diff --git a/website/content/docs/configuration/service-registration/kubernetes.mdx b/website/content/docs/configuration/service-registration/kubernetes.mdx index 2ae4d13475..339fab7cd5 100644 --- a/website/content/docs/configuration/service-registration/kubernetes.mdx +++ b/website/content/docs/configuration/service-registration/kubernetes.mdx @@ -71,7 +71,7 @@ metadata: vault-initialized: "true" vault-perf-standby: "false" vault-sealed: "false" - vault-version: 1.15.1 + vault-version: 1.15.2 ``` After shutdowns, Vault pods will bear the following labels: @@ -86,7 +86,7 @@ metadata: vault-initialized: "false" vault-perf-standby: "false" vault-sealed: "true" - vault-version: 1.15.1 + vault-version: 1.15.2 ``` ## Label definitions @@ -102,7 +102,7 @@ metadata: - `vault-sealed` `(string: "true"/"false")` – Vault sealed is updated dynamically each time Vault's sealed/unsealed status changes. True indicates that Vault is currently sealed. False indicates that Vault is currently unsealed. -- `vault-version` `(string: "1.15.1")` – Vault version is a string that will not change during a pod's lifecycle. +- `vault-version` `(string: "1.15.2")` – Vault version is a string that will not change during a pod's lifecycle. ## Working with vault's service discovery labels @@ -156,7 +156,7 @@ $ vault write -f sys/replication/performance/primary/enable \ In conjunction with the pod labels and the `OnDelete` upgrade strategy, upgrades are much easier to orchestrate: ```shell-session -$ helm upgrade vault --set='server.image.tag=1.14.0' +$ helm upgrade vault --set='server.image.tag=1.15.2' $ kubectl delete pod --selector=vault-active=false \ --selector=vault-version=1.2.3 @@ -165,5 +165,5 @@ $ kubectl delete pod --selector=vault-active=true \ --selector=vault-version=1.2.3 ``` -When deleting an instance of a pod, the `Statefulset` defining the desired state of the cluster will reschedule the +When deleting an instance of a pod, the `StatefulSet` defining the desired state of the cluster will reschedule the deleted pods with the newest image. diff --git a/website/content/docs/platform/k8s/helm/configuration.mdx b/website/content/docs/platform/k8s/helm/configuration.mdx index b69dbbfe0a..a369aa5ea2 100644 --- a/website/content/docs/platform/k8s/helm/configuration.mdx +++ b/website/content/docs/platform/k8s/helm/configuration.mdx @@ -87,7 +87,7 @@ and consider if they're appropriate for your deployment. - `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the Vault Agent sidecar. This should be set to the official Vault Docker image. - - `tag` (`string: "1.15.1"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**. + - `tag` (`string: "1.15.2"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**. - `agentDefaults` - Values that configure the injected Vault Agent containers default values. @@ -351,7 +351,7 @@ and consider if they're appropriate for your deployment. - `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the containers running Vault. - - `tag` (`string: "1.15.1"`) - The tag of the Docker image for the containers running Vault. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller. + - `tag` (`string: "1.15.2"`) - The tag of the Docker image for the containers running Vault. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller. - `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists. @@ -491,7 +491,16 @@ and consider if they're appropriate for your deployment. - `enabled` (`boolean: false`) - When set to `true`, a liveness probe will be applied to the Vault pods. - - `path` (`string: "/v1/sys/health?standbyok=true"`) - When set to a value, enables HTTP/HTTPS probes instead of using the default `exec` probe. The http/https scheme is controlled by the `tlsDisable` value. + - `execCommand` (`array: []`) - Used to define a liveness exec command. If provided, exec is preferred to httpGet (path) as the livenessProbe handler. + + ```yaml + execCommand: + - /bin/sh + - -c + - /vault/userconfig/mylivenessscript/run.sh + ``` + + - `path` (`string: "/v1/sys/health?standbyok=true"`) - Path for the livenessProbe to use httpGet as the livenessProbe handler. The http/https scheme is controlled by the `tlsDisable` value. - `initialDelaySeconds` (`int: 60`) - Sets the initial delay of the liveness probe when the container starts. @@ -503,7 +512,7 @@ and consider if they're appropriate for your deployment. - `timeoutSeconds` (`int: 3`) - When set to a value, configures the number of seconds after which the probe times out. - - `port` (`int: 8200`) - When set to a value, overrides the default port used for the server liveness probe. + - `port` (`int: 8200`) - Port number on which livenessProbe will be checked if httpGet is used as the livenessProbe handler. ```yaml livenessProbe: @@ -680,6 +689,19 @@ and consider if they're appropriate for your deployment. port: 8200 ``` + - `ingress` (`array: []`) - This value configures the [ingress](https://kubernetes.io/docs/concepts/services-networking/network-policies/) network policy rules. The default is below: + + ```yaml + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 8200 + protocol: TCP + - port: 8201 + protocol: TCP + ``` + - `priorityClassName` (`string: ""`) - Priority class for server pods - `extraLabels` (`dictionary: {}`) - This value defines additional labels for server pods. @@ -817,6 +839,18 @@ and consider if they're appropriate for your deployment. kubernetes.io/my-pvc: foobar ``` + - `labels` (`dictionary: {}`) - This value defines additional labels to add to the + data PVCs. This can either be YAML or a YAML-formatted multi-line templated + string. + + - `persistentVolumeClaimRetentionPolicy` (`dictionary: {}`) - Specifies the Persistent Volume Claim (PVC) [retention policy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention). + + ```yaml + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + ``` + - `auditStorage` - This configures the volume used for storing Vault's audit logs. See the [Vault documentation](/vault/docs/audit) for more information. - `enabled` (`boolean: false`) - @@ -846,6 +880,10 @@ and consider if they're appropriate for your deployment. kubernetes.io/my-pvc: foobar ``` + - `labels` (`dictionary: {}`) - This value defines additional labels to add to the + audit PVCs. This can either be YAML or a YAML-formatted multi-line templated + string. + - `dev` - This configures `dev` mode for the Vault server. - `enabled` (`boolean: false`) - @@ -1199,7 +1237,7 @@ and consider if they're appropriate for your deployment. - `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the Vault Agent sidecar. This should be set to the official Vault Docker image. - - `tag` (`string: "1.15.1"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. + - `tag` (`string: "1.15.2"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. - `logFormat` (`string: "standard"`) - - `logLevel` (`string: "info"`) - diff --git a/website/content/docs/platform/k8s/helm/enterprise.mdx b/website/content/docs/platform/k8s/helm/enterprise.mdx index a9078451d7..989a234122 100644 --- a/website/content/docs/platform/k8s/helm/enterprise.mdx +++ b/website/content/docs/platform/k8s/helm/enterprise.mdx @@ -33,7 +33,7 @@ In your chart overrides, set the values of [`server.image`](/vault/docs/platform server: image: repository: hashicorp/vault-enterprise - tag: 1.15.1-ent + tag: 1.15.2-ent enterpriseLicense: secretName: vault-ent-license ``` diff --git a/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx b/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx index 14ec8eff15..1781c4fb38 100644 --- a/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx +++ b/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx @@ -23,7 +23,7 @@ First, create the primary cluster: ```shell helm install vault-primary hashicorp/vault \ --set='server.image.repository=hashicorp/vault-enterprise' \ - --set='server.image.tag=1.15.1-ent' \ + --set='server.image.tag=1.15.2-ent' \ --set='server.ha.enabled=true' \ --set='server.ha.raft.enabled=true' ``` @@ -75,7 +75,7 @@ disaster recovery replication. ```shell helm install vault-secondary hashicorp/vault \ --set='server.image.repository=hashicorp/vault-enterprise' \ - --set='server.image.tag=1.15.1-ent' \ + --set='server.image.tag=1.15.2-ent' \ --set='server.ha.enabled=true' \ --set='server.ha.raft.enabled=true' ``` diff --git a/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx b/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx index 874a2cedb8..601064443f 100644 --- a/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx +++ b/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx @@ -23,7 +23,7 @@ First, create the primary cluster: ```shell helm install vault-primary hashicorp/vault \ --set='server.image.repository=hashicorp/vault-enterprise' \ - --set='server.image.tag=1.15.1-ent' \ + --set='server.image.tag=1.15.2-ent' \ --set='server.ha.enabled=true' \ --set='server.ha.raft.enabled=true' ``` @@ -74,7 +74,7 @@ With the primary cluster created, next create a secondary cluster. ```shell helm install vault-secondary hashicorp/vault \ --set='server.image.repository=hashicorp/vault-enterprise' \ - --set='server.image.tag=1.15.1-ent' \ + --set='server.image.tag=1.15.2-ent' \ --set='server.ha.enabled=true' \ --set='server.ha.raft.enabled=true' ``` diff --git a/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx b/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx index cecb10874d..3cd246f246 100644 --- a/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx +++ b/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx @@ -15,7 +15,7 @@ Integrated Storage (raft) can be enabled using the `server.ha.raft.enabled` valu ```shell helm install vault hashicorp/vault \ --set='server.image.repository=hashicorp/vault-enterprise' \ - --set='server.image.tag=1.15.1-ent' \ + --set='server.image.tag=1.15.2-ent' \ --set='server.ha.enabled=true' \ --set='server.ha.raft.enabled=true' ``` diff --git a/website/content/docs/platform/k8s/helm/run.mdx b/website/content/docs/platform/k8s/helm/run.mdx index dfeb1823c8..9cbb2f8f30 100644 --- a/website/content/docs/platform/k8s/helm/run.mdx +++ b/website/content/docs/platform/k8s/helm/run.mdx @@ -409,14 +409,14 @@ Next, list the Helm versions and choose the desired version to install. ```bash $ helm search repo hashicorp/vault NAME CHART VERSION APP VERSION DESCRIPTION -hashicorp/vault 0.26.1 1.15.1 Official HashiCorp Vault Chart +hashicorp/vault 0.27.0 1.15.2 Official HashiCorp Vault Chart ``` Next, test the upgrade with `--dry-run` first to verify the changes sent to the Kubernetes cluster. ```shell-session -$ helm upgrade vault hashicorp/vault --version=0.26.1 \ +$ helm upgrade vault hashicorp/vault --version=0.27.0 \ --set='server.image.repository=vault' \ --set='server.image.tag=123.456' \ --dry-run diff --git a/website/content/partials/helm/install.mdx b/website/content/partials/helm/install.mdx index 781f36272d..43ccbcc56c 100644 --- a/website/content/partials/helm/install.mdx +++ b/website/content/partials/helm/install.mdx @@ -2,6 +2,7 @@ # List the available releases $ helm search repo hashicorp/vault -l NAME CHART VERSION APP VERSION DESCRIPTION +hashicorp/vault 0.27.0 1.15.2 Official HashiCorp Vault Chart hashicorp/vault 0.26.1 1.15.1 Official HashiCorp Vault Chart hashicorp/vault 0.26.0 1.15.1 Official HashiCorp Vault Chart hashicorp/vault 0.25.0 1.14.0 Official HashiCorp Vault Chart @@ -9,9 +10,8 @@ hashicorp/vault 0.24.0 1.13.1 Official HashiCorp Vault Chart hashicorp/vault 0.23.0 1.12.1 Official HashiCorp Vault Chart hashicorp/vault 0.22.1 1.12.0 Official HashiCorp Vault Chart hashicorp/vault 0.22.0 1.11.3 Official HashiCorp Vault Chart -hashicorp/vault 0.21.0 1.11.2 Official HashiCorp Vault Chart ... -# Install version 0.26.1 -$ helm install vault hashicorp/vault --version 0.26.1 +# Install version 0.27.0 +$ helm install vault hashicorp/vault --version 0.27.0 ``` diff --git a/website/content/partials/helm/repo.mdx b/website/content/partials/helm/repo.mdx index 2f6d0d9f4d..9f3796c45c 100644 --- a/website/content/partials/helm/repo.mdx +++ b/website/content/partials/helm/repo.mdx @@ -4,5 +4,5 @@ $ helm repo add hashicorp https://helm.releases.hashicorp.com $ helm search repo hashicorp/vault NAME CHART VERSION APP VERSION DESCRIPTION -hashicorp/vault 0.26.1 1.15.1 Official HashiCorp Vault Chart +hashicorp/vault 0.27.0 1.15.2 Official HashiCorp Vault Chart ```