From 46769ec4429557a00312169c76a577a1a5b38e51 Mon Sep 17 00:00:00 2001 From: shay fisher Date: Mon, 1 Mar 2021 10:48:35 +0200 Subject: [PATCH 01/17] Add externalTrafficPolicy support for services --- templates/server-ha-active-service.yaml | 5 ++ templates/server-ha-standby-service.yaml | 5 ++ templates/server-service.yaml | 5 ++ test/unit/server-ha-active-service.bats | 60 ++++++++++++++++++++++++ test/unit/server-ha-standby-service.bats | 60 ++++++++++++++++++++++++ test/unit/server-service.bats | 55 ++++++++++++++++++++++ values.yaml | 1 + 7 files changed, 191 insertions(+) diff --git a/templates/server-ha-active-service.yaml b/templates/server-ha-active-service.yaml index b6366b022..900291de1 100644 --- a/templates/server-ha-active-service.yaml +++ b/templates/server-ha-active-service.yaml @@ -15,6 +15,11 @@ metadata: annotations: {{ template "vault.service.annotations" .}} spec: + {{- if .Values.server.service.externalTrafficPolicy | title | eq "Local" }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy| title | quote }} + {{- else }} + externalTrafficPolicy: {{ default "Cluster" | quote }} + {{- end}} {{- if .Values.server.service.type}} type: {{ .Values.server.service.type }} {{- end}} diff --git a/templates/server-ha-standby-service.yaml b/templates/server-ha-standby-service.yaml index 473de5517..ceca06dd2 100644 --- a/templates/server-ha-standby-service.yaml +++ b/templates/server-ha-standby-service.yaml @@ -15,6 +15,11 @@ metadata: annotations: {{ template "vault.service.annotations" .}} spec: + {{- if .Values.server.service.externalTrafficPolicy | title | eq "Local" }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy| title | quote }} + {{- else }} + externalTrafficPolicy: {{ default "Cluster" | quote }} + {{- end}} {{- if .Values.server.service.type}} type: {{ .Values.server.service.type }} {{- end}} diff --git a/templates/server-service.yaml b/templates/server-service.yaml index 6f82e3862..58b908262 100644 --- a/templates/server-service.yaml +++ b/templates/server-service.yaml @@ -15,6 +15,11 @@ metadata: annotations: {{ template "vault.service.annotations" .}} spec: + {{- if .Values.server.service.externalTrafficPolicy | title | eq "Local" }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy| title | quote }} + {{- else }} + externalTrafficPolicy: {{ default "Cluster" | quote }} + {{- end}} {{- if .Values.server.service.type}} type: {{ .Values.server.service.type }} {{- end}} diff --git a/test/unit/server-ha-active-service.bats b/test/unit/server-ha-active-service.bats index be3060d64..c620bc164 100755 --- a/test/unit/server-ha-active-service.bats +++ b/test/unit/server-ha-active-service.bats @@ -157,3 +157,63 @@ load _helpers yq -r '.spec.ports | map(select(.port==8200)) | .[] .name' | tee /dev/stderr) [ "${actual}" = "https" ] } + +@test "server/ha-active-Service: vault externalTrafficPolicy set to Local lowercase" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-ha-active-service.yaml \ + --set 'server.service.externalTrafficPolicy=local' \ + --set 'server.ha.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + [ "${actual}" = "Local" ] +} + +@test "server/ha-active-Service: vault externalTrafficPolicy set to Local uppercase" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-ha-active-service.yaml \ + --set 'server.service.externalTrafficPolicy=LOCAL' \ + --set 'server.ha.enabled=true' + . | tee /dev/stderr | + yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + [ "${actual}" = "Local" ] +} + +@test "server/ha-active-Service: vault externalTrafficPolicy set to Cluster lowercase" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-ha-active-service.yaml \ + --set 'server.service.externalTrafficPolicy=cluster' \ + --set 'server.ha.enabled=true' + . | tee /dev/stderr | + yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + [ "${actual}" = "Local" ] +} + +@test "server/ha-active-Service: vault externalTrafficPolicy set to Cluster uppercase" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-ha-active-service.yaml \ + --set 'server.service.externalTrafficPolicy=CLUSTER' \ + --set 'server.ha.enabled=true' + . | tee /dev/stderr | + yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + [ "${actual}" = "Local" ] +} + +@test "server/ha-active-Service: vault externalTrafficPolicy set to wrong values, fallback to Cluster" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-ha-active-service.yaml \ + --set 'server.service.externalTrafficPolicy=vault' \ + --set 'server.ha.enabled=true' + . | tee /dev/stderr | + yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + [ "${actual}" = "Cluster" ] +} \ No newline at end of file diff --git a/test/unit/server-ha-standby-service.bats b/test/unit/server-ha-standby-service.bats index e164cde1c..ddfbab755 100755 --- a/test/unit/server-ha-standby-service.bats +++ b/test/unit/server-ha-standby-service.bats @@ -168,3 +168,63 @@ load _helpers yq -r '.spec.ports | map(select(.port==8200)) | .[] .name' | tee /dev/stderr) [ "${actual}" = "https" ] } + +@test "server/ha-standby-Service: vault externalTrafficPolicy set to Local lowercase" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-ha-standby-service.yaml \ + --set 'server.service.externalTrafficPolicy=local' \ + --set 'server.ha.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + [ "${actual}" = "Local" ] +} + +@test "server/ha-standby-Service: vault externalTrafficPolicy set to Local uppercase" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-ha-standby-service.yaml \ + --set 'server.service.externalTrafficPolicy=LOCAL' \ + --set 'server.ha.enabled=true' + . | tee /dev/stderr | + yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + [ "${actual}" = "Local" ] +} + +@test "server/ha-standby-Service: vault externalTrafficPolicy set to Cluster lowercase" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-ha-standby-service.yaml \ + --set 'server.service.externalTrafficPolicy=cluster' \ + --set 'server.ha.enabled=true' + . | tee /dev/stderr | + yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + [ "${actual}" = "Local" ] +} + +@test "server/ha-standby-Service: vault externalTrafficPolicy set to Cluster uppercase" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-ha-standby-service.yaml \ + --set 'server.service.externalTrafficPolicy=CLUSTER' \ + --set 'server.ha.enabled=true' + . | tee /dev/stderr | + yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + [ "${actual}" = "Local" ] +} + +@test "server/ha-standby-Service: vault externalTrafficPolicy set to wrong values, fallback to Cluster" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-ha-standby-service.yaml \ + --set 'server.service.externalTrafficPolicy=vault' \ + --set 'server.ha.enabled=true' + . | tee /dev/stderr | + yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + [ "${actual}" = "Cluster" ] +} \ No newline at end of file diff --git a/test/unit/server-service.bats b/test/unit/server-service.bats index 7922f0ff3..5232bf307 100755 --- a/test/unit/server-service.bats +++ b/test/unit/server-service.bats @@ -384,3 +384,58 @@ load _helpers yq -r '.spec.ports | map(select(.port==8200)) | .[] .name' | tee /dev/stderr) [ "${actual}" = "https" ] } + +@test "server/Service: vault externalTrafficPolicy set to Local lowercase" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-service.yaml \ + --set 'server.service.externalTrafficPolicy=local' \ + . | tee /dev/stderr | + yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + [ "${actual}" = "Local" ] +} + +@test "server/Service: vault externalTrafficPolicy set to Local uppercase" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-service.yaml \ + --set 'server.service.externalTrafficPolicy=LOCAL' \ + . | tee /dev/stderr | + yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + [ "${actual}" = "Local" ] +} + +@test "server/Service: vault externalTrafficPolicy set to Cluster lowercase" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-service.yaml \ + --set 'server.service.externalTrafficPolicy=cluster' \ + . | tee /dev/stderr | + yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + [ "${actual}" = "Local" ] +} + +@test "server/Service: vault externalTrafficPolicy set to Cluster uppercase" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-service.yaml \ + --set 'server.service.externalTrafficPolicy=CLUSTER' \ + . | tee /dev/stderr | + yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + [ "${actual}" = "Local" ] +} + +@test "server/Service: vault externalTrafficPolicy set to wrong values, fallback to Cluster" { + cd `chart_dir` + + local actual=$(helm template \ + --show-only templates/server-service.yaml \ + --set 'server.service.externalTrafficPolicy=vault' \ + . | tee /dev/stderr | + yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + [ "${actual}" = "Cluster" ] +} \ No newline at end of file diff --git a/values.yaml b/values.yaml index 49836b73c..e3c238bab 100644 --- a/values.yaml +++ b/values.yaml @@ -170,6 +170,7 @@ injector: # Injector service specific config service: + externalTrafficPolicy: "Cluster" # Extra annotations to attach to the injector service annotations: {} From d6bcefc4537e14f47914615b81d80fe9961df5f6 Mon Sep 17 00:00:00 2001 From: shay fisher Date: Tue, 2 Mar 2021 06:52:09 +0200 Subject: [PATCH 02/17] Fix the field data extraction --- templates/server-ha-active-service.yaml | 2 +- templates/server-ha-standby-service.yaml | 2 +- templates/server-service.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/server-ha-active-service.yaml b/templates/server-ha-active-service.yaml index 900291de1..59f2b9fcd 100644 --- a/templates/server-ha-active-service.yaml +++ b/templates/server-ha-active-service.yaml @@ -15,7 +15,7 @@ metadata: annotations: {{ template "vault.service.annotations" .}} spec: - {{- if .Values.server.service.externalTrafficPolicy | title | eq "Local" }} + {{- if and (.Values.server.service.externalTrafficPolicy ) (print .Values.server.service.externalTrafficPolicy | title | eq "Local" )}} externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy| title | quote }} {{- else }} externalTrafficPolicy: {{ default "Cluster" | quote }} diff --git a/templates/server-ha-standby-service.yaml b/templates/server-ha-standby-service.yaml index ceca06dd2..e26b1ac94 100644 --- a/templates/server-ha-standby-service.yaml +++ b/templates/server-ha-standby-service.yaml @@ -15,7 +15,7 @@ metadata: annotations: {{ template "vault.service.annotations" .}} spec: - {{- if .Values.server.service.externalTrafficPolicy | title | eq "Local" }} + {{- if and (.Values.server.service.externalTrafficPolicy ) (print .Values.server.service.externalTrafficPolicy | title | eq "Local" )}} externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy| title | quote }} {{- else }} externalTrafficPolicy: {{ default "Cluster" | quote }} diff --git a/templates/server-service.yaml b/templates/server-service.yaml index 58b908262..bd73dec67 100644 --- a/templates/server-service.yaml +++ b/templates/server-service.yaml @@ -15,8 +15,8 @@ metadata: annotations: {{ template "vault.service.annotations" .}} spec: - {{- if .Values.server.service.externalTrafficPolicy | title | eq "Local" }} - externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy| title | quote }} + {{- if and (.Values.server.service.externalTrafficPolicy ) (print .Values.server.service.externalTrafficPolicy | title | eq "Local" )}} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy | title | quote }} {{- else }} externalTrafficPolicy: {{ default "Cluster" | quote }} {{- end}} From fd79787f851a4fdbe66c853bee09865608a01a50 Mon Sep 17 00:00:00 2001 From: shayfisher Date: Tue, 2 Mar 2021 14:11:20 +0200 Subject: [PATCH 03/17] Update server-service.bats Fix server-service test - add missing ' --- test/unit/server-service.bats | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/unit/server-service.bats b/test/unit/server-service.bats index 5232bf307..b89d22585 100755 --- a/test/unit/server-service.bats +++ b/test/unit/server-service.bats @@ -392,7 +392,7 @@ load _helpers --show-only templates/server-service.yaml \ --set 'server.service.externalTrafficPolicy=local' \ . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Local" ] } @@ -403,7 +403,7 @@ load _helpers --show-only templates/server-service.yaml \ --set 'server.service.externalTrafficPolicy=LOCAL' \ . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Local" ] } @@ -414,7 +414,7 @@ load _helpers --show-only templates/server-service.yaml \ --set 'server.service.externalTrafficPolicy=cluster' \ . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Local" ] } @@ -425,7 +425,7 @@ load _helpers --show-only templates/server-service.yaml \ --set 'server.service.externalTrafficPolicy=CLUSTER' \ . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Local" ] } @@ -436,6 +436,6 @@ load _helpers --show-only templates/server-service.yaml \ --set 'server.service.externalTrafficPolicy=vault' \ . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Cluster" ] -} \ No newline at end of file +} From 2a88f1597c83a7043d3f7f2055a48287bf3f5cc4 Mon Sep 17 00:00:00 2001 From: shayfisher Date: Wed, 3 Mar 2021 09:29:09 +0200 Subject: [PATCH 04/17] Update server-ha-active-service.bats --- test/unit/server-ha-active-service.bats | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/test/unit/server-ha-active-service.bats b/test/unit/server-ha-active-service.bats index c620bc164..66a4a88c7 100755 --- a/test/unit/server-ha-active-service.bats +++ b/test/unit/server-ha-active-service.bats @@ -166,7 +166,7 @@ load _helpers --set 'server.service.externalTrafficPolicy=local' \ --set 'server.ha.enabled=true' \ . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Local" ] } @@ -176,9 +176,9 @@ load _helpers local actual=$(helm template \ --show-only templates/server-ha-active-service.yaml \ --set 'server.service.externalTrafficPolicy=LOCAL' \ - --set 'server.ha.enabled=true' + --set 'server.ha.enabled=true' \ . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Local" ] } @@ -188,10 +188,10 @@ load _helpers local actual=$(helm template \ --show-only templates/server-ha-active-service.yaml \ --set 'server.service.externalTrafficPolicy=cluster' \ - --set 'server.ha.enabled=true' + --set 'server.ha.enabled=true' \ . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) - [ "${actual}" = "Local" ] + yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) + [ "${actual}" = "Cluster" ] } @test "server/ha-active-Service: vault externalTrafficPolicy set to Cluster uppercase" { @@ -200,10 +200,10 @@ load _helpers local actual=$(helm template \ --show-only templates/server-ha-active-service.yaml \ --set 'server.service.externalTrafficPolicy=CLUSTER' \ - --set 'server.ha.enabled=true' + --set 'server.ha.enabled=true' \ . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) - [ "${actual}" = "Local" ] + yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) + [ "${actual}" = "Cluster" ] } @test "server/ha-active-Service: vault externalTrafficPolicy set to wrong values, fallback to Cluster" { @@ -212,8 +212,8 @@ load _helpers local actual=$(helm template \ --show-only templates/server-ha-active-service.yaml \ --set 'server.service.externalTrafficPolicy=vault' \ - --set 'server.ha.enabled=true' + --set 'server.ha.enabled=true' \ . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Cluster" ] -} \ No newline at end of file +} From 8cd8a6b2a30fd997c005750619ba3dff692a5d58 Mon Sep 17 00:00:00 2001 From: shayfisher Date: Wed, 3 Mar 2021 09:29:37 +0200 Subject: [PATCH 05/17] Update server-ha-standby-service.bats --- test/unit/server-ha-standby-service.bats | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/test/unit/server-ha-standby-service.bats b/test/unit/server-ha-standby-service.bats index ddfbab755..7ee546d92 100755 --- a/test/unit/server-ha-standby-service.bats +++ b/test/unit/server-ha-standby-service.bats @@ -187,7 +187,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-ha-standby-service.yaml \ --set 'server.service.externalTrafficPolicy=LOCAL' \ - --set 'server.ha.enabled=true' + --set 'server.ha.enabled=true' \ . | tee /dev/stderr | yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) [ "${actual}" = "Local" ] @@ -199,10 +199,10 @@ load _helpers local actual=$(helm template \ --show-only templates/server-ha-standby-service.yaml \ --set 'server.service.externalTrafficPolicy=cluster' \ - --set 'server.ha.enabled=true' + --set 'server.ha.enabled=true' \ . | tee /dev/stderr | yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) - [ "${actual}" = "Local" ] + [ "${actual}" = "Cluster" ] } @test "server/ha-standby-Service: vault externalTrafficPolicy set to Cluster uppercase" { @@ -211,10 +211,10 @@ load _helpers local actual=$(helm template \ --show-only templates/server-ha-standby-service.yaml \ --set 'server.service.externalTrafficPolicy=CLUSTER' \ - --set 'server.ha.enabled=true' + --set 'server.ha.enabled=true' \ . | tee /dev/stderr | yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) - [ "${actual}" = "Local" ] + [ "${actual}" = "Cluster" ] } @test "server/ha-standby-Service: vault externalTrafficPolicy set to wrong values, fallback to Cluster" { @@ -223,8 +223,8 @@ load _helpers local actual=$(helm template \ --show-only templates/server-ha-standby-service.yaml \ --set 'server.service.externalTrafficPolicy=vault' \ - --set 'server.ha.enabled=true' + --set 'server.ha.enabled=true' \ . | tee /dev/stderr | yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) [ "${actual}" = "Cluster" ] -} \ No newline at end of file +} From b066e2d9c4e269fa39462e7f58aaa4b80d3c25c8 Mon Sep 17 00:00:00 2001 From: shayfisher Date: Wed, 3 Mar 2021 09:30:01 +0200 Subject: [PATCH 06/17] Update server-service.bats --- test/unit/server-service.bats | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/unit/server-service.bats b/test/unit/server-service.bats index b89d22585..f560379a4 100755 --- a/test/unit/server-service.bats +++ b/test/unit/server-service.bats @@ -415,7 +415,7 @@ load _helpers --set 'server.service.externalTrafficPolicy=cluster' \ . | tee /dev/stderr | yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) - [ "${actual}" = "Local" ] + [ "${actual}" = "Cluster" ] } @test "server/Service: vault externalTrafficPolicy set to Cluster uppercase" { @@ -426,7 +426,7 @@ load _helpers --set 'server.service.externalTrafficPolicy=CLUSTER' \ . | tee /dev/stderr | yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) - [ "${actual}" = "Local" ] + [ "${actual}" = "Cluster" ] } @test "server/Service: vault externalTrafficPolicy set to wrong values, fallback to Cluster" { From de28081dfb5c061e54b07cabd26e50d231d885b9 Mon Sep 17 00:00:00 2001 From: shayfisher Date: Wed, 3 Mar 2021 09:30:45 +0200 Subject: [PATCH 07/17] Update server-ha-active-service.yaml --- templates/server-ha-active-service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/server-ha-active-service.yaml b/templates/server-ha-active-service.yaml index 59f2b9fcd..bf56dbfbe 100644 --- a/templates/server-ha-active-service.yaml +++ b/templates/server-ha-active-service.yaml @@ -15,7 +15,7 @@ metadata: annotations: {{ template "vault.service.annotations" .}} spec: - {{- if and (.Values.server.service.externalTrafficPolicy ) (print .Values.server.service.externalTrafficPolicy | title | eq "Local" )}} + {{- if and (.Values.server.service.externalTrafficPolicy ) (print .Values.server.service.externalTrafficPolicy | lower | title | eq "Local" )}} externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy| title | quote }} {{- else }} externalTrafficPolicy: {{ default "Cluster" | quote }} From 7ce2c841c5f469faa763a2126d4aa1aad2cb85a8 Mon Sep 17 00:00:00 2001 From: shayfisher Date: Wed, 3 Mar 2021 09:31:16 +0200 Subject: [PATCH 08/17] Update server-ha-standby-service.yaml --- templates/server-ha-standby-service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/server-ha-standby-service.yaml b/templates/server-ha-standby-service.yaml index e26b1ac94..481458260 100644 --- a/templates/server-ha-standby-service.yaml +++ b/templates/server-ha-standby-service.yaml @@ -15,7 +15,7 @@ metadata: annotations: {{ template "vault.service.annotations" .}} spec: - {{- if and (.Values.server.service.externalTrafficPolicy ) (print .Values.server.service.externalTrafficPolicy | title | eq "Local" )}} + {{- if and (.Values.server.service.externalTrafficPolicy ) (print .Values.server.service.externalTrafficPolicy | lower | title | eq "Local" )}} externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy| title | quote }} {{- else }} externalTrafficPolicy: {{ default "Cluster" | quote }} From 67e4e7cb48ddda94a70e3aaf9ac7e6fa1d264784 Mon Sep 17 00:00:00 2001 From: shayfisher Date: Wed, 3 Mar 2021 09:31:31 +0200 Subject: [PATCH 09/17] Update server-ha-standby-service.yaml --- templates/server-ha-standby-service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/server-ha-standby-service.yaml b/templates/server-ha-standby-service.yaml index 481458260..68ee5432d 100644 --- a/templates/server-ha-standby-service.yaml +++ b/templates/server-ha-standby-service.yaml @@ -16,7 +16,7 @@ metadata: {{ template "vault.service.annotations" .}} spec: {{- if and (.Values.server.service.externalTrafficPolicy ) (print .Values.server.service.externalTrafficPolicy | lower | title | eq "Local" )}} - externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy| title | quote }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy| lower | title | quote }} {{- else }} externalTrafficPolicy: {{ default "Cluster" | quote }} {{- end}} From 44fdd05f52b869539cb7dc077dede9064863ba30 Mon Sep 17 00:00:00 2001 From: shayfisher Date: Wed, 3 Mar 2021 09:31:52 +0200 Subject: [PATCH 10/17] Update server-ha-active-service.yaml --- templates/server-ha-active-service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/server-ha-active-service.yaml b/templates/server-ha-active-service.yaml index bf56dbfbe..e4fa8b9a3 100644 --- a/templates/server-ha-active-service.yaml +++ b/templates/server-ha-active-service.yaml @@ -16,7 +16,7 @@ metadata: {{ template "vault.service.annotations" .}} spec: {{- if and (.Values.server.service.externalTrafficPolicy ) (print .Values.server.service.externalTrafficPolicy | lower | title | eq "Local" )}} - externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy| title | quote }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy| lower | title | quote }} {{- else }} externalTrafficPolicy: {{ default "Cluster" | quote }} {{- end}} From 3b05686dfd9676b0153c52de346c76d3eeb58f97 Mon Sep 17 00:00:00 2001 From: shayfisher Date: Wed, 3 Mar 2021 09:32:16 +0200 Subject: [PATCH 11/17] Update server-service.yaml --- templates/server-service.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/server-service.yaml b/templates/server-service.yaml index bd73dec67..d2898ac9e 100644 --- a/templates/server-service.yaml +++ b/templates/server-service.yaml @@ -15,8 +15,8 @@ metadata: annotations: {{ template "vault.service.annotations" .}} spec: - {{- if and (.Values.server.service.externalTrafficPolicy ) (print .Values.server.service.externalTrafficPolicy | title | eq "Local" )}} - externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy | title | quote }} + {{- if and (.Values.server.service.externalTrafficPolicy ) (print .Values.server.service.externalTrafficPolicy | lower | title | eq "Local" )}} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy | lower | title | quote }} {{- else }} externalTrafficPolicy: {{ default "Cluster" | quote }} {{- end}} From a5cd8fcbedff9f4604fe5e1a4c57d097d3bb9e1f Mon Sep 17 00:00:00 2001 From: shayfisher Date: Wed, 24 Mar 2021 15:56:20 +0200 Subject: [PATCH 12/17] Update server-ha-standby-service.bats Add missing ' --- test/unit/server-ha-standby-service.bats | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/test/unit/server-ha-standby-service.bats b/test/unit/server-ha-standby-service.bats index 7ee546d92..2cc607856 100755 --- a/test/unit/server-ha-standby-service.bats +++ b/test/unit/server-ha-standby-service.bats @@ -177,7 +177,7 @@ load _helpers --set 'server.service.externalTrafficPolicy=local' \ --set 'server.ha.enabled=true' \ . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Local" ] } @@ -189,7 +189,7 @@ load _helpers --set 'server.service.externalTrafficPolicy=LOCAL' \ --set 'server.ha.enabled=true' \ . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Local" ] } @@ -201,7 +201,7 @@ load _helpers --set 'server.service.externalTrafficPolicy=cluster' \ --set 'server.ha.enabled=true' \ . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Cluster" ] } @@ -213,7 +213,7 @@ load _helpers --set 'server.service.externalTrafficPolicy=CLUSTER' \ --set 'server.ha.enabled=true' \ . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Cluster" ] } @@ -225,6 +225,6 @@ load _helpers --set 'server.service.externalTrafficPolicy=vault' \ --set 'server.ha.enabled=true' \ . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy | tee /dev/stderr) + yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Cluster" ] } From 799a6f15ed438810f6431cfd9091a3795e7f6874 Mon Sep 17 00:00:00 2001 From: shay fisher Date: Wed, 24 Mar 2021 19:43:36 +0200 Subject: [PATCH 13/17] Set externalTrafficPolicy=Local only for NodePort --- templates/server-ha-active-service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/server-ha-active-service.yaml b/templates/server-ha-active-service.yaml index e4fa8b9a3..19a0710b8 100644 --- a/templates/server-ha-active-service.yaml +++ b/templates/server-ha-active-service.yaml @@ -15,7 +15,7 @@ metadata: annotations: {{ template "vault.service.annotations" .}} spec: - {{- if and (.Values.server.service.externalTrafficPolicy ) (print .Values.server.service.externalTrafficPolicy | lower | title | eq "Local" )}} + {{- if and (.Values.server.service.externalTrafficPolicy ) (print .Values.server.service.externalTrafficPolicy | lower | title | eq "Local" ) (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy| lower | title | quote }} {{- else }} externalTrafficPolicy: {{ default "Cluster" | quote }} From 7ce27f3903b383a599767bdfb88420158d273fc9 Mon Sep 17 00:00:00 2001 From: shay fisher Date: Thu, 25 Mar 2021 06:35:20 +0200 Subject: [PATCH 14/17] change tests for the case where externalTrafficPolicy is set to local and service type is NodePort otherwise don'tset externalTrafficPolicy --- test/unit/server-ha-active-service.bats | 2 ++ test/unit/server-ha-standby-service.bats | 2 ++ test/unit/server-service.bats | 2 ++ 3 files changed, 6 insertions(+) diff --git a/test/unit/server-ha-active-service.bats b/test/unit/server-ha-active-service.bats index 66a4a88c7..7b52271cb 100755 --- a/test/unit/server-ha-active-service.bats +++ b/test/unit/server-ha-active-service.bats @@ -164,6 +164,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-ha-active-service.yaml \ --set 'server.service.externalTrafficPolicy=local' \ + --set 'server.service.type=NodePort' \ --set 'server.ha.enabled=true' \ . | tee /dev/stderr | yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) @@ -176,6 +177,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-ha-active-service.yaml \ --set 'server.service.externalTrafficPolicy=LOCAL' \ + --set 'server.service.type=NodePort' \ --set 'server.ha.enabled=true' \ . | tee /dev/stderr | yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) diff --git a/test/unit/server-ha-standby-service.bats b/test/unit/server-ha-standby-service.bats index 2cc607856..3548ac0b8 100755 --- a/test/unit/server-ha-standby-service.bats +++ b/test/unit/server-ha-standby-service.bats @@ -175,6 +175,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-ha-standby-service.yaml \ --set 'server.service.externalTrafficPolicy=local' \ + --set 'server.service.type=NodePort' \ --set 'server.ha.enabled=true' \ . | tee /dev/stderr | yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) @@ -187,6 +188,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-ha-standby-service.yaml \ --set 'server.service.externalTrafficPolicy=LOCAL' \ + --set 'server.service.type=NodePort' \ --set 'server.ha.enabled=true' \ . | tee /dev/stderr | yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) diff --git a/test/unit/server-service.bats b/test/unit/server-service.bats index f560379a4..dbef2e744 100755 --- a/test/unit/server-service.bats +++ b/test/unit/server-service.bats @@ -391,6 +391,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-service.yaml \ --set 'server.service.externalTrafficPolicy=local' \ + --set 'server.service.type=NodePort' \ . | tee /dev/stderr | yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Local" ] @@ -402,6 +403,7 @@ load _helpers local actual=$(helm template \ --show-only templates/server-service.yaml \ --set 'server.service.externalTrafficPolicy=LOCAL' \ + --set 'server.service.type=NodePort' \ . | tee /dev/stderr | yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Local" ] From aaf500ab228a3c287d54162367f4fb2cd2ffa71c Mon Sep 17 00:00:00 2001 From: Shay Fisher Date: Wed, 29 Sep 2021 11:53:05 +0300 Subject: [PATCH 15/17] update according to suggestions by Ben --- templates/server-ha-active-service.yaml | 6 ++---- templates/server-service.yaml | 6 ++---- values.yaml | 9 ++++++++- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/templates/server-ha-active-service.yaml b/templates/server-ha-active-service.yaml index 19a0710b8..a32bdebe6 100644 --- a/templates/server-ha-active-service.yaml +++ b/templates/server-ha-active-service.yaml @@ -15,10 +15,8 @@ metadata: annotations: {{ template "vault.service.annotations" .}} spec: - {{- if and (.Values.server.service.externalTrafficPolicy ) (print .Values.server.service.externalTrafficPolicy | lower | title | eq "Local" ) (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }} - externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy| lower | title | quote }} - {{- else }} - externalTrafficPolicy: {{ default "Cluster" | quote }} + {{- if .Values.server.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }} {{- end}} {{- if .Values.server.service.type}} type: {{ .Values.server.service.type }} diff --git a/templates/server-service.yaml b/templates/server-service.yaml index d2898ac9e..7ae7e1d2a 100644 --- a/templates/server-service.yaml +++ b/templates/server-service.yaml @@ -15,10 +15,8 @@ metadata: annotations: {{ template "vault.service.annotations" .}} spec: - {{- if and (.Values.server.service.externalTrafficPolicy ) (print .Values.server.service.externalTrafficPolicy | lower | title | eq "Local" )}} - externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy | lower | title | quote }} - {{- else }} - externalTrafficPolicy: {{ default "Cluster" | quote }} + {{- if .Values.server.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }} {{- end}} {{- if .Values.server.service.type}} type: {{ .Values.server.service.type }} diff --git a/values.yaml b/values.yaml index e3c238bab..53ab47f41 100644 --- a/values.yaml +++ b/values.yaml @@ -170,7 +170,6 @@ injector: # Injector service specific config service: - externalTrafficPolicy: "Cluster" # Extra annotations to attach to the injector service annotations: {} @@ -396,6 +395,14 @@ server: # Enables a headless service to be used by the Vault Statefulset service: + # The externalTrafficPolicy can be set to either Cluster or Local + # when service type is NodePort, using Local will not forward packets + # to nodes that don't have an active endpoint but will allow preserving the + # source ip of the request. If Cluster is being used, whenever a packet + # is received on a node with no active endpoint it will be forwarded to + # a node which has one (replacing the source ip with internal ip address) + # for more information - https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-type-nodeport + externalTrafficPolicy: Cluster enabled: true # clusterIP controls whether a Cluster IP address is attached to the # Vault service within Kubernetes. By default the Vault service will From 31ff8b1aa6988e865cfefccb51e6ea7ef2b75a4d Mon Sep 17 00:00:00 2001 From: Shay Fisher Date: Wed, 29 Sep 2021 12:07:47 +0300 Subject: [PATCH 16/17] use the title function on externalTrafficPolicy Remove test that isn't necessary - changed documentation instead --- templates/server-ha-active-service.yaml | 2 +- templates/server-service.yaml | 2 +- test/unit/server-ha-active-service.bats | 12 ------------ test/unit/server-service.bats | 11 ----------- 4 files changed, 2 insertions(+), 25 deletions(-) diff --git a/templates/server-ha-active-service.yaml b/templates/server-ha-active-service.yaml index a32bdebe6..ce40e239b 100644 --- a/templates/server-ha-active-service.yaml +++ b/templates/server-ha-active-service.yaml @@ -16,7 +16,7 @@ metadata: {{ template "vault.service.annotations" .}} spec: {{- if .Values.server.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy | title }} {{- end}} {{- if .Values.server.service.type}} type: {{ .Values.server.service.type }} diff --git a/templates/server-service.yaml b/templates/server-service.yaml index 7ae7e1d2a..73400db67 100644 --- a/templates/server-service.yaml +++ b/templates/server-service.yaml @@ -16,7 +16,7 @@ metadata: {{ template "vault.service.annotations" .}} spec: {{- if .Values.server.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy | title }} {{- end}} {{- if .Values.server.service.type}} type: {{ .Values.server.service.type }} diff --git a/test/unit/server-ha-active-service.bats b/test/unit/server-ha-active-service.bats index 7b52271cb..c88e4641b 100755 --- a/test/unit/server-ha-active-service.bats +++ b/test/unit/server-ha-active-service.bats @@ -207,15 +207,3 @@ load _helpers yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Cluster" ] } - -@test "server/ha-active-Service: vault externalTrafficPolicy set to wrong values, fallback to Cluster" { - cd `chart_dir` - - local actual=$(helm template \ - --show-only templates/server-ha-active-service.yaml \ - --set 'server.service.externalTrafficPolicy=vault' \ - --set 'server.ha.enabled=true' \ - . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) - [ "${actual}" = "Cluster" ] -} diff --git a/test/unit/server-service.bats b/test/unit/server-service.bats index dbef2e744..112bd90fd 100755 --- a/test/unit/server-service.bats +++ b/test/unit/server-service.bats @@ -430,14 +430,3 @@ load _helpers yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) [ "${actual}" = "Cluster" ] } - -@test "server/Service: vault externalTrafficPolicy set to wrong values, fallback to Cluster" { - cd `chart_dir` - - local actual=$(helm template \ - --show-only templates/server-service.yaml \ - --set 'server.service.externalTrafficPolicy=vault' \ - . | tee /dev/stderr | - yq -r '.spec.externalTrafficPolicy' | tee /dev/stderr) - [ "${actual}" = "Cluster" ] -} From d9cd4fc4fecd0be3ad2332aa7a17264ba9c5c1d0 Mon Sep 17 00:00:00 2001 From: Shay Fisher Date: Wed, 29 Sep 2021 12:14:56 +0300 Subject: [PATCH 17/17] first change case to lower --- templates/server-ha-active-service.yaml | 2 +- templates/server-service.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/server-ha-active-service.yaml b/templates/server-ha-active-service.yaml index ce40e239b..f3a56ef12 100644 --- a/templates/server-ha-active-service.yaml +++ b/templates/server-ha-active-service.yaml @@ -16,7 +16,7 @@ metadata: {{ template "vault.service.annotations" .}} spec: {{- if .Values.server.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy | title }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy | lower | title }} {{- end}} {{- if .Values.server.service.type}} type: {{ .Values.server.service.type }} diff --git a/templates/server-service.yaml b/templates/server-service.yaml index 73400db67..e2b21cb24 100644 --- a/templates/server-service.yaml +++ b/templates/server-service.yaml @@ -16,7 +16,7 @@ metadata: {{ template "vault.service.annotations" .}} spec: {{- if .Values.server.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy | title }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy | lower | title }} {{- end}} {{- if .Values.server.service.type}} type: {{ .Values.server.service.type }}