diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index d76971c2f..8d4599cae 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -710,6 +710,33 @@ Sets extra vault server Service annotations {{- end }} {{- end -}} +{{/* +Sets extra vault server Service (active) annotations +*/}} +{{- define "vault.service.active.annotations" -}} + {{- if .Values.server.service.active.annotations }} + {{- $tp := typeOf .Values.server.service.active.annotations }} + {{- if eq $tp "string" }} + {{- tpl .Values.server.service.active.annotations . | nindent 4 }} + {{- else }} + {{- toYaml .Values.server.service.active.annotations | nindent 4 }} + {{- end }} + {{- end }} +{{- end -}} +{{/* +Sets extra vault server Service annotations +*/}} +{{- define "vault.service.standby.annotations" -}} + {{- if .Values.server.service.standby.annotations }} + {{- $tp := typeOf .Values.server.service.standby.annotations }} + {{- if eq $tp "string" }} + {{- tpl .Values.server.service.standby.annotations . | nindent 4 }} + {{- else }} + {{- toYaml .Values.server.service.standby.annotations | nindent 4 }} + {{- end }} + {{- end }} +{{- end -}} + {{/* Sets PodSecurityPolicy annotations */}} diff --git a/templates/server-ha-active-service.yaml b/templates/server-ha-active-service.yaml index 32201585b..2a27349b7 100644 --- a/templates/server-ha-active-service.yaml +++ b/templates/server-ha-active-service.yaml @@ -22,6 +22,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} vault-active: "true" annotations: +{{ template "vault.service.active.annotations" .}} {{ template "vault.service.annotations" .}} spec: {{- if .Values.server.service.type}} diff --git a/templates/server-ha-standby-service.yaml b/templates/server-ha-standby-service.yaml index e5d662b32..c09618d0e 100644 --- a/templates/server-ha-standby-service.yaml +++ b/templates/server-ha-standby-service.yaml @@ -21,6 +21,7 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} annotations: +{{ template "vault.service.standby.annotations" .}} {{ template "vault.service.annotations" .}} spec: {{- if .Values.server.service.type}} diff --git a/test/unit/server-ha-active-service.bats b/test/unit/server-ha-active-service.bats index b7e2ec5f2..8b6e95c85 100755 --- a/test/unit/server-ha-active-service.bats +++ b/test/unit/server-ha-active-service.bats @@ -13,6 +13,17 @@ load _helpers [ "${actual}" = "true" ] } +@test "server/ha-active-Service: with active annotations" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-ha-active-service.yaml \ + --set 'server.ha.enabled=true' \ + --set 'server.service.active.annotations=vaultIsAwesome: true' \ + . | tee /dev/stderr | + yq -r '.metadata.annotations["vaultIsAwesome"]' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + @test "server/ha-active-Service: disable with ha.enabled false" { cd `chart_dir` local actual=$( (helm template \ diff --git a/test/unit/server-ha-standby-service.bats b/test/unit/server-ha-standby-service.bats index 5f2654e44..62d3259f2 100755 --- a/test/unit/server-ha-standby-service.bats +++ b/test/unit/server-ha-standby-service.bats @@ -24,6 +24,28 @@ load _helpers [ "${actual}" = "true" ] } +@test "server/ha-standby-Service: with standby annotations string" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-ha-standby-service.yaml \ + --set 'server.ha.enabled=true' \ + --set 'server.service.standby.annotations=vaultIsAwesome: true' \ + . | tee /dev/stderr | + yq -r '.metadata.annotations["vaultIsAwesome"]' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "server/ha-standby-Service: with standby annotations yaml" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-ha-standby-service.yaml \ + --set 'server.ha.enabled=true' \ + --set 'server.service.standby.annotations.vaultIsAwesome=true' \ + . | tee /dev/stderr | + yq -r '.metadata.annotations["vaultIsAwesome"]' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + @test "server/ha-standby-Service: disable with ha.enabled false" { cd `chart_dir` local actual=$( (helm template \ diff --git a/values.schema.json b/values.schema.json index d1c87e0c4..6a8b350ce 100644 --- a/values.schema.json +++ b/values.schema.json @@ -922,6 +922,12 @@ "properties": { "enabled": { "type": "boolean" + }, + "annotations": { + "type": [ + "object", + "string" + ] } } }, @@ -956,6 +962,12 @@ "properties": { "enabled": { "type": "boolean" + }, + "annotations": { + "type": [ + "object", + "string" + ] } } }, diff --git a/values.yaml b/values.yaml index 938a19705..9c0dcb31f 100644 --- a/values.yaml +++ b/values.yaml @@ -658,13 +658,23 @@ server: service: enabled: true # Enable or disable the vault-active service, which selects Vault pods that - # have labelled themselves as the cluster leader with `vault-active: "true"` + # have labelled themselves as the cluster leader with `vault-active: "true"`. + # Also helps in to add extra annotations for the service definition. active: enabled: true + # Extra annotations for the service definition. This can either be YAML or a + # YAML-formatted multi-line templated string map of the annotations to apply + # to the service. + annotations: {} # Enable or disable the vault-standby service, which selects Vault pods that - # have labelled themselves as a cluster follower with `vault-active: "false"` + # have labelled themselves as a cluster follower with `vault-active: "false"`. + # Also helps in to add extra annotations for the service definition. standby: enabled: true + # Extra annotations for the service definition. This can either be YAML or a + # YAML-formatted multi-line templated string map of the annotations to apply + # to the service. + annotations: {} # If enabled, the service selectors will include `app.kubernetes.io/instance: {{ .Release.Name }}` # When disabled, services may select Vault pods not deployed from the chart. # Does not affect the headless vault-internal service with `ClusterIP: None`