Readability changes for VSO CSI Helm docs (#1176)

digivava · web-flow · commit 2e208be9c52c · 2025-10-30T13:19:09.000-07:00
* Readability changes for docs

* Add EnterpriseAlert html
diff --git a/content/vault/v1.21.x/content/docs/deploy/kubernetes/vso/helm.mdx b/content/vault/v1.21.x/content/docs/deploy/kubernetes/vso/helm.mdx
@@ -92,27 +92,30 @@ Use these links to navigate to a particular top-level stanza.
               - antarctica-east1
               - antarctica-west1
 
-  - `topologySpreadConstraints` ((#v-controller-topologyspreadconstraints)) (`array: []`) - TopologySpreadConstraints settings for vault-secrets-operator pod.
-    The value is an array of PodSpec TopologySpreadConstraint maps.
-    A labelSelector for the pods will be added automatically to the template in case it is not set.
+  - `topologySpreadConstraints` ((#v-controller-topologyspreadconstraints)) (`array: []`) - Topology spread constraint settings for the `vault-secrets-operator` pod
+    as an array of PodSpec `topologySpreadConstraints` maps.
+    VSO automatically adds a `labelSelector` entry to the templates if you do not provide a value.
     ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
     Example:
+
+    ```yaml
     topologySpreadConstraints:
     - maxSkew: 1
       topologyKey: zone
       whenUnsatisfiable: DoNotSchedule
+    ```
 
-  - `podDisruptionBudget` ((#v-controller-poddisruptionbudget)) - Configure the PodDisruptionBudget for the controller deployment.
+  - `podDisruptionBudget` ((#v-controller-poddisruptionbudget)) - Configures the PodDisruptionBudget for the controller deployment.
 
-    - `enabled` ((#v-controller-poddisruptionbudget-enabled)) (`boolean: false`) - toggles the deployment of the PodDisruptionBudget for the controller.
+    - `enabled` ((#v-controller-poddisruptionbudget-enabled)) (`boolean: false`) - Toggles the deployment of the PodDisruptionBudget for the controller.
 
-    - `maxUnavailable` ((#v-controller-poddisruptionbudget-maxunavailable)) (`string: 0`) - Sets the maximum number of pods that can be unavailable during the eviction.
-      This field cannot be set if minAvailable is set.
-      Can be set as an integer (e.g. "2") or a percentage (e.g. "50%").
+    - `maxUnavailable` ((#v-controller-poddisruptionbudget-maxunavailable)) (`string: 0`) - Sets the maximum number of unavailable pods during eviction.
+      You cannot set both `maxUnavailable` and `minAvailable`.
+      You can specify `maxUnavailable` as an integer ("2") or a percentage ("50%").
 
-    - `minAvailable` ((#v-controller-poddisruptionbudget-minavailable)) (`string: 0`) - Sets the number of pods that must be available during the eviction.
-      This field cannot be set if maxUnavailable is set.
-      Can be set as an integer (e.g. "2") or a percentage (e.g. "50%").
+    - `minAvailable` ((#v-controller-poddisruptionbudget-minavailable)) (`string: 0`) - Sets the minimum number of available pods allowed during eviction.
+      You cannot set both `minAvailable` and `maxUnavailable`.
+      You can specify `minAvailable` as an integer ("2") or a percentage ("50%").
 
   - `rbac` ((#v-controller-rbac))
 
@@ -204,7 +207,7 @@ Use these links to navigate to a particular top-level stanza.
 
       - `repository` ((#v-controller-manager-image-repository)) (`string: hashicorp/vault-secrets-operator`)
 
-      - `tag` ((#v-controller-manager-image-tag)) (`string: 0.10.0`)
+      - `tag` ((#v-controller-manager-image-tag)) (`string: 1.0.1`)
 
     - `logging` ((#v-controller-manager-logging)) - logging
 
@@ -213,7 +216,13 @@ Use these links to navigate to a particular top-level stanza.
         Default: info
 
       - `timeEncoding` ((#v-controller-manager-logging-timeencoding)) (`string: rfc3339`) - Sets the time encoding for the operator.
-        Options are: epoch, millis, nano, iso8601, rfc3339, rfc3339nano
+        Options are:
+        - `epoch` - Unix timestamp in seconds (e.g. 1695382800)
+        - `millis` - Unix timestamp in milliseconds (e.g. 1695382800000)
+        - `nano` - Unix timestamp in nanoseconds (e.g. 1695382800000000000)
+        - `iso8601` - ISO 8601 format (e.g. 2023-09-22T10:00:00Z)
+        - `rfc3339` - RFC 3339 format (e.g. 2023-09-22T10:00:00Z)
+        - `rfc3339nano` - RFC 3339 format with nanosecond precision (e.g. 2023-09-22T10:00:00.123456789Z)
         Default: rfc3339
 
       - `stacktraceLevel` ((#v-controller-manager-logging-stacktracelevel)) (`string: panic`) - Sets the stacktrace level for the operator.
@@ -753,41 +762,53 @@ Use these links to navigate to a particular top-level stanza.
 
 ### csi ((#h-csi))
 
+<EnterpriseAlert inline="true" />
+
 - `csi` ((#v-csi))
 
   - `enabled` ((#v-csi-enabled)) (`boolean: false`) - Only supports Vault Enterprise servers.
-    Toggles the deployment of the Vault Secrets Operator CSI driver. This will deploy the driver and the necessary
-    resources to the cluster.
+    Toggles the deployment of the Vault Secrets Operator CSI driver. Setting `enabled` to `true`
+    deploys the CSI driver and the necessary resources to the cluster.
 
-  - `hostAliases` ((#v-csi-hostaliases)) (`array<map>`) - Host Aliases settings for the vault-secrets-operator-csi pods.
-    The value is an array of PodSpec HostAlias maps.
+  - `hostAliases` ((#v-csi-hostaliases)) (`array<map>`) - Host Aliases settings for the `vault-secrets-operator-csi` pods as
+    an array of PodSpec HostAlias maps.
     ref: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/
     Example:
+
+    ```yaml
     hostAliases:
       - ip: 192.168.1.100
         hostnames:
         - vault.example.com
 
-  - `nodeSelector` ((#v-csi-nodeselector)) (`map`) - nodeSelector labels for vault-secrets-operator-csi pod assignment.
+  - `nodeSelector` ((#v-csi-nodeselector)) (`map`) - Node selector labels for `vault-secrets-operator-csi` pod assignment.
     ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
     Example:
+
+    ```yaml
     nodeSelector:
       beta.kubernetes.io/arch: amd64
+    ```
 
-  - `tolerations` ((#v-csi-tolerations)) (`array<map>`) - Toleration Settings for vault-secrets-operator-csi pods.
-    The value is an array of PodSpec Toleration maps.
+  - `tolerations` ((#v-csi-tolerations)) (`array<map>`) - Toleration settings for `vault-secrets-operator-csi` pods
+    as an array of PodSpec Toleration maps.
     ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
     Example:
+
+    ```yaml
     tolerations:
      - key: "key1"
        operator: "Equal"
        value: "value1"
        effect: "NoSchedule"
+    ```
 
-  - `affinity` ((#v-csi-affinity)) - Affinity settings for vault-secrets-operator-csi pods.
-    The value is a map of PodSpec Affinity maps.
+  - `affinity` ((#v-csi-affinity)) - Affinity settings for `vault-secrets-operator-csi` pods
+    as a map of PodSpec Affinity maps.
     ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
     Example:
+
+    ```yaml
     affinity:
       nodeAffinity:
         requiredDuringSchedulingIgnoredDuringExecution:
@@ -798,112 +819,125 @@ Use these links to navigate to a particular top-level stanza.
               values:
               - antarctica-east1
               - antarctica-west1
+    ```
 
-  - `imagePullSecrets` ((#v-csi-imagepullsecrets)) (`array<map>`) - Image pull secret to use for private container registry authentication which will be applied to the controllers
-    service account. Alternatively, the value may be specified as an array of strings.
+  - `imagePullSecrets` ((#v-csi-imagepullsecrets)) (`array<map>`) - Image pull secrets as an array of maps or strings for private container registry authentication for the controller
+    service account.
+    Refer to https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry.
     Example:
+
     ```yaml
     imagePullSecrets:
       - name: pull-secret-name-1
       - name: pull-secret-name-2
     ```
-    Refer to https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry.
 
-  - `extraLabels` ((#v-csi-extralabels)) - Extra labels to attach to the deployment. This should be formatted as a YAML object (map)
+  - `extraLabels` ((#v-csi-extralabels)) - Additional deployment labels as a YAML object (map).
 
-  - `annotations` ((#v-csi-annotations)) - This value defines additional annotations for the deployment. This should be formatted as a YAML object (map)
+  - `annotations` ((#v-csi-annotations)) - Additional deployment annotations as a YAML object (map).
 
   - `driver` ((#v-csi-driver))
 
-    - `image` ((#v-csi-driver-image)) - Image sets the repo and tag of the vault-secrets-operator-csi image to use for the driver.
+    - `image` ((#v-csi-driver-image)) - Image information for the CSI driver.
+      ref: https://kubernetes.io/docs/concepts/containers/images/
 
-      - `pullPolicy` ((#v-csi-driver-image-pullpolicy)) (`string: IfNotPresent`)
+      - `pullPolicy` ((#v-csi-driver-image-pullpolicy)) (`string: IfNotPresent`) - Determines when the kubelet attempts to download the specified image.
 
-      - `repository` ((#v-csi-driver-image-repository)) (`string: hashicorp/vault-secrets-operator-csi`)
+      - `repository` ((#v-csi-driver-image-repository)) (`string: hashicorp/vault-secrets-operator-csi`) - The Docker repository of the CSI driver image.
 
-      - `tag` ((#v-csi-driver-image-tag)) (`string: 0.0.0-dev`)
+      - `tag` ((#v-csi-driver-image-tag)) (`string: 1.0.0`) - The version of the CSI driver image to download.
 
-    - `extraEnv` ((#v-csi-driver-extraenv)) (`array<map>`) - Defines additional environment variables to be added to the
+    - `extraEnv` ((#v-csi-driver-extraenv)) (`array<map>`) - Additional environment variables for the
       CSI driver container.
 
-    - `extraArgs` ((#v-csi-driver-extraargs)) (`array: []`) - Extra arguments to pass to the driver.
+    - `extraArgs` ((#v-csi-driver-extraargs)) (`array: []`) - Additional arguments to pass to the CSI driver.
 
-    - `logging` ((#v-csi-driver-logging)) - logging
+    - `logging` ((#v-csi-driver-logging)) - Configures logging output settings for the CSI driver.
 
-      - `level` ((#v-csi-driver-logging-level)) (`string: info`) - Sets the log level for the driver.
-        Builtin levels are: info, error, debug, debug-extended, trace
+      - `level` ((#v-csi-driver-logging-level)) (`string: info`) - Sets the log level for the CSI driver.
+        Must be one of: info, error, debug, debug-extended, trace.
         Default: info
 
-      - `timeEncoding` ((#v-csi-driver-logging-timeencoding)) (`string: rfc3339`) - Sets the time encoding for the driver.
-        Options are: epoch, millis, nano, iso8601, rfc3339, rfc3339nano
+      - `timeEncoding` ((#v-csi-driver-logging-timeencoding)) (`string: rfc3339`) - Sets the time encoding for the CSI driver.
+        Must be one of:
+        - epoch - Unix timestamp in seconds (e.g. 1695382800)
+        - millis - Unix timestamp in milliseconds (e.g. 1695382800000)
+        - nano - Unix timestamp in nanoseconds (e.g. 1695382800000000000)
+        - iso8601 - ISO 8601 format (e.g. 2023-09-22T10:00:00Z)
+        - rfc3339 - RFC 3339 format (e.g. 2023-09-22T10:00:00Z)
+        - rfc3339nano - RFC 3339 format with nanosecond precision (e.g. 2023-09-22T10:00:00.123456789Z)
         Default: rfc3339
 
-      - `stacktraceLevel` ((#v-csi-driver-logging-stacktracelevel)) (`string: panic`) - Sets the stacktrace level for the driver.
-        Options are: info, error, panic
+      - `stacktraceLevel` ((#v-csi-driver-logging-stacktracelevel)) (`string: panic`) - Sets the stacktrace level for the CSI driver.
+        Must be one of: info, error, panic.
         Default: panic
 
-    - `backoffOnSecretSourceError` ((#v-csi-driver-backoffonsecretsourceerror)) (`object: ""`) - Backoff settings for the CSI driver. These settings control the backoff behavior
-      when the driver encounters an error while fetching secrets from the SecretSource.
-      For example given the following settings:
+    - `backoffOnSecretSourceError` ((#v-csi-driver-backoffonsecretsourceerror)) (`object: ""`) - Describes backoff behavior for the CSI driver when the driver encounters
+      an error fetching secrets from `SecretSource`.
+      For example, the following configuration creates a backoff retry sequence like
+      5.5s, 7.5s, 11.25s, 16.87s, 25.3125s, 37.96s, 56.95, 60.95s, etc.:
+
+      ```yaml
         initialInterval: 5s
         maxInterval: 60s
         randomizationFactor: 0.5
         multiplier: 1.5
-
-      The backoff retry sequence might be something like:
-       5.5s, 7.5s, 11.25s, 16.87s, 25.3125s, 37.96s, 56.95, 60.95s...
+      ```
 
       - `initialInterval` ((#v-csi-driver-backoffonsecretsourceerror-initialinterval)) (`duration: 5s`) - Initial interval between retries.
 
       - `maxInterval` ((#v-csi-driver-backoffonsecretsourceerror-maxinterval)) (`duration: 60s`) - Maximum interval between retries.
 
-      - `maxElapsedTime` ((#v-csi-driver-backoffonsecretsourceerror-maxelapsedtime)) (`duration: 0s`) - Maximum elapsed time without a successful sync from the secret's source.
-        It's important to note that setting this option to anything other than
-        its default will result in the secret sync no longer being retried after
-        reaching the max elapsed time.
+      - `maxElapsedTime` ((#v-csi-driver-backoffonsecretsourceerror-maxelapsedtime)) (`duration: 0s`) - Maximum elapsed time without a successful sync from the secret source.
+        Setting an explicit `maxElapsedTime` tells VSO not to
+        retry the secret sync once it reaches the max elapsed time.
 
-      - `randomizationFactor` ((#v-csi-driver-backoffonsecretsourceerror-randomizationfactor)) (`float: 0.5`) - Randomization factor randomizes the backoff interval between retries.
-        This helps to spread out the retries to avoid a thundering herd.
-        If the value is 0, then the backoff interval will not be randomized.
-        It is recommended to set this to a value that is greater than 0.
+      - `randomizationFactor` ((#v-csi-driver-backoffonsecretsourceerror-randomizationfactor)) (`float: 0.5`) - Custom factor used to randomize the backoff interval between retries
+        to spread out the retries and avoid a thundering herd.
+        We strongly recommend using a randomization factor, but you can set
+        `randomizationFactor` to 0 to disable randomization.
 
-      - `multiplier` ((#v-csi-driver-backoffonsecretsourceerror-multiplier)) (`float: 1.5`) - Sets the multiplier that is used to increase the backoff interval between retries.
-        This value should always be set to a value greater than 0.
-        The value must be greater than zero.
+      - `multiplier` ((#v-csi-driver-backoffonsecretsourceerror-multiplier)) (`float: 1.5`) - Sets a multiplier used to increase the backoff interval between retries.
+        You cannot set `multiplier` to a value less than or equal to 0.
 
-  - `livenessProbe` ((#v-csi-livenessprobe))
+  - `livenessProbe` ((#v-csi-livenessprobe)) - The liveness probe checks the health of the CSI driver container.
 
-    - `image` ((#v-csi-livenessprobe-image)) - Image sets the repo and tag of the image to use for the liveness probe.
+    - `image` ((#v-csi-livenessprobe-image)) - Image information for the CSI driver liveness probe.
+      ref: https://kubernetes.io/docs/concepts/containers/images/
 
-      - `pullPolicy` ((#v-csi-livenessprobe-image-pullpolicy)) (`string: IfNotPresent`)
+      - `pullPolicy` ((#v-csi-livenessprobe-image-pullpolicy)) (`string: IfNotPresent`) - Determines when the kubelet attempts to download the specified image.
 
-      - `repository` ((#v-csi-livenessprobe-image-repository)) (`string: registry.k8s.io/sig-storage/livenessprobe`)
+      - `repository` ((#v-csi-livenessprobe-image-repository)) (`string: registry.k8s.io/sig-storage/livenessprobe`) - The Docker repository of the liveness probe image.
 
-      - `tag` ((#v-csi-livenessprobe-image-tag)) (`string: v2.10.0`)
+      - `tag` ((#v-csi-livenessprobe-image-tag)) (`string: v2.16.0`) - The version of the liveness probe image to download.
 
-    - `extraArgs` ((#v-csi-livenessprobe-extraargs)) (`array: []`) - Extra arguments to pass to the liveness probe container.
+    - `extraArgs` ((#v-csi-livenessprobe-extraargs)) (`array: []`) - Additional arguments to pass to the liveness probe container.
 
-  - `nodeDriverRegistrar` ((#v-csi-nodedriverregistrar))
+  - `nodeDriverRegistrar` ((#v-csi-nodedriverregistrar)) - The node driver registrar sidecar container handles registration with the kubelet.
 
-    - `image` ((#v-csi-nodedriverregistrar-image)) - Image sets the repo and tag of the image to use for the node driver registrar.
+    - `image` ((#v-csi-nodedriverregistrar-image)) - Image information for the CSI driver node driver registrar.
+      ref: https://kubernetes.io/docs/concepts/containers/images/
 
-      - `pullPolicy` ((#v-csi-nodedriverregistrar-image-pullpolicy)) (`string: IfNotPresent`)
+      - `pullPolicy` ((#v-csi-nodedriverregistrar-image-pullpolicy)) (`string: IfNotPresent`) - Determines when the kubelet attempts to download the specified image.
 
-      - `repository` ((#v-csi-nodedriverregistrar-image-repository)) (`string: registry.k8s.io/sig-storage/csi-node-driver-registrar`)
+      - `repository` ((#v-csi-nodedriverregistrar-image-repository)) (`string: registry.k8s.io/sig-storage/csi-node-driver-registrar`) - The Docker repository of the node driver registrar image.
 
-      - `tag` ((#v-csi-nodedriverregistrar-image-tag)) (`string: v2.8.0`)
+      - `tag` ((#v-csi-nodedriverregistrar-image-tag)) (`string: v2.14.0`) - The version of the node driver registrar image to download.
 
-    - `extraArgs` ((#v-csi-nodedriverregistrar-extraargs)) (`array: []`) - Extra arguments to pass to the node driver registrar container.
+    - `extraArgs` ((#v-csi-nodedriverregistrar-extraargs)) (`array: []`) - Additional arguments to pass to the node driver registrar container.
 
-  - `updateStrategy` ((#v-csi-updatestrategy)) (`object: ""`) - Configure update strategy for the DaemonSet
-    Kubernetes supports types Recreate, and RollingUpdate
+  - `updateStrategy` ((#v-csi-updatestrategy)) (`object: ""`) - Configures the update strategy for the CSI driver DaemonSet.
+    Must be one of: Recreate, RollingUpdate.
     ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
     Example:
+
+    ```yaml
     strategy: {}
       rollingUpdate:
         maxSurge: 1
         maxUnavailable: 0
       type: RollingUpdate
+    ```
 
 ### tests ((#h-tests))
 
