From 223449e526a664a52f7ffdbcc724a8a2a2332ece Mon Sep 17 00:00:00 2001 From: TheAlain <43777839+asaintsever@users.noreply.github.com> Date: Tue, 9 Feb 2021 11:45:35 +0100 Subject: [PATCH] Update Vault default image (#44) --- CHANGELOG.md | 8 +++++++- deploy/helm/values.yaml | 2 +- doc/Configuration.md | 2 +- doc/Deploy.md | 2 +- test/config/injectionconfig.yaml | 4 ++-- test/config/injectionconfig.yaml.resolved | 4 ++-- 6 files changed, 14 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 737075f..679338c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,13 @@ ## Release v7.1.0 - TO_BE_RELEASED -A new `sidecar.vault.talend.org/vault-image` annotation has been added to override the default injected image. Refer to the [samples](samples) for a working example. +A new `sidecar.vault.talend.org/vault-image` annotation has been added to override the default injected image. Refer to the [samples](samples) for a [working example](samples/app-dep-10-secrets_custom_image_notify.yaml). + +The default Vault image has been bumped to version `1.6.2`. + +**Changed** + +- [VSI #44](https://github.com/Talend/vault-sidecar-injector/pull/44) - Update HashiCorp Vault image to 1.6.2 **Added** diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml index 5287b09..7bd72b0 100644 --- a/deploy/helm/values.yaml +++ b/deploy/helm/values.yaml @@ -74,7 +74,7 @@ injectconfig: vault: image: path: "vault" # image path - tag: "1.5.4" # image tag + tag: "1.6.2" # image tag pullPolicy: Always # Pull policy for images: IfNotPresent or Always log: level: info # Vault log level: trace, debug, info, warn, err diff --git a/doc/Configuration.md b/doc/Configuration.md index 33d8cd2..a4f0a75 100644 --- a/doc/Configuration.md +++ b/doc/Configuration.md @@ -21,7 +21,7 @@ The following table lists the configurable parameters of the `Vault Sidecar Inje | injectconfig.jobbabysitter.resources.requests.memory | Job babysitter sidecar memory resource requests | 20Mi | | injectconfig.vault.image.path | Image path | vault | | injectconfig.vault.image.pullPolicy | Pull policy for image: IfNotPresent or Always | Always | -| injectconfig.vault.image.tag | Image tag | 1.5.4 | +| injectconfig.vault.image.tag | Image tag | 1.6.2 | | injectconfig.vault.log.format | Vault log format: standard, json | json | | injectconfig.vault.log.level | Vault log level: trace, debug, info, warn, err | info | | injectconfig.vault.resources.limits.cpu | Vault sidecar CPU resource limits | 50m | diff --git a/doc/Deploy.md b/doc/Deploy.md index d84071c..d93a68e 100644 --- a/doc/Deploy.md +++ b/doc/Deploy.md @@ -36,7 +36,7 @@ Using HashiCorp's Vault Helm chart: ```bash git clone https://github.com/hashicorp/vault-helm.git cd vault-helm -git checkout v0.7.0 +git checkout v0.9.1 helm install vault . --set injector.enabled=false --set server.dev.enabled=true --set ui.enabled=true --set ui.serviceType="NodePort" ``` diff --git a/test/config/injectionconfig.yaml b/test/config/injectionconfig.yaml index f63a5f6..19b3e8e 100644 --- a/test/config/injectionconfig.yaml +++ b/test/config/injectionconfig.yaml @@ -1,6 +1,6 @@ initContainers: - name: tvsi-vault-agent-init - image: vault:1.5.4 + image: vault:1.6.2 imagePullPolicy: Always env: - name: SKIP_SETCAP @@ -106,7 +106,7 @@ containers: mountPath: /var/run/secrets/kubernetes.io/serviceaccount readOnly: true - name: tvsi-vault-agent - image: vault:1.5.4 + image: vault:1.6.2 imagePullPolicy: Always env: - name: SKIP_SETCAP diff --git a/test/config/injectionconfig.yaml.resolved b/test/config/injectionconfig.yaml.resolved index a5eb06a..6104a77 100644 --- a/test/config/injectionconfig.yaml.resolved +++ b/test/config/injectionconfig.yaml.resolved @@ -116,7 +116,7 @@ containers: - name: VSI_VAULT_AUTH_METHOD value: kubernetes - name: VSI_VAULT_ROLE - image: vault:1.5.4 + image: vault:1.6.2 imagePullPolicy: Always lifecycle: preStop: @@ -173,7 +173,7 @@ initContainers: value: https://vault:8200 - name: VSI_SECRETS_TEMPLATES_PLACEHOLDER - name: VSI_VAULT_ROLE - image: vault:1.5.4 + image: vault:1.6.2 imagePullPolicy: Always name: tvsi-vault-agent-init resources: {}