hashicorp · rowanruseler · Aug 22, 2025 · Aug 22, 2025
@@ -177,6 +177,16 @@ Set's the replica count based on the different modes configured by user
   {{ end }}
 {{- end -}}
 
+{{/*
+Returns the minReadySeconds value for the StatefulSet.
+*/}}
+{{- define "vault.minReadySeconds" -}}
+  {{- if ne .mode "dev" -}}
+    {{ .Values.server.statefulSet.minReadySeconds }}
+  {{- end -}}
+{{- end -}}
+
+
 {{/*
 Set's up configmap mounts if this isn't a dev deployment and the user
 defined a custom configuration.  Additionally iterates over any
@@ -741,6 +751,19 @@ Sets extra vault server Service annotations
     {{- end }}
   {{- end }}
 {{- end -}}
+{{/*
+Sets extra vault server headless Service annotations
+*/}}
+{{- define "vault.service.headless.annotations" -}}
+  {{- if .Values.server.service.headless.annotations }}
+    {{- $tp := typeOf .Values.server.service.headless.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.headless.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.headless.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
 
 {{/*
 Sets PodSecurityPolicy annotations

@@ -21,6 +21,7 @@ metadata:
     vault-internal: "true"
   annotations:
 {{ template "vault.service.annotations" .}}
+{{ template "vault.service.headless.annotations" . }}
 spec:
   {{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
   {{- if .Values.server.service.ipFamilyPolicy }}

@@ -22,6 +22,7 @@ spec:
   serviceName: {{ template "vault.fullname" . }}-internal
   podManagementPolicy: Parallel
   replicas: {{ template "vault.replicas" . }}
+  minReadySeconds: {{ template "vault.minReadySeconds" . }}
   updateStrategy:
     type: {{ .Values.server.updateStrategyType }}
   {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.server.persistentVolumeClaimRetentionPolicy) }}

@@ -95,4 +95,36 @@ load _helpers
       . | tee /dev/stderr |
       yq -r '.spec.ipFamilies' | tee /dev/stderr)
   [ "${actual}" = "null" ]
+}
+
+#--------------------------------------------------------------------
+# annotations
+
+@test "server/headless-Service: default annotations" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-headless-service.yaml \
+      . | tee /dev/stderr |
+      yq '.metadata.annotations | length' | tee /dev/stderr)
+  [ "${actual}" = "0" ]
+}
+
+@test "server/headless-Service: specify headless annotations yaml" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-headless-service.yaml \
+      --set 'server.service.headless.annotations.foo=bar' \
+      . | tee /dev/stderr |
+      yq -r '.metadata.annotations.foo' | tee /dev/stderr)
+  [ "${actual}" = "bar" ]
+}
+
+@test "server/headless-Service: specify headless annotations yaml string" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-headless-service.yaml \
+      --set 'server.service.headless.annotations=foo: bar' \
+      . | tee /dev/stderr |
+      yq -r '.metadata.annotations.foo' | tee /dev/stderr)
+  [ "${actual}" = "bar" ]
 }
@@ -319,6 +319,30 @@ load _helpers
   [ "${actual}" = "1" ]
 }
 
+#--------------------------------------------------------------------
+# minReadySeconds
+
+@test "server/standalone-StatefulSet: default minReadySeconds" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.standalone.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.minReadySeconds' | tee /dev/stderr)
+  [ "${actual}" = "0" ]
+}
+
+@test "server/standalone-StatefulSet: can set minReadySeconds" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.standalone.enabled=true' \
+      --set 'server.statefulSet.minReadySeconds=10' \
+      . | tee /dev/stderr |
+      yq -r '.spec.minReadySeconds' | tee /dev/stderr)
+  [ "${actual}" = "10" ]
+}
+
 #--------------------------------------------------------------------
 # resources
 

@@ -702,6 +702,12 @@ server:
       # YAML-formatted multi-line templated string map of the annotations to apply
       # to the standby service.
       annotations: {}
+    # Configuration for the headless service (vault-internal)
+    headless:
+      # Extra annotations for the headless service. This can either be YAML or a
+      # YAML-formatted multi-line templated string map of the annotations to apply
+      # to the headless service only.
+      annotations: {}
     # If enabled, the service selectors will include `app.kubernetes.io/instance: {{ .Release.Name }}`
     # When disabled, services may select Vault pods not deployed from the chart.
     # Does not affect the headless vault-internal service with `ClusterIP: None`
@@ -1014,6 +1020,12 @@ server:
     # to the statefulSet.
     annotations: {}
 
+    # Configure minReadySeconds for the StatefulSet
+    # Minimum number of seconds for which a newly created pod should be ready
+    # without any of its container crashing, for it to be considered available.
+    # 0 means the pod will be considered available as soon as it is ready.
+    minReadySeconds: 0
+
     # Set the pod and container security contexts.
     # If not set, these will default to, and for *not* OpenShift:
     # pod: