Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add portnumber #831

Merged
merged 6 commits into from
Apr 4, 2023
Merged

Add portnumber #831

merged 6 commits into from
Apr 4, 2023

Conversation

bhargav2427
Copy link
Contributor

No description provided.

Added Port Number in readinessProbe and livenessProbe. 
As someone might be running Vault service on port number other than 8200 then livenessProbe and readinessProbe will not work in currentcase.
@hashicorp-cla
Copy link

hashicorp-cla commented Jan 21, 2023

CLA assistant check
All committers have signed the CLA.

@tvoran tvoran added enhancement New feature or request vault-server Area: operation and usage of vault server in k8s labels Jan 24, 2023
@blakepettersson
Copy link

What's the status on this one @tvoran? Looking forward to see this merged! 🙏

@bhargav2427
Copy link
Contributor Author

Hello @tvoran, Can you please check the changes?

@bhargav2427
Copy link
Contributor Author

Hello @tomhjp, @kschoche, @swenson Please review this PR.

Copy link
Contributor

@kschoche kschoche left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good so far, I think I spotted a typo and left a comment.
At a higher level, since the liveness and and readiness probes' paths are hitting Vault endpoints, should this value be tied to the vault server's listening port? Or maybe the vault service's port?

templates/server-statefulset.yaml Outdated Show resolved Hide resolved
Co-authored-by: Kyle Schochenmaier <kyle.schochenmaier@hashicorp.com>
@kschoche
Copy link
Contributor

Oh sorry, one more thing that I forgot to include in my first comment, can you please add bats testing to test/unit/server-statefulset.bats to cover these changes as well?

@bhargav2427
Copy link
Contributor Author

Hello @kschoche I have added tests in test/unit/server-statefulset.bats. Please let me know your thoughts.

Copy link
Contributor

@kschoche kschoche left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great, thank you for taking the time to submit the PR!

@kschoche kschoche merged commit 9f18980 into hashicorp:main Apr 4, 2023
kschoche added a commit that referenced this pull request Apr 4, 2023
@kschoche kschoche mentioned this pull request Apr 4, 2023
kschoche added a commit that referenced this pull request Apr 4, 2023
* Add changelog for #831
* fixes bats test
Sh4kE added a commit to Sh4kE/k8s-projects that referenced this pull request Apr 9, 2023
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [vault](https://www.vaultproject.io) ([source](https://github.com/hashicorp/vault-helm)) | minor | `0.23.0` -> `0.24.0` |

---

### Release Notes

<details>
<summary>hashicorp/vault-helm</summary>

### [`v0.24.0`](https://github.com/hashicorp/vault-helm/blob/HEAD/CHANGELOG.md#&#8203;0240-April-6-2023)

[Compare Source](hashicorp/vault-helm@v0.23.0...v0.24.0)

Changes:

-   Earliest Kubernetes version tested is now 1.22
-   `vault` updated to 1.13.1

Features:

-   server: New `extraPorts` option for adding ports to the Vault server statefulset [GH-841](hashicorp/vault-helm#841)
-   server: Add configurable Port Number in readinessProbe and livenessProbe for the server-statefulset [GH-831](hashicorp/vault-helm#831)
-   injector: Make livenessProbe and readinessProbe configurable and add configurable startupProbe [GH-852](hashicorp/vault-helm#852)
-   csi: Add an Agent sidecar to Vault CSI Provider pods to provide lease caching and renewals [GH-749](hashicorp/vault-helm#749)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4zNy4wIiwidXBkYXRlZEluVmVyIjoiMzUuMzcuMCJ9-->

Co-authored-by: Michael Wittig <michael.wittig@posteo.de>
Reviewed-on: https://gitea.sh4ke.rocks/sh4ke/k8s-projects/pulls/142
xiaocongji added a commit to SolaceDev/vault-helm that referenced this pull request Aug 25, 2023
* add staticSecretRenderInterval to injector (#621)

* make staticSecretRenderInterval default to empty string

* update values schema to add staticSecretRenderInterval

* add test for default value

* adding changelog entry

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update jira action (#644)

* No longer check for Vault team membership
* Tweak jira states and search parameters

* remove support for the leader-elector container (#649)

* vault-helm 0.18.0 release (#650)

* Run CI tests in github workflows  (#657)

Ports the bats unit, chart-verifier, and bats acceptance tests to use
github workflows and actions. The acceptance tests run using kind, and
run for multiple k8s versions, on pushes to the main branch.

Adds a SKIP_CSI env check in the CSI acceptance test, set in the
workflow if K8s version is less than 1.16.

Adds kubeAdmConfigPatches to the kind config to allow testing the CSI
provider on K8s versions prior to 1.21.

Updates the Secrets Store CSI driver to 1.0.0 in tests.

Makes the HA Vault tests more robust by waiting for all consul client
pods to be Ready, and waits with a timeout for Vault to start
responding as sealed (since the tests on GitHub runners were often
failing at that point).

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Configurable PodDisruptionBudget for Injector (#653)

* Fix spelling error in server disruptionbudget test (#654)

* Make terminationGracePeriodSeconds configurable (#659)

Make terminationGracePeriodSeconds configurable for server pod

* injector: ability to set deployment update strategy (continued) (#661)

Co-authored-by: Jason Hancock <jhancock@netskope.com>

* csi: ability to set priorityClassName for csi daemonset pods (#670)

* Fixed a small typo (#672)

* Disable unit and acceptance tests in CircleCI (#675)

* update CONTRIBUTING.md (#677)

Link to the discuss forum instead of the old google group and irc
channel. Add info about the CLA.

* add namespace support for openshift route (#679)

* Add volumes and env vars to helm hook test pod (#673)

* Fix test typo

* Add basic server-test Pod tests

 - This covers all existing functionality that matches what's
   present in server-statefulset.bats

* Fix server-test helm hook Pod rendering

 - Properly adhere to the global.enabled flag and the presence of
   the injector.externalVaultAddr setting, the same way that
   the servers StatefulSet behaves

* Add volumes and env vars to helm hook test pod

 - Uses the same extraEnvironmentVars, volumes and volumeMounts set on
   the server statefulset to configure the Vault server test pod used by
   the helm test hook
 - This is necessary in situations where TLS is configured, but the
   certificates are not affiliated with the k8s CA / part of k8s PKI

 - Fixes GH-665

* allow injection of TLS config for OpenShift routes (#686)

* Add some tests on top of #396

* convert server-route.yaml to unix newlines

* changelog

Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Release 0.19.0 (#687)

* Add extraLabels for CSI DaemonSet (#690)

* Updated hashicorp/vault-csi-provider image to v1.0.0 (#689)

* Fix unit test assertions (#693)

* vault: bump image to 1.9.3 (#695)


Signed-off-by: Lionel H <me@nullbyte.be>

* changelog++ (#699)

* change helm trigger branch from master to main (#700)

* Add namespace to injector-leader-elector role, rolebinding and secret (#683)

* allow to configure publishNotReadyAddresses on server services (#694)

* Maintain pre-existing Mutating Webhook default values for Kubernetes 1.22 (#692)

* Prepare default values for MutatingWebhookConfiguration #691
* Add values.yaml values to injector-mutating-webhook.yaml #691
* Duplicate and deprecate top-level webhook settings and put them in a webhook object
* Made the new values default with the fallback to the old values.yaml
* Fix _helpers.tpl to support both old and new webhook annotations
* Add new tests and deprecate old ones for injector webhook configuration
* Old tests now work with old values.yaml
* Add all new fields showing that they have priority over old ones
* Add deprecation note to injector.failurePolicy #691

* VAULT-571 Matching documented behavior and consul (#703)

VAULT-571 Matching documented behavior and consul

Consul's helm template defaults most of the enabled to the special value
`"-"`, which means to inherit from global. This is what is implied
should happen in Vault as well according to the documentation for the
helm chart:

> [global.enabled] The master enabled/disabled configuration. If this is
> true, most components will be installed by default. If this is false,
> no components will be installed by default and manually opting-in is
> required, such as by setting server.enabled to true.

(https://www.vaultproject.io/docs/platform/k8s/helm/configuration#enabled)

We also simplified the chart logic using a few template helpers.

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update k8s versions (#706)

* tests: updating the four most recent k8s versions

* bump oldest version to 1.16

* docs, Chart.yaml, and changelog for 1.14 -> 1.16

* Fix values schema to support config in YAML (#684)

* Support policy/v1 disruptionbudget beyond kube 1.21 (#710)

Issue #667, adding updates to the disruptionbudget to support new
non beta spec beyond kube 1.21

* Remove unncessary template calls (#712)

- As part of VAULT-571 / #703 in 7109159, a new vault.serverEnabled
   template was added (and included in vault.mode)

   Various templates were updated accordingly, but those that were
   already calling vault.mode had an additonal call to
   vault.serverEnabled made which was unnecessary

   Remove those

* Issue 629: updated to allow customization of the CLUSTER_ADDR the same… (#709)

* Issue #629 Updates to allow customization of the CLUSTER_ADDR and unit tests to go with it

* Issue-#629 removing extra whitespace I added accidently.

* Issue-#629 fixing extra whitespace added.

* Update values.yaml

Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com>

* Issue #629 adding changelog

Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com>

* VAULT-5838 Update CSI provider to 1.1.0 (#721)

* VAULT-5838 Update CSI provider to 1.1.0

* Update test/acceptance/csi.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* VUALT-5838 Restore Secrets Store CSI driver to 1.0.0 (#722)

1.0.1+ seems to only support Kubernetes 1.19+, so we break support for
1.16 if we upgrade

* Implement support for Topology Spread Constraints (#652)

* Implemented support for topology spread constraints

* Update values.yaml

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* Update values.yaml

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* Add topologySpreadConstraints to values schema

* Implement injector deployment topology spread UTs

* also remove string from the relevant schema types

* Implement injector statefulset topology spread UTs

* Implement injector HA statefulset topology UTs

* Allow topologySpreadConstraints to be a string

Co-authored-by: Ellis Tarn <ellistarn@gmail.com>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Christopher Swenson <swenson@swenson.io>

* Update the changelog with changes from 614 and 652 (#723)

* Update the changelog with changes from 614 and 652

* Update CHANGELOG.md

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Prepare v0.20.0 release (#727)

* Fix CSI acceptance tests (#728)

* Update minimum required helm version in readme (#730)

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Restore missing 'vault' service account (#737)

Our tutorials rely on this service account being present even if we are
using an external Vault.

The `values.yaml` also states that external Vaults are expected to use
this service account.

For example,
https://learn.hashicorp.com/tutorials/vault/kubernetes-external-vault?in=vault/kubernetes#install-the-vault-helm-chart-configured-to-address-an-external-vault

* Set default object selector for webhooks to exclude injector itself (#736)

Set default object selector for webhooks to exclude injector itself

If `injector.failurePolicy` is set to `Fail`, there is a race condition
where if the mutating webhook config is setup before the injector, then
the injector can fail to start because it tries to inject itself.

We can work around this by ignoring the injector pod in in the webhook
by default.

Thanks to @joeyslalom for the object selector to exclude the pod.

Fixes https://github.com/hashicorp/vault-k8s/issues/258

* Prepare for release 0.20.1 (#739)

Prepare for release 0.20.1

Improvements:
* `vault-k8s` updated to 0.16.1

CHANGES:
* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Mention minimum helm version in changelog (#742)

Also add a features section to 0.20.0

* Start testing against Kubernetes 1.24 (#744)

Start testing against Kubernetes 1.24

Update .github/workflows/acceptance.yaml

Remove skip csi

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update .helmignore (#732)

Review .helmignore file, ignore CI in chart

* Set VAULT_ADDR env var for CSI Provider pods (#745)

* Support to add annotations in injector serviceaccount (#753)

* changelog++ (#757)

* jira-sync: transition to "Closed" not "Close" (#758)

* Add support for nodePort for active and standby services (#610)

* Feat/adding pod and container security context (#750)

Allow the injector's pod- and container-level securityContext to be
fully specified by the user, via new options
`injector.securityContext.pod` and
`injector.securityContext.container` with more complete
defaults. Deprecates `injector.uid` and `injector.gid`.

If `injector.uid` or `injector.gid` are set by the user, the old pod
securityContext settings will be used. Otherwise the new defaults and
settings are used.

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Changelog and schema update for active/standby node port (#761)

* Changelog and schema update for active/standby node port

Follow-up to https://github.com/hashicorp/vault-helm/pull/610

* changelog++ and json schema update (#762)

Changelog updates for #750, and json schema update.

* Update jira sync (#768)

* csi/server.statefulset: custom security context (#767)

csi/server.statefulset: custom security context

This adds flexibility to have custom pod template and container
`securityContext` and preserves current default values and behavior.

Fixes https://github.com/hashicorp/vault-helm/issues/663.

This also is a way to address https://github.com/hashicorp/vault-helm/pull/599
so that people can specify, for example, the CSI to run in a privileged
container for OpenShift.

This is a follow-up to https://github.com/hashicorp/vault-helm/pull/750
and builds on the same principles.

Side note: I am not able to run `helm schema-gen` since it is
unmaintained and does not work with M1 Macs.

* Prepare for 0.21.0 release (#771)

Prepare for 0.21.0 release

CHANGES:
* `vault-k8s` updated to 0.17.0. (this)
* `vault-csi-provider` updated to 1.2.0 (this)
* `vault` updated to 1.11.2 (this)
* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)

Features:
* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)

* DOC: Minor typos fixes (#669)

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* update values comments for server.securityContext (#778)

Since container is empty for openshift.

* CI: run acceptance tests on push to any (#781)

* Add support for the Prometheus Operator (#772)

support collecting Vault server metrics by deploying PrometheusOperator
CustomResources.

Co-authored-by: Sam Weston <weston.sam@gmail.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update vault-k8s to 1.0.0 (#784)

Update vault-k8s to 1.0.0

Also update Kubernetes versions tested against, including adding 1.25

Update consul in tests for Kubernetes 1.25 support

* Prepare for 0.22.0 release (#785)

Prepare for 0.21.1 release

* Update Vault to 1.11.3

* Add server.hostNetwork option (#775)

* [COMPLIANCE] Add MPL 2.0 LICENSE (#800)

Co-authored-by: hashicorp-copywrite[bot] <noreply@hashicorp.com>

* Prepare to release to 0.22.1 (#803)

* Prepare to release to 0.22.1

* Revert chart verifier update for now

* Remove unused jobs from CircleCI config

* Fix CircleCI config (#804)

* Fix CircleCI config

* Add manual trigger option

* Add extraLabels for Vault server serviceAccount (#806)

* Quote `.server.ha.clusterAddr` value (#810)

* Support selectively disabling active/standby services and service discovery role (#811)

* server: Allow disabling the instance selector for services (#813)

* Prepare for 0.23.0 release (#814)

* Amending docs (#828)

* swap helm charts call to GHA (#840)

* swap helm charts call to GHA

* fix path for gh utility

* Call helm publish workflow by file name without path (#843)

* adding SPDX copyright headers (#844)

* Fix typo in telemetry example (#846)

Also in the telemetry test

* Add extraPorts property (#841)

* fix: remove k8s 1.16 from acceptance testing (#848)

* remove 1.16 from the versions tested in .github/workflows/acceptance.yaml as kind no longer supports creating a k8s 1.16 cluster
* update vault-helm's minimum support k8s version to 1.20 in README and Chart.yaml
* refactor server-ingress's templating and unit tests applied to k8s versions < 1.20

* feat: make injector livenessProbe and readinessProbe configurable and add configurable startupProbe (#852)

* Updating GHA and default Vault version (#863)

Test with latest kind k8s versions 1.22-1.26. Remove support for old
disruptionbudget and ingress APIs (pre 1.22).

Pin all actions to SHAs, and use the common jira sync.

Update the default Vault version to v1.13.1.

Update chart-verifier used in tests to 1.10.1, also add an openshift
name annotation to Chart.yaml (one of the required checks).

* Add portnumber (#831)

* Add configurable Port Number in readinessProbe and livenessProbe for the server-statefulset. 
Co-authored-by: Kyle Schochenmaier <kyle.schochenmaier@hashicorp.com>

* Add changelog for #831 (#867)

* Add changelog for #831
* fixes bats test

* Add Vault Agent sidecar to CSI Provider (#749)

Adds Agent as a sidecar for the CSI Provider to:

* Cache k8s auth login leases
* Cache secret leases
* Automatically renew renewable leases in the background

* Prepare for 0.24.0 release (#868)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)

* Add objectSelector to webhookconfiguration (#456)

* changelog++

* Add CSI secrets store provider (#461)

* updating acceptance tests to k8s 1.17 on gke (#473)

* changelog++

* Target vault-csi-provider release 0.1.0 (#475)

* Update to 0.10.0 (#477)

* Update to v0.10.0

* Fix typo

* Add csi link in changelog

* Add volumes and mounts support for CSI (#479)

* Remove extraVolumes from CSI, add volumes and mounts

* Add better example

* changelog++

* Remove extra word in readme (#482)

* fix csi helm deployment (#486)

* fix serviceaccount and clusterrole name reference (full name)

* add server.enabled option, align with documentation

* add unit tests

* update server.enabled behaviour to explicit true and update tests

* changelog++

* add hostNetwork value to injector deployment (#471)

* add hostNetwork value to injector deployment

* adding unit tests

* changelog++

* feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (#460)

Refs #361

* changelog++

* Add logLevel and logFormat values for Vault (#488)

* Add logLevel and logFormat values for Vault

* Add configurable tests

* Update order of log levels

* Update values.yaml

* Update per review

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* changelog++

* Custom value of agent port  (#489)

* configure the agent port

* add unit test

* remove default

* remove default

* Update values.yaml

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* Add injector agent default overrides (#493)

* Add injector agent default overrides

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* [injector] Add port name in injector service (#495)

* [injector] Add port name in injector service

* [injector] Hardcore port to https

* changelog++

* Fix injector unit test failing (#496)

* Fix injector unit test failing

* Add null check

* Add default if unset for CI

* Remove redundant logic (#434)

* Update to v0.11.0 (#497)

* Add container based tests documentation (#492)

* update documentation with running unit tests using container

* promote bats version to 1.3.0

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Set kubeVersion and added chart-verifier tests (#510)

Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats
test, and configured to run it in CI. Some verification tests that
haven't been addressed yet are skipped.

* changelog++

* match kubeVersion on semver pre-releases (#512)

Since clouds like GKE set their kubeVersion as a
pre-release (e.g. v1.17.17-gke.6700)

* Add ImagePullSecrets to CSI daemonset (#519)

* changelog++

* changelog++

* fix CONTRIBUTING.md (#501)

* updating to use new dedicated context and token (#515)

* added values json schema (#513)

Generated the schema using the helm schema-gen plugin, and added extra
data types to fields that allow it, such as annotations, tolerations,
enabled, etc. Enabled the "contains-value-schema" chart-verifier test.

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* [Issue-520] tolerations for csi-daemonset (#521)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* Add extraArgs value for CSI (#526)

* changelog++

* add schema unit tests (#530)

* Add UI targetPort option (#437)

Use custom `targetPort` for UI service. See the usecase in https://github.com/hashicorp/vault-helm/issues/385#issuecomment-749560213

* changelog++

* Update to v0.12.0 (#532)

* Update to v0.12.0

* Update values.schema.json

* Fix schema types

* revert image repo

* Adding helm test for vault server (#531)

Also adds acceptance test for 'helm test' and updates the
chart-verifier version.

* changelog++

* fix ui.serviceNodePort schema (#537)

UI service nodePort defaults to null, but is set as an integer

* changelog++

* change maxUnavailable to integer (#535)

change maxUnavailable from `null` to `integer` to enable upgrade from
0.11.0 to 0.12.0 when using the specific variable.

* Also allow null value

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* add test for server.ha.disruptionBudget.maxUnavailable

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* use vault-helm-test:0.2.0 (#543)

* Added webhook-certs volume mount to sidecar injector (#545)

* Removed webhook-certs volume mount from leader-elector container

* Added test: injector deployment manual TLS adds volume mount

* changelog++

* Adding server.enterpriseLicense (#547)

Sets up a vault-enterprise license for autoloading on vault
startup. Mounts an existing secret to /vault/license and sets
VAULT_LICENSE_PATH appropriately.

* changelog++

* Add openshift overrides (#549)

Adds default overrides for OpenShift (values.openshift.yaml) and uses
them in the chart-verifier tests.

* changelog++

* Update to v0.13.0 (#554)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade to 1.7.9

* chore(DATAGO-27002): Fix doc issue

Co-authored-by: guru1306 <tguru.ece@gmail.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Paul <paul.coignet@datadoghq.com>
Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com>
Co-authored-by: Paul Witt <paul_witt@discovery.com>
Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com>
Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com>
Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com>
Co-authored-by: mehmetsalgar <salgarm@gmx.de>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Iñigo Horcajo <inigohu@gmail.com>
Co-authored-by: Rule88 <rule88@users.noreply.github.com>
Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com>
Co-authored-by: Julian Setiawan <julian.setiawan@solace.com>
Co-authored-by: marcboudreau <marc.boudreau@solace.com>
Co-authored-by: Hadie Laham <hadie.laham@solace.com>

* fix: deploy_local.sh error with file

* minor changes

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)

* Add objectSelector to webhookconfiguration (#456)

* changelog++

* Add CSI secrets store provider (#461)

* updating acceptance tests to k8s 1.17 on gke (#473)

* changelog++

* Target vault-csi-provider release 0.1.0 (#475)

* Update to 0.10.0 (#477)

* Update to v0.10.0

* Fix typo

* Add csi link in changelog

* Add volumes and mounts support for CSI (#479)

* Remove extraVolumes from CSI, add volumes and mounts

* Add better example

* changelog++

* Remove extra word in readme (#482)

* fix csi helm deployment (#486)

* fix serviceaccount and clusterrole name reference (full name)

* add server.enabled option, align with documentation

* add unit tests

* update server.enabled behaviour to explicit true and update tests

* changelog++

* add hostNetwork value to injector deployment (#471)

* add hostNetwork value to injector deployment

* adding unit tests

* changelog++

* feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (#460)

Refs #361

* changelog++

* Add logLevel and logFormat values for Vault (#488)

* Add logLevel and logFormat values for Vault

* Add configurable tests

* Update order of log levels

* Update values.yaml

* Update per review

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* changelog++

* Custom value of agent port  (#489)

* configure the agent port

* add unit test

* remove default

* remove default

* Update values.yaml

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* Add injector agent default overrides (#493)

* Add injector agent default overrides

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* [injector] Add port name in injector service (#495)

* [injector] Add port name in injector service

* [injector] Hardcore port to https

* changelog++

* Fix injector unit test failing (#496)

* Fix injector unit test failing

* Add null check

* Add default if unset for CI

* Remove redundant logic (#434)

* Update to v0.11.0 (#497)

* Add container based tests documentation (#492)

* update documentation with running unit tests using container

* promote bats version to 1.3.0

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Set kubeVersion and added chart-verifier tests (#510)

Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats
test, and configured to run it in CI. Some verification tests that
haven't been addressed yet are skipped.

* changelog++

* match kubeVersion on semver pre-releases (#512)

Since clouds like GKE set their kubeVersion as a
pre-release (e.g. v1.17.17-gke.6700)

* Add ImagePullSecrets to CSI daemonset (#519)

* changelog++

* changelog++

* fix CONTRIBUTING.md (#501)

* updating to use new dedicated context and token (#515)

* added values json schema (#513)

Generated the schema using the helm schema-gen plugin, and added extra
data types to fields that allow it, such as annotations, tolerations,
enabled, etc. Enabled the "contains-value-schema" chart-verifier test.

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* [Issue-520] tolerations for csi-daemonset (#521)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* Add extraArgs value for CSI (#526)

* changelog++

* add schema unit tests (#530)

* Add UI targetPort option (#437)

Use custom `targetPort` for UI service. See the usecase in https://github.com/hashicorp/vault-helm/issues/385#issuecomment-749560213

* changelog++

* Update to v0.12.0 (#532)

* Update to v0.12.0

* Update values.schema.json

* Fix schema types

* revert image repo

* Adding helm test for vault server (#531)

Also adds acceptance test for 'helm test' and updates the
chart-verifier version.

* changelog++

* fix ui.serviceNodePort schema (#537)

UI service nodePort defaults to null, but is set as an integer

* changelog++

* change maxUnavailable to integer (#535)

change maxUnavailable from `null` to `integer` to enable upgrade from
0.11.0 to 0.12.0 when using the specific variable.

* Also allow null value

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* add test for server.ha.disruptionBudget.maxUnavailable

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* use vault-helm-test:0.2.0 (#543)

* Added webhook-certs volume mount to sidecar injector (#545)

* Removed webhook-certs volume mount from leader-elector container

* Added test: injector deployment manual TLS adds volume mount

* changelog++

* Adding server.enterpriseLicense (#547)

Sets up a vault-enterprise license for autoloading on vault
startup. Mounts an existing secret to /vault/license and sets
VAULT_LICENSE_PATH appropriately.

* changelog++

* Add openshift overrides (#549)

Adds default overrides for OpenShift (values.openshift.yaml) and uses
them in the chart-verifier tests.

* changelog++

* Update to v0.13.0 (#554)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade to 1.7.9

* chore(DATAGO-27002): Fix doc issue

Co-authored-by: guru1306 <tguru.ece@gmail.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Paul <paul.coignet@datadoghq.com>
Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com>
Co-authored-by: Paul Witt <paul_witt@discovery.com>
Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com>
Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com>
Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com>
Co-authored-by: mehmetsalgar <salgarm@gmx.de>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Iñigo Horcajo <inigohu@gmail.com>
Co-authored-by: Rule88 <rule88@users.noreply.github.com>
Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com>
Co-authored-by: Julian Setiawan <julian.setiawan@solace.com>
Co-authored-by: marcboudreau <marc.boudreau@solace.com>
Co-authored-by: Hadie Laham <hadie.laham@solace.com>

* Datago 30304/upgrading vault to 1.9.2 (#14)

* add staticSecretRenderInterval to injector (#621)

* make staticSecretRenderInterval default to empty string

* update values schema to add staticSecretRenderInterval

* add test for default value

* adding changelog entry

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update jira action (#644)

* No longer check for Vault team membership
* Tweak jira states and search parameters

* remove support for the leader-elector container (#649)

* vault-helm 0.18.0 release (#650)

* Run CI tests in github workflows  (#657)

Ports the bats unit, chart-verifier, and bats acceptance tests to use
github workflows and actions. The acceptance tests run using kind, and
run for multiple k8s versions, on pushes to the main branch.

Adds a SKIP_CSI env check in the CSI acceptance test, set in the
workflow if K8s version is less than 1.16.

Adds kubeAdmConfigPatches to the kind config to allow testing the CSI
provider on K8s versions prior to 1.21.

Updates the Secrets Store CSI driver to 1.0.0 in tests.

Makes the HA Vault tests more robust by waiting for all consul client
pods to be Ready, and waits with a timeout for Vault to start
responding as sealed (since the tests on GitHub runners were often
failing at that point).

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Configurable PodDisruptionBudget for Injector (#653)

* Fix spelling error in server disruptionbudget test (#654)

* Make terminationGracePeriodSeconds configurable (#659)

Make terminationGracePeriodSeconds configurable for server pod

* injector: ability to set deployment update strategy (continued) (#661)

Co-authored-by: Jason Hancock <jhancock@netskope.com>

* csi: ability to set priorityClassName for csi daemonset pods (#670)

* Fixed a small typo (#672)

* Disable unit and acceptance tests in CircleCI (#675)

* update CONTRIBUTING.md (#677)

Link to the discuss forum instead of the old google group and irc
channel. Add info about the CLA.

* add namespace support for openshift route (#679)

* Add volumes and env vars to helm hook test pod (#673)

* Fix test typo

* Add basic server-test Pod tests

 - This covers all existing functionality that matches what's
   present in server-statefulset.bats

* Fix server-test helm hook Pod rendering

 - Properly adhere to the global.enabled flag and the presence of
   the injector.externalVaultAddr setting, the same way that
   the servers StatefulSet behaves

* Add volumes and env vars to helm hook test pod

 - Uses the same extraEnvironmentVars, volumes and volumeMounts set on
   the server statefulset to configure the Vault server test pod used by
   the helm test hook
 - This is necessary in situations where TLS is configured, but the
   certificates are not affiliated with the k8s CA / part of k8s PKI

 - Fixes GH-665

* allow injection of TLS config for OpenShift routes (#686)

* Add some tests on top of #396

* convert server-route.yaml to unix newlines

* changelog

Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Release 0.19.0 (#687)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* Update to 0.4.0

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)

* Add objectSelector to webhookconfiguration (#456)

* changelog++

* Add CSI secrets store provider (#461)

* updating acceptance tests to k8s 1.17 on gke (#473)

* changelog++

* Target vault-csi-provider release 0.1.0 (#475)

* Update to 0.10.0 (#477)

* Update to v0.10.0

* Fix typo

* Add csi link in changelog

* Add volumes and mounts support for CSI (#479)

* Remove extraVolumes from CSI, add volumes and mounts

* Add better example

* changelog++

* Remove extra word in readme (#482)

* fix csi helm deployment (#486)

* fix serviceaccount and clusterrole name reference (full name)

* add server.enabled option, align with documentation

* add unit tests

* update server.enabled behaviour to explicit true and update tests

* changelog++

* add hostNetwork value to injector deployment (#471)

* add hostNetwork value to injector deployment

* adding unit tests

* changelog++

* feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (#460)

Refs #361

* changelog++

* Add logLevel and logFormat values for Vault (#488)

* Add logLevel and logFormat values for Vault

* Add configurable tests

* Update order of log levels

* Update values.yaml

* Update per review

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* changelog++

* Custom value of agent port  (#489)

* configure the agent port

* add unit test

* remove default

* remove default

* Update values.yaml

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* Add injector agent default overrides (#493)

* Add injector agent default overrides

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* [injector] Add port name in injector service (#495)

* [injector] Add port name in injector service

* [injector] Hardcore port to https

* changelog++

* Fix injector unit test failing (#496)

* Fix injector unit test failing

* Add null check

* Add default if unset for CI

* Remove redundant logic (#434)

* Update to v0.11.0 (#497)

* Add container based tests documentation (#492)

* update documentation with running unit tests using container

* promote bats version to 1.3.0

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Set kubeVersion and added chart-verifier tests (#510)

Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats
test, and configured to run it in CI. Some verification tests that
haven't been addressed yet are skipped.

* changelog++

* match kubeVersion on semver pre-releases (#512)

Since clouds like GKE set their kubeVersion as a
pre-release (e.g. v1.17.17-gke.6700)

* Add ImagePullSecrets to CSI daemonset (#519)

* changelog++

* changelog++

* fix CONTRIBUTING.md (#501)

* updating to use new dedicated context and token (#515)

* added values json schema (#513)

Generated the schema using the helm schema-gen plugin, and added extra
data types to fields that allow it, such as annotations, tolerations,
enabled, etc. Enabled the "contains-value-schema" chart-verifier test.

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* [Issue-520] tolerations for csi-daemonset (#521)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* Add extraArgs value for CSI (#526)

* changelog++

* add schema unit tests (#530)

* Add UI targetPort option (#437)

Use custom `targetPort` for UI service. See the usecase in https://github.com/hashicorp/vault-helm/issues/385#issuecomment-749560213

* changelog++

* Update to v0.12.0 (#532)

* Update to v0.12.0

* Update values.schema.json

* Fix schema types

* revert image repo

* Adding helm test for vault server (#531)

Also adds acceptance test for 'helm test' and updates the
chart-verifier version.

* changelog++

* fix ui.serviceNodePort schema (#537)

UI service nodePort defaults to null, but is set as an integer

* changelog++

* change maxUnavailable to integer (#535)

change maxUnavailable from `null` to `integer` to enable upgrade from
0.11.0 to 0.12.0 when using the specific variable.

* Also allow null value

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* add test for server.ha.disruptionBudget.maxUnavailable

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* use vault-helm-test:0.2.0 (#543)

* Added webhook-certs volume mount to sidecar injector (#545)

* Removed webhook-certs volume mount from leader-elector container

* Added test: injector deployment manual TLS adds volume mount

* changelog++

* Adding server.enterpriseLicense (#547)

Sets up a vault-enterprise license for autoloading on vault
startup. Mounts an existing secret to /vault/license and sets
VAULT_LICENSE_PATH appropriately.

* changelog++

* Add openshift overrides (#549)

Adds default overrides for OpenShift (values.openshift.yaml) and uses
them in the chart-verifier tests.

* changelog++

* Update to v0.13.0 (#554)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade to 1.7.9

* chore(DATAGO-27002): Fix doc issue

Co-authored-by: guru1306 <tguru.ece@gmail.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Paul <paul.coignet@datadoghq.com>
Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com>
Co-authored-by: Paul Witt <paul_witt@discovery.com>
Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com>
Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com>
Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com>
Co-authored-by: mehmetsalgar <salgarm@gmx.de>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Iñigo Horcajo <inigohu@gmail.com>
Co-authored-by: Rule88 <rule88@users.noreply.github.com>
Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com>
Co-authored-by: Julian Setiawan <julian.setiawan@solace.com>
Co-authored-by: marcboudreau <marc.boudreau@solace.com>
Co-authored-by: Hadie Laham <hadie.laham@solace.com>

* fix: deploy_local.sh error with file

* minor changes

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)

* Add objectSelector to webhookconfiguration (#456)

* changelog++

* Add CSI secrets store provider (#461)

* updating acceptance tests to k8s 1.17 on gke (#473)

* changelog++

* Target vault-csi-provider release 0.1.0 (#475)

* Update to 0.10.0 (#477)

* Update to v0.10.0

* Fix typo

* Add csi link in changelog

* Add volumes and mounts support for CSI (#479)

* Remove extraVolumes from CSI, add volumes and mounts

* Add better example

* changelog++

* Remove extra word in readme (#482)

* fix csi helm deployment (#486)

* fix serviceaccount and clusterrole name reference (full name)

* add server.enabled option, align with documentation

* add unit tests

* update server.enabled behaviour to explicit true and update tests

* changelog++

* add hostNetwork value to injector deployment (#471)

* add hostNetwork value to injector deployment

* adding unit tests

* changelog++

* feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (#460)

Refs #361

* changelog++

* Add logLevel and logFormat values for Vault (#488)

* Add logLevel and logFormat values for Vault

* Add configurable tests

* Update order of log levels

* Update values.yaml

* Update per review

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* changelog++

* Custom value of agent port  (#489)

* configure the agent port

* add unit test

* remove default

* remove default

* Update values.yaml

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* Add injector agent default overrides (#493)

* Add injector agent default overrides

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* [injector] Add port name in injector service (#495)

* [injector] Add port name in injector service

* [injector] Hardcore port to https

* changelog++

* Fix injector unit test failing (#496)

* Fix injector unit test failing

* Add null check

* Add default if unset for CI

* Remove redundant logic (#434)

* Update to v0.11.0 (#497)

* Add container based tests documentation (#492)

* update documentation with running unit tests using container

* promote bats version to 1.3.0

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Set kubeVersion and added chart-verifier tests (#510)

Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats
test, and configured to run it in CI. Some verification tests that
haven't been addressed yet are skipped.

* changelog++

* match kubeVersion on semver pre-releases (#512)

Since clouds like GKE set their kubeVersion as a
pre-release (e.g. v1.17.17-gke.6700)

* Add ImagePullSecrets to CSI daemonset (#519)

* changelog++

* changelog++

* fix CONTRIBUTING.md (#501)

* updating to use new dedicated context and token (#515)

* added values json schema (#513)

Generated the schema using the helm schema-gen plugin, and added extra
data types to fields that allow it, such as annotations, tolerations,
enabled, etc. Enabled the "contains-value-schema" chart-verifier test.

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* [Issue-520] tolerations for csi-daemonset (#521)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* Add extraArgs value for CSI (#526)

* changelog++

* add schema unit tests (#530)

* Add UI targetPort option (#437)

Use custom `targetPort` for UI service. See the usecase in https://github.com/hashicorp/vault-helm/issues/385#issuecomment-749560213

* changelog++

* Update to v0.12.0 (#532)

* Update to v0.12.0

* Update values.schema.json

* Fix schema types

* revert image repo

* Adding helm test for vault server (#531)

Also adds acceptance test for 'helm test' and updates the
chart-verifier version.

* changelog++

* fix ui.serviceNodePort schema (#537)

UI service nodePort defaults to null, but is set as an integer

* changelog++

* change maxUnavailable to integer (#535)

change maxUnavailable from `null` to `integer` to enable upgrade from
0.11.0 to 0.12.0 when using the specific variable.

* Also allow null value

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* add test for server.ha.disruptionBudget.maxUnavailable

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* use vault-helm-test:0.2.0 (#543)

* Added webhook-certs volume mount to sidecar injector (#545)

* Removed webhook-certs volume mount from leader-elector container

* Added test: injector deployment manual TLS adds volume mount

* changelog++

* Adding server.enterpriseLicense (#547)

Sets up a vault-enterprise license for autoloading on vault
startup. Mounts an existing secret to /vault/license and sets
VAULT_LICENSE_PATH appropriately.

* changelog++

* Add openshift overrides (#549)

Adds default overrides for OpenShift (values.openshift.yaml) and uses
them in the chart-verifier tests.

* changelog++

* Update to v0.13.0 (#554)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade to 1.7.9

* chore(DATAGO-27002): Fix doc issue

Co-authored-by: guru1306 <tguru.ece@gmail.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Paul <paul.coignet@datadoghq.com>
Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com>
Co-authored-by: Paul Witt <paul_witt@discovery.com>
Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com>
Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com>
Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com>
Co-authored-by: mehmetsalgar <salgarm@gmx.de>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Iñigo Horcajo <inigohu@gmail.com>
Co-authored-by: Rule88 <rule88@users.noreply.github.com>
Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com>
Co-authored-by: Julian Setiawan <julian.setiawan@solace.com>
Co-authored-by: marcboudreau <marc.boudreau@solace.com>
Co-authored-by: Hadie Laham <hadie.laham@solace.com>

* changed value to use tag 1.9.6

Co-authored-by: Kaito Ii <kaitoii1111@gmail.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Eric Miller <eric.the.miller@icloud.com>
Co-authored-by: Takumi Sue <23391543+mikutas@users.noreply.github.com>
Co-authored-by: Jason Hancock <jhancock@netskope.com>
Co-authored-by: Vadim Grek <vadimprog@gmail.com>
Co-authored-by: nikstur <61635709+nikstur@users.noreply.github.com>
Co-authored-by: Jacob Mammoliti <jmammoliti@hashicorp.com>
Co-authored-by: Ethan J. Brown <Iristyle@users.noreply.github.com>
Co-authored-by: Michele Baldessari <michele@acksyn.org>
Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Julian Setiawan <julian.setiawan@solace.com>
Co-authored-by: marcboudreau <marc.boudreau@solace.com>
Co-authored-by: Hadie Laham <hadie.laham@solace.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Subhrajit Nag <92374747+nagsubhrajitt@users.noreply.github.com>
Co-authored-by: guru1306 <tguru.ece@gmail.com>
Co-authored-by: Paul <paul.coignet@datadoghq.com>
Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com>
Co-authored-by: Paul Witt <paul_witt@discovery.com>
Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com>
Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com>
Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com>
Co-authored-by: mehmetsalgar <salgarm@gmx.de>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Iñigo Horcajo <inigohu@gmail.com>
Co-authored-by: Rule88 <rule88@users.noreply.github.com>
Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com>
Co-authored-by: adhish2001 <adhish.maheswaran@solace.com>

* feat(DATAGO-30305): Upgrade vault server to 1.10.x (#16)

* add staticSecretRenderInterval to injector (#621)

* make staticSecretRenderInterval default to empty string

* update values schema to add staticSecretRenderInterval

* add test for default value

* adding changelog entry

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update jira action (#644)

* No longer check for Vault team membership
* Tweak jira states and search parameters

* remove support for the leader-elector container (#649)

* vault-helm 0.18.0 release (#650)

* Run CI tests in github workflows  (#657)

Ports the bats unit, chart-verifier, and bats acceptance tests to use
github workflows and actions. The acceptance tests run using kind, and
run for multiple k8s versions, on pushes to the main branch.

Adds a SKIP_CSI env check in the CSI acceptance test, set in the
workflow if K8s version is less than 1.16.

Adds kubeAdmConfigPatches to the kind config to allow testing the CSI
provider on K8s versions prior to 1.21.

Updates the Secrets Store CSI driver to 1.0.0 in tests.

Makes the HA Vault tests more robust by waiting for all consul client
pods to be Ready, and waits with a timeout for Vault to start
responding as sealed (since the tests on GitHub runners were often
failing at that point).

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Configurable PodDisruptionBudget for Injector (#653)

* Fix spelling error in server disruptionbudget test (#654)

* Make terminationGracePeriodSeconds configurable (#659)

Make terminationGracePeriodSeconds configurable for server pod

* injector: ability to set deployment update strategy (continued) (#661)

Co-authored-by: Jason Hancock <jhancock@netskope.com>

* csi: ability to set priorityClassName for csi daemonset pods (#670)

* Fixed a small typo (#672)

* Disable unit and acceptance tests in CircleCI (#675)

* update CONTRIBUTING.md (#677)

Link to the discuss forum instead of the old google group and irc
channel. Add info about the CLA.

* add namespace support for openshift route (#679)

* Add volumes and env vars to helm hook test pod (#673)

* Fix test typo

* Add basic server-test Pod tests

 - This covers all existing functionality that matches what's
   present in server-statefulset.bats

* Fix server-test helm hook Pod rendering

 - Properly adhere to the global.enabled flag and the presence of
   the injector.externalVaultAddr setting, the same way that
   the servers StatefulSet behaves

* Add volumes and env vars to helm hook test pod

 - Uses the same extraEnvironmentVars, volumes and volumeMounts set on
   the server statefulset to configure the Vault server test pod used by
   the helm test hook
 - This is necessary in situations where TLS is configured, but the
   certificates are not affiliated with the k8s CA / part of k8s PKI

 - Fixes GH-665

* allow injection of TLS config for OpenShift routes (#686)

* Add some tests on top of #396

* convert server-route.yaml to unix newlines

* changelog

Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Release 0.19.0 (#687)

* Add extraLabels for CSI DaemonSet (#690)

* Updated hashicorp/vault-csi-provider image to v1.0.0 (#689)

* Fix unit test assertions (#693)

* vault: bump image to 1.9.3 (#695)

Signed-off-by: Lionel H <me@nullbyte.be>

* changelog++ (#699)

* change helm trigger branch from master to main (#700)

* Add namespace to injector-leader-elector role, rolebinding and secret (#683)

* allow to configure publishNotReadyAddresses on server services (#694)

* Maintain pre-existing Mutating Webhook default values for Kubernetes 1.22 (#692)

* Prepare default values for MutatingWebhookConfiguration #691
* Add values.yaml values to injector-mutating-webhook.yaml #691
* Duplicate and deprecate top-level webhook settings and put them in a webhook object
* Made the new values default with the fallback to the old values.yaml
* Fix _helpers.tpl to support both old and new webhook annotations
* Add new tests and deprecate old ones for injector webhook configuration
* Old tests now work with old values.yaml
* Add all new fields showing that they have priority over old ones
* Add deprecation note to injector.failurePolicy #691

* VAULT-571 Matching documented behavior and consul (#703)

VAULT-571 Matching documented behavior and consul

Consul's helm template defaults most of the enabled to the special value
`"-"`, which means to inherit from global. This is what is implied
should happen in Vault as well according to the documentation for the
helm chart:

> [global.enabled] The master enabled/disabled configuration. If this is
> true, most components will be installed by default. If this is false,
> no components will be installed by default and manually opting-in is
> required, such as by setting server.enabled to true.

(https://www.vaultproject.io/docs/platform/k8s/helm/configuration#enabled)

We also simplified the chart logic using a few template helpers.

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update k8s versions (#706)

* tests: updating the four most recent k8s versions

* bump oldest version to 1.16

* docs, Chart.yaml, and changelog for 1.14 -> 1.16

* Fix values schema to support config in YAML (#684)

* Support policy/v1 disruptionbudget beyond kube 1.21 (#710)

Issue #667, adding updates to the disruptionbudget to support new
non beta spec beyond kube 1.21

* Remove unncessary template calls (#712)

- As part of VAULT-571 / #703 in 7109159, a new vault.serverEnabled
   template was added (and included in vault.mode)

   Various templates were updated accordingly, but those that were
   already calling vault.mode had an additonal call to
   vault.serverEnabled made which was unnecessary

   Remove those

* Issue 629: updated to allow customization of the CLUSTER_ADDR the same… (#709)

* Issue #629 Updates to allow customization of the CLUSTER_ADDR and unit tests to go with it

* Issue-#629 removing extra whitespace I added accidently.

* Issue-#629 fixing extra whitespace added.

* Update values.yaml

Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com>

* Issue #629 adding changelog

Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com>

* VAULT-5838 Update CSI provider to 1.1.0 (#721)

* VAULT-5838 Update CSI provider to 1.1.0

* Update test/acceptance/csi.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* VUALT-5838 Restore Secrets Store CSI driver to 1.0.0 (#722)

1.0.1+ seems to only support Kubernetes 1.19+, so we break support for
1.16 if we upgrade

* Implement support for Topology Spread Constraints (#652)

* Implemented support for topology spread constraints

* Update values.yaml

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* Update values.yaml

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* Add topologySpreadConstraints to values schema

* Implement injector deployment topology spread UTs

* also remove string from the relevant schema types

* Implement injector statefulset topology spread UTs

* Implement injector HA statefulset topology UTs

* Allow topologySpreadConstraints to be a string

Co-authored-by: Ellis Tarn <ellistarn@gmail.com>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Christopher Swenson <swenson@swenson.io>

* Update the changelog with changes from 614 and 652 (#723)

* Update the changelog with changes from 614 and 652

* Update CHANGELOG.md

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Prepare v0.20.0 release (#727)

---------

Signed-off-by: Lionel H <me@nullbyte.be>
Co-authored-by: Kaito Ii <kaitoii1111@gmail.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Eric Miller <eric.the.miller@icloud.com>
Co-authored-by: Takumi Sue <23391543+mikutas@users.noreply.github.com>
Co-authored-by: Jason Hancock <jhancock@netskope.com>
Co-authored-by: Vadim Grek <vadimprog@gmail.com>
Co-authored-by: nikstur <61635709+nikstur@users.noreply.github.com>
Co-authored-by: Jacob Mammoliti <jmammoliti@hashicorp.com>
Co-authored-by: Ethan J. Brown <Iristyle@users.noreply.github.com>
Co-authored-by: Michele Baldessari <michele@acksyn.org>
Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Michael Schuett <michaeljs1990@users.noreply.github.com>
Co-authored-by: Troy Fluegge <troy@hashicorp.com>
Co-authored-by: lion24 <lionel_dell24@hotmail.be>
Co-authored-by: Alvin Huang <17609145+alvin-huang@users.noreply.github.com>
Co-authored-by: Christian <thechristschn@users.noreply.github.com>
Co-authored-by: Viacheslav Vasilyev <avoidik@gmail.com>
Co-authored-by: Remco Buddelmeijer <remco.buddelmeijer@gmail.com>
Co-authored-by: Christopher Swenson <swenson@swenson.io>
Co-authored-by: gw0 <gw0@users.noreply.github.com>
Co-authored-by: Stephen Herd <sharkannon@users.noreply.github.com>
Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com>
Co-authored-by: Ellis Tarn <ellistarn@gmail.com>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* DATAGO-59401: Upgrading vault to 1.11.x (#18)

* add staticSecretRenderInterval to injector (#621)

* make staticSecretRenderInterval default to empty string

* update values schema to add staticSecretRenderInterval

* add test for default value

* adding changelog entry

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update jira action (#644)

* No longer check for Vault team membership
* Tweak jira states and search parameters

* remove support for the leader-elector container (#649)

* vault-helm 0.18.0 release (#650)

* Run CI tests in github workflows  (#657)

Ports the bats unit, chart-verifier, and bats acceptance tests to use
github workflows and actions. The acceptance tests run using kind, and
run for multiple k8s versions, on pushes to the main branch.

Adds a SKIP_CSI env check in the CSI acceptance test, set in the
workflow …
xiaocongji added a commit to SolaceDev/vault-helm that referenced this pull request Aug 25, 2023
* add staticSecretRenderInterval to injector (#621)

* make staticSecretRenderInterval default to empty string

* update values schema to add staticSecretRenderInterval

* add test for default value

* adding changelog entry

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update jira action (#644)

* No longer check for Vault team membership
* Tweak jira states and search parameters

* remove support for the leader-elector container (#649)

* vault-helm 0.18.0 release (#650)

* Run CI tests in github workflows  (#657)

Ports the bats unit, chart-verifier, and bats acceptance tests to use
github workflows and actions. The acceptance tests run using kind, and
run for multiple k8s versions, on pushes to the main branch.

Adds a SKIP_CSI env check in the CSI acceptance test, set in the
workflow if K8s version is less than 1.16.

Adds kubeAdmConfigPatches to the kind config to allow testing the CSI
provider on K8s versions prior to 1.21.

Updates the Secrets Store CSI driver to 1.0.0 in tests.

Makes the HA Vault tests more robust by waiting for all consul client
pods to be Ready, and waits with a timeout for Vault to start
responding as sealed (since the tests on GitHub runners were often
failing at that point).

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Configurable PodDisruptionBudget for Injector (#653)

* Fix spelling error in server disruptionbudget test (#654)

* Make terminationGracePeriodSeconds configurable (#659)

Make terminationGracePeriodSeconds configurable for server pod

* injector: ability to set deployment update strategy (continued) (#661)

Co-authored-by: Jason Hancock <jhancock@netskope.com>

* csi: ability to set priorityClassName for csi daemonset pods (#670)

* Fixed a small typo (#672)

* Disable unit and acceptance tests in CircleCI (#675)

* update CONTRIBUTING.md (#677)

Link to the discuss forum instead of the old google group and irc
channel. Add info about the CLA.

* add namespace support for openshift route (#679)

* Add volumes and env vars to helm hook test pod (#673)

* Fix test typo

* Add basic server-test Pod tests

 - This covers all existing functionality that matches what's
   present in server-statefulset.bats

* Fix server-test helm hook Pod rendering

 - Properly adhere to the global.enabled flag and the presence of
   the injector.externalVaultAddr setting, the same way that
   the servers StatefulSet behaves

* Add volumes and env vars to helm hook test pod

 - Uses the same extraEnvironmentVars, volumes and volumeMounts set on
   the server statefulset to configure the Vault server test pod used by
   the helm test hook
 - This is necessary in situations where TLS is configured, but the
   certificates are not affiliated with the k8s CA / part of k8s PKI

 - Fixes GH-665

* allow injection of TLS config for OpenShift routes (#686)

* Add some tests on top of #396

* convert server-route.yaml to unix newlines

* changelog

Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Release 0.19.0 (#687)

* Add extraLabels for CSI DaemonSet (#690)

* Updated hashicorp/vault-csi-provider image to v1.0.0 (#689)

* Fix unit test assertions (#693)

* vault: bump image to 1.9.3 (#695)

Signed-off-by: Lionel H <me@nullbyte.be>

* changelog++ (#699)

* change helm trigger branch from master to main (#700)

* Add namespace to injector-leader-elector role, rolebinding and secret (#683)

* allow to configure publishNotReadyAddresses on server services (#694)

* Maintain pre-existing Mutating Webhook default values for Kubernetes 1.22 (#692)

* Prepare default values for MutatingWebhookConfiguration #691
* Add values.yaml values to injector-mutating-webhook.yaml #691
* Duplicate and deprecate top-level webhook settings and put them in a webhook object
* Made the new values default with the fallback to the old values.yaml
* Fix _helpers.tpl to support both old and new webhook annotations
* Add new tests and deprecate old ones for injector webhook configuration
* Old tests now work with old values.yaml
* Add all new fields showing that they have priority over old ones
* Add deprecation note to injector.failurePolicy #691

* VAULT-571 Matching documented behavior and consul (#703)

VAULT-571 Matching documented behavior and consul

Consul's helm template defaults most of the enabled to the special value
`"-"`, which means to inherit from global. This is what is implied
should happen in Vault as well according to the documentation for the
helm chart:

> [global.enabled] The master enabled/disabled configuration. If this is
> true, most components will be installed by default. If this is false,
> no components will be installed by default and manually opting-in is
> required, such as by setting server.enabled to true.

(https://www.vaultproject.io/docs/platform/k8s/helm/configuration#enabled)

We also simplified the chart logic using a few template helpers.

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update k8s versions (#706)

* tests: updating the four most recent k8s versions

* bump oldest version to 1.16

* docs, Chart.yaml, and changelog for 1.14 -> 1.16

* Fix values schema to support config in YAML (#684)

* Support policy/v1 disruptionbudget beyond kube 1.21 (#710)

Issue #667, adding updates to the disruptionbudget to support new
non beta spec beyond kube 1.21

* Remove unncessary template calls (#712)

- As part of VAULT-571 / #703 in 7109159, a new vault.serverEnabled
   template was added (and included in vault.mode)

   Various templates were updated accordingly, but those that were
   already calling vault.mode had an additonal call to
   vault.serverEnabled made which was unnecessary

   Remove those

* Issue 629: updated to allow customization of the CLUSTER_ADDR the same… (#709)

* Issue #629 Updates to allow customization of the CLUSTER_ADDR and unit tests to go with it

* Issue-#629 removing extra whitespace I added accidently.

* Issue-#629 fixing extra whitespace added.

* Update values.yaml

Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com>

* Issue #629 adding changelog

Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com>

* VAULT-5838 Update CSI provider to 1.1.0 (#721)

* VAULT-5838 Update CSI provider to 1.1.0

* Update test/acceptance/csi.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* VUALT-5838 Restore Secrets Store CSI driver to 1.0.0 (#722)

1.0.1+ seems to only support Kubernetes 1.19+, so we break support for
1.16 if we upgrade

* Implement support for Topology Spread Constraints (#652)

* Implemented support for topology spread constraints

* Update values.yaml

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* Update values.yaml

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* Add topologySpreadConstraints to values schema

* Implement injector deployment topology spread UTs

* also remove string from the relevant schema types

* Implement injector statefulset topology spread UTs

* Implement injector HA statefulset topology UTs

* Allow topologySpreadConstraints to be a string

Co-authored-by: Ellis Tarn <ellistarn@gmail.com>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Christopher Swenson <swenson@swenson.io>

* Update the changelog with changes from 614 and 652 (#723)

* Update the changelog with changes from 614 and 652

* Update CHANGELOG.md

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Prepare v0.20.0 release (#727)

* Fix CSI acceptance tests (#728)

* Update minimum required helm version in readme (#730)

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Restore missing 'vault' service account (#737)

Our tutorials rely on this service account being present even if we are
using an external Vault.

The `values.yaml` also states that external Vaults are expected to use
this service account.

For example,
https://learn.hashicorp.com/tutorials/vault/kubernetes-external-vault?in=vault/kubernetes#install-the-vault-helm-chart-configured-to-address-an-external-vault

* Set default object selector for webhooks to exclude injector itself (#736)

Set default object selector for webhooks to exclude injector itself

If `injector.failurePolicy` is set to `Fail`, there is a race condition
where if the mutating webhook config is setup before the injector, then
the injector can fail to start because it tries to inject itself.

We can work around this by ignoring the injector pod in in the webhook
by default.

Thanks to @joeyslalom for the object selector to exclude the pod.

Fixes https://github.com/hashicorp/vault-k8s/issues/258

* Prepare for release 0.20.1 (#739)

Prepare for release 0.20.1

Improvements:
* `vault-k8s` updated to 0.16.1

CHANGES:
* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Mention minimum helm version in changelog (#742)

Also add a features section to 0.20.0

* Start testing against Kubernetes 1.24 (#744)

Start testing against Kubernetes 1.24

Update .github/workflows/acceptance.yaml

Remove skip csi

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update .helmignore (#732)

Review .helmignore file, ignore CI in chart

* Set VAULT_ADDR env var for CSI Provider pods (#745)

* Support to add annotations in injector serviceaccount (#753)

* changelog++ (#757)

* jira-sync: transition to "Closed" not "Close" (#758)

* Add support for nodePort for active and standby services (#610)

* Feat/adding pod and container security context (#750)

Allow the injector's pod- and container-level securityContext to be
fully specified by the user, via new options
`injector.securityContext.pod` and
`injector.securityContext.container` with more complete
defaults. Deprecates `injector.uid` and `injector.gid`.

If `injector.uid` or `injector.gid` are set by the user, the old pod
securityContext settings will be used. Otherwise the new defaults and
settings are used.

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Changelog and schema update for active/standby node port (#761)

* Changelog and schema update for active/standby node port

Follow-up to https://github.com/hashicorp/vault-helm/pull/610

* changelog++ and json schema update (#762)

Changelog updates for #750, and json schema update.

* Update jira sync (#768)

* csi/server.statefulset: custom security context (#767)

csi/server.statefulset: custom security context

This adds flexibility to have custom pod template and container
`securityContext` and preserves current default values and behavior.

Fixes https://github.com/hashicorp/vault-helm/issues/663.

This also is a way to address https://github.com/hashicorp/vault-helm/pull/599
so that people can specify, for example, the CSI to run in a privileged
container for OpenShift.

This is a follow-up to https://github.com/hashicorp/vault-helm/pull/750
and builds on the same principles.

Side note: I am not able to run `helm schema-gen` since it is
unmaintained and does not work with M1 Macs.

* Prepare for 0.21.0 release (#771)

Prepare for 0.21.0 release

CHANGES:
* `vault-k8s` updated to 0.17.0. (this)
* `vault-csi-provider` updated to 1.2.0 (this)
* `vault` updated to 1.11.2 (this)
* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)

Features:
* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)

* DOC: Minor typos fixes (#669)

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* update values comments for server.securityContext (#778)

Since container is empty for openshift.

* CI: run acceptance tests on push to any (#781)

* Add support for the Prometheus Operator (#772)

support collecting Vault server metrics by deploying PrometheusOperator
CustomResources.

Co-authored-by: Sam Weston <weston.sam@gmail.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update vault-k8s to 1.0.0 (#784)

Update vault-k8s to 1.0.0

Also update Kubernetes versions tested against, including adding 1.25

Update consul in tests for Kubernetes 1.25 support

* Prepare for 0.22.0 release (#785)

Prepare for 0.21.1 release

* Update Vault to 1.11.3

* Add server.hostNetwork option (#775)

* [COMPLIANCE] Add MPL 2.0 LICENSE (#800)

Co-authored-by: hashicorp-copywrite[bot] <noreply@hashicorp.com>

* Prepare to release to 0.22.1 (#803)

* Prepare to release to 0.22.1

* Revert chart verifier update for now

* Remove unused jobs from CircleCI config

* Fix CircleCI config (#804)

* Fix CircleCI config

* Add manual trigger option

* Add extraLabels for Vault server serviceAccount (#806)

* Quote `.server.ha.clusterAddr` value (#810)

* Support selectively disabling active/standby services and service discovery role (#811)

* server: Allow disabling the instance selector for services (#813)

* Prepare for 0.23.0 release (#814)

* Amending docs (#828)

* swap helm charts call to GHA (#840)

* swap helm charts call to GHA

* fix path for gh utility

* Call helm publish workflow by file name without path (#843)

* adding SPDX copyright headers (#844)

* Fix typo in telemetry example (#846)

Also in the telemetry test

* Add extraPorts property (#841)

* fix: remove k8s 1.16 from acceptance testing (#848)

* remove 1.16 from the versions tested in .github/workflows/acceptance.yaml as kind no longer supports creating a k8s 1.16 cluster
* update vault-helm's minimum support k8s version to 1.20 in README and Chart.yaml
* refactor server-ingress's templating and unit tests applied to k8s versions < 1.20

* feat: make injector livenessProbe and readinessProbe configurable and add configurable startupProbe (#852)

* Updating GHA and default Vault version (#863)

Test with latest kind k8s versions 1.22-1.26. Remove support for old
disruptionbudget and ingress APIs (pre 1.22).

Pin all actions to SHAs, and use the common jira sync.

Update the default Vault version to v1.13.1.

Update chart-verifier used in tests to 1.10.1, also add an openshift
name annotation to Chart.yaml (one of the required checks).

* Add portnumber (#831)

* Add configurable Port Number in readinessProbe and livenessProbe for the server-statefulset.
Co-authored-by: Kyle Schochenmaier <kyle.schochenmaier@hashicorp.com>

* Add changelog for #831 (#867)

* Add changelog for #831
* fixes bats test

* Add Vault Agent sidecar to CSI Provider (#749)

Adds Agent as a sidecar for the CSI Provider to:

* Cache k8s auth login leases
* Cache secret leases
* Automatically renew renewable leases in the background

* Prepare for 0.24.0 release (#868)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)

* Add objectSelector to webhookconfiguration (#456)

* changelog++

* Add CSI secrets store provider (#461)

* updating acceptance tests to k8s 1.17 on gke (#473)

* changelog++

* Target vault-csi-provider release 0.1.0 (#475)

* Update to 0.10.0 (#477)

* Update to v0.10.0

* Fix typo

* Add csi link in changelog

* Add volumes and mounts support for CSI (#479)

* Remove extraVolumes from CSI, add volumes and mounts

* Add better example

* changelog++

* Remove extra word in readme (#482)

* fix csi helm deployment (#486)

* fix serviceaccount and clusterrole name reference (full name)

* add server.enabled option, align with documentation

* add unit tests

* update server.enabled behaviour to explicit true and update tests

* changelog++

* add hostNetwork value to injector deployment (#471)

* add hostNetwork value to injector deployment

* adding unit tests

* changelog++

* feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (#460)

Refs #361

* changelog++

* Add logLevel and logFormat values for Vault (#488)

* Add logLevel and logFormat values for Vault

* Add configurable tests

* Update order of log levels

* Update values.yaml

* Update per review

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* changelog++

* Custom value of agent port  (#489)

* configure the agent port

* add unit test

* remove default

* remove default

* Update values.yaml

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* Add injector agent default overrides (#493)

* Add injector agent default overrides

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* [injector] Add port name in injector service (#495)

* [injector] Add port name in injector service

* [injector] Hardcore port to https

* changelog++

* Fix injector unit test failing (#496)

* Fix injector unit test failing

* Add null check

* Add default if unset for CI

* Remove redundant logic (#434)

* Update to v0.11.0 (#497)

* Add container based tests documentation (#492)

* update documentation with running unit tests using container

* promote bats version to 1.3.0

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Set kubeVersion and added chart-verifier tests (#510)

Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats
test, and configured to run it in CI. Some verification tests that
haven't been addressed yet are skipped.

* changelog++

* match kubeVersion on semver pre-releases (#512)

Since clouds like GKE set their kubeVersion as a
pre-release (e.g. v1.17.17-gke.6700)

* Add ImagePullSecrets to CSI daemonset (#519)

* changelog++

* changelog++

* fix CONTRIBUTING.md (#501)

* updating to use new dedicated context and token (#515)

* added values json schema (#513)

Generated the schema using the helm schema-gen plugin, and added extra
data types to fields that allow it, such as annotations, tolerations,
enabled, etc. Enabled the "contains-value-schema" chart-verifier test.

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* [Issue-520] tolerations for csi-daemonset (#521)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* Add extraArgs value for CSI (#526)

* changelog++

* add schema unit tests (#530)

* Add UI targetPort option (#437)

Use custom `targetPort` for UI service. See the usecase in https://github.com/hashicorp/vault-helm/issues/385#issuecomment-749560213

* changelog++

* Update to v0.12.0 (#532)

* Update to v0.12.0

* Update values.schema.json

* Fix schema types

* revert image repo

* Adding helm test for vault server (#531)

Also adds acceptance test for 'helm test' and updates the
chart-verifier version.

* changelog++

* fix ui.serviceNodePort schema (#537)

UI service nodePort defaults to null, but is set as an integer

* changelog++

* change maxUnavailable to integer (#535)

change maxUnavailable from `null` to `integer` to enable upgrade from
0.11.0 to 0.12.0 when using the specific variable.

* Also allow null value

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* add test for server.ha.disruptionBudget.maxUnavailable

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* use vault-helm-test:0.2.0 (#543)

* Added webhook-certs volume mount to sidecar injector (#545)

* Removed webhook-certs volume mount from leader-elector container

* Added test: injector deployment manual TLS adds volume mount

* changelog++

* Adding server.enterpriseLicense (#547)

Sets up a vault-enterprise license for autoloading on vault
startup. Mounts an existing secret to /vault/license and sets
VAULT_LICENSE_PATH appropriately.

* changelog++

* Add openshift overrides (#549)

Adds default overrides for OpenShift (values.openshift.yaml) and uses
them in the chart-verifier tests.

* changelog++

* Update to v0.13.0 (#554)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade to 1.7.9

* chore(DATAGO-27002): Fix doc issue

Co-authored-by: guru1306 <tguru.ece@gmail.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Paul <paul.coignet@datadoghq.com>
Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com>
Co-authored-by: Paul Witt <paul_witt@discovery.com>
Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com>
Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com>
Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com>
Co-authored-by: mehmetsalgar <salgarm@gmx.de>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Iñigo Horcajo <inigohu@gmail.com>
Co-authored-by: Rule88 <rule88@users.noreply.github.com>
Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com>
Co-authored-by: Julian Setiawan <julian.setiawan@solace.com>
Co-authored-by: marcboudreau <marc.boudreau@solace.com>
Co-authored-by: Hadie Laham <hadie.laham@solace.com>

* fix: deploy_local.sh error with file

* minor changes

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)

* Add objectSelector to webhookconfiguration (#456)

* changelog++

* Add CSI secrets store provider (#461)

* updating acceptance tests to k8s 1.17 on gke (#473)

* changelog++

* Target vault-csi-provider release 0.1.0 (#475)

* Update to 0.10.0 (#477)

* Update to v0.10.0

* Fix typo

* Add csi link in changelog

* Add volumes and mounts support for CSI (#479)

* Remove extraVolumes from CSI, add volumes and mounts

* Add better example

* changelog++

* Remove extra word in readme (#482)

* fix csi helm deployment (#486)

* fix serviceaccount and clusterrole name reference (full name)

* add server.enabled option, align with documentation

* add unit tests

* update server.enabled behaviour to explicit true and update tests

* changelog++

* add hostNetwork value to injector deployment (#471)

* add hostNetwork value to injector deployment

* adding unit tests

* changelog++

* feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (#460)

Refs #361

* changelog++

* Add logLevel and logFormat values for Vault (#488)

* Add logLevel and logFormat values for Vault

* Add configurable tests

* Update order of log levels

* Update values.yaml

* Update per review

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* changelog++

* Custom value of agent port  (#489)

* configure the agent port

* add unit test

* remove default

* remove default

* Update values.yaml

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* Add injector agent default overrides (#493)

* Add injector agent default overrides

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* [injector] Add port name in injector service (#495)

* [injector] Add port name in injector service

* [injector] Hardcore port to https

* changelog++

* Fix injector unit test failing (#496)

* Fix injector unit test failing

* Add null check

* Add default if unset for CI

* Remove redundant logic (#434)

* Update to v0.11.0 (#497)

* Add container based tests documentation (#492)

* update documentation with running unit tests using container

* promote bats version to 1.3.0

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Set kubeVersion and added chart-verifier tests (#510)

Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats
test, and configured to run it in CI. Some verification tests that
haven't been addressed yet are skipped.

* changelog++

* match kubeVersion on semver pre-releases (#512)

Since clouds like GKE set their kubeVersion as a
pre-release (e.g. v1.17.17-gke.6700)

* Add ImagePullSecrets to CSI daemonset (#519)

* changelog++

* changelog++

* fix CONTRIBUTING.md (#501)

* updating to use new dedicated context and token (#515)

* added values json schema (#513)

Generated the schema using the helm schema-gen plugin, and added extra
data types to fields that allow it, such as annotations, tolerations,
enabled, etc. Enabled the "contains-value-schema" chart-verifier test.

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* [Issue-520] tolerations for csi-daemonset (#521)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* Add extraArgs value for CSI (#526)

* changelog++

* add schema unit tests (#530)

* Add UI targetPort option (#437)

Use custom `targetPort` for UI service. See the usecase in https://github.com/hashicorp/vault-helm/issues/385#issuecomment-749560213

* changelog++

* Update to v0.12.0 (#532)

* Update to v0.12.0

* Update values.schema.json

* Fix schema types

* revert image repo

* Adding helm test for vault server (#531)

Also adds acceptance test for 'helm test' and updates the
chart-verifier version.

* changelog++

* fix ui.serviceNodePort schema (#537)

UI service nodePort defaults to null, but is set as an integer

* changelog++

* change maxUnavailable to integer (#535)

change maxUnavailable from `null` to `integer` to enable upgrade from
0.11.0 to 0.12.0 when using the specific variable.

* Also allow null value

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* add test for server.ha.disruptionBudget.maxUnavailable

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* use vault-helm-test:0.2.0 (#543)

* Added webhook-certs volume mount to sidecar injector (#545)

* Removed webhook-certs volume mount from leader-elector container

* Added test: injector deployment manual TLS adds volume mount

* changelog++

* Adding server.enterpriseLicense (#547)

Sets up a vault-enterprise license for autoloading on vault
startup. Mounts an existing secret to /vault/license and sets
VAULT_LICENSE_PATH appropriately.

* changelog++

* Add openshift overrides (#549)

Adds default overrides for OpenShift (values.openshift.yaml) and uses
them in the chart-verifier tests.

* changelog++

* Update to v0.13.0 (#554)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade to 1.7.9

* chore(DATAGO-27002): Fix doc issue

Co-authored-by: guru1306 <tguru.ece@gmail.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Paul <paul.coignet@datadoghq.com>
Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com>
Co-authored-by: Paul Witt <paul_witt@discovery.com>
Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com>
Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com>
Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com>
Co-authored-by: mehmetsalgar <salgarm@gmx.de>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Iñigo Horcajo <inigohu@gmail.com>
Co-authored-by: Rule88 <rule88@users.noreply.github.com>
Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com>
Co-authored-by: Julian Setiawan <julian.setiawan@solace.com>
Co-authored-by: marcboudreau <marc.boudreau@solace.com>
Co-authored-by: Hadie Laham <hadie.laham@solace.com>

* Datago 30304/upgrading vault to 1.9.2 (#14)

* add staticSecretRenderInterval to injector (#621)

* make staticSecretRenderInterval default to empty string

* update values schema to add staticSecretRenderInterval

* add test for default value

* adding changelog entry

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update jira action (#644)

* No longer check for Vault team membership
* Tweak jira states and search parameters

* remove support for the leader-elector container (#649)

* vault-helm 0.18.0 release (#650)

* Run CI tests in github workflows  (#657)

Ports the bats unit, chart-verifier, and bats acceptance tests to use
github workflows and actions. The acceptance tests run using kind, and
run for multiple k8s versions, on pushes to the main branch.

Adds a SKIP_CSI env check in the CSI acceptance test, set in the
workflow if K8s version is less than 1.16.

Adds kubeAdmConfigPatches to the kind config to allow testing the CSI
provider on K8s versions prior to 1.21.

Updates the Secrets Store CSI driver to 1.0.0 in tests.

Makes the HA Vault tests more robust by waiting for all consul client
pods to be Ready, and waits with a timeout for Vault to start
responding as sealed (since the tests on GitHub runners were often
failing at that point).

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Configurable PodDisruptionBudget for Injector (#653)

* Fix spelling error in server disruptionbudget test (#654)

* Make terminationGracePeriodSeconds configurable (#659)

Make terminationGracePeriodSeconds configurable for server pod

* injector: ability to set deployment update strategy (continued) (#661)

Co-authored-by: Jason Hancock <jhancock@netskope.com>

* csi: ability to set priorityClassName for csi daemonset pods (#670)

* Fixed a small typo (#672)

* Disable unit and acceptance tests in CircleCI (#675)

* update CONTRIBUTING.md (#677)

Link to the discuss forum instead of the old google group and irc
channel. Add info about the CLA.

* add namespace support for openshift route (#679)

* Add volumes and env vars to helm hook test pod (#673)

* Fix test typo

* Add basic server-test Pod tests

 - This covers all existing functionality that matches what's
   present in server-statefulset.bats

* Fix server-test helm hook Pod rendering

 - Properly adhere to the global.enabled flag and the presence of
   the injector.externalVaultAddr setting, the same way that
   the servers StatefulSet behaves

* Add volumes and env vars to helm hook test pod

 - Uses the same extraEnvironmentVars, volumes and volumeMounts set on
   the server statefulset to configure the Vault server test pod used by
   the helm test hook
 - This is necessary in situations where TLS is configured, but the
   certificates are not affiliated with the k8s CA / part of k8s PKI

 - Fixes GH-665

* allow injection of TLS config for OpenShift routes (#686)

* Add some tests on top of #396

* convert server-route.yaml to unix newlines

* changelog

Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Release 0.19.0 (#687)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* Update to 0.4.0

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)

* Add objectSelector to webhookconfiguration (#456)

* changelog++

* Add CSI secrets store provider (#461)

* updating acceptance tests to k8s 1.17 on gke (#473)

* changelog++

* Target vault-csi-provider release 0.1.0 (#475)

* Update to 0.10.0 (#477)

* Update to v0.10.0

* Fix typo

* Add csi link in changelog

* Add volumes and mounts support for CSI (#479)

* Remove extraVolumes from CSI, add volumes and mounts

* Add better example

* changelog++

* Remove extra word in readme (#482)

* fix csi helm deployment (#486)

* fix serviceaccount and clusterrole name reference (full name)

* add server.enabled option, align with documentation

* add unit tests

* update server.enabled behaviour to explicit true and update tests

* changelog++

* add hostNetwork value to injector deployment (#471)

* add hostNetwork value to injector deployment

* adding unit tests

* changelog++

* feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (#460)

Refs #361

* changelog++

* Add logLevel and logFormat values for Vault (#488)

* Add logLevel and logFormat values for Vault

* Add configurable tests

* Update order of log levels

* Update values.yaml

* Update per review

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* changelog++

* Custom value of agent port  (#489)

* configure the agent port

* add unit test

* remove default

* remove default

* Update values.yaml

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* Add injector agent default overrides (#493)

* Add injector agent default overrides

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* [injector] Add port name in injector service (#495)

* [injector] Add port name in injector service

* [injector] Hardcore port to https

* changelog++

* Fix injector unit test failing (#496)

* Fix injector unit test failing

* Add null check

* Add default if unset for CI

* Remove redundant logic (#434)

* Update to v0.11.0 (#497)

* Add container based tests documentation (#492)

* update documentation with running unit tests using container

* promote bats version to 1.3.0

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Set kubeVersion and added chart-verifier tests (#510)

Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats
test, and configured to run it in CI. Some verification tests that
haven't been addressed yet are skipped.

* changelog++

* match kubeVersion on semver pre-releases (#512)

Since clouds like GKE set their kubeVersion as a
pre-release (e.g. v1.17.17-gke.6700)

* Add ImagePullSecrets to CSI daemonset (#519)

* changelog++

* changelog++

* fix CONTRIBUTING.md (#501)

* updating to use new dedicated context and token (#515)

* added values json schema (#513)

Generated the schema using the helm schema-gen plugin, and added extra
data types to fields that allow it, such as annotations, tolerations,
enabled, etc. Enabled the "contains-value-schema" chart-verifier test.

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* [Issue-520] tolerations for csi-daemonset (#521)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* Add extraArgs value for CSI (#526)

* changelog++

* add schema unit tests (#530)

* Add UI targetPort option (#437)

Use custom `targetPort` for UI service. See the usecase in https://github.com/hashicorp/vault-helm/issues/385#issuecomment-749560213

* changelog++

* Update to v0.12.0 (#532)

* Update to v0.12.0

* Update values.schema.json

* Fix schema types

* revert image repo

* Adding helm test for vault server (#531)

Also adds acceptance test for 'helm test' and updates the
chart-verifier version.

* changelog++

* fix ui.serviceNodePort schema (#537)

UI service nodePort defaults to null, but is set as an integer

* changelog++

* change maxUnavailable to integer (#535)

change maxUnavailable from `null` to `integer` to enable upgrade from
0.11.0 to 0.12.0 when using the specific variable.

* Also allow null value

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* add test for server.ha.disruptionBudget.maxUnavailable

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* use vault-helm-test:0.2.0 (#543)

* Added webhook-certs volume mount to sidecar injector (#545)

* Removed webhook-certs volume mount from leader-elector container

* Added test: injector deployment manual TLS adds volume mount

* changelog++

* Adding server.enterpriseLicense (#547)

Sets up a vault-enterprise license for autoloading on vault
startup. Mounts an existing secret to /vault/license and sets
VAULT_LICENSE_PATH appropriately.

* changelog++

* Add openshift overrides (#549)

Adds default overrides for OpenShift (values.openshift.yaml) and uses
them in the chart-verifier tests.

* changelog++

* Update to v0.13.0 (#554)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade to 1.7.9

* chore(DATAGO-27002): Fix doc issue

Co-authored-by: guru1306 <tguru.ece@gmail.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Paul <paul.coignet@datadoghq.com>
Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com>
Co-authored-by: Paul Witt <paul_witt@discovery.com>
Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com>
Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com>
Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com>
Co-authored-by: mehmetsalgar <salgarm@gmx.de>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Iñigo Horcajo <inigohu@gmail.com>
Co-authored-by: Rule88 <rule88@users.noreply.github.com>
Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com>
Co-authored-by: Julian Setiawan <julian.setiawan@solace.com>
Co-authored-by: marcboudreau <marc.boudreau@solace.com>
Co-authored-by: Hadie Laham <hadie.laham@solace.com>

* fix: deploy_local.sh error with file

* minor changes

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)

* Add objectSelector to webhookconfiguration (#456)

* changelog++

* Add CSI secrets store provider (#461)

* updating acceptance tests to k8s 1.17 on gke (#473)

* changelog++

* Target vault-csi-provider release 0.1.0 (#475)

* Update to 0.10.0 (#477)

* Update to v0.10.0

* Fix typo

* Add csi link in changelog

* Add volumes and mounts support for CSI (#479)

* Remove extraVolumes from CSI, add volumes and mounts

* Add better example

* changelog++

* Remove extra word in readme (#482)

* fix csi helm deployment (#486)

* fix serviceaccount and clusterrole name reference (full name)

* add server.enabled option, align with documentation

* add unit tests

* update server.enabled behaviour to explicit true and update tests

* changelog++

* add hostNetwork value to injector deployment (#471)

* add hostNetwork value to injector deployment

* adding unit tests

* changelog++

* feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (#460)

Refs #361

* changelog++

* Add logLevel and logFormat values for Vault (#488)

* Add logLevel and logFormat values for Vault

* Add configurable tests

* Update order of log levels

* Update values.yaml

* Update per review

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* changelog++

* Custom value of agent port  (#489)

* configure the agent port

* add unit test

* remove default

* remove default

* Update values.yaml

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* Add injector agent default overrides (#493)

* Add injector agent default overrides

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* [injector] Add port name in injector service (#495)

* [injector] Add port name in injector service

* [injector] Hardcore port to https

* changelog++

* Fix injector unit test failing (#496)

* Fix injector unit test failing

* Add null check

* Add default if unset for CI

* Remove redundant logic (#434)

* Update to v0.11.0 (#497)

* Add container based tests documentation (#492)

* update documentation with running unit tests using container

* promote bats version to 1.3.0

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Set kubeVersion and added chart-verifier tests (#510)

Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats
test, and configured to run it in CI. Some verification tests that
haven't been addressed yet are skipped.

* changelog++

* match kubeVersion on semver pre-releases (#512)

Since clouds like GKE set their kubeVersion as a
pre-release (e.g. v1.17.17-gke.6700)

* Add ImagePullSecrets to CSI daemonset (#519)

* changelog++

* changelog++

* fix CONTRIBUTING.md (#501)

* updating to use new dedicated context and token (#515)

* added values json schema (#513)

Generated the schema using the helm schema-gen plugin, and added extra
data types to fields that allow it, such as annotations, tolerations,
enabled, etc. Enabled the "contains-value-schema" chart-verifier test.

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* [Issue-520] tolerations for csi-daemonset (#521)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* Add extraArgs value for CSI (#526)

* changelog++

* add schema unit tests (#530)

* Add UI targetPort option (#437)

Use custom `targetPort` for UI service. See the usecase in https://github.com/hashicorp/vault-helm/issues/385#issuecomment-749560213

* changelog++

* Update to v0.12.0 (#532)

* Update to v0.12.0

* Update values.schema.json

* Fix schema types

* revert image repo

* Adding helm test for vault server (#531)

Also adds acceptance test for 'helm test' and updates the
chart-verifier version.

* changelog++

* fix ui.serviceNodePort schema (#537)

UI service nodePort defaults to null, but is set as an integer

* changelog++

* change maxUnavailable to integer (#535)

change maxUnavailable from `null` to `integer` to enable upgrade from
0.11.0 to 0.12.0 when using the specific variable.

* Also allow null value

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* add test for server.ha.disruptionBudget.maxUnavailable

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* use vault-helm-test:0.2.0 (#543)

* Added webhook-certs volume mount to sidecar injector (#545)

* Removed webhook-certs volume mount from leader-elector container

* Added test: injector deployment manual TLS adds volume mount

* changelog++

* Adding server.enterpriseLicense (#547)

Sets up a vault-enterprise license for autoloading on vault
startup. Mounts an existing secret to /vault/license and sets
VAULT_LICENSE_PATH appropriately.

* changelog++

* Add openshift overrides (#549)

Adds default overrides for OpenShift (values.openshift.yaml) and uses
them in the chart-verifier tests.

* changelog++

* Update to v0.13.0 (#554)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade to 1.7.9

* chore(DATAGO-27002): Fix doc issue

Co-authored-by: guru1306 <tguru.ece@gmail.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Paul <paul.coignet@datadoghq.com>
Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com>
Co-authored-by: Paul Witt <paul_witt@discovery.com>
Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com>
Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com>
Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com>
Co-authored-by: mehmetsalgar <salgarm@gmx.de>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Iñigo Horcajo <inigohu@gmail.com>
Co-authored-by: Rule88 <rule88@users.noreply.github.com>
Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com>
Co-authored-by: Julian Setiawan <julian.setiawan@solace.com>
Co-authored-by: marcboudreau <marc.boudreau@solace.com>
Co-authored-by: Hadie Laham <hadie.laham@solace.com>

* changed value to use tag 1.9.6

Co-authored-by: Kaito Ii <kaitoii1111@gmail.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Eric Miller <eric.the.miller@icloud.com>
Co-authored-by: Takumi Sue <23391543+mikutas@users.noreply.github.com>
Co-authored-by: Jason Hancock <jhancock@netskope.com>
Co-authored-by: Vadim Grek <vadimprog@gmail.com>
Co-authored-by: nikstur <61635709+nikstur@users.noreply.github.com>
Co-authored-by: Jacob Mammoliti <jmammoliti@hashicorp.com>
Co-authored-by: Ethan J. Brown <Iristyle@users.noreply.github.com>
Co-authored-by: Michele Baldessari <michele@acksyn.org>
Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Julian Setiawan <julian.setiawan@solace.com>
Co-authored-by: marcboudreau <marc.boudreau@solace.com>
Co-authored-by: Hadie Laham <hadie.laham@solace.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Subhrajit Nag <92374747+nagsubhrajitt@users.noreply.github.com>
Co-authored-by: guru1306 <tguru.ece@gmail.com>
Co-authored-by: Paul <paul.coignet@datadoghq.com>
Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com>
Co-authored-by: Paul Witt <paul_witt@discovery.com>
Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com>
Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com>
Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com>
Co-authored-by: mehmetsalgar <salgarm@gmx.de>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Iñigo Horcajo <inigohu@gmail.com>
Co-authored-by: Rule88 <rule88@users.noreply.github.com>
Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com>
Co-authored-by: adhish2001 <adhish.maheswaran@solace.com>

* feat(DATAGO-30305): Upgrade vault server to 1.10.x (#16)

* add staticSecretRenderInterval to injector (#621)

* make staticSecretRenderInterval default to empty string

* update values schema to add staticSecretRenderInterval

* add test for default value

* adding changelog entry

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update jira action (#644)

* No longer check for Vault team membership
* Tweak jira states and search parameters

* remove support for the leader-elector container (#649)

* vault-helm 0.18.0 release (#650)

* Run CI tests in github workflows  (#657)

Ports the bats unit, chart-verifier, and bats acceptance tests to use
github workflows and actions. The acceptance tests run using kind, and
run for multiple k8s versions, on pushes to the main branch.

Adds a SKIP_CSI env check in the CSI acceptance test, set in the
workflow if K8s version is less than 1.16.

Adds kubeAdmConfigPatches to the kind config to allow testing the CSI
provider on K8s versions prior to 1.21.

Updates the Secrets Store CSI driver to 1.0.0 in tests.

Makes the HA Vault tests more robust by waiting for all consul client
pods to be Ready, and waits with a timeout for Vault to start
responding as sealed (since the tests on GitHub runners were often
failing at that point).

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Configurable PodDisruptionBudget for Injector (#653)

* Fix spelling error in server disruptionbudget test (#654)

* Make terminationGracePeriodSeconds configurable (#659)

Make terminationGracePeriodSeconds configurable for server pod

* injector: ability to set deployment update strategy (continued) (#661)

Co-authored-by: Jason Hancock <jhancock@netskope.com>

* csi: ability to set priorityClassName for csi daemonset pods (#670)

* Fixed a small typo (#672)

* Disable unit and acceptance tests in CircleCI (#675)

* update CONTRIBUTING.md (#677)

Link to the discuss forum instead of the old google group and irc
channel. Add info about the CLA.

* add namespace support for openshift route (#679)

* Add volumes and env vars to helm hook test pod (#673)

* Fix test typo

* Add basic server-test Pod tests

 - This covers all existing functionality that matches what's
   present in server-statefulset.bats

* Fix server-test helm hook Pod rendering

 - Properly adhere to the global.enabled flag and the presence of
   the injector.externalVaultAddr setting, the same way that
   the servers StatefulSet behaves

* Add volumes and env vars to helm hook test pod

 - Uses the same extraEnvironmentVars, volumes and volumeMounts set on
   the server statefulset to configure the Vault server test pod used by
   the helm test hook
 - This is necessary in situations where TLS is configured, but the
   certificates are not affiliated with the k8s CA / part of k8s PKI

 - Fixes GH-665

* allow injection of TLS config for OpenShift routes (#686)

* Add some tests on top of #396

* convert server-route.yaml to unix newlines

* changelog

Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Release 0.19.0 (#687)

* Add extraLabels for CSI DaemonSet (#690)

* Updated hashicorp/vault-csi-provider image to v1.0.0 (#689)

* Fix unit test assertions (#693)

* vault: bump image to 1.9.3 (#695)

Signed-off-by: Lionel H <me@nullbyte.be>

* changelog++ (#699)

* change helm trigger branch from master to main (#700)

* Add namespace to injector-leader-elector role, rolebinding and secret (#683)

* allow to configure publishNotReadyAddresses on server services (#694)

* Maintain pre-existing Mutating Webhook default values for Kubernetes 1.22 (#692)

* Prepare default values for MutatingWebhookConfiguration #691
* Add values.yaml values to injector-mutating-webhook.yaml #691
* Duplicate and deprecate top-level webhook settings and put them in a webhook object
* Made the new values default with the fallback to the old values.yaml
* Fix _helpers.tpl to support both old and new webhook annotations
* Add new tests and deprecate old ones for injector webhook configuration
* Old tests now work with old values.yaml
* Add all new fields showing that they have priority over old ones
* Add deprecation note to injector.failurePolicy #691

* VAULT-571 Matching documented behavior and consul (#703)

VAULT-571 Matching documented behavior and consul

Consul's helm template defaults most of the enabled to the special value
`"-"`, which means to inherit from global. This is what is implied
should happen in Vault as well according to the documentation for the
helm chart:

> [global.enabled] The master enabled/disabled configuration. If this is
> true, most components will be installed by default. If this is false,
> no components will be installed by default and manually opting-in is
> required, such as by setting server.enabled to true.

(https://www.vaultproject.io/docs/platform/k8s/helm/configuration#enabled)

We also simplified the chart logic using a few template helpers.

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update k8s versions (#706)

* tests: updating the four most recent k8s versions

* bump oldest version to 1.16

* docs, Chart.yaml, and changelog for 1.14 -> 1.16

* Fix values schema to support config in YAML (#684)

* Support policy/v1 disruptionbudget beyond kube 1.21 (#710)

Issue #667, adding updates to the disruptionbudget to support new
non beta spec beyond kube 1.21

* Remove unncessary template calls (#712)

- As part of VAULT-571 / #703 in 7109159, a new vault.serverEnabled
   template was added (and included in vault.mode)

   Various templates were updated accordingly, but those that were
   already calling vault.mode had an additonal call to
   vault.serverEnabled made which was unnecessary

   Remove those

* Issue 629: updated to allow customization of the CLUSTER_ADDR the same… (#709)

* Issue #629 Updates to allow customization of the CLUSTER_ADDR and unit tests to go with it

* Issue-#629 removing extra whitespace I added accidently.

* Issue-#629 fixing extra whitespace added.

* Update values.yaml

Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com>

* Issue #629 adding changelog

Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com>

* VAULT-5838 Update CSI provider to 1.1.0 (#721)

* VAULT-5838 Update CSI provider to 1.1.0

* Update test/acceptance/csi.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* VUALT-5838 Restore Secrets Store CSI driver to 1.0.0 (#722)

1.0.1+ seems to only support Kubernetes 1.19+, so we break support for
1.16 if we upgrade

* Implement support for Topology Spread Constraints (#652)

* Implemented support for topology spread constraints

* Update values.yaml

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* Update values.yaml

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* Add topologySpreadConstraints to values schema

* Implement injector deployment topology spread UTs

* also remove string from the relevant schema types

* Implement injector statefulset topology spread UTs

* Implement injector HA statefulset topology UTs

* Allow topologySpreadConstraints to be a string

Co-authored-by: Ellis Tarn <ellistarn@gmail.com>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Christopher Swenson <swenson@swenson.io>

* Update the changelog with changes from 614 and 652 (#723)

* Update the changelog with changes from 614 and 652

* Update CHANGELOG.md

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Prepare v0.20.0 release (#727)

---------

Signed-off-by: Lionel H <me@nullbyte.be>
Co-authored-by: Kaito Ii <kaitoii1111@gmail.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Eric Miller <eric.the.miller@icloud.com>
Co-authored-by: Takumi Sue <23391543+mikutas@users.noreply.github.com>
Co-authored-by: Jason Hancock <jhancock@netskope.com>
Co-authored-by: Vadim Grek <vadimprog@gmail.com>
Co-authored-by: nikstur <61635709+nikstur@users.noreply.github.com>
Co-authored-by: Jacob Mammoliti <jmammoliti@hashicorp.com>
Co-authored-by: Ethan J. Brown <Iristyle@users.noreply.github.com>
Co-authored-by: Michele Baldessari <michele@acksyn.org>
Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Michael Schuett <michaeljs1990@users.noreply.github.com>
Co-authored-by: Troy Fluegge <troy@hashicorp.com>
Co-authored-by: lion24 <lionel_dell24@hotmail.be>
Co-authored-by: Alvin Huang <17609145+alvin-huang@users.noreply.github.com>
Co-authored-by: Christian <thechristschn@users.noreply.github.com>
Co-authored-by: Viacheslav Vasilyev <avoidik@gmail.com>
Co-authored-by: Remco Buddelmeijer <remco.buddelmeijer@gmail.com>
Co-authored-by: Christopher Swenson <swenson@swenson.io>
Co-authored-by: gw0 <gw0@users.noreply.github.com>
Co-authored-by: Stephen Herd <sharkannon@users.noreply.github.com>
Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com>
Co-authored-by: Ellis Tarn <ellistarn@gmail.com>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* DATAGO-59401: Upgrading vault to 1.11.x (#18)

* add staticSecretRenderInterval to injector (#621)

* make staticSecretRenderInterval default to empty string

* update values schema to add staticSecretRenderInterval

* add test for default value

* adding changelog entry

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update jira action (#644)

* No longer check for Vault team membership
* Tweak jira states and search parameters

* remove support for the leader-elector container (#649)

* vault-helm 0.18.0 release (#650)

* Run CI tests in github workflows  (#657)

Ports the bats unit, chart-verifier, and bats acceptance tests to use
github workflows and actions. The acceptance tests run using kind, and
run for multiple k8s versions, on pushes to the main branch.

Adds a SKIP_CSI env check in the CSI acceptance test, set in the
workflow if K8s version is less than 1.16.

Adds kubeAdmConfigPatches to the kind config to allow testing the CSI
provider on K8s versions prior to 1.21.

Updates the Secrets Store CSI driver to 1.0.0 in tests.

Makes the HA Vault tests more robust by waiting for all consul client
pods to be Ready, and waits with a timeout for Vault to start
responding as sealed (since the tests on GitHub runners were often
failing at that point).

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Configurable PodDisruptionBudget for Injector (#653)

* Fix spelling error in server disruptionbudget test (#654)

* Make terminationGracePeriodSeconds configurable (#659)

Make terminationGracePeriodSeconds configurable for server pod

* injector: ability to set deployment update strategy (continued) (#661)

Co-authored-by: Jason Hancock <jhancock@netskope.com>

* csi: ability to set priorityClassName for csi daemonset pods (#670)

* Fixed a small typo (#672)

* Disable unit and acceptance tests in CircleCI (#675)

* update CONTRIBUTING.md (#677)

Link to the discuss forum instead of the old google group and irc
channel. Add info about the CLA.

* add namespace support for openshift route (#679)

* Add volumes and env vars to helm hook test pod (#673)

* Fix test typo

* Add basic server-test Pod tests

 - This covers all existing functionality that matches what's
   present in server-statefulset.bats

* Fix server-test helm hook Pod rendering

 - Properly adhere to the global.enabled flag and the presence of
   the injector.externalVaultAddr setting, the same way that
   the servers StatefulSet behaves

* Add volumes and env vars to helm hook test pod

 - Uses the same extraEnvironmentVars, volumes and volumeMounts set on
   the server statefulset to configure the Vault server test pod used by
   the helm test hook
 - This is necessary in situations where TLS is configured, but the
   certificates are not affiliated with the k8s CA / part of k8s PKI

 - Fixes GH-665

* allow injection of TLS config for OpenShift routes (#686)

* Add some tests on top of #396

* convert server-route.yaml to unix newlines

* changelog

Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Release 0.19.0 (#687)

* Add ex…
xiaocongji added a commit to SolaceDev/vault-helm that referenced this pull request Aug 29, 2023
* add staticSecretRenderInterval to injector (#621)

* make staticSecretRenderInterval default to empty string

* update values schema to add staticSecretRenderInterval

* add test for default value

* adding changelog entry

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update jira action (#644)

* No longer check for Vault team membership
* Tweak jira states and search parameters

* remove support for the leader-elector container (#649)

* vault-helm 0.18.0 release (#650)

* Run CI tests in github workflows  (#657)

Ports the bats unit, chart-verifier, and bats acceptance tests to use
github workflows and actions. The acceptance tests run using kind, and
run for multiple k8s versions, on pushes to the main branch.

Adds a SKIP_CSI env check in the CSI acceptance test, set in the
workflow if K8s version is less than 1.16.

Adds kubeAdmConfigPatches to the kind config to allow testing the CSI
provider on K8s versions prior to 1.21.

Updates the Secrets Store CSI driver to 1.0.0 in tests.

Makes the HA Vault tests more robust by waiting for all consul client
pods to be Ready, and waits with a timeout for Vault to start
responding as sealed (since the tests on GitHub runners were often
failing at that point).

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Configurable PodDisruptionBudget for Injector (#653)

* Fix spelling error in server disruptionbudget test (#654)

* Make terminationGracePeriodSeconds configurable (#659)

Make terminationGracePeriodSeconds configurable for server pod

* injector: ability to set deployment update strategy (continued) (#661)

Co-authored-by: Jason Hancock <jhancock@netskope.com>

* csi: ability to set priorityClassName for csi daemonset pods (#670)

* Fixed a small typo (#672)

* Disable unit and acceptance tests in CircleCI (#675)

* update CONTRIBUTING.md (#677)

Link to the discuss forum instead of the old google group and irc
channel. Add info about the CLA.

* add namespace support for openshift route (#679)

* Add volumes and env vars to helm hook test pod (#673)

* Fix test typo

* Add basic server-test Pod tests

 - This covers all existing functionality that matches what's
   present in server-statefulset.bats

* Fix server-test helm hook Pod rendering

 - Properly adhere to the global.enabled flag and the presence of
   the injector.externalVaultAddr setting, the same way that
   the servers StatefulSet behaves

* Add volumes and env vars to helm hook test pod

 - Uses the same extraEnvironmentVars, volumes and volumeMounts set on
   the server statefulset to configure the Vault server test pod used by
   the helm test hook
 - This is necessary in situations where TLS is configured, but the
   certificates are not affiliated with the k8s CA / part of k8s PKI

 - Fixes GH-665

* allow injection of TLS config for OpenShift routes (#686)

* Add some tests on top of #396

* convert server-route.yaml to unix newlines

* changelog

Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Release 0.19.0 (#687)

* Add extraLabels for CSI DaemonSet (#690)

* Updated hashicorp/vault-csi-provider image to v1.0.0 (#689)

* Fix unit test assertions (#693)

* vault: bump image to 1.9.3 (#695)


Signed-off-by: Lionel H <me@nullbyte.be>

* changelog++ (#699)

* change helm trigger branch from master to main (#700)

* Add namespace to injector-leader-elector role, rolebinding and secret (#683)

* allow to configure publishNotReadyAddresses on server services (#694)

* Maintain pre-existing Mutating Webhook default values for Kubernetes 1.22 (#692)

* Prepare default values for MutatingWebhookConfiguration #691
* Add values.yaml values to injector-mutating-webhook.yaml #691
* Duplicate and deprecate top-level webhook settings and put them in a webhook object
* Made the new values default with the fallback to the old values.yaml
* Fix _helpers.tpl to support both old and new webhook annotations
* Add new tests and deprecate old ones for injector webhook configuration
* Old tests now work with old values.yaml
* Add all new fields showing that they have priority over old ones
* Add deprecation note to injector.failurePolicy #691

* VAULT-571 Matching documented behavior and consul (#703)

VAULT-571 Matching documented behavior and consul

Consul's helm template defaults most of the enabled to the special value
`"-"`, which means to inherit from global. This is what is implied
should happen in Vault as well according to the documentation for the
helm chart:

> [global.enabled] The master enabled/disabled configuration. If this is
> true, most components will be installed by default. If this is false,
> no components will be installed by default and manually opting-in is
> required, such as by setting server.enabled to true.

(https://www.vaultproject.io/docs/platform/k8s/helm/configuration#enabled)

We also simplified the chart logic using a few template helpers.

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update k8s versions (#706)

* tests: updating the four most recent k8s versions

* bump oldest version to 1.16

* docs, Chart.yaml, and changelog for 1.14 -> 1.16

* Fix values schema to support config in YAML (#684)

* Support policy/v1 disruptionbudget beyond kube 1.21 (#710)

Issue #667, adding updates to the disruptionbudget to support new
non beta spec beyond kube 1.21

* Remove unncessary template calls (#712)

- As part of VAULT-571 / #703 in 7109159, a new vault.serverEnabled
   template was added (and included in vault.mode)

   Various templates were updated accordingly, but those that were
   already calling vault.mode had an additonal call to
   vault.serverEnabled made which was unnecessary

   Remove those

* Issue 629: updated to allow customization of the CLUSTER_ADDR the same… (#709)

* Issue #629 Updates to allow customization of the CLUSTER_ADDR and unit tests to go with it

* Issue-#629 removing extra whitespace I added accidently.

* Issue-#629 fixing extra whitespace added.

* Update values.yaml

Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com>

* Issue #629 adding changelog

Co-authored-by: Joaco Muleiro Beltran <joaquinmuleirobeltran@gmail.com>

* VAULT-5838 Update CSI provider to 1.1.0 (#721)

* VAULT-5838 Update CSI provider to 1.1.0

* Update test/acceptance/csi.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* VUALT-5838 Restore Secrets Store CSI driver to 1.0.0 (#722)

1.0.1+ seems to only support Kubernetes 1.19+, so we break support for
1.16 if we upgrade

* Implement support for Topology Spread Constraints (#652)

* Implemented support for topology spread constraints

* Update values.yaml

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* Update values.yaml

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* Add topologySpreadConstraints to values schema

* Implement injector deployment topology spread UTs

* also remove string from the relevant schema types

* Implement injector statefulset topology spread UTs

* Implement injector HA statefulset topology UTs

* Allow topologySpreadConstraints to be a string

Co-authored-by: Ellis Tarn <ellistarn@gmail.com>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Christopher Swenson <swenson@swenson.io>

* Update the changelog with changes from 614 and 652 (#723)

* Update the changelog with changes from 614 and 652

* Update CHANGELOG.md

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Prepare v0.20.0 release (#727)

* Fix CSI acceptance tests (#728)

* Update minimum required helm version in readme (#730)

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Restore missing 'vault' service account (#737)

Our tutorials rely on this service account being present even if we are
using an external Vault.

The `values.yaml` also states that external Vaults are expected to use
this service account.

For example,
https://learn.hashicorp.com/tutorials/vault/kubernetes-external-vault?in=vault/kubernetes#install-the-vault-helm-chart-configured-to-address-an-external-vault

* Set default object selector for webhooks to exclude injector itself (#736)

Set default object selector for webhooks to exclude injector itself

If `injector.failurePolicy` is set to `Fail`, there is a race condition
where if the mutating webhook config is setup before the injector, then
the injector can fail to start because it tries to inject itself.

We can work around this by ignoring the injector pod in in the webhook
by default.

Thanks to @joeyslalom for the object selector to exclude the pod.

Fixes https://github.com/hashicorp/vault-k8s/issues/258

* Prepare for release 0.20.1 (#739)

Prepare for release 0.20.1

Improvements:
* `vault-k8s` updated to 0.16.1

CHANGES:
* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Mention minimum helm version in changelog (#742)

Also add a features section to 0.20.0

* Start testing against Kubernetes 1.24 (#744)

Start testing against Kubernetes 1.24

Update .github/workflows/acceptance.yaml

Remove skip csi

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update .helmignore (#732)

Review .helmignore file, ignore CI in chart

* Set VAULT_ADDR env var for CSI Provider pods (#745)

* Support to add annotations in injector serviceaccount (#753)

* changelog++ (#757)

* jira-sync: transition to "Closed" not "Close" (#758)

* Add support for nodePort for active and standby services (#610)

* Feat/adding pod and container security context (#750)

Allow the injector's pod- and container-level securityContext to be
fully specified by the user, via new options
`injector.securityContext.pod` and
`injector.securityContext.container` with more complete
defaults. Deprecates `injector.uid` and `injector.gid`.

If `injector.uid` or `injector.gid` are set by the user, the old pod
securityContext settings will be used. Otherwise the new defaults and
settings are used.

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Changelog and schema update for active/standby node port (#761)

* Changelog and schema update for active/standby node port

Follow-up to https://github.com/hashicorp/vault-helm/pull/610

* changelog++ and json schema update (#762)

Changelog updates for #750, and json schema update.

* Update jira sync (#768)

* csi/server.statefulset: custom security context (#767)

csi/server.statefulset: custom security context

This adds flexibility to have custom pod template and container
`securityContext` and preserves current default values and behavior.

Fixes https://github.com/hashicorp/vault-helm/issues/663.

This also is a way to address https://github.com/hashicorp/vault-helm/pull/599
so that people can specify, for example, the CSI to run in a privileged
container for OpenShift.

This is a follow-up to https://github.com/hashicorp/vault-helm/pull/750
and builds on the same principles.

Side note: I am not able to run `helm schema-gen` since it is
unmaintained and does not work with M1 Macs.

* Prepare for 0.21.0 release (#771)

Prepare for 0.21.0 release

CHANGES:
* `vault-k8s` updated to 0.17.0. (this)
* `vault-csi-provider` updated to 1.2.0 (this)
* `vault` updated to 1.11.2 (this)
* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)

Features:
* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)

* DOC: Minor typos fixes (#669)

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* update values comments for server.securityContext (#778)

Since container is empty for openshift.

* CI: run acceptance tests on push to any (#781)

* Add support for the Prometheus Operator (#772)

support collecting Vault server metrics by deploying PrometheusOperator
CustomResources.

Co-authored-by: Sam Weston <weston.sam@gmail.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update vault-k8s to 1.0.0 (#784)

Update vault-k8s to 1.0.0

Also update Kubernetes versions tested against, including adding 1.25

Update consul in tests for Kubernetes 1.25 support

* Prepare for 0.22.0 release (#785)

Prepare for 0.21.1 release

* Update Vault to 1.11.3

* Add server.hostNetwork option (#775)

* [COMPLIANCE] Add MPL 2.0 LICENSE (#800)

Co-authored-by: hashicorp-copywrite[bot] <noreply@hashicorp.com>

* Prepare to release to 0.22.1 (#803)

* Prepare to release to 0.22.1

* Revert chart verifier update for now

* Remove unused jobs from CircleCI config

* Fix CircleCI config (#804)

* Fix CircleCI config

* Add manual trigger option

* Add extraLabels for Vault server serviceAccount (#806)

* Quote `.server.ha.clusterAddr` value (#810)

* Support selectively disabling active/standby services and service discovery role (#811)

* server: Allow disabling the instance selector for services (#813)

* Prepare for 0.23.0 release (#814)

* Amending docs (#828)

* swap helm charts call to GHA (#840)

* swap helm charts call to GHA

* fix path for gh utility

* Call helm publish workflow by file name without path (#843)

* adding SPDX copyright headers (#844)

* Fix typo in telemetry example (#846)

Also in the telemetry test

* Add extraPorts property (#841)

* fix: remove k8s 1.16 from acceptance testing (#848)

* remove 1.16 from the versions tested in .github/workflows/acceptance.yaml as kind no longer supports creating a k8s 1.16 cluster
* update vault-helm's minimum support k8s version to 1.20 in README and Chart.yaml
* refactor server-ingress's templating and unit tests applied to k8s versions < 1.20

* feat: make injector livenessProbe and readinessProbe configurable and add configurable startupProbe (#852)

* Updating GHA and default Vault version (#863)

Test with latest kind k8s versions 1.22-1.26. Remove support for old
disruptionbudget and ingress APIs (pre 1.22).

Pin all actions to SHAs, and use the common jira sync.

Update the default Vault version to v1.13.1.

Update chart-verifier used in tests to 1.10.1, also add an openshift
name annotation to Chart.yaml (one of the required checks).

* Add portnumber (#831)

* Add configurable Port Number in readinessProbe and livenessProbe for the server-statefulset. 
Co-authored-by: Kyle Schochenmaier <kyle.schochenmaier@hashicorp.com>

* Add changelog for #831 (#867)

* Add changelog for #831
* fixes bats test

* Add Vault Agent sidecar to CSI Provider (#749)

Adds Agent as a sidecar for the CSI Provider to:

* Cache k8s auth login leases
* Cache secret leases
* Automatically renew renewable leases in the background

* Prepare for 0.24.0 release (#868)

* add copyright header to csi-agent-configmap.yaml (#870)

* Convert hashicorp/vault-helm to GitHub Actions (#861)

* Add workflow hashicorp/vault-helm/update-helm-charts-index

* Add workflow hashicorp/vault-helm/manual-trigger-update-helm-charts-index

* SHA-pin all 3rd-party actions

* Restrict workflow permissions

* Add actionslint

* Add dependabot

* Add CODEOWNERS

* Replace deprecated references

* fixup: First pass at cleaning up update-helm-charts-index

* fixup: move to self-hosted for access to vault

* fixup: remove vault bits, correct GHA action

* fixup: Remove manual invocation

* fixup: update CODEOWNERS

* Update CODEOWNERS

* Fix CODEOWNERS syntax

* Use common workflow for action lint

* fixup: address review feedback

* fixup: codeowners set

* Apply suggestions from code review

Co-authored-by: Alvin Huang <17609145+alvin-huang@users.noreply.github.com>

* fixup: remove slack status action

* fixup: more clear error message and correct syntax

* fixup: limit actionlint trigger to GHA paths

* fixup: glob

* fixup: incorporate emily's superior syntax

---------

Co-authored-by: Daniel Kimsey <daniel.kimsey@hashicorp.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Daniel Kimsey <90741+dekimsey@users.noreply.github.com>
Co-authored-by: Alvin Huang <17609145+alvin-huang@users.noreply.github.com>

* Remove CircelCI (#871)

Follow-up of #861 and hashicorp/gha-migration#158

* Add role for creating CSI's HMAC secret key (#872)

* Prepare for 0.24.1 release (#879)

* Fix chart version for 0.24.1 release (#880)

* Result of tsccr-helper -pin-all-workflows . (#882)

Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>

* spelling fix (#888)

* Make injected Agent ephemeral storage configurable through injector.agentDefaults (#798)

* Default prometheusRules.rules should be an empty list (#886)

Support for prometheus-operator was added in
https://github.com/hashicorp/vault-helm/pull/772 and a default empty
set of rules was defined as an empty map `{}`. However, as evidenced
by the commented out rule examples below that very same values.yaml,
this is expected to be a list, so `rules:` value should be set to an
empty list `[]`.

Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Vitaliy <vitaliyf@users.noreply.github.com>

* ci: upgrade kind-action and kind version (#899)

kind-action v1.5.0 -> v1.7.0
kind v0.17.0 -> v0.19.0

Add k8s 1.27 to testing, and update the rest of the kind image
versions.

* publishNotReadyAddresses for headless service always true (#902)

* Fix syntax for actionlint workflow (#903)

* Fix syntax for actionlint workflow
* Move .github/workflows/setup-test-tools/ -> .github/actions/setup-test-tools/
* Fix reported actionlint failures

* CSI configurable nodeSelector and affinity (#862)

* [COMPLIANCE] Add Copyright and License Headers (#905)

Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>

* csi: update affinity and nodeselector schema (#907)

array -> object

* Bump actions/checkout from 3.5.2 to 3.5.3 (#910)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/8e5e7e5ab8b370d6c329ec480221332ada57f0ab...c85c95e3d7251135ab7dc9ce3241c5835cc595a9)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/setup-go from 4.0.0 to 4.0.1 (#891)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/4d34df0c2316fe8122ab82dc22947d607c0c91f9...fac708d6674e30b6ba41289acaab6d4b75aa0753)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* ci: Fix yq command syntax (#881)

The original CCI version used an older version of yq. The syntax changed and this was missed when ported.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Prepare for 0.25.0 release (#916)

* Prepare for 0.25.0 release
* Update CSI acceptance test assertion

Starting in 1.4.0, the CSI provider caches Vault tokens locally. The main thing
we want to check is that the Agent cache is being used so that it's doing the
renewal legwork for any leased secrets, so check for the renewal log message instead
because CSI won't auth over and over anymore.

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)

* Add objectSelector to webhookconfiguration (#456)

* changelog++

* Add CSI secrets store provider (#461)

* updating acceptance tests to k8s 1.17 on gke (#473)

* changelog++

* Target vault-csi-provider release 0.1.0 (#475)

* Update to 0.10.0 (#477)

* Update to v0.10.0

* Fix typo

* Add csi link in changelog

* Add volumes and mounts support for CSI (#479)

* Remove extraVolumes from CSI, add volumes and mounts

* Add better example

* changelog++

* Remove extra word in readme (#482)

* fix csi helm deployment (#486)

* fix serviceaccount and clusterrole name reference (full name)

* add server.enabled option, align with documentation

* add unit tests

* update server.enabled behaviour to explicit true and update tests

* changelog++

* add hostNetwork value to injector deployment (#471)

* add hostNetwork value to injector deployment

* adding unit tests

* changelog++

* feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (#460)

Refs #361

* changelog++

* Add logLevel and logFormat values for Vault (#488)

* Add logLevel and logFormat values for Vault

* Add configurable tests

* Update order of log levels

* Update values.yaml

* Update per review

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* changelog++

* Custom value of agent port  (#489)

* configure the agent port

* add unit test

* remove default

* remove default

* Update values.yaml

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* Add injector agent default overrides (#493)

* Add injector agent default overrides

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* [injector] Add port name in injector service (#495)

* [injector] Add port name in injector service

* [injector] Hardcore port to https

* changelog++

* Fix injector unit test failing (#496)

* Fix injector unit test failing

* Add null check

* Add default if unset for CI

* Remove redundant logic (#434)

* Update to v0.11.0 (#497)

* Add container based tests documentation (#492)

* update documentation with running unit tests using container

* promote bats version to 1.3.0

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Set kubeVersion and added chart-verifier tests (#510)

Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats
test, and configured to run it in CI. Some verification tests that
haven't been addressed yet are skipped.

* changelog++

* match kubeVersion on semver pre-releases (#512)

Since clouds like GKE set their kubeVersion as a
pre-release (e.g. v1.17.17-gke.6700)

* Add ImagePullSecrets to CSI daemonset (#519)

* changelog++

* changelog++

* fix CONTRIBUTING.md (#501)

* updating to use new dedicated context and token (#515)

* added values json schema (#513)

Generated the schema using the helm schema-gen plugin, and added extra
data types to fields that allow it, such as annotations, tolerations,
enabled, etc. Enabled the "contains-value-schema" chart-verifier test.

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* [Issue-520] tolerations for csi-daemonset (#521)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* Add extraArgs value for CSI (#526)

* changelog++

* add schema unit tests (#530)

* Add UI targetPort option (#437)

Use custom `targetPort` for UI service. See the usecase in https://github.com/hashicorp/vault-helm/issues/385#issuecomment-749560213

* changelog++

* Update to v0.12.0 (#532)

* Update to v0.12.0

* Update values.schema.json

* Fix schema types

* revert image repo

* Adding helm test for vault server (#531)

Also adds acceptance test for 'helm test' and updates the
chart-verifier version.

* changelog++

* fix ui.serviceNodePort schema (#537)

UI service nodePort defaults to null, but is set as an integer

* changelog++

* change maxUnavailable to integer (#535)

change maxUnavailable from `null` to `integer` to enable upgrade from
0.11.0 to 0.12.0 when using the specific variable.

* Also allow null value

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* add test for server.ha.disruptionBudget.maxUnavailable

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* use vault-helm-test:0.2.0 (#543)

* Added webhook-certs volume mount to sidecar injector (#545)

* Removed webhook-certs volume mount from leader-elector container

* Added test: injector deployment manual TLS adds volume mount

* changelog++

* Adding server.enterpriseLicense (#547)

Sets up a vault-enterprise license for autoloading on vault
startup. Mounts an existing secret to /vault/license and sets
VAULT_LICENSE_PATH appropriately.

* changelog++

* Add openshift overrides (#549)

Adds default overrides for OpenShift (values.openshift.yaml) and uses
them in the chart-verifier tests.

* changelog++

* Update to v0.13.0 (#554)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade to 1.7.9

* chore(DATAGO-27002): Fix doc issue

Co-authored-by: guru1306 <tguru.ece@gmail.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Paul <paul.coignet@datadoghq.com>
Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com>
Co-authored-by: Paul Witt <paul_witt@discovery.com>
Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com>
Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com>
Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com>
Co-authored-by: mehmetsalgar <salgarm@gmx.de>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Iñigo Horcajo <inigohu@gmail.com>
Co-authored-by: Rule88 <rule88@users.noreply.github.com>
Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com>
Co-authored-by: Julian Setiawan <julian.setiawan@solace.com>
Co-authored-by: marcboudreau <marc.boudreau@solace.com>
Co-authored-by: Hadie Laham <hadie.laham@solace.com>

* fix: deploy_local.sh error with file

* minor changes

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)

* Add objectSelector to webhookconfiguration (#456)

* changelog++

* Add CSI secrets store provider (#461)

* updating acceptance tests to k8s 1.17 on gke (#473)

* changelog++

* Target vault-csi-provider release 0.1.0 (#475)

* Update to 0.10.0 (#477)

* Update to v0.10.0

* Fix typo

* Add csi link in changelog

* Add volumes and mounts support for CSI (#479)

* Remove extraVolumes from CSI, add volumes and mounts

* Add better example

* changelog++

* Remove extra word in readme (#482)

* fix csi helm deployment (#486)

* fix serviceaccount and clusterrole name reference (full name)

* add server.enabled option, align with documentation

* add unit tests

* update server.enabled behaviour to explicit true and update tests

* changelog++

* add hostNetwork value to injector deployment (#471)

* add hostNetwork value to injector deployment

* adding unit tests

* changelog++

* feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (#460)

Refs #361

* changelog++

* Add logLevel and logFormat values for Vault (#488)

* Add logLevel and logFormat values for Vault

* Add configurable tests

* Update order of log levels

* Update values.yaml

* Update per review

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* changelog++

* Custom value of agent port  (#489)

* configure the agent port

* add unit test

* remove default

* remove default

* Update values.yaml

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* Add injector agent default overrides (#493)

* Add injector agent default overrides

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* [injector] Add port name in injector service (#495)

* [injector] Add port name in injector service

* [injector] Hardcore port to https

* changelog++

* Fix injector unit test failing (#496)

* Fix injector unit test failing

* Add null check

* Add default if unset for CI

* Remove redundant logic (#434)

* Update to v0.11.0 (#497)

* Add container based tests documentation (#492)

* update documentation with running unit tests using container

* promote bats version to 1.3.0

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Set kubeVersion and added chart-verifier tests (#510)

Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats
test, and configured to run it in CI. Some verification tests that
haven't been addressed yet are skipped.

* changelog++

* match kubeVersion on semver pre-releases (#512)

Since clouds like GKE set their kubeVersion as a
pre-release (e.g. v1.17.17-gke.6700)

* Add ImagePullSecrets to CSI daemonset (#519)

* changelog++

* changelog++

* fix CONTRIBUTING.md (#501)

* updating to use new dedicated context and token (#515)

* added values json schema (#513)

Generated the schema using the helm schema-gen plugin, and added extra
data types to fields that allow it, such as annotations, tolerations,
enabled, etc. Enabled the "contains-value-schema" chart-verifier test.

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* [Issue-520] tolerations for csi-daemonset (#521)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* Add extraArgs value for CSI (#526)

* changelog++

* add schema unit tests (#530)

* Add UI targetPort option (#437)

Use custom `targetPort` for UI service. See the usecase in https://github.com/hashicorp/vault-helm/issues/385#issuecomment-749560213

* changelog++

* Update to v0.12.0 (#532)

* Update to v0.12.0

* Update values.schema.json

* Fix schema types

* revert image repo

* Adding helm test for vault server (#531)

Also adds acceptance test for 'helm test' and updates the
chart-verifier version.

* changelog++

* fix ui.serviceNodePort schema (#537)

UI service nodePort defaults to null, but is set as an integer

* changelog++

* change maxUnavailable to integer (#535)

change maxUnavailable from `null` to `integer` to enable upgrade from
0.11.0 to 0.12.0 when using the specific variable.

* Also allow null value

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* add test for server.ha.disruptionBudget.maxUnavailable

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* use vault-helm-test:0.2.0 (#543)

* Added webhook-certs volume mount to sidecar injector (#545)

* Removed webhook-certs volume mount from leader-elector container

* Added test: injector deployment manual TLS adds volume mount

* changelog++

* Adding server.enterpriseLicense (#547)

Sets up a vault-enterprise license for autoloading on vault
startup. Mounts an existing secret to /vault/license and sets
VAULT_LICENSE_PATH appropriately.

* changelog++

* Add openshift overrides (#549)

Adds default overrides for OpenShift (values.openshift.yaml) and uses
them in the chart-verifier tests.

* changelog++

* Update to v0.13.0 (#554)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade to 1.7.9

* chore(DATAGO-27002): Fix doc issue

Co-authored-by: guru1306 <tguru.ece@gmail.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Paul <paul.coignet@datadoghq.com>
Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com>
Co-authored-by: Paul Witt <paul_witt@discovery.com>
Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com>
Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com>
Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com>
Co-authored-by: mehmetsalgar <salgarm@gmx.de>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Iñigo Horcajo <inigohu@gmail.com>
Co-authored-by: Rule88 <rule88@users.noreply.github.com>
Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com>
Co-authored-by: Julian Setiawan <julian.setiawan@solace.com>
Co-authored-by: marcboudreau <marc.boudreau@solace.com>
Co-authored-by: Hadie Laham <hadie.laham@solace.com>

* Datago 30304/upgrading vault to 1.9.2 (#14)

* add staticSecretRenderInterval to injector (#621)

* make staticSecretRenderInterval default to empty string

* update values schema to add staticSecretRenderInterval

* add test for default value

* adding changelog entry

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update jira action (#644)

* No longer check for Vault team membership
* Tweak jira states and search parameters

* remove support for the leader-elector container (#649)

* vault-helm 0.18.0 release (#650)

* Run CI tests in github workflows  (#657)

Ports the bats unit, chart-verifier, and bats acceptance tests to use
github workflows and actions. The acceptance tests run using kind, and
run for multiple k8s versions, on pushes to the main branch.

Adds a SKIP_CSI env check in the CSI acceptance test, set in the
workflow if K8s version is less than 1.16.

Adds kubeAdmConfigPatches to the kind config to allow testing the CSI
provider on K8s versions prior to 1.21.

Updates the Secrets Store CSI driver to 1.0.0 in tests.

Makes the HA Vault tests more robust by waiting for all consul client
pods to be Ready, and waits with a timeout for Vault to start
responding as sealed (since the tests on GitHub runners were often
failing at that point).

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Configurable PodDisruptionBudget for Injector (#653)

* Fix spelling error in server disruptionbudget test (#654)

* Make terminationGracePeriodSeconds configurable (#659)

Make terminationGracePeriodSeconds configurable for server pod

* injector: ability to set deployment update strategy (continued) (#661)

Co-authored-by: Jason Hancock <jhancock@netskope.com>

* csi: ability to set priorityClassName for csi daemonset pods (#670)

* Fixed a small typo (#672)

* Disable unit and acceptance tests in CircleCI (#675)

* update CONTRIBUTING.md (#677)

Link to the discuss forum instead of the old google group and irc
channel. Add info about the CLA.

* add namespace support for openshift route (#679)

* Add volumes and env vars to helm hook test pod (#673)

* Fix test typo

* Add basic server-test Pod tests

 - This covers all existing functionality that matches what's
   present in server-statefulset.bats

* Fix server-test helm hook Pod rendering

 - Properly adhere to the global.enabled flag and the presence of
   the injector.externalVaultAddr setting, the same way that
   the servers StatefulSet behaves

* Add volumes and env vars to helm hook test pod

 - Uses the same extraEnvironmentVars, volumes and volumeMounts set on
   the server statefulset to configure the Vault server test pod used by
   the helm test hook
 - This is necessary in situations where TLS is configured, but the
   certificates are not affiliated with the k8s CA / part of k8s PKI

 - Fixes GH-665

* allow injection of TLS config for OpenShift routes (#686)

* Add some tests on top of #396

* convert server-route.yaml to unix newlines

* changelog

Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Release 0.19.0 (#687)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* Update to 0.4.0

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)

* Add objectSelector to webhookconfiguration (#456)

* changelog++

* Add CSI secrets store provider (#461)

* updating acceptance tests to k8s 1.17 on gke (#473)

* changelog++

* Target vault-csi-provider release 0.1.0 (#475)

* Update to 0.10.0 (#477)

* Update to v0.10.0

* Fix typo

* Add csi link in changelog

* Add volumes and mounts support for CSI (#479)

* Remove extraVolumes from CSI, add volumes and mounts

* Add better example

* changelog++

* Remove extra word in readme (#482)

* fix csi helm deployment (#486)

* fix serviceaccount and clusterrole name reference (full name)

* add server.enabled option, align with documentation

* add unit tests

* update server.enabled behaviour to explicit true and update tests

* changelog++

* add hostNetwork value to injector deployment (#471)

* add hostNetwork value to injector deployment

* adding unit tests

* changelog++

* feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (#460)

Refs #361

* changelog++

* Add logLevel and logFormat values for Vault (#488)

* Add logLevel and logFormat values for Vault

* Add configurable tests

* Update order of log levels

* Update values.yaml

* Update per review

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* changelog++

* Custom value of agent port  (#489)

* configure the agent port

* add unit test

* remove default

* remove default

* Update values.yaml

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* Add injector agent default overrides (#493)

* Add injector agent default overrides

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* [injector] Add port name in injector service (#495)

* [injector] Add port name in injector service

* [injector] Hardcore port to https

* changelog++

* Fix injector unit test failing (#496)

* Fix injector unit test failing

* Add null check

* Add default if unset for CI

* Remove redundant logic (#434)

* Update to v0.11.0 (#497)

* Add container based tests documentation (#492)

* update documentation with running unit tests using container

* promote bats version to 1.3.0

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Set kubeVersion and added chart-verifier tests (#510)

Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats
test, and configured to run it in CI. Some verification tests that
haven't been addressed yet are skipped.

* changelog++

* match kubeVersion on semver pre-releases (#512)

Since clouds like GKE set their kubeVersion as a
pre-release (e.g. v1.17.17-gke.6700)

* Add ImagePullSecrets to CSI daemonset (#519)

* changelog++

* changelog++

* fix CONTRIBUTING.md (#501)

* updating to use new dedicated context and token (#515)

* added values json schema (#513)

Generated the schema using the helm schema-gen plugin, and added extra
data types to fields that allow it, such as annotations, tolerations,
enabled, etc. Enabled the "contains-value-schema" chart-verifier test.

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* [Issue-520] tolerations for csi-daemonset (#521)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* Add extraArgs value for CSI (#526)

* changelog++

* add schema unit tests (#530)

* Add UI targetPort option (#437)

Use custom `targetPort` for UI service. See the usecase in https://github.com/hashicorp/vault-helm/issues/385#issuecomment-749560213

* changelog++

* Update to v0.12.0 (#532)

* Update to v0.12.0

* Update values.schema.json

* Fix schema types

* revert image repo

* Adding helm test for vault server (#531)

Also adds acceptance test for 'helm test' and updates the
chart-verifier version.

* changelog++

* fix ui.serviceNodePort schema (#537)

UI service nodePort defaults to null, but is set as an integer

* changelog++

* change maxUnavailable to integer (#535)

change maxUnavailable from `null` to `integer` to enable upgrade from
0.11.0 to 0.12.0 when using the specific variable.

* Also allow null value

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* add test for server.ha.disruptionBudget.maxUnavailable

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* use vault-helm-test:0.2.0 (#543)

* Added webhook-certs volume mount to sidecar injector (#545)

* Removed webhook-certs volume mount from leader-elector container

* Added test: injector deployment manual TLS adds volume mount

* changelog++

* Adding server.enterpriseLicense (#547)

Sets up a vault-enterprise license for autoloading on vault
startup. Mounts an existing secret to /vault/license and sets
VAULT_LICENSE_PATH appropriately.

* changelog++

* Add openshift overrides (#549)

Adds default overrides for OpenShift (values.openshift.yaml) and uses
them in the chart-verifier tests.

* changelog++

* Update to v0.13.0 (#554)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade to 1.7.9

* chore(DATAGO-27002): Fix doc issue

Co-authored-by: guru1306 <tguru.ece@gmail.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Paul <paul.coignet@datadoghq.com>
Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com>
Co-authored-by: Paul Witt <paul_witt@discovery.com>
Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com>
Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com>
Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com>
Co-authored-by: mehmetsalgar <salgarm@gmx.de>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Iñigo Horcajo <inigohu@gmail.com>
Co-authored-by: Rule88 <rule88@users.noreply.github.com>
Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com>
Co-authored-by: Julian Setiawan <julian.setiawan@solace.com>
Co-authored-by: marcboudreau <marc.boudreau@solace.com>
Co-authored-by: Hadie Laham <hadie.laham@solace.com>

* fix: deploy_local.sh error with file

* minor changes

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade vault to version 1.7.9 (#12)

* Add objectSelector to webhookconfiguration (#456)

* changelog++

* Add CSI secrets store provider (#461)

* updating acceptance tests to k8s 1.17 on gke (#473)

* changelog++

* Target vault-csi-provider release 0.1.0 (#475)

* Update to 0.10.0 (#477)

* Update to v0.10.0

* Fix typo

* Add csi link in changelog

* Add volumes and mounts support for CSI (#479)

* Remove extraVolumes from CSI, add volumes and mounts

* Add better example

* changelog++

* Remove extra word in readme (#482)

* fix csi helm deployment (#486)

* fix serviceaccount and clusterrole name reference (full name)

* add server.enabled option, align with documentation

* add unit tests

* update server.enabled behaviour to explicit true and update tests

* changelog++

* add hostNetwork value to injector deployment (#471)

* add hostNetwork value to injector deployment

* adding unit tests

* changelog++

* feat(ingress): Extra paths to prepend to the ingress host configuration for annotation based services (#460)

Refs #361

* changelog++

* Add logLevel and logFormat values for Vault (#488)

* Add logLevel and logFormat values for Vault

* Add configurable tests

* Update order of log levels

* Update values.yaml

* Update per review

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* changelog++

* Custom value of agent port  (#489)

* configure the agent port

* add unit test

* remove default

* remove default

* Update values.yaml

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* Add injector agent default overrides (#493)

* Add injector agent default overrides

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update test/unit/injector-deployment.bats

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* [injector] Add port name in injector service (#495)

* [injector] Add port name in injector service

* [injector] Hardcore port to https

* changelog++

* Fix injector unit test failing (#496)

* Fix injector unit test failing

* Add null check

* Add default if unset for CI

* Remove redundant logic (#434)

* Update to v0.11.0 (#497)

* Add container based tests documentation (#492)

* update documentation with running unit tests using container

* promote bats version to 1.3.0

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update CONTRIBUTING.md

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Set kubeVersion and added chart-verifier tests (#510)

Set min kubeVersion in Chart.yaml to 1.14. Added a chart-verifier bats
test, and configured to run it in CI. Some verification tests that
haven't been addressed yet are skipped.

* changelog++

* match kubeVersion on semver pre-releases (#512)

Since clouds like GKE set their kubeVersion as a
pre-release (e.g. v1.17.17-gke.6700)

* Add ImagePullSecrets to CSI daemonset (#519)

* changelog++

* changelog++

* fix CONTRIBUTING.md (#501)

* updating to use new dedicated context and token (#515)

* added values json schema (#513)

Generated the schema using the helm schema-gen plugin, and added extra
data types to fields that allow it, such as annotations, tolerations,
enabled, etc. Enabled the "contains-value-schema" chart-verifier test.

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* changelog++

* [Issue-520] tolerations for csi-daemonset (#521)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* Add extraArgs value for CSI (#526)

* changelog++

* add schema unit tests (#530)

* Add UI targetPort option (#437)

Use custom `targetPort` for UI service. See the usecase in https://github.com/hashicorp/vault-helm/issues/385#issuecomment-749560213

* changelog++

* Update to v0.12.0 (#532)

* Update to v0.12.0

* Update values.schema.json

* Fix schema types

* revert image repo

* Adding helm test for vault server (#531)

Also adds acceptance test for 'helm test' and updates the
chart-verifier version.

* changelog++

* fix ui.serviceNodePort schema (#537)

UI service nodePort defaults to null, but is set as an integer

* changelog++

* change maxUnavailable to integer (#535)

change maxUnavailable from `null` to `integer` to enable upgrade from
0.11.0 to 0.12.0 when using the specific variable.

* Also allow null value

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* add test for server.ha.disruptionBudget.maxUnavailable

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* changelog++

* use vault-helm-test:0.2.0 (#543)

* Added webhook-certs volume mount to sidecar injector (#545)

* Removed webhook-certs volume mount from leader-elector container

* Added test: injector deployment manual TLS adds volume mount

* changelog++

* Adding server.enterpriseLicense (#547)

Sets up a vault-enterprise license for autoloading on vault
startup. Mounts an existing secret to /vault/license and sets
VAULT_LICENSE_PATH appropriately.

* changelog++

* Add openshift overrides (#549)

Adds default overrides for OpenShift (values.openshift.yaml) and uses
them in the chart-verifier tests.

* changelog++

* Update to v0.13.0 (#554)

* Explain this fork in the README

* Adding support for LoadBalancerIP field in ServiceSpec

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* DATAGO-13861: Adding support for logrotate

* DATAGO-13861: Adding audit log rotation and shipment to datdog

* Fixing minor typos and removing extra lines

* feat(DATAGO-27002): Upgrade to 1.7.9

* chore(DATAGO-27002): Fix doc issue

Co-authored-by: guru1306 <tguru.ece@gmail.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Paul <paul.coignet@datadoghq.com>
Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com>
Co-authored-by: Paul Witt <paul_witt@discovery.com>
Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com>
Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com>
Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com>
Co-authored-by: mehmetsalgar <salgarm@gmx.de>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Iñigo Horcajo <inigohu@gmail.com>
Co-authored-by: Rule88 <rule88@users.noreply.github.com>
Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com>
Co-authored-by: Julian Setiawan <julian.setiawan@solace.com>
Co-authored-by: marcboudreau <marc.boudreau@solace.com>
Co-authored-by: Hadie Laham <hadie.laham@solace.com>

* changed value to use tag 1.9.6

Co-authored-by: Kaito Ii <kaitoii1111@gmail.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Eric Miller <eric.the.miller@icloud.com>
Co-authored-by: Takumi Sue <23391543+mikutas@users.noreply.github.com>
Co-authored-by: Jason Hancock <jhancock@netskope.com>
Co-authored-by: Vadim Grek <vadimprog@gmail.com>
Co-authored-by: nikstur <61635709+nikstur@users.noreply.github.com>
Co-authored-by: Jacob Mammoliti <jmammoliti@hashicorp.com>
Co-authored-by: Ethan J. Brown <Iristyle@users.noreply.github.com>
Co-authored-by: Michele Baldessari <michele@acksyn.org>
Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Julian Setiawan <julian.setiawan@solace.com>
Co-authored-by: marcboudreau <marc.boudreau@solace.com>
Co-authored-by: Hadie Laham <hadie.laham@solace.com>
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Subhrajit Nag <92374747+nagsubhrajitt@users.noreply.github.com>
Co-authored-by: guru1306 <tguru.ece@gmail.com>
Co-authored-by: Paul <paul.coignet@datadoghq.com>
Co-authored-by: Arie Lev <34907201+ArieLevs@users.noreply.github.com>
Co-authored-by: Paul Witt <paul_witt@discovery.com>
Co-authored-by: Sam Marshall <8191402+samjmarshall@users.noreply.github.com>
Co-authored-by: Hamza ZOUHAIR <34426028+HamzaZo@users.noreply.github.com>
Co-authored-by: Javier Criado Marcos <javinavales.jcm@gmail.com>
Co-authored-by: mehmetsalgar <salgarm@gmx.de>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Iñigo Horcajo <inigohu@gmail.com>
Co-authored-by: Rule88 <rule88@users.noreply.github.com>
Co-authored-by: Ricardo Gândara Pinto <rpinto@gmail.com>
Co-authored-by: adhish2001 <adhish.maheswaran@solace.com>

* feat(DATAGO-30305): Upgrade vault server to 1.10.x (#16)

* add staticSecretRenderInterval to injector (#621)

* make staticSecretRenderInterval default to empty string

* update values schema to add staticSecretRenderInterval

* add test for default value

* adding changelog entry

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update jira action (#644)

* No longer check for Vault team membership
* Tweak jira states and search parameters

* remove support for the leader-elector container (#649)

* vault-helm 0.18.0 release (#650)

* Run CI tests in github workflows  (#657)

Ports the bats unit, chart-verifier, and bats acceptance tests to use
github workflows and actions. The acceptance tests run using kind, and
run for multiple k8s versions, on pushes to the main branch.

Adds a SKIP_CSI env check in the CSI acceptance test, set in the
workflow if K8s version is less than 1.16.

Adds kubeAdmConfigPatches to the kind config to allow testing the CSI
provider on K8s versions prior to 1.21.

Updates the Secrets Store CSI driver to 1.0.0 in tests.

Makes the HA Vault tests more robust by waiting for all consul client
pods to be Ready, and waits with a timeout for Vault to start
responding as sealed (since the tests on GitHub runners were often
failing at that point).

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Configurable PodDisruptionBudget for Injector (#653)

* Fix spelling error in server disruptionbudget test (#654)

* Make terminationGracePeriodSeconds configurable (#659)

Make terminationGracePeriodSeconds configurable for server pod

* injector: ability to set deployment update strategy (continued) (#661)

Co-authored-by: Jason Hancock <jhancock@netskope.com>

* csi: ability to set priorityClassName for csi daemonset pods (#670)

* Fixed a small typo (#672)

* Disable unit and acceptance tests in CircleCI (#675)

* update CONTRIBUTING.md (#677)

Link to the discuss forum instead of the old google group and irc
channel. Add info about the CLA.

* add namespace support for openshift route (#679)

* Add volumes and env vars to helm hook test pod (#673)

* Fix test typo

* Add basic server-test Pod tests

 - This covers all existing functionality that matches what's
   present in server-statefulset.bats

* Fix server-test helm hook Pod rendering

 - Properly adhere to the global.enabled flag and the presence of
   the injector.externalVaultAddr setting, the same way that
   the servers StatefulSet behaves

* Add volumes and env vars to helm hook test pod

 - Uses the same extraEnvironmentVars, volumes and volumeMounts set on
   the server statefulset to configure the Vault server test pod used by
   the helm test hook
 - This is necessary in situations where TLS is configured, but the
   certificates are not affiliated with the k8s CA / part of k8s PKI

 - Fixes GH-665

* allow injection of TLS config for OpenShift routes (#686)

* Add some tests on top of #396

* convert server-route.yaml to unix newlines

* changelog

Co-authored-by: André Becker <andre@arestless.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Release 0.19.0 (#687)

* Add extraLabels for CSI DaemonSet (#690)

* Updated hashicorp/vault-csi-provider image to v1.0.0 (#689)

* Fix unit test assertions (#693)

* vault: bump image to 1.9.3 (#695)

Signed-off-by: Lionel H <me@nullbyte.be>

* changelog++ (#699)

* change helm trigger branch from master to main (#700)

* Add namespace to injector-leader-elector role, rolebinding and secret (#683)

* allow to configure publishNotReadyAddresses on server services (#694)

* Maintain pre-existing Mutating Webhook default values for Kubernetes 1.22 (#692)

* Prepare default values for MutatingWebhookConfiguration #691
* Add values.yaml values to injector-mutating-webhook.yaml #691
* Duplicate and deprecate top-level webhook settings and put them in a webhook object
* Made the new values default with the fallback to the old values.yaml
* Fix _helpers.tpl to support both old and new webhook annotations
* Add new tests and deprecate old ones for injector webhook configuration
* Old tests now work with old values.yaml
* Add all new fields showing that they have priority over old ones
* Add deprecation note to injector.failurePolicy #691

* VAULT-571 Matching documented behavior and consul (#703)

VAULT-571 Matching documented behavior and consul

Consul's helm template defaults most of the enabled to the special value
`"-"`, which means to inherit from global. This is what is implied
should happen in Vault as well according to the documentation for the
helm chart:

> [global.enabled] The master enabled/disabled configuration. If this is
> true, most components will be installed by default. If this is false,
> no components will be installed by default and manually opting-in is
> required, such as by setting server.enabled to true.

(https://www.vaultproject.io/docs/platform/k8s/helm/configuration#enabled)

We also simplified the chart logic using a few template helpers.

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update k8s versions (#706)

* tests: updating the four most recent k8s versions

* bump old…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request vault-server Area: operation and usage of vault server in k8s
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants