From a3d1ac9081d53315f6013368b00b50b27ea3cb4b Mon Sep 17 00:00:00 2001
From: Song Song Li <ssli@redhat.com>
Date: Mon, 11 Mar 2024 22:29:48 +0800
Subject: [PATCH] update vault helm

Signed-off-by: Song Song Li <ssli@redhat.com>
---
 clusters/private-cloud/vault/README.md  | 7 +++++++
 clusters/private-cloud/vault/vault.yaml | 7 -------
 doc/plan.md                             | 4 ++--
 test/deployment-test.sh                 | 4 ++++
 4 files changed, 13 insertions(+), 9 deletions(-)
 create mode 100644 clusters/private-cloud/vault/README.md

diff --git a/clusters/private-cloud/vault/README.md b/clusters/private-cloud/vault/README.md
new file mode 100644
index 0000000..a74db42
--- /dev/null
+++ b/clusters/private-cloud/vault/README.md
@@ -0,0 +1,7 @@
+```
+kubectl port-forward svc/vault 8200:8200
+
+export VAULT_ADDR='http://127.0.0.1:8200'
+vault operator init
+vault operator unseal
+```
diff --git a/clusters/private-cloud/vault/vault.yaml b/clusters/private-cloud/vault/vault.yaml
index 6e9edfb..aa17067 100644
--- a/clusters/private-cloud/vault/vault.yaml
+++ b/clusters/private-cloud/vault/vault.yaml
@@ -22,10 +22,3 @@ spec:
         name: hashicorp
         namespace: flux-system
   # https://github.com/hashicorp/vault-helm/blob/main/values.yaml
-  values:
-    server:
-      enabled: false
-    injector:
-      enabled: false
-    csi:
-      enabled: true
diff --git a/doc/plan.md b/doc/plan.md
index 1753be5..2add74b 100644
--- a/doc/plan.md
+++ b/doc/plan.md
@@ -26,8 +26,8 @@
 - [ ] add redis
 - [x] add vault
 - [ ] use vault for k8s secret: https://www.hashicorp.com/blog/manage-kubernetes-secrets-for-flux-with-hashicorp-vault
-- [x] add test for vault
-- [ ] add test for external-secrets
+- [ ] add test for vault
+- [x] add test for external-secrets
 - [ ] use vault in ansible
 - [x] add external-secrets: https://github.com/external-secrets/external-secrets
 - [ ] use external-secrets with vault
diff --git a/test/deployment-test.sh b/test/deployment-test.sh
index 1649ae8..9a6dfd2 100755
--- a/test/deployment-test.sh
+++ b/test/deployment-test.sh
@@ -85,6 +85,10 @@ kubectl wait --timeout 300s --for=condition=available -n minio \
     || exit 1
 
 flux reconcile helmrelease vault
+kubectl wait --timeout 300s --for=condition=available -n vault \
+    deployment/vault-agent-injector \
+    || exit 1
+
 kubectl get daemonsets vault-csi-provider -n vault -o jsonpath='{.status.numberReady}' \
     | grep 2 \
     || exit 1