starlingx/vault-armada-app
Code Issues Proposed changes

update vault helm chart to 0.25.0

Browse Source 
Replace references of 0.24.1 with 0.25.0.  Refresh the patches for
vault-manager and agent image reference. Update the image tags to match new vault chart. The vault helm chart uses vault server 1.14.0 version. The latest version of the vault server in the 1.14.x series is 1.14.8. Verified that the changes between vault v1.14.0 and v1.14.8 tags most of them are 'backport'', "cherry-pick" of commits i:e bug fixes. So used 1.14.8 version of vault sever.

Test plan:
 PASSED AIO-sx and Standard 2+2
 PASSED vault aware and un-aware applications
 PASSED HA tests
 PASSED test image pulls from private registry with external network
      restriction

story: 2010393
Task: 49391

Change-Id: I6bd022fed79ead6e1dc224e323a179d1dcd3ab0f
Signed-off-by: Sabyasachi Nayak <sabyasachi.nayak@windriver.com>
This commit is contained in:
Sabyasachi Nayak 2023-12-20 03:52:41 -05:00 committed by sabyasachi nayak
parent bde0b6c4da
commit f61e33f6e1
8 changed files with 53 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
stx-vault-helm/stx-vault-helm/fluxcd-manifests/vault/helmrelease.yaml
View File

@ -15,7 +15,7 @@ spec:
chart: chart:
spec: spec:
chart: vault chart: vault
version: 0.24.1 version: 0.25.0
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: stx-platform name: stx-platform

10
stx-vault-helm/stx-vault-helm/fluxcd-manifests/vault/vault-static-overrides.yaml
View File

@ -36,10 +36,10 @@ injector:
# registry is assumed when omitted: # registry is assumed when omitted:
image: image:
repository: hashicorp/vault repository: hashicorp/vault
tag: 1.13.1 tag: 1.14.8
# Set the vault yaml to refer to registry.local pulled as above # Set the vault yaml to refer to registry.local pulled as above
repository: registry.local:9001/docker.io/hashicorp/vault repository: registry.local:9001/docker.io/hashicorp/vault
tag: 1.13.1 tag: 1.14.8
tolerations: | tolerations: |
- key: "node-role.kubernetes.io/master" - key: "node-role.kubernetes.io/master"
operator: "Exists" operator: "Exists"
@ -59,7 +59,7 @@ server:
topologyKey: kubernetes.io/hostname topologyKey: kubernetes.io/hostname
image: image:
repository: hashicorp/vault repository: hashicorp/vault
tag: 1.13.1 tag: 1.14.8
tolerations: | tolerations: |
- key: "node-role.kubernetes.io/master" - key: "node-role.kubernetes.io/master"
operator: "Exists" operator: "Exists"
@ -104,8 +104,8 @@ server:
csi: csi:
image: image:
repository: "hashicorp/vault-csi-provider" repository: "hashicorp/vault-csi-provider"
tag: "1.3.0" tag: "1.4.0"
agent: agent:
image: image:
repository: "hashicorp/vault" repository: "hashicorp/vault"
tag: "1.13.1" tag: "1.14.8"

2
vault-helm/debian/deb_folder/changelog
View File

@ -1,4 +1,4 @@
vault-helm (1.0-1) unstable; urgency=medium vault-helm (0.25-0) unstable; urgency=medium
* Initial release. * Initial release.

20
vault-helm/debian/deb_folder/patches/0001-Add-yaml-for-starlingx-image-handling.patch
View File

@ -1,32 +1,32 @@
From df90377c1979008b4cf305591732b44032c8f831 Mon Sep 17 00:00:00 2001 From 9976bbbd382adeb321cc29c642781b3df55a72ac Mon Sep 17 00:00:00 2001
From: Michel Thebeau <michel.thebeau@windriver.com> From: Sabyasachi Nayak <sabyasachi.nayak@windriver.com>
Date: Tue, 2 May 2023 14:59:18 -0400 Date: Fri, 5 Jan 2024 04:01:02 -0500
Subject: [PATCH] Add yaml for starlingx image handling Subject: [PATCH] Add yaml for starlingx image handling
Add values yaml compatible with StarlingX platform's image pull and Add values yaml compatible with starlingx platform's image pull and
service parameter registry override handling. The platform will pull service parameter registry override handling. The platform will pull
the image and populate registry.local, and the vault injector agent will the image and populate registry.local, and the vault injector agent will
pull from registry.local. pull from registry.local.
Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com> Signed-off-by: Sabyasachi Nayak <sabyasachi.nayak@windriver.com>
--- ---
values.yaml | 3 +++ values.yaml | 3 +++
1 file changed, 3 insertions(+) 1 file changed, 3 insertions(+)
diff --git a/values.yaml b/values.yaml diff --git a/values.yaml b/values.yaml
index 3e311d6..f35df52 100644 index 58eb8a2..a0c69c7 100644
--- a/values.yaml --- a/values.yaml
+++ b/values.yaml +++ b/values.yaml
@@ -146,6 +146,9 @@ injector: @@ -72,6 +72,9 @@ injector:
# containers. This should be set to the official Vault image. Vault 1.3.1+ is # containers. This should be set to the official Vault image. Vault 1.3.1+ is
# required. # required.
agentImage: agentImage:
+ image: + image:
+ repository: "hashicorp/vault" + repository: "hashicorp/vault"
+ tag: "1.13.1" + tag: "1.14.8"
repository: "hashicorp/vault" repository: "hashicorp/vault"
tag: "1.13.1" tag: "1.14.0"
-- --
2.34.1 2.25.1

30
vault-helm/debian/deb_folder/patches/0001-Update-vault-version-to-1.14.8.patch Normal file
View File

@ -0,0 +1,30 @@
From 77dfc57300718e71f342fa2bc804452ed3fae4be Mon Sep 17 00:00:00 2001
From: Michel <michel.thebeau@windriver.com>
Date: Fri, 5 Jan 2024 04:24:42 -0500
Subject: [PATCH] Update vault version to 1.14.8
vault-helm chart application is using vault version 1.14.0.
There are 401 changes between vault v1.14.0 and v1.14.8 tags (https://github.com/hashicorp/vault):
80% are 'backport'', "cherry-pick" of commits - bug fixes. Updating to latest vault version.
Signed-off-by: Sabyasachi Nayak <sabyasachi.nayak@windriver.com>
---
Chart.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Chart.yaml b/Chart.yaml
index 104b05f..9c245fb 100644
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -4,7 +4,7 @@
apiVersion: v2
name: vault
version: 0.25.0
-appVersion: 1.14.0
+appVersion: 1.14.8
kubeVersion: ">= 1.20.0-0"
description: Official HashiCorp Vault Chart
home: https://www.vaultproject.io
--
2.25.1

1
vault-helm/debian/deb_folder/patches/series
View File

@ -2,3 +2,4 @@
0001-Add-yaml-for-starlingx-image-handling.patch 0001-Add-yaml-for-starlingx-image-handling.patch
0001-Add-log-level-option-for-vault-manager.patch 0001-Add-log-level-option-for-vault-manager.patch
0001-Add-manager-pause-request-to-helm-values.yaml.patch 0001-Add-manager-pause-request-to-helm-values.yaml.patch
0001-Update-vault-version-to-1.14.8.patch

9
vault-helm/debian/deb_folder/rules
View File

@ -4,18 +4,13 @@ export DH_VERBOSE = 1
export ROOT = debian/tmp export ROOT = debian/tmp
export APP_FOLDER = $(ROOT)/usr/lib/helm export APP_FOLDER = $(ROOT)/usr/lib/helm
export APP_TARBALL = vault-0.24.1.tgz export APP_TARBALL = vault-0.25.0.tgz
export STAGING = staging export STAGING = staging
%: %:
dh $@ dh $@
override_dh_auto_build: override_dh_auto_build:
# Host a server for the helm charts.
chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" \
--storage-local-rootdir="." &
sleep 2
helm repo add local http://localhost:8879/charts
# Set up chart build files. # Set up chart build files.
mkdir vault mkdir vault
cp Chart.yaml values.yaml vault cp Chart.yaml values.yaml vault
@ -24,8 +19,6 @@ override_dh_auto_build:
mv templates vault/templates mv templates vault/templates
# Create the TGZ file. # Create the TGZ file.
make vault make vault
# Terminate the helm chart server.
pkill chartmuseum
override_dh_auto_install: override_dh_auto_install:
# Install the app tar file. # Install the app tar file.

8
vault-helm/debian/meta_data.yaml
View File

@ -1,10 +1,10 @@
--- ---
debname: vault-helm debname: vault-helm
debver: 1.0-1 debver: 0.25-0
dl_path: dl_path:
name: helm-charts-vault-0.24.1.tar.gz name: helm-charts-vault-0.25.0.tar.gz
url: https://github.com/hashicorp/vault-helm/archive/v0.24.1.tar.gz url: https://github.com/hashicorp/vault-helm/archive/v0.25.0.tar.gz
sha256sum: 9f7bd1765ca34ed9baa2cdc59aa41eaa71f62ba6b14711a57718ce75a5586f1b sha256sum: 275422e543541e1b4bde88d9fd34e04adccbd44fc44484ec9fdbb0cb93256f23
src_files: src_files:
- vault-helm/files/Makefile - vault-helm/files/Makefile
- vault-helm/helm-charts/_helpers-CA.tpl - vault-helm/helm-charts/_helpers-CA.tpl