Skip to content
Snippets Groups Projects
CHANGELOG.md 7.23 KiB
Newer Older
Jason O'Donnell's avatar
Jason O'Donnell committed
## Unreleased

Features:

Improvements:
Jason O'Donnell's avatar
Jason O'Donnell committed
* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)

Bugs:

## 0.6.0 (June 3rd, 2020)

Jason O'Donnell's avatar
Jason O'Donnell committed
Features:
Jason O'Donnell's avatar
Jason O'Donnell committed
* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
Jason O'Donnell's avatar
Jason O'Donnell committed
* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
Jason O'Donnell's avatar
Jason O'Donnell committed
* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
Jason O'Donnell's avatar
Jason O'Donnell committed

Improvements:
Jason O'Donnell's avatar
Jason O'Donnell committed
* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
Jason O'Donnell's avatar
Jason O'Donnell committed
* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
Theron Voran's avatar
Theron Voran committed
* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
Theron Voran's avatar
Theron Voran committed
* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
Jason O'Donnell's avatar
Jason O'Donnell committed
* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
Theron Voran's avatar
Theron Voran committed
* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
Jason O'Donnell's avatar
Jason O'Donnell committed
* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
Jason O'Donnell's avatar
Jason O'Donnell committed

Bugs:
* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
Theron Voran's avatar
Theron Voran committed
* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
Theron Voran's avatar
Theron Voran committed
* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
Theron Voran's avatar
Theron Voran committed
* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
Jason O'Donnell's avatar
Jason O'Donnell committed
* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
Jason O'Donnell's avatar
Jason O'Donnell committed

Jason O'Donnell's avatar
Jason O'Donnell committed
## 0.5.0 (April 9th, 2020)

Jason O'Donnell's avatar
Jason O'Donnell committed
Features:

* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
Jason O'Donnell's avatar
Jason O'Donnell committed
* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
Theron Voran's avatar
Theron Voran committed

* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
Jason O'Donnell's avatar
Jason O'Donnell committed
* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
Theron Voran's avatar
Theron Voran committed
* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
Theron Voran's avatar
Theron Voran committed
* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
Theron Voran's avatar
Theron Voran committed
* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
Theron Voran's avatar
Theron Voran committed

Jason O'Donnell's avatar
Jason O'Donnell committed
## 0.4.0 (February 21st, 2020)

Theron Voran's avatar
Theron Voran committed
* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
Theron Voran's avatar
Theron Voran committed
* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
Jason O'Donnell's avatar
Jason O'Donnell committed
Bugs:

Theron Voran's avatar
Theron Voran committed
* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
Jason O'Donnell's avatar
Jason O'Donnell committed

## 0.3.3 (January 14th, 2020)
Jason O'Donnell's avatar
Jason O'Donnell committed

Jason O'Donnell's avatar
Jason O'Donnell committed
Security:

* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)

Bugs:

* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files

Jason O'Donnell's avatar
Jason O'Donnell committed
## 0.3.2 (January 8th, 2020)

Bugs:

* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]

Jason O'Donnell's avatar
Jason O'Donnell committed
## 0.3.1 (January 2nd, 2020)

Bugs:

* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]

Jason O'Donnell's avatar
Jason O'Donnell committed
## 0.3.0 (December 19th, 2019)

Jason O'Donnell's avatar
Jason O'Donnell committed
Features:

* Extra containers can now be added to the Vault pods
Jason O'Donnell's avatar
Jason O'Donnell committed
* Added configurability of pod probes
Jason O'Donnell's avatar
Jason O'Donnell committed
* Added Vault Agent Injector 
Jason O'Donnell's avatar
Jason O'Donnell committed

Improvements:

* Moved `global.image` to `server.image`
Jason O'Donnell's avatar
Jason O'Donnell committed
* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
Jason O'Donnell's avatar
Jason O'Donnell committed
* Added better HTTP/HTTPS scheme support to http probes
* Added configurable node port for Vault service
* `server.authDelegator` is now enabled by default
Jason O'Donnell's avatar
Jason O'Donnell committed
Bugs:

* Fixed upgrade bug by removing chart label which contained the version
* Fixed typo on `serviceAccount` (was `serviceaccount`)
Jason O'Donnell's avatar
Jason O'Donnell committed
* Fixed readiness/liveliness HTTP probe default to accept standbys
## 0.2.1 (November 12th, 2019)

Bugs:

* Removed `readOnlyRootFilesystem` causing issues when validating deployments

## 0.2.0 (October 29th, 2019)
Jason O'Donnell's avatar
Jason O'Donnell committed

Features:

* Added load balancer support
* Added ingress support
* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
* Removed root requirements, now runs as Vault user

Improvements:

* Added namespace value to all rendered objects
* Made ports configurable in services
* Added the ability to add custom annotations to services
* Added docker image for running bats test in CircleCI
* Removed restrictions around `dev` mode such as annotations
Jason O'Donnell's avatar
Jason O'Donnell committed
* `readOnlyRootFilesystem` is now configurable
* Image Pull Policy is now configurable
Jason O'Donnell's avatar
Jason O'Donnell committed

Bugs:

* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
* Fixed bug where audit storage was not being mounted in HA mode
Jason O'Donnell's avatar
Jason O'Donnell committed
* Fixed bug where Vault pod wasn't receiving SIGTERM signals
## 0.1.2 (August 22nd, 2019)

Features:

* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
  environment variables
* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS 
  depending on the value
* Added `serviceNodePort` to configure a NodePort value when setting `serviceType` 
  to "NodePort"

Improvements:

* Changed UI port to 8200 for better HTTP protocol support
* Added `path` to `extraVolumes` to define where the volume should be 
  mounted.  Defaults to `/vault/userconfig`
* Upgraded Vault to 1.2.2

Bugs:

* Fixed bug where upgrade would fail because immutable labels were being 
  changed (Helm Version label)
* Fixed bug where UI service used wrong selector after updating helm labels
* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
  Consul is the active node
* Removed `step-down` preStop since it requires authentication.  Shutdown signal
  sent by Kube acts similar to `step-down`


* Added `authDelegator` Cluster Role Binding to Vault service account for
  bootstrapping Kube auth method

Improvements:

* Added `server.service.clusterIP` to `values.yml` so users can toggle
  the Vault service to headless by using the value `None`.
* Upgraded Vault to 1.2.1

## 0.1.0 (August 6th, 2019)
Mitchell Hashimoto's avatar
Mitchell Hashimoto committed

Initial release