Record OpenBao audit rollout evidence
This commit is contained in:
@@ -19,6 +19,7 @@ server:
|
|||||||
image:
|
image:
|
||||||
registry: quay.io
|
registry: quay.io
|
||||||
repository: openbao/openbao
|
repository: openbao/openbao
|
||||||
|
tag: "2.5.4"
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|||||||
@@ -255,6 +255,16 @@ Live verification still reports the pod unsealed and healthy, but also reports
|
|||||||
the audit log file missing because this Helm change has not yet been rolled
|
the audit log file missing because this Helm change has not yet been rolled
|
||||||
out. Roll out only in an attended window with unseal shares available.
|
out. Roll out only in an attended window with unseal shares available.
|
||||||
|
|
||||||
|
**2026-06-01:** Rolled out the declarative audit configuration to the live
|
||||||
|
Railiance01 OpenBao release in an attended window. Because the StatefulSet uses
|
||||||
|
`OnDelete`, the pod was explicitly recycled after the Helm values upgrade and
|
||||||
|
then unsealed by the operator. Post-unseal verification now reports OpenBao
|
||||||
|
`2.5.4`, `Sealed: false`, the audit directory present, and
|
||||||
|
`/openbao/audit/openbao-audit.log` present and non-empty. The source values now
|
||||||
|
pin the live OpenBao image tag to `2.5.4`; Helm release revision 3 has the same
|
||||||
|
explicit tag and the pod remained ready, so future chart upgrades do not
|
||||||
|
implicitly change the runtime version while applying unrelated configuration.
|
||||||
|
|
||||||
### T07 - Cross-Repo Transition Tasks
|
### T07 - Cross-Repo Transition Tasks
|
||||||
|
|
||||||
```task
|
```task
|
||||||
|
|||||||
Reference in New Issue
Block a user