Features:
Features:
- Added
extra-secret
annotation for mounting kube-secrets: GH-119
Improvements:
- Resource limits and requests can be disabled via annotation: GH-174
Features:
- Added annotations to configure agent caching/listener: GH-132
- Added annotation for specifying filenames and paths within the secrets volume: GH-158
- Added prometheus telemetry support: GH-145
Improvements:
- Injected agents are now configured with
readOnlyRootFilesystem: true
: GH-142 - Added additional security contexts for better integration with restrictive PSPs: GH-153
- Added unique token volumes for init/sidecar: GH-170
Features:
- Added annotations/envs to change the UID and GID of the Vault Agent process: GH-60
- Added command-line options, annotations, and envs for
run-as-same-user
andset-security-context
: GH-131
Improvements:
Bugs:
Features:
- Added flag/env to change log-format for the injector: GH-50
- Added annotation to run a command after template has been rendered: GH-57
- Added annotation to configure Vault namespace: GH-82
- Added annotation to configure Vault Agent log level: GH-82
- Added annotation that shares the Vault Agent token in the shared volume: GH-77
- Added annotations to configure token revocation during shutdown: GH-67
- Added annotations to customize render path of secrets (per secret and global default): GH-71
- Added annotation to preserve case: GH-71
- Added annotation to configure if the init container runs first or last: GH-91
Improvements:
- Added
GO111MODULE
flag toMakefile
: GH-61 - Changed token location from
/home/vault/.token
to/home/vault/.vault-token
: GH-66
Bugs:
- Fixed bug where secret volumes were not shared with other init containers: GH-91
Features:
- Added configurable auth mount path annotation and environment variable [GH-23]
- Added kustomize [GH-43]
Bugs:
- Fixed bug where tlsSkipVerify was true by default [GH-34]
Bugs:
- Fixed bug causing pods in kube-system to be rejected [GH-14]
Initial release