DATAGO-59401: Upgrading vault to 1.11 #933
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Add objectSelector to webhookconfiguration (hashicorp#456) * changelog++ * Add CSI secrets store provider (hashicorp#461) * updating acceptance tests to k8s 1.17 on gke (hashicorp#473) * changelog++ * Target vault-csi-provider release 0.1.0 (hashicorp#475) * Update to 0.10.0 (hashicorp#477) * Update to v0.10.0 * Fix typo * Add csi link in changelog * Add volumes and mounts support for CSI (hashicorp#479) * Remove extraVolumes from CSI, add volumes and mounts * Add better example * changelog++ * Remove extra word in readme (hashicorp#482) * fix csi helm deployment (hashicorp#486) * fix serviceaccount and clusterrole name reference (full name) * add server.enabled option, align with documentation * add unit tests * update server.enabled behaviour to explicit true and update tests * changelog++ * add hostNetwork value to injector deployment (hashicorp#471) * add hostNetwork value to injector deployment * adding unit tests * changelog++ * feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (hashicorp#460) Refs hashicorp#361 * changelog++ * Add logLevel and logFormat values for Vault (hashicorp#488) * Add logLevel and logFormat values for Vault * Add configurable tests * Update order of log levels * Update values.yaml * Update per review * Update test/unit/server-statefulset.bats Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> * Update test/unit/server-statefulset.bats Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> * changelog++ * Custom value of agent port (hashicorp#489) * configure the agent port * add unit test * remove default * remove default * Update values.yaml Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * changelog++ * Add injector agent default overrides (hashicorp#493) * Add injector agent default overrides * Update test/unit/injector-deployment.bats Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Update test/unit/injector-deployment.bats Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Update test/unit/injector-deployment.bats Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * changelog++ * [injector] Add port name in injector service (hashicorp#495) * [injector] Add port name in injector service * [injector] Hardcore port to https * changelog++ * Fix injector unit test failing (hashicorp#496) * Fix injector unit test failing * Add null check * Add default if unset for CI * Remove redundant logic (hashicorp#434) * Update to v0.11.0 (hashicorp#497) * Add container based tests documentation (hashicorp#492) * update documentation with running unit tests using container * promote bats version to 1.3.0 * Update CONTRIBUTING.md Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * Update CONTRIBUTING.md Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * Set kubeVersion and added chart-verifier tests (hashicorp#510) Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats test, and configured to run it in CI. Some verification tests that haven't been addressed yet are skipped. * changelog++ * match kubeVersion on semver pre-releases (hashicorp#512) Since clouds like GKE set their kubeVersion as a pre-release (e.g. v1.17.17-gke.6700) * Add ImagePullSecrets to CSI daemonset (hashicorp#519) * changelog++ * changelog++ * fix CONTRIBUTING.md (hashicorp#501) * updating to use new dedicated context and token (hashicorp#515) * added values json schema (hashicorp#513) Generated the schema using the helm schema-gen plugin, and added extra data types to fields that allow it, such as annotations, tolerations, enabled, etc. Enabled the "contains-value-schema" chart-verifier test. Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * changelog++ * [Issue-520] tolerations for csi-daemonset (hashicorp#521) Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * changelog++ * Add extraArgs value for CSI (hashicorp#526) * changelog++ * add schema unit tests (hashicorp#530) * Add UI targetPort option (hashicorp#437) Use custom `targetPort` for UI service. See the usecase in hashicorp#385 (comment) * changelog++ * Update to v0.12.0 (hashicorp#532) * Update to v0.12.0 * Update values.schema.json * Fix schema types * revert image repo * Adding helm test for vault server (hashicorp#531) Also adds acceptance test for 'helm test' and updates the chart-verifier version. * changelog++ * fix ui.serviceNodePort schema (hashicorp#537) UI service nodePort defaults to null, but is set as an integer * changelog++ * change maxUnavailable to integer (hashicorp#535) change maxUnavailable from `null` to `integer` to enable upgrade from 0.11.0 to 0.12.0 when using the specific variable. * Also allow null value Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * add test for server.ha.disruptionBudget.maxUnavailable Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * changelog++ * use vault-helm-test:0.2.0 (hashicorp#543) * Added webhook-certs volume mount to sidecar injector (hashicorp#545) * Removed webhook-certs volume mount from leader-elector container * Added test: injector deployment manual TLS adds volume mount * changelog++ * Adding server.enterpriseLicense (hashicorp#547) Sets up a vault-enterprise license for autoloading on vault startup. Mounts an existing secret to /vault/license and sets VAULT_LICENSE_PATH appropriately. * changelog++ * Add openshift overrides (hashicorp#549) Adds default overrides for OpenShift (values.openshift.yaml) and uses them in the chart-verifier tests. * changelog++ * Update to v0.13.0 (hashicorp#554) * Explain this fork in the README * Adding support for LoadBalancerIP field in ServiceSpec * DATAGO-13861: Adding support for logrotate * DATAGO-13861: Adding audit log rotation and shipment to datdog * Fixing minor typos and removing extra lines * DATAGO-13861: Adding support for logrotate * DATAGO-13861: Adding audit log rotation and shipment to datdog * Fixing minor typos and removing extra lines * feat(DATAGO-27002): Upgrade to 1.7.9 * chore(DATAGO-27002): Fix doc issue Co-authored-by: guru1306 <tguru.ece@gmail.com> Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Paul <paul.coignet@datadoghq.com> Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com> Co-authored-by: Paul Witt <paul_witt@discovery.com> Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com> Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com> Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com> Co-authored-by: mehmetsalgar <salgarm@gmx.de> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Iñigo Horcajo <inigohu@gmail.com> Co-authored-by: Rule88 <rule88@users.noreply.github.com> Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com> Co-authored-by: Julian Setiawan <julian.setiawan@solace.com> Co-authored-by: marcboudreau <marc.boudreau@solace.com> Co-authored-by: Hadie Laham <hadie.laham@solace.com>
* Add objectSelector to webhookconfiguration (hashicorp#456) * changelog++ * Add CSI secrets store provider (hashicorp#461) * updating acceptance tests to k8s 1.17 on gke (hashicorp#473) * changelog++ * Target vault-csi-provider release 0.1.0 (hashicorp#475) * Update to 0.10.0 (hashicorp#477) * Update to v0.10.0 * Fix typo * Add csi link in changelog * Add volumes and mounts support for CSI (hashicorp#479) * Remove extraVolumes from CSI, add volumes and mounts * Add better example * changelog++ * Remove extra word in readme (hashicorp#482) * fix csi helm deployment (hashicorp#486) * fix serviceaccount and clusterrole name reference (full name) * add server.enabled option, align with documentation * add unit tests * update server.enabled behaviour to explicit true and update tests * changelog++ * add hostNetwork value to injector deployment (hashicorp#471) * add hostNetwork value to injector deployment * adding unit tests * changelog++ * feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (hashicorp#460) Refs hashicorp#361 * changelog++ * Add logLevel and logFormat values for Vault (hashicorp#488) * Add logLevel and logFormat values for Vault * Add configurable tests * Update order of log levels * Update values.yaml * Update per review * Update test/unit/server-statefulset.bats Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> * Update test/unit/server-statefulset.bats Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> * changelog++ * Custom value of agent port (hashicorp#489) * configure the agent port * add unit test * remove default * remove default * Update values.yaml Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * changelog++ * Add injector agent default overrides (hashicorp#493) * Add injector agent default overrides * Update test/unit/injector-deployment.bats Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Update test/unit/injector-deployment.bats Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Update test/unit/injector-deployment.bats Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * changelog++ * [injector] Add port name in injector service (hashicorp#495) * [injector] Add port name in injector service * [injector] Hardcore port to https * changelog++ * Fix injector unit test failing (hashicorp#496) * Fix injector unit test failing * Add null check * Add default if unset for CI * Remove redundant logic (hashicorp#434) * Update to v0.11.0 (hashicorp#497) * Add container based tests documentation (hashicorp#492) * update documentation with running unit tests using container * promote bats version to 1.3.0 * Update CONTRIBUTING.md Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * Update CONTRIBUTING.md Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * Set kubeVersion and added chart-verifier tests (hashicorp#510) Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats test, and configured to run it in CI. Some verification tests that haven't been addressed yet are skipped. * changelog++ * match kubeVersion on semver pre-releases (hashicorp#512) Since clouds like GKE set their kubeVersion as a pre-release (e.g. v1.17.17-gke.6700) * Add ImagePullSecrets to CSI daemonset (hashicorp#519) * changelog++ * changelog++ * fix CONTRIBUTING.md (hashicorp#501) * updating to use new dedicated context and token (hashicorp#515) * added values json schema (hashicorp#513) Generated the schema using the helm schema-gen plugin, and added extra data types to fields that allow it, such as annotations, tolerations, enabled, etc. Enabled the "contains-value-schema" chart-verifier test. Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * changelog++ * [Issue-520] tolerations for csi-daemonset (hashicorp#521) Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * changelog++ * Add extraArgs value for CSI (hashicorp#526) * changelog++ * add schema unit tests (hashicorp#530) * Add UI targetPort option (hashicorp#437) Use custom `targetPort` for UI service. See the usecase in hashicorp#385 (comment) * changelog++ * Update to v0.12.0 (hashicorp#532) * Update to v0.12.0 * Update values.schema.json * Fix schema types * revert image repo * Adding helm test for vault server (hashicorp#531) Also adds acceptance test for 'helm test' and updates the chart-verifier version. * changelog++ * fix ui.serviceNodePort schema (hashicorp#537) UI service nodePort defaults to null, but is set as an integer * changelog++ * change maxUnavailable to integer (hashicorp#535) change maxUnavailable from `null` to `integer` to enable upgrade from 0.11.0 to 0.12.0 when using the specific variable. * Also allow null value Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * add test for server.ha.disruptionBudget.maxUnavailable Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * changelog++ * use vault-helm-test:0.2.0 (hashicorp#543) * Added webhook-certs volume mount to sidecar injector (hashicorp#545) * Removed webhook-certs volume mount from leader-elector container * Added test: injector deployment manual TLS adds volume mount * changelog++ * Adding server.enterpriseLicense (hashicorp#547) Sets up a vault-enterprise license for autoloading on vault startup. Mounts an existing secret to /vault/license and sets VAULT_LICENSE_PATH appropriately. * changelog++ * Add openshift overrides (hashicorp#549) Adds default overrides for OpenShift (values.openshift.yaml) and uses them in the chart-verifier tests. * changelog++ * Update to v0.13.0 (hashicorp#554) * Explain this fork in the README * Adding support for LoadBalancerIP field in ServiceSpec * DATAGO-13861: Adding support for logrotate * DATAGO-13861: Adding audit log rotation and shipment to datdog * Fixing minor typos and removing extra lines * DATAGO-13861: Adding support for logrotate * DATAGO-13861: Adding audit log rotation and shipment to datdog * Fixing minor typos and removing extra lines * feat(DATAGO-27002): Upgrade to 1.7.9 * chore(DATAGO-27002): Fix doc issue Co-authored-by: guru1306 <tguru.ece@gmail.com> Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Paul <paul.coignet@datadoghq.com> Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com> Co-authored-by: Paul Witt <paul_witt@discovery.com> Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com> Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com> Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com> Co-authored-by: mehmetsalgar <salgarm@gmx.de> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Iñigo Horcajo <inigohu@gmail.com> Co-authored-by: Rule88 <rule88@users.noreply.github.com> Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com> Co-authored-by: Julian Setiawan <julian.setiawan@solace.com> Co-authored-by: marcboudreau <marc.boudreau@solace.com> Co-authored-by: Hadie Laham <hadie.laham@solace.com>
* add staticSecretRenderInterval to injector (hashicorp#621) * make staticSecretRenderInterval default to empty string * update values schema to add staticSecretRenderInterval * add test for default value * adding changelog entry Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Update jira action (hashicorp#644) * No longer check for Vault team membership * Tweak jira states and search parameters * remove support for the leader-elector container (hashicorp#649) * vault-helm 0.18.0 release (hashicorp#650) * Run CI tests in github workflows (hashicorp#657) Ports the bats unit, chart-verifier, and bats acceptance tests to use github workflows and actions. The acceptance tests run using kind, and run for multiple k8s versions, on pushes to the main branch. Adds a SKIP_CSI env check in the CSI acceptance test, set in the workflow if K8s version is less than 1.16. Adds kubeAdmConfigPatches to the kind config to allow testing the CSI provider on K8s versions prior to 1.21. Updates the Secrets Store CSI driver to 1.0.0 in tests. Makes the HA Vault tests more robust by waiting for all consul client pods to be Ready, and waits with a timeout for Vault to start responding as sealed (since the tests on GitHub runners were often failing at that point). Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> * Configurable PodDisruptionBudget for Injector (hashicorp#653) * Fix spelling error in server disruptionbudget test (hashicorp#654) * Make terminationGracePeriodSeconds configurable (hashicorp#659) Make terminationGracePeriodSeconds configurable for server pod * injector: ability to set deployment update strategy (continued) (hashicorp#661) Co-authored-by: Jason Hancock <jhancock@netskope.com> * csi: ability to set priorityClassName for csi daemonset pods (hashicorp#670) * Fixed a small typo (hashicorp#672) * Disable unit and acceptance tests in CircleCI (hashicorp#675) * update CONTRIBUTING.md (hashicorp#677) Link to the discuss forum instead of the old google group and irc channel. Add info about the CLA. * add namespace support for openshift route (hashicorp#679) * Add volumes and env vars to helm hook test pod (hashicorp#673) * Fix test typo * Add basic server-test Pod tests - This covers all existing functionality that matches what's present in server-statefulset.bats * Fix server-test helm hook Pod rendering - Properly adhere to the global.enabled flag and the presence of the injector.externalVaultAddr setting, the same way that the servers StatefulSet behaves * Add volumes and env vars to helm hook test pod - Uses the same extraEnvironmentVars, volumes and volumeMounts set on the server statefulset to configure the Vault server test pod used by the helm test hook - This is necessary in situations where TLS is configured, but the certificates are not affiliated with the k8s CA / part of k8s PKI - Fixes hashicorpGH-665 * allow injection of TLS config for OpenShift routes (hashicorp#686) * Add some tests on top of hashicorp#396 * convert server-route.yaml to unix newlines * changelog Co-authored-by: André Becker <andre@arestless.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Release 0.19.0 (hashicorp#687) * Explain this fork in the README * Adding support for LoadBalancerIP field in ServiceSpec * DATAGO-13861: Adding support for logrotate * DATAGO-13861: Adding audit log rotation and shipment to datdog * Fixing minor typos and removing extra lines * Update to 0.4.0 * Explain this fork in the README * Adding support for LoadBalancerIP field in ServiceSpec * DATAGO-13861: Adding support for logrotate * DATAGO-13861: Adding audit log rotation and shipment to datdog * Fixing minor typos and removing extra lines * feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12) * Add objectSelector to webhookconfiguration (hashicorp#456) * changelog++ * Add CSI secrets store provider (hashicorp#461) * updating acceptance tests to k8s 1.17 on gke (hashicorp#473) * changelog++ * Target vault-csi-provider release 0.1.0 (hashicorp#475) * Update to 0.10.0 (hashicorp#477) * Update to v0.10.0 * Fix typo * Add csi link in changelog * Add volumes and mounts support for CSI (hashicorp#479) * Remove extraVolumes from CSI, add volumes and mounts * Add better example * changelog++ * Remove extra word in readme (hashicorp#482) * fix csi helm deployment (hashicorp#486) * fix serviceaccount and clusterrole name reference (full name) * add server.enabled option, align with documentation * add unit tests * update server.enabled behaviour to explicit true and update tests * changelog++ * add hostNetwork value to injector deployment (hashicorp#471) * add hostNetwork value to injector deployment * adding unit tests * changelog++ * feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (hashicorp#460) Refs hashicorp#361 * changelog++ * Add logLevel and logFormat values for Vault (hashicorp#488) * Add logLevel and logFormat values for Vault * Add configurable tests * Update order of log levels * Update values.yaml * Update per review * Update test/unit/server-statefulset.bats Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> * Update test/unit/server-statefulset.bats Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> * changelog++ * Custom value of agent port (hashicorp#489) * configure the agent port * add unit test * remove default * remove default * Update values.yaml Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * changelog++ * Add injector agent default overrides (hashicorp#493) * Add injector agent default overrides * Update test/unit/injector-deployment.bats Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Update test/unit/injector-deployment.bats Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Update test/unit/injector-deployment.bats Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * changelog++ * [injector] Add port name in injector service (hashicorp#495) * [injector] Add port name in injector service * [injector] Hardcore port to https * changelog++ * Fix injector unit test failing (hashicorp#496) * Fix injector unit test failing * Add null check * Add default if unset for CI * Remove redundant logic (hashicorp#434) * Update to v0.11.0 (hashicorp#497) * Add container based tests documentation (hashicorp#492) * update documentation with running unit tests using container * promote bats version to 1.3.0 * Update CONTRIBUTING.md Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * Update CONTRIBUTING.md Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * Set kubeVersion and added chart-verifier tests (hashicorp#510) Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats test, and configured to run it in CI. Some verification tests that haven't been addressed yet are skipped. * changelog++ * match kubeVersion on semver pre-releases (hashicorp#512) Since clouds like GKE set their kubeVersion as a pre-release (e.g. v1.17.17-gke.6700) * Add ImagePullSecrets to CSI daemonset (hashicorp#519) * changelog++ * changelog++ * fix CONTRIBUTING.md (hashicorp#501) * updating to use new dedicated context and token (hashicorp#515) * added values json schema (hashicorp#513) Generated the schema using the helm schema-gen plugin, and added extra data types to fields that allow it, such as annotations, tolerations, enabled, etc. Enabled the "contains-value-schema" chart-verifier test. Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * changelog++ * [Issue-520] tolerations for csi-daemonset (hashicorp#521) Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * changelog++ * Add extraArgs value for CSI (hashicorp#526) * changelog++ * add schema unit tests (hashicorp#530) * Add UI targetPort option (hashicorp#437) Use custom `targetPort` for UI service. See the usecase in hashicorp#385 (comment) * changelog++ * Update to v0.12.0 (hashicorp#532) * Update to v0.12.0 * Update values.schema.json * Fix schema types * revert image repo * Adding helm test for vault server (hashicorp#531) Also adds acceptance test for 'helm test' and updates the chart-verifier version. * changelog++ * fix ui.serviceNodePort schema (hashicorp#537) UI service nodePort defaults to null, but is set as an integer * changelog++ * change maxUnavailable to integer (hashicorp#535) change maxUnavailable from `null` to `integer` to enable upgrade from 0.11.0 to 0.12.0 when using the specific variable. * Also allow null value Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * add test for server.ha.disruptionBudget.maxUnavailable Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * changelog++ * use vault-helm-test:0.2.0 (hashicorp#543) * Added webhook-certs volume mount to sidecar injector (hashicorp#545) * Removed webhook-certs volume mount from leader-elector container * Added test: injector deployment manual TLS adds volume mount * changelog++ * Adding server.enterpriseLicense (hashicorp#547) Sets up a vault-enterprise license for autoloading on vault startup. Mounts an existing secret to /vault/license and sets VAULT_LICENSE_PATH appropriately. * changelog++ * Add openshift overrides (hashicorp#549) Adds default overrides for OpenShift (values.openshift.yaml) and uses them in the chart-verifier tests. * changelog++ * Update to v0.13.0 (hashicorp#554) * Explain this fork in the README * Adding support for LoadBalancerIP field in ServiceSpec * DATAGO-13861: Adding support for logrotate * DATAGO-13861: Adding audit log rotation and shipment to datdog * Fixing minor typos and removing extra lines * DATAGO-13861: Adding support for logrotate * DATAGO-13861: Adding audit log rotation and shipment to datdog * Fixing minor typos and removing extra lines * feat(DATAGO-27002): Upgrade to 1.7.9 * chore(DATAGO-27002): Fix doc issue Co-authored-by: guru1306 <tguru.ece@gmail.com> Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Paul <paul.coignet@datadoghq.com> Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com> Co-authored-by: Paul Witt <paul_witt@discovery.com> Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com> Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com> Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com> Co-authored-by: mehmetsalgar <salgarm@gmx.de> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Iñigo Horcajo <inigohu@gmail.com> Co-authored-by: Rule88 <rule88@users.noreply.github.com> Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com> Co-authored-by: Julian Setiawan <julian.setiawan@solace.com> Co-authored-by: marcboudreau <marc.boudreau@solace.com> Co-authored-by: Hadie Laham <hadie.laham@solace.com> * fix: deploy_local.sh error with file * minor changes * Adding support for LoadBalancerIP field in ServiceSpec * DATAGO-13861: Adding support for logrotate * DATAGO-13861: Adding audit log rotation and shipment to datdog * Fixing minor typos and removing extra lines * DATAGO-13861: Adding support for logrotate * DATAGO-13861: Adding audit log rotation and shipment to datdog * Fixing minor typos and removing extra lines * feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12) * Add objectSelector to webhookconfiguration (hashicorp#456) * changelog++ * Add CSI secrets store provider (hashicorp#461) * updating acceptance tests to k8s 1.17 on gke (hashicorp#473) * changelog++ * Target vault-csi-provider release 0.1.0 (hashicorp#475) * Update to 0.10.0 (hashicorp#477) * Update to v0.10.0 * Fix typo * Add csi link in changelog * Add volumes and mounts support for CSI (hashicorp#479) * Remove extraVolumes from CSI, add volumes and mounts * Add better example * changelog++ * Remove extra word in readme (hashicorp#482) * fix csi helm deployment (hashicorp#486) * fix serviceaccount and clusterrole name reference (full name) * add server.enabled option, align with documentation * add unit tests * update server.enabled behaviour to explicit true and update tests * changelog++ * add hostNetwork value to injector deployment (hashicorp#471) * add hostNetwork value to injector deployment * adding unit tests * changelog++ * feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (hashicorp#460) Refs hashicorp#361 * changelog++ * Add logLevel and logFormat values for Vault (hashicorp#488) * Add logLevel and logFormat values for Vault * Add configurable tests * Update order of log levels * Update values.yaml * Update per review * Update test/unit/server-statefulset.bats Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> * Update test/unit/server-statefulset.bats Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> * changelog++ * Custom value of agent port (hashicorp#489) * configure the agent port * add unit test * remove default * remove default * Update values.yaml Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * changelog++ * Add injector agent default overrides (hashicorp#493) * Add injector agent default overrides * Update test/unit/injector-deployment.bats Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Update test/unit/injector-deployment.bats Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Update test/unit/injector-deployment.bats Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * changelog++ * [injector] Add port name in injector service (hashicorp#495) * [injector] Add port name in injector service * [injector] Hardcore port to https * changelog++ * Fix injector unit test failing (hashicorp#496) * Fix injector unit test failing * Add null check * Add default if unset for CI * Remove redundant logic (hashicorp#434) * Update to v0.11.0 (hashicorp#497) * Add container based tests documentation (hashicorp#492) * update documentation with running unit tests using container * promote bats version to 1.3.0 * Update CONTRIBUTING.md Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * Update CONTRIBUTING.md Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * Set kubeVersion and added chart-verifier tests (hashicorp#510) Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats test, and configured to run it in CI. Some verification tests that haven't been addressed yet are skipped. * changelog++ * match kubeVersion on semver pre-releases (hashicorp#512) Since clouds like GKE set their kubeVersion as a pre-release (e.g. v1.17.17-gke.6700) * Add ImagePullSecrets to CSI daemonset (hashicorp#519) * changelog++ * changelog++ * fix CONTRIBUTING.md (hashicorp#501) * updating to use new dedicated context and token (hashicorp#515) * added values json schema (hashicorp#513) Generated the schema using the helm schema-gen plugin, and added extra data types to fields that allow it, such as annotations, tolerations, enabled, etc. Enabled the "contains-value-schema" chart-verifier test. Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> * changelog++ * [Issue-520] tolerations for csi-daemonset (hashicorp#521) Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * changelog++ * Add extraArgs value for CSI (hashicorp#526) * changelog++ * add schema unit tests (hashicorp#530) * Add UI targetPort option (hashicorp#437) Use custom `targetPort` for UI service. See the usecase in hashicorp#385 (comment) * changelog++ * Update to v0.12.0 (hashicorp#532) * Update to v0.12.0 * Update values.schema.json * Fix schema types * revert image repo * Adding helm test for vault server (hashicorp#531) Also adds acceptance test for 'helm test' and updates the chart-verifier version. * changelog++ * fix ui.serviceNodePort schema (hashicorp#537) UI service nodePort defaults to null, but is set as an integer * changelog++ * change maxUnavailable to integer (hashicorp#535) change maxUnavailable from `null` to `integer` to enable upgrade from 0.11.0 to 0.12.0 when using the specific variable. * Also allow null value Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * add test for server.ha.disruptionBudget.maxUnavailable Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * changelog++ * use vault-helm-test:0.2.0 (hashicorp#543) * Added webhook-certs volume mount to sidecar injector (hashicorp#545) * Removed webhook-certs volume mount from leader-elector container * Added test: injector deployment manual TLS adds volume mount * changelog++ * Adding server.enterpriseLicense (hashicorp#547) Sets up a vault-enterprise license for autoloading on vault startup. Mounts an existing secret to /vault/license and sets VAULT_LICENSE_PATH appropriately. * changelog++ * Add openshift overrides (hashicorp#549) Adds default overrides for OpenShift (values.openshift.yaml) and uses them in the chart-verifier tests. * changelog++ * Update to v0.13.0 (hashicorp#554) * Explain this fork in the README * Adding support for LoadBalancerIP field in ServiceSpec * DATAGO-13861: Adding support for logrotate * DATAGO-13861: Adding audit log rotation and shipment to datdog * Fixing minor typos and removing extra lines * DATAGO-13861: Adding support for logrotate * DATAGO-13861: Adding audit log rotation and shipment to datdog * Fixing minor typos and removing extra lines * feat(DATAGO-27002): Upgrade to 1.7.9 * chore(DATAGO-27002): Fix doc issue Co-authored-by: guru1306 <tguru.ece@gmail.com> Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Paul <paul.coignet@datadoghq.com> Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com> Co-authored-by: Paul Witt <paul_witt@discovery.com> Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com> Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com> Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com> Co-authored-by: mehmetsalgar <salgarm@gmx.de> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Iñigo Horcajo <inigohu@gmail.com> Co-authored-by: Rule88 <rule88@users.noreply.github.com> Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com> Co-authored-by: Julian Setiawan <julian.setiawan@solace.com> Co-authored-by: marcboudreau <marc.boudreau@solace.com> Co-authored-by: Hadie Laham <hadie.laham@solace.com> * changed value to use tag 1.9.6 Co-authored-by: Kaito Ii <kaitoii1111@gmail.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> Co-authored-by: Eric Miller <eric.the.miller@icloud.com> Co-authored-by: Takumi Sue <23391543+mikutas@users.noreply.github.com> Co-authored-by: Jason Hancock <jhancock@netskope.com> Co-authored-by: Vadim Grek <vadimprog@gmail.com> Co-authored-by: nikstur <61635709+nikstur@users.noreply.github.com> Co-authored-by: Jacob Mammoliti <jmammoliti@hashicorp.com> Co-authored-by: Ethan J. Brown <Iristyle@users.noreply.github.com> Co-authored-by: Michele Baldessari <michele@acksyn.org> Co-authored-by: André Becker <andre@arestless.com> Co-authored-by: Julian Setiawan <julian.setiawan@solace.com> Co-authored-by: marcboudreau <marc.boudreau@solace.com> Co-authored-by: Hadie Laham <hadie.laham@solace.com> Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Co-authored-by: Subhrajit Nag <92374747+nagsubhrajitt@users.noreply.github.com> Co-authored-by: guru1306 <tguru.ece@gmail.com> Co-authored-by: Paul <paul.coignet@datadoghq.com> Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com> Co-authored-by: Paul Witt <paul_witt@discovery.com> Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com> Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com> Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com> Co-authored-by: mehmetsalgar <salgarm@gmx.de> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Iñigo Horcajo <inigohu@gmail.com> Co-authored-by: Rule88 <rule88@users.noreply.github.com> Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com> Co-authored-by: adhish2001 <adhish.maheswaran@solace.com>
* add staticSecretRenderInterval to injector (hashicorp#621) * make staticSecretRenderInterval default to empty string * update values schema to add staticSecretRenderInterval * add test for default value * adding changelog entry Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Update jira action (hashicorp#644) * No longer check for Vault team membership * Tweak jira states and search parameters * remove support for the leader-elector container (hashicorp#649) * vault-helm 0.18.0 release (hashicorp#650) * Run CI tests in github workflows (hashicorp#657) Ports the bats unit, chart-verifier, and bats acceptance tests to use github workflows and actions. The acceptance tests run using kind, and run for multiple k8s versions, on pushes to the main branch. Adds a SKIP_CSI env check in the CSI acceptance test, set in the workflow if K8s version is less than 1.16. Adds kubeAdmConfigPatches to the kind config to allow testing the CSI provider on K8s versions prior to 1.21. Updates the Secrets Store CSI driver to 1.0.0 in tests. Makes the HA Vault tests more robust by waiting for all consul client pods to be Ready, and waits with a timeout for Vault to start responding as sealed (since the tests on GitHub runners were often failing at that point). Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> * Configurable PodDisruptionBudget for Injector (hashicorp#653) * Fix spelling error in server disruptionbudget test (hashicorp#654) * Make terminationGracePeriodSeconds configurable (hashicorp#659) Make terminationGracePeriodSeconds configurable for server pod * injector: ability to set deployment update strategy (continued) (hashicorp#661) Co-authored-by: Jason Hancock <jhancock@netskope.com> * csi: ability to set priorityClassName for csi daemonset pods (hashicorp#670) * Fixed a small typo (hashicorp#672) * Disable unit and acceptance tests in CircleCI (hashicorp#675) * update CONTRIBUTING.md (hashicorp#677) Link to the discuss forum instead of the old google group and irc channel. Add info about the CLA. * add namespace support for openshift route (hashicorp#679) * Add volumes and env vars to helm hook test pod (hashicorp#673) * Fix test typo * Add basic server-test Pod tests - This covers all existing functionality that matches what's present in server-statefulset.bats * Fix server-test helm hook Pod rendering - Properly adhere to the global.enabled flag and the presence of the injector.externalVaultAddr setting, the same way that the servers StatefulSet behaves * Add volumes and env vars to helm hook test pod - Uses the same extraEnvironmentVars, volumes and volumeMounts set on the server statefulset to configure the Vault server test pod used by the helm test hook - This is necessary in situations where TLS is configured, but the certificates are not affiliated with the k8s CA / part of k8s PKI - Fixes hashicorpGH-665 * allow injection of TLS config for OpenShift routes (hashicorp#686) * Add some tests on top of hashicorp#396 * convert server-route.yaml to unix newlines * changelog Co-authored-by: André Becker <andre@arestless.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Release 0.19.0 (hashicorp#687) * Add extraLabels for CSI DaemonSet (hashicorp#690) * Updated hashicorp/vault-csi-provider image to v1.0.0 (hashicorp#689) * Fix unit test assertions (hashicorp#693) * vault: bump image to 1.9.3 (hashicorp#695) Signed-off-by: Lionel H <me@nullbyte.be> * changelog++ (hashicorp#699) * change helm trigger branch from master to main (hashicorp#700) * Add namespace to injector-leader-elector role, rolebinding and secret (hashicorp#683) * allow to configure publishNotReadyAddresses on server services (hashicorp#694) * Maintain pre-existing Mutating Webhook default values for Kubernetes 1.22 (hashicorp#692) * Prepare default values for MutatingWebhookConfiguration hashicorp#691 * Add values.yaml values to injector-mutating-webhook.yaml hashicorp#691 * Duplicate and deprecate top-level webhook settings and put them in a webhook object * Made the new values default with the fallback to the old values.yaml * Fix _helpers.tpl to support both old and new webhook annotations * Add new tests and deprecate old ones for injector webhook configuration * Old tests now work with old values.yaml * Add all new fields showing that they have priority over old ones * Add deprecation note to injector.failurePolicy hashicorp#691 * VAULT-571 Matching documented behavior and consul (hashicorp#703) VAULT-571 Matching documented behavior and consul Consul's helm template defaults most of the enabled to the special value `"-"`, which means to inherit from global. This is what is implied should happen in Vault as well according to the documentation for the helm chart: > [global.enabled] The master enabled/disabled configuration. If this is > true, most components will be installed by default. If this is false, > no components will be installed by default and manually opting-in is > required, such as by setting server.enabled to true. (https://www.vaultproject.io/docs/platform/k8s/helm/configuration#enabled) We also simplified the chart logic using a few template helpers. Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Update k8s versions (hashicorp#706) * tests: updating the four most recent k8s versions * bump oldest version to 1.16 * docs, Chart.yaml, and changelog for 1.14 -> 1.16 * Fix values schema to support config in YAML (hashicorp#684) * Support policy/v1 disruptionbudget beyond kube 1.21 (hashicorp#710) Issue hashicorp#667, adding updates to the disruptionbudget to support new non beta spec beyond kube 1.21 * Remove unncessary template calls (hashicorp#712) - As part of VAULT-571 / hashicorp#703 in 7109159, a new vault.serverEnabled template was added (and included in vault.mode) Various templates were updated accordingly, but those that were already calling vault.mode had an additonal call to vault.serverEnabled made which was unnecessary Remove those * Issue 629: updated to allow customization of the CLUSTER_ADDR the same… (hashicorp#709) * Issue hashicorp#629 Updates to allow customization of the CLUSTER_ADDR and unit tests to go with it * Issue-hashicorp#629 removing extra whitespace I added accidently. * Issue-hashicorp#629 fixing extra whitespace added. * Update values.yaml Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com> * Issue hashicorp#629 adding changelog Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com> * VAULT-5838 Update CSI provider to 1.1.0 (hashicorp#721) * VAULT-5838 Update CSI provider to 1.1.0 * Update test/acceptance/csi.bats Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * VUALT-5838 Restore Secrets Store CSI driver to 1.0.0 (hashicorp#722) 1.0.1+ seems to only support Kubernetes 1.19+, so we break support for 1.16 if we upgrade * Implement support for Topology Spread Constraints (hashicorp#652) * Implemented support for topology spread constraints * Update values.yaml Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com> * Update values.yaml Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com> * Add topologySpreadConstraints to values schema * Implement injector deployment topology spread UTs * also remove string from the relevant schema types * Implement injector statefulset topology spread UTs * Implement injector HA statefulset topology UTs * Allow topologySpreadConstraints to be a string Co-authored-by: Ellis Tarn <ellistarn@gmail.com> Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com> Co-authored-by: Christopher Swenson <swenson@swenson.io> * Update the changelog with changes from 614 and 652 (hashicorp#723) * Update the changelog with changes from 614 and 652 * Update CHANGELOG.md Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> * Prepare v0.20.0 release (hashicorp#727) --------- Signed-off-by: Lionel H <me@nullbyte.be> Co-authored-by: Kaito Ii <kaitoii1111@gmail.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com> Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> Co-authored-by: Eric Miller <eric.the.miller@icloud.com> Co-authored-by: Takumi Sue <23391543+mikutas@users.noreply.github.com> Co-authored-by: Jason Hancock <jhancock@netskope.com> Co-authored-by: Vadim Grek <vadimprog@gmail.com> Co-authored-by: nikstur <61635709+nikstur@users.noreply.github.com> Co-authored-by: Jacob Mammoliti <jmammoliti@hashicorp.com> Co-authored-by: Ethan J. Brown <Iristyle@users.noreply.github.com> Co-authored-by: Michele Baldessari <michele@acksyn.org> Co-authored-by: André Becker <andre@arestless.com> Co-authored-by: Michael Schuett <michaeljs1990@users.noreply.github.com> Co-authored-by: Troy Fluegge <troy@hashicorp.com> Co-authored-by: lion24 <lionel_dell24@hotmail.be> Co-authored-by: Alvin Huang <17609145+alvin-huang@users.noreply.github.com> Co-authored-by: Christian <thechristschn@users.noreply.github.com> Co-authored-by: Viacheslav Vasilyev <avoidik@gmail.com> Co-authored-by: Remco Buddelmeijer <remco.buddelmeijer@gmail.com> Co-authored-by: Christopher Swenson <swenson@swenson.io> Co-authored-by: gw0 <gw0@users.noreply.github.com> Co-authored-by: Stephen Herd <sharkannon@users.noreply.github.com> Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com> Co-authored-by: Ellis Tarn <ellistarn@gmail.com> Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes 1 out of 6 committers have signed the CLA.
Have you signed the CLA already but the status is still pending? Recheck it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.