Comments (9)
Hi @jasonodonnell,
See how pod annotations are done here: https://github.com/helm/charts/blob/8180c3ffcf90dd5c2bc40e7006715100d7d6386d/incubator/vault/templates/deployment.yaml#L41 as an example. This is a lot easier to work with rather than having to do yaml strings.
from vault-helm.
I didn't see this issue when preparing my change, but it makes a lot of sense. Specially when you have to write sensitive information as passwords. I'm trying to cover the config part, more or less, with this change #213.
Another thing that puzzles me but I didn't want to introduce in my change is the fact that deployment mode is split and each one define it's config. A single variable could include the mode and another one the config (with any validation done by Helm).
But for sure, my biggest problem right now is the config specification. Having the possibility to do it in a more dynamic way opens the doors to GitOps and secret management.
from vault-helm.
Any word on if this would be accepted if I were to submit a PR? Working with this helm chart is a bit painful as it does a lot of custom stuff instead of adopting community standards, and using native features of yaml.
from vault-helm.
I would change any type of value that can be represented in a kubernetes native way to such way. For example, yaml maps for annotations and labels, volumes and volume mounts for volumes, affinity, nodeSelector, rename several values such as disruptionBudget
to podDisruptionBudget
(more commonly used), allow the config
to be stored in an already existing ConfigMap
or Secret
, refactor the liveness and readiness probes, etc.
It took me a lot longer to figure out all of the custom ways that this helm chart worked rather than using the kubernetes native values, as well as coming from other helm charts that follow this format. This also makes the chart a lot more flexible as it doesn't depend upon as much custom logic which needs to support wider use cases.
On top of which, it solves the discrepancy between values such as resources
and volumes
, the former using the kubernetes native values, and the latter using a custom solution.
from vault-helm.
Hi @nesl247!
We're always interested in making this easier to use. I'm trying to understand where we're falling short here. Can you provide me an example of the UX you'd prefer or point to code that could be changed?
Thanks!
from vault-helm.
Appreciate the tip, I think this is a good improvement and makes sense to add. Keeping this open to track the work!
from vault-helm.
@nesl247 What all do you have in mind? Just changing multiline strings to yaml maps, or something more?
You mentioned Pulumi in another issue, is that the motivation for the changes? Can you elaborate on the issues you’re encountering?
from vault-helm.
Hi @nesl247, I'd say we’re interested in supporting both YAML and YAML-formatted strings for chart values, as done in #272. For the other changes you mentioned I’d suggest separate PRs for each one to make it easier to review.
from vault-helm.
I will do so when I have some time if someone doesn't beat me to it.
Thanks.
from vault-helm.
Related Issues (20)
- Latest vault helm chart (0.27.0) does not work with GCPCKMS
- Add a way to create Secrets in the values.yaml
- allow to pin IPs of vault services HOT 3
- json formatted server config converts to a freak vault-config k8s secret which is both hcl and json HOT 1
- Chart prevents synchronisation with ArgoCD when using custom sync label HOT 3
- Add support to external Vault running with tls HOT 2
- Configuring vault ha with raft and ingress HOT 1
- [Feature] Allow the vault sidecar injector to be configured to point to the vault-active service
- storage.raft.fsm: failed to store data: error="input/output error"
- Access denied to helm.releases.hashicorp.com HOT 2
- Test.dockerfile throwing an error while building. HOT 1
- Agent Injector on EKS is not working. HOT 4
- Prometheus metrics disappear in HA setup when all Vault pods are sealed
- Please release a new version of helm chart with the current vault versions HOT 4
- Ability to have top level label on StatefullSet
- Cannot use HOSTNAME env var in VAULT_API_ADDR env var
- helm value server.logLevel does not set the log level but just logs all entries using this value
- Sidecar agent in CSI can't estabish a TLS connection with an external vault using a custom CA
- Deploying vault on OCI gives seal type Shamir not OCIKMS HOT 1
- Tests Assert that HA Should not be able to set the dataStorage StorageClass
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vault-helm.