Docs: vault-helm 0.23.0 updates (#18131)

hashicorp · Nov 29, 2022 · 54a7e81 · 54a7e81
1 parent 4891122
commit 54a7e81
Show file tree

Hide file tree

Showing 8 changed files with 40 additions and 16 deletions.
diff --git a/website/content/docs/platform/k8s/helm/configuration.mdx b/website/content/docs/platform/k8s/helm/configuration.mdx
@@ -77,15 +77,15 @@ and consider if they're appropriate for your deployment.
 
     - `repository` (`string: "hashicorp/vault-k8s"`) - The name of the Docker image for Vault Agent Injector.
 
-    - `tag` (`string: "1.0.1"`) - The tag of the Docker image for the Vault Agent Injector. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller.
+    - `tag` (`string: "1.1.0"`) - The tag of the Docker image for the Vault Agent Injector. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller.
 
     - `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists.
 
   - `agentImage` - Values that configure the Vault Agent sidecar image.
 
     - `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the Vault Agent sidecar. This should be set to the official Vault Docker image.
 
-    - `tag` (`string: "1.12.0"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**.
+    - `tag` (`string: "1.12.1"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**.
 
   - `agentDefaults` - Values that configure the injected Vault Agent containers default values.
 
@@ -309,7 +309,7 @@ and consider if they're appropriate for your deployment.
 
     - `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the containers running Vault.
 
-    - `tag` (`string: "1.12.0"`) - The tag of the Docker image for the containers running Vault. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller.
+    - `tag` (`string: "1.12.1"`) - The tag of the Docker image for the containers running Vault. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller.
 
     - `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists.
 
@@ -648,6 +648,14 @@ and consider if they're appropriate for your deployment.
 
     - `enabled` (`boolean: true`) - When set to `true`, a Kubernetes service will be created for Vault.
 
+    - `active` - Values that apply only to the vault-active service.
+
+      - `enabled` (`boolean: true`) - When set to `true`, the vault-active Kubernetes service will be created for Vault, selecting pods which label themselves as the cluster leader with `vault-active: "true"`.
+
+    - `standby` - Values that apply only to the vault-standby service.
+
+      - `enabled` (`boolean: true`) - When set to `true`, the vault-standby Kubernetes service will be created for Vault, selecting pods which label themselves as a cluster follower with `vault-active: "false"`.
+
     - `clusterIP` (`string`) - ClusterIP controls whether an IP address (cluster IP) is attached to the Vault service within Kubernetes. By default the Vault service will be given a Cluster IP address, set to `None` to disable. When disabled Kubernetes will create a "headless" service. Headless services can be used to communicate with pods directly through DNS instead of a round robin load balancer.
 
     - `type` (`string: "ClusterIP"`) - Sets the type of service to create, such as `NodePort`.
@@ -666,6 +674,10 @@ and consider if they're appropriate for your deployment.
 
     - `publishNotReadyAddresses` (`boolean: true`) - If true, do not wait for server pods to be ready before adding them to the service pool.
 
+    - `instanceSelector`
+
+      - `enabled` (`boolean: true`) - When set to false, the service selector used for the vault, vault-active, and vault-standby services will not filter on `app.kubernetes.io/instance`. This means they may select pods from outside this deployment of the Helm chart. Does not affect the headless vault-internal service with `ClusterIP: None`.
+
     - `annotations` (`dictionary: {}`) - This value defines additional annotations for the service. This can either be YAML or a YAML-formatted multi-line templated string.
 
     ```yaml
@@ -696,6 +708,18 @@ and consider if they're appropriate for your deployment.
       "sample/annotation2": "bar"
     ```
 
+    - `extraLabels` (`dictionary: {}`) - This value defines additional labels for the Vault Server service account.
+
+    ```yaml
+    extraLabels:
+      'sample/label1': 'foo'
+      'sample/label2': 'bar'
+    ```
+
+    - `serviceDiscovery` - Values that configure permissions required for Vault Server to automatically discover and join a Vault cluster using pod metadata.
+
+      - `enabled` (`boolean: true`) - Enable or disable a service account role binding with the permissions required for Vault's Kubernetes [`service_registration`](https://developer.hashicorp.com/vault/docs/configuration/service-registration/kubernetes) config option.
+
   - `dataStorage` - This configures the volume used for storing Vault data when not using external storage such as Consul.
 
     - `enabled` (`boolean: true`) -
@@ -954,7 +978,7 @@ and consider if they're appropriate for your deployment.
 
     - `repository` (`string: "hashicorp/vault-csi-provider"`) - The name of the Docker image for the Vault CSI Provider.
 
-    - `tag` (`string: "1.2.0"`) - The tag of the Docker image for the Vault CSI Provider.. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your CSI provider.
+    - `tag` (`string: "1.2.1"`) - The tag of the Docker image for the Vault CSI Provider.. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your CSI provider.
 
     - `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists locally.
 

diff --git a/website/content/docs/platform/k8s/helm/enterprise.mdx b/website/content/docs/platform/k8s/helm/enterprise.mdx
@@ -33,7 +33,7 @@ In your chart overrides, set the values of [`server.image`](/docs/platform/k8s/h
 server:
   image:
     repository: hashicorp/vault-enterprise
-    tag: 1.12.0-ent
+    tag: 1.12.1-ent
   enterpriseLicense:
     secretName: vault-ent-license
 ```

diff --git a/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx b/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx
@@ -23,7 +23,7 @@ First, create the primary cluster:
 ```shell
 helm install vault-primary hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.12.0-ent' \
+  --set='server.image.tag=1.12.1-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```
@@ -75,7 +75,7 @@ disaster recovery replication.
 ```shell
 helm install vault-secondary hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.12.0-ent' \
+  --set='server.image.tag=1.12.1-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```

diff --git a/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx b/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx
@@ -23,7 +23,7 @@ First, create the primary cluster:
 ```shell
 helm install vault-primary hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.12.0-ent' \
+  --set='server.image.tag=1.12.1-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```
@@ -74,7 +74,7 @@ With the primary cluster created, next create a secondary cluster.
 ```shell
 helm install vault-secondary hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.12.0-ent' \
+  --set='server.image.tag=1.12.1-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```

diff --git a/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx b/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx
@@ -15,7 +15,7 @@ Integrated Storage (raft) can be enabled using the `server.ha.raft.enabled` valu
 ```shell
 helm install vault hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.12.0-ent' \
+  --set='server.image.tag=1.12.1-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```

diff --git a/website/content/docs/platform/k8s/helm/run.mdx b/website/content/docs/platform/k8s/helm/run.mdx
@@ -409,14 +409,14 @@ Next, list the Helm versions and choose the desired version to install.
 ```bash
 $ helm search repo hashicorp/vault
 NAME           	CHART VERSION	APP VERSION	DESCRIPTION
-hashicorp/vault	0.22.1       	1.12.0     	Official HashiCorp Vault Chart
+hashicorp/vault	0.23.0       	1.12.1     	Official HashiCorp Vault Chart
 ```
 
 Next, test the upgrade with `--dry-run` first to verify the changes sent to the
 Kubernetes cluster.
 
 ```shell-session
-$ helm upgrade vault hashicorp/vault --version=0.22.1 \
+$ helm upgrade vault hashicorp/vault --version=0.23.0 \
     --set='server.image.repository=vault' \
     --set='server.image.tag=123.456' \
     --dry-run

diff --git a/website/content/partials/helm/install.mdx b/website/content/partials/helm/install.mdx
@@ -2,15 +2,15 @@
 # List the available releases
 $ helm search repo hashicorp/vault -l
 NAME           	CHART VERSION	APP VERSION	DESCRIPTION
+hashicorp/vault	0.23.0       	1.12.1     	Official HashiCorp Vault Chart
 hashicorp/vault	0.22.1       	1.12.0     	Official HashiCorp Vault Chart
 hashicorp/vault	0.22.0       	1.11.3     	Official HashiCorp Vault Chart
 hashicorp/vault	0.21.0       	1.11.2     	Official HashiCorp Vault Chart
 hashicorp/vault	0.20.1       	1.10.3     	Official HashiCorp Vault Chart
 hashicorp/vault	0.20.0       	1.10.3     	Official HashiCorp Vault Chart
 hashicorp/vault	0.19.0       	1.9.2      	Official HashiCorp Vault Chart
-hashicorp/vault	0.18.0       	1.9.0      	Official HashiCorp Vault Chart
 ...
 
-# Install version 0.22.1
-$ helm install vault hashicorp/vault --version 0.22.1
+# Install version 0.23.0
+$ helm install vault hashicorp/vault --version 0.23.0
 ```
diff --git a/website/content/partials/helm/repo.mdx b/website/content/partials/helm/repo.mdx
@@ -4,5 +4,5 @@ $ helm repo add hashicorp https://helm.releases.hashicorp.com
 
 $ helm search repo hashicorp/vault
 NAME           	CHART VERSION	APP VERSION	DESCRIPTION
-hashicorp/vault	0.22.1       	1.12.0     	Official HashiCorp Vault Chart
+hashicorp/vault	0.23.0       	1.12.1     	Official HashiCorp Vault Chart
 ```