Releases: Talend/vault-sidecar-injector
v7.2.1
v7.2.0
This release comes with support for admission.k8s.io/v1 AdmissionReview and admissionregistration.k8s.io/v1 MutatingWebhookConfiguration on Kubernetes 1.16+. As a result, Vault Sidecar Injector now handles both v1 and v1beta1 versions of those resources.
Note that admission.k8s.io/v1beta1 AdmissionReview and admissionregistration.k8s.io/v1beta1 MutatingWebhookConfiguration should not be supported (nor available) anymore on Kubernetes 1.22+
Changed
- VSI #48 - Minor chart updates (adjust CPU & memory for injected containers, add checks during chart install)
- VSI #51 - Update base image to CentOS 7.9.2009
Added
- VSI #49 - Add support for
admission.k8s.io/v1AdmissionReview andadmissionregistration.k8s.io/v1MutatingWebhookConfiguration (in addition to v1beta1)
v7.1.1
v7.1.0
A new sidecar.vault.talend.org/vault-image annotation has been added to override the default injected image. Refer to the samples for a working example.
The default Vault image has been bumped to version 1.6.2.
Changed
- VSI #44 - Update HashiCorp Vault image to 1.6.2
Added
- VSI #43 - New annotation to allow injection of custom Vault image
v7.0.2
v7.0.1
Minor release with new default Vault image to address several security issues in HashiCorp Vault (CVE-2020-25816, CVE-2020-16250, CVE-2020-16251, CVE-2020-17455).
Note that provided chart now requires Helm v3.
Changed
v7.0.0
New with this release: Vault secrets can now be injected right into environment variables. Only static secrets are supported at the moment. Along with this feature, the secrets volumeMount is now automatically injected in your containers if not already defined (as it was the case with the secrets volume).
Default Vault image is now set to 1.4.2 to fix several CVEs (CVE-2020-13223, CVE-2020-12757: see HashiCorp's CHANGELOG).
Finally, the webhook certificates are no more generated using the Kubernetes Certificates API. The certificates and associated private key are now either generated by code or read from a Kubernetes Secret you provide. Refer to the updated documentation for details.
Changed
- VSI #29 - Update HashiCorp Vault image to 1.4.2
- VSI #30 - Webhook certificates generated by code or provided
- VSI #31 - Migrate to Golang 1.14
Added
v6.1.0
This release fixes VSI deployment on Kubernetes 1.18+ clusters. It also comes with better AppRole integration and updated Vault image.
Changed
- VSI #27 - Update HashiCorp Vault image to 1.4.1
Added
- VSI #26 - Improve AppRole support: add tests, enforce check over secrets type, tune Vault Agent config
Fixed
- VSI #25 - Fix RBAC following breaking change in Kubernetes 1.18 Certificates API. See also associated PR 86476 & 86933.
v6.0.1
v6.0.0
This is a major release introducing new features and complete code refactoring for clear isolation of modes.
Highlights:
- New Static Secrets feature, part of
secretsmode (now supporting both dynamic and static secrets) - Kubernetes Jobs are now handled as a Vault Sidecar Injector mode. Annotation
sidecar.vault.talend.org/workloadis still supported but deprecated: make use ofsidecar.vault.talend.org/modeto enable job mode - HashiCorp Vault image updated to
1.3.2
Added