From f89cb9f956b35ec188b75428d12fe6e0934693db Mon Sep 17 00:00:00 2001
From: Yashwantha Gowd <yashwanthgowdnargana@gmail.com>
Date: Thu, 18 Jun 2026 11:45:06 +0530
Subject: [PATCH 1/2] updated changelog

---
 CHANGELOG.md | 66 +++++++++++++++++++++++++++++-----------------------
 1 file changed, 37 insertions(+), 29 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4a896b8..6203981 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,47 +2,55 @@
 
 All notable changes to the Boundary Worker Helm Chart will be documented in this file.
 
-## [Unreleased]
+## [0.1.0-beta] - 2026-06-18
 
-## [x.x.x] - YYYY-MM-DD
+Initial public beta release of the Boundary Worker Helm chart.
 
 ### Added
-- Initial Helm chart for HashiCorp Boundary Worker
-- Single-replica worker deployment with persistent storage
+
+**Core chart**
+- Helm chart for deploying a HashiCorp Boundary Worker on Kubernetes
+- Single-replica worker `Deployment` with persistent storage
 - Support for controller-led, worker-led, and KMS-based worker registration
-- Configurable proxy and operations Services
-- Optional PersistentVolumeClaims for auth storage and session recording
-- Auth storage PVC is optional — KMS-based workers can use an `emptyDir` instead (`worker.persistence.authStorage.enabled: false`)
-- Worker HCL config embedded in `values.yaml` by default; `--set-file worker.config=<file>` supported
-- Comprehensive unit tests with helm-unittest (25+ test pods)
-- KIND cluster acceptance tests including TCP target connection test
-- AWS EKS integration test suite with Terraform (IRSA support, addons, full lifecycle)
-- Azure AKS integration test suite with Terraform (workload identity, addons, full lifecycle)
-- Security-hardened pod and container contexts (non-root, read-only filesystem, dropped capabilities)
-- Makefile with lint, unit-test, acceptance, and integration workflow targets
-- Trivy and Kubescape security scanning
+- Configurable proxy (`worker.service.proxy`) and operations (`worker.service.ops`) Services
+- Optional `PersistentVolumeClaim` for auth storage — KMS-based workers can use an `emptyDir` instead (`worker.persistence.authStorage.enabled: false`)
+- Optional `PersistentVolumeClaim` for session recording (`worker.persistence.recording.enabled`)
+- Worker HCL config embedded in `values.yaml` by default; `--set-file worker.config=<file>` also supported
+- Security-hardened pod and container security contexts (non-root UID/GID, read-only root filesystem, all capabilities dropped)
+- Kubernetes Secrets support via `secretRefs` for sensitive values
+- Artifact Hub annotations in `Chart.yaml`
+
+**Testing**
+- Unit tests with helm-unittest (25+ test files covering deployment, configmap, services, PVCs, RBAC, security contexts, and more)
+- KIND cluster acceptance tests including a live TCP target connection test
+- AWS EKS and Azure AKS integration test suites with Terraform (IRSA / workload identity, managed addons, full lifecycle)
+
+**Tooling**
+- `Makefile` targets for lint, unit tests, acceptance tests, and cloud integration tests
+- Trivy vulnerability scanning and Kubescape compliance scanning
 - Kubernetes manifest validation with kubeconform
-- Artifact Hub annotations in `Chart.yaml` (`artifacthub.io/*`)
 
 ### Configuration Defaults
-- Default image: `hashicorp/boundary-enterprise:0.21-ent` (chart `appVersion`)
-- Default storage class: `""` — uses the cluster default StorageClass
-- Default auth storage: `1Gi` (disabled automatically for KMS auth)
-- Default recording storage: `10Gi`
-- Default termination grace period: `7200s` (2 hours) — allows active sessions to drain
-- Default resources: `100m` CPU / `512Mi` memory (requests), `200m` CPU / `1Gi` memory (limits)
+
+| Parameter | Default | Notes |
+|---|---|---|
+| Image | `hashicorp/boundary-enterprise:0.21.3-ent` | chart `appVersion` |
+| Storage class | `""` | uses cluster default `StorageClass` |
+| Auth storage size | `1Gi` | auto-disabled for KMS auth method |
+| Recording storage size | `10Gi` | |
+| Termination grace period | `7200s` (2 h) | allows active sessions to drain |
+| CPU request / limit | `100m` / `200m` | |
+| Memory request / limit | `512Mi` / `1Gi` | |
 
 ### Documentation
-- Comprehensive README with installation and configuration guide
+- README with installation guide and configuration reference
 - Embedded-values workflow as the primary installation approach
-- Common deployment patterns (egress, intermediate workers)
+- Common deployment patterns
 - Public address and service exposure strategies
-- Operations guide for upgrades and troubleshooting
-- Security model documentation
+- Operations guide covering upgrades and troubleshooting
+- Security model overview
 
 ### Known Limitations
-- Single replica only (no horizontal scaling)
-- No automatic session drain during upgrades
+- Single replica only — horizontal scaling is not supported
 - No automatic `public_addr` discovery
-- No built-in secret management integration
 - No multi-worker topology orchestration

From 09342af5eff8178da34ff1d6384e1dafb8a72a8d Mon Sep 17 00:00:00 2001
From: Yashwantha Gowd <yashwanthgowdnargana@gmail.com>
Date: Thu, 18 Jun 2026 12:16:51 +0530
Subject: [PATCH 2/2] fixed release workflow

---
 .github/workflows/release.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c245dc3..66aaaac 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,6 +4,7 @@ on:
   push:
     tags:
       - 'v*.*.*'
+      - 'v*.*.*-*'
 
 permissions:
   contents: read