diff --git a/.github/actions/integration-test/action.yml b/.github/actions/integration-test/action.yml index 3693fc1a..ab6e5422 100644 --- a/.github/actions/integration-test/action.yml +++ b/.github/actions/integration-test/action.yml @@ -59,7 +59,7 @@ runs: cluster_name: ${{ inputs.kind-cluster-name }} config: vault-helm/test/kind/config.yaml node_image: kindest/node:v${{ inputs.k8s-version }} - version: "v0.23.0" + version: "v0.24.0" - name: Create kind export log root id: create_kind_export_log_root diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 81a2417e..4b4b26a5 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -39,10 +39,10 @@ jobs: - run: echo "setting versions" outputs: # JSON encoded array of k8s versions. - K8S_VERSIONS: '["1.30.0", "1.29.4", "1.28.9", "1.27.13", "1.26.15"]' - VAULT_N: "1.17.2" - VAULT_N_1: "1.16.3" - VAULT_N_2: "1.15.6" + K8S_VERSIONS: '["1.31.1", "1.30.4", "1.29.8", "1.28.13"]' + VAULT_N: "1.18.1" + VAULT_N_1: "1.17.6" + VAULT_N_2: "1.16.3" latest-vault: name: vault:${{ matrix.vault-version }} kind:${{ matrix.k8s-version }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 5492e30b..bb32d7a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,14 +1,23 @@ ## Unreleased +## 1.5.0 (November 6, 2024) + Changes: * Building with Go 1.22.8 -* Default Vault version updated to 1.17.2 +* Default Vault version updated to 1.18.1 +* Testing with Vault 1.16 - 1.18 +* Testing with K8s versions 1.28 - 1.31 * Dependency updates: * Docker image `alpine` 3.20.1 => 3.20.3 * Docker image `ubi8/ubi-minimal` 8.10-1018 => 8.10-1086 * `github.com/hashicorp/vault/sdk` v0.13.0 => v0.14.0 * `github.com/operator-framework/operator-lib` v0.14.0 => v0.15.0 * `github.com/prometheus/client_golang` v1.19.1 => v1.20.5 + * `golang.org/x/crypto` v0.26.0 => v0.28.0 + * `golang.org/x/net` v0.28.0 => v0.30.0 + * `golang.org/x/sys` v0.24.0 => v0.26.0 + * `golang.org/x/term` v0.23.0 => v0.25.0 + * `golang.org/x/text` v0.17.0 => v0.19.0 * `k8s.io/api` v0.30.2 => v0.31.2 * `k8s.io/apimachinery` v0.30.2 => v0.31.2 * `k8s.io/client-go` v0.30.2 => v0.31.2 diff --git a/Makefile b/Makefile index ee013e63..90871619 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ REGISTRY_NAME ?= docker.io/hashicorp IMAGE_NAME = vault-k8s VERSION ?= 0.0.0-dev -VAULT_VERSION ?= 1.17.2 +VAULT_VERSION ?= 1.18.1 IMAGE_TAG ?= $(REGISTRY_NAME)/$(IMAGE_NAME):$(VERSION) PUBLISH_LOCATION ?= https://releases.hashicorp.com DOCKER_DIR = ./build/docker diff --git a/agent-inject/agent/agent.go b/agent-inject/agent/agent.go index e7224e58..4088d56b 100644 --- a/agent-inject/agent/agent.go +++ b/agent-inject/agent/agent.go @@ -17,7 +17,7 @@ import ( ) const ( - DefaultVaultImage = "hashicorp/vault:1.17.2" + DefaultVaultImage = "hashicorp/vault:1.18.1" DefaultVaultAuthType = "kubernetes" DefaultVaultAuthPath = "auth/kubernetes" DefaultAgentRunAsUser = 100 diff --git a/deploy/injector-deployment.yaml b/deploy/injector-deployment.yaml index f844ff20..daad3c51 100644 --- a/deploy/injector-deployment.yaml +++ b/deploy/injector-deployment.yaml @@ -24,7 +24,7 @@ spec: serviceAccountName: "vault-injector" containers: - name: sidecar-injector - image: "hashicorp/vault-k8s:1.4.2" + image: "hashicorp/vault-k8s:1.5.0" imagePullPolicy: IfNotPresent env: - name: NAMESPACE @@ -44,7 +44,7 @@ spec: - name: AGENT_INJECT_VAULT_ADDR value: "https://vault.$(NAMESPACE).svc:8200" - name: AGENT_INJECT_VAULT_IMAGE - value: "hashicorp/vault:1.17.2" + value: "hashicorp/vault:1.18.1" - name: AGENT_INJECT_TLS_AUTO value: vault-agent-injector-cfg - name: AGENT_INJECT_TLS_AUTO_HOSTS diff --git a/go.mod b/go.mod index 0191f77c..a6480b66 100644 --- a/go.mod +++ b/go.mod @@ -77,12 +77,12 @@ require ( github.com/spf13/cast v1.3.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/crypto v0.26.0 // indirect - golang.org/x/net v0.28.0 // indirect + golang.org/x/crypto v0.28.0 // indirect + golang.org/x/net v0.30.0 // indirect golang.org/x/oauth2 v0.21.0 // indirect - golang.org/x/sys v0.24.0 // indirect - golang.org/x/term v0.23.0 // indirect - golang.org/x/text v0.17.0 // indirect + golang.org/x/sys v0.26.0 // indirect + golang.org/x/term v0.25.0 // indirect + golang.org/x/text v0.19.0 // indirect golang.org/x/time v0.5.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect diff --git a/go.sum b/go.sum index 79d8f599..ebe9b14a 100644 --- a/go.sum +++ b/go.sum @@ -187,8 +187,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= +golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -197,8 +197,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= -golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= +golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -214,14 +214,14 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= -golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= -golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/subcommand/injector/flags_test.go b/subcommand/injector/flags_test.go index d27b8932..c1cf0bd3 100644 --- a/subcommand/injector/flags_test.go +++ b/subcommand/injector/flags_test.go @@ -119,7 +119,7 @@ func TestCommandEnvs(t *testing.T) { {env: "AGENT_INJECT_VAULT_CACERT_BYTES", value: "foo", cmdPtr: &cmd.flagVaultCACertBytes}, {env: "AGENT_INJECT_PROXY_ADDR", value: "http://proxy:3128", cmdPtr: &cmd.flagProxyAddress}, {env: "AGENT_INJECT_VAULT_AUTH_PATH", value: "auth-path-test", cmdPtr: &cmd.flagVaultAuthPath}, - {env: "AGENT_INJECT_VAULT_IMAGE", value: "hashicorp/vault:1.17.2", cmdPtr: &cmd.flagVaultImage}, + {env: "AGENT_INJECT_VAULT_IMAGE", value: "hashicorp/vault:1.18.1", cmdPtr: &cmd.flagVaultImage}, {env: "AGENT_INJECT_VAULT_NAMESPACE", value: "test-namespace", cmdPtr: &cmd.flagVaultNamespace}, {env: "AGENT_INJECT_TLS_KEY_FILE", value: "server.key", cmdPtr: &cmd.flagKeyFile}, {env: "AGENT_INJECT_TLS_CERT_FILE", value: "server.crt", cmdPtr: &cmd.flagCertFile},