Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
560 commits 11 branches 48 tags 1.4 MiB
Commit graph

560 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tom Proctor
b24457323b
changelog++ 2021-04-07 14:24:00 +01:00
Arie Lev
7a71c0fec4
fix csi helm deployment (#486) 
* fix serviceaccount and clusterrole name reference (full name)

* add server.enabled option, align with documentation

* add unit tests

* update server.enabled behaviour to explicit true and update tests
 2021-04-06 14:56:11 +01:00
Paul
a6856646aa
Remove extra word in readme (#482) 2021-03-29 18:12:09 -07:00
Jason O'Donnell
703ba50d47
changelog++ 2021-03-25 10:56:59 -04:00
Jason O'Donnell
7fd6959cdc
Add volumes and mounts support for CSI (#479) 
* Remove extraVolumes from CSI, add volumes and mounts

* Add better example
 2021-03-25 10:21:21 -04:00
Jason O'Donnell
f75b19f068
Update to 0.10.0 (#477) 
* Update to v0.10.0

* Fix typo

* Add csi link in changelog
 2021-03-25 10:19:31 -04:00
Tom Proctor
102f9e49e2
Target vault-csi-provider release 0.1.0 (#475) 2021-03-25 09:02:36 -04:00
Tom Proctor
2ddac08c51
changelog++ 2021-03-24 14:03:21 +00:00
Theron Voran
3e36bb70d5
updating acceptance tests to k8s 1.17 on gke (#473) 2021-03-24 09:20:06 -04:00
Tom Proctor
4c1d79f46e
Add CSI secrets store provider (#461) 2021-03-19 14:14:38 +00:00
Jason O'Donnell
ff735774c4
changelog++ 2021-02-19 23:03:15 -05:00
guru1306
690ee410ef
Add objectSelector to webhookconfiguration (#456) 2021-02-19 23:02:04 -05:00
Theron Voran
84a1dd9fbe
0.9.1 release updates (#455) 
Changelog, chart metadata, and image versions
 2021-02-02 11:06:40 -08:00
Jason O'Donnell
f399130112
changelog++ 2021-01-21 12:41:44 -05:00
Theron Voran
f59fd68780
changelog++ 2021-01-15 15:45:38 -08:00
Theron Voran
69a3dc618d
Set VAULT_DEV_LISTEN_ADDRESS in dev mode (#446) 
Binds vault to 0.0.0.0 in dev mode so that external traffic is
accepted.
 2021-01-15 15:42:50 -08:00
Theron Voran
91e9446bfc
Update version of consul-helm in server-ha test (#444) 
consul-helm v0.16.2 doesn't work with newer versions of helm (like
3.4).
 2021-01-12 11:07:55 -08:00
Theron Voran
2451b5fb65
Increase the timeout for leader elector ready (#443) 
Bumps the timeout waiting for the injector replicas (with
leader-elector containers) to be "Ready" to 5 minutes. Default was 30
seconds.
 2021-01-12 11:06:00 -08:00
Theron Voran
e69efc018d
changelog++ 2021-01-11 17:53:07 -08:00
Bruno FERNANDO
6c99e107c6
fix(injector): label component (app.kubernetes.io/name) value in anti-affinity rule (#442) 2021-01-11 17:51:13 -08:00
Theron Voran
5230d3e528
changelog++ 2021-01-08 18:00:00 -08:00
Bruno FERNANDO
53f31be205
fix(injector): label component value in anti-affinity rule (#441) 2021-01-08 17:55:47 -08:00
Theron Voran
7b5e08c4a8
0.9.0 release updates (#439) 
Changelog, chart metadata, and image versions
 2021-01-05 10:52:56 -08:00
Jason O'Donnell
3cc33172d9
Add extra time to initial probe delay (#440) 2021-01-05 13:51:28 -05:00
Tom Proctor
7a122dd811
changelog++ 2021-01-05 18:08:48 +00:00
Tom Proctor
278044dbd9
changelog++ 2021-01-05 18:06:20 +00:00
Tom Proctor
e6b4969acc
Support deploying multiple injector replicas with auto-TLS (#436) 2021-01-05 11:14:00 +00:00
Jason O'Donnell
818ed117b0
changelog++ 2020-12-16 12:32:51 -05:00
Volodymyr Stoiko
f8e6aab4ee
Allow configurable egress for server network policy (#389) 
* Allow configurable egress

* Add test for networkpolicy egress in server

* Allow egress configuration

* Fix test

* Fix networkPolicy test

* Fix test
 2020-12-16 12:30:24 -05:00
Jason O'Donnell
9067c4e2f5
changelog++ 2020-12-14 14:15:30 -05:00
Jason O'Donnell
cc20c0b3c1
Add allowPrivilegeEscalation=false to pods (#429) 
* Add allowPrivilegeEscalation=false to pods

* Add openshift check

* Add injector openshift check
 2020-12-14 14:14:29 -05:00
Jason O'Donnell
d80432a7d5
changelog++ 2020-12-07 11:29:17 -05:00
Logi
a11a75d1b5
support extraLabels for vault-agent-injector (#428) 
* support extraLabels for vault-agent-injector

* added unit test for extraLabels

* fix test

* added injector.extraLabels as empty map to values file
 2020-12-07 11:28:06 -05:00
Jason O'Donnell
136fe024c9
changelog++ 2020-12-07 10:33:06 -05:00
Bruno FERNANDO
73e90a1308
feat: add annotations to injector service (#425) 2020-12-07 10:31:54 -05:00
Jason O'Donnell
0101816d8d
changelog++ 2020-12-07 10:20:18 -05:00
Yong Wen Chua
94adad8335
Update mutating webhook API Version (#408) 
* Update mutating webhook API Version

* Set to ignore by default

* Remove extra `-`

* Add required fields
 2020-12-07 10:18:25 -05:00
Jason O'Donnell
be48291bcf
changelog++ 2020-12-07 10:10:44 -05:00
Piotr Hryszko
e2b609817f
don't set VAULT_DEV_ROOT_TOKEN_ID by default in dev mode (#415) 
* don't set VAULT_DEV_ROOT_TOKEN_ID by default in dev mode

* don't template environment variables that no longer exist

* fix tests after removing VAULT_DEV_ROOT_TOKEN_ID env variable

* removed a typo

* allow overriding VAULT_DEV_ROOT_TOKEN_ID in dev mode

* correct ambiguous description

* don't set default values in templates for visibility, update tests and set uncomment devRootToken in values.yaml

* Update devRootToken description
 2020-12-07 10:09:38 -05:00
Jason O'Donnell
a8c1b4b0c5
changelog++ 2020-12-07 10:08:56 -05:00
Chris Pieper
f780877e1d
Update rbac api version to v1 (#395) 
* fix(rbac): update api version on rbac

* Update templates/server-clusterrolebinding.yaml

Co-authored-by: Yong Wen Chua <lawliet89@users.noreply.github.com>

* Update server-discovery-rolebinding.yaml

Co-authored-by: Yong Wen Chua <lawliet89@users.noreply.github.com>
 2020-12-07 10:07:02 -05:00
Jason O'Donnell
f6c9d5837b
changelog++ 2020-11-30 16:32:06 -05:00
Jason O'Donnell
a8c42428b0
Add extraArgs support to dev mode (#421) 2020-11-30 16:31:02 -05:00
Michele Degges
b544e01391
Use docker mirror (#409) 2020-11-23 16:47:25 -08:00
Tom Proctor
93e4f521f1
Update jira sync github action (#411) 2020-11-16 11:38:03 +00:00
Jason O'Donnell
ee4e532159
Update to 0.8.0 (#405) 
* Update to 0.8.0

* Fix changelog formatting
 2020-10-20 13:58:41 -04:00
Jason O'Donnell
addf8a4f65
changelog++ 2020-10-20 09:35:49 -04:00
Jean-François Roche
c45f9b997d
Enable Vault to review kube tokens when using external Vault (#392) 
We want Vault to perform token reviews with Kubernetes even if we are
using an external Vault.

We need to create the ServiceAccount, Secret and ClusterRoleBinding with
the system:auth-delegator role to enable delegated authentication and
authorization checks [1].

These SA and RBAC objects are created when we deploy the Vault server.
In order to enable the creation of these objects when using an external
Vault, we remove the condition on external mode.

User might want to provide a sensible name (in global.serviceAccount.name) to the service
account such as: vault-auth.

refs #376

[1] https://www.vaultproject.io/docs/auth/kubernetes#configuring-kubernetes
 2020-10-20 09:34:48 -04:00
Anton Kaymakchi
f6123b8ed2
Fix misspelings in values.yaml file (#402) 2020-10-20 09:05:29 -04:00
Jason O'Donnell
994797cff4
changelog++ 2020-10-16 10:48:41 -04:00