From 54a7e814970953f9a3f5c076a351fe06d18323f6 Mon Sep 17 00:00:00 2001 From: Tom Proctor Date: Tue, 29 Nov 2022 10:43:00 +0000 Subject: [PATCH] Docs: vault-helm 0.23.0 updates (#18131) --- .../docs/platform/k8s/helm/configuration.mdx | 32 ++++++++++++++++--- .../docs/platform/k8s/helm/enterprise.mdx | 2 +- .../helm/examples/enterprise-dr-with-raft.mdx | 4 +-- .../examples/enterprise-perf-with-raft.mdx | 4 +-- .../helm/examples/enterprise-with-raft.mdx | 2 +- .../content/docs/platform/k8s/helm/run.mdx | 4 +-- website/content/partials/helm/install.mdx | 6 ++-- website/content/partials/helm/repo.mdx | 2 +- 8 files changed, 40 insertions(+), 16 deletions(-) diff --git a/website/content/docs/platform/k8s/helm/configuration.mdx b/website/content/docs/platform/k8s/helm/configuration.mdx index be4b2b5f6280..dc75dd04c426 100644 --- a/website/content/docs/platform/k8s/helm/configuration.mdx +++ b/website/content/docs/platform/k8s/helm/configuration.mdx @@ -77,7 +77,7 @@ and consider if they're appropriate for your deployment. - `repository` (`string: "hashicorp/vault-k8s"`) - The name of the Docker image for Vault Agent Injector. - - `tag` (`string: "1.0.1"`) - The tag of the Docker image for the Vault Agent Injector. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller. + - `tag` (`string: "1.1.0"`) - The tag of the Docker image for the Vault Agent Injector. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller. - `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists. @@ -85,7 +85,7 @@ and consider if they're appropriate for your deployment. - `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the Vault Agent sidecar. This should be set to the official Vault Docker image. - - `tag` (`string: "1.12.0"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**. + - `tag` (`string: "1.12.1"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**. - `agentDefaults` - Values that configure the injected Vault Agent containers default values. @@ -309,7 +309,7 @@ and consider if they're appropriate for your deployment. - `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the containers running Vault. - - `tag` (`string: "1.12.0"`) - The tag of the Docker image for the containers running Vault. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller. + - `tag` (`string: "1.12.1"`) - The tag of the Docker image for the containers running Vault. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller. - `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists. @@ -648,6 +648,14 @@ and consider if they're appropriate for your deployment. - `enabled` (`boolean: true`) - When set to `true`, a Kubernetes service will be created for Vault. + - `active` - Values that apply only to the vault-active service. + + - `enabled` (`boolean: true`) - When set to `true`, the vault-active Kubernetes service will be created for Vault, selecting pods which label themselves as the cluster leader with `vault-active: "true"`. + + - `standby` - Values that apply only to the vault-standby service. + + - `enabled` (`boolean: true`) - When set to `true`, the vault-standby Kubernetes service will be created for Vault, selecting pods which label themselves as a cluster follower with `vault-active: "false"`. + - `clusterIP` (`string`) - ClusterIP controls whether an IP address (cluster IP) is attached to the Vault service within Kubernetes. By default the Vault service will be given a Cluster IP address, set to `None` to disable. When disabled Kubernetes will create a "headless" service. Headless services can be used to communicate with pods directly through DNS instead of a round robin load balancer. - `type` (`string: "ClusterIP"`) - Sets the type of service to create, such as `NodePort`. @@ -666,6 +674,10 @@ and consider if they're appropriate for your deployment. - `publishNotReadyAddresses` (`boolean: true`) - If true, do not wait for server pods to be ready before adding them to the service pool. + - `instanceSelector` + + - `enabled` (`boolean: true`) - When set to false, the service selector used for the vault, vault-active, and vault-standby services will not filter on `app.kubernetes.io/instance`. This means they may select pods from outside this deployment of the Helm chart. Does not affect the headless vault-internal service with `ClusterIP: None`. + - `annotations` (`dictionary: {}`) - This value defines additional annotations for the service. This can either be YAML or a YAML-formatted multi-line templated string. ```yaml @@ -696,6 +708,18 @@ and consider if they're appropriate for your deployment. "sample/annotation2": "bar" ``` + - `extraLabels` (`dictionary: {}`) - This value defines additional labels for the Vault Server service account. + + ```yaml + extraLabels: + 'sample/label1': 'foo' + 'sample/label2': 'bar' + ``` + + - `serviceDiscovery` - Values that configure permissions required for Vault Server to automatically discover and join a Vault cluster using pod metadata. + + - `enabled` (`boolean: true`) - Enable or disable a service account role binding with the permissions required for Vault's Kubernetes [`service_registration`](https://developer.hashicorp.com/vault/docs/configuration/service-registration/kubernetes) config option. + - `dataStorage` - This configures the volume used for storing Vault data when not using external storage such as Consul. - `enabled` (`boolean: true`) - @@ -954,7 +978,7 @@ and consider if they're appropriate for your deployment. - `repository` (`string: "hashicorp/vault-csi-provider"`) - The name of the Docker image for the Vault CSI Provider. - - `tag` (`string: "1.2.0"`) - The tag of the Docker image for the Vault CSI Provider.. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your CSI provider. + - `tag` (`string: "1.2.1"`) - The tag of the Docker image for the Vault CSI Provider.. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your CSI provider. - `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists locally. diff --git a/website/content/docs/platform/k8s/helm/enterprise.mdx b/website/content/docs/platform/k8s/helm/enterprise.mdx index 7e891f8e5b20..89b36a377b8d 100644 --- a/website/content/docs/platform/k8s/helm/enterprise.mdx +++ b/website/content/docs/platform/k8s/helm/enterprise.mdx @@ -33,7 +33,7 @@ In your chart overrides, set the values of [`server.image`](/docs/platform/k8s/h server: image: repository: hashicorp/vault-enterprise - tag: 1.12.0-ent + tag: 1.12.1-ent enterpriseLicense: secretName: vault-ent-license ``` diff --git a/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx b/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx index 4f60ddee5f31..dfc618d43759 100644 --- a/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx +++ b/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx @@ -23,7 +23,7 @@ First, create the primary cluster: ```shell helm install vault-primary hashicorp/vault \ --set='server.image.repository=hashicorp/vault-enterprise' \ - --set='server.image.tag=1.12.0-ent' \ + --set='server.image.tag=1.12.1-ent' \ --set='server.ha.enabled=true' \ --set='server.ha.raft.enabled=true' ``` @@ -75,7 +75,7 @@ disaster recovery replication. ```shell helm install vault-secondary hashicorp/vault \ --set='server.image.repository=hashicorp/vault-enterprise' \ - --set='server.image.tag=1.12.0-ent' \ + --set='server.image.tag=1.12.1-ent' \ --set='server.ha.enabled=true' \ --set='server.ha.raft.enabled=true' ``` diff --git a/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx b/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx index 59ca685dc395..27084840ab9a 100644 --- a/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx +++ b/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx @@ -23,7 +23,7 @@ First, create the primary cluster: ```shell helm install vault-primary hashicorp/vault \ --set='server.image.repository=hashicorp/vault-enterprise' \ - --set='server.image.tag=1.12.0-ent' \ + --set='server.image.tag=1.12.1-ent' \ --set='server.ha.enabled=true' \ --set='server.ha.raft.enabled=true' ``` @@ -74,7 +74,7 @@ With the primary cluster created, next create a secondary cluster. ```shell helm install vault-secondary hashicorp/vault \ --set='server.image.repository=hashicorp/vault-enterprise' \ - --set='server.image.tag=1.12.0-ent' \ + --set='server.image.tag=1.12.1-ent' \ --set='server.ha.enabled=true' \ --set='server.ha.raft.enabled=true' ``` diff --git a/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx b/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx index 2bb94cff2dd8..728a3b9cbe7f 100644 --- a/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx +++ b/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx @@ -15,7 +15,7 @@ Integrated Storage (raft) can be enabled using the `server.ha.raft.enabled` valu ```shell helm install vault hashicorp/vault \ --set='server.image.repository=hashicorp/vault-enterprise' \ - --set='server.image.tag=1.12.0-ent' \ + --set='server.image.tag=1.12.1-ent' \ --set='server.ha.enabled=true' \ --set='server.ha.raft.enabled=true' ``` diff --git a/website/content/docs/platform/k8s/helm/run.mdx b/website/content/docs/platform/k8s/helm/run.mdx index b8781a0e50eb..bf2cf70de453 100644 --- a/website/content/docs/platform/k8s/helm/run.mdx +++ b/website/content/docs/platform/k8s/helm/run.mdx @@ -409,14 +409,14 @@ Next, list the Helm versions and choose the desired version to install. ```bash $ helm search repo hashicorp/vault NAME CHART VERSION APP VERSION DESCRIPTION -hashicorp/vault 0.22.1 1.12.0 Official HashiCorp Vault Chart +hashicorp/vault 0.23.0 1.12.1 Official HashiCorp Vault Chart ``` Next, test the upgrade with `--dry-run` first to verify the changes sent to the Kubernetes cluster. ```shell-session -$ helm upgrade vault hashicorp/vault --version=0.22.1 \ +$ helm upgrade vault hashicorp/vault --version=0.23.0 \ --set='server.image.repository=vault' \ --set='server.image.tag=123.456' \ --dry-run diff --git a/website/content/partials/helm/install.mdx b/website/content/partials/helm/install.mdx index d6cab8c05bb3..e06d56302a24 100644 --- a/website/content/partials/helm/install.mdx +++ b/website/content/partials/helm/install.mdx @@ -2,15 +2,15 @@ # List the available releases $ helm search repo hashicorp/vault -l NAME CHART VERSION APP VERSION DESCRIPTION +hashicorp/vault 0.23.0 1.12.1 Official HashiCorp Vault Chart hashicorp/vault 0.22.1 1.12.0 Official HashiCorp Vault Chart hashicorp/vault 0.22.0 1.11.3 Official HashiCorp Vault Chart hashicorp/vault 0.21.0 1.11.2 Official HashiCorp Vault Chart hashicorp/vault 0.20.1 1.10.3 Official HashiCorp Vault Chart hashicorp/vault 0.20.0 1.10.3 Official HashiCorp Vault Chart hashicorp/vault 0.19.0 1.9.2 Official HashiCorp Vault Chart -hashicorp/vault 0.18.0 1.9.0 Official HashiCorp Vault Chart ... -# Install version 0.22.1 -$ helm install vault hashicorp/vault --version 0.22.1 +# Install version 0.23.0 +$ helm install vault hashicorp/vault --version 0.23.0 ``` diff --git a/website/content/partials/helm/repo.mdx b/website/content/partials/helm/repo.mdx index f029d5c1c4b1..62ff0453a7d8 100644 --- a/website/content/partials/helm/repo.mdx +++ b/website/content/partials/helm/repo.mdx @@ -4,5 +4,5 @@ $ helm repo add hashicorp https://helm.releases.hashicorp.com $ helm search repo hashicorp/vault NAME CHART VERSION APP VERSION DESCRIPTION -hashicorp/vault 0.22.1 1.12.0 Official HashiCorp Vault Chart +hashicorp/vault 0.23.0 1.12.1 Official HashiCorp Vault Chart ```