Merge pull request #75 from projectsyn/update-helm-chart

Update Vault Helm chart to 0.27.0
projectsyn · Nov 24, 2023 · 538582b · 538582b
2 parents 172be94 + e1bbf71
commit 538582b
Show file tree

Hide file tree

Showing 15 changed files with 30 additions and 21 deletions.
diff --git a/class/defaults.yml b/class/defaults.yml
@@ -2,7 +2,7 @@ parameters:
   vault:
     =_metadata:
       multi_instance: true
-    kubernetes_version: '1.18'
+    kubernetes_version: '1.24'
     images:
       vault:
         registry: docker.io
@@ -15,7 +15,7 @@ parameters:
     charts:
       vault:
         source: https://helm.releases.hashicorp.com
-        version: 0.19.0
+        version: 0.27.0
     namespace: ${_instance}
     name: ${_instance}
     ingress:

diff --git a/class/vault.yml b/class/vault.yml
@@ -24,7 +24,7 @@ parameters:
         helm_params:
           name: ${vault:name}
           namespace: ${vault:namespace}
-          api_versions: networking.k8s.io/v1beta1/Ingress
+          api_versions: networking.k8s.io/v1/Ingress
           kube_version: ${vault:kubernetes_version}
       - input_paths:
           - ${_base_directory}/component/unseal.jsonnet

diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc
@@ -23,10 +23,13 @@ The name of the deployed component.
 == `kubernetes_version`
 [horizontal]
 type:: string
-default:: `1.18`
+default:: `1.24`
 
 The Kubernetes version of the cluster the component is deployed to.
-This is relevant for the `Ingress` API version.
+This parameter is passed to Helm when rendering the Helm chart.
+The default chart version used by the component requires Kubernetes 1.20 or newer.
+
+We recommend setting this parameter based on the cluster's `kubernetesVersion` dynamic fact.
 
 == `images`
 

diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-clusterrolebinding.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-clusterrolebinding.yaml
@@ -5,7 +5,7 @@ metadata:
     app.kubernetes.io/instance: foobar
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: vault
-    helm.sh/chart: vault-0.19.0
+    helm.sh/chart: vault-0.27.0
   name: foobar-server-binding
 roleRef:
   apiGroup: rbac.authorization.k8s.io

diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-config-configmap.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-config-configmap.yaml
@@ -32,6 +32,6 @@ metadata:
     app.kubernetes.io/instance: foobar
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: vault
-    helm.sh/chart: vault-0.19.0
+    helm.sh/chart: vault-0.27.0
   name: foobar-config
   namespace: vault
diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-discovery-role.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-discovery-role.yaml
@@ -5,7 +5,7 @@ metadata:
     app.kubernetes.io/instance: foobar
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: vault
-    helm.sh/chart: vault-0.19.0
+    helm.sh/chart: vault-0.27.0
   name: foobar-discovery-role
   namespace: vault
 rules:

diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-discovery-rolebinding.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-discovery-rolebinding.yaml
@@ -5,7 +5,7 @@ metadata:
     app.kubernetes.io/instance: foobar
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: vault
-    helm.sh/chart: vault-0.19.0
+    helm.sh/chart: vault-0.27.0
   name: foobar-discovery-rolebinding
   namespace: vault
 roleRef:

diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-disruptionbudget.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-disruptionbudget.yaml
@@ -1,11 +1,11 @@
-apiVersion: policy/v1beta1
+apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
   labels:
     app.kubernetes.io/instance: foobar
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: vault
-    helm.sh/chart: vault-0.19.0
+    helm.sh/chart: vault-0.27.0
   name: foobar
   namespace: vault
 spec:

diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ha-active-service.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ha-active-service.yaml
@@ -6,7 +6,8 @@ metadata:
     app.kubernetes.io/instance: foobar
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: vault
-    helm.sh/chart: vault-0.19.0
+    helm.sh/chart: vault-0.27.0
+    vault-active: 'true'
   name: foobar-active
   namespace: vault
 spec:

diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ha-standby-service.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ha-standby-service.yaml
@@ -6,7 +6,7 @@ metadata:
     app.kubernetes.io/instance: foobar
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: vault
-    helm.sh/chart: vault-0.19.0
+    helm.sh/chart: vault-0.27.0
   name: foobar-standby
   namespace: vault
 spec:

diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-headless-service.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-headless-service.yaml
@@ -6,7 +6,8 @@ metadata:
     app.kubernetes.io/instance: foobar
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: vault
-    helm.sh/chart: vault-0.19.0
+    helm.sh/chart: vault-0.27.0
+    vault-internal: 'true'
   name: foobar-internal
   namespace: vault
 spec:

diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ingress.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ingress.yaml
@@ -1,4 +1,4 @@
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   annotations:
@@ -8,7 +8,7 @@ metadata:
     app.kubernetes.io/instance: foobar
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: vault
-    helm.sh/chart: vault-0.19.0
+    helm.sh/chart: vault-0.27.0
   name: foobar
   namespace: vault
 spec:
@@ -17,9 +17,12 @@ spec:
       http:
         paths:
           - backend:
-              serviceName: foobar-active
-              servicePort: 8200
+              service:
+                name: foobar-active
+                port:
+                  number: 8200
             path: /
+            pathType: Prefix
   tls:
     - hosts:
         - vault.todo.tld

diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-service.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-service.yaml
@@ -6,7 +6,7 @@ metadata:
     app.kubernetes.io/instance: foobar
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: vault
-    helm.sh/chart: vault-0.19.0
+    helm.sh/chart: vault-0.27.0
   name: foobar
   namespace: vault
 spec:

diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-serviceaccount.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-serviceaccount.yaml
@@ -5,6 +5,6 @@ metadata:
     app.kubernetes.io/instance: foobar
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: vault
-    helm.sh/chart: vault-0.19.0
+    helm.sh/chart: vault-0.27.0
   name: foobar
   namespace: vault
diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-statefulset.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-statefulset.yaml
@@ -22,7 +22,7 @@ spec:
         app.kubernetes.io/instance: foobar
         app.kubernetes.io/name: vault
         component: server
-        helm.sh/chart: vault-0.19.0
+        helm.sh/chart: vault-0.27.0
     spec:
       affinity:
         podAntiAffinity:
@@ -151,6 +151,7 @@ spec:
             limits:
               cpu: 100m
               memory: 64Mi
+      hostNetwork: false
       securityContext:
         fsGroup: 1000
         runAsGroup: 1000