Marco Lecheler
e77dce38b2
feat: ingress rules for server networkPolicy ( #877 )
...
* feat: allow server netPol to specify podSelector
* feat(test): add podSelector NetworkPolicy unittest
* chore: introduce server.networkPolicy.ingress
As suggested let users template the whole ingress object for the
networkPolicy than only the podSelector.
Co-authored-by: tvoran <444265+tvoran@users.noreply.github.com>
---------
Co-authored-by: tvoran <444265+tvoran@users.noreply.github.com>
2023-11-15 16:42:26 -08:00
dependabot[bot]
97166e5207
Bump actions/checkout from 4.1.0 to 4.1.1 ( #963 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
2023-11-13 23:08:38 -08:00
Aleix Murtra
ad64f921b5
Add persistentVolumeClaimRetentionPolicy variable to values.yaml ( #965 )
...
This variable is used to set the persistentVolumeClaimRetentionPolicy
value in the server-statefulset.yaml template, which is used to
configure the retention policy for the PVCs used by the server
statefulset.
2023-11-13 11:55:33 -08:00
Thy Ton
2bb6994dd9
support exec in server liveness probe ( #971 )
...
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2023-11-09 13:38:59 -08:00
Kyle Schochenmaier
36dafa02c0
Prepare for release 0.26.1 ( #970 )
...
* Prepare for release 0.26.1
2023-10-30 14:26:38 -05:00
Floris Heringa
9b3ceaac99
Fix check if server.ha.replicas is a number when set in values.yaml ( #961 )
2023-10-30 10:16:42 -05:00
Kyle Schochenmaier
f72df27d56
prepare for 0.26.0 release ( #967 )
...
* prepare for 0.26.0 release
2023-10-27 15:18:07 -05:00
Theron Voran
6f3f107ca5
openshift/server: readiness probe passes when server uninitialized ( #966 )
...
Changes the default server readiness probe to pass when the server is
uninitialized, in order to pass the latest version of the
chart-verifier test (see #954 ) for details.
Also updates the chart-verifier used in our tests to 1.13.0 (latest).
2023-10-26 00:08:53 -07:00
Theron Voran
24739373fb
Update actions, k8s and vault versions, and changelog ( #962 )
...
Pin github actions to the latest trusted versions, test with k8s
1.24-1.28, update vault and vault-k8s defaults to latest releases.
---------
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-10-13 09:58:54 -07:00
Kyle Schochenmaier
e2990d2913
changelog++ ( #959 )
2023-09-26 22:50:26 -05:00
tekicat
7728f8c650
Allow additional annotations for standby and active services via config ( #896 )
...
* Allow additional annotations for standby and active services via config
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
2023-09-26 15:28:54 -05:00
dependabot[bot]
0f47d83f36
Bump actions/setup-go from 4.0.1 to 4.1.0 ( #938 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](fac708d667...93397bea11
2023-09-25 10:14:19 -05:00
dependabot[bot]
d3d472f948
Bump actions/checkout from 3.5.3 to 4.1.0 ( #957 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.3 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](c85c95e3d7...8ade135a41
2023-09-25 10:10:15 -05:00
Theron Voran
b13201831d
changelog++ ( #956 )
2023-09-18 13:17:00 -07:00
Milan Rafaj
3387881451
feat: add hostAliases for statefulset ( #955 )
2023-09-18 08:53:00 -07:00
Theron Voran
c3b2b14ffd
changelog++ ( #946 )
2023-08-24 15:16:24 -07:00
Arend Lapere
377b68f13b
Add support for dual stack clusters ( #833 )
2023-08-24 15:14:19 -07:00
Marco Lecheler
ea1c36922b
chore(test): use vault.fullname in Helm test ( #912 )
2023-08-23 11:30:35 -07:00
Tanmay Pereira Naik
c7353d1aea
docs: Update outdated vaultproject.io/docs/ links ( #935 )
...
Signed-off-by: Tanmay Pereira Naik <59953366+tanmay-pnaik@users.noreply.github.com>
2023-08-22 12:16:41 -07:00
gillcaleb
1e12d49d74
Add optional long lived SA token ( #923 )
...
---------
Co-authored-by: Caleb Gill <cgill@stavvy.com>
2023-08-17 14:05:50 +01:00
Johannes Siebel
ec964a33ea
Allow scale to zero ( #943 )
2023-08-15 10:50:25 +01:00
KhizerJaan
9a16496e86
Allows the release namespace to be overridden ( #909 )
2023-07-04 14:30:35 +01:00
Tom Proctor
e2711a2002
Prepare for 0.25.0 release ( #916 )
...
* Prepare for 0.25.0 release
* Update CSI acceptance test assertion
Starting in 1.4.0, the CSI provider caches Vault tokens locally. The main thing
we want to check is that the Agent cache is being used so that it's doing the
renewal legwork for any leased secrets, so check for the renewal log message instead
because CSI won't auth over and over anymore.
2023-06-26 16:00:04 +01:00
Daniel Kimsey
a86803d5c8
ci: Fix yq command syntax ( #881 )
...
The original CCI version used an older version of yq. The syntax changed and this was missed when ported.
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-06-19 15:57:16 +01:00
dependabot[bot]
785a5e7c12
Bump actions/setup-go from 4.0.0 to 4.0.1 ( #891 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](4d34df0c23...fac708d667
2023-06-14 11:24:45 +01:00
dependabot[bot]
38335f81c6
Bump actions/checkout from 3.5.2 to 3.5.3 ( #910 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e5e7e5ab8...c85c95e3d7
2023-06-14 10:54:53 +01:00
Theron Voran
cd30d9890a
csi: update affinity and nodeselector schema ( #907 )
...
array -> object
2023-06-06 22:51:14 -07:00
hashicorp-copywrite[bot]
1be10380d1
[COMPLIANCE] Add Copyright and License Headers ( #905 )
...
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2023-06-05 15:50:09 -07:00
Toninh0
3ce721fca4
CSI configurable nodeSelector and affinity ( #862 )
2023-06-01 10:38:22 +01:00
Tom Proctor
a56c27c892
Fix syntax for actionlint workflow ( #903 )
...
* Fix syntax for actionlint workflow
* Move .github/workflows/setup-test-tools/ -> .github/actions/setup-test-tools/
* Fix reported actionlint failures
2023-05-31 12:27:18 +01:00
Tom Proctor
da34c6c986
publishNotReadyAddresses for headless service always true ( #902 )
2023-05-30 15:54:00 +01:00
Theron Voran
3640daaf65
ci: upgrade kind-action and kind version ( #899 )
...
kind-action v1.5.0 -> v1.7.0
kind v0.17.0 -> v0.19.0
Add k8s 1.27 to testing, and update the rest of the kind image
versions.
2023-05-23 13:16:42 -07:00
risson
a276600b71
Default prometheusRules.rules should be an empty list ( #886 )
...
Support for prometheus-operator was added in
https://github.com/hashicorp/vault-helm/pull/772 and a default empty
set of rules was defined as an empty map `{}`. However, as evidenced
by the commented out rule examples below that very same values.yaml,
this is expected to be a list, so `rules:` value should be set to an
empty list `[]`.
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Vitaliy <vitaliyf@users.noreply.github.com>
2023-05-17 22:01:22 -07:00
Krishnadas M
b9096ee15b
Make injected Agent ephemeral storage configurable through injector.agentDefaults ( #798 )
2023-05-17 13:59:05 +01:00
Ashish Kumar
582e7d0c3b
spelling fix ( #888 )
2023-05-15 09:54:41 -07:00
hashicorp-tsccr[bot]
14585a1331
Result of tsccr-helper -pin-all-workflows . ( #882 )
...
Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
2023-04-21 10:12:31 -07:00
Tom Proctor
a5d803ad3c
Fix chart version for 0.24.1 release ( #880 )
2023-04-17 18:48:39 +01:00
Tom Proctor
677c932e35
Prepare for 0.24.1 release ( #879 )
2023-04-17 18:14:59 +01:00
Tom Proctor
9954df5e68
Add role for creating CSI's HMAC secret key ( #872 )
2023-04-14 13:31:41 +01:00
Daniel Kimsey
ded705d732
Remove CircelCI ( #871 )
...
Follow-up of #861 and hashicorp/gha-migration#158
2023-04-12 17:18:40 +01:00
hc-github-team-es-release-engineering
bb9a069c06
Convert hashicorp/vault-helm to GitHub Actions ( #861 )
...
* Add workflow hashicorp/vault-helm/update-helm-charts-index
* Add workflow hashicorp/vault-helm/manual-trigger-update-helm-charts-index
* SHA-pin all 3rd-party actions
* Restrict workflow permissions
* Add actionslint
* Add dependabot
* Add CODEOWNERS
* Replace deprecated references
* fixup: First pass at cleaning up update-helm-charts-index
* fixup: move to self-hosted for access to vault
* fixup: remove vault bits, correct GHA action
* fixup: Remove manual invocation
* fixup: update CODEOWNERS
* Update CODEOWNERS
* Fix CODEOWNERS syntax
* Use common workflow for action lint
* fixup: address review feedback
* fixup: codeowners set
* Apply suggestions from code review
Co-authored-by: Alvin Huang <17609145+alvin-huang@users.noreply.github.com>
* fixup: remove slack status action
* fixup: more clear error message and correct syntax
* fixup: limit actionlint trigger to GHA paths
* fixup: glob
* fixup: incorporate emily's superior syntax
---------
Co-authored-by: Daniel Kimsey <daniel.kimsey@hashicorp.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Daniel Kimsey <90741+dekimsey@users.noreply.github.com>
Co-authored-by: Alvin Huang <17609145+alvin-huang@users.noreply.github.com>
2023-04-12 09:19:02 -05:00
Theron Voran
1307dbea76
add copyright header to csi-agent-configmap.yaml ( #870 )
2023-04-11 11:00:47 -07:00
Christopher Swenson
d52c4a519d
Prepare for 0.24.0 release ( #868 )
2023-04-06 15:38:23 -07:00
Tom Proctor
0fe916481c
Add Vault Agent sidecar to CSI Provider ( #749 )
...
Adds Agent as a sidecar for the CSI Provider to:
* Cache k8s auth login leases
* Cache secret leases
* Automatically renew renewable leases in the background
2023-04-06 19:45:10 +01:00
Kyle Schochenmaier
fc7d4326fc
Add changelog for #831 ( #867 )
...
* Add changelog for #831
* fixes bats test
2023-04-04 10:21:42 -05:00
Bhargav Akhani
9f189801a6
Add portnumber ( #831 )
...
* Add configurable Port Number in readinessProbe and livenessProbe for the server-statefulset.
Co-authored-by: Kyle Schochenmaier <kyle.schochenmaier@hashicorp.com>
2023-04-04 09:17:24 -05:00
Theron Voran
2c4cd3a3c3
Updating GHA and default Vault version ( #863 )
...
Test with latest kind k8s versions 1.22-1.26. Remove support for old
disruptionbudget and ingress APIs (pre 1.22).
Pin all actions to SHAs, and use the common jira sync.
Update the default Vault version to v1.13.1.
Update chart-verifier used in tests to 1.10.1, also add an openshift
name annotation to Chart.yaml (one of the required checks).
2023-04-03 16:44:13 -07:00
Thy Ton
932891778f
feat: make injector livenessProbe and readinessProbe configurable and add configurable startupProbe ( #852 )
2023-03-16 12:03:27 -07:00
Thy Ton
f4f05aaa74
fix: remove k8s 1.16 from acceptance testing ( #848 )
...
* remove 1.16 from the versions tested in .github/workflows/acceptance.yaml as kind no longer supports creating a k8s 1.16 cluster
* update vault-helm's minimum support k8s version to 1.20 in README and Chart.yaml
* refactor server-ingress's templating and unit tests applied to k8s versions < 1.20
2023-02-27 12:04:17 -08:00
Dimitar Zafirov
e31e70ea0b
Add extraPorts property ( #841 )
2023-02-16 10:49:07 -08:00
