copying a vault pr hashicorp/vault-helm#252

vault/files/vault-config.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+set +x
+while ! nslookup vault </dev/null || ! nc -w1 vault 8200 </dev/null; do
+    echo "Waiting for Vault to Come up!"
+    sleep 0.1
+done
+sleep 10
+
+echo "Vault Up, Will be initlising the it"
+
+export VAULT_ADDR=http://$VAULT_SERVICE_HOST:$VAULT_SERVICE_PORT_HTTP
+echo "vault address is: $VAULT_ADDR"
+
+echo "Initialising the vault"
+vault operator init -n 1 -t 1 > /tmp/stdout
+cat /tmp/stdout | head -n 1 | awk '{print $4}' > /tmp/key
+cat /tmp/stdout | grep -i "Root" |awk '{print $4}' > /tmp/token
+export KEY=$(cat /tmp/key)
+export VAULT_TOKEN=$(cat /tmp/token)
+
+echo "vault key is : $KEY"
+echo "vault token is : $VAULT_TOKEN"
+
+echo "Unsealing the vault"
+vault operator unseal $KEY
+vault status
+
+if [ "{{.Values.initvault.ldapauth.enabled}}" == "true" ]; then
+    echo "Enabling the LDAP auth"
+    export ldap_url="{{.Values.initvault.ldapauth.ldap_url}}"
+    export userattr="{{.Values.initvault.ldapauth.userattr}}"
+    export userdn="{{.Values.initvault.ldapauth.userdn}}"
+    export groupdn="{{.Values.initvault.ldapauth.groupdn}}"
+    export upndomain="{{.Values.initvault.ldapauth.upndomain}}"
+    vault auth enable ldap
+    vault login $VAULT_TOKEN
+    vault write auth/ldap/config \
+        url="${ldap_url}" \
+        userattr="${userattr}" \
+        userdn="${userdn}" \
+        groupdn="${groupdn}" \
+        upndomain="${upndomain}" \
+        insecure_tls=true starttls=true \
+        tls_min_version=tls10
+fi 

vault/templates/cm-job.yaml

@@ -0,0 +1,8 @@
+{{- if .Values.initvault.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: vault-config-sh
+data:
+{{ (tpl (.Files.Glob "files/vault-config.sh").AsConfig . ) | indent 4 }}
+{{- end }} 

vault/templates/job.yaml

@@ -1,46 +1,30 @@
-{{- if .Values.autoconfig.enabled}}
+{{- if .Values.initvault.enabled }}
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: {{ template "vault.fullname" . }}-config-job
-  labels:
-    app: {{ include "vault.name" . }}-config-job
-    chart: {{ .Chart.Name }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
+  name: vault-config-job
   annotations:
-    "helm.sh/hook": pre-install,pre-upgrade
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    "helm.sh/hook": "post-install"
 spec:
   template:
-    metadata:
-      labels:
-        app: {{ .Release.Name }}-config-job
-        release: {{ .Release.Name }}
-{{- if .Values.autoconfig.job.podLabels }}
-{{ toYaml .Values.autoconfig.job.podLabels | indent 8 }}
-{{- end }}
-{{- if .Values.autoconfig.job.podAnnotations }}
-      annotations:
-{{ toYaml .Values.autoconfig.job.podAnnotations | indent 8 }}
-{{- end }}
     spec:
-      restartPolicy: OnFailure
-      volumes:
-        - name: init-secrets
-          secret:
-            secretName: {{ template "vault.fullname" . }}-job-secret
       containers:
-      - name: vault-init-job
-        image: hashicorp/vault
-        command:
-          - "/bin/sh"
-          - "-c"
-        args:
-          - >
-            echo "this is a job!"
-            while true do; sleep 100; done;
+      - name: vault-config-install
+        image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+        imagePullPolicy: IfNotPresent
+        command: ["sh", "/tmp/vault-config.sh"]
         volumeMounts:
-          - name: init-secrets
-            mountPath: /secrets
-{{- end }}
+        - name: vault-config-sh
+          mountPath: /tmp/vault-config.sh
+          subPath: vault-config.sh
+      restartPolicy: OnFailure
+      terminationGracePeriodSeconds: 0
+      volumes:
+      - name: vault-config-sh
+        configMap:
+          name: vault-config-sh
+          defaultMode: 0777
+  backoffLimit: 5
+  completions: 1
+  parallelism: 1
+  {{- end }} 

vault/values.yaml

@@ -1,10 +1,30 @@
-autoconfig:
-  enabled: true
+# This will run helm post-install hook to init the vault
+initvault:
+  enabled: false
 
-  job:
-    podLabels:
+# The ldap auth related params
+  ldapauth:
+    enabled: false
+    ldap_url: "ldap://"
+    userattr: ""
+    userdn: ""
+    groupdn: ""
+    upndomain: ""
+
+# The GitHub auth related params
+  githubauth:
+    enabled: false
+    organization: ""
+
+# The Kubernetes auth related params
+  k8sauth:
+    enabled: false
+    token_reviewer_jwt: ""
+    kubernetes_host: ""
+    kubernetes_ca_cert: ""
+
+# More Auth can be added here as per reqiurement
 
-    podAnnotations:
 
 vault:
   # Available parameters and their default values for the Vault chart.