From fba4030d373bdfc0d71c6290d64b3e145adf8435 Mon Sep 17 00:00:00 2001
From: Kenan Erdogan <kenanerdogan@gmail.com>
Date: Tue, 8 Apr 2025 08:10:04 +0200
Subject: [PATCH 1/2] support custom exec command in server readiness probe

---
 CHANGELOG.md                      |  4 ++++
 templates/server-statefulset.yaml |  4 ++++
 test/unit/server-statefulset.bats | 20 ++++++++++++++++++++
 values.schema.json                |  6 ++++++
 values.yaml                       | 12 +++++++++---
 5 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cb9fae889..834edb3b0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 ## Unreleased
 
+Improvements:
+
+* Support custom exec command in the server readiness probe [GH-1106](https://github.com/hashicorp/vault-helm/pull/1106)
+
 ## 0.30.0 (March 27, 2025)
 
 Changes:
diff --git a/templates/server-statefulset.yaml b/templates/server-statefulset.yaml
index 7e5810c46..5be315ce4 100644
--- a/templates/server-statefulset.yaml
+++ b/templates/server-statefulset.yaml
@@ -172,7 +172,11 @@ spec:
             #   1 - error
             #   2 - sealed
             exec:
+              {{- if .Values.server.readinessProbe.execCommand }}
+              command: {{- toYaml .Values.server.readinessProbe.execCommand | nindent 14 }}
+              {{- else }}
               command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+              {{- end }}
             {{- end }}
             failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
             initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
diff --git a/test/unit/server-statefulset.bats b/test/unit/server-statefulset.bats
index 77c25678f..7a7ff5d0d 100755
--- a/test/unit/server-statefulset.bats
+++ b/test/unit/server-statefulset.bats
@@ -1253,6 +1253,26 @@ load _helpers
   [ "${actual}" = "null" ]
 }
 
+@test "server/standalone-StatefulSet: readiness execCommand configurable" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml \
+      --set 'server.readinessProbe.execCommand={/bin/sh,-c,sleep}' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].readinessProbe.exec.command[2]' | tee /dev/stderr)
+  [ "${actual}" = "sleep" ]
+}
+
+@test "server/standalone-StatefulSet: readiness httpGet path configurable" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml \
+      --set 'server.readinessProbe.path=/v1/sys/health?standbyok=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].readinessProbe.httpGet.path' | tee /dev/stderr)
+  [ "${actual}" = "/v1/sys/health?standbyok=true" ]
+}
+
 @test "server/standalone-StatefulSet: readiness failureThreshold default" {
   cd `chart_dir`
   local actual=$(helm template \
diff --git a/values.schema.json b/values.schema.json
index 34506f97f..4c03e9190 100644
--- a/values.schema.json
+++ b/values.schema.json
@@ -983,12 +983,18 @@
                         "enabled": {
                             "type": "boolean"
                         },
+                        "execCommand": {
+                            "type": "array"
+                        },
                         "failureThreshold": {
                             "type": "integer"
                         },
                         "initialDelaySeconds": {
                             "type": "integer"
                         },
+                        "path": {
+                            "type": "string"
+                        },
                         "periodSeconds": {
                             "type": "integer"
                         },
diff --git a/values.yaml b/values.yaml
index 69d4eb4f4..40c1a3ef2 100644
--- a/values.yaml
+++ b/values.yaml
@@ -512,11 +512,17 @@ server:
   # Used to define custom readinessProbe settings
   readinessProbe:
     enabled: true
-    # If you need to use a http path instead of the default exec
+    # Set this, if you want to use a httpGet (path) instead of the default exec as the readinessProbe handler.
     # path: /v1/sys/health?standbyok=true
-
-    # Port number on which readinessProbe will be checked.
+    # Port number on which readinessProbe will be checked if httpGet is used as the readinessProbe handler.
     port: 8200
+
+    # If you need to overwrite default exec command, you can set it here.
+    # execCommand:
+    # - "/bin/sh"
+    # - "-ec"
+    # - "vault status -tls-skip-verify"
+
     # When a probe fails, Kubernetes will try failureThreshold times before giving up
     failureThreshold: 2
     # Number of seconds after the container has started before probe initiates

From 35602fdcbc18fa4c3367f3f646bfd6711b813474 Mon Sep 17 00:00:00 2001
From: Kenan Erdogan <kenanerdogan@gmail.com>
Date: Tue, 8 Apr 2025 12:10:05 +0200
Subject: [PATCH 2/2] improve tests for server readiness probe

---
 test/unit/server-statefulset.bats | 39 +++++++++++++++++++++++++------
 1 file changed, 32 insertions(+), 7 deletions(-)

diff --git a/test/unit/server-statefulset.bats b/test/unit/server-statefulset.bats
index 7a7ff5d0d..c07ea6998 100755
--- a/test/unit/server-statefulset.bats
+++ b/test/unit/server-statefulset.bats
@@ -1236,11 +1236,18 @@ load _helpers
 
 @test "server/standalone-StatefulSet: readinessProbe default" {
   cd `chart_dir`
-  local actual=$(helm template \
+  local object=$(helm template \
       --show-only templates/server-statefulset.yaml \
       . | tee /dev/stderr |
-      yq -r '.spec.template.spec.containers[0].readinessProbe.exec.command[2]' | tee /dev/stderr)
+      yq -r '.spec.template.spec.containers[0].readinessProbe' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+      yq -r '.exec.command[2]' | tee /dev/stderr)
   [ "${actual}" = "vault status -tls-skip-verify" ]
+
+  local actual=$(echo $object |
+      yq -r '.httpGet' | tee /dev/stderr)
+  [ "${actual}" = "null" ]
 }
 
 @test "server/standalone-StatefulSet: readinessProbe configurable" {
@@ -1255,21 +1262,39 @@ load _helpers
 
 @test "server/standalone-StatefulSet: readiness execCommand configurable" {
   cd `chart_dir`
-  local actual=$(helm template \
+  local object=$(helm template \
       --show-only templates/server-statefulset.yaml \
       --set 'server.readinessProbe.execCommand={/bin/sh,-c,sleep}' \
       . | tee /dev/stderr |
-      yq -r '.spec.template.spec.containers[0].readinessProbe.exec.command[2]' | tee /dev/stderr)
+      yq -r '.spec.template.spec.containers[0].readinessProbe' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+      yq -r '.exec.command[2]' | tee /dev/stderr)
   [ "${actual}" = "sleep" ]
+
+  local actual=$(echo $object |
+      yq -r '.httpGet' | tee /dev/stderr)
+  [ "${actual}" = "null" ]
 }
 
-@test "server/standalone-StatefulSet: readiness httpGet path configurable" {
+@test "server/standalone-StatefulSet: readiness httpGet configurable" {
   cd `chart_dir`
-  local actual=$(helm template \
+  local object=$(helm template \
       --show-only templates/server-statefulset.yaml \
       --set 'server.readinessProbe.path=/v1/sys/health?standbyok=true' \
       . | tee /dev/stderr |
-      yq -r '.spec.template.spec.containers[0].readinessProbe.httpGet.path' | tee /dev/stderr)
+      yq -r '.spec.template.spec.containers[0].readinessProbe' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+      yq -r '.exec' | tee /dev/stderr)
+  [ "${actual}" = "null" ]
+
+  local actual=$(echo $object |
+      yq -r '.httpGet' | tee /dev/stderr)
+  [ "${actual}" != "null" ]
+
+  local actual=$(echo $object |
+      yq -r '.httpGet.path' | tee /dev/stderr)
   [ "${actual}" = "/v1/sys/health?standbyok=true" ]
 }