search

hashicorp / vault-helm

Helm chart to install Vault and other associated components.
Mozilla Public License 2.0
1.07k stars 872 forks source link

Support setting `autopilot_redundancy_zone` in the Vault configuration file #1053

Open c4po opened 3 weeks ago

c4po commented 3 weeks ago

Is your feature request related to a problem? Please describe.

I'd like to request a feature to support setting the autopilot_redundancy_zone in the Vault configuration file using the Vault Helm chart.

Currently, the Vault Helm chart doesn't provide a way to set this configuration parameter, which is important for high availability setups.

Describe the solution you'd like in the _helpers.tpl we have vault.args defined like this

{{- define "vault.args" -}}
  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
          - |
            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
   {{ else if eq .mode "dev" }}
          - |
            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
  {{ end }}
{{- end -}}

we just need add a new sed command to replace {redundancy_zone} with the environment variable.

so we can have an init container to set this value or can be set with extraEnvironmentVars in values file.

Describe alternatives you've considered add a tool like envsubst to replace all the variable in the config file.

Additional context Add any other context or screenshots about the feature request here.

c4po commented 3 weeks ago

like the IP address and hostname, the REDUANCY_ZONE value also can only be determined at run time.