - yaml" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/server-ingress.yaml \
+      --set 'server.ingress.enabled=true' \
+      --set 'server.ingress.activeService=true' \
+      --set 'server.dev.enabled=false' \
+      --set 'server.ha.enabled=false' \
+      --set 'server.service.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.rules[0].http.paths[0].backend.serviceName' | tee /dev/stderr)
+  [ "${actual}" = "RELEASE-NAME-vault" ]
+}
diff --git a/test/unit/server-route.bats b/test/unit/server-route.bats
@@ -102,7 +102,20 @@ load _helpers
   [ "${actual}" = "RELEASE-NAME-vault" ]
 }
 
-@test "server/route: OpenShift - route points to active service by when HA" {
+@test "server/route: OpenShift - route points to main service when not ha and activeService is true" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/server-route.yaml \
+      --set 'global.openshift=true' \
+      --set 'server.route.enabled=true' \
+      --set 'server.route.activeService=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.to.name' | tee /dev/stderr)
+  [ "${actual}" = "RELEASE-NAME-vault" ]
+}
+
+@test "server/route: OpenShift - route points to active service by when HA by default" {
   cd `chart_dir`
 
   local actual=$(helm template \
@@ -114,3 +127,17 @@ load _helpers
       yq -r '.spec.to.name' | tee /dev/stderr)
   [ "${actual}" = "RELEASE-NAME-vault-active" ]
 }
+
+@test "server/route: OpenShift - route points to general service by when HA when configured" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/server-route.yaml \
+      --set 'global.openshift=true' \
+      --set 'server.route.enabled=true' \
+      --set 'server.route.activeService=false' \
+      --set 'server.ha.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.to.name' | tee /dev/stderr)
+  [ "${actual}" = "RELEASE-NAME-vault" ]
+}
diff --git a/values.schema.json b/values.schema.json
@@ -564,6 +564,9 @@
                 "ingress": {
                     "type": "object",
                     "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
                         "annotations": {
                             "type": [
                                 "object",
@@ -686,6 +689,9 @@
                 "route": {
                     "type": "object",
                     "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
                         "annotations": {
                             "type": [
                                 "object",

diff --git a/values.yaml b/values.yaml
@@ -259,6 +259,10 @@ server:
       #   or
       # kubernetes.io/ingress.class: nginx
       # kubernetes.io/tls-acme: "true"
+
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
     hosts:
       - host: chart-example.local
         paths: []
@@ -277,6 +281,11 @@ server:
   # The created route will be of type passthrough
   route:
     enabled: false
+
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+
     labels: {}
     annotations: {}
     host: chart-example.local