2021-03-25 14:56:59 +00:00
## Unreleased
2022-09-08 00:21:47 +00:00
2023-04-17 17:14:59 +00:00
## 0.24.1 (April 17, 2023)
Bugs:
* csi: Add RBAC required by v1.3.0 to create secret for HMAC key used to generate secret versions [GH-872 ](https://github.com/hashicorp/vault-helm/pull/872 )
2023-04-06 22:38:23 +00:00
## 0.24.0 (April 6, 2023)
2023-02-27 20:04:17 +00:00
Changes:
2023-04-03 23:44:13 +00:00
* Earliest Kubernetes version tested is now 1.22
2023-04-17 17:14:59 +00:00
* `vault` updated to 1.13.1 [GH-863 ](https://github.com/hashicorp/vault-helm/pull/863 )
* `vault-k8s` updated to 1.2.1 [GH-868 ](https://github.com/hashicorp/vault-helm/pull/868 )
* `vault-csi-provider` updated to 1.3.0 [GH-749 ](https://github.com/hashicorp/vault-helm/pull/749 )
2023-02-27 20:04:17 +00:00
2023-02-16 18:49:07 +00:00
Features:
* server: New `extraPorts` option for adding ports to the Vault server statefulset [GH-841 ](https://github.com/hashicorp/vault-helm/pull/841 )
2023-04-04 15:21:42 +00:00
* server: Add configurable Port Number in readinessProbe and livenessProbe for the server-statefulset [GH-831 ](https://github.com/hashicorp/vault-helm/pull/831 )
2023-03-16 19:03:27 +00:00
* injector: Make livenessProbe and readinessProbe configurable and add configurable startupProbe [GH-852 ](https://github.com/hashicorp/vault-helm/pull/852 )
2023-04-06 18:45:10 +00:00
* csi: Add an Agent sidecar to Vault CSI Provider pods to provide lease caching and renewals [GH-749 ](https://github.com/hashicorp/vault-helm/pull/749 )
2023-02-16 18:49:07 +00:00
2022-11-28 23:33:08 +00:00
## 0.23.0 (November 28th, 2022)
Changes:
* `vault` updated to 1.12.1 [GH-814 ](https://github.com/hashicorp/vault-helm/pull/814 )
* `vault-k8s` updated to 1.1.0 [GH-814 ](https://github.com/hashicorp/vault-helm/pull/814 )
* `vault-csi-provider` updated to 1.2.1 [GH-814 ](https://github.com/hashicorp/vault-helm/pull/814 )
2022-11-03 01:01:35 +00:00
Features:
* server: Add `extraLabels` for Vault server serviceAccount [GH-806 ](https://github.com/hashicorp/vault-helm/pull/806 )
2022-11-14 14:10:21 +00:00
* server: Add `server.service.active.enabled` and `server.service.standby.enabled` options to selectively disable additional services [GH-811 ](https://github.com/hashicorp/vault-helm/pull/811 )
* server: Add `server.serviceAccount.serviceDiscovery.enabled` option to selectively disable a Vault service discovery role and role binding [GH-811 ](https://github.com/hashicorp/vault-helm/pull/811 )
2022-11-17 19:54:18 +00:00
* server: Add `server.service.instanceSelector.enabled` option to allow selecting pods outside the helm chart deployment [GH-813 ](https://github.com/hashicorp/vault-helm/pull/813 )
2022-11-03 01:01:35 +00:00
2022-11-09 22:19:38 +00:00
Bugs:
* server: Quote `.server.ha.clusterAddr` value [GH-810 ](https://github.com/hashicorp/vault-helm/pull/810 )
2022-10-26 19:32:46 +00:00
## 0.22.1 (October 26th, 2022)
Changes:
* `vault` updated to 1.12.0 [GH-803 ](https://github.com/hashicorp/vault-helm/pull/803 )
* `vault-k8s` updated to 1.0.1 [GH-803 ](https://github.com/hashicorp/vault-helm/pull/803 )
2022-09-08 18:59:17 +00:00
## 0.22.0 (September 8th, 2022)
2022-09-01 19:07:49 +00:00
Features:
* Add PrometheusOperator support for collecting Vault server metrics. [GH-772 ](https://github.com/hashicorp/vault-helm/pull/772 )
2021-03-25 14:56:59 +00:00
2022-09-08 00:21:47 +00:00
Changes:
* `vault-k8s` to 1.0.0 [GH-784 ](https://github.com/hashicorp/vault-helm/pull/784 )
* Test against Kubernetes 1.25 [GH-784 ](https://github.com/hashicorp/vault-helm/pull/784 )
2022-09-08 18:59:17 +00:00
* `vault` updated to 1.11.3 [GH-785 ](https://github.com/hashicorp/vault-helm/pull/785 )
2022-09-08 00:21:47 +00:00
2022-08-10 21:54:49 +00:00
## 0.21.0 (August 10th, 2022)
2022-06-02 16:07:45 +00:00
CHANGES:
2022-08-10 21:54:49 +00:00
* `vault-k8s` updated to 0.17.0. [GH-771 ](https://github.com/hashicorp/vault-helm/pull/771 )
* `vault-csi-provider` updated to 1.2.0 [GH-771 ](https://github.com/hashicorp/vault-helm/pull/771 )
* `vault` updated to 1.11.2 [GH-771 ](https://github.com/hashicorp/vault-helm/pull/771 )
2022-06-07 09:16:37 +00:00
* Start testing against Kubernetes 1.24. [GH-744 ](https://github.com/hashicorp/vault-helm/pull/744 )
* Deprecated `injector.externalVaultAddr` . Added `global.externalVaultAddr` , which applies to both the Injector and the CSI Provider. [GH-745 ](https://github.com/hashicorp/vault-helm/pull/745 )
* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745 ](https://github.com/hashicorp/vault-helm/pull/745 )
2022-06-02 16:07:45 +00:00
2022-07-18 21:52:16 +00:00
Features:
2022-08-08 19:48:28 +00:00
* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext` . [GH-767 ](https://github.com/hashicorp/vault-helm/pull/767 )
* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext` . [GH-767 ](https://github.com/hashicorp/vault-helm/pull/767 )
* injector: Add `injector.securityContext` to override pod and container `securityContext` . [GH-750 ](https://github.com/hashicorp/vault-helm/pull/750 ) and [GH-767 ](https://github.com/hashicorp/vault-helm/pull/767 )
2022-08-02 18:06:31 +00:00
* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610 ](https://github.com/hashicorp/vault-helm/pull/610 )
2022-07-18 21:52:16 +00:00
* Support for setting annotations on the injector's serviceAccount [GH-753 ](https://github.com/hashicorp/vault-helm/pull/753 )
2022-05-26 16:13:32 +00:00
## 0.20.1 (May 25th, 2022)
2022-05-24 15:27:17 +00:00
CHANGES:
2022-06-07 09:16:37 +00:00
* `vault-k8s` updated to 0.16.1 [GH-739 ](https://github.com/hashicorp/vault-helm/pull/739 )
2022-05-26 16:13:32 +00:00
Improvements:
2022-05-24 16:48:01 +00:00
* Mutating webhook will no longer target the agent injector pod [GH-736 ](https://github.com/hashicorp/vault-helm/pull/736 )
2022-05-24 15:27:17 +00:00
2022-05-26 16:13:32 +00:00
Bugs:
* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737 ](https://github.com/hashicorp/vault-helm/pull/737 )
2022-05-16 16:28:31 +00:00
## 0.20.0 (May 16th, 2022)
2022-03-02 01:30:07 +00:00
CHANGES:
2022-03-21 16:50:23 +00:00
* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703 ](https://github.com/hashicorp/vault-helm/pull/703 )
* Default value of `-` used for injector and server to indicate that they follow `global.enabled` . [GH-703 ](https://github.com/hashicorp/vault-helm/pull/703 )
2022-05-16 16:28:31 +00:00
* Vault default image to 1.10.3
2022-04-27 16:22:50 +00:00
* CSI provider default image to 1.1.0
2022-05-16 16:28:31 +00:00
* Vault K8s default image to 0.16.0
2022-03-21 17:29:03 +00:00
* Earliest Kubernetes version tested is now 1.16
2022-06-01 17:25:19 +00:00
* Helm 3.6+ now required
Features:
2022-04-28 19:05:31 +00:00
* Support topologySpreadConstraints in server and injector. [GH-652 ](https://github.com/hashicorp/vault-helm/pull/652 )
2022-03-02 01:30:07 +00:00
2022-03-02 16:45:11 +00:00
Improvements:
* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690 ](https://github.com/hashicorp/vault-helm/pull/690 )
2022-03-16 22:31:59 +00:00
* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683 ](https://github.com/hashicorp/vault-helm/pull/683 )
2022-04-05 05:26:16 +00:00
* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710 ](https://github.com/hashicorp/vault-helm/pull/710 )
2022-04-14 22:16:39 +00:00
* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629 ](https://github.com/hashicorp/vault-helm/pull/709 )
2022-05-16 16:28:31 +00:00
* server: Make `publishNotReadyAddresses` configurable for services [GH-694 ](https://github.com/hashicorp/vault-helm/pull/694 )
* server: Allow config to be defined as a YAML object in the values file [GH-684 ](https://github.com/hashicorp/vault-helm/pull/684 )
2022-06-01 17:25:19 +00:00
* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692 ](https://github.com/hashicorp/vault-helm/pull/692 )
2022-03-02 16:45:11 +00:00
2022-01-20 23:54:24 +00:00
## 0.19.0 (January 20th, 2022)
CHANGES:
* Vault image default 1.9.2
* Vault K8s image default 0.14.2
2021-12-14 07:38:00 +00:00
Features:
* Added configurable podDisruptionBudget for injector [GH-653 ](https://github.com/hashicorp/vault-helm/pull/653 )
2021-12-15 02:15:11 +00:00
* Make terminationGracePeriodSeconds configurable for server [GH-659 ](https://github.com/hashicorp/vault-helm/pull/659 )
2021-12-16 19:21:36 +00:00
* Added configurable update strategy for injector [GH-661 ](https://github.com/hashicorp/vault-helm/pull/661 )
2022-01-04 22:10:56 +00:00
* csi: ability to set priorityClassName for CSI daemonset pods [GH-670 ](https://github.com/hashicorp/vault-helm/pull/670 )
2021-12-14 07:38:00 +00:00
2022-01-14 23:19:22 +00:00
Improvements:
* Set the namespace on the OpenShift Route [GH-679 ](https://github.com/hashicorp/vault-helm/pull/679 )
2022-01-20 02:55:56 +00:00
* Add volumes and env vars to helm hook test pod [GH-673 ](https://github.com/hashicorp/vault-helm/pull/673 )
2022-01-20 06:37:26 +00:00
* Make TLS configurable for OpenShift routes [GH-686 ](https://github.com/hashicorp/vault-helm/pull/686 )
2022-01-14 23:19:22 +00:00
2021-11-17 23:46:28 +00:00
## 0.18.0 (November 17th, 2021)
2021-11-17 21:06:03 +00:00
CHANGES:
* Removed support for deploying a leader-elector container with the [vault-k8s injector ](https://github.com/hashicorp/vault-k8s ) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649 ](https://github.com/hashicorp/vault-helm/pull/649 )
2021-11-17 23:46:28 +00:00
* Vault image default 1.9.0
* Vault K8s image default 0.14.1
2021-11-17 21:06:03 +00:00
2021-11-06 02:07:25 +00:00
Improvements:
2021-11-17 23:46:28 +00:00
* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621 ](https://github.com/hashicorp/vault-helm/pull/621 )
2021-11-06 02:07:25 +00:00
2021-10-25 20:58:15 +00:00
## 0.17.1 (October 25th, 2021)
Improvements:
* Add option for Ingress PathType [GH-634 ](https://github.com/hashicorp/vault-helm/pull/634 )
2021-10-21 19:12:45 +00:00
## 0.17.0 (October 21st, 2021)
2021-10-23 01:00:29 +00:00
KNOWN ISSUES:
* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
2021-10-21 19:12:45 +00:00
CHANGES:
* Vault image default 1.8.4
* Vault K8s image default 0.14.0
2021-10-11 09:28:37 +00:00
Improvements:
* Support Ingress stable networking API [GH-590 ](https://github.com/hashicorp/vault-helm/pull/590 )
2021-10-21 16:14:31 +00:00
* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626 ](https://github.com/hashicorp/vault-helm/pull/626 )
2021-10-21 16:23:45 +00:00
* Support setting ingressClassName on server Ingress [GH-630 ](https://github.com/hashicorp/vault-helm/pull/630 )
2021-10-21 16:14:31 +00:00
Bugs:
* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628 ](https://github.com/hashicorp/vault-helm/pull/628 )
2021-10-11 09:28:37 +00:00
2021-09-29 23:28:37 +00:00
## 0.16.1 (September 29th, 2021)
CHANGES:
* Vault image default 1.8.3
* Vault K8s image default 0.13.1
2021-09-16 16:39:59 +00:00
## 0.16.0 (September 16th, 2021)
2021-09-16 01:59:34 +00:00
CHANGES:
* Support for deploying a leader-elector container with the [vault-k8s injector ](https://github.com/hashicorp/vault-k8s ) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true` .
2021-09-15 18:22:02 +00:00
Improvements:
2021-09-15 18:22:35 +00:00
* Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603 ](https://github.com/hashicorp/vault-helm/pull/603 )
2021-09-16 01:59:34 +00:00
* Support vault-k8s internal leader election [GH-568 ](https://github.com/hashicorp/vault-helm/pull/568 ) [GH-607 ](https://github.com/hashicorp/vault-helm/pull/607 )
2021-09-15 18:22:02 +00:00
2021-08-23 15:51:52 +00:00
## 0.15.0 (August 23rd, 2021)
2021-08-12 00:03:26 +00:00
Improvements:
* Add imagePullSecrets on server test [GH-572 ](https://github.com/hashicorp/vault-helm/pull/572 )
2021-08-16 20:50:47 +00:00
* Add injector.webhookAnnotations chart option [GH-584 ](https://github.com/hashicorp/vault-helm/pull/584 )
2021-08-12 00:03:26 +00:00
2021-07-28 21:44:28 +00:00
## 0.14.0 (July 28th, 2021)
2021-07-07 23:32:02 +00:00
Features:
2021-11-17 23:46:28 +00:00
* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560 ](https://github.com/hashicorp/vault-helm/pull/560 )
2021-07-07 23:32:02 +00:00
Improvements:
* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565 ](https://github.com/hashicorp/vault-helm/pull/565 )
2021-07-12 21:33:03 +00:00
* Set the default vault image to come from the hashicorp organization [GH-567 ](https://github.com/hashicorp/vault-helm/pull/567 )
* Add support for running the acceptance tests against a local `kind` cluster [GH-567 ](https://github.com/hashicorp/vault-helm/pull/567 )
2021-07-15 18:18:08 +00:00
* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570 ](https://github.com/hashicorp/vault-helm/pull/570 )
* Add `server.route.activeService` to configure if the route should use the active service [GH-570 ](https://github.com/hashicorp/vault-helm/pull/570 )
2021-07-23 17:00:50 +00:00
* Support configuring `global.imagePullSecrets` from a string array [GH-576 ](https://github.com/hashicorp/vault-helm/pull/576 )
2021-07-15 18:18:08 +00:00
2021-07-07 23:32:02 +00:00
2021-06-17 17:52:21 +00:00
## 0.13.0 (June 17th, 2021)
2021-05-28 00:11:17 +00:00
Improvements:
* Added a helm test for vault server [GH-531 ](https://github.com/hashicorp/vault-helm/pull/531 )
2021-06-11 20:31:41 +00:00
* Added server.enterpriseLicense option [GH-547 ](https://github.com/hashicorp/vault-helm/pull/547 )
2021-06-16 20:57:16 +00:00
* Added OpenShift overrides [GH-549 ](https://github.com/hashicorp/vault-helm/pull/549 )
2021-05-28 00:11:17 +00:00
2021-06-01 17:42:21 +00:00
Bugs:
* Fix ui.serviceNodePort schema [GH-537 ](https://github.com/hashicorp/vault-helm/pull/537 )
2021-06-01 17:52:44 +00:00
* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535 ](https://github.com/hashicorp/vault-helm/pull/535 )
2021-06-10 22:34:49 +00:00
* Added webhook-certs volume mount to sidecar injector [GH-545 ](https://github.com/hashicorp/vault-helm/pull/545 )
2021-06-01 17:42:21 +00:00
2021-05-25 17:46:48 +00:00
## 0.12.0 (May 25th, 2021)
2021-05-21 11:50:44 +00:00
Features:
* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526 ](https://github.com/hashicorp/vault-helm/pull/526 )
2021-05-10 23:58:25 +00:00
Improvements:
* Set chart kubeVersion and added chart-verifier tests [GH-510 ](https://github.com/hashicorp/vault-helm/pull/510 )
2021-05-14 17:49:37 +00:00
* Added values json schema [GH-513 ](https://github.com/hashicorp/vault-helm/pull/513 )
2021-05-18 00:16:34 +00:00
* Ability to set tolerations for CSI daemonset pods [GH-521 ](https://github.com/hashicorp/vault-helm/pull/521 )
2021-05-25 14:21:01 +00:00
* UI target port is now configurable [GH-437 ](https://github.com/hashicorp/vault-helm/pull/437 )
2021-05-10 23:58:25 +00:00
2021-05-12 11:11:15 +00:00
Bugs:
2021-05-12 11:11:42 +00:00
* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519 ](https://github.com/hashicorp/vault-helm/pull/519 )
2021-05-12 11:11:15 +00:00
2021-04-14 14:26:33 +00:00
## 0.11.0 (April 14th, 2021)
2021-04-07 13:24:00 +00:00
Features:
2021-04-08 14:05:47 +00:00
* Added `server.enabled` to explicitly skip installing a Vault server [GH-486 ](https://github.com/hashicorp/vault-helm/pull/486 )
* Injector now supports enabling host network [GH-471 ](https://github.com/hashicorp/vault-helm/pull/471 )
2021-04-12 21:00:51 +00:00
* Injector port is now configurable [GH-489 ](https://github.com/hashicorp/vault-helm/pull/489 )
2021-04-12 21:02:16 +00:00
* Injector Vault Agent resource defaults are now configurable [GH-493 ](https://github.com/hashicorp/vault-helm/pull/493 )
2021-04-08 14:10:01 +00:00
* Extra paths can now be added to the Vault ingress service [GH-460 ](https://github.com/hashicorp/vault-helm/pull/460 )
2021-04-08 15:21:25 +00:00
* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488 ](https://github.com/hashicorp/vault-helm/pull/488 )
2021-04-13 15:21:08 +00:00
Improvements:
* Added `https` name to injector service port [GH-495 ](https://github.com/hashicorp/vault-helm/pull/495 )
2021-04-07 13:24:00 +00:00
Bugs:
* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486 ](https://github.com/hashicorp/vault-helm/pull/486 )
2021-03-25 14:19:31 +00:00
## 0.10.0 (March 25th, 2021)
2019-11-21 19:21:23 +00:00
2021-03-24 14:03:21 +00:00
Features:
2021-03-25 14:19:31 +00:00
* Add support for [Vault CSI provider ](https://github.com/hashicorp/vault-csi-provider ) [GH-461 ](https://github.com/hashicorp/vault-helm/pull/461 )
2021-03-24 14:03:21 +00:00
2021-02-20 04:03:15 +00:00
Improvements:
* `objectSelector` can now be set on the mutating admission webhook [GH-456 ](https://github.com/hashicorp/vault-helm/pull/456 )
2021-02-02 19:06:40 +00:00
## 0.9.1 (February 2nd, 2021)
2021-01-09 02:00:00 +00:00
Bugs:
2021-01-12 01:53:07 +00:00
* Injector: fix labels for default anti-affinity rule [GH-441 ](https://github.com/hashicorp/vault-helm/pull/441 ), [GH-442 ](https://github.com/hashicorp/vault-helm/pull/442 )
2021-01-21 17:41:44 +00:00
* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446 ](https://github.com/hashicorp/vault-helm/pull/446 )
2021-01-09 02:00:00 +00:00
2021-01-05 18:52:56 +00:00
## 0.9.0 (January 5th, 2021)
2021-01-05 18:08:48 +00:00
Features:
* Injector now supports configurable number of replicas [GH-436 ](https://github.com/hashicorp/vault-helm/pull/436 )
* Injector now supports auto TLS for multiple replicas using leader elections [GH-436 ](https://github.com/hashicorp/vault-helm/pull/436 )
2020-11-30 21:32:06 +00:00
Improvements:
* Dev mode now supports `server.extraArgs` [GH-421 ](https://github.com/hashicorp/vault-helm/pull/421 )
2020-12-07 15:10:44 +00:00
* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415 ](https://github.com/hashicorp/vault-helm/pull/415 )
2020-12-07 15:08:56 +00:00
* ClusterRoleBinding updated to `v1` [GH-395 ](https://github.com/hashicorp/vault-helm/pull/395 )
2020-12-07 15:20:18 +00:00
* MutatingWebhook updated to `v1` [GH-408 ](https://github.com/hashicorp/vault-helm/pull/408 )
2020-12-07 16:29:17 +00:00
* Injector service now supports `injector.service.annotations` [425 ](https://github.com/hashicorp/vault-helm/pull/425 )
* Injector now supports `injector.extraLabels` [428 ](https://github.com/hashicorp/vault-helm/pull/428 )
2020-12-14 19:15:30 +00:00
* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429 ](https://github.com/hashicorp/vault-helm/pull/429 )
2020-12-16 17:32:51 +00:00
* Network Policy now supports `server.networkPolicy.egress` [389 ](https://github.com/hashicorp/vault-helm/pull/389 )
2020-11-30 21:32:06 +00:00
2020-10-20 17:58:41 +00:00
## 0.8.0 (October 20th, 2020)
2020-09-16 06:47:01 +00:00
Improvements:
* Make server NetworkPolicy independent of OpenShift [GH-381 ](https://github.com/hashicorp/vault-helm/pull/381 )
2020-09-24 16:41:51 +00:00
* Added configurables for all probe values [GH-387 ](https://github.com/hashicorp/vault-helm/pull/387 )
2020-10-01 13:34:25 +00:00
* MountPath for audit and data storage is now configurable [GH-393 ](https://github.com/hashicorp/vault-helm/pull/393 )
2020-10-01 15:07:48 +00:00
* Annotations can now be added to the Injector pods [GH-394 ](https://github.com/hashicorp/vault-helm/pull/394 )
2020-10-13 13:22:17 +00:00
* The injector can now be configured with a failurePolicy [GH-400 ](https://github.com/hashicorp/vault-helm/pull/400 )
2020-10-16 14:48:41 +00:00
* Added additional environment variables for rendering within Vault config [GH-398 ](https://github.com/hashicorp/vault-helm/pull/398 )
2020-10-20 13:35:49 +00:00
* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392 ](https://github.com/hashicorp/vault-helm/pull/392 )
2020-09-16 06:47:01 +00:00
2020-10-05 20:23:04 +00:00
Bugs:
* Fixed install output using Helm V2 command [GH-378 ](https://github.com/hashicorp/vault-helm/pull/378 )
2020-08-24 18:19:12 +00:00
## 0.7.0 (August 24th, 2020)
2020-06-03 14:03:10 +00:00
Features:
2020-07-14 14:24:53 +00:00
* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314 ](https://github.com/hashicorp/vault-helm/pull/314 ).
2020-08-20 23:05:58 +00:00
* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372 ](https://github.com/hashicorp/vault-helm/pull/372 )
2020-06-03 14:03:10 +00:00
Improvements:
2020-06-11 14:51:44 +00:00
* Added `defaultMode` configurable to `extraVolumes` [GH-321 ](https://github.com/hashicorp/vault-helm/pull/321 )
2020-06-26 06:46:05 +00:00
* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177 ](https://github.com/hashicorp/vault-helm/pull/177 )
2020-07-14 14:10:18 +00:00
* `VAULT_API_ADDR` is now configurable [GH-290 ](https://github.com/hashicorp/vault-helm/pull/290 )
2020-07-30 14:24:07 +00:00
* Removed deprecated tolerate unready endpoint annotations [GH-363 ](https://github.com/hashicorp/vault-helm/pull/363 )
2020-08-14 22:06:03 +00:00
* Add an option to set annotations on the StatefulSet [GH-199 ](https://github.com/hashicorp/vault-helm/pull/199 )
2020-08-19 02:16:30 +00:00
* Make the vault server serviceAccount name a configuration option [GH-367 ](https://github.com/hashicorp/vault-helm/pull/367 )
2020-08-20 17:46:18 +00:00
* Removed annotation striction from `dev` mode [GH-371 ](https://github.com/hashicorp/vault-helm/pull/371 )
2020-08-20 18:03:26 +00:00
* Add an option to set annotations on PVCs [GH-364 ](https://github.com/hashicorp/vault-helm/pull/364 )
2020-08-20 18:40:40 +00:00
* Added service configurables for UI [GH-285 ](https://github.com/hashicorp/vault-helm/pull/285 )
2020-06-03 14:03:10 +00:00
Bugs:
2020-06-27 01:04:59 +00:00
* Fix python dependency in test image [GH-337 ](https://github.com/hashicorp/vault-helm/pull/337 )
2020-07-14 13:54:18 +00:00
* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352 ](https://github.com/hashicorp/vault-helm/pull/352 )
2020-07-30 14:06:18 +00:00
* Fix injector network policy being rendered when injector is not enabled [GH-358 ](https://github.com/hashicorp/vault-helm/pull/358 )
2020-06-03 14:03:10 +00:00
## 0.6.0 (June 3rd, 2020)
2020-04-09 16:51:35 +00:00
Features:
2020-05-08 18:36:56 +00:00
* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258 ](https://github.com/hashicorp/vault-helm/pull/258 )
2020-05-28 18:55:47 +00:00
* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315 ](https://github.com/hashicorp/vault-helm/pull/315 )
2020-06-03 02:12:02 +00:00
* Beta: Added OpenShift support [GH-319 ](https://github.com/hashicorp/vault-helm/pull/319 )
2020-04-09 16:51:35 +00:00
Improvements:
2020-04-27 14:47:28 +00:00
* Server configs can now be defined in YAML. Multi-line string configs are still compatible [GH-213 ](https://github.com/hashicorp/vault-helm/pull/213 )
2020-04-09 16:51:35 +00:00
* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198 ](https://github.com/hashicorp/vault-helm/pull/198 )]
2020-04-13 17:17:49 +00:00
* Use port names that map to vault.scheme [[GH-223 ](https://github.com/hashicorp/vault-helm/pull/223 )]
2020-04-27 15:31:25 +00:00
* Allow both yaml and multi-line string annotations [[GH-272 ](https://github.com/hashicorp/vault-helm/pull/272 )]
2020-04-27 15:39:22 +00:00
* Added configurable to set the Raft node name to hostname [[GH-269 ](https://github.com/hashicorp/vault-helm/pull/269 )]
2020-05-01 01:38:42 +00:00
* Support setting priorityClassName on pods [[GH-282 ](https://github.com/hashicorp/vault-helm/pull/282 )]
2020-06-02 14:12:13 +00:00
* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310 ](https://github.com/hashicorp/vault-helm/pull/310 )]
* Added configurable to change service type for the HA active service [GH-317 ](https://github.com/hashicorp/vault-helm/pull/317 )
2020-04-09 16:51:35 +00:00
Bugs:
* Fixed default ingress path [[GH-224 ](https://github.com/hashicorp/vault-helm/pull/224 )]
2020-04-21 15:20:41 +00:00
* Fixed annotations for HA standby/active services [[GH-268 ](https://github.com/hashicorp/vault-helm/pull/268 )]
2020-05-20 16:18:54 +00:00
* Updated some value defaults to match their use in templates [[GH-309 ](https://github.com/hashicorp/vault-helm/pull/309 )]
2020-05-28 18:54:52 +00:00
* Use active service on ingress when ha [[GH-270 ](https://github.com/hashicorp/vault-helm/pull/270 )]
2020-06-02 14:12:13 +00:00
* Fixed bug where pull secrets weren't being used for injector image [GH-298 ](https://github.com/hashicorp/vault-helm/pull/298 )
2020-04-09 16:51:35 +00:00
2020-04-09 13:51:37 +00:00
## 0.5.0 (April 9th, 2020)
2020-03-18 19:50:53 +00:00
Features:
* Added Raft support for HA mode [[GH-228 ](https://github.com/hashicorp/vault-helm/pull/229 )]
2020-04-09 13:51:37 +00:00
* Now supports Vault Enterprise [[GH-250 ](https://github.com/hashicorp/vault-helm/pull/250 )]
* Added K8s Service Registration for HA modes [[GH-250 ](https://github.com/hashicorp/vault-helm/pull/250 )]
2020-03-03 18:37:47 +00:00
* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185 ](https://github.com/hashicorp/vault-helm/pull/185 )]
2020-03-06 20:10:41 +00:00
* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219 ](https://github.com/hashicorp/vault-helm/pull/219 )]
2020-03-19 04:32:45 +00:00
* Option to set environment variables for the injector deployment [[GH-232 ](https://github.com/hashicorp/vault-helm/pull/232 )]
2020-03-20 05:45:58 +00:00
* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234 ](https://github.com/hashicorp/vault-helm/pull/234 )]
2020-03-20 15:39:56 +00:00
* Made all annotations multi-line strings [[GH-227 ](https://github.com/hashicorp/vault-helm/pull/227 )]
2020-03-03 18:37:47 +00:00
2020-02-21 19:56:30 +00:00
## 0.4.0 (February 21st, 2020)
2020-01-15 10:06:54 +00:00
Improvements:
2020-02-21 16:25:17 +00:00
* Allow process namespace sharing between Vault and sidecar containers [[GH-174 ](https://github.com/hashicorp/vault-helm/pull/174 )]
* Added configurable to change updateStrategy [[GH-172 ](https://github.com/hashicorp/vault-helm/pull/172 )]
2020-02-21 16:23:57 +00:00
* Added sleep in the preStop lifecycle step [[GH-188 ](https://github.com/hashicorp/vault-helm/pull/188 )]
* Updated chart and tests to Helm 3 [[GH-195 ](https://github.com/hashicorp/vault-helm/pull/195 )]
* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207 ](https://github.com/hashicorp/vault-helm/pull/207 )]
2020-01-15 10:06:54 +00:00
2020-01-15 15:16:28 +00:00
Bugs:
2020-02-21 16:23:57 +00:00
* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179 ](https://github.com/hashicorp/vault-helm/pull/179 )]
2020-01-15 15:16:28 +00:00
2020-01-14 19:14:27 +00:00
## 0.3.3 (January 14th, 2020)
2020-01-14 15:18:08 +00:00
2020-01-14 15:12:40 +00:00
Security:
* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175 ](https://github.com/hashicorp/vault-helm/issues/175 )
2020-01-14 19:14:27 +00:00
Bugs:
* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
2020-01-08 15:05:06 +00:00
## 0.3.2 (January 8th, 2020)
Bugs:
* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
2020-01-02 17:18:22 +00:00
## 0.3.1 (January 2nd, 2020)
Bugs:
* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
2019-12-19 16:49:50 +00:00
## 0.3.0 (December 19th, 2019)
2019-11-21 19:21:23 +00:00
Features:
* Extra containers can now be added to the Vault pods
2019-11-29 00:09:42 +00:00
* Added configurability of pod probes
2020-10-20 17:58:41 +00:00
* Added Vault Agent Injector
2019-11-29 00:09:42 +00:00
Improvements:
* Moved `global.image` to `server.image`
2019-12-09 21:52:23 +00:00
* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
2019-12-19 16:49:50 +00:00
* Added better HTTP/HTTPS scheme support to http probes
* Added configurable node port for Vault service
* `server.authDelegator` is now enabled by default
2019-11-21 19:21:23 +00:00
2019-12-02 22:22:15 +00:00
Bugs:
* Fixed upgrade bug by removing chart label which contained the version
2019-12-11 21:07:44 +00:00
* Fixed typo on `serviceAccount` (was `serviceaccount` )
2019-12-16 23:09:05 +00:00
* Fixed readiness/liveliness HTTP probe default to accept standbys
2019-12-02 22:22:15 +00:00
2019-11-13 00:55:31 +00:00
## 0.2.1 (November 12th, 2019)
Bugs:
* Removed `readOnlyRootFilesystem` causing issues when validating deployments
2019-11-11 15:51:00 +00:00
## 0.2.0 (October 29th, 2019)
2019-10-21 21:08:42 +00:00
Features:
* Added load balancer support
* Added ingress support
* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
* Removed root requirements, now runs as Vault user
Improvements:
* Added namespace value to all rendered objects
* Made ports configurable in services
* Added the ability to add custom annotations to services
* Added docker image for running bats test in CircleCI
* Removed restrictions around `dev` mode such as annotations
2019-10-29 15:19:37 +00:00
* `readOnlyRootFilesystem` is now configurable
* Image Pull Policy is now configurable
2019-10-21 21:08:42 +00:00
Bugs:
* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
* Fixed bug where audit storage was not being mounted in HA mode
2019-11-06 16:08:28 +00:00
* Fixed bug where Vault pod wasn't receiving SIGTERM signals
2019-10-21 21:08:42 +00:00
2019-08-22 14:53:22 +00:00
## 0.1.2 (August 22nd, 2019)
Features:
* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
environment variables
2020-10-20 17:58:41 +00:00
* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
2019-08-22 14:53:22 +00:00
depending on the value
2020-10-20 17:58:41 +00:00
* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
2019-08-22 14:53:22 +00:00
to "NodePort"
Improvements:
* Changed UI port to 8200 for better HTTP protocol support
2020-10-20 17:58:41 +00:00
* Added `path` to `extraVolumes` to define where the volume should be
2019-08-22 14:53:22 +00:00
mounted. Defaults to `/vault/userconfig`
* Upgraded Vault to 1.2.2
Bugs:
2020-10-20 17:58:41 +00:00
* Fixed bug where upgrade would fail because immutable labels were being
2019-08-22 14:53:22 +00:00
changed (Helm Version label)
* Fixed bug where UI service used wrong selector after updating helm labels
* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
Consul is the active node
* Removed `step-down` preStop since it requires authentication. Shutdown signal
sent by Kube acts similar to `step-down`
2019-08-08 18:14:58 +00:00
## 0.1.1 (August 7th, 2019)
Features:
2019-08-22 15:05:31 +00:00
* Added `authDelegator` Cluster Role Binding to Vault service account for
2019-08-08 18:14:58 +00:00
bootstrapping Kube auth method
Improvements:
2019-08-22 15:05:31 +00:00
* Added `server.service.clusterIP` to `values.yml` so users can toggle
2019-08-08 18:14:58 +00:00
the Vault service to headless by using the value `None` .
* Upgraded Vault to 1.2.1
## 0.1.0 (August 6th, 2019)
2018-09-22 16:59:41 +00:00
Initial release
