Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
598 commits 11 branches 48 tags 1.4 MiB
Commit graph

598 commits

This branch
This branch
All branches
Author SHA1 Message Date
hashicorp-copywrite[bot]
1be10380d1
[COMPLIANCE] Add Copyright and License Headers (#905) 
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
 2023-06-05 15:50:09 -07:00
Toninh0
3ce721fca4
CSI configurable nodeSelector and affinity (#862) 2023-06-01 10:38:22 +01:00
Tom Proctor
a56c27c892
Fix syntax for actionlint workflow (#903) 
* Fix syntax for actionlint workflow
* Move .github/workflows/setup-test-tools/ -> .github/actions/setup-test-tools/
* Fix reported actionlint failures
 2023-05-31 12:27:18 +01:00
Tom Proctor
da34c6c986
publishNotReadyAddresses for headless service always true (#902) 2023-05-30 15:54:00 +01:00
Theron Voran
3640daaf65
ci: upgrade kind-action and kind version (#899) 
kind-action v1.5.0 -> v1.7.0
kind v0.17.0 -> v0.19.0

Add k8s 1.27 to testing, and update the rest of the kind image
versions.
 2023-05-23 13:16:42 -07:00
risson
a276600b71
Default prometheusRules.rules should be an empty list (#886) 
Support for prometheus-operator was added in
https://github.com/hashicorp/vault-helm/pull/772 and a default empty
set of rules was defined as an empty map `{}`. However, as evidenced
by the commented out rule examples below that very same values.yaml,
this is expected to be a list, so `rules:` value should be set to an
empty list `[]`.

Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Vitaliy <vitaliyf@users.noreply.github.com>
 2023-05-17 22:01:22 -07:00
Krishnadas M
b9096ee15b
Make injected Agent ephemeral storage configurable through injector.agentDefaults (#798) 2023-05-17 13:59:05 +01:00
Ashish Kumar
582e7d0c3b
spelling fix (#888) 2023-05-15 09:54:41 -07:00
hashicorp-tsccr[bot]
14585a1331
Result of tsccr-helper -pin-all-workflows . (#882) 
Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
 2023-04-21 10:12:31 -07:00
Tom Proctor
a5d803ad3c
Fix chart version for 0.24.1 release (#880) 2023-04-17 18:48:39 +01:00
Tom Proctor
677c932e35
Prepare for 0.24.1 release (#879) 2023-04-17 18:14:59 +01:00
Tom Proctor
9954df5e68
Add role for creating CSI's HMAC secret key (#872) 2023-04-14 13:31:41 +01:00
Daniel Kimsey
ded705d732
Remove CircelCI (#871) 
Follow-up of #861 and hashicorp/gha-migration#158
 2023-04-12 17:18:40 +01:00
hc-github-team-es-release-engineering
bb9a069c06
Convert hashicorp/vault-helm to GitHub Actions (#861) 
* Add workflow hashicorp/vault-helm/update-helm-charts-index

* Add workflow hashicorp/vault-helm/manual-trigger-update-helm-charts-index

* SHA-pin all 3rd-party actions

* Restrict workflow permissions

* Add actionslint

* Add dependabot

* Add CODEOWNERS

* Replace deprecated references

* fixup: First pass at cleaning up update-helm-charts-index

* fixup: move to self-hosted for access to vault

* fixup: remove vault bits, correct GHA action

* fixup: Remove manual invocation

* fixup: update CODEOWNERS

* Update CODEOWNERS

* Fix CODEOWNERS syntax

* Use common workflow for action lint

* fixup: address review feedback

* fixup: codeowners set

* Apply suggestions from code review

Co-authored-by: Alvin Huang <17609145+alvin-huang@users.noreply.github.com>

* fixup: remove slack status action

* fixup: more clear error message and correct syntax

* fixup: limit actionlint trigger to GHA paths

* fixup: glob

* fixup: incorporate emily's superior syntax

---------

Co-authored-by: Daniel Kimsey <daniel.kimsey@hashicorp.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Daniel Kimsey <90741+dekimsey@users.noreply.github.com>
Co-authored-by: Alvin Huang <17609145+alvin-huang@users.noreply.github.com>
 2023-04-12 09:19:02 -05:00
Theron Voran
1307dbea76
add copyright header to csi-agent-configmap.yaml (#870) 2023-04-11 11:00:47 -07:00
Christopher Swenson
d52c4a519d
Prepare for 0.24.0 release (#868) 2023-04-06 15:38:23 -07:00
Tom Proctor
0fe916481c
Add Vault Agent sidecar to CSI Provider (#749) 
Adds Agent as a sidecar for the CSI Provider to:

* Cache k8s auth login leases
* Cache secret leases
* Automatically renew renewable leases in the background
 2023-04-06 19:45:10 +01:00
Kyle Schochenmaier
fc7d4326fc
Add changelog for #831 (#867) 
* Add changelog for #831
* fixes bats test
 2023-04-04 10:21:42 -05:00
Bhargav Akhani
9f189801a6
Add portnumber (#831) 
* Add configurable Port Number in readinessProbe and livenessProbe for the server-statefulset. 
Co-authored-by: Kyle Schochenmaier <kyle.schochenmaier@hashicorp.com>
 2023-04-04 09:17:24 -05:00
Theron Voran
2c4cd3a3c3
Updating GHA and default Vault version (#863) 
Test with latest kind k8s versions 1.22-1.26. Remove support for old
disruptionbudget and ingress APIs (pre 1.22).

Pin all actions to SHAs, and use the common jira sync.

Update the default Vault version to v1.13.1.

Update chart-verifier used in tests to 1.10.1, also add an openshift
name annotation to Chart.yaml (one of the required checks).
 2023-04-03 16:44:13 -07:00
Thy Ton
932891778f
feat: make injector livenessProbe and readinessProbe configurable and add configurable startupProbe (#852) 2023-03-16 12:03:27 -07:00
Thy Ton
f4f05aaa74
fix: remove k8s 1.16 from acceptance testing (#848) 
* remove 1.16 from the versions tested in .github/workflows/acceptance.yaml as kind no longer supports creating a k8s 1.16 cluster
* update vault-helm's minimum support k8s version to 1.20 in README and Chart.yaml
* refactor server-ingress's templating and unit tests applied to k8s versions < 1.20
 2023-02-27 12:04:17 -08:00
Dimitar Zafirov
e31e70ea0b
Add extraPorts property (#841) 2023-02-16 10:49:07 -08:00
jordanfelle
34d8650cca
Fix typo in telemetry example (#846) 
Also in the telemetry test
 2023-02-16 09:07:41 -08:00
Theron Voran
742ddb1c52
adding SPDX copyright headers (#844) 2023-02-13 08:48:20 -08:00
Mariano Asselborn
c5c28cb385
Call helm publish workflow by file name without path (#843) 2023-02-13 10:58:13 -05:00
claire labry
a4e076b132
swap helm charts call to GHA (#840) 
* swap helm charts call to GHA

* fix path for gh utility
 2023-02-03 17:41:49 -06:00
Douglas Thomson
72914d873c
Amending docs (#828) 2023-01-12 09:38:29 -08:00
Tom Proctor
2d7fd5d565
Prepare for 0.23.0 release (#814) 2022-11-28 23:33:08 +00:00
Tom Proctor
c13151a6ac
server: Allow disabling the instance selector for services (#813) 2022-11-17 19:54:18 +00:00
Tom Proctor
21ce5245a3
Support selectively disabling active/standby services and service discovery role (#811) 2022-11-14 14:10:21 +00:00
Steven Kriegler
0110f977b2
Quote .server.ha.clusterAddr value (#810) 2022-11-09 14:19:38 -08:00
Aleksandr Titov
ab5b471c27
Add extraLabels for Vault server serviceAccount (#806) 2022-11-02 18:01:35 -07:00
Tom Proctor
46e6fb5ad1
Fix CircleCI config (#804) 
* Fix CircleCI config

* Add manual trigger option
 2022-10-27 11:37:38 +01:00
Tom Proctor
5d7014c7bb
Prepare to release to 0.22.1 (#803) 
* Prepare to release to 0.22.1

* Revert chart verifier update for now

* Remove unused jobs from CircleCI config
 2022-10-26 20:32:46 +01:00
hashicorp-copywrite[bot]
a3bbaea599
[COMPLIANCE] Add MPL 2.0 LICENSE (#800) 
Co-authored-by: hashicorp-copywrite[bot] <noreply@hashicorp.com>
 2022-10-12 14:55:30 -07:00
Tom Proctor
7e21a09ebd
Add server.hostNetwork option (#775) 2022-09-12 15:17:24 +01:00
Christopher Swenson
c15d83e397
Prepare for 0.22.0 release (#785) 
Prepare for 0.21.1 release

* Update Vault to 1.11.3
 2022-09-08 11:59:17 -07:00
Christopher Swenson
99d745ca0c
Update vault-k8s to 1.0.0 (#784) 
Update vault-k8s to 1.0.0

Also update Kubernetes versions tested against, including adding 1.25

Update consul in tests for Kubernetes 1.25 support
 2022-09-07 17:21:47 -07:00
Ben Ash
04074311f7
Add support for the Prometheus Operator (#772) 
support collecting Vault server metrics by deploying PrometheusOperator
CustomResources.

Co-authored-by: Sam Weston <weston.sam@gmail.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
 2022-09-01 13:07:49 -06:00
Ben Ash
8a6872e36d
CI: run acceptance tests on push to any (#781) 2022-09-01 12:39:38 -06:00
Theron Voran
85562b47c4
update values comments for server.securityContext (#778) 
Since container is empty for openshift.
 2022-08-26 10:05:44 -07:00
Alex Khaerov
9fa4c6c322
DOC: Minor typos fixes (#669) 
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
 2022-08-16 20:39:59 +01:00
Christopher Swenson
eca526b1ce
Prepare for 0.21.0 release (#771) 
Prepare for 0.21.0 release

CHANGES:
* `vault-k8s` updated to 0.17.0. (this)
* `vault-csi-provider` updated to 1.2.0 (this)
* `vault` updated to 1.11.2 (this)
* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)

Features:
* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
 2022-08-10 14:54:49 -07:00
Christopher Swenson
9efd98a30f
csi/server.statefulset: custom security context (#767) 
csi/server.statefulset: custom security context

This adds flexibility to have custom pod template and container
`securityContext` and preserves current default values and behavior.

Fixes https://github.com/hashicorp/vault-helm/issues/663.

This also is a way to address https://github.com/hashicorp/vault-helm/pull/599
so that people can specify, for example, the CSI to run in a privileged
container for OpenShift.

This is a follow-up to https://github.com/hashicorp/vault-helm/pull/750
and builds on the same principles.

Side note: I am not able to run `helm schema-gen` since it is
unmaintained and does not work with M1 Macs.
 2022-08-08 12:48:28 -07:00
Ben Ash
8bc160489f
Update jira sync (#768) 2022-08-05 19:12:21 -04:00
Theron Voran
91b6c64f1f
changelog++ and json schema update (#762) 
Changelog updates for #750, and json schema update.
 2022-08-03 11:25:33 -07:00
Christopher Swenson
6931720454
Changelog and schema update for active/standby node port (#761) 
* Changelog and schema update for active/standby node port

Follow-up to https://github.com/hashicorp/vault-helm/pull/610
 2022-08-02 11:06:31 -07:00
ChrisFraun
eb95ac5d20
Feat/adding pod and container security context (#750) 
Allow the injector's pod- and container-level securityContext to be
fully specified by the user, via new options
`injector.securityContext.pod` and
`injector.securityContext.container` with more complete
defaults. Deprecates `injector.uid` and `injector.gid`.

If `injector.uid` or `injector.gid` are set by the user, the old pod
securityContext settings will be used. Otherwise the new defaults and
settings are used.

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
 2022-08-01 23:00:29 -07:00
Jack Halford
553af862ea
Add support for nodePort for active and standby services (#610) 2022-08-01 13:16:51 -07:00