From 077d97adde3467a6aab6ee580eaa96b2e418ab62 Mon Sep 17 00:00:00 2001 From: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Date: Tue, 25 May 2021 15:13:00 -0400 Subject: [PATCH] docs/k8s: update for latest releases (#11701) --- .../docs/platform/k8s/helm/configuration.mdx | 28 ++++++++++--------- .../helm/examples/enterprise-dr-with-raft.mdx | 2 +- .../examples/enterprise-perf-with-raft.mdx | 2 +- .../helm/examples/enterprise-with-raft.mdx | 2 +- .../content/docs/platform/k8s/helm/index.mdx | 8 +++--- .../docs/platform/k8s/helm/openshift.mdx | 7 +++-- .../content/docs/platform/k8s/helm/run.mdx | 11 ++++---- .../platform/k8s/injector/annotations.mdx | 2 +- .../platform/k8s/injector/installation.mdx | 2 +- 9 files changed, 34 insertions(+), 30 deletions(-) diff --git a/website/content/docs/platform/k8s/helm/configuration.mdx b/website/content/docs/platform/k8s/helm/configuration.mdx index a978864240..6ce3b9d2ea 100644 --- a/website/content/docs/platform/k8s/helm/configuration.mdx +++ b/website/content/docs/platform/k8s/helm/configuration.mdx @@ -73,7 +73,7 @@ and consider if they're appropriate for your deployment. - `repository` (`string: "hashicorp/vault-k8s"`) - The name of the Docker image for Vault Agent Injector. - - `tag` (`string: "0.10.0"`) - The tag of the Docker image for the Vault Agent Injector. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller. + - `tag` (`string: "0.10.1"`) - The tag of the Docker image for the Vault Agent Injector. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller. - `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists. @@ -81,7 +81,7 @@ and consider if they're appropriate for your deployment. - `repository` (`string: "vault"`) - The name of the Docker image for the Vault Agent sidecar. This should be set to the official Vault Docker image. - - `tag` (`string: "1.7.0"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**. + - `tag` (`string: "1.7.2"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**. - `agentDefaults` - Values that configure the injected Vault Agent containers default values. @@ -222,7 +222,7 @@ and consider if they're appropriate for your deployment. - `repository` (`string: "vault"`) - The name of the Docker image for the containers running Vault. - - `tag` (`string: "1.7.0"`) - The tag of the Docker image for the containers running Vault. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller. + - `tag` (`string: "1.7.2"`) - The tag of the Docker image for the containers running Vault. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller. - `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists. @@ -770,22 +770,19 @@ and consider if they're appropriate for your deployment. - `enabled` (`boolean: false`) - If true, the UI will be enabled. The UI will only be enabled on Vault servers. If `server.enabled` is false, then this setting has no effect. To expose the UI in some way, you must configure `ui.service`. - - `serviceType` (`string: ClusterIP`) - - The service type to register. This defaults to `ClusterIP`. + - `serviceType` (`string: ClusterIP`) - The service type to register. This defaults to `ClusterIP`. The available service types are documented on [the Kubernetes website](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). - - `publishNotReadyAddresses` (`boolean: true`) - - If set to true, will route traffic to Vault pods that aren't ready (if they're sealed or uninitialized. + - `publishNotReadyAddresses` (`boolean: true`) - If set to true, will route traffic to Vault pods that aren't ready (if they're sealed or uninitialized. - - `activeVaultPodOnly` (`boolean: false`) - - If set to true, the UI service will only route to the active pod in a Vault HA cluster. + - `activeVaultPodOnly` (`boolean: false`) - If set to true, the UI service will only route to the active pod in a Vault HA cluster. - - `serviceNodePort` (`int: null`) - - Sets the Node Port value when using `serviceType: NodePort` on the Vault UI service. + - `serviceNodePort` (`int: null`) - Sets the Node Port value when using `serviceType: NodePort` on the Vault UI service. - - `externalPort` (`int: 8200`) - - Sets the external port value of the service. + - `externalPort` (`int: 8200`) - Sets the external port value of the service. + + - `targetPort` (`int: 8200`) - Sets the target port value of the service. - `loadBalancerSourceRanges` (`string`) - This value defines additional source CIDRs when using `serviceType: LoadBalancer`. This should be formatted as a multi-line string. @@ -883,6 +880,9 @@ and consider if they're appropriate for your deployment. annotations: | foo: bar ``` + + - `tolerations` (`string: null`) - Toleration Settings for CSI pods. This should be a multi-line string matching the Toleration array in a PodSpec. + - `serviceAccount` - Values that configure the Vault CSI Provider's serviceaccount. @@ -923,3 +923,5 @@ and consider if they're appropriate for your deployment. - `timeoutSeconds` (`int: 3`) - When set to a value, configures the number of seconds after which the probe times out. - `debug` (`bool: false`) - When set to true, enables debug logging on the Vault CSI Provider daemonset. + + - `extraArgs` (`string: array`) - The extra arguments to be applied to the CSI pod startup command. diff --git a/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx b/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx index c3afb22080..48d8dc988d 100644 --- a/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx +++ b/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx @@ -21,7 +21,7 @@ First, create the primary cluster: ```shell helm install vault-primary hashicorp/vault \ --set='server.image.repository=hashicorp/vault-enterprise' \ - --set='server.image.tag=1.7.0_ent' \ + --set='server.image.tag=1.7.2_ent' \ --set='server.ha.enabled=true' \ --set='server.ha.raft.enabled=true' ``` diff --git a/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx b/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx index 91480b198b..6ec7d21277 100644 --- a/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx +++ b/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx @@ -21,7 +21,7 @@ First, create the primary cluster: ```shell helm install vault-primary hashicorp/vault \ --set='server.image.repository=hashicorp/vault-enterprise' \ - --set='server.image.tag=1.7.0_ent' \ + --set='server.image.tag=1.7.2_ent' \ --set='server.ha.enabled=true' \ --set='server.ha.raft.enabled=true' ``` diff --git a/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx b/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx index fa1cb9e62c..55971fcb95 100644 --- a/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx +++ b/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx @@ -15,7 +15,7 @@ Integrated storage (raft) can be enabled using the `server.ha.raft.enabled` valu ```shell helm install vault hashicorp/vault \ --set='server.image.repository=hashicorp/vault-enterprise' \ - --set='server.image.tag=1.7.0_ent' \ + --set='server.image.tag=1.7.2_ent' \ --set='server.ha.enabled=true' \ --set='server.ha.raft.enabled=true' ``` diff --git a/website/content/docs/platform/k8s/helm/index.mdx b/website/content/docs/platform/k8s/helm/index.mdx index 7f88c286db..a1d45727ce 100644 --- a/website/content/docs/platform/k8s/helm/index.mdx +++ b/website/content/docs/platform/k8s/helm/index.mdx @@ -35,7 +35,7 @@ $ helm repo add hashicorp https://helm.releases.hashicorp.com $ helm search repo hashicorp/vault NAME CHART VERSION APP VERSION DESCRIPTION -hashicorp/vault 0.11.0 1.7.0 Official HashiCorp Vault Chart +hashicorp/vault 0.12.0 1.7.2 Official HashiCorp Vault Chart ``` -> **Important:** The Helm chart is new and under significant development. @@ -57,16 +57,16 @@ Installing a specific version of the chart. # List the available releases $ helm search repo hashicorp/vault -l NAME CHART VERSION APP VERSION DESCRIPTION +hashicorp/vault 0.12.0 1.7.2 Official HashiCorp Vault Chart hashicorp/vault 0.11.0 1.7.0 Official HashiCorp Vault Chart hashicorp/vault 0.10.0 1.7.0 Official HashiCorp Vault Chart hashicorp/vault 0.9.1 1.6.2 Official HashiCorp Vault Chart hashicorp/vault 0.9.0 1.6.1 Official HashiCorp Vault Chart hashicorp/vault 0.8.0 1.5.4 Official HashiCorp Vault Chart hashicorp/vault 0.7.0 1.5.2 Official HashiCorp Vault Chart -hashicorp/vault 0.6.0 1.4.2 Official HashiCorp Vault Chart -# Install version 0.11.0 -$ helm install vault hashicorp/vault --version 0.11.0 +# Install version 0.12.0 +$ helm install vault hashicorp/vault --version 0.12.0 ``` ~> **Security Warning:** By default, the chart runs in standalone mode. This diff --git a/website/content/docs/platform/k8s/helm/openshift.mdx b/website/content/docs/platform/k8s/helm/openshift.mdx index 66c6ee27a8..701c8242d6 100644 --- a/website/content/docs/platform/k8s/helm/openshift.mdx +++ b/website/content/docs/platform/k8s/helm/openshift.mdx @@ -69,7 +69,7 @@ $ helm repo add hashicorp https://helm.releases.hashicorp.com $ helm search repo hashicorp/vault NAME CHART VERSION APP VERSION DESCRIPTION -hashicorp/vault 0.11.0 1.7.0 Official HashiCorp Vault Chart +hashicorp/vault 0.12.0 1.7.2 Official HashiCorp Vault Chart ``` -> **Important:** The Helm chart is new and under significant development. @@ -88,6 +88,7 @@ Or install a specific version of the chart. # List the available releases $ helm search repo hashicorp/vault -l NAME CHART VERSION APP VERSION DESCRIPTION +hashicorp/vault 0.12.0 1.7.2 Official HashiCorp Vault Chart hashicorp/vault 0.11.0 1.7.0 Official HashiCorp Vault Chart hashicorp/vault 0.10.0 1.7.0 Official HashiCorp Vault Chart hashicorp/vault 0.9.1 1.6.2 Official HashiCorp Vault Chart @@ -96,8 +97,8 @@ hashicorp/vault 0.8.0 1.5.4 Official HashiCorp Vault Chart hashicorp/vault 0.7.0 1.5.2 Official HashiCorp Vault Chart hashicorp/vault 0.6.0 1.4.2 Official HashiCorp Vault Chart -# Install version 0.11.0 -$ helm install vault hashicorp/vault --version 0.11.0 +# Install version 0.12.0 +$ helm install vault hashicorp/vault --version 0.12.0 ``` The `helm install` command accepts parameters to override default configuration diff --git a/website/content/docs/platform/k8s/helm/run.mdx b/website/content/docs/platform/k8s/helm/run.mdx index 1cace9ccc9..e63d34f77f 100644 --- a/website/content/docs/platform/k8s/helm/run.mdx +++ b/website/content/docs/platform/k8s/helm/run.mdx @@ -53,7 +53,7 @@ $ helm repo add hashicorp https://helm.releases.hashicorp.com $ helm search repo hashicorp/vault NAME CHART VERSION APP VERSION DESCRIPTION -hashicorp/vault 0.11.0 1.7.0 Official HashiCorp Vault Chart +hashicorp/vault 0.12.0 1.7.2 Official HashiCorp Vault Chart ``` -> **Important:** The Helm chart is new and under significant development. @@ -72,6 +72,7 @@ Or install a specific version of the chart. # List the available releases $ helm search repo hashicorp/vault -l NAME CHART VERSION APP VERSION DESCRIPTION +hashicorp/vault 0.12.0 1.7.2 Official HashiCorp Vault Chart hashicorp/vault 0.11.0 1.7.0 Official HashiCorp Vault Chart hashicorp/vault 0.10.0 1.7.0 Official HashiCorp Vault Chart hashicorp/vault 0.9.1 1.6.2 Official HashiCorp Vault Chart @@ -80,8 +81,8 @@ hashicorp/vault 0.8.0 1.5.4 Official HashiCorp Vault Chart hashicorp/vault 0.7.0 1.5.2 Official HashiCorp Vault Chart hashicorp/vault 0.6.0 1.4.2 Official HashiCorp Vault Chart -# Install version 0.11.0 -$ helm install vault hashicorp/vault --version 0.11.0 +# Install version 0.12.0 +$ helm install vault hashicorp/vault --version 0.12.0 ``` The `helm install` command accepts parameters to override default configuration @@ -424,14 +425,14 @@ Next, list the Helm versions and choose the desired version to install. ```bash helm search repo hashicorp/vault NAME CHART VERSION APP VERSION DESCRIPTION -hashicorp/vault 0.10.0 1.7.0 Official HashiCorp Vault Chart +hashicorp/vault 0.12.0 1.7.2 Official HashiCorp Vault Chart ``` Next, test the upgrade with `--dry-run` first to verify the changes sent to the Kubernetes cluster. ```shell-session -$ helm upgrade vault hashicorp/vault --version=0.10.0 \ +$ helm upgrade vault hashicorp/vault --version=0.12.0 \ --set='server.image.repository=vault' \ --set='server.image.tag=123.456' \ --dry-run diff --git a/website/content/docs/platform/k8s/injector/annotations.mdx b/website/content/docs/platform/k8s/injector/annotations.mdx index 5bede97055..d5a8c4579d 100644 --- a/website/content/docs/platform/k8s/injector/annotations.mdx +++ b/website/content/docs/platform/k8s/injector/annotations.mdx @@ -28,7 +28,7 @@ them, optional commands to run, etc. - `vault.hashicorp.com/agent-image` - name of the Vault docker image to use. This value overrides the default image configured in the controller and is usually - not needed. Defaults to `vault:1.7.0`. + not needed. Defaults to `vault:1.7.2`. - `vault.hashicorp.com/agent-init-first` - configures the pod to run the Vault Agent init container first if `true` (last if `false`). This is useful when other init diff --git a/website/content/docs/platform/k8s/injector/installation.mdx b/website/content/docs/platform/k8s/injector/installation.mdx index 4bc6a24133..675f226046 100644 --- a/website/content/docs/platform/k8s/injector/installation.mdx +++ b/website/content/docs/platform/k8s/injector/installation.mdx @@ -20,7 +20,7 @@ $ helm repo add hashicorp https://helm.releases.hashicorp.com $ helm search repo hashicorp/vault NAME CHART VERSION APP VERSION DESCRIPTION -hashicorp/vault 0.10.0 1.7.0 Official HashiCorp Vault Chart +hashicorp/vault 0.12.0 1.7.2 Official HashiCorp Vault Chart ``` Then install the chart and enable the injection feature by setting the