update vault helm chart to 0.25.0

Replace references of 0.24.1 with 0.25.0. Refresh the patches for vault-manager and agent image reference. Update the image tags to match new vault chart. The vault helm chart uses vault server 1.14.0 version. The latest version of the vault server in the 1.14.x series is 1.14.8. Verified that the changes between vault v1.14.0 and v1.14.8 tags most of them are 'backport'', "cherry-pick" of commits i:e bug fixes. So used 1.14.8 version of vault sever. Test plan: PASSED AIO-sx and Standard 2+2 PASSED vault aware and un-aware applications PASSED HA tests PASSED test image pulls from private registry with external network restriction story: 2010393 Task: 49391 Change-Id: I6bd022fed79ead6e1dc224e323a179d1dcd3ab0f Signed-off-by: Sabyasachi Nayak <sabyasachi.nayak@windriver.com>
2023-12-20 03:52:41 -05:00 · 2023-12-20 03:52:41 -05:00 · f61e33f6e1
commit f61e33f6e1
parent bde0b6c4da
8 changed files with 53 additions and 29 deletions
--- a/stx-vault-helm/stx-vault-helm/fluxcd-manifests/vault/helmrelease.yaml
+++ b/stx-vault-helm/stx-vault-helm/fluxcd-manifests/vault/helmrelease.yaml
@ -15,7 +15,7 @@ spec:
  chart:
    spec:
      chart: vault
-      version: 0.24.1
+      version: 0.25.0
      sourceRef:
        kind: HelmRepository
        name: stx-platform
--- a/stx-vault-helm/stx-vault-helm/fluxcd-manifests/vault/vault-static-overrides.yaml
+++ b/stx-vault-helm/stx-vault-helm/fluxcd-manifests/vault/vault-static-overrides.yaml
@ -36,10 +36,10 @@ injector:
    # registry is assumed when omitted:
    image:
      repository: hashicorp/vault
-      tag: 1.13.1
+      tag: 1.14.8
    # Set the vault yaml to refer to registry.local pulled as above
    repository: registry.local:9001/docker.io/hashicorp/vault
-    tag: 1.13.1
+    tag: 1.14.8
  tolerations: |
    - key: "node-role.kubernetes.io/master"
      operator: "Exists"
@ -59,7 +59,7 @@ server:
          topologyKey: kubernetes.io/hostname
  image:
    repository: hashicorp/vault
-    tag: 1.13.1
+    tag: 1.14.8
  tolerations: |
    - key: "node-role.kubernetes.io/master"
      operator: "Exists"
@ -104,8 +104,8 @@ server:
 csi:
  image:
    repository: "hashicorp/vault-csi-provider"
-    tag: "1.3.0"
+    tag: "1.4.0"
  agent:
    image:
      repository: "hashicorp/vault"
-      tag: "1.13.1"
+      tag: "1.14.8"
--- a/vault-helm/debian/deb_folder/changelog
+++ b/vault-helm/debian/deb_folder/changelog
@ -1,4 +1,4 @@
-vault-helm (1.0-1) unstable; urgency=medium
+vault-helm (0.25-0) unstable; urgency=medium

  * Initial release.

--- a/vault-helm/debian/deb_folder/patches/0001-Add-yaml-for-starlingx-image-handling.patch
+++ b/vault-helm/debian/deb_folder/patches/0001-Add-yaml-for-starlingx-image-handling.patch
@ -1,32 +1,32 @@
-From df90377c1979008b4cf305591732b44032c8f831 Mon Sep 17 00:00:00 2001
-From: Michel Thebeau <michel.thebeau@windriver.com>
-Date: Tue, 2 May 2023 14:59:18 -0400
+From 9976bbbd382adeb321cc29c642781b3df55a72ac Mon Sep 17 00:00:00 2001
+From: Sabyasachi Nayak <sabyasachi.nayak@windriver.com>
+Date: Fri, 5 Jan 2024 04:01:02 -0500
 Subject: [PATCH] Add yaml for starlingx image handling

-Add values yaml compatible with StarlingX platform's image pull and
+Add values yaml compatible with starlingx platform's image pull and
 service parameter registry override handling.  The platform will pull
 the image and populate registry.local, and the vault injector agent will
 pull from registry.local.

-Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
+Signed-off-by: Sabyasachi Nayak <sabyasachi.nayak@windriver.com>
 ---
 values.yaml | 3 +++
 1 file changed, 3 insertions(+)

 diff --git a/values.yaml b/values.yaml
-index 3e311d6..f35df52 100644
+index 58eb8a2..a0c69c7 100644
 --- a/values.yaml
 +++ b/values.yaml
-@@ -146,6 +146,9 @@ injector:
+@@ -72,6 +72,9 @@ injector:
   # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
   # required.
   agentImage:
 +    image:
 +      repository: "hashicorp/vault"
-+      tag: "1.13.1"
+      tag: "1.14.8"
     repository: "hashicorp/vault"
-     tag: "1.13.1"
+     tag: "1.14.0"
 
 -- 
-2.34.1
+2.25.1

--- a/vault-helm/debian/deb_folder/patches/0001-Update-vault-version-to-1.14.8.patch
+++ b/vault-helm/debian/deb_folder/patches/0001-Update-vault-version-to-1.14.8.patch
@ -0,0 +1,30 @@
+From 77dfc57300718e71f342fa2bc804452ed3fae4be Mon Sep 17 00:00:00 2001
+From: Michel <michel.thebeau@windriver.com>
+Date: Fri, 5 Jan 2024 04:24:42 -0500
+Subject: [PATCH] Update vault version to 1.14.8
+
+vault-helm chart application is using vault version 1.14.0.
+There are 401 changes between vault v1.14.0 and v1.14.8 tags (https://github.com/hashicorp/vault):
+80% are 'backport'', "cherry-pick" of commits - bug fixes. Updating to latest vault version.
+
+Signed-off-by: Sabyasachi Nayak <sabyasachi.nayak@windriver.com>
+---
+ Chart.yaml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Chart.yaml b/Chart.yaml
+index 104b05f..9c245fb 100644
+--- a/Chart.yaml
+++ b/Chart.yaml
+@@ -4,7 +4,7 @@
+ apiVersion: v2
+ name: vault
+ version: 0.25.0
+-appVersion: 1.14.0
+appVersion: 1.14.8
+ kubeVersion: ">= 1.20.0-0"
+ description: Official HashiCorp Vault Chart
+ home: https://www.vaultproject.io
+-- 
+2.25.1
+
--- a/vault-helm/debian/deb_folder/patches/series
+++ b/vault-helm/debian/deb_folder/patches/series
@ -2,3 +2,4 @@
 0001-Add-yaml-for-starlingx-image-handling.patch
 0001-Add-log-level-option-for-vault-manager.patch
 0001-Add-manager-pause-request-to-helm-values.yaml.patch
+0001-Update-vault-version-to-1.14.8.patch
--- a/vault-helm/debian/deb_folder/rules
+++ b/vault-helm/debian/deb_folder/rules
@ -4,18 +4,13 @@ export DH_VERBOSE = 1
 export ROOT = debian/tmp
 export APP_FOLDER = $(ROOT)/usr/lib/helm

-export APP_TARBALL = vault-0.24.1.tgz
+export APP_TARBALL = vault-0.25.0.tgz
 export STAGING = staging

 %:
 	dh $@

 override_dh_auto_build:
-	# Host a server for the helm charts.
-	chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" \
-		--storage-local-rootdir="." &
-	sleep 2
-	helm repo add local http://localhost:8879/charts
 	# Set up chart build files.
 	mkdir vault
 	cp Chart.yaml values.yaml vault
@ -24,8 +19,6 @@ override_dh_auto_build:
 	mv templates vault/templates
 	# Create the TGZ file.
 	make vault
-	# Terminate the helm chart server.
-	pkill chartmuseum

 override_dh_auto_install:
 	# Install the app tar file.
--- a/vault-helm/debian/meta_data.yaml
+++ b/vault-helm/debian/meta_data.yaml
@ -1,10 +1,10 @@
 ---
 debname: vault-helm
-debver: 1.0-1
+debver: 0.25-0
 dl_path:
-  name: helm-charts-vault-0.24.1.tar.gz
-  url: https://github.com/hashicorp/vault-helm/archive/v0.24.1.tar.gz
-  sha256sum: 9f7bd1765ca34ed9baa2cdc59aa41eaa71f62ba6b14711a57718ce75a5586f1b
+  name: helm-charts-vault-0.25.0.tar.gz
+  url: https://github.com/hashicorp/vault-helm/archive/v0.25.0.tar.gz
+  sha256sum: 275422e543541e1b4bde88d9fd34e04adccbd44fc44484ec9fdbb0cb93256f23
 src_files:
  - vault-helm/files/Makefile
  - vault-helm/helm-charts/_helpers-CA.tpl