v1.4.1

1.4.1 (April 8, 2024)

Changes:

• Building with Go 1.22.2
• Default Vault version update to 1.16.1
• Dependency updates:
  • Docker UBI image ubi8/ubi-minimal 8.9-1137 => 8.9-1161
  • github.com/cenkalti/backoff/v4 v4.2.1 => v4.3.0
  • github.com/go-logr/logr v1.3.0 => v1.4.1
  • github.com/hashicorp/go-hclog v1.6.2 => v1.6.3
  • github.com/hashicorp/vault/sdk v0.11.0 => v0.11.1
  • golang.org/x/crypto v0.18.0 => v0.22.0
  • golang.org/x/net v0.20.0 => v0.24.0
  • golang.org/x/sys v0.16.0 => v0.19.0
  • golang.org/x/term v0.16.0 => v0.19.0
  • k8s.io/api v0.29.2 => v0.29.3
  • k8s.io/apimachinery v0.29.2 => v0.29.3
  • k8s.io/client-go v0.29.2 => v0.29.3
  • sigs.k8s.io/controller-runtime v0.16.3 => v0.17.2

Bugs:

• Enable logging from operator-lib's leader election (used during auto-tls certificate generation) GH-608

v1.4.0

1.4.0 (March 4, 2024)

Features:

• Add support for max_connections_per_host within Agent injector GH-579
• Add support for error_on_missing_key within Agent injector GH-441

Changes:

• Default Vault version updated to 1.15.6
• Building with Go 1.21.7
• Testing with K8s versions 1.25-1.29
• Dependency updates:
  • Docker UBI image ubi8/ubi-minimal 8.8-1072.1697626218 => 8.9-1137
  • Docker alpine version 3.18.4 => 3.19.1
  • k8s.io/api v0.28.3 => v0.29.2
  • k8s.io/apimachinery v0.28.3 => v0.29.2
  • k8s.io/client-go v0.28.3 => v0.29.2
  • k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 => v0.0.0-20230726121419-3b25d923346b`
  • github.com/hashicorp/go-hclog v1.5.0 => v1.6.2
  • github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.2 => v0.1.3
  • github.com/hashicorp/vault/sdk v0.10.2 => v0.11.0
  • github.com/prometheus/client_golang v1.17.0 => v1.19.0
  • github.com/operator-framework/operator-lib v0.11.0 => v0.12.0
  • github.com/evanphx/json-patch v5.7.0 => v5.9.0
  • github.com/stretchr/testify v1.8.4 => v1.9.0

v1.3.1

1.3.1 (October 25, 2023)

Changes:

• Default Vault version updated to 1.15.1
• Building with Go 1.21.3
• Testing with K8s versions 1.24-1.28
• Dependency updates:
  • Docker UBI image ubi8/ubi-minimal 8.8-1037 -> 8.8-1072.1697626218
  • Docker alpine version 3.18.3 -> 3.18.4
  • golang.org/x/crypto v0.11.0 => v0.14.0
  • golang.org/x/net v0.13.0 => v0.17.0
  • golang.org/x/sys v0.10.0 => v0.13.0
  • golang.org/x/term v0.10.0 => v0.13.0
  • golang.org/x/text v0.11.0 => v0.13.0
  • k8s.io/api v0.27.4 => v0.28.3
  • k8s.io/apimachinery v0.27.4 => v0.28.3
  • k8s.io/client-go v0.27.4 => v0.28.3
  • github.com/hashicorp/vault/sdk v0.9.2 => v0.10.2
  • github.com/prometheus/client_golang v1.16.0 => v1.17.0
  • github.com/evanphx/json-patch v5.6.0 => v5.7.0

Improvements:

• Injector can set CA certificate for injected pods via AGENT_INJECT_VAULT_CACERT_BYTES env var or -vault-cacert-bytes flag GH-507
• Remove refs to deprecated io/ioutil GH-516

v1.3.0

1.3.0 (August 16, 2023)

Improvements:

• Add NAMESPACE, HOST_IP, and POD_IP environment variables to Agent container using downward API GH-486

Changes:

• Templated secrets no longer require the -secret annotation GH-505
• Only inject Pods that are Pending GH-501
• Default to Vault 1.14.1
• Building with Go 1.20.7
• Testing with K8s versions 1.23-1.27
• Dependency updates:
  • github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
  • github.com/hashicorp/vault/sdk v0.8.1 -> v0.9.2
  • github.com/stretchr/testify v1.8.2 -> v1.8.4
  • github.com/prometheus/client_golang v1.14.0 -> v1.16.0
  • k8s.io/apimachinery v0.26.3 -> v0.27.4
  • k8s.io/api v0.26.3 -> v0.27.4
  • k8s.io/client-go v0.26.3 -> v0.27.4
  • golang.org/x/net v0.7.0 -> v0.13.0
  • golang.org/x/sys v0.5.0 -> v0.10.0
  • golang.org/x/term v0.5.0 -> v0.10.0
  • golang.org/x/text v0.7.0 -> v0.11.0
  • Docker alpine version 3.17.3 -> 3.18.3
  • Docker UBI image ubi8/ubi-minimal 8.7-1107 -> 8.8-1037

Bugs:

• Prevent auth-config-token-path from being overridden when another serviceaccount volume is present GH-457

v1.2.1

1.2.1 (April 6, 2023)

Changes:

• Default to Vault 1.13.1
• Building with Go 1.20.3
• Dependency updates:
  • github.com/cenkalti/backoff/v4 v4.1.3 -> v4.2.0
  • github.com/hashicorp/go-hclog v1.3.1 -> v1.5.0
  • github.com/hashicorp/vault/sdk v0.6.1 -> v0.8.1
  • golang.org/x/net v0.4.0 -> v0.7.0
  • golang.org/x/sys v0.3.0 -> v0.5.0
  • golang.org/x/term v0.3.0 -> v0.5.0
  • golang.org/x/text v0.5.0 -> v0.7.0
  • k8s.io/api v0.25.4 -> v0.26.3
  • k8s.io/apimachinery v0.25.4 -> v0.26.3
  • k8s.io/client-go v0.25.4 -> v0.26.3
  • k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed -> v0.0.0-20230406110748-d93618cff8a2
  • Docker UBI image ubi8/ubi-minimal 8.7 -> 8.7-1107
  • Used fixed Docker alpine version: 3.17.3

Bugs:

• Don't override shareProcessNamespace if an annotation is not present GH-445

v1.2.0

1.2.0 (February 6, 2023)

Changes:

• Building with Go 1.19.5
• Update golang.org/x/net to v0.4.0 GH-409
• Default to Vault v1.12.3

Features:

• Add support for enabling sharedProcessNamespace on the Pod spec GH-408
• Add agent-telemetry annotation GH-413

Improvements:

• Set Kubernetes user-agent to include vault-k8s version GH-411

Bugs:

• Preserve metadata when updating the cert secret GH-401

v1.1.0

Dependency, k8s, and image updates (#402)

* update go and tests workflow

Use go 1.19.3, bump action versions, and test with k8s 1.21-1.25

* update image versions

alpine 3.16.2 -> 3.16.3
ubi-minimal 8.6 -> 8.7

* update go deps

    go list -u -m -json all | jq -r 'select(.Indirect != true and .Update != null) | .Path+"@"+.Update.Version' | xargs -L1 go get
    go mod tidy

github.com/cenkalti/backoff/v4 v4.1.1 => v4.1.3
github.com/hashicorp/go-hclog v1.0.0 => v1.3.1
github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1 => v0.1.2
github.com/hashicorp/vault/sdk v0.2.1 => v0.6.1
github.com/mitchellh/cli v1.1.4 => v1.1.5
github.com/operator-framework/operator-lib v0.8.0 => v0.11.0
github.com/prometheus/client_golang v1.11.1 => v1.12.1
github.com/stretchr/testify v1.8.0 => v1.8.1
k8s.io/api v0.22.2 => v0.25.4
k8s.io/apimachinery v0.22.2 => v0.25.4
k8s.io/client-go v0.22.2 => v0.25.4

* update more actions

* corev1.Handler => corev1.LifecycleHandler

* update set-output usage in workflows

* changelog++ and vault 1.12.1

v1.0.1

1.0.1 (October 24, 2022)

Changes:

• Default to Vault v1.12.0

Bugs:

• Default ephemeral storage resources to unset for injected containers GH-386

Improvements:

• Upgrade dependency golang.org/x/net from v0.0.0-20220708220712-1185a9018129 to v0.0.0-20221004154528-8021a29435af
• Upgrade dependency golang.org/x/sys from v0.0.0-20220520151302-bc2c85ada10a to v0.0.0-20220728004956-3c1f35247d10
• Upgrade dependency golang.org/x/text from v0.3.7 to v0.3.8

v1.0.0

1.0.0 (September 6, 2022)

Changes:

• Upgrade Docker base image to alpine:3.16.2 GH-382
• Default to Vault v1.11.3

Features:

• Support for setting disable_keep_alives in the agent config GH-376
• Added flags, envs and annotations to control ephemeral storage resources for injected containers: GH-360

v0.17.0

0.17.0 (July 28, 2022)

Features:

• Support for setting disable_idle_connections in the agent config GH-366

Improvements:

• Added support to configure default vault namespace on the agent config GH-345

Bugs:

• Properly return admission errors GH-363