diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8a90ccaa9..2aa7cee60 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,4 +4,17 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "daily" \ No newline at end of file + interval: "daily" + labels: ["dependencies"] + groups: + github-actions-breaking: + update-types: + - major + github-actions-backward-compatible: + update-types: + - minor + - patch + # only update internal github actions, external github actions are handled + # by https://github.com/hashicorp/security-tsccr/tree/main/automation + allow: + - dependency-name: "hashicorp/*" diff --git a/.github/workflows/jira.yaml b/.github/workflows/jira.yaml index 0f73ec380..333579bf3 100644 --- a/.github/workflows/jira.yaml +++ b/.github/workflows/jira.yaml @@ -14,4 +14,4 @@ jobs: JIRA_SYNC_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }} JIRA_SYNC_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }} with: - teams-array: '["ecosystem", "foundations-eco"]' + teams-array: '["vault-eco"]' diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index a9b738c43..4b277d919 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -10,14 +10,14 @@ jobs: chart-verifier: runs-on: ubuntu-latest env: - CHART_VERIFIER_VERSION: '1.13.3' + CHART_VERIFIER_VERSION: '1.13.4' steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup test tools uses: ./.github/actions/setup-test-tools - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: - go-version: '1.22.2' + go-version: '1.22.5' - run: go install "github.com/redhat-certification/chart-verifier@${CHART_VERIFIER_VERSION}" - run: bats --tap --timing ./test/chart permissions: diff --git a/CHANGELOG.md b/CHANGELOG.md index 72e58a878..552ee4241 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,20 @@ ## Unreleased +## 0.28.1 (July 11, 2024) + +Changes: + +* Default `vault` version updated to 1.17.2 +* Default `vault-k8s` version updated to 1.4.2 +* Default `vault-csi-provider` version updated to 1.4.3 +* Tested with Kubernetes versions 1.26-1.30 + +Improvements: + +* Configurable `tlsConfig` and `authorization` for Prometheus ServiceMonitor [GH-1025](https://github.com/hashicorp/vault-helm/pull/1025) +* Remove UPDATE from injector-mutating-webhook [GH-783](https://github.com/hashicorp/vault-helm/pull/783) +* Add scope to mutating webhook [GH-1037](https://github.com/hashicorp/vault-helm/pull/1037) + ## 0.28.0 (April 8, 2024) Changes: diff --git a/Chart.yaml b/Chart.yaml index 20e514e92..9aca92afe 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -3,8 +3,8 @@ apiVersion: v2 name: vault -version: 0.28.0 -appVersion: 1.16.1 +version: 0.28.1 +appVersion: 1.17.2 kubeVersion: ">= 1.20.0-0" description: Official HashiCorp Vault Chart home: https://www.vaultproject.io diff --git a/README.md b/README.md index 256bd8b91..18eaf889e 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ this README. Please refer to the Kubernetes and Helm documentation. The versions required are: * **Helm 3.6+** - * **Kubernetes 1.22+** - This is the earliest version of Kubernetes tested. + * **Kubernetes 1.26+** - This is the earliest version of Kubernetes tested. It is possible that this chart works with earlier versions but it is untested. diff --git a/values.openshift.yaml b/values.openshift.yaml index 62a85a6d5..369489f77 100644 --- a/values.openshift.yaml +++ b/values.openshift.yaml @@ -9,16 +9,16 @@ global: injector: image: repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "1.4.1-ubi" + tag: "1.4.2-ubi" agentImage: repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.16.1-ubi" + tag: "1.17.2-ubi" server: image: repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.16.1-ubi" + tag: "1.17.2-ubi" readinessProbe: path: "/v1/sys/health?uninitcode=204" diff --git a/values.schema.json b/values.schema.json index 3f0871f2c..7d62c133f 100644 --- a/values.schema.json +++ b/values.schema.json @@ -1236,6 +1236,9 @@ "serviceMonitor": { "type": "object", "properties": { + "authorization": { + "type": "object" + }, "enabled": { "type": "boolean" }, @@ -1247,6 +1250,9 @@ }, "selectors": { "type": "object" + }, + "tlsConfig": { + "type": "object" } } } diff --git a/values.yaml b/values.yaml index fe7a2582f..7496d6031 100644 --- a/values.yaml +++ b/values.yaml @@ -68,7 +68,7 @@ injector: # image sets the repo and tag of the vault-k8s image to use for the injector. image: repository: "hashicorp/vault-k8s" - tag: "1.4.1" + tag: "1.4.2" pullPolicy: IfNotPresent # agentImage sets the repo and tag of the Vault image to use for the Vault Agent @@ -76,7 +76,7 @@ injector: # required. agentImage: repository: "hashicorp/vault" - tag: "1.16.1" + tag: "1.17.2" # The default values for the injected Vault Agent containers. agentDefaults: @@ -377,7 +377,7 @@ server: image: repository: "hashicorp/vault" - tag: "1.16.1" + tag: "1.17.2" # Overrides the default Image Pull Policy pullPolicy: IfNotPresent @@ -1087,7 +1087,7 @@ csi: image: repository: "hashicorp/vault-csi-provider" - tag: "1.4.2" + tag: "1.4.3" pullPolicy: IfNotPresent # volumes is a list of volumes made available to all containers. These are rendered @@ -1172,7 +1172,7 @@ csi: image: repository: "hashicorp/vault" - tag: "1.16.1" + tag: "1.17.2" pullPolicy: IfNotPresent logFormat: standard