This repository was archived by the owner on Feb 17, 2021. It is now read-only.
Merge upstream 0.5.0 into fork #13
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Fix audit storage mount in HA mode * Add explicit fsgroup
* add load balancer source range for UI service * add load balancer source range for UI service * adding unit test * adding unit test
* Require vault to run as non root * Fix unit tests * Make uid/gid configurable, remove home emptydir
* Fix bad selectors. * Fix bad calculation of maxUnavailable. Signed-off-by: JrCs <[email protected]>
* add image pull policy and pull secrets Signed-off-by: Janusz Bialy <[email protected]> * add unit tests Signed-off-by: Janusz Bialy <[email protected]>
* Add preStop lifecycle hook * Fix typo in comment
* Add extra containers * fix template * add unit tests * resolve conflicts * remove duplicate docs * fix unit tests
* use a standard way to define image repo and tag Signed-off-by: Janusz Bialy <[email protected]> * add tests Signed-off-by: Janusz Bialy <[email protected]> * bump chart version Signed-off-by: Janusz Bialy <[email protected]> * Revert "bump chart version" This reverts commit 74cbc98. Signed-off-by: Janusz Bialy <[email protected]> * nest image block inside server Signed-off-by: Janusz Bialy <[email protected]>
* Added option for enabling a livenessprobe * added option for using http for readinessProbe * added tests
* Fix typo: serviceaccount -> serviceAccount * Fix typo in test
…al delay and 429 response hashicorp#137 (hashicorp#138) livenessProbe * Set the scheme for vault.scheme to ensure that the check works if tls enabled or not * Allow a configurable value initialDelaySeconds rather than the set 5 seconds * Set the default initialDelaySeconds to 60 seconds before the probe starts to allow for vault unsealing * Set the path to /v1/sys/health?standbyok=true to ensure a 200 response on standbys readinessProbe * Set the path comment to /v1/sys/health?standbyok=true to ensure a 200 response on standbys * Set the scheme for vault.scheme to ensure that the check works if tls enabled or not * Statefulset liveness probe path check set to /v1/sys/health?standbyok=true * Server Statefulset test added for livenessProbe.initialDelaySeconds
…orp#185) * Add related unit tests
* Add new vault-k8s envs * update vault image * Add default tests for envs * Add note about supported log parameters * Fix typo in test name
* Add raft support * Add acceptance test * Update templates/server-headless-service.yaml Co-Authored-By: Theron Voran <[email protected]> * Add notes to raft configurables Co-authored-by: Theron Voran <[email protected]>
Allows user-specified environment variables to be set in the injector deployment.
Adds affinity, tolerations, and nodeSelector options for the injector deployment that are separate from those options on the vault server statefulset. Co-authored-by: Sergei Shishov <[email protected]>
Annotations for various objects were either multi-line strings or yaml maps strings, so this is making them all multi-line strings for consistency. Also updated the doc comment for namespaceSelector, since it's being read as a yaml map (toYaml).
`Values.server.service.annotations` are now being treated as multi-line strings, to match the other annotations in the chart, and to support templating within the annotations.
* Add Vault Helm ent support, service discovery * Fix unit test * Update test/acceptance/server-ha-enterprise-dr.bats Co-Authored-By: Theron Voran <[email protected]> * Update test/acceptance/server-ha-enterprise-dr.bats Co-Authored-By: Theron Voran <[email protected]> * Update test/acceptance/server-ha-enterprise-perf.bats Co-Authored-By: Theron Voran <[email protected]> * Update test/acceptance/server-ha-enterprise-perf.bats Co-Authored-By: Theron Voran <[email protected]> * Update values.yaml Co-Authored-By: Theron Voran <[email protected]> Co-authored-by: Theron Voran <[email protected]>
* Update to 0.5.0 * Add changelog for k8s service discovery
* Remove IPC_LOCK capability * Remove tests for IPC_LOCK
* fix(templates/server): ingress has default paths of / * fix: array -> list It's been awhile since I wrote Helm templates :/
* use port names that map to vault.scheme * prefix internal/replication port names with vault.scheme * port names must be 'no more than 15 characters' * test vault server service port names are prefixed with vault scheme * test vault server statefulset port names are prefixed with vault scheme * test vault ui service port names are prefixed with vault scheme * formatting: replace double quote with single quote * uncomment accidentally-commented lines * always set internal port name to https-internal, since it is always https * prefix headless service internal port name with https
|
Closing in favor of building the upstream by a version |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merges the upstream (0.5.0) to our fork (0.1.x). CHANGELOG. The changes are mostly around the vault secret injector which is why were doing this in the first place but there are some changes that will probably affect us:
Other additions could probably simplify our values a bit (ex. tlsVerify is now true by default) but I'd rather not mess with our system any more than we have to, given that we want to deprecate tunnelbox this year.
After this is merged we will cut a new version of our fork and push to artifactory, then bump the version in kubernetes and test/release.
Note that our fork and the upstream now are almost identical! Check out this comparison. Only mildly tangible difference is the fix we put into our fork for pod disruption budgets.