scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
0df92739ca250a6fcffd49d79ffbc7c6e2fc045f
vault/website/content/docs/upgrading/upgrade-to-1.18.x.mdx
John-Michael Faircloth 0df92739ca docs: fix include syntax in upgrade guides (#29487)
2025-02-03 14:34:22 -05:00

147 lines
4.8 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Upgrade to Vault 1.18.x - Guides
description: |-
Deprecations, important or breaking changes, and remediation recommendations
for anyone upgrading to 1.18.x from Vault 1.17.x.
---
# Overview
The Vault 1.18.x upgrade guide contains information on deprecations, important
or breaking changes, and remediation recommendations for anyone upgrading from
Vault 1.17. **Please read carefully**.
## Important changes
### Activity Log Changes
#### Default Activity Log Querying Period
The field `default_report_months` can no longer be configured or read. Any previously set values
will be ignored by the system.
Attempts to modify `default_report_months` through the
[/sys/internal/counters/config](/vault/api-docs/system/internal-counters#update-the-client-count-configuration)
endpoint, will result in the following warning from Vault:
<CodeBlockConfig hideClipboard>
```shell-session
WARNING! The following warnings were returned from Vault:
* default_report_months is deprecated: defaulting to billing start time
```
</CodeBlockConfig>
The `current_billing_period` toggle for `/sys/internal/counters/activity` is also deprecated, as this will be set
true by default.
Attempts to set `current_billing_period` will result in the following warning from Vault:
<CodeBlockConfig hideClipboard>
```shell-session
WARNING! The following warnings were returned from Vault:
* current_billing_period is deprecated; unless otherwise specified, all requests will default to the current billing period
```
</CodeBlockConfig>
### Docker image no longer contains `curl`
The `curl` binary is no longer included in the published Docker container images for Vault and Vault
Enterprise. If your workflow depends on `curl` being available in the container, consider one of the
following strategies:
#### Create a wrapper container image
Use the HashiCorp image as a base image to create a new container image with `curl` installed.
```Dockerfile
FROM hashicorp/vault-enterprise
RUN apk add curl
```
**NOTE:** While this is the preferred option it will require managing your own registry and rebuilding new images.
#### Install it at runtime dynamically
When running the image as root (not recommended), you can install it at runtime dynamically by using the `apk` package manager:
```shell-session
docker exec <CONTAINER-ID> apk add curl
```
```shell-session
kubectl exec -ti <NAME> -- apk add curl
```
When running the image as non-root without privilege escalation (recommended) you can use existing
tools to install a static binary of `curl` into the `vault` users home directory:
```shell-session
docker exec <CONTAINER-ID> wget https://github.com/moparisthebest/static-curl/releases/latest/download/curl-amd64 -O /home/vault/curl && chmod +x /home/vault/curl
```
```shell-session
kubectl exec -ti <NAME> -- wget https://github.com/moparisthebest/static-curl/releases/latest/download/curl-amd64 -O /home/vault/curl && chmod +x /home/vault/curl
```
**NOTE:** When using this option you'll want to verify that the static binary comes from a trusted source.
### Request limiter configuration removal
Vault 1.16.0 included an experimental request limiter. The limiter was disabled
by default with an opt-in `request_limiter` configuration.
Further testing indicated that an alternative approach improves performance and
reduces risk for many workloads. Vault 1.17.0 included a new [adaptive overload
protection](/vault/docs/concepts/adaptive-overload-protection) feature that
prevents outages when Vault is overwhelmed by write requests.
Adaptive overload protection was a beta feature in 1.17.0.
As of Vault 1.18.0, the adaptive overload protection feature for writes is
now GA and enabled by default for the integrated storage backend.
The beta `request_limiter` configuration stanza is officially removed in Vault 1.18.0.
Vault will output two types of warnings if the `request_limiter` stanza is
detected in your Vault config.
1. A UI warning message printed to `stderr`:
```text
WARNING: Request Limiter configuration is no longer supported; overriding server configuration to disable
```
2. A log line with level `WARN`, appearing in Vault's logs:
```text
... [WARN] unknown or unsupported field request_limiter found in configuration at config.hcl:22:1
```
### Product usage reporting
As of 1.18.2, Vault will collect anonymous product usage metrics for HashiCorp. This information will be collected
alongside client activity data, and will be sent automatically if automated reporting is configured, or added to manual
reports if manual reporting is preferred.
See the main page for [Vault product usage metrics reporting](/vault/docs/enterprise/license/product-usage-reporting) for
more details, and information about opt-out.
## Known issues and workarounds
@include 'known-issues/duplicate-hsm-key.mdx'
@include 'known-issues/database-skip-static-role-rotation.mdx'
Reference in New Issue View Git Blame Copy Permalink