Skip to content

Commit

Permalink
release: update manifest and helm charts for v0.0.21
Browse files Browse the repository at this point in the history
Signed-off-by: Anish Ramasekar <[email protected]>
  • Loading branch information
aramase committed Apr 1, 2021
1 parent dd71508 commit 9eb3d6e
Show file tree
Hide file tree
Showing 17 changed files with 51 additions and 42 deletions.
4 changes: 2 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ REGISTRY ?= gcr.io/k8s-staging-csi-secrets-store
IMAGE_NAME ?= driver
# Release version is the current supported release for the driver
# Update this version when the helm chart is being updated for release
RELEASE_VERSION := v0.0.20
RELEASE_VERSION := v0.0.21
IMAGE_VERSION ?= v0.0.21
# Use a custom version for E2E tests if we are testing in CI
ifdef CI
Expand Down Expand Up @@ -293,7 +293,7 @@ e2e-helm-deploy:
e2e-helm-deploy-release:
set -x; \
current_release=$(shell (echo ${RELEASE_VERSION} | sed s/"v"//)); \
helm install csi charts/secrets-store-csi-driver-$${current_release}.tgz --namespace default --wait --timeout=15m -v=5 --debug \
helm install csi-secrets-store charts/secrets-store-csi-driver-$${current_release}.tgz --namespace default --wait --timeout=15m -v=5 --debug \
--set linux.image.pullPolicy="IfNotPresent" \
--set windows.image.pullPolicy="IfNotPresent" \
--set windows.enabled=true \
Expand Down
18 changes: 17 additions & 1 deletion charts/index.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,22 @@
apiVersion: v1
entries:
secrets-store-csi-driver:
- apiVersion: v1
appVersion: 0.0.21
created: "2021-04-01T09:50:24.248603-07:00"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
digest: cab95625686b388faa1e298dc913a14c5b28ffff7888074664e98dc392c94814
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
kubeVersion: '>=1.16.0-0'
maintainers:
- email: [email protected]
name: Rita Zhang
name: secrets-store-csi-driver
sources:
- https://github.com/kubernetes-sigs/secrets-store-csi-driver
urls:
- https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.21.tgz
version: 0.0.21
- apiVersion: v1
appVersion: 0.0.20
created: "2021-02-18T11:02:39.04869-08:00"
Expand Down Expand Up @@ -193,4 +209,4 @@ entries:
urls:
- https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.9.tgz
version: 0.0.9
generated: "2021-02-18T11:02:39.046817-08:00"
generated: "2021-04-01T09:50:24.246699-07:00"
Binary file added charts/secrets-store-csi-driver-0.0.21.tgz
Binary file not shown.
4 changes: 2 additions & 2 deletions charts/secrets-store-csi-driver/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
name: secrets-store-csi-driver
version: 0.0.20
appVersion: 0.0.20
version: 0.0.21
appVersion: 0.0.21
kubeVersion: ">=1.16.0-0"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
Expand Down
6 changes: 3 additions & 3 deletions charts/secrets-store-csi-driver/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` |
| `linux.image.repository` | Linux image repository | `k8s.gcr.io/csi-secrets-store/driver` |
| `linux.image.pullPolicy` | Linux image pull policy | `Always` |
| `linux.image.tag` | Linux image tag | `v0.0.20` |
| `linux.image.tag` | Linux image tag | `v0.0.21` |
| `linux.driver.resources` | The resource request/limits for the linux secrets-store container image | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` |
| `linux.enabled` | Install secrets store csi driver on linux nodes | true |
| `linux.kubeletRootDir` | Configure the kubelet root dir | `/var/lib/kubelet` |
Expand All @@ -50,7 +50,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `linux.updateStrategy` | Configure a custom update strategy for the daemonset on linux nodes | `RollingUpdate with 1 maxUnavailable` |
| `windows.image.repository` | Windows image repository | `k8s.gcr.io/csi-secrets-store/driver` |
| `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` |
| `windows.image.tag` | Windows image tag | `v0.0.20` |
| `windows.image.tag` | Windows image tag | `v0.0.21` |
| `windows.driver.resources` | The resource request/limits for the windows secrets-store container image | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` |
| `windows.enabled` | Install secrets store csi driver on windows nodes | false |
| `windows.kubeletRootDir` | Configure the kubelet root dir | `C:\var\lib\kubelet` |
Expand Down Expand Up @@ -80,6 +80,6 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `rbac.install` | Install default rbac roles and bindings | true |
| `syncSecret.enabled` | Enable rbac roles and bindings required for syncing to Kubernetes native secrets (the default will change to false after v0.0.14) | true |
| `minimumProviderVersions` | [**DEPRECATED**] A comma delimited list of key-value pairs of minimum provider versions with driver | `""` |
| `grpcSupportedProviders` | A `;` delimited list of providers that support grpc for driver-provider | `"gcp;azure;vault;"` |
| `enableSecretRotation` | Enable secret rotation feature [alpha] | `false` |
| `rotationPollInterval` | Secret rotation poll interval duration | `"120s"` |
| `filteredWatchSecret` | Enable filtered watch for NodePublishSecretRef secrets with label `secrets-store.csi.k8s.io/used=true` | `false` |
Original file line number Diff line number Diff line change
Expand Up @@ -66,16 +66,16 @@ spec:
{{- if and (semverCompare ">= v0.0.9-0" .Values.windows.image.tag) .Values.minimumProviderVersions }}
- "--min-provider-version={{ .Values.minimumProviderVersions }}"
{{- end }}
{{- if and (semverCompare ">= v0.0.14-0" .Values.windows.image.tag) .Values.grpcSupportedProviders }}
- "--grpc-supported-providers={{ .Values.grpcSupportedProviders }}"
{{- end }}
{{- if and (semverCompare ">= v0.0.15-0" .Values.windows.image.tag) .Values.enableSecretRotation }}
- "--enable-secret-rotation={{ .Values.enableSecretRotation }}"
{{- end }}
{{- if and (semverCompare ">= v0.0.15-0" .Values.windows.image.tag) .Values.rotationPollInterval }}
- "--rotation-poll-interval={{ .Values.rotationPollInterval }}"
{{- end }}
- "--metrics-addr={{ .Values.windows.metricsAddr }}"
{{- if and (semverCompare ">= v0.0.21-0" .Values.windows.image.tag) .Values.filteredWatchSecret }}
- "--filtered-watch-secret={{ .Values.filteredWatchSecret }}"
{{- end }}
env:
{{- with .Values.windows.env }}
{{- toYaml . | nindent 10 }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -66,16 +66,16 @@ spec:
{{- if and (semverCompare ">= v0.0.8-0" .Values.linux.image.tag) .Values.minimumProviderVersions }}
- "--min-provider-version={{ .Values.minimumProviderVersions }}"
{{- end }}
{{- if and (semverCompare ">= v0.0.14-0" .Values.linux.image.tag) .Values.grpcSupportedProviders }}
- "--grpc-supported-providers={{ .Values.grpcSupportedProviders }}"
{{- end }}
{{- if and (semverCompare ">= v0.0.15-0" .Values.linux.image.tag) .Values.enableSecretRotation }}
- "--enable-secret-rotation={{ .Values.enableSecretRotation }}"
{{- end }}
{{- if and (semverCompare ">= v0.0.15-0" .Values.linux.image.tag) .Values.rotationPollInterval }}
- "--rotation-poll-interval={{ .Values.rotationPollInterval }}"
{{- end }}
- "--metrics-addr={{ .Values.linux.metricsAddr }}"
{{- if and (semverCompare ">= v0.0.21-0" .Values.linux.image.tag) .Values.filteredWatchSecret }}
- "--filtered-watch-secret={{ .Values.filteredWatchSecret }}"
{{- end }}
env:
{{- with .Values.linux.env }}
{{- toYaml . | nindent 10 }}
Expand Down
10 changes: 5 additions & 5 deletions charts/secrets-store-csi-driver/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ linux:
enabled: true
image:
repository: k8s.gcr.io/csi-secrets-store/driver
tag: v0.0.20
tag: v0.0.21
pullPolicy: Always

driver:
Expand Down Expand Up @@ -63,7 +63,7 @@ windows:
enabled: false
image:
repository: k8s.gcr.io/csi-secrets-store/driver
tag: v0.0.20
tag: v0.0.21
pullPolicy: IfNotPresent

driver:
Expand Down Expand Up @@ -144,11 +144,11 @@ syncSecret:
## e.g. provider1=0.0.2,provider2=0.0.3
minimumProviderVersions:

## ; delimited list of providers that support grpc for driver-provider [alpha]
grpcSupportedProviders: gcp;azure;vault;

## Enable secret rotation feature [alpha]
enableSecretRotation: false

## Secret rotation poll interval duration
rotationPollInterval:

## Filtered watch nodePublishSecretRef secrets
filteredWatchSecret: false
7 changes: 0 additions & 7 deletions deploy/csidriver-1.15.yaml

This file was deleted.

4 changes: 2 additions & 2 deletions deploy/secrets-store-csi-driver-windows.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -42,15 +42,15 @@ spec:
cpu: 10m
memory: 20Mi
- name: secrets-store
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.20
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.21
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
- "--provider-volume=C:\\k\\secrets-store-csi-providers"
- "--metrics-addr=:8095"
- "--grpc-supported-providers=azure;"
- "--enable-secret-rotation=false"
- "--rotation-poll-interval=2m"
- "--filtered-watch-secret=false"
env:
- name: CSI_ENDPOINT
value: unix://C:\\csi\\csi.sock
Expand Down
4 changes: 2 additions & 2 deletions deploy/secrets-store-csi-driver.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -42,15 +42,15 @@ spec:
cpu: 10m
memory: 20Mi
- name: secrets-store
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.20
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.21
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
- "--provider-volume=/etc/kubernetes/secrets-store-csi-providers"
- "--metrics-addr=:8095"
- "--grpc-supported-providers=gcp;azure;vault;"
- "--enable-secret-rotation=false"
- "--rotation-poll-interval=2m"
- "--filtered-watch-secret=false"
env:
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
Expand Down
4 changes: 2 additions & 2 deletions docs/book/src/load-tests.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ As of Secrets Store CSI Driver `v0.0.21`, the memory consumption for the driver
If the secret rotation feature is enabled and filtered secret watch is not enabled, it'll cache Kubernetes secrets across all namespaces. To only cache the secrets with the above 2 labels:

1. Label all existing `nodePublishSecretRef` secrets with `secrets-store.csi.k8s.io/used=true` by running `kubectl label secret <node publish secret ref name> secrets-store.csi.k8s.io/used=true`.
2. Enable filtered secret watch by setting `--filtered-secret-watch=true` in `secrets-store` container or via helm using `--set filteredSecretWatch=true`.
2. Enable filtered secret watch by setting `--filtered-watch-secret=true` in `secrets-store` container or via helm using `--set filteredWatchSecret=true`.

**NOTE:** `--filtered-secret-watch=true` will be enabled by default in n+3 releases (`v0.0.25`). Please take the necessary action to label the `nodePublishSecretRef` secrets with the `secrets-store.csi.k8s.io/used=true` label.
**NOTE:** `--filtered-watch-secret=true` will be enabled by default in n+3 releases (`v0.0.25`). Please take the necessary action to label the `nodePublishSecretRef` secrets with the `secrets-store.csi.k8s.io/used=true` label.
</aside>
4 changes: 2 additions & 2 deletions manifest_staging/charts/secrets-store-csi-driver/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
name: secrets-store-csi-driver
version: 0.0.20
appVersion: 0.0.20
version: 0.0.21
appVersion: 0.0.21
kubeVersion: ">=1.16.0-0"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
Expand Down
4 changes: 2 additions & 2 deletions manifest_staging/charts/secrets-store-csi-driver/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` |
| `linux.image.repository` | Linux image repository | `k8s.gcr.io/csi-secrets-store/driver` |
| `linux.image.pullPolicy` | Linux image pull policy | `Always` |
| `linux.image.tag` | Linux image tag | `v0.0.20` |
| `linux.image.tag` | Linux image tag | `v0.0.21` |
| `linux.driver.resources` | The resource request/limits for the linux secrets-store container image | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` |
| `linux.enabled` | Install secrets store csi driver on linux nodes | true |
| `linux.kubeletRootDir` | Configure the kubelet root dir | `/var/lib/kubelet` |
Expand All @@ -50,7 +50,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `linux.updateStrategy` | Configure a custom update strategy for the daemonset on linux nodes | `RollingUpdate with 1 maxUnavailable` |
| `windows.image.repository` | Windows image repository | `k8s.gcr.io/csi-secrets-store/driver` |
| `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` |
| `windows.image.tag` | Windows image tag | `v0.0.20` |
| `windows.image.tag` | Windows image tag | `v0.0.21` |
| `windows.driver.resources` | The resource request/limits for the windows secrets-store container image | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` |
| `windows.enabled` | Install secrets store csi driver on windows nodes | false |
| `windows.kubeletRootDir` | Configure the kubelet root dir | `C:\var\lib\kubelet` |
Expand Down
4 changes: 2 additions & 2 deletions manifest_staging/charts/secrets-store-csi-driver/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ linux:
enabled: true
image:
repository: k8s.gcr.io/csi-secrets-store/driver
tag: v0.0.20
tag: v0.0.21
pullPolicy: Always

driver:
Expand Down Expand Up @@ -63,7 +63,7 @@ windows:
enabled: false
image:
repository: k8s.gcr.io/csi-secrets-store/driver
tag: v0.0.20
tag: v0.0.21
pullPolicy: IfNotPresent

driver:
Expand Down
4 changes: 2 additions & 2 deletions manifest_staging/deploy/secrets-store-csi-driver-windows.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -42,15 +42,15 @@ spec:
cpu: 10m
memory: 20Mi
- name: secrets-store
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.20
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.21
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
- "--provider-volume=C:\\k\\secrets-store-csi-providers"
- "--metrics-addr=:8095"
- "--enable-secret-rotation=false"
- "--rotation-poll-interval=2m"
- "--filtered-secret-watch=false"
- "--filtered-watch-secret=false"
env:
- name: CSI_ENDPOINT
value: unix://C:\\csi\\csi.sock
Expand Down
4 changes: 2 additions & 2 deletions manifest_staging/deploy/secrets-store-csi-driver.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -42,15 +42,15 @@ spec:
cpu: 10m
memory: 20Mi
- name: secrets-store
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.20
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.21
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
- "--provider-volume=/etc/kubernetes/secrets-store-csi-providers"
- "--metrics-addr=:8095"
- "--enable-secret-rotation=false"
- "--rotation-poll-interval=2m"
- "--filtered-secret-watch=false"
- "--filtered-watch-secret=false"
env:
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
Expand Down

0 comments on commit 9eb3d6e

Please sign in to comment.