From b44f81be045242be3498a516921dd9f67bc72767 Mon Sep 17 00:00:00 2001 From: jessebot Date: Thu, 16 May 2024 12:04:32 +0200 Subject: [PATCH 1/5] begin changes to using openbao everywhere instead of vault also begin massive change over to using helm's official chart release and testing actions Signed-off-by: jessebot --- .github/workflows/acceptance.yaml | 2 +- .github/workflows/actionlint.yml | 14 - .github/workflows/jira.yaml | 17 - .github/workflows/lint-chart.yml | 47 +++ .github/workflows/release-chart.yml | 38 +++ .../workflows/update-helm-charts-index.yml | 40 --- Chart.yaml | 19 -- README.md | 31 +- .helmignore => charts/openbao/.helmignore | 0 charts/openbao/Chart.yaml | 20 ++ charts/openbao/README.md | 291 ++++++++++++++++++ .../openbao/templates}/NOTES.txt | 0 .../openbao/templates}/_helpers.tpl | 0 .../templates}/csi-agent-configmap.yaml | 0 .../openbao/templates}/csi-clusterrole.yaml | 0 .../templates}/csi-clusterrolebinding.yaml | 0 .../openbao/templates}/csi-daemonset.yaml | 0 .../openbao/templates}/csi-role.yaml | 0 .../openbao/templates}/csi-rolebinding.yaml | 0 .../templates}/csi-serviceaccount.yaml | 0 .../templates}/injector-certs-secret.yaml | 0 .../templates}/injector-clusterrole.yaml | 0 .../injector-clusterrolebinding.yaml | 0 .../templates}/injector-deployment.yaml | 0 .../templates}/injector-disruptionbudget.yaml | 0 .../templates}/injector-mutating-webhook.yaml | 0 .../templates}/injector-network-policy.yaml | 0 .../openbao/templates}/injector-psp-role.yaml | 0 .../templates}/injector-psp-rolebinding.yaml | 0 .../openbao/templates}/injector-psp.yaml | 0 .../openbao/templates}/injector-role.yaml | 0 .../templates}/injector-rolebinding.yaml | 0 .../openbao/templates}/injector-service.yaml | 0 .../templates}/injector-serviceaccount.yaml | 0 .../prometheus-prometheusrules.yaml | 0 .../templates}/prometheus-servicemonitor.yaml | 0 .../templates}/server-clusterrolebinding.yaml | 0 .../templates}/server-config-configmap.yaml | 0 .../templates}/server-discovery-role.yaml | 0 .../server-discovery-rolebinding.yaml | 0 .../templates}/server-disruptionbudget.yaml | 0 .../templates}/server-ha-active-service.yaml | 0 .../templates}/server-ha-standby-service.yaml | 0 .../templates}/server-headless-service.yaml | 0 .../openbao/templates}/server-ingress.yaml | 0 .../templates}/server-network-policy.yaml | 0 .../openbao/templates}/server-psp-role.yaml | 0 .../templates}/server-psp-rolebinding.yaml | 0 .../openbao/templates}/server-psp.yaml | 0 .../openbao/templates}/server-route.yaml | 0 .../openbao/templates}/server-service.yaml | 0 .../server-serviceaccount-secret.yaml | 0 .../templates}/server-serviceaccount.yaml | 0 .../templates}/server-statefulset.yaml | 0 .../openbao/templates}/tests/server-test.yaml | 0 .../openbao/templates}/ui-service.yaml | 0 .../openbao/values.openshift.yaml | 0 .../openbao/values.schema.json | 0 values.yaml => charts/openbao/values.yaml | 0 59 files changed, 410 insertions(+), 109 deletions(-) delete mode 100644 .github/workflows/actionlint.yml delete mode 100644 .github/workflows/jira.yaml create mode 100644 .github/workflows/lint-chart.yml create mode 100644 .github/workflows/release-chart.yml delete mode 100644 .github/workflows/update-helm-charts-index.yml delete mode 100644 Chart.yaml rename .helmignore => charts/openbao/.helmignore (100%) create mode 100644 charts/openbao/Chart.yaml create mode 100644 charts/openbao/README.md rename {templates => charts/openbao/templates}/NOTES.txt (100%) rename {templates => charts/openbao/templates}/_helpers.tpl (100%) rename {templates => charts/openbao/templates}/csi-agent-configmap.yaml (100%) rename {templates => charts/openbao/templates}/csi-clusterrole.yaml (100%) rename {templates => charts/openbao/templates}/csi-clusterrolebinding.yaml (100%) rename {templates => charts/openbao/templates}/csi-daemonset.yaml (100%) rename {templates => charts/openbao/templates}/csi-role.yaml (100%) rename {templates => charts/openbao/templates}/csi-rolebinding.yaml (100%) rename {templates => charts/openbao/templates}/csi-serviceaccount.yaml (100%) rename {templates => charts/openbao/templates}/injector-certs-secret.yaml (100%) rename {templates => charts/openbao/templates}/injector-clusterrole.yaml (100%) rename {templates => charts/openbao/templates}/injector-clusterrolebinding.yaml (100%) rename {templates => charts/openbao/templates}/injector-deployment.yaml (100%) rename {templates => charts/openbao/templates}/injector-disruptionbudget.yaml (100%) rename {templates => charts/openbao/templates}/injector-mutating-webhook.yaml (100%) rename {templates => charts/openbao/templates}/injector-network-policy.yaml (100%) rename {templates => charts/openbao/templates}/injector-psp-role.yaml (100%) rename {templates => charts/openbao/templates}/injector-psp-rolebinding.yaml (100%) rename {templates => charts/openbao/templates}/injector-psp.yaml (100%) rename {templates => charts/openbao/templates}/injector-role.yaml (100%) rename {templates => charts/openbao/templates}/injector-rolebinding.yaml (100%) rename {templates => charts/openbao/templates}/injector-service.yaml (100%) rename {templates => charts/openbao/templates}/injector-serviceaccount.yaml (100%) rename {templates => charts/openbao/templates}/prometheus-prometheusrules.yaml (100%) rename {templates => charts/openbao/templates}/prometheus-servicemonitor.yaml (100%) rename {templates => charts/openbao/templates}/server-clusterrolebinding.yaml (100%) rename {templates => charts/openbao/templates}/server-config-configmap.yaml (100%) rename {templates => charts/openbao/templates}/server-discovery-role.yaml (100%) rename {templates => charts/openbao/templates}/server-discovery-rolebinding.yaml (100%) rename {templates => charts/openbao/templates}/server-disruptionbudget.yaml (100%) rename {templates => charts/openbao/templates}/server-ha-active-service.yaml (100%) rename {templates => charts/openbao/templates}/server-ha-standby-service.yaml (100%) rename {templates => charts/openbao/templates}/server-headless-service.yaml (100%) rename {templates => charts/openbao/templates}/server-ingress.yaml (100%) rename {templates => charts/openbao/templates}/server-network-policy.yaml (100%) rename {templates => charts/openbao/templates}/server-psp-role.yaml (100%) rename {templates => charts/openbao/templates}/server-psp-rolebinding.yaml (100%) rename {templates => charts/openbao/templates}/server-psp.yaml (100%) rename {templates => charts/openbao/templates}/server-route.yaml (100%) rename {templates => charts/openbao/templates}/server-service.yaml (100%) rename {templates => charts/openbao/templates}/server-serviceaccount-secret.yaml (100%) rename {templates => charts/openbao/templates}/server-serviceaccount.yaml (100%) rename {templates => charts/openbao/templates}/server-statefulset.yaml (100%) rename {templates => charts/openbao/templates}/tests/server-test.yaml (100%) rename {templates => charts/openbao/templates}/ui-service.yaml (100%) rename values.openshift.yaml => charts/openbao/values.openshift.yaml (100%) rename values.schema.json => charts/openbao/values.schema.json (100%) rename values.yaml => charts/openbao/values.yaml (100%) diff --git a/.github/workflows/acceptance.yaml b/.github/workflows/acceptance.yaml index 7ae9186a2..2a204e33c 100644 --- a/.github/workflows/acceptance.yaml +++ b/.github/workflows/acceptance.yaml @@ -5,7 +5,7 @@ jobs: strategy: fail-fast: false matrix: - kind-k8s-version: [1.25.16, 1.26.14, 1.27.11, 1.28.7, 1.29.2] + kind-k8s-version: [1.27.11, 1.28.7, 1.29.2] runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml deleted file mode 100644 index ec209f5dd..000000000 --- a/.github/workflows/actionlint.yml +++ /dev/null @@ -1,14 +0,0 @@ -# If the repository is public, be sure to change to GitHub hosted runners -name: Lint GitHub Actions Workflows -on: - push: - paths: - - .github/workflows/**.yml - pull_request: - paths: - - .github/workflows/**.yml -permissions: - contents: read -jobs: - actionlint: - uses: hashicorp/vault-workflows-common/.github/workflows/actionlint.yaml@main diff --git a/.github/workflows/jira.yaml b/.github/workflows/jira.yaml deleted file mode 100644 index 0f73ec380..000000000 --- a/.github/workflows/jira.yaml +++ /dev/null @@ -1,17 +0,0 @@ -name: Jira Sync -on: - issues: - types: [opened, closed, deleted, reopened] - pull_request_target: - types: [opened, closed, reopened] - issue_comment: # Also triggers when commenting on a PR from the conversation view - types: [created] -jobs: - sync: - uses: hashicorp/vault-workflows-common/.github/workflows/jira.yaml@main - secrets: - JIRA_SYNC_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }} - JIRA_SYNC_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }} - JIRA_SYNC_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }} - with: - teams-array: '["ecosystem", "foundations-eco"]' diff --git a/.github/workflows/lint-chart.yml b/.github/workflows/lint-chart.yml new file mode 100644 index 000000000..dc826b122 --- /dev/null +++ b/.github/workflows/lint-chart.yml @@ -0,0 +1,47 @@ +name: Lint and Test Chart + +on: + pull_request: + paths: + - 'charts/**' + +permissions: + contents: read + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: "0" + + - name: Install Helm + uses: azure/setup-helm@v4 + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.6.1 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> "$GITHUB_OUTPUT" + fi + + - name: Run chart-testing (lint) + id: lint + if: steps.list-changed.outputs.changed == 'true' + run: ct lint --target-branch ${{ github.event.repository.default_branch }} + + - name: Create kind cluster + uses: helm/kind-action@v1.10.0 + if: steps.list-changed.outputs.changed == 'true' + + - name: Run chart-testing (install) + id: install + if: steps.list-changed.outputs.changed == 'true' + run: ct install --target-branch ${{ github.event.repository.default_branch }} diff --git a/.github/workflows/release-chart.yml b/.github/workflows/release-chart.yml new file mode 100644 index 000000000..e4c3f8468 --- /dev/null +++ b/.github/workflows/release-chart.yml @@ -0,0 +1,38 @@ +name: Release + +on: + push: + branches: + - main + paths: + - 'charts/**' + +jobs: + release: + environment: helm-release + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v3.5 + id: helm-install + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Run chart-releaser + id: helm-release + uses: helm/chart-releaser-action@v1.6.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + CR_GENERATE_RELEASE_NOTES: true diff --git a/.github/workflows/update-helm-charts-index.yml b/.github/workflows/update-helm-charts-index.yml deleted file mode 100644 index 28016abc6..000000000 --- a/.github/workflows/update-helm-charts-index.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: update-helm-charts-index -on: - push: - tags: - - 'v[0-9]+.[0-9]+.[0-9]+' - -permissions: - contents: read - -jobs: - update-helm-charts-index: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: verify Chart version matches tag version - run: |- - export TAG=${{ github.ref_name }} - git_tag="${TAG#v}" - chart_tag=$(yq -r '.version' Chart.yaml) - if [ "${git_tag}" != "${chart_tag}" ]; then - echo "chart version (${chart_tag}) did not match git version (${git_tag})" - exit 1 - fi - - name: update helm-charts index - id: update - env: - GH_TOKEN: ${{ secrets.HELM_CHARTS_GITHUB_TOKEN }} - run: |- - gh workflow run publish-charts.yml \ - --repo hashicorp/helm-charts \ - --ref main \ - -f SOURCE_TAG="${{ github.ref_name }}" \ - -f SOURCE_REPO="${{ github.repository }}" - - uses: hashicorp/actions-slack-status@v1 - if: ${{always()}} - with: - success-message: "vault-helm charts index update triggered successfully. View the run ." - failure-message: "vault-helm charts index update trigger failed." - status: ${{job.status}} - slack-webhook-url: ${{secrets.SLACK_WEBHOOK_URL}} diff --git a/Chart.yaml b/Chart.yaml deleted file mode 100644 index 2b19aceac..000000000 --- a/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -apiVersion: v2 -name: vault -version: 0.27.0 -appVersion: 1.15.2 -kubeVersion: ">= 1.20.0-0" -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: ["vault", "security", "encryption", "secrets", "management", "automation", "infrastructure"] -sources: - - https://github.com/hashicorp/vault - - https://github.com/hashicorp/vault-helm - - https://github.com/hashicorp/vault-k8s - - https://github.com/hashicorp/vault-csi-provider -annotations: - charts.openshift.io/name: HashiCorp Vault diff --git a/README.md b/README.md index 256bd8b91..30043e2a3 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ -# Vault Helm Chart +# OpenBao Helm Chart -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). +> :warning: **Please note**: We take OpenBao's security and our users' trust very seriously. If +you believe you have found a security issue in OpenBao Helm, _please responsibly disclose_ +by contacting us at [](mailto:). -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. +This repository contains the OpenBao Helm chart for installing +and configuring OpenBao on Kubernetes. This chart supports multiple use +cases of OpenBao on Kubernetes depending on the values provided. For full documentation on this Helm chart along with all the ways you can use Vault with Kubernetes, please see the @@ -20,24 +20,19 @@ this README. Please refer to the Kubernetes and Helm documentation. The versions required are: - * **Helm 3.6+** - * **Kubernetes 1.22+** - This is the earliest version of Kubernetes tested. + * **Helm 3.12+** - Earliest verison tested + * **Kubernetes 1.28+** - This is the earliest version of Kubernetes tested. It is possible that this chart works with earlier versions but it is untested. ## Usage -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: +To install the latest version of this chart, add the Hashicorp helm repository and run `helm install`: ```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories +helm repo add openbao https://openbao.github.io/openbao-helm -$ helm install vault hashicorp/vault +helm install openbao openbao/openbao ``` -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://developer.hashicorp.com/vault/docs/platform/k8s/helm) along with more -detailed installation instructions. +Please see the many options supported in the [`values.yaml`](./charts/openbao/values.yaml) file. These are also fully documented directly in the [openbao README](./charts/openbao/README.md) along with more detailed installation instructions. diff --git a/.helmignore b/charts/openbao/.helmignore similarity index 100% rename from .helmignore rename to charts/openbao/.helmignore diff --git a/charts/openbao/Chart.yaml b/charts/openbao/Chart.yaml new file mode 100644 index 000000000..163c7b64d --- /dev/null +++ b/charts/openbao/Chart.yaml @@ -0,0 +1,20 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +apiVersion: v2 +name: openbao +version: 0.1.0 +appVersion: v2.0.0-alpha20240329 +kubeVersion: ">= 1.27.0-0" +description: Official openbao Chart +home: https://github.com/openbao/openbao-helm +icon: https://avatars.githubusercontent.com/u/152585220?s=200&v=4 +keywords: ["vault", "security", "encryption", "secrets", "management", "automation", "infrastructure"] +sources: + - https://github.com/openbao/openbao-helm +annotations: + charts.openshift.io/name: Openbao + +maintainers: + - name: jessebot + url: https://github.com/jessebot diff --git a/charts/openbao/README.md b/charts/openbao/README.md new file mode 100644 index 000000000..735beee7e --- /dev/null +++ b/charts/openbao/README.md @@ -0,0 +1,291 @@ +# openbao + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: v2.0.0-alpha20240329](https://img.shields.io/badge/AppVersion-v2.0.0--alpha20240329-informational?style=flat-square) + +Official openbao Chart + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| jessebot | | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>= 1.27.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| csi.agent.enabled | bool | `true` | | +| csi.agent.extraArgs | list | `[]` | | +| csi.agent.image.pullPolicy | string | `"IfNotPresent"` | | +| csi.agent.image.repository | string | `"hashicorp/vault"` | | +| csi.agent.image.tag | string | `"1.15.2"` | | +| csi.agent.logFormat | string | `"standard"` | | +| csi.agent.logLevel | string | `"info"` | | +| csi.agent.resources | object | `{}` | | +| csi.daemonSet.annotations | object | `{}` | | +| csi.daemonSet.extraLabels | object | `{}` | | +| csi.daemonSet.kubeletRootDir | string | `"/var/lib/kubelet"` | | +| csi.daemonSet.providersDir | string | `"/etc/kubernetes/secrets-store-csi-providers"` | | +| csi.daemonSet.securityContext.container | object | `{}` | | +| csi.daemonSet.securityContext.pod | object | `{}` | | +| csi.daemonSet.updateStrategy.maxUnavailable | string | `""` | | +| csi.daemonSet.updateStrategy.type | string | `"RollingUpdate"` | | +| csi.debug | bool | `false` | | +| csi.enabled | bool | `false` | | +| csi.extraArgs | list | `[]` | | +| csi.hmacSecretName | string | `""` | | +| csi.image.pullPolicy | string | `"IfNotPresent"` | | +| csi.image.repository | string | `"hashicorp/vault-csi-provider"` | | +| csi.image.tag | string | `"1.4.1"` | | +| csi.livenessProbe.failureThreshold | int | `2` | | +| csi.livenessProbe.initialDelaySeconds | int | `5` | | +| csi.livenessProbe.periodSeconds | int | `5` | | +| csi.livenessProbe.successThreshold | int | `1` | | +| csi.livenessProbe.timeoutSeconds | int | `3` | | +| csi.pod.affinity | object | `{}` | | +| csi.pod.annotations | object | `{}` | | +| csi.pod.extraLabels | object | `{}` | | +| csi.pod.nodeSelector | object | `{}` | | +| csi.pod.tolerations | list | `[]` | | +| csi.priorityClassName | string | `""` | | +| csi.readinessProbe.failureThreshold | int | `2` | | +| csi.readinessProbe.initialDelaySeconds | int | `5` | | +| csi.readinessProbe.periodSeconds | int | `5` | | +| csi.readinessProbe.successThreshold | int | `1` | | +| csi.readinessProbe.timeoutSeconds | int | `3` | | +| csi.resources | object | `{}` | | +| csi.serviceAccount.annotations | object | `{}` | | +| csi.serviceAccount.extraLabels | object | `{}` | | +| csi.volumeMounts | string | `nil` | | +| csi.volumes | string | `nil` | | +| global.enabled | bool | `true` | | +| global.externalVaultAddr | string | `""` | | +| global.imagePullSecrets | list | `[]` | | +| global.namespace | string | `""` | | +| global.openshift | bool | `false` | | +| global.psp.annotations | string | `"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default\n"` | | +| global.psp.enable | bool | `false` | | +| global.serverTelemetry.prometheusOperator | bool | `false` | | +| global.tlsDisable | bool | `true` | | +| injector.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}-agent-injector\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: webhook\n topologyKey: kubernetes.io/hostname\n"` | | +| injector.agentDefaults.cpuLimit | string | `"500m"` | | +| injector.agentDefaults.cpuRequest | string | `"250m"` | | +| injector.agentDefaults.memLimit | string | `"128Mi"` | | +| injector.agentDefaults.memRequest | string | `"64Mi"` | | +| injector.agentDefaults.template | string | `"map"` | | +| injector.agentDefaults.templateConfig.exitOnRetryFailure | bool | `true` | | +| injector.agentDefaults.templateConfig.staticSecretRenderInterval | string | `""` | | +| injector.agentImage.repository | string | `"hashicorp/vault"` | | +| injector.agentImage.tag | string | `"1.15.2"` | | +| injector.annotations | object | `{}` | | +| injector.authPath | string | `"auth/kubernetes"` | | +| injector.certs.caBundle | string | `""` | | +| injector.certs.certName | string | `"tls.crt"` | | +| injector.certs.keyName | string | `"tls.key"` | | +| injector.certs.secretName | string | `nil` | | +| injector.enabled | string | `"-"` | | +| injector.externalVaultAddr | string | `""` | | +| injector.extraEnvironmentVars | object | `{}` | | +| injector.extraLabels | object | `{}` | | +| injector.failurePolicy | string | `"Ignore"` | | +| injector.hostNetwork | bool | `false` | | +| injector.image.pullPolicy | string | `"IfNotPresent"` | | +| injector.image.repository | string | `"hashicorp/vault-k8s"` | | +| injector.image.tag | string | `"1.3.1"` | | +| injector.leaderElector.enabled | bool | `true` | | +| injector.livenessProbe.failureThreshold | int | `2` | | +| injector.livenessProbe.initialDelaySeconds | int | `5` | | +| injector.livenessProbe.periodSeconds | int | `2` | | +| injector.livenessProbe.successThreshold | int | `1` | | +| injector.livenessProbe.timeoutSeconds | int | `5` | | +| injector.logFormat | string | `"standard"` | | +| injector.logLevel | string | `"info"` | | +| injector.metrics.enabled | bool | `false` | | +| injector.namespaceSelector | object | `{}` | | +| injector.nodeSelector | object | `{}` | | +| injector.objectSelector | object | `{}` | | +| injector.podDisruptionBudget | object | `{}` | | +| injector.port | int | `8080` | | +| injector.priorityClassName | string | `""` | | +| injector.readinessProbe.failureThreshold | int | `2` | | +| injector.readinessProbe.initialDelaySeconds | int | `5` | | +| injector.readinessProbe.periodSeconds | int | `2` | | +| injector.readinessProbe.successThreshold | int | `1` | | +| injector.readinessProbe.timeoutSeconds | int | `5` | | +| injector.replicas | int | `1` | | +| injector.resources | object | `{}` | | +| injector.revokeOnShutdown | bool | `false` | | +| injector.securityContext.container | object | `{}` | | +| injector.securityContext.pod | object | `{}` | | +| injector.service.annotations | object | `{}` | | +| injector.serviceAccount.annotations | object | `{}` | | +| injector.startupProbe.failureThreshold | int | `12` | | +| injector.startupProbe.initialDelaySeconds | int | `5` | | +| injector.startupProbe.periodSeconds | int | `5` | | +| injector.startupProbe.successThreshold | int | `1` | | +| injector.startupProbe.timeoutSeconds | int | `5` | | +| injector.strategy | object | `{}` | | +| injector.tolerations | list | `[]` | | +| injector.topologySpreadConstraints | list | `[]` | | +| injector.webhook.annotations | object | `{}` | | +| injector.webhook.failurePolicy | string | `"Ignore"` | | +| injector.webhook.matchPolicy | string | `"Exact"` | | +| injector.webhook.namespaceSelector | object | `{}` | | +| injector.webhook.objectSelector | string | `"matchExpressions:\n- key: app.kubernetes.io/name\n operator: NotIn\n values:\n - {{ template \"vault.name\" . }}-agent-injector\n"` | | +| injector.webhook.timeoutSeconds | int | `30` | | +| injector.webhookAnnotations | object | `{}` | | +| server.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: server\n topologyKey: kubernetes.io/hostname\n"` | | +| server.annotations | object | `{}` | | +| server.auditStorage.accessMode | string | `"ReadWriteOnce"` | | +| server.auditStorage.annotations | object | `{}` | | +| server.auditStorage.enabled | bool | `false` | | +| server.auditStorage.labels | object | `{}` | | +| server.auditStorage.mountPath | string | `"/vault/audit"` | | +| server.auditStorage.size | string | `"10Gi"` | | +| server.auditStorage.storageClass | string | `nil` | | +| server.authDelegator.enabled | bool | `true` | | +| server.configAnnotation | bool | `false` | | +| server.dataStorage.accessMode | string | `"ReadWriteOnce"` | | +| server.dataStorage.annotations | object | `{}` | | +| server.dataStorage.enabled | bool | `true` | | +| server.dataStorage.labels | object | `{}` | | +| server.dataStorage.mountPath | string | `"/vault/data"` | | +| server.dataStorage.size | string | `"10Gi"` | | +| server.dataStorage.storageClass | string | `nil` | | +| server.dev.devRootToken | string | `"root"` | | +| server.dev.enabled | bool | `false` | | +| server.enabled | string | `"-"` | | +| server.enterpriseLicense.secretKey | string | `"license"` | | +| server.enterpriseLicense.secretName | string | `""` | | +| server.extraArgs | string | `""` | | +| server.extraContainers | string | `nil` | | +| server.extraEnvironmentVars | object | `{}` | | +| server.extraInitContainers | string | `nil` | | +| server.extraLabels | object | `{}` | | +| server.extraPorts | string | `nil` | | +| server.extraSecretEnvironmentVars | list | `[]` | | +| server.extraVolumes | list | `[]` | | +| server.ha.apiAddr | string | `nil` | | +| server.ha.clusterAddr | string | `nil` | | +| server.ha.config | string | `"ui = true\n\nlistener \"tcp\" {\n tls_disable = 1\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n}\nstorage \"consul\" {\n path = \"vault\"\n address = \"HOST_IP:8500\"\n}\n\nservice_registration \"kubernetes\" {}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev-246514\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics.\n# If you are using Prometheus Operator you can enable a ServiceMonitor resource below.\n# You may wish to enable unauthenticated metrics in the listener block above.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | | +| server.ha.disruptionBudget.enabled | bool | `true` | | +| server.ha.disruptionBudget.maxUnavailable | string | `nil` | | +| server.ha.enabled | bool | `false` | | +| server.ha.raft.config | string | `"ui = true\n\nlistener \"tcp\" {\n tls_disable = 1\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n\nservice_registration \"kubernetes\" {}\n"` | | +| server.ha.raft.enabled | bool | `false` | | +| server.ha.raft.setNodeId | bool | `false` | | +| server.ha.replicas | int | `3` | | +| server.hostAliases | list | `[]` | | +| server.hostNetwork | bool | `false` | | +| server.image.pullPolicy | string | `"IfNotPresent"` | | +| server.image.repository | string | `"hashicorp/vault"` | | +| server.image.tag | string | `"1.15.2"` | | +| server.ingress.activeService | bool | `true` | | +| server.ingress.annotations | object | `{}` | | +| server.ingress.enabled | bool | `false` | | +| server.ingress.extraPaths | list | `[]` | | +| server.ingress.hosts[0].host | string | `"chart-example.local"` | | +| server.ingress.hosts[0].paths | list | `[]` | | +| server.ingress.ingressClassName | string | `""` | | +| server.ingress.labels | object | `{}` | | +| server.ingress.pathType | string | `"Prefix"` | | +| server.ingress.tls | list | `[]` | | +| server.livenessProbe.enabled | bool | `false` | | +| server.livenessProbe.execCommand | list | `[]` | | +| server.livenessProbe.failureThreshold | int | `2` | | +| server.livenessProbe.initialDelaySeconds | int | `60` | | +| server.livenessProbe.path | string | `"/v1/sys/health?standbyok=true"` | | +| server.livenessProbe.periodSeconds | int | `5` | | +| server.livenessProbe.port | int | `8200` | | +| server.livenessProbe.successThreshold | int | `1` | | +| server.livenessProbe.timeoutSeconds | int | `3` | | +| server.logFormat | string | `""` | | +| server.logLevel | string | `""` | | +| server.networkPolicy.egress | list | `[]` | | +| server.networkPolicy.enabled | bool | `false` | | +| server.networkPolicy.ingress[0].from[0].namespaceSelector | object | `{}` | | +| server.networkPolicy.ingress[0].ports[0].port | int | `8200` | | +| server.networkPolicy.ingress[0].ports[0].protocol | string | `"TCP"` | | +| server.networkPolicy.ingress[0].ports[1].port | int | `8201` | | +| server.networkPolicy.ingress[0].ports[1].protocol | string | `"TCP"` | | +| server.nodeSelector | object | `{}` | | +| server.persistentVolumeClaimRetentionPolicy | object | `{}` | | +| server.postStart | list | `[]` | | +| server.preStopSleepSeconds | int | `5` | | +| server.priorityClassName | string | `""` | | +| server.readinessProbe.enabled | bool | `true` | | +| server.readinessProbe.failureThreshold | int | `2` | | +| server.readinessProbe.initialDelaySeconds | int | `5` | | +| server.readinessProbe.periodSeconds | int | `5` | | +| server.readinessProbe.port | int | `8200` | | +| server.readinessProbe.successThreshold | int | `1` | | +| server.readinessProbe.timeoutSeconds | int | `3` | | +| server.resources | object | `{}` | | +| server.route.activeService | bool | `true` | | +| server.route.annotations | object | `{}` | | +| server.route.enabled | bool | `false` | | +| server.route.host | string | `"chart-example.local"` | | +| server.route.labels | object | `{}` | | +| server.route.tls.termination | string | `"passthrough"` | | +| server.service.active.annotations | object | `{}` | | +| server.service.active.enabled | bool | `true` | | +| server.service.annotations | object | `{}` | | +| server.service.enabled | bool | `true` | | +| server.service.externalTrafficPolicy | string | `"Cluster"` | | +| server.service.instanceSelector.enabled | bool | `true` | | +| server.service.ipFamilies | list | `[]` | | +| server.service.ipFamilyPolicy | string | `""` | | +| server.service.port | int | `8200` | | +| server.service.publishNotReadyAddresses | bool | `true` | | +| server.service.standby.annotations | object | `{}` | | +| server.service.standby.enabled | bool | `true` | | +| server.service.targetPort | int | `8200` | | +| server.serviceAccount.annotations | object | `{}` | | +| server.serviceAccount.create | bool | `true` | | +| server.serviceAccount.createSecret | bool | `false` | | +| server.serviceAccount.extraLabels | object | `{}` | | +| server.serviceAccount.name | string | `""` | | +| server.serviceAccount.serviceDiscovery.enabled | bool | `true` | | +| server.shareProcessNamespace | bool | `false` | | +| server.standalone.config | string | `"ui = true\n\nlistener \"tcp\" {\n tls_disable = 1\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\nstorage \"file\" {\n path = \"/vault/data\"\n}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics in your config.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | | +| server.standalone.enabled | string | `"-"` | | +| server.statefulSet.annotations | object | `{}` | | +| server.statefulSet.securityContext.container | object | `{}` | | +| server.statefulSet.securityContext.pod | object | `{}` | | +| server.terminationGracePeriodSeconds | int | `10` | | +| server.tolerations | list | `[]` | | +| server.topologySpreadConstraints | list | `[]` | | +| server.updateStrategyType | string | `"OnDelete"` | | +| server.volumeMounts | string | `nil` | | +| server.volumes | string | `nil` | | +| serverTelemetry.prometheusRules.enabled | bool | `false` | | +| serverTelemetry.prometheusRules.rules | list | `[]` | | +| serverTelemetry.prometheusRules.selectors | object | `{}` | | +| serverTelemetry.serviceMonitor.enabled | bool | `false` | | +| serverTelemetry.serviceMonitor.interval | string | `"30s"` | | +| serverTelemetry.serviceMonitor.scrapeTimeout | string | `"10s"` | | +| serverTelemetry.serviceMonitor.selectors | object | `{}` | | +| ui.activeVaultPodOnly | bool | `false` | | +| ui.annotations | object | `{}` | | +| ui.enabled | bool | `false` | | +| ui.externalPort | int | `8200` | | +| ui.externalTrafficPolicy | string | `"Cluster"` | | +| ui.publishNotReadyAddresses | bool | `true` | | +| ui.serviceIPFamilies | list | `[]` | | +| ui.serviceIPFamilyPolicy | string | `""` | | +| ui.serviceNodePort | string | `nil` | | +| ui.serviceType | string | `"ClusterIP"` | | +| ui.targetPort | int | `8200` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/templates/NOTES.txt b/charts/openbao/templates/NOTES.txt similarity index 100% rename from templates/NOTES.txt rename to charts/openbao/templates/NOTES.txt diff --git a/templates/_helpers.tpl b/charts/openbao/templates/_helpers.tpl similarity index 100% rename from templates/_helpers.tpl rename to charts/openbao/templates/_helpers.tpl diff --git a/templates/csi-agent-configmap.yaml b/charts/openbao/templates/csi-agent-configmap.yaml similarity index 100% rename from templates/csi-agent-configmap.yaml rename to charts/openbao/templates/csi-agent-configmap.yaml diff --git a/templates/csi-clusterrole.yaml b/charts/openbao/templates/csi-clusterrole.yaml similarity index 100% rename from templates/csi-clusterrole.yaml rename to charts/openbao/templates/csi-clusterrole.yaml diff --git a/templates/csi-clusterrolebinding.yaml b/charts/openbao/templates/csi-clusterrolebinding.yaml similarity index 100% rename from templates/csi-clusterrolebinding.yaml rename to charts/openbao/templates/csi-clusterrolebinding.yaml diff --git a/templates/csi-daemonset.yaml b/charts/openbao/templates/csi-daemonset.yaml similarity index 100% rename from templates/csi-daemonset.yaml rename to charts/openbao/templates/csi-daemonset.yaml diff --git a/templates/csi-role.yaml b/charts/openbao/templates/csi-role.yaml similarity index 100% rename from templates/csi-role.yaml rename to charts/openbao/templates/csi-role.yaml diff --git a/templates/csi-rolebinding.yaml b/charts/openbao/templates/csi-rolebinding.yaml similarity index 100% rename from templates/csi-rolebinding.yaml rename to charts/openbao/templates/csi-rolebinding.yaml diff --git a/templates/csi-serviceaccount.yaml b/charts/openbao/templates/csi-serviceaccount.yaml similarity index 100% rename from templates/csi-serviceaccount.yaml rename to charts/openbao/templates/csi-serviceaccount.yaml diff --git a/templates/injector-certs-secret.yaml b/charts/openbao/templates/injector-certs-secret.yaml similarity index 100% rename from templates/injector-certs-secret.yaml rename to charts/openbao/templates/injector-certs-secret.yaml diff --git a/templates/injector-clusterrole.yaml b/charts/openbao/templates/injector-clusterrole.yaml similarity index 100% rename from templates/injector-clusterrole.yaml rename to charts/openbao/templates/injector-clusterrole.yaml diff --git a/templates/injector-clusterrolebinding.yaml b/charts/openbao/templates/injector-clusterrolebinding.yaml similarity index 100% rename from templates/injector-clusterrolebinding.yaml rename to charts/openbao/templates/injector-clusterrolebinding.yaml diff --git a/templates/injector-deployment.yaml b/charts/openbao/templates/injector-deployment.yaml similarity index 100% rename from templates/injector-deployment.yaml rename to charts/openbao/templates/injector-deployment.yaml diff --git a/templates/injector-disruptionbudget.yaml b/charts/openbao/templates/injector-disruptionbudget.yaml similarity index 100% rename from templates/injector-disruptionbudget.yaml rename to charts/openbao/templates/injector-disruptionbudget.yaml diff --git a/templates/injector-mutating-webhook.yaml b/charts/openbao/templates/injector-mutating-webhook.yaml similarity index 100% rename from templates/injector-mutating-webhook.yaml rename to charts/openbao/templates/injector-mutating-webhook.yaml diff --git a/templates/injector-network-policy.yaml b/charts/openbao/templates/injector-network-policy.yaml similarity index 100% rename from templates/injector-network-policy.yaml rename to charts/openbao/templates/injector-network-policy.yaml diff --git a/templates/injector-psp-role.yaml b/charts/openbao/templates/injector-psp-role.yaml similarity index 100% rename from templates/injector-psp-role.yaml rename to charts/openbao/templates/injector-psp-role.yaml diff --git a/templates/injector-psp-rolebinding.yaml b/charts/openbao/templates/injector-psp-rolebinding.yaml similarity index 100% rename from templates/injector-psp-rolebinding.yaml rename to charts/openbao/templates/injector-psp-rolebinding.yaml diff --git a/templates/injector-psp.yaml b/charts/openbao/templates/injector-psp.yaml similarity index 100% rename from templates/injector-psp.yaml rename to charts/openbao/templates/injector-psp.yaml diff --git a/templates/injector-role.yaml b/charts/openbao/templates/injector-role.yaml similarity index 100% rename from templates/injector-role.yaml rename to charts/openbao/templates/injector-role.yaml diff --git a/templates/injector-rolebinding.yaml b/charts/openbao/templates/injector-rolebinding.yaml similarity index 100% rename from templates/injector-rolebinding.yaml rename to charts/openbao/templates/injector-rolebinding.yaml diff --git a/templates/injector-service.yaml b/charts/openbao/templates/injector-service.yaml similarity index 100% rename from templates/injector-service.yaml rename to charts/openbao/templates/injector-service.yaml diff --git a/templates/injector-serviceaccount.yaml b/charts/openbao/templates/injector-serviceaccount.yaml similarity index 100% rename from templates/injector-serviceaccount.yaml rename to charts/openbao/templates/injector-serviceaccount.yaml diff --git a/templates/prometheus-prometheusrules.yaml b/charts/openbao/templates/prometheus-prometheusrules.yaml similarity index 100% rename from templates/prometheus-prometheusrules.yaml rename to charts/openbao/templates/prometheus-prometheusrules.yaml diff --git a/templates/prometheus-servicemonitor.yaml b/charts/openbao/templates/prometheus-servicemonitor.yaml similarity index 100% rename from templates/prometheus-servicemonitor.yaml rename to charts/openbao/templates/prometheus-servicemonitor.yaml diff --git a/templates/server-clusterrolebinding.yaml b/charts/openbao/templates/server-clusterrolebinding.yaml similarity index 100% rename from templates/server-clusterrolebinding.yaml rename to charts/openbao/templates/server-clusterrolebinding.yaml diff --git a/templates/server-config-configmap.yaml b/charts/openbao/templates/server-config-configmap.yaml similarity index 100% rename from templates/server-config-configmap.yaml rename to charts/openbao/templates/server-config-configmap.yaml diff --git a/templates/server-discovery-role.yaml b/charts/openbao/templates/server-discovery-role.yaml similarity index 100% rename from templates/server-discovery-role.yaml rename to charts/openbao/templates/server-discovery-role.yaml diff --git a/templates/server-discovery-rolebinding.yaml b/charts/openbao/templates/server-discovery-rolebinding.yaml similarity index 100% rename from templates/server-discovery-rolebinding.yaml rename to charts/openbao/templates/server-discovery-rolebinding.yaml diff --git a/templates/server-disruptionbudget.yaml b/charts/openbao/templates/server-disruptionbudget.yaml similarity index 100% rename from templates/server-disruptionbudget.yaml rename to charts/openbao/templates/server-disruptionbudget.yaml diff --git a/templates/server-ha-active-service.yaml b/charts/openbao/templates/server-ha-active-service.yaml similarity index 100% rename from templates/server-ha-active-service.yaml rename to charts/openbao/templates/server-ha-active-service.yaml diff --git a/templates/server-ha-standby-service.yaml b/charts/openbao/templates/server-ha-standby-service.yaml similarity index 100% rename from templates/server-ha-standby-service.yaml rename to charts/openbao/templates/server-ha-standby-service.yaml diff --git a/templates/server-headless-service.yaml b/charts/openbao/templates/server-headless-service.yaml similarity index 100% rename from templates/server-headless-service.yaml rename to charts/openbao/templates/server-headless-service.yaml diff --git a/templates/server-ingress.yaml b/charts/openbao/templates/server-ingress.yaml similarity index 100% rename from templates/server-ingress.yaml rename to charts/openbao/templates/server-ingress.yaml diff --git a/templates/server-network-policy.yaml b/charts/openbao/templates/server-network-policy.yaml similarity index 100% rename from templates/server-network-policy.yaml rename to charts/openbao/templates/server-network-policy.yaml diff --git a/templates/server-psp-role.yaml b/charts/openbao/templates/server-psp-role.yaml similarity index 100% rename from templates/server-psp-role.yaml rename to charts/openbao/templates/server-psp-role.yaml diff --git a/templates/server-psp-rolebinding.yaml b/charts/openbao/templates/server-psp-rolebinding.yaml similarity index 100% rename from templates/server-psp-rolebinding.yaml rename to charts/openbao/templates/server-psp-rolebinding.yaml diff --git a/templates/server-psp.yaml b/charts/openbao/templates/server-psp.yaml similarity index 100% rename from templates/server-psp.yaml rename to charts/openbao/templates/server-psp.yaml diff --git a/templates/server-route.yaml b/charts/openbao/templates/server-route.yaml similarity index 100% rename from templates/server-route.yaml rename to charts/openbao/templates/server-route.yaml diff --git a/templates/server-service.yaml b/charts/openbao/templates/server-service.yaml similarity index 100% rename from templates/server-service.yaml rename to charts/openbao/templates/server-service.yaml diff --git a/templates/server-serviceaccount-secret.yaml b/charts/openbao/templates/server-serviceaccount-secret.yaml similarity index 100% rename from templates/server-serviceaccount-secret.yaml rename to charts/openbao/templates/server-serviceaccount-secret.yaml diff --git a/templates/server-serviceaccount.yaml b/charts/openbao/templates/server-serviceaccount.yaml similarity index 100% rename from templates/server-serviceaccount.yaml rename to charts/openbao/templates/server-serviceaccount.yaml diff --git a/templates/server-statefulset.yaml b/charts/openbao/templates/server-statefulset.yaml similarity index 100% rename from templates/server-statefulset.yaml rename to charts/openbao/templates/server-statefulset.yaml diff --git a/templates/tests/server-test.yaml b/charts/openbao/templates/tests/server-test.yaml similarity index 100% rename from templates/tests/server-test.yaml rename to charts/openbao/templates/tests/server-test.yaml diff --git a/templates/ui-service.yaml b/charts/openbao/templates/ui-service.yaml similarity index 100% rename from templates/ui-service.yaml rename to charts/openbao/templates/ui-service.yaml diff --git a/values.openshift.yaml b/charts/openbao/values.openshift.yaml similarity index 100% rename from values.openshift.yaml rename to charts/openbao/values.openshift.yaml diff --git a/values.schema.json b/charts/openbao/values.schema.json similarity index 100% rename from values.schema.json rename to charts/openbao/values.schema.json diff --git a/values.yaml b/charts/openbao/values.yaml similarity index 100% rename from values.yaml rename to charts/openbao/values.yaml From 717559c41eb40317db4b866d1ebe5e1a03eaba54 Mon Sep 17 00:00:00 2001 From: jessebot Date: Thu, 16 May 2024 12:17:06 +0200 Subject: [PATCH 2/5] add official openbao security email Signed-off-by: jessebot --- README.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/README.md b/README.md index 30043e2a3..aedb40394 100644 --- a/README.md +++ b/README.md @@ -2,16 +2,12 @@ > :warning: **Please note**: We take OpenBao's security and our users' trust very seriously. If you believe you have found a security issue in OpenBao Helm, _please responsibly disclose_ -by contacting us at [](mailto:). +by contacting us at [openbao-security@lists.lfedge.org](mailto:openbao-security@lists.lfedge.org). This repository contains the OpenBao Helm chart for installing and configuring OpenBao on Kubernetes. This chart supports multiple use cases of OpenBao on Kubernetes depending on the values provided. -For full documentation on this Helm chart along with all the ways you can -use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://developer.hashicorp.com/vault/docs/platform/k8s). - ## Prerequisites To use the charts here, [Helm](https://helm.sh/) must be configured for your From 9d1440f28ab6796f0de18c4731aab9fa5335196e Mon Sep 17 00:00:00 2001 From: JesseBot Date: Thu, 16 May 2024 14:27:32 +0200 Subject: [PATCH 3/5] Update charts/openbao/Chart.yaml - fix chart description OpenBao casing Signed-off-by: JesseBot --- charts/openbao/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/openbao/Chart.yaml b/charts/openbao/Chart.yaml index 163c7b64d..a8453d6d3 100644 --- a/charts/openbao/Chart.yaml +++ b/charts/openbao/Chart.yaml @@ -6,7 +6,7 @@ name: openbao version: 0.1.0 appVersion: v2.0.0-alpha20240329 kubeVersion: ">= 1.27.0-0" -description: Official openbao Chart +description: Official OpenBao Chart home: https://github.com/openbao/openbao-helm icon: https://avatars.githubusercontent.com/u/152585220?s=200&v=4 keywords: ["vault", "security", "encryption", "secrets", "management", "automation", "infrastructure"] From d1613edccb5728fcefb36e2d07e1f4cb823cc67f Mon Sep 17 00:00:00 2001 From: JesseBot Date: Thu, 16 May 2024 22:57:52 +0200 Subject: [PATCH 4/5] Update charts/openbao/Chart.yaml - update the maintainer to be OpenBao Signed-off-by: JesseBot --- charts/openbao/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/openbao/Chart.yaml b/charts/openbao/Chart.yaml index a8453d6d3..545a20304 100644 --- a/charts/openbao/Chart.yaml +++ b/charts/openbao/Chart.yaml @@ -16,5 +16,5 @@ annotations: charts.openshift.io/name: Openbao maintainers: - - name: jessebot - url: https://github.com/jessebot +- name: OpenBao + url: https://openbao.org From 25131e041a05a5e9258eb57ff506668939bbb581 Mon Sep 17 00:00:00 2001 From: JesseBot Date: Thu, 16 May 2024 22:59:17 +0200 Subject: [PATCH 5/5] Update charts/openbao/Chart.yaml - use default branding image Signed-off-by: JesseBot --- charts/openbao/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/openbao/Chart.yaml b/charts/openbao/Chart.yaml index 545a20304..e69c4e93c 100644 --- a/charts/openbao/Chart.yaml +++ b/charts/openbao/Chart.yaml @@ -8,7 +8,7 @@ appVersion: v2.0.0-alpha20240329 kubeVersion: ">= 1.27.0-0" description: Official OpenBao Chart home: https://github.com/openbao/openbao-helm -icon: https://avatars.githubusercontent.com/u/152585220?s=200&v=4 +icon: https://github.com/openbao/artwork/blob/main/color/openbao-color.svg keywords: ["vault", "security", "encryption", "secrets", "management", "automation", "infrastructure"] sources: - https://github.com/openbao/openbao-helm