Notable new features:
-
Mutating Webhook and vault-env:
- add healthz handler and added
readinessProbe
to chart with this
- add healthz handler and added
-
Vault Configurer:
- Add support for "create_only" field to secret engines
- Example added for Google Secret backend configuration
- added complete MySQL backed HA setup example
-
Operator:
- add all Kubernetes Service FQDNs to TLS cert hosts
- make Vault Pods fine-tunable via VaultPodSpec and VaultConfigurerPodSpec
- Use the k8s-objectmatcher library to avoid unnecessary object updates
- updated operatork SDK to 0.9.0 - Go modules 🎉
- Make etcd image repositories configurable
- allow Vault configuration to be templated with environment variables (and actually all Go template and Sprig functions) the same way as configurer configuration ⚛️
Bugfixes:
- Operator:
- Cluster vs namespaced Role seemed were swapped around in the deployment examples
- Fetch the Vault instance again before update to minimize the possibility of updating a stale object
- Mutating Webhook and vault-env:
- Fix for mutating webhook not mounting TLS certificates to the "main" container
Misc
- various CI and acceptance test fixes and improvements (as always...)
- various documentation fixes
All commits since 0.4.17:
banzaicloud/bank-vaults@0.4.17...0.4.18
Thanks to all the contributors! 🍺 ❤️
@pbalogh-sa
@baluchicken
@jurgenweber
@ryandbump
@mgruener
@primeroz
@pepov
@matyix
@bonifaido
Artifacts:
With tag 0.4.18:
https://cloud.docker.com/u/banzaicloud/repository/docker/banzaicloud/vault-secrets-webhook/tags
https://cloud.docker.com/u/banzaicloud/repository/docker/banzaicloud/bank-vaults/tags
https://cloud.docker.com/u/banzaicloud/repository/docker/banzaicloud/vault-env/tags
https://cloud.docker.com/u/banzaicloud/repository/docker/banzaicloud/vault-operator/tags