v0.1.0-beta.1
Pre-release
Pre-release
0.1.0-beta.1 (May 25th, 2023)
Bugs:
- Helm: fix deployment templating so setting
controller.kubernetesClusterDomain
works as defined in values.yaml: GH-183 - Helm: Add
vaultConnectionRef
tocontroller.manager.clientCache.storageEncryption
for transit auth method configuration and provide a default value which uses thedefault
vaultConnection. GH-201 - VaultPKISecret (VPS): Ensure
Spec.AltNames
, andSpec.IPSans
are properly formatted for the Vault request: GH-130 - VaultPKISecret (VPS): Make
Spec.OtherSANS
a string slice (breaking change): GH-190 - VaultConnection (VC): Ensure
Spec.CACertSecretRef
is relative to the connection's Namespace: GH-195
Features:
- VaultDynamicSecrets (VDS): CRD is extended with
Revoke
field which will result in the dynamic secret lease being revoked on CR deletion. Note:
The VaultAuthMethod referenced by the VDS Secret must have a policy which provides["update"]
onsys/leases/revoke
: GH-143 GH-209 - VaultAuth: Adds support for the JWT authentication method which either uses the JWT token from the provided secret reference,
or a service account JWT token that VSO will generate using the provided service account: GH-131 - VaultDynamicSecrets (VDS): New
RenewalPercent
field to control when a lease is renewed: GH-170 - Helm: Support specifying extra annotations on the Operator's Deployment: GH-169
Improvements:
- VaultDynamicSecrets (VDS): Generate new credentials if lease renewal TTL is truncated: GH-170
- VaultDynamicSecrets (VDS): Replace
Spec.Role
withSpec.Path
(breaking change): GH-172 - VaultPKISecrets (VPS): Make
commonName
optional: GH-160 - VaultDynamicSecrets (VDS): Add support for specifying extra request params, and HTTP request method override: GH-186
- VaultStaticSecrets (VSS): Ensure an out-of-band Secret deletion is properly remediated: GH-137
- Honour a Vault*Secret's Vault namespace: GH-157
- VaultStaticSecrets (VSS): Add
Spec.Version
field to support fetching a specific kv-v2 secret version: GH-200
Changes:
- API schema (VDS):
Spec.Role
renamed toSpec.Path
which can be set to any path supported by the
Vault secret's engine. - API schema (VPS):
Spec.OtherSANS
takes a slice of strings likeSpec.AltNames
andSpec.IPSans