diff --git a/bitnami/vault/Chart.lock b/bitnami/vault/Chart.lock index 74cf49fd56..aab956dd5d 100644 --- a/bitnami/vault/Chart.lock +++ b/bitnami/vault/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.6.0 -digest: sha256:6ce7c85dcb43ad1fc5ff600850f28820ddc2f1a7c8cb25c5ff542fe1f852165a -generated: "2023-07-13T12:43:58.840353635Z" + version: 2.8.0 +digest: sha256:0119fce6b509ebf3eaf5218f87f6ec0af64ec7da15f272115673b0716c4b6919 +generated: "2023-08-17T20:00:13.360425671Z" diff --git a/bitnami/vault/Chart.yaml b/bitnami/vault/Chart.yaml index e4d4d01e27..e4779f6567 100644 --- a/bitnami/vault/Chart.yaml +++ b/bitnami/vault/Chart.yaml @@ -4,26 +4,35 @@ annotations: category: Infrastructure licenses: Apache-2.0 + images: | + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r40 + - name: vault-csi-provider + image: docker.io/bitnami/vault-csi-provider:1.4.0-debian-11-r95 + - name: vault-k8s + image: docker.io/bitnami/vault-k8s:1.2.1-debian-11-r95 + - name: vault + image: docker.io/bitnami/vault:1.14.1-debian-11-r20 apiVersion: v2 appVersion: 1.14.1 dependencies: - - name: common - repository: oci://registry-1.docker.io/bitnamicharts - tags: - - bitnami-common - version: 2.x.x +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x description: Vault is a tool for securely managing and accessing secrets using a unified interface. Features secure storage, dynamic secrets, data encryption and revocation. home: https://bitnami.com icon: https://bitnami.com/assets/stacks/vault/img/vault-stack-220x234.png keywords: - - security - - secrets - - injection - - vault +- security +- secrets +- injection +- vault maintainers: - - name: VMware, Inc. - url: https://github.com/bitnami/charts +- name: VMware, Inc. + url: https://github.com/bitnami/charts name: vault sources: - - https://github.com/bitnami/charts/tree/main/bitnami/vault -version: 0.2.7 +- https://github.com/bitnami/charts/tree/main/bitnami/vault +version: 0.2.8 diff --git a/bitnami/vault/README.md b/bitnami/vault/README.md index 436c5fab29..abd36d7f86 100644 --- a/bitnami/vault/README.md +++ b/bitnami/vault/README.md @@ -77,83 +77,83 @@ The command removes all the Kubernetes components associated with the chart and ### Vault Server Parameters -| Name | Description | Value | -| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `server.enabled` | Enable Vault Server | `true` | -| `server.image.registry` | Vault Server image registry | `docker.io` | -| `server.image.repository` | Vault Server image repository | `bitnami/vault` | -| `server.image.tag` | Vault Server image tag (immutable tags are recommended) | `1.14.1-debian-11-r0` | -| `server.image.digest` | Vault Server image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | -| `server.image.pullPolicy` | Vault Server image pull policy | `IfNotPresent` | -| `server.image.pullSecrets` | Vault Server image pull secrets | `[]` | -| `server.image.debug` | Enable Vault Server image debug mode | `false` | -| `server.replicaCount` | Number of Vault Server replicas to deploy | `1` | -| `server.podManagementPolicy` | Pod management policy | `Parallel` | -| `server.containerPorts.http` | Vault Server http container port | `8200` | -| `server.containerPorts.internal` | Vault Server internal (HTTPS) container port | `8201` | -| `server.livenessProbe.enabled` | Enable livenessProbe on Vault Server containers | `false` | -| `server.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `server.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `server.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `server.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `server.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `server.readinessProbe.enabled` | Enable readinessProbe on Vault Server containers | `true` | -| `server.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `server.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `server.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `server.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `server.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `server.startupProbe.enabled` | Enable startupProbe on Vault Server containers | `false` | -| `server.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `server.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `server.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `server.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `server.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `server.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `server.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `server.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `server.resources.limits` | The resources limits for the Vault Server containers | `{}` | -| `server.resources.requests` | The requested resources for the Vault Server containers | `{}` | -| `server.podSecurityContext.enabled` | Enabled Vault Server pods' Security Context | `true` | -| `server.podSecurityContext.fsGroup` | Set Vault Server pod's Security Context fsGroup | `1001` | -| `server.podSecurityContext.seccompProfile.type` | Set Vault Server container's Security Context seccomp profile | `RuntimeDefault` | -| `server.containerSecurityContext.enabled` | Enabled Vault Server containers' Security Context | `true` | -| `server.containerSecurityContext.runAsUser` | Set Vault Server containers' Security Context runAsUser | `1001` | -| `server.containerSecurityContext.runAsNonRoot` | Set Vault Server containers' Security Context runAsNonRoot | `true` | -| `server.containerSecurityContext.readOnlyRootFilesystem` | Set Vault Server containers' Security Context runAsNonRoot | `true` | -| `server.containerSecurityContext.allowPrivilegeEscalation` | Set Vault Server container's privilege escalation | `false` | -| `server.containerSecurityContext.capabilities.drop` | Set Vault Server container's Security Context runAsNonRoot | `["ALL"]` | -| `server.command` | Override default container command (useful when using custom images) | `[]` | -| `server.args` | Override default container args (useful when using custom images) | `[]` | -| `server.hostAliases` | Vault Server pods host aliases | `[]` | -| `server.config` | Vault server configuration (evaluated as a template) | `""` | -| `server.existingConfigMap` | name of a ConfigMap with existing configuration for the server | `""` | -| `server.podLabels` | Extra labels for Vault Server pods | `{}` | -| `server.podAnnotations` | Annotations for Vault Server pods | `{}` | -| `server.podAffinityPreset` | Pod affinity preset. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `server.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `server.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `server.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `server.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `server.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `server.nodeAffinityPreset.key` | Node label key to match. Ignored if `server.affinity` is set | `""` | -| `server.nodeAffinityPreset.values` | Node label values to match. Ignored if `server.affinity` is set | `[]` | -| `server.affinity` | Affinity for Vault Server pods assignment | `{}` | -| `server.nodeSelector` | Node labels for Vault Server pods assignment | `{}` | -| `server.tolerations` | Tolerations for Vault Server pods assignment | `[]` | -| `server.updateStrategy.type` | Vault Server statefulset strategy type | `RollingUpdate` | -| `server.priorityClassName` | Vault Server pods' priorityClassName | `""` | -| `server.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `server.schedulerName` | Name of the k8s scheduler (other than default) for Vault Server pods | `""` | -| `server.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | -| `server.lifecycleHooks` | for the Vault Server container(s) to automate configuration before or after startup | `{}` | -| `server.extraEnvVars` | Array with extra environment variables to add to Vault Server nodes | `[]` | -| `server.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Vault Server nodes | `""` | -| `server.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Vault Server nodes | `""` | -| `server.extraVolumes` | Optionally specify extra list of additional volumes for the Vault Server pod(s) | `[]` | -| `server.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Vault Server container(s) | `[]` | -| `server.sidecars` | Add additional sidecar containers to the Vault Server pod(s) | `[]` | -| `server.initContainers` | Add additional init containers to the Vault Server pod(s) | `[]` | +| Name | Description | Value | +| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| `server.enabled` | Enable Vault Server | `true` | +| `server.image.registry` | Vault Server image registry | `docker.io` | +| `server.image.repository` | Vault Server image repository | `bitnami/vault` | +| `server.image.tag` | Vault Server image tag (immutable tags are recommended) | `1.14.1-debian-11-r20` | +| `server.image.digest` | Vault Server image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | +| `server.image.pullPolicy` | Vault Server image pull policy | `IfNotPresent` | +| `server.image.pullSecrets` | Vault Server image pull secrets | `[]` | +| `server.image.debug` | Enable Vault Server image debug mode | `false` | +| `server.replicaCount` | Number of Vault Server replicas to deploy | `1` | +| `server.podManagementPolicy` | Pod management policy | `Parallel` | +| `server.containerPorts.http` | Vault Server http container port | `8200` | +| `server.containerPorts.internal` | Vault Server internal (HTTPS) container port | `8201` | +| `server.livenessProbe.enabled` | Enable livenessProbe on Vault Server containers | `false` | +| `server.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `server.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `server.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `server.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `server.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `server.readinessProbe.enabled` | Enable readinessProbe on Vault Server containers | `true` | +| `server.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `server.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `server.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `server.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `server.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `server.startupProbe.enabled` | Enable startupProbe on Vault Server containers | `false` | +| `server.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `server.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `server.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `server.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `server.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `server.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `server.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `server.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `server.resources.limits` | The resources limits for the Vault Server containers | `{}` | +| `server.resources.requests` | The requested resources for the Vault Server containers | `{}` | +| `server.podSecurityContext.enabled` | Enabled Vault Server pods' Security Context | `true` | +| `server.podSecurityContext.fsGroup` | Set Vault Server pod's Security Context fsGroup | `1001` | +| `server.podSecurityContext.seccompProfile.type` | Set Vault Server container's Security Context seccomp profile | `RuntimeDefault` | +| `server.containerSecurityContext.enabled` | Enabled Vault Server containers' Security Context | `true` | +| `server.containerSecurityContext.runAsUser` | Set Vault Server containers' Security Context runAsUser | `1001` | +| `server.containerSecurityContext.runAsNonRoot` | Set Vault Server containers' Security Context runAsNonRoot | `true` | +| `server.containerSecurityContext.readOnlyRootFilesystem` | Set Vault Server containers' Security Context runAsNonRoot | `true` | +| `server.containerSecurityContext.allowPrivilegeEscalation` | Set Vault Server container's privilege escalation | `false` | +| `server.containerSecurityContext.capabilities.drop` | Set Vault Server container's Security Context runAsNonRoot | `["ALL"]` | +| `server.command` | Override default container command (useful when using custom images) | `[]` | +| `server.args` | Override default container args (useful when using custom images) | `[]` | +| `server.hostAliases` | Vault Server pods host aliases | `[]` | +| `server.config` | Vault server configuration (evaluated as a template) | `""` | +| `server.existingConfigMap` | name of a ConfigMap with existing configuration for the server | `""` | +| `server.podLabels` | Extra labels for Vault Server pods | `{}` | +| `server.podAnnotations` | Annotations for Vault Server pods | `{}` | +| `server.podAffinityPreset` | Pod affinity preset. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `server.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `server.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `server.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `server.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `server.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `server.nodeAffinityPreset.key` | Node label key to match. Ignored if `server.affinity` is set | `""` | +| `server.nodeAffinityPreset.values` | Node label values to match. Ignored if `server.affinity` is set | `[]` | +| `server.affinity` | Affinity for Vault Server pods assignment | `{}` | +| `server.nodeSelector` | Node labels for Vault Server pods assignment | `{}` | +| `server.tolerations` | Tolerations for Vault Server pods assignment | `[]` | +| `server.updateStrategy.type` | Vault Server statefulset strategy type | `RollingUpdate` | +| `server.priorityClassName` | Vault Server pods' priorityClassName | `""` | +| `server.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `server.schedulerName` | Name of the k8s scheduler (other than default) for Vault Server pods | `""` | +| `server.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `server.lifecycleHooks` | for the Vault Server container(s) to automate configuration before or after startup | `{}` | +| `server.extraEnvVars` | Array with extra environment variables to add to Vault Server nodes | `[]` | +| `server.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Vault Server nodes | `""` | +| `server.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Vault Server nodes | `""` | +| `server.extraVolumes` | Optionally specify extra list of additional volumes for the Vault Server pod(s) | `[]` | +| `server.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Vault Server container(s) | `[]` | +| `server.sidecars` | Add additional sidecar containers to the Vault Server pod(s) | `[]` | +| `server.initContainers` | Add additional init containers to the Vault Server pod(s) | `[]` | ### Vault Server Traffic Exposure Parameters @@ -249,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and | `csiProvider.enabled` | Enable Vault CSI Provider | `false` | | `csiProvider.image.registry` | Vault CSI Provider image registry | `docker.io` | | `csiProvider.image.repository` | Vault CSI Provider image repository | `bitnami/vault-csi-provider` | -| `csiProvider.image.tag` | Vault CSI Provider image tag (immutable tags are recommended) | `1.4.0-debian-11-r75` | +| `csiProvider.image.tag` | Vault CSI Provider image tag (immutable tags are recommended) | `1.4.0-debian-11-r95` | | `csiProvider.image.digest` | Vault CSI Provider image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | | `csiProvider.image.pullPolicy` | Vault CSI Provider image pull policy | `IfNotPresent` | | `csiProvider.image.pullSecrets` | Vault CSI Provider image pull secrets | `[]` | @@ -372,7 +372,7 @@ The command removes all the Kubernetes components associated with the chart and | `injector.enabled` | Enable Vault Kubernetes Injector | `true` | | `injector.image.registry` | Vault Kubernetes Injector image registry | `docker.io` | | `injector.image.repository` | Vault Kubernetes Injector image repository | `bitnami/vault-k8s` | -| `injector.image.tag` | Vault Kubernetes Injector image tag (immutable tags are recommended) | `1.2.1-debian-11-r75` | +| `injector.image.tag` | Vault Kubernetes Injector image tag (immutable tags are recommended) | `1.2.1-debian-11-r95` | | `injector.image.digest` | Vault Kubernetes Injector image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | | `injector.image.pullPolicy` | Vault Kubernetes Injector image pull policy | `IfNotPresent` | | `injector.image.pullSecrets` | Vault Kubernetes Injector image pull secrets | `[]` | @@ -475,7 +475,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | OS Shell + Utility image registry | `docker.io` | | `volumePermissions.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r19` | +| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r40` | | `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | diff --git a/bitnami/vault/values.yaml b/bitnami/vault/values.yaml index e4f3e59152..7620e1952f 100644 --- a/bitnami/vault/values.yaml +++ b/bitnami/vault/values.yaml @@ -83,7 +83,7 @@ server: image: registry: docker.io repository: bitnami/vault - tag: 1.14.1-debian-11-r0 + tag: 1.14.1-debian-11-r20 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -732,7 +732,7 @@ csiProvider: image: registry: docker.io repository: bitnami/vault-csi-provider - tag: 1.4.0-debian-11-r75 + tag: 1.4.0-debian-11-r95 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1167,7 +1167,7 @@ injector: image: registry: docker.io repository: bitnami/vault-k8s - tag: 1.2.1-debian-11-r75 + tag: 1.2.1-debian-11-r95 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1544,7 +1544,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r19 + tag: 11-debian-11-r40 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets.