From c46ef473ae94e5ffc4dcf3a8a21cfea7d751b249 Mon Sep 17 00:00:00 2001 From: Theron Voran Date: Thu, 5 Dec 2024 12:17:30 -0800 Subject: [PATCH] Prepare release v1.6.0 (#710) Changelog updates, default Vault to 1.18.2, use go 1.22.10, update golang.org/x/crypto@latest, golang.org/x/net@latest, and friends. --- .github/workflows/tests.yaml | 2 +- .go-version | 2 +- CHANGELOG.md | 15 +++++++++++++++ Makefile | 2 +- agent-inject/agent/agent.go | 2 +- deploy/injector-deployment.yaml | 4 ++-- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- subcommand/injector/flags_test.go | 2 +- 9 files changed, 37 insertions(+), 22 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 7e1297e8..3aca661a 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -40,7 +40,7 @@ jobs: outputs: # JSON encoded array of k8s versions. K8S_VERSIONS: '["1.31.2", "1.30.6", "1.29.10", "1.28.15", "1.27.16"]' - VAULT_N: "1.18.1" + VAULT_N: "1.18.2" VAULT_N_1: "1.17.6" VAULT_N_2: "1.16.3" diff --git a/.go-version b/.go-version index 229a27c6..f5ae9457 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.22.8 +1.22.10 diff --git a/CHANGELOG.md b/CHANGELOG.md index addbaa66..04ccaca8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,14 +1,29 @@ ## Unreleased +## 1.6.0 (December 5, 2024) + Changes: +* Building with Go 1.22.10 +* Default Vault version updated to 1.18.2 * Dependency updates: * Docker image `ubi8/ubi-minimal` 8.10-1086 => 8.10-1130 * github.com/stretchr/testify v1.9.0 => v1.10.0 + * golang.org/x/crypto v0.28.0 => v0.30.0 + * golang.org/x/net v0.30.0 => v0.32.0 + * golang.org/x/sys v0.26.0 => v0.28.0 + * golang.org/x/term v0.25.0 => v0.27.0 + * golang.org/x/text v0.19.0 => v0.21.0 * k8s.io/api v0.31.2 => v0.31.3 * k8s.io/apimachinery v0.31.2 => v0.31.3 * k8s.io/client-go v0.31.2 => v0.31.3 * sigs.k8s.io/controller-runtime v0.19.1 => v0.19.2 +Features: +* Agent injection telemetry [GH-703](https://github.com/hashicorp/vault-k8s/pull/703) [GH-709](https://github.com/hashicorp/vault-k8s/pull/709) + +Improvements: +* Support `AGENT_INJECT_TLS_CA_CERT_FILE` env option when using manual TLS [GH-679](https://github.com/hashicorp/vault-k8s/pull/679) + ## 1.5.0 (November 6, 2024) Changes: diff --git a/Makefile b/Makefile index 8d235be2..ceae2be9 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ REGISTRY_NAME ?= docker.io/hashicorp IMAGE_NAME = vault-k8s VERSION ?= 0.0.0-dev -VAULT_VERSION ?= 1.18.1 +VAULT_VERSION ?= 1.18.2 IMAGE_TAG ?= $(REGISTRY_NAME)/$(IMAGE_NAME):$(VERSION) PUBLISH_LOCATION ?= https://releases.hashicorp.com DOCKER_DIR = ./build/docker diff --git a/agent-inject/agent/agent.go b/agent-inject/agent/agent.go index 4088d56b..4750b5bf 100644 --- a/agent-inject/agent/agent.go +++ b/agent-inject/agent/agent.go @@ -17,7 +17,7 @@ import ( ) const ( - DefaultVaultImage = "hashicorp/vault:1.18.1" + DefaultVaultImage = "hashicorp/vault:1.18.2" DefaultVaultAuthType = "kubernetes" DefaultVaultAuthPath = "auth/kubernetes" DefaultAgentRunAsUser = 100 diff --git a/deploy/injector-deployment.yaml b/deploy/injector-deployment.yaml index daad3c51..c58832e0 100644 --- a/deploy/injector-deployment.yaml +++ b/deploy/injector-deployment.yaml @@ -24,7 +24,7 @@ spec: serviceAccountName: "vault-injector" containers: - name: sidecar-injector - image: "hashicorp/vault-k8s:1.5.0" + image: "hashicorp/vault-k8s:1.6.0" imagePullPolicy: IfNotPresent env: - name: NAMESPACE @@ -44,7 +44,7 @@ spec: - name: AGENT_INJECT_VAULT_ADDR value: "https://vault.$(NAMESPACE).svc:8200" - name: AGENT_INJECT_VAULT_IMAGE - value: "hashicorp/vault:1.18.1" + value: "hashicorp/vault:1.18.2" - name: AGENT_INJECT_TLS_AUTO value: vault-agent-injector-cfg - name: AGENT_INJECT_TLS_AUTO_HOSTS diff --git a/go.mod b/go.mod index 2b75a430..e472eeec 100644 --- a/go.mod +++ b/go.mod @@ -78,12 +78,12 @@ require ( github.com/spf13/cast v1.3.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/crypto v0.28.0 // indirect - golang.org/x/net v0.30.0 // indirect + golang.org/x/crypto v0.30.0 // indirect + golang.org/x/net v0.32.0 // indirect golang.org/x/oauth2 v0.21.0 // indirect - golang.org/x/sys v0.26.0 // indirect - golang.org/x/term v0.25.0 // indirect - golang.org/x/text v0.19.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/term v0.27.0 // indirect + golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.5.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect diff --git a/go.sum b/go.sum index 37661a88..35644afb 100644 --- a/go.sum +++ b/go.sum @@ -187,8 +187,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= -golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= +golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= +golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -197,8 +197,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= -golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= +golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= +golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -214,14 +214,14 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= -golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/subcommand/injector/flags_test.go b/subcommand/injector/flags_test.go index 46994933..25cfbea1 100644 --- a/subcommand/injector/flags_test.go +++ b/subcommand/injector/flags_test.go @@ -119,7 +119,7 @@ func TestCommandEnvs(t *testing.T) { {env: "AGENT_INJECT_VAULT_CACERT_BYTES", value: "foo", cmdPtr: &cmd.flagVaultCACertBytes}, {env: "AGENT_INJECT_PROXY_ADDR", value: "http://proxy:3128", cmdPtr: &cmd.flagProxyAddress}, {env: "AGENT_INJECT_VAULT_AUTH_PATH", value: "auth-path-test", cmdPtr: &cmd.flagVaultAuthPath}, - {env: "AGENT_INJECT_VAULT_IMAGE", value: "hashicorp/vault:1.18.1", cmdPtr: &cmd.flagVaultImage}, + {env: "AGENT_INJECT_VAULT_IMAGE", value: "hashicorp/vault:1.18.2", cmdPtr: &cmd.flagVaultImage}, {env: "AGENT_INJECT_VAULT_NAMESPACE", value: "test-namespace", cmdPtr: &cmd.flagVaultNamespace}, {env: "AGENT_INJECT_TLS_KEY_FILE", value: "server.key", cmdPtr: &cmd.flagKeyFile}, {env: "AGENT_INJECT_TLS_CERT_FILE", value: "server.crt", cmdPtr: &cmd.flagCertFile},