jessebot
00ed536f64
add official openbao security email
...
Signed-off-by: jessebot <jessebot@linux.com>
2024-05-17 08:18:38 -04:00
jessebot
5544941fff
begin changes to using openbao everywhere instead of vault
...
also begin massive change over to using helm's official chart release and testing actions
Signed-off-by: jessebot <jessebot@linux.com>
2024-05-17 08:18:38 -04:00
dependabot[bot]
c5f9247828
Bump helm/kind-action from 1.8.0 to 1.9.0 ( #999 )
...
Bumps [helm/kind-action](https://github.com/helm/kind-action ) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/helm/kind-action/releases )
- [Commits](dda0770415...99576bfa6d
2024-03-22 18:26:53 -07:00
Ben Ash
dbfb243d03
Update code owners ( #1006 )
...
- ignore scratch dir
2024-03-19 16:07:57 -04:00
Theron Voran
e439b28914
injector: add get for nodes in clusterrole ( #1005 )
...
Required for operator-lib leader logic
2024-03-18 21:55:51 -07:00
Christopher Swenson
d186b6ff29
Add annotation on config change ( #1001 )
...
When updating the Vault config (and corresponding)
configmap, we now generate a checksum of the config
and set it as an annotation on both the configmap
and the Vault StatefulSet pod template.
This allows the deployer to know what pods need to
be restarted to pick up the a changed config.
We still recommend using the standard upgrade
[method for Vault on Kubernetes](https://developer.hashicorp.com/vault/tutorials/kubernetes/kubernetes-raft-deployment-guide#upgrading-vault-on-kubernetes ),
i.e., using the `OnDelete` strategy
for the Vault StatefulSet, so updating the config
and doing a `helm upgrade` should not trigger the
pods to restart, and then deleting pods one
at a time, starting with the standby pods.
With `kubectl` and `jq`, you can check check which
pods need to be updated by first getting the value
of the current configmap checksum:
```shell
kubectl get pods -o json | jq -r ".items[] | select(.metadata.annotations.\"config/checksum\" != $(kubectl get configmap vault-config -o json | jq '.metadata.annotations."config/checksum"') ) | .metadata.name"
```
Fixes #748 .
---------
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2024-03-18 11:03:56 -07:00
Ben Ash
6930c378d2
Test against k8s 1.29 ( #1003 )
...
* Drop k8s 1.24
* Use latest kind version v0.22.0
2024-03-11 15:23:14 -04:00
dependabot[bot]
7a127f878a
Bump actions/setup-go from 4.1.0 to 5.0.0 ( #984 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](93397bea11...0c52d547c9
2024-02-08 12:07:19 -08:00
Theron Voran
50f7439fb2
Update to v0.27.0 ( #978 )
2023-11-16 13:47:57 -08:00
Alan Tang
3e16e05ba7
Add labels for PVC template ( #969 )
2023-11-15 17:55:09 -08:00
Marco Lecheler
e77dce38b2
feat: ingress rules for server networkPolicy ( #877 )
...
* feat: allow server netPol to specify podSelector
* feat(test): add podSelector NetworkPolicy unittest
* chore: introduce server.networkPolicy.ingress
As suggested let users template the whole ingress object for the
networkPolicy than only the podSelector.
Co-authored-by: tvoran <444265+tvoran@users.noreply.github.com>
---------
Co-authored-by: tvoran <444265+tvoran@users.noreply.github.com>
2023-11-15 16:42:26 -08:00
dependabot[bot]
97166e5207
Bump actions/checkout from 4.1.0 to 4.1.1 ( #963 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
2023-11-13 23:08:38 -08:00
Aleix Murtra
ad64f921b5
Add persistentVolumeClaimRetentionPolicy variable to values.yaml ( #965 )
...
This variable is used to set the persistentVolumeClaimRetentionPolicy
value in the server-statefulset.yaml template, which is used to
configure the retention policy for the PVCs used by the server
statefulset.
2023-11-13 11:55:33 -08:00
Thy Ton
2bb6994dd9
support exec in server liveness probe ( #971 )
...
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2023-11-09 13:38:59 -08:00
Kyle Schochenmaier
36dafa02c0
Prepare for release 0.26.1 ( #970 )
...
* Prepare for release 0.26.1
2023-10-30 14:26:38 -05:00
Floris Heringa
9b3ceaac99
Fix check if server.ha.replicas is a number when set in values.yaml ( #961 )
2023-10-30 10:16:42 -05:00
Kyle Schochenmaier
f72df27d56
prepare for 0.26.0 release ( #967 )
...
* prepare for 0.26.0 release
2023-10-27 15:18:07 -05:00
Theron Voran
6f3f107ca5
openshift/server: readiness probe passes when server uninitialized ( #966 )
...
Changes the default server readiness probe to pass when the server is
uninitialized, in order to pass the latest version of the
chart-verifier test (see #954 ) for details.
Also updates the chart-verifier used in our tests to 1.13.0 (latest).
2023-10-26 00:08:53 -07:00
Theron Voran
24739373fb
Update actions, k8s and vault versions, and changelog ( #962 )
...
Pin github actions to the latest trusted versions, test with k8s
1.24-1.28, update vault and vault-k8s defaults to latest releases.
---------
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-10-13 09:58:54 -07:00
Kyle Schochenmaier
e2990d2913
changelog++ ( #959 )
2023-09-26 22:50:26 -05:00
tekicat
7728f8c650
Allow additional annotations for standby and active services via config ( #896 )
...
* Allow additional annotations for standby and active services via config
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
2023-09-26 15:28:54 -05:00
dependabot[bot]
0f47d83f36
Bump actions/setup-go from 4.0.1 to 4.1.0 ( #938 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](fac708d667...93397bea11
2023-09-25 10:14:19 -05:00
dependabot[bot]
d3d472f948
Bump actions/checkout from 3.5.3 to 4.1.0 ( #957 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.3 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](c85c95e3d7...8ade135a41
2023-09-25 10:10:15 -05:00
Theron Voran
b13201831d
changelog++ ( #956 )
2023-09-18 13:17:00 -07:00
Milan Rafaj
3387881451
feat: add hostAliases for statefulset ( #955 )
2023-09-18 08:53:00 -07:00
Theron Voran
c3b2b14ffd
changelog++ ( #946 )
2023-08-24 15:16:24 -07:00
Arend Lapere
377b68f13b
Add support for dual stack clusters ( #833 )
2023-08-24 15:14:19 -07:00
Marco Lecheler
ea1c36922b
chore(test): use vault.fullname in Helm test ( #912 )
2023-08-23 11:30:35 -07:00
Tanmay Pereira Naik
c7353d1aea
docs: Update outdated vaultproject.io/docs/ links ( #935 )
...
Signed-off-by: Tanmay Pereira Naik <59953366+tanmay-pnaik@users.noreply.github.com>
2023-08-22 12:16:41 -07:00
gillcaleb
1e12d49d74
Add optional long lived SA token ( #923 )
...
---------
Co-authored-by: Caleb Gill <cgill@stavvy.com>
2023-08-17 14:05:50 +01:00
Johannes Siebel
ec964a33ea
Allow scale to zero ( #943 )
2023-08-15 10:50:25 +01:00
KhizerJaan
9a16496e86
Allows the release namespace to be overridden ( #909 )
2023-07-04 14:30:35 +01:00
Tom Proctor
e2711a2002
Prepare for 0.25.0 release ( #916 )
...
* Prepare for 0.25.0 release
* Update CSI acceptance test assertion
Starting in 1.4.0, the CSI provider caches Vault tokens locally. The main thing
we want to check is that the Agent cache is being used so that it's doing the
renewal legwork for any leased secrets, so check for the renewal log message instead
because CSI won't auth over and over anymore.
2023-06-26 16:00:04 +01:00
Daniel Kimsey
a86803d5c8
ci: Fix yq command syntax ( #881 )
...
The original CCI version used an older version of yq. The syntax changed and this was missed when ported.
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-06-19 15:57:16 +01:00
dependabot[bot]
785a5e7c12
Bump actions/setup-go from 4.0.0 to 4.0.1 ( #891 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](4d34df0c23...fac708d667
2023-06-14 11:24:45 +01:00
dependabot[bot]
38335f81c6
Bump actions/checkout from 3.5.2 to 3.5.3 ( #910 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e5e7e5ab8...c85c95e3d7
2023-06-14 10:54:53 +01:00
Theron Voran
cd30d9890a
csi: update affinity and nodeselector schema ( #907 )
...
array -> object
2023-06-06 22:51:14 -07:00
hashicorp-copywrite[bot]
1be10380d1
[COMPLIANCE] Add Copyright and License Headers ( #905 )
...
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2023-06-05 15:50:09 -07:00
Toninh0
3ce721fca4
CSI configurable nodeSelector and affinity ( #862 )
2023-06-01 10:38:22 +01:00
Tom Proctor
a56c27c892
Fix syntax for actionlint workflow ( #903 )
...
* Fix syntax for actionlint workflow
* Move .github/workflows/setup-test-tools/ -> .github/actions/setup-test-tools/
* Fix reported actionlint failures
2023-05-31 12:27:18 +01:00
Tom Proctor
da34c6c986
publishNotReadyAddresses for headless service always true ( #902 )
2023-05-30 15:54:00 +01:00
Theron Voran
3640daaf65
ci: upgrade kind-action and kind version ( #899 )
...
kind-action v1.5.0 -> v1.7.0
kind v0.17.0 -> v0.19.0
Add k8s 1.27 to testing, and update the rest of the kind image
versions.
2023-05-23 13:16:42 -07:00
risson
a276600b71
Default prometheusRules.rules should be an empty list ( #886 )
...
Support for prometheus-operator was added in
https://github.com/hashicorp/vault-helm/pull/772 and a default empty
set of rules was defined as an empty map `{}`. However, as evidenced
by the commented out rule examples below that very same values.yaml,
this is expected to be a list, so `rules:` value should be set to an
empty list `[]`.
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Vitaliy <vitaliyf@users.noreply.github.com>
2023-05-17 22:01:22 -07:00
Krishnadas M
b9096ee15b
Make injected Agent ephemeral storage configurable through injector.agentDefaults ( #798 )
2023-05-17 13:59:05 +01:00
Ashish Kumar
582e7d0c3b
spelling fix ( #888 )
2023-05-15 09:54:41 -07:00
hashicorp-tsccr[bot]
14585a1331
Result of tsccr-helper -pin-all-workflows . ( #882 )
...
Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
2023-04-21 10:12:31 -07:00
Tom Proctor
a5d803ad3c
Fix chart version for 0.24.1 release ( #880 )
2023-04-17 18:48:39 +01:00
Tom Proctor
677c932e35
Prepare for 0.24.1 release ( #879 )
2023-04-17 18:14:59 +01:00
Tom Proctor
9954df5e68
Add role for creating CSI's HMAC secret key ( #872 )
2023-04-14 13:31:41 +01:00
Daniel Kimsey
ded705d732
Remove CircelCI ( #871 )
...
Follow-up of #861 and hashicorp/gha-migration#158
2023-04-12 17:18:40 +01:00
