vault: updating helm docs for v0.31.0 release (#1007)

Author: tvoran

content/vault/v1.20.x/content/docs/configuration/service-registration/kubernetes.mdx

@@ -70,7 +70,7 @@ metadata:
     vault-initialized: "true"
     vault-perf-standby: "false"
     vault-sealed: "false"
-    vault-version: 1.20.1
+    vault-version: 1.20.4
 ```
 
 After shutdowns, Vault pods will bear the following labels:
@@ -85,7 +85,7 @@ metadata:
     vault-initialized: "false"
     vault-perf-standby: "false"
     vault-sealed: "true"
-    vault-version: 1.20.1
+    vault-version: 1.20.4
 ```
 
 ## Label definitions
@@ -101,7 +101,7 @@ metadata:
 - `vault-sealed` `(string: "true"/"false")` – Vault sealed is updated dynamically each
   time Vault's sealed/unsealed status changes. True indicates that Vault is currently sealed. False indicates that Vault
   is currently unsealed.
-- `vault-version` `(string: "1.20.1")` – Vault version is a string that will not change during a pod's lifecycle.
+- `vault-version` `(string: "1.20.4")` – Vault version is a string that will not change during a pod's lifecycle.
 
 ## Working with vault's service discovery labels
 
@@ -117,7 +117,7 @@ metadata:
   labels:
     app.kubernetes.io/instance: vault
     app.kubernetes.io/name: vault
-    helm.sh/chart: vault-0.30.1
+    helm.sh/chart: vault-0.31.0
   name: vault-active-us-east
   namespace: default
 spec:
@@ -155,7 +155,7 @@ $ vault write -f sys/replication/performance/primary/enable \
 In conjunction with the pod labels and the `OnDelete` upgrade strategy, upgrades are much easier to orchestrate:
 
 ```shell-session
-$ helm upgrade vault --set='server.image.tag=1.20.1'
+$ helm upgrade vault --set='server.image.tag=1.20.4'
 
 $ kubectl delete pod --selector=vault-active=false \
     --selector=vault-version=1.2.3

content/vault/v1.20.x/content/docs/deploy/kubernetes/helm/configuration.mdx

@@ -87,7 +87,7 @@ and consider if they're appropriate for your deployment.
 
     - `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the Vault Agent sidecar. This should be set to the official Vault Docker image.
 
-    - `tag` (`string: "1.20.1"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**.
+    - `tag` (`string: "1.20.4"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**.
 
   - `agentDefaults` - Values that configure the injected Vault Agent containers default values.
 
@@ -351,7 +351,7 @@ and consider if they're appropriate for your deployment.
 
     - `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the containers running Vault.
 
-    - `tag` (`string: "1.20.1"`) - The tag of the Docker image for the containers running Vault. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller.
+    - `tag` (`string: "1.20.4"`) - The tag of the Docker image for the containers running Vault. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller.
 
     - `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists.
 
@@ -1099,7 +1099,7 @@ and consider if they're appropriate for your deployment.
 
     - `repository` (`string: "hashicorp/vault-csi-provider"`) - The name of the Docker image for the Vault CSI Provider.
 
-    - `tag` (`string: "1.5.1"`) - The tag of the Docker image for the Vault CSI Provider.. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your CSI provider.
+    - `tag` (`string: "1.6.0"`) - The tag of the Docker image for the Vault CSI Provider.. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your CSI provider.
 
     - `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists locally.
 
@@ -1159,11 +1159,11 @@ and consider if they're appropriate for your deployment.
 
     - `extraLabels` (`dictionary: {}`) - This value defines additional labels for the CSI provider daemonset.
 
-    - `providersDir` (`string: "/etc/kubernetes/secrets-store-csi-providers"`) - Provider host path (must match the CSI provider's path)
+    - `providersDir` (`string: "/var/run/secrets-store-csi-providers"`) - Provider host path (must match the CSI provider's path)
 
     - `kubeletRootDir` (`string: "/var/lib/kubelet"`) - Kubelet host path
 
-    - `securityContext` - Security context for the pod template and container in the csi provider daemonSet
+    - `securityContext` - Security context for the pod template and container in the csi provider daemonSet. If `global.openshift=true`, the container securityContext defaults to `privileged: true`.
 
       - `pod` (`dictionary: {}`) - Pod-level securityContext. May be specified as YAML or a YAML-formatted multi-line templated string.
 
@@ -1255,7 +1255,7 @@ and consider if they're appropriate for your deployment.
 
       - `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the Vault Agent sidecar. This should be set to the official Vault Docker image.
 
-      - `tag` (`string: "1.20.1"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar.
+      - `tag` (`string: "1.20.4"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar.
 
     - `logFormat` (`string: "standard"`) -
     - `logLevel` (`string: "info"`) -
@@ -1270,6 +1270,20 @@ and consider if they're appropriate for your deployment.
         cpu: '250m'
     ```
 
+    - `securityContext`
+      - `container` (`dictionary: {}`) - Security context for the Vault Agent sidecar container. Defaults to:
+
+      ```yaml
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - ALL
+      readOnlyRootFilesystem: true
+      runAsNonRoot: true
+      runAsUser: 100
+      runAsGroup: 1000
+      ```
+
 - `serverTelemetry` - Values the configure metrics and telemetry. Enabling these features requires setting
   the `telemetry {}` stanza in the Vault configuration. See the [telemetry](/vault/docs/configuration/telemetry)
   [docs](/vault/docs/internals/telemetry) for more on the Vault configuration.
@@ -1342,6 +1356,14 @@ and consider if they're appropriate for your deployment.
           key: token
       ```
 
+    - `metricRelabelings` (`array: []`) - Metric relabeling rules to apply to samples before ingestion. See the prometheus [API reference](https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1.RelabelConfig) for more details. Example:
+
+      ```yaml
+      metricRelabelings:
+        - sourceLabels: [cluster]
+          targetLabel: vault_cluster
+      ```
+
   - `prometheusRules` - Values that configure Prometheus rules.
 
     - `enabled` (`boolean: false`) - Deploy the PrometheusRule custom resource for AlertManager-based

content/vault/v1.20.x/content/docs/deploy/kubernetes/helm/enterprise.mdx

@@ -33,7 +33,7 @@ In your chart overrides, set the values of [`server.image`](/vault/docs/platform
 server:
   image:
     repository: hashicorp/vault-enterprise
-    tag: 1.20.1-ent
+    tag: 1.20.4-ent
   enterpriseLicense:
     secretName: vault-ent-license
 ```

content/vault/v1.20.x/content/docs/deploy/kubernetes/helm/examples/enterprise-dr-with-raft.mdx

@@ -23,7 +23,7 @@ First, create the primary cluster:
 ```shell
 helm install vault-primary hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.20.1-ent' \
+  --set='server.image.tag=1.20.4-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```
@@ -75,7 +75,7 @@ disaster recovery replication.
 ```shell
 helm install vault-secondary hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.20.1-ent' \
+  --set='server.image.tag=1.20.4-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```

content/vault/v1.20.x/content/docs/deploy/kubernetes/helm/examples/enterprise-perf-with-raft.mdx

@@ -23,7 +23,7 @@ First, create the primary cluster:
 ```shell
 helm install vault-primary hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.20.1-ent' \
+  --set='server.image.tag=1.20.4-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```
@@ -74,7 +74,7 @@ With the primary cluster created, next create a secondary cluster.
 ```shell
 helm install vault-secondary hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.20.1-ent' \
+  --set='server.image.tag=1.20.4-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```

content/vault/v1.20.x/content/docs/deploy/kubernetes/helm/examples/enterprise-with-raft.mdx

@@ -15,7 +15,7 @@ Integrated Storage (raft) can be enabled using the `server.ha.raft.enabled` valu
 ```shell
 helm install vault hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.20.1-ent' \
+  --set='server.image.tag=1.20.4-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```

content/vault/v1.20.x/content/docs/deploy/kubernetes/helm/run.mdx

@@ -409,14 +409,14 @@ Next, list the Helm versions and choose the desired version to install.
 ```bash
 $ helm search repo hashicorp/vault
 NAME           	CHART VERSION	APP VERSION	DESCRIPTION
-hashicorp/vault	0.30.1       	1.20.1     	Official HashiCorp Vault Chart
+hashicorp/vault	0.31.0       	1.20.4     	Official HashiCorp Vault Chart
 ```
 
 Next, test the upgrade with `--dry-run` first to verify the changes sent to the
 Kubernetes cluster.
 
 ```shell-session
-$ helm upgrade vault hashicorp/vault --version=0.30.1 \
+$ helm upgrade vault hashicorp/vault --version=0.31.0 \
     --set='server.image.repository=vault' \
     --set='server.image.tag=123.456' \
     --dry-run

content/vault/v1.20.x/content/partials/helm/install.mdx

@@ -2,16 +2,16 @@
 # List the available releases
 $ helm search repo hashicorp/vault -l
 NAME           	CHART VERSION	APP VERSION	DESCRIPTION
-hashicorp/vault 0.30.1       	1.20.1     	Official HashiCorp Vault Chart
-hashicorp/vault 0.30.0       	1.19.0     	Official HashiCorp Vault Chart
+hashicorp/vault	0.31.0       	1.20.4     	Official HashiCorp Vault Chart
+hashicorp/vault	0.30.1       	1.20.1     	Official HashiCorp Vault Chart
+hashicorp/vault	0.30.0       	1.19.0     	Official HashiCorp Vault Chart
 hashicorp/vault	0.29.1       	1.18.1     	Official HashiCorp Vault Chart
 hashicorp/vault	0.29.0       	1.18.1     	Official HashiCorp Vault Chart
 hashicorp/vault	0.28.1       	1.17.2     	Official HashiCorp Vault Chart
 hashicorp/vault	0.28.0       	1.16.1     	Official HashiCorp Vault Chart
 hashicorp/vault	0.27.0       	1.15.2     	Official HashiCorp Vault Chart
-hashicorp/vault	0.26.1       	1.15.1     	Official HashiCorp Vault Chart
 ...
 
-# Install version 0.30.1
-$ helm install vault hashicorp/vault --version 0.30.1
+# Install version 0.31.0
+$ helm install vault hashicorp/vault --version 0.31.0
 ```

content/vault/v1.20.x/content/partials/helm/repo.mdx

@@ -4,5 +4,5 @@ $ helm repo add hashicorp https://helm.releases.hashicorp.com
 
 $ helm search repo hashicorp/vault
 NAME           	CHART VERSION	APP VERSION	DESCRIPTION
-hashicorp/vault	0.30.1       	1.20.1     	Official HashiCorp Vault Chart
+hashicorp/vault	0.31.0       	1.20.4     	Official HashiCorp Vault Chart
 ```