Vault version: 1.9.x (external cluster)
Kubernetes version: 1.22.x
Vault chart version: 0.19.0 (injector only)
Vault chart release notes:
Chart 0.19.0:
- vault image default version: 1.9.2
- vault-k8s image default version 0.14.2
- CSI provider default image version 0.4.0
Chart 0.20.1:
- vault image default version: 1.10.3
- vault-k8s image default version 0.16.1
- CSI provider default image version 1.1.0
Chart 0.21.0:
- vault image default version: 1.11.2
- vault-k8s image default version 0.17.0
- CSI provider default image version 1.2.0
Default image version is out of date (several vulnerabilities): can you clarify how we should handle upgrades?
Option 1) continue to use chart 0.19.0 and override vault/vault-k8s/vault-csi-provider images tag
Option 2) upgrade chart to Chart 0.21.0 and override vault/vault-k8s/vault-csi-provider images tag
Option 3) upgrade chart to Chart 0.21.0 and use default images tag (I think that this could lead to some problems: “The Vault Agent version can lag behind the Vault Server version, though we recommend keeping all Vault instances up to date with the most recent minor Vault version to the extent possible”)
If we must override the vault/vault-k8s/vault-csi-provider images tag, what version should be used? Vault image compatibility is clear (es: override 1.9.2 with 1.9.9): what about vault-k8s and vault-csi-provider?