Features:
- Support for setting
disable_idle_connections
in the agent config GH-366
Improvements:
- Added support to configure default vault namespace on the agent config GH-345
Bugs:
- Properly return admission errors GH-363
Improvements:
- ConfigMap with missing vault section should default to env vars GH-353
- Wait for certificate before starting HTTP listener GH-354
- Update example injector mutating webhook config to exclude agent pod GH-351
Bugs:
- Certificate watcher timer deadlock fix GH-350
Features:
- Add agent-enable-quit annotation GH-330
- Add go-max-procs annotation GH-333
- Add min and max auth backoff annotations and environment variables GH-341
Improvements:
- Add a name to the service port GH-262
Changes:
- Only update webhook CA bundles when needed GH-336
Features:
- Add agent-inject-containers annotation GH-313
Changes:
- Build with go 1.17.8
- Default to Vault v1.9.4
Changes:
- Build with go 1.17.6
- Default to Vault v1.9.2
Changes:
- Bump the default Vault image to v1.9.0
Improvements:
- Dependency update GH-304
Improvements:
- Added options for setting the TLS minimum version (default 1.2) and supported cipher suites: GH-302
Changes:
- Bump the default Vault image to v1.8.3
Improvements:
- Continuously retry updating the cert secret: GH-280
- Keep the last CA when creating a new one: GH-287
- Moved leader election inside vault-k8s: GH-271
- Add projected service account support GH-288
Bugs:
- Set GVK on AdmissionReview responses in webhook GH-296
- Fix a typo in deploy/injector-mutating-webhook.yaml manifest GH-296
Features:
- New annotation to allow the user to set the rendered file permission: GH-277
- Adds flag and annotation to configure template config
static_secret_render_interval
: GH-276
Features:
- Added exit_on_retry_failure flag and annotation: GH-267
Improvements:
- Switch the default vault image to come from the hashicorp docker hub org: GH-270
- Better support for setting the region when auth type is AWS: GH-268
- Added support for K8s v1 Admission API: GH-273
Improvements:
- Dependency update: GH-265
Bugs:
Features:
- Added flags/envs to change default resources for all injected containers: GH-235
- Added an annotation to use template path on disk: GH-222
- Added an annotation and global flag to change default template from map to json: GH-242
Improvements:
- Better support for IRSA on AWS/EKS: GH-169
Features:
- Added annotation to specify HTTPS proxy on Vault Agent containers: GH-211
- Added support for all auto-auth methods: GH-213
- Added support for persistent agent caching: GH-229
- Arm binaries and images are now being published as part of a release: GH-221
Improvements:
Bugs:
Features:
- Added annotation to copy mounts from a specified container: GH-212
- Added annotation to change log format for the agent: GH-200
Features:
Features:
- Added
extra-secret
annotation for mounting kube-secrets: GH-119
Improvements:
- Resource limits and requests can be disabled via annotation: GH-174
Features:
- Added annotations to configure agent caching/listener: GH-132
- Added annotation for specifying filenames and paths within the secrets volume: GH-158
- Added prometheus telemetry support: GH-145
Improvements:
- Injected agents are now configured with
readOnlyRootFilesystem: true
: GH-142 - Added additional security contexts for better integration with restrictive PSPs: GH-153
- Added unique token volumes for init/sidecar: GH-170
Features:
- Added annotations/envs to change the UID and GID of the Vault Agent process: GH-60
- Added command-line options, annotations, and envs for
run-as-same-user
andset-security-context
: GH-131
Improvements:
Bugs:
Features:
- Added flag/env to change log-format for the injector: GH-50
- Added annotation to run a command after template has been rendered: GH-57
- Added annotation to configure Vault namespace: GH-82
- Added annotation to configure Vault Agent log level: GH-82
- Added annotation that shares the Vault Agent token in the shared volume: GH-77
- Added annotations to configure token revocation during shutdown: GH-67
- Added annotations to customize render path of secrets (per secret and global default): GH-71
- Added annotation to preserve case: GH-71
- Added annotation to configure if the init container runs first or last: GH-91
Improvements:
- Added
GO111MODULE
flag toMakefile
: GH-61 - Changed token location from
/home/vault/.token
to/home/vault/.vault-token
: GH-66
Bugs:
- Fixed bug where secret volumes were not shared with other init containers: GH-91
Features:
- Added configurable auth mount path annotation and environment variable [GH-23]
- Added kustomize [GH-43]
Bugs:
- Fixed bug where tlsSkipVerify was true by default [GH-34]
Bugs:
- Fixed bug causing pods in kube-system to be rejected [GH-14]
Initial release