add configuration for active/standy services for server

hashicorp · Jun 4, 2021 · e406943 · e406943
1 parent 637087f
commit e406943
Show file tree

Hide file tree

Showing 5 changed files with 127 additions and 11 deletions.
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
@@ -397,6 +397,34 @@ Sets extra vault server Service annotations
   {{- end }}
 {{- end -}}
 
+{{/*
+Sets extra vault server Service (active) annotations
+*/}}
+{{- define "vault.service.active.annotations" -}}
+  {{- if .Values.server.service.active.annotations }}
+    {{- $tp := typeOf .Values.server.service.active.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.active.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.active.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.standby.annotations" -}}
+  {{- if .Values.server.service.standby.annotations }}
+    {{- $tp := typeOf .Values.server.service.standby.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.standby.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.standby.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
 {{/*
 Sets PodSecurityPolicy annotations
 */}}

diff --git a/templates/server-ha-active-service.yaml b/templates/server-ha-active-service.yaml
@@ -1,6 +1,6 @@
 {{ template "vault.mode" . }}
 {{- if ne .mode "external" }}
-{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.service.active.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }}
 # Service for active Vault pod
 apiVersion: v1
 kind: Service
@@ -13,20 +13,26 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
   annotations:
-{{ template "vault.service.annotations" .}}
+{{ template "vault.service.active.annotations" .}}
 spec:
-  {{- if .Values.server.service.type}}
+  {{- if .Values.server.service.active.type}}
+  type: {{ .Values.server.service.active.type }}
+  {{- else if .Values.server.service.type }}
   type: {{ .Values.server.service.type }}
   {{- end}}
-  {{- if .Values.server.service.clusterIP }}
+  {{- if .Values.server.service.active.clusterIP }}
+  clusterIP: {{ .Values.server.service.active.clusterIP }}
+  {{- else if .Values.server.service.clusterIP }}
   clusterIP: {{ .Values.server.service.clusterIP }}
   {{- end }}
   publishNotReadyAddresses: true
   ports:
     - name: {{ include "vault.scheme" . }}
       port: {{ .Values.server.service.port }}
       targetPort: {{ .Values.server.service.targetPort }}
-      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      {{- if and (.Values.server.service.active.nodePort) (eq (.Values.server.service.active.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.active.nodePort }}
+      {{- else if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
       nodePort: {{ .Values.server.service.nodePort }}
       {{- end }}
     - name: https-internal

diff --git a/templates/server-ha-standby-service.yaml b/templates/server-ha-standby-service.yaml
@@ -1,6 +1,6 @@
 {{ template "vault.mode" . }}
 {{- if ne .mode "external" }}
-{{- if and (eq .mode "ha" ) (eq (.Values.server.service.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.service.standby.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }}
 # Service for standby Vault pod
 apiVersion: v1
 kind: Service
@@ -13,20 +13,26 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
   annotations:
-{{ template "vault.service.annotations" .}}
+{{ template "vault.service.standby.annotations" .}}
 spec:
-  {{- if .Values.server.service.type}}
+  {{- if .Values.server.service.standby.type}}
+  type: {{ .Values.server.service.standby.type }}
+  {{- else if .Values.server.service.type }}
   type: {{ .Values.server.service.type }}
   {{- end}}
-  {{- if .Values.server.service.clusterIP }}
+  {{- if .Values.server.service.standby.clusterIP }}
+  clusterIP: {{ .Values.server.service.standby.clusterIP }}
+  {{- else if .Values.server.service.clusterIP }}
   clusterIP: {{ .Values.server.service.clusterIP }}
   {{- end }}
   publishNotReadyAddresses: true
   ports:
     - name: {{ include "vault.scheme" . }}
       port: {{ .Values.server.service.port }}
       targetPort: {{ .Values.server.service.targetPort }}
-      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      {{- if and (.Values.server.service.standby.nodePort) (eq (.Values.server.service.standby.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standby.nodePort }}
+      {{- else if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
       nodePort: {{ .Values.server.service.nodePort }}
       {{- end }}
     - name: https-internal
@@ -38,4 +44,4 @@ spec:
     component: server
     vault-active: "false"
 {{- end }}
-{{- end }}
+{{- end }}
diff --git a/values.schema.json b/values.schema.json
@@ -685,6 +685,34 @@
                         },
                         "targetPort": {
                             "type": "integer"
+                        },
+                        "active": {
+                            "type": "object",
+                            "properties": {
+                                "annotations": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "standby": {
+                            "type": "object",
+                            "properties": {
+                                "annotations": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                }
+                            }
                         }
                     }
                 },

diff --git a/values.yaml b/values.yaml
@@ -459,6 +459,54 @@ server:
     # to the service.
     annotations: {}
 
+    # Enables a headless service that contains the active pod only
+    active:
+      enabled: true
+      # clusterIP controls whether a Cluster IP address is attached to the
+      # Vault service within Kubernetes.  By default the Vault service will
+      # be given a Cluster IP address, set to None to disable.  When disabled
+      # Kubernetes will create a "headless" service.  Headless services can be
+      # used to communicate with pods directly through DNS instead of a round robin
+      # load balancer.
+      # clusterIP: None
+
+      # Configures the service type for the active Vault service.  Can be ClusterIP
+      # or NodePort.
+      #type: ClusterIP
+
+      # If type is set to "NodePort", a specific nodePort value can be configured,
+      # will be random if left blank.
+      #nodePort: 30000
+
+      # Extra annotations for the service definition. This can either be YAML or a
+      # YAML-formatted multi-line templated string map of the annotations to apply
+      # to the service.
+      annotations: {}
+
+    # Enables a headless service that contains standby pods only
+    standby:
+      enabled: true
+      # clusterIP controls whether a Cluster IP address is attached to the
+      # Vault service within Kubernetes.  By default the Vault service will
+      # be given a Cluster IP address, set to None to disable.  When disabled
+      # Kubernetes will create a "headless" service.  Headless services can be
+      # used to communicate with pods directly through DNS instead of a round robin
+      # load balancer.
+      # clusterIP: None
+
+      # Configures the service type for the standby Vault service.  Can be ClusterIP
+      # or NodePort.
+      #type: ClusterIP
+
+      # If type is set to "NodePort", a specific nodePort value can be configured,
+      # will be random if left blank.
+      #nodePort: 30000
+
+      # Extra annotations for the service definition. This can either be YAML or a
+      # YAML-formatted multi-line templated string map of the annotations to apply
+      # to the service.
+      annotations: {}
+
   # This configures the Vault Statefulset to create a PVC for data
   # storage when using the file or raft backend storage engines.
   # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more