Merge remote-tracking branch 'origin/main' into fix-actionlint

hashicorp · May 18, 2023 · 517e7e4 · 517e7e4
2 parents e3ad8db + a276600
commit 517e7e4
Show file tree

Hide file tree

Showing 6 changed files with 61 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 ## Unreleased
 
+Bugs:
+* server: Set the default for `prometheusRules.rules` to an empty list [GH-886](https://github.com/hashicorp/vault-helm/pull/886)
+
 ## 0.24.1 (April 17, 2023)
 
 Bugs:
@@ -35,6 +38,9 @@ Features:
 Bugs:
 * server: Quote `.server.ha.clusterAddr` value [GH-810](https://github.com/hashicorp/vault-helm/pull/810)
 
+Improvements:
+* injector: Add `ephemeralLimit` and `ephemeralRequest` as options for configuring Agent's ephemeral storage resources [GH-798](https://github.com/hashicorp/vault-helm/pull/798)
+
 ## 0.22.1 (October 26th, 2022)
 
 Changes:

diff --git a/templates/injector-deployment.yaml b/templates/injector-deployment.yaml
@@ -109,6 +109,14 @@ spec:
               value: "{{ .Values.injector.agentDefaults.memRequest }}"
             - name: AGENT_INJECT_MEM_LIMIT
               value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            {{- if .Values.injector.agentDefaults.ephemeralRequest }}
+            - name: AGENT_INJECT_EPHEMERAL_REQUEST
+              value: "{{ .Values.injector.agentDefaults.ephemeralRequest }}"
+            {{- end }}
+            {{- if .Values.injector.agentDefaults.ephemeralLimit }}
+            - name: AGENT_INJECT_EPHEMERAL_LIMIT
+              value: "{{ .Values.injector.agentDefaults.ephemeralLimit }}"
+            {{- end }}
             - name: AGENT_INJECT_DEFAULT_TEMPLATE
               value: "{{ .Values.injector.agentDefaults.template }}"
             - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE

diff --git a/test/unit/injector-deployment.bats b/test/unit/injector-deployment.bats
@@ -963,6 +963,7 @@ EOF
   local value=$(echo $object |
       yq -r 'map(select(.name=="AGENT_INJECT_MEM_REQUEST")) | .[] .value' | tee /dev/stderr)
   [ "${value}" = "64Mi" ]
+
 }
 
 @test "injector/deployment: can set agent default resources" {
@@ -973,6 +974,8 @@ EOF
       --set 'injector.agentDefaults.cpuRequest=cpuRequest' \
       --set 'injector.agentDefaults.memLimit=memLimit' \
       --set 'injector.agentDefaults.memRequest=memRequest' \
+      --set 'injector.agentDefaults.ephemeralLimit=ephemeralLimit' \
+      --set 'injector.agentDefaults.ephemeralRequest=ephemeralRequest' \
       . | tee /dev/stderr |
       yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
 
@@ -991,6 +994,14 @@ EOF
   local value=$(echo $object |
       yq -r 'map(select(.name=="AGENT_INJECT_MEM_REQUEST")) | .[] .value' | tee /dev/stderr)
   [ "${value}" = "memRequest" ]
+
+  local value=$(echo $object |
+      yq -r 'map(select(.name=="AGENT_INJECT_EPHEMERAL_LIMIT")) | .[] .value' | tee /dev/stderr)
+  [ "${value}" = "ephemeralLimit" ]
+
+  local value=$(echo $object |
+      yq -r 'map(select(.name=="AGENT_INJECT_EPHEMERAL_REQUEST")) | .[] .value' | tee /dev/stderr)
+  [ "${value}" = "ephemeralRequest" ]
 }
 
 @test "injector/deployment: agent default template" {

diff --git a/test/unit/prometheus-prometheusrules.bats b/test/unit/prometheus-prometheusrules.bats
@@ -6,7 +6,7 @@ load _helpers
   cd `chart_dir`
   local actual=$( (helm template \
       --show-only templates/prometheus-prometheusrules.yaml  \
-      --set 'serverTelemetry.prometheusRules.rules.foo=bar' \
+      --set 'serverTelemetry.prometheusRules.rules[0].foo=bar' \
       . || echo "---") | tee /dev/stderr |
       yq 'length > 0' | tee /dev/stderr)
   [ "${actual}" = "false" ]
@@ -26,24 +26,24 @@ load _helpers
   local output=$( (helm template \
       --show-only templates/prometheus-prometheusrules.yaml \
       --set 'serverTelemetry.prometheusRules.enabled=true' \
-      --set 'serverTelemetry.prometheusRules.rules.foo=bar' \
-      --set 'serverTelemetry.prometheusRules.rules.baz=qux' \
+      --set 'serverTelemetry.prometheusRules.rules[0].foo=bar' \
+      --set 'serverTelemetry.prometheusRules.rules[1].baz=qux' \
       .) | tee  /dev/stderr )
 
   [ "$(echo "$output" | yq -r '.spec.groups | length')" = "1" ]
   [ "$(echo "$output" | yq -r '.spec.groups[0] | length')" = "2" ]
   [ "$(echo "$output" | yq -r '.spec.groups[0].name')" = "release-name-vault" ]
   [ "$(echo "$output" | yq -r '.spec.groups[0].rules | length')" = "2" ]
-  [ "$(echo "$output" | yq -r '.spec.groups[0].rules.foo')" = "bar" ]
-  [ "$(echo "$output" | yq -r '.spec.groups[0].rules.baz')" = "qux" ]
+  [ "$(echo "$output" | yq -r '.spec.groups[0].rules[0].foo')" = "bar" ]
+  [ "$(echo "$output" | yq -r '.spec.groups[0].rules[1].baz')" = "qux" ]
 }
 
 @test "prometheus/PrometheusRules-server: assertSelectors default" {
   cd `chart_dir`
   local output=$( (helm template \
       --show-only templates/prometheus-prometheusrules.yaml \
       --set 'serverTelemetry.prometheusRules.enabled=true' \
-      --set 'serverTelemetry.prometheusRules.rules.foo=bar' \
+      --set 'serverTelemetry.prometheusRules.rules[0].foo=bar' \
       . ) | tee /dev/stderr)
 
   [ "$(echo "$output" | yq -r '.metadata.labels | length')" = "5" ]
@@ -55,7 +55,7 @@ load _helpers
   local output=$( (helm template \
       --show-only templates/prometheus-prometheusrules.yaml \
       --set 'serverTelemetry.prometheusRules.enabled=true' \
-      --set 'serverTelemetry.prometheusRules.rules.foo=bar' \
+      --set 'serverTelemetry.prometheusRules.rules[0].foo=bar' \
       --set 'serverTelemetry.prometheusRules.selectors.baz=qux' \
       --set 'serverTelemetry.prometheusRules.selectors.bar=foo' \
       . ) | tee /dev/stderr)

diff --git a/values.schema.json b/values.schema.json
@@ -266,6 +266,12 @@
                         "memRequest": {
                             "type": "string"
                         },
+                        "ephemeralLimit": {
+                            "type": "string"
+                        },
+                        "ephemeralRequest": {
+                            "type": "string"
+                        },
                         "template": {
                             "type": "string"
                         },
@@ -1060,6 +1066,25 @@
                 }
             }
         },
+        "serverTelemetry": {
+            "type": "object",
+            "properties": {
+                "prometheusRules": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "rules": {
+                            "type": "array"
+                        },
+                        "selectors": {
+                            "type": "object"
+                        }
+                    }
+                }
+            }
+        },
         "ui": {
             "type": "object",
             "properties": {

diff --git a/values.yaml b/values.yaml
@@ -83,6 +83,8 @@ injector:
     cpuRequest: "250m"
     memLimit: "128Mi"
     memRequest: "64Mi"
+    # ephemeralLimit: "128Mi"
+    # ephemeralRequest: "64Mi"
 
     # Default template type for secrets when no custom template is specified.
     # Possible values include: "json" and "map".
@@ -521,7 +523,7 @@ server:
   livenessProbe:
     enabled: false
     path: "/v1/sys/health?standbyok=true"
-    # Port nuumber on which livenessProbe will be checked.
+    # Port number on which livenessProbe will be checked.
     port: 8200
     # When a probe fails, Kubernetes will try failureThreshold times before giving up
     failureThreshold: 2
@@ -1198,7 +1200,7 @@ serverTelemetry:
       selectors: {}
 
       # Some example rules.
-      rules: {}
+      rules: []
       #  - alert: vault-HighResponseTime
       #    annotations:
       #      message: The response time of Vault is over 500ms on average over the last 5 minutes.