Skip to content

v0.1.0-beta.1

Pre-release
Pre-release
Compare
Choose a tag to compare
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering released this 25 May 20:53
v0.1.0-beta.1
f3752fb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

0.1.0-beta.1 (May 25th, 2023)

Bugs:

  • Helm: fix deployment templating so setting controller.kubernetesClusterDomain works as defined in values.yaml: GH-183
  • Helm: Add vaultConnectionRef to controller.manager.clientCache.storageEncryption for transit auth method configuration and provide a default value which uses the default vaultConnection. GH-201
  • VaultPKISecret (VPS): Ensure Spec.AltNames, and Spec.IPSansare properly formatted for the Vault request: GH-130
  • VaultPKISecret (VPS): Make Spec.OtherSANS a string slice (breaking change): GH-190
  • VaultConnection (VC): EnsureSpec.CACertSecretRef is relative to the connection's Namespace: GH-195

Features:

  • VaultDynamicSecrets (VDS): CRD is extended with Revoke field which will result in the dynamic secret lease being revoked on CR deletion. Note:
    The VaultAuthMethod referenced by the VDS Secret must have a policy which provides ["update"] on sys/leases/revoke: GH-143 GH-209
  • VaultAuth: Adds support for the JWT authentication method which either uses the JWT token from the provided secret reference,
    or a service account JWT token that VSO will generate using the provided service account: GH-131
  • VaultDynamicSecrets (VDS): New RenewalPercent field to control when a lease is renewed: GH-170
  • Helm: Support specifying extra annotations on the Operator's Deployment: GH-169

Improvements:

  • VaultDynamicSecrets (VDS): Generate new credentials if lease renewal TTL is truncated: GH-170
  • VaultDynamicSecrets (VDS): Replace Spec.Role with Spec.Path (breaking change): GH-172
  • VaultPKISecrets (VPS): Make commonName optional: GH-160
  • VaultDynamicSecrets (VDS): Add support for specifying extra request params, and HTTP request method override: GH-186
  • VaultStaticSecrets (VSS): Ensure an out-of-band Secret deletion is properly remediated: GH-137
  • Honour a Vault*Secret's Vault namespace: GH-157
  • VaultStaticSecrets (VSS): Add Spec.Version field to support fetching a specific kv-v2 secret version: GH-200

Changes:

  • API schema (VDS): Spec.Role renamed to Spec.Path which can be set to any path supported by the
    Vault secret's engine.
  • API schema (VPS): Spec.OtherSANS takes a slice of strings like Spec.AltNames and Spec.IPSans
Assets 2