mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-29 09:42:25 +00:00
docs/vault-helm: updates for v0.28.0 release (#26282)
This commit is contained in:
Theron Voran
@@ -71,7 +71,7 @@ metadata:
|
||||
vault-initialized: "true"
|
||||
vault-perf-standby: "false"
|
||||
vault-sealed: "false"
|
||||
vault-version: 1.15.2
|
||||
vault-version: 1.16.1
|
||||
```
|
||||
|
||||
After shutdowns, Vault pods will bear the following labels:
|
||||
@@ -86,7 +86,7 @@ metadata:
|
||||
vault-initialized: "false"
|
||||
vault-perf-standby: "false"
|
||||
vault-sealed: "true"
|
||||
vault-version: 1.15.2
|
||||
vault-version: 1.16.1
|
||||
```
|
||||
|
||||
## Label definitions
|
||||
@@ -102,7 +102,7 @@ metadata:
|
||||
- `vault-sealed` `(string: "true"/"false")` – Vault sealed is updated dynamically each
|
||||
time Vault's sealed/unsealed status changes. True indicates that Vault is currently sealed. False indicates that Vault
|
||||
is currently unsealed.
|
||||
- `vault-version` `(string: "1.15.2")` – Vault version is a string that will not change during a pod's lifecycle.
|
||||
- `vault-version` `(string: "1.16.1")` – Vault version is a string that will not change during a pod's lifecycle.
|
||||
|
||||
## Working with vault's service discovery labels
|
||||
|
||||
@@ -156,7 +156,7 @@ $ vault write -f sys/replication/performance/primary/enable \
|
||||
In conjunction with the pod labels and the `OnDelete` upgrade strategy, upgrades are much easier to orchestrate:
|
||||
|
||||
```shell-session
|
||||
$ helm upgrade vault --set='server.image.tag=1.15.2'
|
||||
$ helm upgrade vault --set='server.image.tag=1.16.1'
|
||||
|
||||
$ kubectl delete pod --selector=vault-active=false \
|
||||
--selector=vault-version=1.2.3
|
||||
|
||||
@@ -79,7 +79,7 @@ and consider if they're appropriate for your deployment.
|
||||
|
||||
- `repository` (`string: "hashicorp/vault-k8s"`) - The name of the Docker image for Vault Agent Injector.
|
||||
|
||||
- `tag` (`string: "1.3.1"`) - The tag of the Docker image for the Vault Agent Injector. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller.
|
||||
- `tag` (`string: "1.4.1"`) - The tag of the Docker image for the Vault Agent Injector. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller.
|
||||
|
||||
- `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists.
|
||||
|
||||
@@ -87,7 +87,7 @@ and consider if they're appropriate for your deployment.
|
||||
|
||||
- `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the Vault Agent sidecar. This should be set to the official Vault Docker image.
|
||||
|
||||
- `tag` (`string: "1.15.2"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**.
|
||||
- `tag` (`string: "1.16.1"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**.
|
||||
|
||||
- `agentDefaults` - Values that configure the injected Vault Agent containers default values.
|
||||
|
||||
@@ -351,7 +351,7 @@ and consider if they're appropriate for your deployment.
|
||||
|
||||
- `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the containers running Vault.
|
||||
|
||||
- `tag` (`string: "1.15.2"`) - The tag of the Docker image for the containers running Vault. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller.
|
||||
- `tag` (`string: "1.16.1"`) - The tag of the Docker image for the containers running Vault. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller.
|
||||
|
||||
- `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists.
|
||||
|
||||
@@ -724,6 +724,8 @@ and consider if they're appropriate for your deployment.
|
||||
"sample/annotation2": "bar"
|
||||
```
|
||||
|
||||
- `configAnnotation` (`boolean: false`) - Add an annotation to the server configmap and the statefulset pods, `vaultproject.io/config-checksum`, that is a hash of the Vault configuration. This can be used together with an OnDelete deployment strategy to help identify which pods still need to be deleted during a deployment to pick up any configuration changes.
|
||||
|
||||
- `service` - Values that configure the Kubernetes service created for Vault. These options are also used for the `active` and `standby` services when [`ha`](#ha) is enabled.
|
||||
|
||||
- `enabled` (`boolean: true`) - When set to `true`, a Kubernetes service will be created for Vault.
|
||||
@@ -1088,7 +1090,7 @@ and consider if they're appropriate for your deployment.
|
||||
|
||||
- `repository` (`string: "hashicorp/vault-csi-provider"`) - The name of the Docker image for the Vault CSI Provider.
|
||||
|
||||
- `tag` (`string: "1.4.1"`) - The tag of the Docker image for the Vault CSI Provider.. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your CSI provider.
|
||||
- `tag` (`string: "1.4.2"`) - The tag of the Docker image for the Vault CSI Provider.. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your CSI provider.
|
||||
|
||||
- `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists locally.
|
||||
|
||||
@@ -1237,7 +1239,7 @@ and consider if they're appropriate for your deployment.
|
||||
|
||||
- `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the Vault Agent sidecar. This should be set to the official Vault Docker image.
|
||||
|
||||
- `tag` (`string: "1.15.2"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar.
|
||||
- `tag` (`string: "1.16.1"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar.
|
||||
|
||||
- `logFormat` (`string: "standard"`) -
|
||||
- `logLevel` (`string: "info"`) -
|
||||
|
||||
@@ -33,7 +33,7 @@ In your chart overrides, set the values of [`server.image`](/vault/docs/platform
|
||||
server:
|
||||
image:
|
||||
repository: hashicorp/vault-enterprise
|
||||
tag: 1.15.2-ent
|
||||
tag: 1.16.1-ent
|
||||
enterpriseLicense:
|
||||
secretName: vault-ent-license
|
||||
```
|
||||
|
||||
@@ -23,7 +23,7 @@ First, create the primary cluster:
|
||||
```shell
|
||||
helm install vault-primary hashicorp/vault \
|
||||
--set='server.image.repository=hashicorp/vault-enterprise' \
|
||||
--set='server.image.tag=1.15.2-ent' \
|
||||
--set='server.image.tag=1.16.1-ent' \
|
||||
--set='server.ha.enabled=true' \
|
||||
--set='server.ha.raft.enabled=true'
|
||||
```
|
||||
@@ -75,7 +75,7 @@ disaster recovery replication.
|
||||
```shell
|
||||
helm install vault-secondary hashicorp/vault \
|
||||
--set='server.image.repository=hashicorp/vault-enterprise' \
|
||||
--set='server.image.tag=1.15.2-ent' \
|
||||
--set='server.image.tag=1.16.1-ent' \
|
||||
--set='server.ha.enabled=true' \
|
||||
--set='server.ha.raft.enabled=true'
|
||||
```
|
||||
|
||||
@@ -23,7 +23,7 @@ First, create the primary cluster:
|
||||
```shell
|
||||
helm install vault-primary hashicorp/vault \
|
||||
--set='server.image.repository=hashicorp/vault-enterprise' \
|
||||
--set='server.image.tag=1.15.2-ent' \
|
||||
--set='server.image.tag=1.16.1-ent' \
|
||||
--set='server.ha.enabled=true' \
|
||||
--set='server.ha.raft.enabled=true'
|
||||
```
|
||||
@@ -74,7 +74,7 @@ With the primary cluster created, next create a secondary cluster.
|
||||
```shell
|
||||
helm install vault-secondary hashicorp/vault \
|
||||
--set='server.image.repository=hashicorp/vault-enterprise' \
|
||||
--set='server.image.tag=1.15.2-ent' \
|
||||
--set='server.image.tag=1.16.1-ent' \
|
||||
--set='server.ha.enabled=true' \
|
||||
--set='server.ha.raft.enabled=true'
|
||||
```
|
||||
|
||||
@@ -15,7 +15,7 @@ Integrated Storage (raft) can be enabled using the `server.ha.raft.enabled` valu
|
||||
```shell
|
||||
helm install vault hashicorp/vault \
|
||||
--set='server.image.repository=hashicorp/vault-enterprise' \
|
||||
--set='server.image.tag=1.15.2-ent' \
|
||||
--set='server.image.tag=1.16.1-ent' \
|
||||
--set='server.ha.enabled=true' \
|
||||
--set='server.ha.raft.enabled=true'
|
||||
```
|
||||
|
||||
@@ -409,14 +409,14 @@ Next, list the Helm versions and choose the desired version to install.
|
||||
```bash
|
||||
$ helm search repo hashicorp/vault
|
||||
NAME CHART VERSION APP VERSION DESCRIPTION
|
||||
hashicorp/vault 0.27.0 1.15.2 Official HashiCorp Vault Chart
|
||||
hashicorp/vault 0.28.0 1.16.1 Official HashiCorp Vault Chart
|
||||
```
|
||||
|
||||
Next, test the upgrade with `--dry-run` first to verify the changes sent to the
|
||||
Kubernetes cluster.
|
||||
|
||||
```shell-session
|
||||
$ helm upgrade vault hashicorp/vault --version=0.27.0 \
|
||||
$ helm upgrade vault hashicorp/vault --version=0.28.0 \
|
||||
--set='server.image.repository=vault' \
|
||||
--set='server.image.tag=123.456' \
|
||||
--dry-run
|
||||
|
||||
@@ -28,7 +28,7 @@ them, optional commands to run, etc.
|
||||
|
||||
- `vault.hashicorp.com/agent-image` - name of the Vault docker image to use. This
|
||||
value overrides the default image configured in the injector and is usually
|
||||
not needed. Defaults to `hashicorp/vault:1.15.6`.
|
||||
not needed. Defaults to `hashicorp/vault:1.16.1`.
|
||||
|
||||
- `vault.hashicorp.com/agent-init-first` - configures the pod to run the Vault Agent
|
||||
init container first if `true` (last if `false`). This is useful when other init
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
# List the available releases
|
||||
$ helm search repo hashicorp/vault -l
|
||||
NAME CHART VERSION APP VERSION DESCRIPTION
|
||||
hashicorp/vault 0.28.0 1.16.1 Official HashiCorp Vault Chart
|
||||
hashicorp/vault 0.27.0 1.15.2 Official HashiCorp Vault Chart
|
||||
hashicorp/vault 0.26.1 1.15.1 Official HashiCorp Vault Chart
|
||||
hashicorp/vault 0.26.0 1.15.1 Official HashiCorp Vault Chart
|
||||
@@ -9,9 +10,8 @@ hashicorp/vault 0.25.0 1.14.0 Official HashiCorp Vault Chart
|
||||
hashicorp/vault 0.24.0 1.13.1 Official HashiCorp Vault Chart
|
||||
hashicorp/vault 0.23.0 1.12.1 Official HashiCorp Vault Chart
|
||||
hashicorp/vault 0.22.1 1.12.0 Official HashiCorp Vault Chart
|
||||
hashicorp/vault 0.22.0 1.11.3 Official HashiCorp Vault Chart
|
||||
...
|
||||
|
||||
# Install version 0.27.0
|
||||
$ helm install vault hashicorp/vault --version 0.27.0
|
||||
# Install version 0.28.0
|
||||
$ helm install vault hashicorp/vault --version 0.28.0
|
||||
```
|
||||
|
||||
@@ -4,5 +4,5 @@ $ helm repo add hashicorp https://helm.releases.hashicorp.com
|
||||
|
||||
$ helm search repo hashicorp/vault
|
||||
NAME CHART VERSION APP VERSION DESCRIPTION
|
||||
hashicorp/vault 0.27.0 1.15.2 Official HashiCorp Vault Chart
|
||||
hashicorp/vault 0.28.0 1.16.1 Official HashiCorp Vault Chart
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user