Update docs for helm 0.22.0 (#17072)

Update docs for helm 0.22.0

Including Prometheus Operator support.

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

website/content/docs/configuration/service-registration/kubernetes.mdx

@@ -156,7 +156,7 @@ $ vault write -f sys/replication/performance/primary/enable \
 In conjunction with the pod labels and the `OnDelete` upgrade strategy, upgrades are much easier to orchestrate:
 
 ```shell-session
-$ helm upgrade vault --set='server.image.tag=1.11.2'
+$ helm upgrade vault --set='server.image.tag=1.11.3'
 
 $ kubectl delete pod --selector=vault-active=false \
     --selector=vault-version=1.2.3

website/content/docs/platform/k8s/helm/configuration.mdx

@@ -55,6 +55,11 @@ and consider if they're appropriate for your deployment.
         seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
         apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
       ```
+  - `serverTelemetry` - Values that configure metrics and telemetry
+
+    - `prometheusOperator` (`boolean: false`) - When set to `true`, enables integration with the
+      Prometheus Operator. Be sure to configure the top-level [`serverTelemetry`](/docs/platform/k8s/helm/configuration#servertelemetry-1) section for more details
+      and required configuration values.
 
 - `injector` - Values that configure running a Vault Agent Injector Admission Webhook Controller within Kubernetes.
 
@@ -72,7 +77,7 @@ and consider if they're appropriate for your deployment.
 
     - `repository` (`string: "hashicorp/vault-k8s"`) - The name of the Docker image for Vault Agent Injector.
 
-    - `tag` (`string: "0.17.0"`) - The tag of the Docker image for the Vault Agent Injector. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller.
+    - `tag` (`string: "1.0.0"`) - The tag of the Docker image for the Vault Agent Injector. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller.
 
     - `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists.
 
@@ -80,7 +85,7 @@ and consider if they're appropriate for your deployment.
 
     - `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the Vault Agent sidecar. This should be set to the official Vault Docker image.
 
-    - `tag` (`string: "1.11.2"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**.
+    - `tag` (`string: "1.11.3"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**.
 
   - `agentDefaults` - Values that configure the injected Vault Agent containers default values.
 
@@ -304,7 +309,7 @@ and consider if they're appropriate for your deployment.
 
     - `repository` (`string: "hashicorp/vault"`) - The name of the Docker image for the containers running Vault.
 
-    - `tag` (`string: "1.11.2"`) - The tag of the Docker image for the containers running Vault. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller.
+    - `tag` (`string: "1.11.3"`) - The tag of the Docker image for the containers running Vault. **This should be pinned to a specific version when running in production.** Otherwise, other changes to the chart may inadvertently upgrade your admission controller.
 
     - `pullPolicy` (`string: "IfNotPresent"`) - The pull policy for container images. The default pull policy is `IfNotPresent` which causes the Kubelet to skip pulling an image if it already exists.
 
@@ -1077,3 +1082,76 @@ and consider if they're appropriate for your deployment.
   - `debug` (`bool: false`) - When set to true, enables debug logging on the Vault CSI Provider daemonset.
 
   - `extraArgs` (`string: array`) - The extra arguments to be applied to the CSI pod startup command. See [here](/docs/platform/k8s/csi/configurations#command-line-arguments) for available flags.
+
+- `serverTelemetry` - Values the configure metrics and telemetry. Enabling these features requires setting
+  the `telemetry {}` stanza in the Vault configuration. See the [telemetry](/docs/configuration/telemetry)
+  [docs](/docs/internals/telemetry) for more on the Vault configuration.
+
+  Currently, this chart does not support authenticating to Vault's metrics endpoint, so the following `telemetry {}` block must be included in the `listener "tcp" {}` stanza of the Vault configuration:
+
+  ```yaml
+  listener "tcp" {
+    tls_disable = 1
+    address     = "0.0.0.0:8200"
+
+    telemetry {
+      unauthenticated_metrics_access = "true"
+    }
+  }
+  ```
+
+  In addition, a top level `telemetry {}` stanza must also be included in the Vault configuration, such as:
+
+  ```yaml
+  telemetry {
+    prometheus_retention_time = "30s",
+    disable_hostname = true
+  }
+  ```
+
+  - `serviceMonitor` - Values that configure monitoring the Vault server
+
+    - `enabled` (`boolean: false`) - When set to `true`, enable deployment of the Vault Server
+      ServiceMonitor CustomResource. The Prometheus operator *must* be installed before enabling this
+      feature. If not, the chart will fail to install due to missing CustomResourceDefinitions provided by
+      the operator.
+
+      Instructions on how to install the Helm chart can be found [here](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack).
+
+      More information can be found here in the
+      [these](https://github.com/prometheus-operator/prometheus-operator)
+      [repositories](https://github.com/prometheus-operator/kube-prometheus)
+
+    - `selectors` (`dictionary: {}`) - Selector labels to add to the ServiceMonitor.
+
+    - `interval` (`string: "30s"`) - Interval at which Prometheus scrapes metrics.
+
+    - `scrapeTimeout` (`string: "10s"`) - Timeout for Prometheus scrapes.
+
+  - `prometheusRules` - Values that configure Prometheus rules.
+
+    - `enabled` (`boolean: false`) - Deploy the PrometheusRule custom resource for AlertManager-based
+      alerts. Requires that AlertManager is properly deployed.
+
+    - `selectors` (`dictionary: {}`) - Selector labels to add to the Prometheus rules.
+
+    - `rules`: (`dictionary: {}`) - Prometheus rules to create.
+
+      For example:
+      ```yaml
+      rules:
+        - alert: vault-HighResponseTime
+          annotations:
+            message: The response time of Vault is over 500ms on average over the last 5 minutes.
+          expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 500
+          for: 5m
+          labels:
+            severity: warning
+        - alert: vault-HighResponseTime
+          annotations:
+            message: The response time of Vault is over 1s on average over the last 5 minutes.
+          expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 1000
+          for: 5m
+          labels:
+            severity: critical
+      ```

website/content/docs/platform/k8s/helm/enterprise.mdx

@@ -33,7 +33,7 @@ In your chart overrides, set the values of [`server.image`](/docs/platform/k8s/h
 server:
   image:
     repository: hashicorp/vault-enterprise
-    tag: 1.11.2-ent
+    tag: 1.11.3-ent
   enterpriseLicense:
     secretName: vault-ent-license
 ```

website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx

@@ -23,7 +23,7 @@ First, create the primary cluster:
 ```shell
 helm install vault-primary hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.11.2-ent' \
+  --set='server.image.tag=1.11.3-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```
@@ -75,7 +75,7 @@ disaster recovery replication.
 ```shell
 helm install vault-secondary hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.11.2-ent' \
+  --set='server.image.tag=1.11.3-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```

website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx

@@ -23,7 +23,7 @@ First, create the primary cluster:
 ```shell
 helm install vault-primary hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.11.2-ent' \
+  --set='server.image.tag=1.11.3-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```
@@ -74,7 +74,7 @@ With the primary cluster created, next create a secondary cluster.
 ```shell
 helm install vault-secondary hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.11.2-ent' \
+  --set='server.image.tag=1.11.3-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```

website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx

@@ -15,7 +15,7 @@ Integrated Storage (raft) can be enabled using the `server.ha.raft.enabled` valu
 ```shell
 helm install vault hashicorp/vault \
   --set='server.image.repository=hashicorp/vault-enterprise' \
-  --set='server.image.tag=1.11.2-ent' \
+  --set='server.image.tag=1.11.3-ent' \
   --set='server.ha.enabled=true' \
   --set='server.ha.raft.enabled=true'
 ```

website/content/docs/platform/k8s/helm/run.mdx

@@ -409,14 +409,14 @@ Next, list the Helm versions and choose the desired version to install.
 ```bash
 $ helm search repo hashicorp/vault
 NAME           	CHART VERSION	APP VERSION	DESCRIPTION
-hashicorp/vault	0.21.0       	1.11.2     	Official HashiCorp Vault Chart
+hashicorp/vault	0.22.0       	1.11.3     	Official HashiCorp Vault Chart
 ```
 
 Next, test the upgrade with `--dry-run` first to verify the changes sent to the
 Kubernetes cluster.
 
 ```shell-session
-$ helm upgrade vault hashicorp/vault --version=0.21.0 \
+$ helm upgrade vault hashicorp/vault --version=0.22.0 \
     --set='server.image.repository=vault' \
     --set='server.image.tag=123.456' \
     --dry-run
@@ -438,7 +438,7 @@ $ kubectl delete pod <name of Vault pod>
 
 If Vault is deployed using `ha` mode, the standby pods must be upgraded first.
 Vault has K8s service discovery built in (when enabled in the server configuration) and
-will automatically change the labels of the pod with its current leader status. These labels 
+will automatically change the labels of the pod with its current leader status. These labels
 can be used to filter the pods.
 
 For example, select all pods that are Vault standbys:

website/content/partials/helm/install.mdx

@@ -2,6 +2,7 @@
 # List the available releases
 $ helm search repo hashicorp/vault -l
 NAME           	CHART VERSION	APP VERSION	DESCRIPTION
+hashicorp/vault	0.22.0       	1.11.3     	Official HashiCorp Vault Chart
 hashicorp/vault	0.21.0       	1.11.2     	Official HashiCorp Vault Chart
 hashicorp/vault	0.20.1       	1.10.3     	Official HashiCorp Vault Chart
 hashicorp/vault	0.20.0       	1.10.3     	Official HashiCorp Vault Chart
@@ -10,6 +11,6 @@ hashicorp/vault	0.18.0       	1.9.0      	Official HashiCorp Vault Chart
 hashicorp/vault	0.17.1       	1.8.4      	Official HashiCorp Vault Chart
 ...
 
-# Install version 0.21.0
-$ helm install vault hashicorp/vault --version 0.21.0
+# Install version 0.22.0
+$ helm install vault hashicorp/vault --version 0.22.0
 ```

website/content/partials/helm/repo.mdx

@@ -4,5 +4,5 @@ $ helm repo add hashicorp https://helm.releases.hashicorp.com
 
 $ helm search repo hashicorp/vault
 NAME           	CHART VERSION	APP VERSION	DESCRIPTION
-hashicorp/vault	0.21.0       	1.11.2     	Official HashiCorp Vault Chart
+hashicorp/vault	0.22.0       	1.11.3     	Official HashiCorp Vault Chart
 ```