Skip to content

Releases: hashicorp/vault-k8s

v1.6.0

05 Dec 21:52
c46ef47
Compare
Choose a tag to compare

1.6.0 (December 5, 2024)

Changes:

  • Building with Go 1.22.10
  • Default Vault version updated to 1.18.2
  • Dependency updates:
    • Docker image ubi8/ubi-minimal 8.10-1086 => 8.10-1130
    • github.com/stretchr/testify v1.9.0 => v1.10.0
    • golang.org/x/crypto v0.28.0 => v0.30.0
    • golang.org/x/net v0.30.0 => v0.32.0
    • golang.org/x/sys v0.26.0 => v0.28.0
    • golang.org/x/term v0.25.0 => v0.27.0
    • golang.org/x/text v0.19.0 => v0.21.0
    • k8s.io/api v0.31.2 => v0.31.3
    • k8s.io/apimachinery v0.31.2 => v0.31.3
    • k8s.io/client-go v0.31.2 => v0.31.3
    • sigs.k8s.io/controller-runtime v0.19.1 => v0.19.2

Features:

Improvements:

  • Support AGENT_INJECT_TLS_CA_CERT_FILE env option when using manual TLS GH-679

v1.5.0

06 Nov 20:06
57a108b
Compare
Choose a tag to compare

1.5.0 (November 6, 2024)

Changes:

  • Building with Go 1.22.8
  • Default Vault version updated to 1.18.1
  • Testing with Vault 1.16 - 1.18
  • Testing with K8s versions 1.28 - 1.31
  • Dependency updates:
    • Docker image alpine 3.20.1 => 3.20.3
    • Docker image ubi8/ubi-minimal 8.10-1018 => 8.10-1086
    • github.com/hashicorp/vault/sdk v0.13.0 => v0.14.0
    • github.com/operator-framework/operator-lib v0.14.0 => v0.15.0
    • github.com/prometheus/client_golang v1.19.1 => v1.20.5
    • golang.org/x/crypto v0.26.0 => v0.28.0
    • golang.org/x/net v0.28.0 => v0.30.0
    • golang.org/x/sys v0.24.0 => v0.26.0
    • golang.org/x/term v0.23.0 => v0.25.0
    • golang.org/x/text v0.17.0 => v0.19.0
    • k8s.io/api v0.30.2 => v0.31.2
    • k8s.io/apimachinery v0.30.2 => v0.31.2
    • k8s.io/client-go v0.30.2 => v0.31.2
    • k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 => v0.0.0-20240711033017-18e509b52bc8
    • sigs.k8s.io/controller-runtime v0.18.4 => v0.19.1

Features:

  • Add annotations for customizing template delimiters GH-664

Bugs:

  • Disable handling update on pods GH-619

v1.4.2

03 Jul 21:44
09f70c8
Compare
Choose a tag to compare

1.4.2 (July 3, 2024)

Changes:

  • Building with Go 1.22.5
  • Default Vault version update to 1.17.1
  • Testing with Vault 1.15 - 1.17
  • Dependency updates:
    • Docker image alpine 3.19.1 => 3.20.1
    • Docker image ubi8/ubi-minimal 8.9-1161 => 8.10-1018
    • github.com/go-logr/logr v1.4.1 => v1.4.2
    • github.com/hashicorp/vault/sdk v0.11.1 => v0.13.0
    • github.com/operator-framework/operator-lib v0.12.0 => v0.14.0
    • github.com/prometheus/client_golang v1.19.0 => v1.19.1
    • golang.org/x/crypto v0.22.0 => v0.24.0
    • golang.org/x/net v0.24.0 => v0.26.0
    • golang.org/x/sys v0.19.0 => v0.21.0
    • golang.org/x/term v0.19.0 => v0.21.0
    • golang.org/x/text v0.14.0 => v0.16.0
    • k8s.io/api v0.29.3 => v0.30.2
    • k8s.io/apimachinery v0.29.3 => v0.30.2
    • k8s.io/client-go v0.29.3 => v0.30.2
    • k8s.io/utils v0.0.0-20230726121419-3b25d923346b => v0.0.0-20240502163921-fe8a2dddb1d0
    • sigs.k8s.io/controller-runtime v0.17.2 => v0.18.4

v1.4.1

08 Apr 19:27
99c390d
Compare
Choose a tag to compare

1.4.1 (April 8, 2024)

Changes:

  • Building with Go 1.22.2
  • Default Vault version update to 1.16.1
  • Dependency updates:
    • Docker UBI image ubi8/ubi-minimal 8.9-1137 => 8.9-1161
    • github.com/cenkalti/backoff/v4 v4.2.1 => v4.3.0
    • github.com/go-logr/logr v1.3.0 => v1.4.1
    • github.com/hashicorp/go-hclog v1.6.2 => v1.6.3
    • github.com/hashicorp/vault/sdk v0.11.0 => v0.11.1
    • golang.org/x/crypto v0.18.0 => v0.22.0
    • golang.org/x/net v0.20.0 => v0.24.0
    • golang.org/x/sys v0.16.0 => v0.19.0
    • golang.org/x/term v0.16.0 => v0.19.0
    • k8s.io/api v0.29.2 => v0.29.3
    • k8s.io/apimachinery v0.29.2 => v0.29.3
    • k8s.io/client-go v0.29.2 => v0.29.3
    • sigs.k8s.io/controller-runtime v0.16.3 => v0.17.2

Bugs:

  • Enable logging from operator-lib's leader election (used during auto-tls certificate generation) GH-608

v1.4.0

04 Mar 23:26
1a8db92
Compare
Choose a tag to compare

1.4.0 (March 4, 2024)

Features:

  • Add support for max_connections_per_host within Agent injector GH-579
  • Add support for error_on_missing_key within Agent injector GH-441

Changes:

  • Default Vault version updated to 1.15.6
  • Building with Go 1.21.7
  • Testing with K8s versions 1.25-1.29
  • Dependency updates:
    • Docker UBI image ubi8/ubi-minimal 8.8-1072.1697626218 => 8.9-1137
    • Docker alpine version 3.18.4 => 3.19.1
    • k8s.io/api v0.28.3 => v0.29.2
    • k8s.io/apimachinery v0.28.3 => v0.29.2
    • k8s.io/client-go v0.28.3 => v0.29.2
    • k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 => v0.0.0-20230726121419-3b25d923346b`
    • github.com/hashicorp/go-hclog v1.5.0 => v1.6.2
    • github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.2 => v0.1.3
    • github.com/hashicorp/vault/sdk v0.10.2 => v0.11.0
    • github.com/prometheus/client_golang v1.17.0 => v1.19.0
    • github.com/operator-framework/operator-lib v0.11.0 => v0.12.0
    • github.com/evanphx/json-patch v5.7.0 => v5.9.0
    • github.com/stretchr/testify v1.8.4 => v1.9.0

v1.3.1

25 Oct 16:36
a8525a2
Compare
Choose a tag to compare

1.3.1 (October 25, 2023)

Changes:

  • Default Vault version updated to 1.15.1
  • Building with Go 1.21.3
  • Testing with K8s versions 1.24-1.28
  • Dependency updates:
    • Docker UBI image ubi8/ubi-minimal 8.8-1037 -> 8.8-1072.1697626218
    • Docker alpine version 3.18.3 -> 3.18.4
    • golang.org/x/crypto v0.11.0 => v0.14.0
    • golang.org/x/net v0.13.0 => v0.17.0
    • golang.org/x/sys v0.10.0 => v0.13.0
    • golang.org/x/term v0.10.0 => v0.13.0
    • golang.org/x/text v0.11.0 => v0.13.0
    • k8s.io/api v0.27.4 => v0.28.3
    • k8s.io/apimachinery v0.27.4 => v0.28.3
    • k8s.io/client-go v0.27.4 => v0.28.3
    • github.com/hashicorp/vault/sdk v0.9.2 => v0.10.2
    • github.com/prometheus/client_golang v1.16.0 => v1.17.0
    • github.com/evanphx/json-patch v5.6.0 => v5.7.0

Improvements:

  • Injector can set CA certificate for injected pods via AGENT_INJECT_VAULT_CACERT_BYTES env var or -vault-cacert-bytes flag GH-507
  • Remove refs to deprecated io/ioutil GH-516

v1.3.0

16 Aug 17:12
1b1d69e
Compare
Choose a tag to compare

1.3.0 (August 16, 2023)

Improvements:

  • Add NAMESPACE, HOST_IP, and POD_IP environment variables to Agent container using downward API GH-486

Changes:

  • Templated secrets no longer require the -secret annotation GH-505
  • Only inject Pods that are Pending GH-501
  • Default to Vault 1.14.1
  • Building with Go 1.20.7
  • Testing with K8s versions 1.23-1.27
  • Dependency updates:
    • github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
    • github.com/hashicorp/vault/sdk v0.8.1 -> v0.9.2
    • github.com/stretchr/testify v1.8.2 -> v1.8.4
    • github.com/prometheus/client_golang v1.14.0 -> v1.16.0
    • k8s.io/apimachinery v0.26.3 -> v0.27.4
    • k8s.io/api v0.26.3 -> v0.27.4
    • k8s.io/client-go v0.26.3 -> v0.27.4
    • golang.org/x/net v0.7.0 -> v0.13.0
    • golang.org/x/sys v0.5.0 -> v0.10.0
    • golang.org/x/term v0.5.0 -> v0.10.0
    • golang.org/x/text v0.7.0 -> v0.11.0
    • Docker alpine version 3.17.3 -> 3.18.3
    • Docker UBI image ubi8/ubi-minimal 8.7-1107 -> 8.8-1037

Bugs:

  • Prevent auth-config-token-path from being overridden when another serviceaccount volume is present GH-457

v1.2.1

06 Apr 21:21
43d06cc
Compare
Choose a tag to compare

1.2.1 (April 6, 2023)

Changes:

  • Default to Vault 1.13.1
  • Building with Go 1.20.3
  • Dependency updates:
    • github.com/cenkalti/backoff/v4 v4.1.3 -> v4.2.0
    • github.com/hashicorp/go-hclog v1.3.1 -> v1.5.0
    • github.com/hashicorp/vault/sdk v0.6.1 -> v0.8.1
    • golang.org/x/net v0.4.0 -> v0.7.0
    • golang.org/x/sys v0.3.0 -> v0.5.0
    • golang.org/x/term v0.3.0 -> v0.5.0
    • golang.org/x/text v0.5.0 -> v0.7.0
    • k8s.io/api v0.25.4 -> v0.26.3
    • k8s.io/apimachinery v0.25.4 -> v0.26.3
    • k8s.io/client-go v0.25.4 -> v0.26.3
    • k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed -> v0.0.0-20230406110748-d93618cff8a2
    • Docker UBI image ubi8/ubi-minimal 8.7 -> 8.7-1107
    • Used fixed Docker alpine version: 3.17.3

Bugs:

  • Don't override shareProcessNamespace if an annotation is not present GH-445

v1.2.0

06 Feb 19:31
e4d2409
Compare
Choose a tag to compare

1.2.0 (February 6, 2023)

Changes:

  • Building with Go 1.19.5
  • Update golang.org/x/net to v0.4.0 GH-409
  • Default to Vault v1.12.3

Features:

  • Add support for enabling sharedProcessNamespace on the Pod spec GH-408
  • Add agent-telemetry annotation GH-413

Improvements:

  • Set Kubernetes user-agent to include vault-k8s version GH-411

Bugs:

  • Preserve metadata when updating the cert secret GH-401

v1.1.0

17 Nov 18:38
9664f15
Compare
Choose a tag to compare
Dependency, k8s, and image updates (#402)

* update go and tests workflow

Use go 1.19.3, bump action versions, and test with k8s 1.21-1.25

* update image versions

alpine 3.16.2 -> 3.16.3
ubi-minimal 8.6 -> 8.7

* update go deps

    go list -u -m -json all | jq -r 'select(.Indirect != true and .Update != null) | .Path+"@"+.Update.Version' | xargs -L1 go get
    go mod tidy

github.com/cenkalti/backoff/v4 v4.1.1 => v4.1.3
github.com/hashicorp/go-hclog v1.0.0 => v1.3.1
github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1 => v0.1.2
github.com/hashicorp/vault/sdk v0.2.1 => v0.6.1
github.com/mitchellh/cli v1.1.4 => v1.1.5
github.com/operator-framework/operator-lib v0.8.0 => v0.11.0
github.com/prometheus/client_golang v1.11.1 => v1.12.1
github.com/stretchr/testify v1.8.0 => v1.8.1
k8s.io/api v0.22.2 => v0.25.4
k8s.io/apimachinery v0.22.2 => v0.25.4
k8s.io/client-go v0.22.2 => v0.25.4

* update more actions

* corev1.Handler => corev1.LifecycleHandler

* update set-output usage in workflows

* changelog++ and vault 1.12.1