backport of commit f951fe5429 (#24184)

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

website/content/docs/configuration/service-registration/kubernetes.mdx

@@ -71,7 +71,7 @@ metadata:
     vault-initialized: "true"
     vault-perf-standby: "false"
     vault-sealed: "false"
-    vault-version: 1.15.1
+    vault-version: 1.15.2
 ```
 
 After shutdowns, Vault pods will bear the following labels:
@@ -86,7 +86,7 @@ metadata:
     vault-initialized: "false"
     vault-perf-standby: "false"
     vault-sealed: "true"
-    vault-version: 1.15.1
+    vault-version: 1.15.2
 ```
 
 ## Label definitions
@@ -102,7 +102,7 @@ metadata:
 - `vault-sealed` `(string: "true"/"false")` – Vault sealed is updated dynamically each
   time Vault's sealed/unsealed status changes. True indicates that Vault is currently sealed. False indicates that Vault
   is currently unsealed.
-- `vault-version` `(string: "1.15.1")` – Vault version is a string that will not change during a pod's lifecycle.
+- `vault-version` `(string: "1.15.2")` – Vault version is a string that will not change during a pod's lifecycle.
 
 ## Working with vault's service discovery labels
 
@@ -156,7 +156,7 @@ $ vault write -f sys/replication/performance/primary/enable \
 In conjunction with the pod labels and the `OnDelete` upgrade strategy, upgrades are much easier to orchestrate:
 
 ```shell-session
-$ helm upgrade vault --set='server.image.tag=1.14.0'
+$ helm upgrade vault --set='server.image.tag=1.15.2'
 
 $ kubectl delete pod --selector=vault-active=false \
     --selector=vault-version=1.2.3
@@ -165,5 +165,5 @@ $ kubectl delete pod --selector=vault-active=true \
     --selector=vault-version=1.2.3
 ```
 
-When deleting an instance of a pod, the `Statefulset` defining the desired state of the cluster will reschedule the
+When deleting an instance of a pod, the `StatefulSet` defining the desired state of the cluster will reschedule the
 deleted pods with the newest image.

website/content/docs/platform/k8s/helm/configuration.mdx

@@ -87,7 +87,7 @@ and consider if they're appropriate for your deployment.
 
     - `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the Vault Agent sidecar. This should be set to the official Vault Docker image.
 
-    - `tag` (`string: "1.15.1"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**.
+    - `tag` (`string: "1.15.2"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**.
 
   - `agentDefaults` - Values that configure the injected Vault Agent containers default values.
 
@@ -351,7 +351,7 @@ and consider if they're appropriate for your deployment.
 
     - `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the containers running Vault.
 
-    - `tag` (`string: "1.15.1"`) - The tag of the Docker image for the containers running Vault. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller.
+    - `tag` (`string: "1.15.2"`) - The tag of the Docker image for the containers running Vault. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller.
 
     - `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists.
 
@@ -491,7 +491,16 @@ and consider if they're appropriate for your deployment.
 
     - `enabled` (`boolean: false`) - When set to `true`, a liveness probe will be applied to the Vault pods.
 
-    - `path` (`string: "/v1/sys/health?standbyok=true"`) - When set to a value, enables HTTP/HTTPS probes instead of using the default `exec` probe. The http/https scheme is controlled by the `tlsDisable` value.
+    - `execCommand` (`array: []`) - Used to define a liveness exec command. If provided, exec is preferred to httpGet (path) as the livenessProbe handler.
+
+    ```yaml
+    execCommand:
+      - /bin/sh
+      - -c
+      - /vault/userconfig/mylivenessscript/run.sh
+    ```
+
+    - `path` (`string: "/v1/sys/health?standbyok=true"`) - Path for the livenessProbe to use httpGet as the livenessProbe handler. The http/https scheme is controlled by the `tlsDisable` value.
 
     - `initialDelaySeconds` (`int: 60`) - Sets the initial delay of the liveness probe when the container starts.
 
@@ -503,7 +512,7 @@ and consider if they're appropriate for your deployment.
 
     - `timeoutSeconds` (`int: 3`) - When set to a value, configures the number of seconds after which the probe times out.
 
-    - `port` (`int: 8200`) - When set to a value, overrides the default port used for the server liveness probe.
+    - `port` (`int: 8200`) - Port number on which livenessProbe will be checked if httpGet is used as the livenessProbe handler.
 
     ```yaml
     livenessProbe:
@@ -680,6 +689,19 @@ and consider if they're appropriate for your deployment.
             port: 8200
     ```
 
+    - `ingress` (`array: []`) - This value configures the [ingress](https://kubernetes.io/docs/concepts/services-networking/network-policies/) network policy rules. The default is below:
+
+    ```yaml
+    ingress:
+      - from:
+        - namespaceSelector: {}
+        ports:
+        - port: 8200
+          protocol: TCP
+        - port: 8201
+          protocol: TCP
+    ```
+
   - `priorityClassName` (`string: ""`) - Priority class for server pods
 
   - `extraLabels` (`dictionary: {}`) - This value defines additional labels for server pods.
@@ -817,6 +839,18 @@ and consider if they're appropriate for your deployment.
       kubernetes.io/my-pvc: foobar
     ```
 
+    - `labels` (`dictionary: {}`) - This value defines additional labels to add to the
+      data PVCs. This can either be YAML or a YAML-formatted multi-line templated
+      string.
+
+  - `persistentVolumeClaimRetentionPolicy` (`dictionary: {}`) - Specifies the Persistent Volume Claim (PVC) [retention policy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention).
+
+  ```yaml
+  persistentVolumeClaimRetentionPolicy:
+    whenDeleted: Retain
+    whenScaled: Retain
+  ```
+
   - `auditStorage` - This configures the volume used for storing Vault's audit logs. See the [Vault documentation](/vault/docs/audit) for more information.
 
     - `enabled` (`boolean: false`) -
@@ -846,6 +880,10 @@ and consider if they're appropriate for your deployment.
       kubernetes.io/my-pvc: foobar
     ```
 
+  - `labels` (`dictionary: {}`) - This value defines additional labels to add to the
+      audit PVCs. This can either be YAML or a YAML-formatted multi-line templated
+      string.
+
   - `dev` - This configures `dev` mode for the Vault server.
 
     - `enabled` (`boolean: false`) -
@@ -1199,7 +1237,7 @@ and consider if they're appropriate for your deployment.
 
       - `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the Vault Agent sidecar. This should be set to the official Vault Docker image.
 
-      - `tag` (`string: "1.15.1"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar.
+      - `tag` (`string: "1.15.2"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar.
 
     - `logFormat` (`string: "standard"`) -
     - `logLevel` (`string: "info"`) -

website/content/docs/platform/k8s/helm/enterprise.mdx

@@ -33,7 +33,7 @@ In your chart overrides, set the values of [`server.image`](/vault/docs/platform
 server:
   image:
     repository: hashicorp/vault-enterprise
-    tag: 1.15.1-ent
+    tag: 1.15.2-ent
   enterpriseLicense:
     secretName: vault-ent-license
 ```

website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx

@@ -23,7 +23,7 @@ First, create the primary cluster:
 ```shell
 helm install vault-primary hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.15.1-ent' \
+  --set='server.image.tag=1.15.2-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```
@@ -75,7 +75,7 @@ disaster recovery replication.
 ```shell
 helm install vault-secondary hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.15.1-ent' \
+  --set='server.image.tag=1.15.2-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```

website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx

@@ -23,7 +23,7 @@ First, create the primary cluster:
 ```shell
 helm install vault-primary hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.15.1-ent' \
+  --set='server.image.tag=1.15.2-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```
@@ -74,7 +74,7 @@ With the primary cluster created, next create a secondary cluster.
 ```shell
 helm install vault-secondary hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.15.1-ent' \
+  --set='server.image.tag=1.15.2-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```

website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx

@@ -15,7 +15,7 @@ Integrated Storage (raft) can be enabled using the `server.ha.raft.enabled` valu
 ```shell
 helm install vault hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.15.1-ent' \
+  --set='server.image.tag=1.15.2-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```

website/content/docs/platform/k8s/helm/run.mdx

@@ -409,14 +409,14 @@ Next, list the Helm versions and choose the desired version to install.
 ```bash
 $ helm search repo hashicorp/vault
 NAME           	CHART VERSION	APP VERSION	DESCRIPTION
-hashicorp/vault	0.26.1       	1.15.1     	Official HashiCorp Vault Chart
+hashicorp/vault	0.27.0       	1.15.2     	Official HashiCorp Vault Chart
 ```
 
 Next, test the upgrade with `--dry-run` first to verify the changes sent to the
 Kubernetes cluster.
 
 ```shell-session
-$ helm upgrade vault hashicorp/vault --version=0.26.1 \
+$ helm upgrade vault hashicorp/vault --version=0.27.0 \
     --set='server.image.repository=vault' \
     --set='server.image.tag=123.456' \
     --dry-run

website/content/partials/helm/install.mdx

@@ -2,6 +2,7 @@
 # List the available releases
 $ helm search repo hashicorp/vault -l
 NAME           	CHART VERSION	APP VERSION	DESCRIPTION
+hashicorp/vault	0.27.0       	1.15.2     	Official HashiCorp Vault Chart
 hashicorp/vault	0.26.1       	1.15.1     	Official HashiCorp Vault Chart
 hashicorp/vault	0.26.0       	1.15.1     	Official HashiCorp Vault Chart
 hashicorp/vault	0.25.0       	1.14.0     	Official HashiCorp Vault Chart
@@ -9,9 +10,8 @@ hashicorp/vault	0.24.0       	1.13.1     	Official HashiCorp Vault Chart
 hashicorp/vault	0.23.0       	1.12.1     	Official HashiCorp Vault Chart
 hashicorp/vault	0.22.1       	1.12.0     	Official HashiCorp Vault Chart
 hashicorp/vault	0.22.0       	1.11.3     	Official HashiCorp Vault Chart
-hashicorp/vault	0.21.0       	1.11.2     	Official HashiCorp Vault Chart
 ...
 
-# Install version 0.26.1
+# Install version 0.27.0
-$ helm install vault hashicorp/vault --version 0.26.1
+$ helm install vault hashicorp/vault --version 0.27.0
 ```

website/content/partials/helm/repo.mdx

@@ -4,5 +4,5 @@ $ helm repo add hashicorp https://helm.releases.hashicorp.com
 
 $ helm search repo hashicorp/vault
 NAME           	CHART VERSION	APP VERSION	DESCRIPTION
-hashicorp/vault	0.26.1       	1.15.1     	Official HashiCorp Vault Chart
+hashicorp/vault	0.27.0       	1.15.2     	Official HashiCorp Vault Chart
 ```