Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
601 commits 11 branches 48 tags 1.4 MiB
Commit graph

601 commits

This branch
This branch
All branches
Author SHA1 Message Date
jessebot
a139a100bf attempt to fix helm install in bats tests 
Signed-off-by: jessebot <jessebot@linux.com>
 2024-05-29 10:43:12 -04:00
jessebot
d6a7dce06c we now use /openbao/config instead of /vault/config 
ref: 8283776683/Dockerfile (L45)

also change types from null to [] to be more explicit and regenerate docs

Signed-off-by: jessebot <jessebot@linux.com>
 2024-05-29 10:43:12 -04:00
jessebot
754c4ee94d the command is bao not openbao 🤦 
Signed-off-by: jessebot <jessebot@linux.com>
 2024-05-29 10:43:12 -04:00
jessebot
2c9d040059 update the openbao helm chart test that runs after install to no longer use the vault command 
Signed-off-by: jessebot <jessebot@linux.com>
 2024-05-29 10:43:12 -04:00
Nathan Phelps
b59b6e55bb Issue 6: Removed Enterprise reference from chart's server-statefulset template. 
Signed-off-by: Nathan Phelps <naphelps@us.ibm.com>
 2024-05-20 17:43:17 -04:00
Nathan Phelps
675c249026 Issue 6: Removing Enterprise references from chart template helper. 
Signed-off-by: Nathan Phelps <naphelps@us.ibm.com>
 2024-05-20 17:43:17 -04:00
Nathan Phelps
c4b831e734 Issue 6: Updated the chart version to 0.3.0. 
Signed-off-by: Nathan Phelps <naphelps@us.ibm.com>
 2024-05-20 17:43:17 -04:00
Nathan Phelps
e5973aeff3 Issue 6: Removed Enterprise licensing references out of the chart's value configuration. 
Signed-off-by: Nathan Phelps <naphelps@us.ibm.com>
 2024-05-20 17:43:17 -04:00
Nathan Phelps
be6fa5a195 Issue 6: Changed some of the Hashicorp Vault refences in the docs to OpenBao. 
Signed-off-by: Nathan Phelps <naphelps@us.ibm.com>
 2024-05-20 17:43:17 -04:00
jessebot
7ad371f159 fix missing space in comment 
Signed-off-by: jessebot <jessebot@linux.com>
 2024-05-20 17:08:36 -04:00
jessebot
cb464ff650 fix linter issues with values.yaml to please chart tesitng linter 
ref: https://github.com/openbao/openbao-helm/actions/runs/9139677624/job/25132235295?pr=8
Signed-off-by: jessebot <jessebot@linux.com>
 2024-05-20 17:08:36 -04:00
jessebot
cbf6f461e2 actually template out the image.registry for each image map reference 
Signed-off-by: jessebot <jessebot@linux.com>
 2024-05-20 17:08:36 -04:00
jessebot
915f7c845c update base vault images to point at quay.io/openbao/openbao; add more helm docs 
Signed-off-by: jessebot <jessebot@linux.com>
 2024-05-20 17:08:36 -04:00
JesseBot
ed58ce3e78 Update charts/openbao/Chart.yaml - use default branding image 
Signed-off-by: JesseBot <jessebot@linux.com>
 2024-05-17 08:18:38 -04:00
JesseBot
c16fc99e7c Update charts/openbao/Chart.yaml - update the maintainer to be OpenBao 
Signed-off-by: JesseBot <jessebot@linux.com>
 2024-05-17 08:18:38 -04:00
JesseBot
302fdc8a22 Update charts/openbao/Chart.yaml - fix chart description OpenBao casing 
Signed-off-by: JesseBot <jessebot@linux.com>
 2024-05-17 08:18:38 -04:00
jessebot
00ed536f64 add official openbao security email 
Signed-off-by: jessebot <jessebot@linux.com>
 2024-05-17 08:18:38 -04:00
jessebot
5544941fff begin changes to using openbao everywhere instead of vault 
also begin massive change over to using helm's official chart release and testing actions

Signed-off-by: jessebot <jessebot@linux.com>
 2024-05-17 08:18:38 -04:00
dependabot[bot]
c5f9247828
Bump helm/kind-action from 1.8.0 to 1.9.0 (#999) 
Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/helm/kind-action/releases)
- [Commits](dda0770415...99576bfa6d)

---
updated-dependencies:
- dependency-name: helm/kind-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-22 18:26:53 -07:00
Ben Ash
dbfb243d03
Update code owners (#1006) 
- ignore scratch dir
 2024-03-19 16:07:57 -04:00
Theron Voran
e439b28914
injector: add get for nodes in clusterrole (#1005) 
Required for operator-lib leader logic
 2024-03-18 21:55:51 -07:00
Christopher Swenson
d186b6ff29
Add annotation on config change (#1001) 
When updating the Vault config (and corresponding)
configmap, we now generate a checksum of the config
and set it as an annotation on both the configmap
and the Vault StatefulSet pod template.

This allows the deployer to know what pods need to
be restarted to pick up the a changed config.

We still recommend using the standard upgrade
[method for Vault on Kubernetes](https://developer.hashicorp.com/vault/tutorials/kubernetes/kubernetes-raft-deployment-guide#upgrading-vault-on-kubernetes),
i.e., using the `OnDelete` strategy
for the Vault StatefulSet, so updating the config
and doing a `helm upgrade` should not trigger the
pods to restart, and then deleting pods one
at a time, starting with the standby pods.

With `kubectl` and `jq`, you can check check which
pods need to be updated by first getting the value
of the current configmap checksum:

```shell
kubectl get pods -o json | jq -r ".items[] | select(.metadata.annotations.\"config/checksum\" != $(kubectl get configmap vault-config -o json | jq '.metadata.annotations."config/checksum"') ) | .metadata.name"
```

Fixes #748.

---------

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
 2024-03-18 11:03:56 -07:00
Ben Ash
6930c378d2
Test against k8s 1.29 (#1003) 
* Drop k8s 1.24
* Use latest kind version v0.22.0
 2024-03-11 15:23:14 -04:00
dependabot[bot]
7a127f878a
Bump actions/setup-go from 4.1.0 to 5.0.0 (#984) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](93397bea11...0c52d547c9)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-08 12:07:19 -08:00
Theron Voran
50f7439fb2
Update to v0.27.0 (#978) 2023-11-16 13:47:57 -08:00
Alan Tang
3e16e05ba7
Add labels for PVC template (#969) 2023-11-15 17:55:09 -08:00
Marco Lecheler
e77dce38b2
feat: ingress rules for server networkPolicy (#877) 
* feat: allow server netPol to specify podSelector

* feat(test): add podSelector NetworkPolicy unittest

* chore: introduce server.networkPolicy.ingress

As suggested let users template the whole ingress object for the
networkPolicy than only the podSelector.

Co-authored-by: tvoran <444265+tvoran@users.noreply.github.com>

---------

Co-authored-by: tvoran <444265+tvoran@users.noreply.github.com>
 2023-11-15 16:42:26 -08:00
dependabot[bot]
97166e5207
Bump actions/checkout from 4.1.0 to 4.1.1 (#963) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](8ade135a41...b4ffde65f4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-13 23:08:38 -08:00
Aleix Murtra
ad64f921b5
Add persistentVolumeClaimRetentionPolicy variable to values.yaml (#965) 
This variable is used to set the persistentVolumeClaimRetentionPolicy
value in the server-statefulset.yaml template, which is used to
configure the retention policy for the PVCs used by the server
statefulset.
 2023-11-13 11:55:33 -08:00
Thy Ton
2bb6994dd9
support exec in server liveness probe (#971) 
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
 2023-11-09 13:38:59 -08:00
Kyle Schochenmaier
36dafa02c0
Prepare for release 0.26.1 (#970) 
* Prepare for release 0.26.1
 2023-10-30 14:26:38 -05:00
Floris Heringa
9b3ceaac99
Fix check if server.ha.replicas is a number when set in values.yaml (#961) 2023-10-30 10:16:42 -05:00
Kyle Schochenmaier
f72df27d56
prepare for 0.26.0 release (#967) 
* prepare for 0.26.0 release
 2023-10-27 15:18:07 -05:00
Theron Voran
6f3f107ca5
openshift/server: readiness probe passes when server uninitialized (#966) 
Changes the default server readiness probe to pass when the server is
uninitialized, in order to pass the latest version of the
chart-verifier test (see #954) for details.

Also updates the chart-verifier used in our tests to 1.13.0 (latest).
 2023-10-26 00:08:53 -07:00
Theron Voran
24739373fb
Update actions, k8s and vault versions, and changelog (#962) 
Pin github actions to the latest trusted versions, test with k8s
1.24-1.28, update vault and vault-k8s defaults to latest releases.

---------

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
 2023-10-13 09:58:54 -07:00
Kyle Schochenmaier
e2990d2913
changelog++ (#959) 2023-09-26 22:50:26 -05:00
tekicat
7728f8c650
Allow additional annotations for standby and active services via config (#896) 
* Allow additional annotations for standby and active services via config
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
 2023-09-26 15:28:54 -05:00
dependabot[bot]
0f47d83f36
Bump actions/setup-go from 4.0.1 to 4.1.0 (#938) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](fac708d667...93397bea11)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-25 10:14:19 -05:00
dependabot[bot]
d3d472f948
Bump actions/checkout from 3.5.3 to 4.1.0 (#957) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](c85c95e3d7...8ade135a41)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-25 10:10:15 -05:00
Theron Voran
b13201831d
changelog++ (#956) 2023-09-18 13:17:00 -07:00
Milan Rafaj
3387881451
feat: add hostAliases for statefulset (#955) 2023-09-18 08:53:00 -07:00
Theron Voran
c3b2b14ffd
changelog++ (#946) 2023-08-24 15:16:24 -07:00
Arend Lapere
377b68f13b
Add support for dual stack clusters (#833) 2023-08-24 15:14:19 -07:00
Marco Lecheler
ea1c36922b
chore(test): use vault.fullname in Helm test (#912) 2023-08-23 11:30:35 -07:00
Tanmay Pereira Naik
c7353d1aea
docs: Update outdated vaultproject.io/docs/ links (#935) 
Signed-off-by: Tanmay Pereira Naik <59953366+tanmay-pnaik@users.noreply.github.com>
 2023-08-22 12:16:41 -07:00
gillcaleb
1e12d49d74
Add optional long lived SA token (#923) 
---------

Co-authored-by: Caleb Gill <cgill@stavvy.com>
 2023-08-17 14:05:50 +01:00
Johannes Siebel
ec964a33ea
Allow scale to zero (#943) 2023-08-15 10:50:25 +01:00
KhizerJaan
9a16496e86
Allows the release namespace to be overridden (#909) 2023-07-04 14:30:35 +01:00
Tom Proctor
e2711a2002
Prepare for 0.25.0 release (#916) 
* Prepare for 0.25.0 release
* Update CSI acceptance test assertion

Starting in 1.4.0, the CSI provider caches Vault tokens locally. The main thing
we want to check is that the Agent cache is being used so that it's doing the
renewal legwork for any leased secrets, so check for the renewal log message instead
because CSI won't auth over and over anymore.
 2023-06-26 16:00:04 +01:00
Daniel Kimsey
a86803d5c8
ci: Fix yq command syntax (#881) 
The original CCI version used an older version of yq. The syntax changed and this was missed when ported.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
 2023-06-19 15:57:16 +01:00