backport of commit 990a25a (#27247)

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

website/content/docs/platform/k8s/vso/api-reference.mdx

@@ -7,7 +7,7 @@ description: >-
 
 <!--
   copied from docs/api/api-reference.md in the vault-secrets-operator repo.
-  commit SHA=513441e0a912dbae2ddd7dc6bcee6a562f8d52e1
+  commit SHA=c30a82b68399a94b053f98b134f310305936dc27
 -->
 # API Reference
 
@@ -212,7 +212,7 @@ with a timestamp value of when the trigger was executed.
 E.g. vso.secrets.hashicorp.com/restartedAt: "2023-03-23T13:39:31Z"
 
 
-Supported resources: Deployment, DaemonSet, StatefulSet
+Supported resources: Deployment, DaemonSet, StatefulSet, argo.Rollout
 
 
 
@@ -224,8 +224,8 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `kind` _string_ |  |  | Enum: [Deployment DaemonSet StatefulSet] <br /> |
-| `name` _string_ |  |  |  |
+| `kind` _string_ | Kind of the resource |  | Enum: [Deployment DaemonSet StatefulSet argo.Rollout] <br /> |
+| `name` _string_ | Name of the resource |  |  |
 
 
 #### SecretTransformation

website/content/docs/platform/k8s/vso/helm.mdx

@@ -11,7 +11,7 @@ The chart is customizable using
 [Helm configuration values](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing).
 
 <!-- DO NOT EDIT. The docs below are generated automatically. To change, edit
-                  the vault-secrets-operator repo's values.yaml: file commit=787f43ac8f6e9a8c57e9a5d1f915fe2ec04abd6c -->
+                  the vault-secrets-operator repo's values.yaml: file commit=f9ddeb63c4d884360c3eeb127d09d13de34393f4 -->
 <!-- codegen: start -->
 
 ## Top-Level Stanzas
@@ -34,6 +34,16 @@ Use these links to navigate to a particular top-level stanza.
 
   - `replicas` ((#v-controller-replicas)) (`integer: 1`) - Set the number of replicas for the operator.
 
+  - `strategy` ((#v-controller-strategy)) (`object: ""`) - Configure update strategy for multi-replica deployments.
+    Kubernetes supports types Recreate, and RollingUpdate
+    ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+    Example:
+    strategy: {}
+      rollingUpdate:
+        maxSurge: 1
+        maxUnavailable: 0
+      type: RollingUpdate
+
   - `hostAliases` ((#v-controller-hostaliases)) (`array<map>`) - Host Aliases settings for vault-secrets-operator pod.
     The value is an array of PodSpec HostAlias maps.
     ref: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/
@@ -74,6 +84,38 @@ Use these links to navigate to a particular top-level stanza.
               - antarctica-east1
               - antarctica-west1
 
+  - `rbac` ((#v-controller-rbac))
+
+    - `clusterRoleAggregation` ((#v-controller-rbac-clusterroleaggregation)) - clusterRoleAggregation defines the roles included in the aggregated ClusterRole.
+
+      - `viewerRoles` ((#v-controller-rbac-clusterroleaggregation-viewerroles)) (`array<string>: []`) - viewerRoles is a list of roles that will be aggregated into the viewer ClusterRole.
+        The role name must be that of any VSO resource type. E.g. "VaultAuth", "HCPAuth".
+        All values are case-insensitive.
+        Specifying '*' as the first element will include all roles in the aggregation.
+
+        The ClusterRole name takes the form of `<chart-fullname>`-aggregate-role-viewer.
+
+        Example usages:
+        all roles:
+        - '*'
+        individually specified roles:
+        - "VaultAuth"
+        - "HCPAuth"
+
+      - `editorRoles` ((#v-controller-rbac-clusterroleaggregation-editorroles)) (`array<string>: []`) - editorRoles is a list of roles that will be aggregated into the editor ClusterRole.
+        The role name must be that of any VSO resource type. E.g. "VaultAuth", "HCPAuth".
+        All values are case-insensitive.
+        Specifying '*' as the first element will include all roles in the aggregation.
+
+        The ClusterRole name takes the form of `<chart-fullname>`-aggregate-role-editor.
+
+        Example usages:
+        all roles:
+        - '*'
+        individually specified roles:
+        - "VaultAuth"
+        - "HCPAuth"
+
   - `kubeRbacProxy` ((#v-controller-kuberbacproxy)) - Settings related to the kubeRbacProxy container. This container is an HTTP proxy for the
     controller manager which performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
 
@@ -123,7 +165,21 @@ Use these links to navigate to a particular top-level stanza.
 
       - `repository` ((#v-controller-manager-image-repository)) (`string: hashicorp/vault-secrets-operator`)
 
-      - `tag` ((#v-controller-manager-image-tag)) (`string: 0.6.0`)
+      - `tag` ((#v-controller-manager-image-tag)) (`string: 0.7.0`)
+
+    - `logging` ((#v-controller-manager-logging)) - logging
+
+      - `level` ((#v-controller-manager-logging-level)) (`string: info`) - Sets the log level for the operator.
+        Builtin levels are: info, error, debug, debug-extended, trace
+        Default: info
+
+      - `timeEncoding` ((#v-controller-manager-logging-timeencoding)) (`string: rfc3339`) - Sets the time encoding for the operator.
+        Options are: epoch, millis, nano, iso8601, rfc3339, rfc3339nano
+        Default: rfc3339
+
+      - `stacktraceLevel` ((#v-controller-manager-logging-stacktracelevel)) (`string: panic`) - Sets the stacktrace level for the operator.
+        Options are: info, error, panic
+        Default: panic
 
     - `globalTransformationOptions` ((#v-controller-manager-globaltransformationoptions)) - Global secret transformation options. In addition to the boolean options
       below, these options may be set via the
@@ -133,6 +189,19 @@ Use these links to navigate to a particular top-level stanza.
       - `excludeRaw` ((#v-controller-manager-globaltransformationoptions-excluderaw)) (`boolean: false`) - excludeRaw directs the operator to prevent _raw secret data being stored
         in the destination K8s Secret.
 
+    - `backoffOnSecretSourceError` ((#v-controller-manager-backoffonsecretsourceerror)) - Backoff settings for the controller manager. These settings control the backoff behavior
+      when the controller encounters an error while fetching secrets from the SecretSource.
+
+      - `initialInterval` ((#v-controller-manager-backoffonsecretsourceerror-initialinterval)) (`duration: 5s`) - Initial interval between retries.
+
+      - `maxInterval` ((#v-controller-manager-backoffonsecretsourceerror-maxinterval)) (`duration: 60s`) - Maximum interval between retries.
+
+      - `maxElapsedTime` ((#v-controller-manager-backoffonsecretsourceerror-maxelapsedtime)) (`duration: 0s`) - Maximum elapsed time before giving up.
+
+      - `randomizationFactor` ((#v-controller-manager-backoffonsecretsourceerror-randomizationfactor)) (`float: 0.5`) - Randomization factor to add jitter to the interval between retries.
+
+      - `multiplier` ((#v-controller-manager-backoffonsecretsourceerror-multiplier)) (`float: 1.5`) - Sets the multiplier for increasing the interval between retries.
+
     - `clientCache` ((#v-controller-manager-clientcache)) - Configures the client cache which is used by the controller to cache (and potentially persist) vault tokens that
       are the result of using the VaultAuthMethod. This enables re-use of Vault Tokens
       throughout their TTLs as well as the ability to renew.
@@ -301,8 +370,6 @@ Use these links to navigate to a particular top-level stanza.
 
     - `extraArgs` ((#v-controller-manager-extraargs)) (`array: []`) - Defines additional commandline arguments to be passed to the
       vault-secrets-operator manager container.
-      extraArgs:
-      - -zap-log-level=5
 
     - `resources` ((#v-controller-manager-resources)) (`map`) - Configures the default resources for the vault-secrets-operator container.
       For more information on configuring resources, see the K8s documentation:
@@ -520,7 +587,7 @@ Use these links to navigate to a particular top-level stanza.
 
   - `serviceMonitor` ((#v-telemetry-servicemonitor))
 
-    - `enabled` ((#v-telemetry-servicemonitor-enabled)) (`boolean: false`) - The Prometheus operator *must* be installed before enabling this feature,
+    - `nabled` ((#v-telemetry-servicemonitor-nabled)) (`boolean: false`) - The Prometheus operator *must* be installed before enabling this feature,
       if not the chart will fail to install due to missing CustomResourceDefinitions
       provided by the operator.
 

website/content/docs/platform/k8s/vso/installation.mdx

@@ -31,13 +31,13 @@ $ helm repo add hashicorp https://helm.releases.hashicorp.com
 ```shell-session
 $ helm search repo hashicorp/vault-secrets-operator
 NAME           	CHART VERSION	APP VERSION	DESCRIPTION
-hashicorp/vault-secrets-operator	0.6.0       	0.6.0     	Official HashiCorp Vault Secrets Operator Chart
+hashicorp/vault-secrets-operator	0.7.0       	0.7.0     	Official HashiCorp Vault Secrets Operator Chart
 ```
 
 Then install the Operator:
 
 ```shell-session
-$ helm install --version 0.6.0 --create-namespace --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator
+$ helm install --version 0.7.0 --create-namespace --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator
 ```
 
 ## Upgrading using Helm
@@ -65,10 +65,10 @@ $ helm show crds --version <TARGET_VSO_VERSION> hashicorp/vault-secrets-operator
 $ helm upgrade --version <TARGET_VSO_VERSION> --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator
 ```
 
-For example, if you are upgrading to VSO 0.6.0:
+For example, if you are upgrading to VSO 0.7.0:
 ```shell-session
-$ helm show crds --version 0.6.0 hashicorp/vault-secrets-operator | kubectl apply -f -
-$ helm upgrade --version 0.6.0 --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator
+$ helm show crds --version 0.7.0 hashicorp/vault-secrets-operator | kubectl apply -f -
+$ helm upgrade --version 0.7.0 --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator
 ```
 
 ## Updating CRDs when using Helm
@@ -83,9 +83,9 @@ To update the VSO CRDs, replace `<TARGET_VSO_VERSION>` with the VSO version you
 $ helm show crds --version <TARGET_VSO_VERSION> hashicorp/vault-secrets-operator | kubectl apply -f -
 ```
 
-For example, if you are upgrading to VSO 0.6.0:
+For example, if you are upgrading to VSO 0.7.0:
 ```shell-session
-$ helm show crds --version 0.6.0 hashicorp/vault-secrets-operator | kubectl apply -f -
+$ helm show crds --version 0.7.0 hashicorp/vault-secrets-operator | kubectl apply -f -
 
 customresourcedefinition.apiextensions.k8s.io/hcpauths.secrets.hashicorp.com created
 customresourcedefinition.apiextensions.k8s.io/hcpvaultsecretsapps.secrets.hashicorp.com created
@@ -112,9 +112,9 @@ You can install and update your installation using `kustomize` which allows you
 
 To install using Kustomize, download and untar/unzip the latest release from the [Releases Page](https://github.com/hashicorp/vault-secrets-operator/releases).
 ```shell-session
-$ wget -q https://github.com/hashicorp/vault-secrets-operator/archive/refs/tags/v0.6.0.tar.gz
-$ tar -zxf v0.6.0.tar.gz
-$ cd vault-secrets-operator-0.6.0/
+$ wget -q https://github.com/hashicorp/vault-secrets-operator/archive/refs/tags/v0.7.0.tar.gz
+$ tar -zxf v0.7.0.tar.gz
+$ cd vault-secrets-operator-0.7.0/
 ```
 
 Next install using `kustomize build`:

website/content/docs/platform/k8s/vso/openshift.mdx

@@ -32,7 +32,7 @@ The Vault Secrets Operator may also be installed in OpenShift using the Helm cha
 $ helm install vault-secrets-operator hashicorp/vault-secrets-operator \
   --create-namespace \
   --namespace vault-secrets-operator \
-  --version 0.6.0 \
+  --version 0.7.0 \
   --values values.yaml
 ```
 
@@ -65,7 +65,7 @@ controller:
   manager:
     image:
       repository: registry.connect.redhat.com/hashicorp/vault-secrets-operator
-      tag: 0.6.0-ubi
+      tag: 0.7.0-ubi
     resources:
       limits:
         memory: 256Mi