Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
446 commits 11 branches 48 tags 1.4 MiB
Commit graph

446 commits

This branch
This branch
All branches
Author SHA1 Message Date
Theron Voran
f59fd68780
changelog++ 2021-01-15 15:45:38 -08:00
Theron Voran
69a3dc618d
Set VAULT_DEV_LISTEN_ADDRESS in dev mode (#446) 
Binds vault to 0.0.0.0 in dev mode so that external traffic is
accepted.
 2021-01-15 15:42:50 -08:00
Theron Voran
91e9446bfc
Update version of consul-helm in server-ha test (#444) 
consul-helm v0.16.2 doesn't work with newer versions of helm (like
3.4).
 2021-01-12 11:07:55 -08:00
Theron Voran
2451b5fb65
Increase the timeout for leader elector ready (#443) 
Bumps the timeout waiting for the injector replicas (with
leader-elector containers) to be "Ready" to 5 minutes. Default was 30
seconds.
 2021-01-12 11:06:00 -08:00
Theron Voran
e69efc018d
changelog++ 2021-01-11 17:53:07 -08:00
Bruno FERNANDO
6c99e107c6
fix(injector): label component (app.kubernetes.io/name) value in anti-affinity rule (#442) 2021-01-11 17:51:13 -08:00
Theron Voran
5230d3e528
changelog++ 2021-01-08 18:00:00 -08:00
Bruno FERNANDO
53f31be205
fix(injector): label component value in anti-affinity rule (#441) 2021-01-08 17:55:47 -08:00
Theron Voran
7b5e08c4a8
0.9.0 release updates (#439) 
Changelog, chart metadata, and image versions
 2021-01-05 10:52:56 -08:00
Jason O'Donnell
3cc33172d9
Add extra time to initial probe delay (#440) 2021-01-05 13:51:28 -05:00
Tom Proctor
7a122dd811
changelog++ 2021-01-05 18:08:48 +00:00
Tom Proctor
278044dbd9
changelog++ 2021-01-05 18:06:20 +00:00
Tom Proctor
e6b4969acc
Support deploying multiple injector replicas with auto-TLS (#436) 2021-01-05 11:14:00 +00:00
Jason O'Donnell
818ed117b0
changelog++ 2020-12-16 12:32:51 -05:00
Volodymyr Stoiko
f8e6aab4ee
Allow configurable egress for server network policy (#389) 
* Allow configurable egress

* Add test for networkpolicy egress in server

* Allow egress configuration

* Fix test

* Fix networkPolicy test

* Fix test
 2020-12-16 12:30:24 -05:00
Jason O'Donnell
9067c4e2f5
changelog++ 2020-12-14 14:15:30 -05:00
Jason O'Donnell
cc20c0b3c1
Add allowPrivilegeEscalation=false to pods (#429) 
* Add allowPrivilegeEscalation=false to pods

* Add openshift check

* Add injector openshift check
 2020-12-14 14:14:29 -05:00
Jason O'Donnell
d80432a7d5
changelog++ 2020-12-07 11:29:17 -05:00
Logi
a11a75d1b5
support extraLabels for vault-agent-injector (#428) 
* support extraLabels for vault-agent-injector

* added unit test for extraLabels

* fix test

* added injector.extraLabels as empty map to values file
 2020-12-07 11:28:06 -05:00
Jason O'Donnell
136fe024c9
changelog++ 2020-12-07 10:33:06 -05:00
Bruno FERNANDO
73e90a1308
feat: add annotations to injector service (#425) 2020-12-07 10:31:54 -05:00
Jason O'Donnell
0101816d8d
changelog++ 2020-12-07 10:20:18 -05:00
Yong Wen Chua
94adad8335
Update mutating webhook API Version (#408) 
* Update mutating webhook API Version

* Set to ignore by default

* Remove extra `-`

* Add required fields
 2020-12-07 10:18:25 -05:00
Jason O'Donnell
be48291bcf
changelog++ 2020-12-07 10:10:44 -05:00
Piotr Hryszko
e2b609817f
don't set VAULT_DEV_ROOT_TOKEN_ID by default in dev mode (#415) 
* don't set VAULT_DEV_ROOT_TOKEN_ID by default in dev mode

* don't template environment variables that no longer exist

* fix tests after removing VAULT_DEV_ROOT_TOKEN_ID env variable

* removed a typo

* allow overriding VAULT_DEV_ROOT_TOKEN_ID in dev mode

* correct ambiguous description

* don't set default values in templates for visibility, update tests and set uncomment devRootToken in values.yaml

* Update devRootToken description
 2020-12-07 10:09:38 -05:00
Jason O'Donnell
a8c1b4b0c5
changelog++ 2020-12-07 10:08:56 -05:00
Chris Pieper
f780877e1d
Update rbac api version to v1 (#395) 
* fix(rbac): update api version on rbac

* Update templates/server-clusterrolebinding.yaml

Co-authored-by: Yong Wen Chua <lawliet89@users.noreply.github.com>

* Update server-discovery-rolebinding.yaml

Co-authored-by: Yong Wen Chua <lawliet89@users.noreply.github.com>
 2020-12-07 10:07:02 -05:00
Jason O'Donnell
f6c9d5837b
changelog++ 2020-11-30 16:32:06 -05:00
Jason O'Donnell
a8c42428b0
Add extraArgs support to dev mode (#421) 2020-11-30 16:31:02 -05:00
Michele Degges
b544e01391
Use docker mirror (#409) 2020-11-23 16:47:25 -08:00
Tom Proctor
93e4f521f1
Update jira sync github action (#411) 2020-11-16 11:38:03 +00:00
Jason O'Donnell
ee4e532159
Update to 0.8.0 (#405) 
* Update to 0.8.0

* Fix changelog formatting
 2020-10-20 13:58:41 -04:00
Jason O'Donnell
addf8a4f65
changelog++ 2020-10-20 09:35:49 -04:00
Jean-François Roche
c45f9b997d
Enable Vault to review kube tokens when using external Vault (#392) 
We want Vault to perform token reviews with Kubernetes even if we are
using an external Vault.

We need to create the ServiceAccount, Secret and ClusterRoleBinding with
the system:auth-delegator role to enable delegated authentication and
authorization checks [1].

These SA and RBAC objects are created when we deploy the Vault server.
In order to enable the creation of these objects when using an external
Vault, we remove the condition on external mode.

User might want to provide a sensible name (in global.serviceAccount.name) to the service
account such as: vault-auth.

refs #376

[1] https://www.vaultproject.io/docs/auth/kubernetes#configuring-kubernetes
 2020-10-20 09:34:48 -04:00
Anton Kaymakchi
f6123b8ed2
Fix misspelings in values.yaml file (#402) 2020-10-20 09:05:29 -04:00
Jason O'Donnell
994797cff4
changelog++ 2020-10-16 10:48:41 -04:00
gw0
29a77e82d1
Improve config variables (#398) 2020-10-16 10:47:31 -04:00
Jason O'Donnell
618d4b3b39
changelog++ 2020-10-13 09:22:17 -04:00
Ori Rawlings
5eb0ba5865
Add configurable failurePolicy for injector's webhook (#400) 
Fixes #399
 2020-10-13 09:20:06 -04:00
Jason O'Donnell
5242cfe6a7
changelog++ 2020-10-05 16:23:04 -04:00
Jason O'Donnell
73c70c0ba0
changelog++ 2020-10-01 11:07:48 -04:00
Michael Parker
1968526f0d
add ability to set pod annotations for injector (#394) 
* add ability to set pod annotations for injector

* add missing unit tests
 2020-10-01 11:06:53 -04:00
Jason O'Donnell
54f58b9c01
changelog++ 2020-10-01 09:34:25 -04:00
Jason O'Donnell
13ef8db3b5
Add configurable mountPath for audit/data storage (#393) 2020-10-01 09:32:46 -04:00
Jason O'Donnell
c16905edca
changelog++ 2020-09-24 12:41:51 -04:00
Theron Voran
1705536ee5
changelog++ 2020-09-15 23:47:01 -07:00
Volodymyr Stoiko
66ea34c702
Allow explicit network policy enablement (#381) 
* Disable default network policy

* Make network policy configurable by explicit flag only
 2020-09-15 23:40:56 -07:00
Jason O'Donnell
fc8ebfdd4e
Add configurable probe values (#387) 
* Add configurable probe values

* Remove template defaults

* Update values.yaml

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update values.yaml

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update values.yaml

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Switch timeout and period defaults

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
 2020-09-15 16:24:38 -04:00
Tom Proctor
3975d2c331
Update Jira sync action versions (#386) 
These versions bring a few fixes:

* The action now supports converting the most common bits of markdown syntax into Jira formatting directives
* Replaces Atlassian's comment action, which tries to interpolate bits of text from comments wrapped in {{ github.event_name }} as templates, usually causing an error (in the case I've put there, if I wasn't a vault team member, it would replace the template with `pull_request_target`)
* Remove trailing comma after link that broke the link target Jira selects
 2020-09-14 16:50:46 +01:00
Tom Proctor
798ac9c597
Update notes template to be helm v3 compatible (#378) 
`helm get {{ .Release.Name }}` is replaced by `vault get all {{ .Release.Name }}` in helm v3, but `all` doesn't exist in v2.
 2020-08-27 16:34:25 +01:00