DATAGO-59401: Upgrading vault to 1.11.x

.github/workflows/acceptance.yaml

@@ -1,17 +1,13 @@
 name: Acceptance Tests
 
-on:
-  push:
-    branches:
-      - main
-  workflow_dispatch: {}
+on: [push, workflow_dispatch]
 
 jobs:
   kind:
     strategy:
       fail-fast: false
       matrix:
-        kind-k8s-version: [1.16.15, 1.20.15, 1.21.10, 1.22.7, 1.23.4]
+        kind-k8s-version: [1.16.15, 1.20.15, 1.21.14, 1.22.13, 1.23.10, 1.24.4, 1.25.0]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
@@ -23,12 +19,8 @@ jobs:
         with:
           config: test/kind/config.yaml
           node_image: kindest/node:v${{ matrix.kind-k8s-version }}
+          version: v0.14.0
 
-      # Skip CSI tests if K8s version < 1.16.x
-      - run: echo K8S_MINOR=$(kubectl version -o json | jq -r .serverVersion.minor) >> $GITHUB_ENV
-      - if: ${{ env.K8S_MINOR < 16 }}
-        run: echo "SKIP_CSI=true" >> $GITHUB_ENV
-
-      - run: bats ./test/acceptance -t
+      - run: bats --tap --timing ./test/acceptance
         env:
           VAULT_LICENSE_CI: ${{ secrets.VAULT_LICENSE_CI }}

.github/workflows/jira.yaml

@@ -40,7 +40,7 @@ jobs:
         description: "${{ github.event.issue.body || github.event.pull_request.body }}\n\n_Created from GitHub Action for ${{ github.event.issue.html_url || github.event.pull_request.html_url }} from ${{ github.actor }}_"
         # customfield_10089 is Issue Link custom field
         # customfield_10091 is team custom field
-        extraFields: '{"fixVersions": [{"name": "TBD"}], "customfield_10091": ["ecosystem", "runtime"], "customfield_10089": "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"}'
+        extraFields: '{"fixVersions": [{"name": "TBD"}], "customfield_10091": ["ecosystem", "foundations"], "customfield_10089": "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"}'
 
     - name: Search
       if: github.event.action != 'opened'
@@ -62,7 +62,7 @@ jobs:
       uses: atlassian/[email protected]
       with:
         issue: ${{ steps.search.outputs.issue }}
-        transition: Close
+        transition: Closed
 
     - name: Reopen ticket
       if: github.event.action == 'reopened' && steps.search.outputs.issue

.github/workflows/tests.yaml

@@ -8,7 +8,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - uses: ./.github/workflows/setup-test-tools
-      - run: bats ./test/unit -t
+      - run: bats --tap --timing ./test/unit
 
   chart-verifier:
     runs-on: ubuntu-latest
@@ -22,4 +22,4 @@ jobs:
         with:
           go-version: '1.17.4'
       - run: go install github.com/redhat-certification/chart-verifier@${CHART_VERIFIER_VERSION}
-      - run: bats ./test/chart -t
+      - run: bats --tap --timing ./test/chart

.helmignore

@@ -1,4 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
 .git/
+.gitignore
 .terraform/
-bin/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
 test/

CHANGELOG.md

@@ -1,5 +1,43 @@
 ## Unreleased
 
+
+## 0.22.0 (September 8th, 2022)
+
+Features:
+* Add PrometheusOperator support for collecting Vault server metrics. [GH-772](https://github.com/hashicorp/vault-helm/pull/772)
+
+Changes:
+* `vault-k8s` to 1.0.0 [GH-784](https://github.com/hashicorp/vault-helm/pull/784)
+* Test against Kubernetes 1.25 [GH-784](https://github.com/hashicorp/vault-helm/pull/784)
+* `vault` updated to 1.11.3 [GH-785](https://github.com/hashicorp/vault-helm/pull/785)
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
 ## 0.20.0 (May 16th, 2022)
 
 CHANGES:
@@ -9,8 +47,10 @@ CHANGES:
 * CSI provider default image to 1.1.0
 * Vault K8s default image to 0.16.0
 * Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
 * Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
-* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
 
 Improvements:
 * CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
@@ -19,6 +59,7 @@ Improvements:
 * Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
 * server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
 * server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
 
 ## 0.19.0 (January 20th, 2022)
 

Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: vault
-version: 0.20.0
-appVersion: 1.10.3
+version: 0.22.0
+appVersion: 1.11.3
 kubeVersion: ">= 1.16.0-0"
 description: Official HashiCorp Vault Chart
 home: https://www.vaultproject.io

Makefile

@@ -15,7 +15,7 @@ LOCAL_ACCEPTANCE_TESTS?=false
 KIND_CLUSTER_NAME?=vault-helm
 
 # kind k8s version
-KIND_K8S_VERSION?=v1.20.2
+KIND_K8S_VERSION?=v1.25.0
 
 # Generate json schema for chart values. See test/README.md for more details.
 values-schema:
@@ -72,7 +72,7 @@ acceptance:
 ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
 	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
 endif
-	bats test/${ACCEPTANCE_TESTS}
+	bats --tap --timing test/${ACCEPTANCE_TESTS}
 
 # this target is for provisioning the GKE cluster
 # it is run in the docker container above when the test-provision target is invoked

README.md

@@ -25,8 +25,7 @@ this README. Please refer to the Kubernetes and Helm documentation.
 
 The versions required are:
 
-  * **Helm 3.0+** - This is the earliest version of Helm tested. It is possible
-    it works with earlier versions but this chart is untested for those versions.
+  * **Helm 3.6+**
   * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
     It is possible that this chart works with earlier versions but it is
     untested.