Skip to content

Fix: support alternative formats in extraVolumes #1104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix: support alternative formats in extraVolumes #1104

wants to merge 1 commit into from

Conversation

7d4b9
Copy link

@7d4b9 7d4b9 commented Apr 5, 2025
edited
Loading

This PR makes the 'vault.volumes' helper compatible with more robust Helm syntax. Supports both .type-based and full secret/configMap object definitions. Backward-compatible.

Pull Request Summary

This PR addresses an issue in the Helm chart rendering process where an invalid volume definition is generated when .Values.server.extraVolumes includes a secret without specifying a type. The rendered template previously resulted in malformed YAML such as:

- name: userconfig-config
  : defaultMode: 420

This change updates the vault.volumes template logic to ensure a proper type (either secret or configMap) is set before rendering, and skips or warns on unrecognized or undefined types. This improves compatibility and prevents invalid Kubernetes manifests.

✅ Context of this PR

This patch improves the Helm template for Vault to allow a more modern and explicit way of defining custom volumes via server.extraVolumes.

💡 Why this change?

The original template only supported this format:

extraVolumes:
  - name: my-vol
    type: secret
    defaultMode: 0400

However:

  • It is not intuitive (e.g., secretName is missing),
  • And it deviates from standard Helm conventions (where full secret: or configMap: blocks are used).

🔧 What this patch adds

The chart now also accepts the more explicit format below, while keeping backward compatibility with the old type-based definition:

extraVolumes:
  - name: my-vol
    secret:
      secretName: my-secret
      defaultMode: 0400

This change is fully backward-compatible.

📘 Full example

server:
  extraVolumes:
    - name: my-tls-secret
      secret:
        secretName: my-tls-secret
        defaultMode: 0400
    - name: my-config
      configMap:
        name: my-config
        defaultMode: 0644

Which produces the following Helm output:

volumes:
  - name: userconfig-my-tls-secret
    secret:
      secretName: my-tls-secret
      defaultMode: 0400
  - name: userconfig-my-config
    configMap:
      name: my-config
      defaultMode: 0644

Let me know if you'd like this also documented in the official chart README.md — I can contribute that too.

@7d4b9 7d4b9 requested a review from a team as a code owner April 5, 2025 10:00
@hashicorp-cla-app HashiCorp CLA App
Copy link

hashicorp-cla-app bot commented Apr 5, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@hashicorp-cla-app HashiCorp CLA App
Copy link

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Have you signed the CLA already but the status is still pending? Recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@7d4b9