diff --git a/charts/openbao/Chart.yaml b/charts/openbao/Chart.yaml index f57d37f..ef23943 100644 --- a/charts/openbao/Chart.yaml +++ b/charts/openbao/Chart.yaml @@ -3,8 +3,8 @@ apiVersion: v2 name: openbao -version: 0.6.0 -appVersion: v2.0.2 +version: 0.5.0 +appVersion: v2.0.1 kubeVersion: ">= 1.27.0-0" description: Official OpenBao Chart home: https://github.com/openbao/openbao-helm diff --git a/charts/openbao/README.md b/charts/openbao/README.md index 70bc13c..ca7ae18 100644 --- a/charts/openbao/README.md +++ b/charts/openbao/README.md @@ -1,6 +1,6 @@ # openbao -![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![AppVersion: v2.0.2](https://img.shields.io/badge/AppVersion-v2.0.2-informational?style=flat-square) +![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![AppVersion: v2.0.1](https://img.shields.io/badge/AppVersion-v2.0.1-informational?style=flat-square) Official OpenBao Chart @@ -29,7 +29,7 @@ Kubernetes: `>= 1.27.0-0` | csi.agent.image.pullPolicy | string | `"IfNotPresent"` | image pull policy to use for agent image. if tag is "latest", set to "Always" | | csi.agent.image.registry | string | `"quay.io"` | image registry to use for agent image | | csi.agent.image.repository | string | `"openbao/openbao"` | image repo to use for agent image | -| csi.agent.image.tag | string | `"2.0.2"` | image tag to use for agent image | +| csi.agent.image.tag | string | `"2.0.0-alpha20240329"` | image tag to use for agent image | | csi.agent.logFormat | string | `"standard"` | | | csi.agent.logLevel | string | `"info"` | | | csi.agent.resources | object | `{}` | | @@ -48,7 +48,7 @@ Kubernetes: `>= 1.27.0-0` | csi.image.pullPolicy | string | `"IfNotPresent"` | image pull policy to use for csi image. if tag is "latest", set to "Always" | | csi.image.registry | string | `"docker.io"` | image registry to use for csi image | | csi.image.repository | string | `"hashicorp/vault-csi-provider"` | image repo to use for csi image | -| csi.image.tag | string | `"1.4.0"` | image tag to use for csi image | +| csi.image.tag | string | `"1.4.1"` | image tag to use for csi image | | csi.livenessProbe.failureThreshold | int | `2` | | | csi.livenessProbe.initialDelaySeconds | int | `5` | | | csi.livenessProbe.periodSeconds | int | `5` | | @@ -87,11 +87,11 @@ Kubernetes: `>= 1.27.0-0` | injector.agentDefaults.template | string | `"map"` | | | injector.agentDefaults.templateConfig.exitOnRetryFailure | bool | `true` | | | injector.agentDefaults.templateConfig.staticSecretRenderInterval | string | `""` | | -| injector.agentImage | object | `{"pullPolicy":"IfNotPresent","registry":"quay.io","repository":"openbao/openbao","tag":"2.0.2"}` | agentImage sets the repo and tag of the OpenBao image to use for the OpenBao Agent containers. This should be set to the official OpenBao image. OpenBao 1.3.1+ is required. | +| injector.agentImage | object | `{"pullPolicy":"IfNotPresent","registry":"quay.io","repository":"openbao/openbao","tag":"2.0.0-alpha20240329"}` | agentImage sets the repo and tag of the OpenBao image to use for the OpenBao Agent containers. This should be set to the official OpenBao image. OpenBao 1.3.1+ is required. | | injector.agentImage.pullPolicy | string | `"IfNotPresent"` | image pull policy to use for agent image. if tag is "latest", set to "Always" | | injector.agentImage.registry | string | `"quay.io"` | image registry to use for agent image | | injector.agentImage.repository | string | `"openbao/openbao"` | image repo to use for agent image | -| injector.agentImage.tag | string | `"2.0.2"` | image tag to use for agent image | +| injector.agentImage.tag | string | `"2.0.0-alpha20240329"` | image tag to use for agent image | | injector.annotations | object | `{}` | | | injector.authPath | string | `"auth/kubernetes"` | | | injector.certs.caBundle | string | `""` | | @@ -107,7 +107,7 @@ Kubernetes: `>= 1.27.0-0` | injector.image.pullPolicy | string | `"IfNotPresent"` | image pull policy to use for k8s image. if tag is "latest", set to "Always" | | injector.image.registry | string | `"docker.io"` | image registry to use for k8s image | | injector.image.repository | string | `"hashicorp/vault-k8s"` | image repo to use for k8s image | -| injector.image.tag | string | `"1.4.2"` | image tag to use for k8s image | +| injector.image.tag | string | `"1.3.1"` | image tag to use for k8s image | | injector.leaderElector | object | `{"enabled":true}` | If multiple replicas are specified, by default a leader will be determined so that only one injector attempts to create TLS certificates. | | injector.livenessProbe.failureThreshold | int | `2` | When a probe fails, Kubernetes will try failureThreshold times before giving up | | injector.livenessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before probe initiates | @@ -194,7 +194,7 @@ Kubernetes: `>= 1.27.0-0` | server.image.pullPolicy | string | `"IfNotPresent"` | image pull policy to use for server image. if tag is "latest", set to "Always" | | server.image.registry | string | `"quay.io"` | image registry to use for server image | | server.image.repository | string | `"openbao/openbao"` | image repo to use for server image | -| server.image.tag | string | `"2.0.2"` | image tag to use for server image | +| server.image.tag | string | `"2.0.0-alpha20240329"` | image tag to use for server image | | server.ingress.activeService | bool | `true` | | | server.ingress.annotations | object | `{}` | | | server.ingress.enabled | bool | `false` | | @@ -292,3 +292,5 @@ Kubernetes: `>= 1.27.0-0` | ui.serviceType | string | `"ClusterIP"` | | | ui.targetPort | int | `8200` | | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/charts/openbao/templates/csi-daemonset.yaml b/charts/openbao/templates/csi-daemonset.yaml index 1ace436..f3d2284 100644 --- a/charts/openbao/templates/csi-daemonset.yaml +++ b/charts/openbao/templates/csi-daemonset.yaml @@ -103,7 +103,7 @@ spec: timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }} {{- if eq (.Values.csi.agent.enabled | toString) "true" }} - name: {{ include "openbao.name" . }}-agent - image: "{{ .Values.csi.agent.image.registry | default "docker.io" }}/{{ .Values.csi.agent.image.repository }}:{{ .Values.csi.agent.image.tag }}" + image: "{{ .Values.csi.agent.image.repository }}:{{ .Values.csi.agent.image.tag }}" imagePullPolicy: {{ .Values.csi.agent.image.pullPolicy }} {{ template "csi.agent.resources" . }} command: @@ -117,9 +117,9 @@ spec: ports: - containerPort: 8200 env: - - name: BAO_LOG_LEVEL + - name: VAULT_LOG_LEVEL value: "{{ .Values.csi.agent.logLevel }}" - - name: BAO_LOG_FORMAT + - name: VAULT_LOG_FORMAT value: "{{ .Values.csi.agent.logFormat }}" securityContext: runAsNonRoot: true diff --git a/charts/openbao/templates/injector-deployment.yaml b/charts/openbao/templates/injector-deployment.yaml index 64e0de2..7d1cd5b 100644 --- a/charts/openbao/templates/injector-deployment.yaml +++ b/charts/openbao/templates/injector-deployment.yaml @@ -69,7 +69,7 @@ spec: - name: AGENT_INJECT_VAULT_AUTH_PATH value: {{ .Values.injector.authPath }} - name: AGENT_INJECT_VAULT_IMAGE - value: "{{ .Values.injector.image.registry | default "quay.io" }}/{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" + value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}" {{- if .Values.injector.certs.secretName }} - name: AGENT_INJECT_TLS_CERT_FILE value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}" diff --git a/charts/openbao/values.openshift.yaml b/charts/openbao/values.openshift.yaml index 04bed03..b63f548 100644 --- a/charts/openbao/values.openshift.yaml +++ b/charts/openbao/values.openshift.yaml @@ -14,13 +14,13 @@ injector: agentImage: registry: "quay.io" repository: "openbao/openbao" - tag: "v2.0.2-ubi" + tag: "v2.0.1-ubi" server: image: registry: "quay.io" repository: "openbao/openbao" - tag: "v2.0.2-ubi" + tag: "v2.0.1-ubi" readinessProbe: path: "/v1/sys/health?uninitcode=204" diff --git a/charts/openbao/values.yaml b/charts/openbao/values.yaml index 50c6859..99b6eb6 100644 --- a/charts/openbao/values.yaml +++ b/charts/openbao/values.yaml @@ -71,7 +71,7 @@ injector: # -- image repo to use for k8s image repository: "hashicorp/vault-k8s" # -- image tag to use for k8s image - tag: "1.4.2" + tag: "1.3.1" # -- image pull policy to use for k8s image. if tag is "latest", set to "Always" pullPolicy: IfNotPresent @@ -84,7 +84,7 @@ injector: # -- image repo to use for agent image repository: "openbao/openbao" # -- image tag to use for agent image - tag: "2.0.2" + tag: "2.0.1" # -- image pull policy to use for agent image. if tag is "latest", set to "Always" pullPolicy: IfNotPresent @@ -288,8 +288,7 @@ injector: # extraEnvironmentVars is a list of extra environment variables to set in the # injector deployment. - extraEnvironmentVars: - {} + extraEnvironmentVars: {} # KUBERNETES_SERVICE_HOST: kubernetes.default.svc # Affinity Settings for injector pods @@ -380,7 +379,7 @@ server: # -- image repo to use for server image repository: "openbao/openbao" # -- image tag to use for server image - tag: "2.0.2" + tag: "2.0.1" # -- image pull policy to use for server image. if tag is "latest", set to "Always" pullPolicy: IfNotPresent @@ -411,11 +410,9 @@ server: # In order to expose the service, use the route section below ingress: enabled: false - labels: - {} + labels: {} # traffic: external - annotations: - {} + annotations: {} # | # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" @@ -483,8 +480,7 @@ server: # -- extraInitContainers is a list of init containers. Specified as a YAML list. # This is useful if you need to run a script to provision TLS certificates or # write out configuration files in a dynamic way. - extraInitContainers: - [] + extraInitContainers: [] # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder, # # which is defined in the volumes value. # - name: oauthapp @@ -512,8 +508,7 @@ server: # -- extraPorts is a list of extra ports. Specified as a YAML list. # This is useful if you need to add additional ports to the statefulset in dynamic way. - extraPorts: - [] + extraPorts: [] # - containerPort: 8300 # name: http-monitoring @@ -575,16 +570,14 @@ server: # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be # used to include variables required for auto-unseal. - extraEnvironmentVars: - {} + extraEnvironmentVars: {} # GOOGLE_REGION: global # GOOGLE_PROJECT: myproject # GOOGLE_APPLICATION_CREDENTIALS: /openbao/userconfig/myproject/myproject-creds.json # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set. # These variables take value from existing Secret objects. - extraSecretEnvironmentVars: - [] + extraSecretEnvironmentVars: [] # - envName: AWS_SECRET_ACCESS_KEY # secretName: openbao # secretKey: AWS_SECRET_ACCESS_KEY @@ -593,8 +586,7 @@ server: # extraVolumes is a list of extra volumes to mount. These will be exposed # to OpenBao in the path `/openbao/userconfig//`. The value below is # an array of objects, examples are shown below. - extraVolumes: - [] + extraVolumes: [] # - type: secret (or "configMap") # name: my-secret # path: null # default is `/openbao/userconfig` @@ -659,12 +651,12 @@ server: # port: 443 ingress: - from: - - namespaceSelector: {} + - namespaceSelector: {} ports: - - port: 8200 - protocol: TCP - - port: 8201 - protocol: TCP + - port: 8200 + protocol: TCP + - port: 8201 + protocol: TCP # Priority class for server pods priorityClassName: "" @@ -901,6 +893,7 @@ server: # persistent volumes for OpenBao to store data according to the configuration under server.dataStorage. # The OpenBao cluster will coordinate leader elections and failovers internally. raft: + # Enables Raft integrated storage enabled: false # Set the Node Raft ID to the name of the pod @@ -975,8 +968,8 @@ server: disruptionBudget: enabled: true - # maxUnavailable will default to (n/2)-1 where n is the number of - # replicas. If you'd like a custom value, you can specify an override here. + # maxUnavailable will default to (n/2)-1 where n is the number of + # replicas. If you'd like a custom value, you can specify an override here. maxUnavailable: null # Definition of the serviceAccount used to run Vault. @@ -1100,7 +1093,7 @@ csi: # -- image repo to use for csi image repository: "hashicorp/vault-csi-provider" # -- image tag to use for csi image - tag: "1.4.0" + tag: "1.4.1" # -- image pull policy to use for csi image. if tag is "latest", set to "Always" pullPolicy: IfNotPresent @@ -1190,7 +1183,7 @@ csi: # -- image repo to use for agent image repository: "openbao/openbao" # -- image tag to use for agent image - tag: "2.0.2" + tag: "2.0.1" # -- image pull policy to use for agent image. if tag is "latest", set to "Always" pullPolicy: IfNotPresent diff --git a/test/acceptance/csi-test/openbao-kv-secretproviderclass.yaml b/test/acceptance/csi-test/openbao-kv-secretproviderclass.yaml index 2c8339a..300676d 100644 --- a/test/acceptance/csi-test/openbao-kv-secretproviderclass.yaml +++ b/test/acceptance/csi-test/openbao-kv-secretproviderclass.yaml @@ -5,9 +5,9 @@ apiVersion: secrets-store.csi.x-k8s.io/v1 kind: SecretProviderClass metadata: - name: vault-kv + name: openbao-kv spec: - provider: vault + provider: openbao parameters: roleName: "kv-role" objects: | diff --git a/test/acceptance/csi.bats b/test/acceptance/csi.bats index d95af15..c4b5327 100644 --- a/test/acceptance/csi.bats +++ b/test/acceptance/csi.bats @@ -2,73 +2,73 @@ load _helpers -@test "csi: testing deployment" { - cd `chart_dir` +# @test "csi: testing deployment" { +# cd `chart_dir` - kubectl delete namespace acceptance --ignore-not-found=true - kubectl create namespace acceptance +# kubectl delete namespace acceptance --ignore-not-found=true +# kubectl create namespace acceptance - # Install Secrets Store CSI driver - # Configure it to pass in a JWT for the provider to use, and rotate secrets rapidly - # so we can see Agent's cache working. - CSI_DRIVER_VERSION=1.3.2 - helm install secrets-store-csi-driver secrets-store-csi-driver \ - --repo https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts \ - --version=$CSI_DRIVER_VERSION \ - --wait --timeout=5m \ - --namespace=acceptance \ - --set linux.image.pullPolicy="IfNotPresent" \ - --set tokenRequests[0].audience="openbao" \ - --set enableSecretRotation=true \ - --set rotationPollInterval=5s - # Install OpenBao and OpenBao provider - helm install openbao \ - --wait --timeout=5m \ - --namespace=acceptance \ - --set="server.dev.enabled=true" \ - --set="csi.enabled=true" \ - --set="csi.debug=true" \ - --set="csi.agent.logLevel=debug" \ - --set="injector.enabled=false" \ - . - kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod -l app.kubernetes.io/name=openbao - kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod -l app.kubernetes.io/name=openbao-csi-provider +# # Install Secrets Store CSI driver +# # Configure it to pass in a JWT for the provider to use, and rotate secrets rapidly +# # so we can see Agent's cache working. +# CSI_DRIVER_VERSION=1.3.2 +# helm install secrets-store-csi-driver secrets-store-csi-driver \ +# --repo https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts \ +# --version=$CSI_DRIVER_VERSION \ +# --wait --timeout=5m \ +# --namespace=acceptance \ +# --set linux.image.pullPolicy="IfNotPresent" \ +# --set tokenRequests[0].audience="openbao" \ +# --set enableSecretRotation=true \ +# --set rotationPollInterval=5s +# # Install OpenBao and OpenBao provider +# helm install openbao \ +# --wait --timeout=5m \ +# --namespace=acceptance \ +# --set="server.dev.enabled=true" \ +# --set="csi.enabled=true" \ +# --set="csi.debug=true" \ +# --set="csi.agent.logLevel=debug" \ +# --set="injector.enabled=false" \ +# . +# kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod -l app.kubernetes.io/name=openbao +# kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod -l app.kubernetes.io/name=openbao-csi-provider - # Set up k8s auth and a kv secret. - cat ../../test/acceptance/csi-test/openbao-policy.hcl | kubectl --namespace=acceptance exec -i openbao-0 -- bao policy write kv-policy - - kubectl --namespace=acceptance exec openbao-0 -- bao auth enable kubernetes - kubectl --namespace=acceptance exec openbao-0 -- sh -c 'bao write auth/kubernetes/config \ - kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443"' - kubectl --namespace=acceptance exec openbao-0 -- bao write auth/kubernetes/role/kv-role \ - bound_service_account_names=nginx \ - bound_service_account_namespaces=acceptance \ - policies=kv-policy \ - ttl=20m - kubectl --namespace=acceptance exec openbao-0 -- bao kv put secret/kv1 bar1=hello1 +# # Set up k8s auth and a kv secret. +# cat ../../test/acceptance/csi-test/openbao-policy.hcl | kubectl --namespace=acceptance exec -i openbao-0 -- bao policy write kv-policy - +# kubectl --namespace=acceptance exec openbao-0 -- bao auth enable kubernetes +# kubectl --namespace=acceptance exec openbao-0 -- sh -c 'bao write auth/kubernetes/config \ +# kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443"' +# kubectl --namespace=acceptance exec openbao-0 -- bao write auth/kubernetes/role/kv-role \ +# bound_service_account_names=nginx \ +# bound_service_account_namespaces=acceptance \ +# policies=kv-policy \ +# ttl=20m +# kubectl --namespace=acceptance exec openbao-0 -- bao kv put secret/kv1 bar1=hello1 - kubectl --namespace=acceptance apply -f ../../test/acceptance/csi-test/openbao-kv-secretproviderclass.yaml - kubectl --namespace=acceptance apply -f ../../test/acceptance/csi-test/nginx.yaml - kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod nginx +# kubectl --namespace=acceptance apply -f ../../test/acceptance/csi-test/openbao-kv-secretproviderclass.yaml +# kubectl --namespace=acceptance apply -f ../../test/acceptance/csi-test/nginx.yaml +# kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod nginx - result=$(kubectl --namespace=acceptance exec nginx -- cat /mnt/secrets-store/bar) - [[ "$result" == "hello1" ]] +# result=$(kubectl --namespace=acceptance exec nginx -- cat /mnt/secrets-store/bar) +# [[ "$result" == "hello1" ]] - for i in $(seq 10); do - sleep 2 - if [ "$(kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=openbao-csi-provider" -c openbao-agent | grep "secret renewed: path=/v1/auth/kubernetes/login")" ]; then - echo "Agent returned a cached login response" - return - fi +# for i in $(seq 10); do +# sleep 2 +# if [ "$(kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=openbao-csi-provider" -c openbao-agent | grep "secret renewed: path=/v1/auth/kubernetes/login")" ]; then +# echo "Agent returned a cached login response" +# return +# fi - echo "Waiting to confirm the Agent is renewing CSI's auth token..." - done +# echo "Waiting to confirm the Agent is renewing CSI's auth token..." +# done - # Print the logs and fail the test - echo "Failed to find a log for the Agent renewing CSI's auth token" - kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=openbao-csi-provider" -c openbao-agent - kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=openbao-csi-provider" -c openbao-csi-provider - exit 1 -} +# # Print the logs and fail the test +# echo "Failed to find a log for the Agent renewing CSI's auth token" +# kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=openbao-csi-provider" -c openbao-agent +# kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=openbao-csi-provider" -c openbao-csi-provider +# exit 1 +# } # Clean up teardown() { diff --git a/test/acceptance/injector-test/job.yaml b/test/acceptance/injector-test/job.yaml index 30e6ee2..b40b57b 100644 --- a/test/acceptance/injector-test/job.yaml +++ b/test/acceptance/injector-test/job.yaml @@ -32,11 +32,11 @@ spec: spec: serviceAccountName: pgdump containers: - - name: pgdump - image: postgres:11.5 - command: - - "/bin/sh" - - "-ec" - args: - - "/usr/bin/pg_dump $(cat /vault/secrets/db-creds) --no-owner > /dev/stdout" + - name: pgdump + image: postgres:11.5 + command: + - "/bin/sh" + - "-ec" + args: + - "/usr/bin/pg_dump $(cat /openbao/secrets/db-creds) --no-owner > /dev/stdout" restartPolicy: Never diff --git a/test/acceptance/injector.bats b/test/acceptance/injector.bats index 2156597..e093157 100644 --- a/test/acceptance/injector.bats +++ b/test/acceptance/injector.bats @@ -2,46 +2,46 @@ load _helpers -@test "injector: testing deployment" { - cd `chart_dir` +# @test "injector: testing deployment" { +# cd `chart_dir` - kubectl delete namespace acceptance --ignore-not-found=true - kubectl create namespace acceptance - kubectl config set-context --current --namespace=acceptance +# kubectl delete namespace acceptance --ignore-not-found=true +# kubectl create namespace acceptance +# kubectl config set-context --current --namespace=acceptance - kubectl create -f ../../test/acceptance/injector-test/pg-deployment.yaml - sleep 5 - wait_for_ready $(kubectl get pod -l app=postgres -o jsonpath="{.items[0].metadata.name}") +# kubectl create -f ../../test/acceptance/injector-test/pg-deployment.yaml +# sleep 5 +# wait_for_ready $(kubectl get pod -l app=postgres -o jsonpath="{.items[0].metadata.name}") - kubectl create secret generic test \ - --from-file ../../test/acceptance/injector-test/pgdump-policy.hcl \ - --from-file ../../test/acceptance/injector-test/bootstrap.sh +# kubectl create secret generic test \ +# --from-file ../../test/acceptance/injector-test/pgdump-policy.hcl \ +# --from-file ../../test/acceptance/injector-test/bootstrap.sh - kubectl label secret test app=openbao-agent-demo +# kubectl label secret test app=openbao-agent-demo - helm install "$(name_prefix)" \ - --set="server.extraVolumes[0].type=secret" \ - --set="server.extraVolumes[0].name=test" . - wait_for_running $(name_prefix)-0 +# helm install "$(name_prefix)" \ +# --set="server.extraVolumes[0].type=secret" \ +# --set="server.extraVolumes[0].name=test" . +# wait_for_running $(name_prefix)-0 - wait_for_ready $(kubectl get pod -l component=webhook -o jsonpath="{.items[0].metadata.name}") +# wait_for_ready $(kubectl get pod -l component=webhook -o jsonpath="{.items[0].metadata.name}") - kubectl exec -ti "$(name_prefix)-0" -- /bin/sh -c "cp /openbao/userconfig/test/bootstrap.sh /tmp/bootstrap.sh && chmod +x /tmp/bootstrap.sh && /tmp/bootstrap.sh" - sleep 5 +# kubectl exec -ti "$(name_prefix)-0" -- /bin/sh -c "cp /openbao/userconfig/test/bootstrap.sh /tmp/bootstrap.sh && chmod +x /tmp/bootstrap.sh && /tmp/bootstrap.sh" +# sleep 5 - # Sealed, not initialized - local sealed_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json | - jq -r '.sealed' ) - [ "${sealed_status}" == "false" ] +# # Sealed, not initialized +# local sealed_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json | +# jq -r '.sealed' ) +# [ "${sealed_status}" == "false" ] - local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json | - jq -r '.initialized') - [ "${init_status}" == "true" ] +# local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json | +# jq -r '.initialized') +# [ "${init_status}" == "true" ] - kubectl create -f ../../test/acceptance/injector-test/job.yaml - wait_for_complete_job "pgdump" -} +# kubectl create -f ../../test/acceptance/injector-test/job.yaml +# wait_for_complete_job "pgdump" +# } # Clean up teardown() { diff --git a/test/unit/csi-daemonset.bats b/test/unit/csi-daemonset.bats index 4f4e759..78daa80 100644 --- a/test/unit/csi-daemonset.bats +++ b/test/unit/csi-daemonset.bats @@ -107,7 +107,7 @@ load _helpers [ "${actual}" = "PullPolicy1" ] local actual=$(echo $object | yq -r '.[1].image' | tee /dev/stderr) - [ "${actual}" = "quay.io/Image2:0.0.2" ] + [ "${actual}" = "Image2:0.0.2" ] local actual=$(echo $object | yq -r '.[1].imagePullPolicy' | tee /dev/stderr) [ "${actual}" = "PullPolicy2" ] @@ -796,7 +796,7 @@ load _helpers yq -r '.spec.template.spec.containers[1].env' | tee /dev/stderr) local value=$(echo $object | - yq -r 'map(select(.name=="BAO_LOG_LEVEL")) | .[] .value' | tee /dev/stderr) + yq -r 'map(select(.name=="VAULT_LOG_LEVEL")) | .[] .value' | tee /dev/stderr) [ "${value}" = "error" ] } @@ -810,7 +810,7 @@ load _helpers yq -r '.spec.template.spec.containers[1].env' | tee /dev/stderr) local value=$(echo $object | - yq -r 'map(select(.name=="BAO_LOG_FORMAT")) | .[] .value' | tee /dev/stderr) + yq -r 'map(select(.name=="VAULT_LOG_FORMAT")) | .[] .value' | tee /dev/stderr) [ "${value}" = "json" ] }