Prepare for 0.25.0 release (#916)

* Prepare for 0.25.0 release * Update CSI acceptance test assertion Starting in 1.4.0, the CSI provider caches Vault tokens locally. The main thing we want to check is that the Agent cache is being used so that it's doing the renewal legwork for any leased secrets, so check for the renewal log message instead because CSI won't auth over and over anymore.
2023-06-26 16:00:04 +01:00 · 2023-06-26 16:00:04 +01:00 · e2711a2002
commit e2711a2002
parent a86803d5c8
7 changed files with 23 additions and 20 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,11 +1,17 @@
 ## Unreleased

+## 0.25.0 (June 26, 2023)
+
 Changes:
 * Latest Kubernetes version tested is now 1.27
 * server: Headless service ignores `server.service.publishNotReadyAddresses` setting and always sets it as `true` [GH-902](https://github.com/hashicorp/vault-helm/pull/902)
+* `vault` updated to 1.14.0 [GH-916](https://github.com/hashicorp/vault-helm/pull/916)
+* `vault-csi-provider` updated to 1.4.0 [GH-916](https://github.com/hashicorp/vault-helm/pull/916)

-Features:
+Improvements:
 * CSI: Make `nodeSelector` and `affinity` configurable for CSI daemonset's pods [GH-862](https://github.com/hashicorp/vault-helm/pull/862)
+* injector: Add `ephemeralLimit` and `ephemeralRequest` as options for configuring Agent's ephemeral storage resources [GH-798](https://github.com/hashicorp/vault-helm/pull/798)
+* Minimum kubernetes version for chart reverted to 1.20.0 to allow installation on clusters older than the oldest tested version [GH-916](https://github.com/hashicorp/vault-helm/pull/916)

 Bugs:
 * server: Set the default for `prometheusRules.rules` to an empty list [GH-886](https://github.com/hashicorp/vault-helm/pull/886)
@ -45,9 +51,6 @@ Features:
 Bugs:
 * server: Quote `.server.ha.clusterAddr` value [GH-810](https://github.com/hashicorp/vault-helm/pull/810)

-Improvements:
-* injector: Add `ephemeralLimit` and `ephemeralRequest` as options for configuring Agent's ephemeral storage resources [GH-798](https://github.com/hashicorp/vault-helm/pull/798)
-
 ## 0.22.1 (October 26th, 2022)

 Changes:
--- a/Chart.yaml
+++ b/Chart.yaml
@ -3,9 +3,9 @@

 apiVersion: v2
 name: vault
-version: 0.24.1
-appVersion: 1.13.1
-kubeVersion: ">= 1.22.0-0"
+version: 0.25.0
+appVersion: 1.14.0
+kubeVersion: ">= 1.20.0-0"
 description: Official HashiCorp Vault Chart
 home: https://www.vaultproject.io
 icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
--- a/test/acceptance/csi.bats
+++ b/test/acceptance/csi.bats
@ -55,16 +55,16 @@ load _helpers

  for i in $(seq 10); do
    sleep 2
-    if [ "$(kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=vault-csi-provider" -c vault-agent | grep "returning cached response: path=/v1/auth/kubernetes/login")" ]; then
+    if [ "$(kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=vault-csi-provider" -c vault-agent | grep "secret renewed: path=/v1/auth/kubernetes/login")" ]; then
        echo "Agent returned a cached login response"
        return
    fi

-    echo "Waiting for a cached response from Agent..."
+    echo "Waiting to confirm the Agent is renewing CSI's auth token..."
  done

  # Print the logs and fail the test
-  echo "Failed to find a log for a cached Agent response"
+  echo "Failed to find a log for the Agent renewing CSI's auth token"
  kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=vault-csi-provider" -c vault-agent
  kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=vault-csi-provider" -c vault-csi-provider
  exit 1
--- a/test/acceptance/server-ha-enterprise-dr.bats
+++ b/test/acceptance/server-ha-enterprise-dr.bats
@ -7,7 +7,7 @@ load _helpers

  helm install "$(name_prefix)-east" \
    --set='server.image.repository=hashicorp/vault-enterprise' \
-    --set='server.image.tag=1.13.1-ent' \
+    --set="server.image.tag=$(yq -r '.server.image.tag' values.yaml)-ent" \
    --set='injector.enabled=false' \
    --set='server.ha.enabled=true' \
    --set='server.ha.raft.enabled=true' \
@ -75,7 +75,7 @@ load _helpers
  helm install "$(name_prefix)-west" \
    --set='injector.enabled=false' \
    --set='server.image.repository=hashicorp/vault-enterprise' \
-    --set='server.image.tag=1.13.1-ent' \
+    --set="server.image.tag=$(yq -r '.server.image.tag' values.yaml)-ent" \
    --set='server.ha.enabled=true' \
    --set='server.ha.raft.enabled=true' \
    --set='server.enterpriseLicense.secretName=vault-license' .
--- a/test/acceptance/server-ha-enterprise-perf.bats
+++ b/test/acceptance/server-ha-enterprise-perf.bats
@ -8,7 +8,7 @@ load _helpers
  helm install "$(name_prefix)-east" \
    --set='injector.enabled=false' \
    --set='server.image.repository=hashicorp/vault-enterprise' \
-    --set='server.image.tag=1.13.1-ent' \
+    --set="server.image.tag=$(yq -r '.server.image.tag' values.yaml)-ent" \
    --set='server.ha.enabled=true' \
    --set='server.ha.raft.enabled=true' \
    --set='server.enterpriseLicense.secretName=vault-license' .
@ -75,7 +75,7 @@ load _helpers
  helm install "$(name_prefix)-west" \
    --set='injector.enabled=false' \
    --set='server.image.repository=hashicorp/vault-enterprise' \
-    --set='server.image.tag=1.13.1-ent' \
+    --set="server.image.tag=$(yq -r '.server.image.tag' values.yaml)-ent" \
    --set='server.ha.enabled=true' \
    --set='server.ha.raft.enabled=true' \
    --set='server.enterpriseLicense.secretName=vault-license' .
--- a/values.openshift.yaml
+++ b/values.openshift.yaml
@ -13,9 +13,9 @@ injector:

  agentImage:
    repository: "registry.connect.redhat.com/hashicorp/vault"
-    tag: "1.13.1-ubi"
+    tag: "1.14.0-ubi"

 server:
  image:
    repository: "registry.connect.redhat.com/hashicorp/vault"
-    tag: "1.13.1-ubi"
+    tag: "1.14.0-ubi"
--- a/values.yaml
+++ b/values.yaml
@ -73,7 +73,7 @@ injector:
  # required.
  agentImage:
    repository: "hashicorp/vault"
-    tag: "1.13.1"
+    tag: "1.14.0"

  # The default values for the injected Vault Agent containers.
  agentDefaults:
@ -374,7 +374,7 @@ server:

  image:
    repository: "hashicorp/vault"
-    tag: "1.13.1"
+    tag: "1.14.0"
    # Overrides the default Image Pull Policy
    pullPolicy: IfNotPresent

@ -1001,7 +1001,7 @@ csi:

  image:
    repository: "hashicorp/vault-csi-provider"
-    tag: "1.3.0"
+    tag: "1.4.0"
    pullPolicy: IfNotPresent

  # volumes is a list of volumes made available to all containers. These are rendered
@ -1086,7 +1086,7 @@ csi:

    image:
      repository: "hashicorp/vault"
-      tag: "1.13.1"
+      tag: "1.14.0"
      pullPolicy: IfNotPresent

    logFormat: standard