From ef36d76ad9af388c2bd7be71fe9ca7045be2ec25 Mon Sep 17 00:00:00 2001 From: TheAlain <43777839+asaintsever@users.noreply.github.com> Date: Mon, 18 May 2020 17:34:26 +0200 Subject: [PATCH] Update HashiCorp Vault image (#27) --- CHANGELOG.md | 6 ++++++ README.md | 4 ++-- deploy/helm/values.yaml | 2 +- test/config/injectionconfig.yaml | 4 ++-- test/config/injectionconfig.yaml.resolved | 4 ++-- 5 files changed, 13 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bfd1de8..b954756 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ ## Release v6.1.0 - 2020-05-18 +This release fixes VSI deployment on Kubernetes 1.18+ clusters. It also comes with better AppRole integration and updated Vault image. + +**Changed** + +- [VSI #27](https://github.com/Talend/vault-sidecar-injector/pull/27) - Update HashiCorp Vault image to 1.4.1 + **Added** - [VSI #26](https://github.com/Talend/vault-sidecar-injector/pull/26) - Improve AppRole support: add tests, enforce check over secrets type, tune Vault Agent config diff --git a/README.md b/README.md index 18f10dd..d216e07 100644 --- a/README.md +++ b/README.md @@ -800,7 +800,7 @@ Using HashiCorp's Vault Helm chart: ```bash $ git clone https://github.com/hashicorp/vault-helm.git $ cd vault-helm -$ git checkout v0.4.0 +$ git checkout v0.5.0 $ helm install . --name=vault --set injector.enabled=false --set server.dev.enabled=true --set ui.enabled=true --set ui.serviceType="NodePort" ``` @@ -1024,7 +1024,7 @@ The following table lists the configurable parameters of the `Vault Sidecar Inje | injectconfig.jobbabysitter.resources.requests.memory | Job babysitter sidecar memory resource requests | 20Mi | | injectconfig.vault.image.path | Image path | vault | | injectconfig.vault.image.pullPolicy | Pull policy for image: IfNotPresent or Always | Always | -| injectconfig.vault.image.tag | Image tag | 1.3.4 | +| injectconfig.vault.image.tag | Image tag | 1.4.1 | | injectconfig.vault.loglevel | Vault log level: trace, debug, info, warn, err | info | | injectconfig.vault.resources.limits.cpu | Vault sidecar CPU resource limits | 50m | | injectconfig.vault.resources.limits.memory | Vault sidecar memory resource limits | 50Mi | diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml index f61f2a8..d12563e 100644 --- a/deploy/helm/values.yaml +++ b/deploy/helm/values.yaml @@ -66,7 +66,7 @@ injectconfig: vault: image: path: "vault" # image path - tag: "1.3.4" # image tag + tag: "1.4.1" # image tag pullPolicy: Always # Pull policy for images: IfNotPresent or Always loglevel: info # Vault log level: trace, debug, info, warn, err resources: diff --git a/test/config/injectionconfig.yaml b/test/config/injectionconfig.yaml index 2d68222..63f8e1c 100644 --- a/test/config/injectionconfig.yaml +++ b/test/config/injectionconfig.yaml @@ -1,6 +1,6 @@ initContainers: - name: tvsi-vault-agent-init - image: vault:1.3.4 + image: vault:1.4.1 imagePullPolicy: Always env: - name: SKIP_SETCAP @@ -94,7 +94,7 @@ containers: mountPath: /var/run/secrets/kubernetes.io/serviceaccount readOnly: true - name: tvsi-vault-agent - image: vault:1.3.4 + image: vault:1.4.1 imagePullPolicy: Always env: - name: SKIP_SETCAP diff --git a/test/config/injectionconfig.yaml.resolved b/test/config/injectionconfig.yaml.resolved index cbb7e47..98562b7 100644 --- a/test/config/injectionconfig.yaml.resolved +++ b/test/config/injectionconfig.yaml.resolved @@ -116,7 +116,7 @@ containers: - name: VSI_VAULT_AUTH_METHOD value: kubernetes - name: VSI_VAULT_ROLE - image: vault:1.3.4 + image: vault:1.4.1 imagePullPolicy: Always lifecycle: preStop: @@ -173,7 +173,7 @@ initContainers: value: https://vault:8200 - name: VSI_SECRETS_TEMPLATES_PLACEHOLDER - name: VSI_VAULT_ROLE - image: vault:1.3.4 + image: vault:1.4.1 imagePullPolicy: Always name: tvsi-vault-agent-init resources: {}