Allow overriding VAULT_API_ADDR (#290)

hashicorp · Jul 14, 2020 · 85b5269 · 85b5269
1 parent ef7df3d
commit 85b5269
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 0 deletions.
diff --git a/templates/server-statefulset.yaml b/templates/server-statefulset.yaml
@@ -87,7 +87,11 @@ spec:
             - name: VAULT_ADDR
               value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
             - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
               value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
             - name: SKIP_CHOWN
               value: "true"
             - name: SKIP_SETCAP

diff --git a/test/unit/server-ha-statefulset.bats b/test/unit/server-ha-statefulset.bats
@@ -403,6 +403,44 @@ load _helpers
   [ "${actual}" = "secret_key_1" ]
 }
 
+#--------------------------------------------------------------------
+# VAULT_API_ADDR renders
+
+@test "server/ha-StatefulSet: api addr renders to Pod IP by default" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.ha.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+     yq -r '.[5].name' | tee /dev/stderr)
+  [ "${actual}" = "VAULT_API_ADDR" ]
+
+  local actual=$(echo $object |
+     yq -r '.[5].value' | tee /dev/stderr)
+  [ "${actual}" = 'http://$(POD_IP):8200' ]
+}
+
+@test "server/ha-StatefulSet: api addr can be overriden" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.ha.enabled=true' \
+      --set 'server.ha.apiAddr="https://example.com:8200"' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+     yq -r '.[5].name' | tee /dev/stderr)
+  [ "${actual}" = "VAULT_API_ADDR" ]
+
+  local actual=$(echo $object |
+     yq -r '.[5].value' | tee /dev/stderr)
+  [ "${actual}" = 'https://example.com:8200' ]
+}
+
 #--------------------------------------------------------------------
 # VAULT_CLUSTER_ADDR renders
 

diff --git a/values.yaml b/values.yaml
@@ -387,6 +387,11 @@ server:
     enabled: false
     replicas: 3
 
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+
     # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
     # Vault's persistence is external (such as Consul), enabling Raft mode will create
     # persistent volumes for Vault to store data according to the configuration under server.dataStorage.