Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

config no longer templates properly #1072

Open
camaeel opened this issue Nov 8, 2024 · 1 comment
Open

config no longer templates properly #1072

camaeel opened this issue Nov 8, 2024 · 1 comment
Labels
bug Something isn't working reproduced This issue has been reproduced by a Vault engineer vault-server Area: operation and usage of vault server in k8s

Comments

@camaeel
Copy link

camaeel commented Nov 8, 2024

Describe the bug

After switching from helm chart 0.28.1 to 0.29.0 templating in server-config-configmap.yaml stopped working.

To Reproduce
Steps to reproduce the behavior:

  1. Run: helm template -n vault -f values.yaml vault hashicorp/vault -s templates/server-config-configmap.yaml --version 0.29.0
  2. Run helm template -n vault -f values.yaml vault hashicorp/vault -s templates/server-config-configmap.yaml --version 0.28.1

Expected behavior
Configmap contents shouldn't change

Environment

  • Kubernetes version:
    • Distribution or cloud vendor (OpenShift, EKS, GKE, AKS, etc.): Talos 1.8.2
    • Other configuration options or runtime services (istio, etc.): N/A
  • vault-helm version: 0.29.0

Chart values:

global:
  tlsDisable: false
injector:
  enabled: false

server:
  ha:
    enabled: true
    replicas: 3
    raft:
      enabled: true
      setNodeId: true
      config: |
        ui = true
        listener "tcp" {
          tls_disable = 0
          address = "[::]:8200"
          cluster_address = "[::]:8201"
          tls_cert_file = "/vault/userconfig/vault-server-tls/tls.crt"
          tls_key_file  = "/vault/userconfig/vault-server-tls/tls.key"
          tls_client_ca_file = "/vault/userconfig/vault-server-tls/ca.crt"
        
          # Enable unauthenticated metrics access (necessary for Prometheus Operator)
          telemetry {
            unauthenticated_metrics_access = true
          }
        }
        storage "raft" {
          path = "/vault/data"
        
          # configure auto join for all replicas
          {{- range until 3 }}
          retry_join {
            leader_api_addr = "https://vault-{{ . }}.vault-internal:8200"
            leader_ca_cert_file = "/vault/userconfig/vault-server-tls/ca.crt"
            leader_client_cert_file = "/vault/userconfig/vault-server-tls/tls.crt"
            leader_client_key_file = "/vault/userconfig/vault-server-tls/tls.key"
          }
          {{- end }}
        }
        telemetry {
          prometheus_retention_time = "1h"
          disable_hostname = true
        }
        disable_mlock = true
        
        service_registration "kubernetes" {}

Additional context
Add any other context about the problem here.
@camaeel camaeel added the bug Something isn't working label Nov 8, 2024
@tvoran tvoran added vault-server Area: operation and usage of vault server in k8s reproduced This issue has been reproduced by a Vault engineer labels Nov 12, 2024
@tvoran
Copy link
Member

tvoran commented Nov 12, 2024

Whoops, sorry about that! Looks like we forgot to preserve the tpl behavior. I'll get a fix up shortly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working reproduced This issue has been reproduced by a Vault engineer vault-server Area: operation and usage of vault server in k8s
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tvoran @camaeel