Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [vault](https://www.vaultproject.io) ([source](https://togithub.com/hashicorp/vault-helm)) | patch | `0.28.0` -> `0.28.1` | | [vault-secrets-operator](https://togithub.com/hashicorp/vault-secrets-operator) | minor | `0.6.0` -> `0.8.1` | --- ### Release Notes <details> <summary>hashicorp/vault-helm (vault)</summary> ### [`v0.28.1`](https://togithub.com/hashicorp/vault-helm/blob/HEAD/CHANGELOG.md#0281-July-11-2024) [Compare Source](https://togithub.com/hashicorp/vault-helm/compare/v0.28.0...v0.28.1) Changes: - Default `vault` version updated to 1.17.2 - Default `vault-k8s` version updated to 1.4.2 - Default `vault-csi-provider` version updated to 1.4.3 - Tested with Kubernetes versions 1.26-1.30 Improvements: - Configurable `tlsConfig` and `authorization` for Prometheus ServiceMonitor [GH-1025](https://togithub.com/hashicorp/vault-helm/pull/1025) - Remove UPDATE from injector-mutating-webhook [GH-783](https://togithub.com/hashicorp/vault-helm/pull/783) - Add scope to mutating webhook [GH-1037](https://togithub.com/hashicorp/vault-helm/pull/1037) </details> <details> <summary>hashicorp/vault-secrets-operator (vault-secrets-operator)</summary> ### [`v0.8.1`](https://togithub.com/hashicorp/vault-secrets-operator/blob/HEAD/CHANGELOG.md#081-July-29th-2024) [Compare Source](https://togithub.com/hashicorp/vault-secrets-operator/compare/v0.8.0...v0.8.1) Improvements: - Log build info on startup: [GH-872](https://togithub.com/hashicorp/vault-secrets-operator/pull/872) - API: Support setting the Vault request timeout on a VaultConnection: [GH-862](https://togithub.com/hashicorp/vault-secrets-operator/pull/862) Fix: - Fix: encryption client deadlocking the factory: [GH-868](https://togithub.com/hashicorp/vault-secrets-operator/pull/868) - Helm(hooks): honor imagePullPolicy and imagePullSecrets: [GH-873](https://togithub.com/hashicorp/vault-secrets-operator/pull/873) Build: - SEC-090: Automated trusted workflow pinning (2024-07-22): [GH-866](https://togithub.com/hashicorp/vault-secrets-operator/pull/866) - SEC-090: Automated trusted workflow pinning (2024-07-17): [GH-859](https://togithub.com/hashicorp/vault-secrets-operator/pull/859) Dependency Updates: - Bump github.com/onsi/gomega from 1.33.1 to 1.34.0: [GH-874](https://togithub.com/hashicorp/vault-secrets-operator/pull/874) - Bump google.golang.org/api from 0.188.0 to 0.189.0: [GH-875](https://togithub.com/hashicorp/vault-secrets-operator/pull/875) - Bump k8s.io/apiextensions-apiserver from 0.30.2 to 0.30.3: [GH-864](https://togithub.com/hashicorp/vault-secrets-operator/pull/864) - Bump k8s.io/client-go from 0.30.2 to 0.30.3: [GH-865](https://togithub.com/hashicorp/vault-secrets-operator/pull/865) - Bump ubi9/ubi-micro from 9.4-9 to 9.4-13: [GH-870](https://togithub.com/hashicorp/vault-secrets-operator/pull/870) - Bump ubi9/ubi-minimal from 9.4-1134 to 9.4-1194: [GH-869](https://togithub.com/hashicorp/vault-secrets-operator/pull/869) ### [`v0.8.0`](https://togithub.com/hashicorp/vault-secrets-operator/blob/HEAD/CHANGELOG.md#080-July-18th-2024) [Compare Source](https://togithub.com/hashicorp/vault-secrets-operator/compare/v0.7.1...v0.8.0) **Important** - Helm: CRD schema changes are now automatically applied at upgrade time. *See [updating-crds](https://developer.hashicorp.com/vault/docs/platform/k8s/vso/installation#updating-crds-when-using-helm) for more details.* - This release contains CRD schema changes which remove the field validation on most VaultAuth spec fields. That means invalid VaultAuth configurations will no longer be handled at resource application time. Please review the VSO logs and K8s events when troubleshooting Vault authentication issues. Features: - Helm: add support for auto upgrading CRDs: [GH-789](https://togithub.com/hashicorp/vault-secrets-operator/pull/789) - VaultStaticSecret: support [instant event-driven updates](https://developer.hashicorp.com/vault/docs/platform/k8s/vso/sources/vault#instant-updates): [GH-771](https://togithub.com/hashicorp/vault-secrets-operator/pull/771) - Add new [VaultAuthGlobal](https://developer.hashicorp.com/vault/docs/platform/k8s/vso/sources/vault#vaultauthglobal-custom-resource) type for shared VaultAuth configurations: [GH-735](https://togithub.com/hashicorp/vault-secrets-operator/pull/735) [GH-800](https://togithub.com/hashicorp/vault-secrets-operator/pull/800) [GH-847](https://togithub.com/hashicorp/vault-secrets-operator/pull/847) [GH-855](https://togithub.com/hashicorp/vault-secrets-operator/pull/855) [GH-850](https://togithub.com/hashicorp/vault-secrets-operator/pull/850) - CachingClientFactory: support client taints to trigger Vault client token validation: [GH-717](https://togithub.com/hashicorp/vault-secrets-operator/pull/717) [GH-769](https://togithub.com/hashicorp/vault-secrets-operator/pull/769) Improvements: - VPS: add ca.crt from issuing CA for tls secret type: [GH-848](https://togithub.com/hashicorp/vault-secrets-operator/pull/848) - Helm: support setting VaultAuthGlobalRef on VaultAuth: [GH-851](https://togithub.com/hashicorp/vault-secrets-operator/pull/851) - Migrate to k8s.io/utils/ptr: [GH-856](https://togithub.com/hashicorp/vault-secrets-operator/pull/856) - Core: update backoff option docs: [GH-801](https://togithub.com/hashicorp/vault-secrets-operator/pull/801) Fix: - VaultAuth: set valid status on VaultAuthGlobal deref error: [GH-854](https://togithub.com/hashicorp/vault-secrets-operator/pull/854) - VDS: properly handle the clone cache key variant during client callback execution: [GH-835](https://togithub.com/hashicorp/vault-secrets-operator/pull/835) - Core: delete resource status metrics upon object deletion: [GH-815](https://togithub.com/hashicorp/vault-secrets-operator/pull/815) - VSS: use a constant backoff on some reconciliation errors: [GH-811](https://togithub.com/hashicorp/vault-secrets-operator/pull/811) - VDS: work around Vault DB static creds TTL rollover bug: [GH-730](https://togithub.com/hashicorp/vault-secrets-operator/pull/730) Build: - CI: bump Vault versions: [GH-797](https://togithub.com/hashicorp/vault-secrets-operator/pull/797) Dependency Updates: - Bump cloud.google.com/go/compute/metadata from 0.4.0 to 0.5.0: [GH-853](https://togithub.com/hashicorp/vault-secrets-operator/pull/853) - Bump github.com/gruntwork-io/terratest from 0.46.16 to 0.47.0: [GH-852](https://togithub.com/hashicorp/vault-secrets-operator/pull/852) - Bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5: [GH-834](https://togithub.com/hashicorp/vault-secrets-operator/pull/834) - Bump github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.7: [GH-833](https://togithub.com/hashicorp/vault-secrets-operator/pull/833) - Bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0: [GH-810](https://togithub.com/hashicorp/vault-secrets-operator/pull/810) - Bump golang.org/x/crypto from 0.24.0 to 0.25.0: [GH-843](https://togithub.com/hashicorp/vault-secrets-operator/pull/843) - Bump google.golang.org/api from 0.186.0 to 0.188.0: [GH-846](https://togithub.com/hashicorp/vault-secrets-operator/pull/846) - Bump google.golang.org/grpc from 1.64.0 to 1.64.1: [GH-845](https://togithub.com/hashicorp/vault-secrets-operator/pull/845) - Bump k8s.io/api from 0.30.1 to 0.30.2: [GH-822](https://togithub.com/hashicorp/vault-secrets-operator/pull/822) - Bump k8s.io/apiextensions-apiserver from 0.30.1 to 0.30.2: [GH-828](https://togithub.com/hashicorp/vault-secrets-operator/pull/828) - Bump k8s.io/client-go from 0.30.1 to 0.30.2: [GH-830](https://togithub.com/hashicorp/vault-secrets-operator/pull/830) - Bump sigs.k8s.io/controller-runtime from 0.18.3 to 0.18.4: [GH-808](https://togithub.com/hashicorp/vault-secrets-operator/pull/808) - Bump ubi9/ubi-micro from 9.4-6.1716471860 to 9.4-9: [GH-819](https://togithub.com/hashicorp/vault-secrets-operator/pull/819) - Bump ubi9/ubi-minimal from 9.4-949.1717074713 to 9.4-1134: [GH-820](https://togithub.com/hashicorp/vault-secrets-operator/pull/820) ### [`v0.7.1`](https://togithub.com/hashicorp/vault-secrets-operator/blob/HEAD/CHANGELOG.md#071-May-30th-2024) [Compare Source](https://togithub.com/hashicorp/vault-secrets-operator/compare/v0.7.0...v0.7.1) Fix: - Helm: fix invalid value name for telemetry.serviceMonitor.enabled ([#​786](https://togithub.com/hashicorp/vault-secrets-operator/issues/786)): [GH-790](https://togithub.com/hashicorp/vault-secrets-operator/pull/790) ### [`v0.7.0`](https://togithub.com/hashicorp/vault-secrets-operator/blob/HEAD/CHANGELOG.md#070-May-27th-2024) [Compare Source](https://togithub.com/hashicorp/vault-secrets-operator/compare/v0.6.0...v0.7.0) **Important**: this release contains CRD schema changes that must be applied manually when deploying VSO with Helm. Please see [updating-crds](https://developer.hashicorp.com/vault/docs/platform/k8s/vso/installation#updating-crds-when-using-helm) for more details. Behavioral changes: - Core: Controller logs are now JSON encoded by default. Features: - Core: support argo.Rollout as a rolloutRestartTarget for all secret type custom resources: [GH-702](https://togithub.com/hashicorp/vault-secrets-operator/pull/702) - Helm: add support for cluster role aggregates: [GH-752](https://togithub.com/hashicorp/vault-secrets-operator/pull/752) - Helm: adds values for setting VSO logging options: [GH-778](https://togithub.com/hashicorp/vault-secrets-operator/pull/778) - Helm: add support for configuring strategy on controller deployment : [GH-709](https://togithub.com/hashicorp/vault-secrets-operator/pull/709) Improvements: - CachingClientFactory: lock by client cache key: [GH-716](https://togithub.com/hashicorp/vault-secrets-operator/pull/716) - Transformations: add support for the htpasswd Sprig function: [GH-708](https://togithub.com/hashicorp/vault-secrets-operator/pull/708) - VPS: skip overwriting tls.crt and tls.key whenever transformation templates are configured: [GH-659](https://togithub.com/hashicorp/vault-secrets-operator/pull/659) - Core: Use exponential backoff on secret source errors: [GH-732](https://togithub.com/hashicorp/vault-secrets-operator/pull/732) Fix: - Core: call VDS callbacks on VaultAuth and VaultConnection changes: [GH-739](https://togithub.com/hashicorp/vault-secrets-operator/pull/739) - Core: skip LifetimeWatcher validation for non-renewable auth tokens: [GH-722](https://togithub.com/hashicorp/vault-secrets-operator/pull/722) - Core: disable development logger mode by default: [GH-751](https://togithub.com/hashicorp/vault-secrets-operator/pull/751) - VSS: that spec.hmacSecretData's value is honoured: [GH-753](https://togithub.com/hashicorp/vault-secrets-operator/pull/753) - VDS: Selectively log calls to SyncRegistry.Delete(): [GH-718](https://togithub.com/hashicorp/vault-secrets-operator/pull/718) Build: - CI: Bump test vault versions: [GH-861](https://togithub.com/hashicorp/vault-secrets-operator/pull/861) - Bump GH actions for node 16 obsolescence: [GH-738](https://togithub.com/hashicorp/vault-secrets-operator/pull/738) Dependency Updates: - Bump TF provider versions: [GH-737](https://togithub.com/hashicorp/vault-secrets-operator/pull/737) - Bump github.com/go-logr/logr from 1.4.1 to 1.4.2: [GH-775](https://togithub.com/hashicorp/vault-secrets-operator/pull/775) - Bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.4: [GH-711](https://togithub.com/hashicorp/vault-secrets-operator/pull/711) - Bump github.com/hashicorp/vault/api from 1.12.2 to 1.13.0: [GH-725](https://togithub.com/hashicorp/vault-secrets-operator/pull/725) - Bump github.com/hashicorp/vault/sdk from 0.12.0 to 0.13.0: [GH-773](https://togithub.com/hashicorp/vault-secrets-operator/pull/773) - Bump github.com/onsi/gomega from 1.33.0 to 1.33.1: [GH-727](https://togithub.com/hashicorp/vault-secrets-operator/pull/727) - Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1: [GH-741](https://togithub.com/hashicorp/vault-secrets-operator/pull/741) - Bump golang.org/x/crypto from 0.22.0 to 0.23.0: [GH-744](https://togithub.com/hashicorp/vault-secrets-operator/pull/744) - Bump google.golang.org/api from 0.176.1 to 0.177.0: [GH-724](https://togithub.com/hashicorp/vault-secrets-operator/pull/724) - Bump google.golang.org/api from 0.180.0 to 0.181.0: [GH-758](https://togithub.com/hashicorp/vault-secrets-operator/pull/758) - Bump k8s.io/api from 0.30.0 to 0.30.1: [GH-761](https://togithub.com/hashicorp/vault-secrets-operator/pull/761) - Bump k8s.io/client-go from 0.30.0 to 0.30.1: [GH-760](https://togithub.com/hashicorp/vault-secrets-operator/pull/760) - Bump sigs.k8s.io/controller-runtime from 0.18.2 to 0.18.3: [GH-772](https://togithub.com/hashicorp/vault-secrets-operator/pull/772) - Bump ubi9/ubi-micro from 9.3-15 to 9.4-6: [GH-719](https://togithub.com/hashicorp/vault-secrets-operator/pull/719) - Bump ubi9/ubi-minimal from 9.4-949 to 9.4-949.1714662671: [GH-728](https://togithub.com/hashicorp/vault-secrets-operator/pull/728) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/hobroker/selfhosted). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNzcuOCIsInVwZGF0ZWRJblZlciI6IjM4LjU2LjAiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOltdfQ==--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Igor Leahu <[email protected]>
- Loading branch information
1 parent
6d4ea21
commit 403f87b