From 9eb3d6ede853dd11256ba1c3246ea6fc592c6cd0 Mon Sep 17 00:00:00 2001 From: Anish Ramasekar Date: Thu, 1 Apr 2021 10:31:30 -0700 Subject: [PATCH] release: update manifest and helm charts for v0.0.21 Signed-off-by: Anish Ramasekar --- Makefile | 4 ++-- charts/index.yaml | 18 +++++++++++++++++- charts/secrets-store-csi-driver-0.0.21.tgz | Bin 0 -> 7136 bytes charts/secrets-store-csi-driver/Chart.yaml | 4 ++-- charts/secrets-store-csi-driver/README.md | 6 +++--- .../secrets-store-csi-driver-windows.yaml | 6 +++--- .../templates/secrets-store-csi-driver.yaml | 6 +++--- charts/secrets-store-csi-driver/values.yaml | 10 +++++----- deploy/csidriver-1.15.yaml | 7 ------- deploy/secrets-store-csi-driver-windows.yaml | 4 ++-- deploy/secrets-store-csi-driver.yaml | 4 ++-- docs/book/src/load-tests.md | 4 ++-- .../secrets-store-csi-driver/Chart.yaml | 4 ++-- .../charts/secrets-store-csi-driver/README.md | 4 ++-- .../secrets-store-csi-driver/values.yaml | 4 ++-- .../secrets-store-csi-driver-windows.yaml | 4 ++-- .../deploy/secrets-store-csi-driver.yaml | 4 ++-- 17 files changed, 51 insertions(+), 42 deletions(-) create mode 100644 charts/secrets-store-csi-driver-0.0.21.tgz delete mode 100644 deploy/csidriver-1.15.yaml diff --git a/Makefile b/Makefile index 5d7263f3a..7ecded7b8 100644 --- a/Makefile +++ b/Makefile @@ -25,7 +25,7 @@ REGISTRY ?= gcr.io/k8s-staging-csi-secrets-store IMAGE_NAME ?= driver # Release version is the current supported release for the driver # Update this version when the helm chart is being updated for release -RELEASE_VERSION := v0.0.20 +RELEASE_VERSION := v0.0.21 IMAGE_VERSION ?= v0.0.21 # Use a custom version for E2E tests if we are testing in CI ifdef CI @@ -293,7 +293,7 @@ e2e-helm-deploy: e2e-helm-deploy-release: set -x; \ current_release=$(shell (echo ${RELEASE_VERSION} | sed s/"v"//)); \ - helm install csi charts/secrets-store-csi-driver-$${current_release}.tgz --namespace default --wait --timeout=15m -v=5 --debug \ + helm install csi-secrets-store charts/secrets-store-csi-driver-$${current_release}.tgz --namespace default --wait --timeout=15m -v=5 --debug \ --set linux.image.pullPolicy="IfNotPresent" \ --set windows.image.pullPolicy="IfNotPresent" \ --set windows.enabled=true \ diff --git a/charts/index.yaml b/charts/index.yaml index 7a6556790..c1eb54e3b 100644 --- a/charts/index.yaml +++ b/charts/index.yaml @@ -1,6 +1,22 @@ apiVersion: v1 entries: secrets-store-csi-driver: + - apiVersion: v1 + appVersion: 0.0.21 + created: "2021-04-01T09:50:24.248603-07:00" + description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. + digest: cab95625686b388faa1e298dc913a14c5b28ffff7888074664e98dc392c94814 + icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png + kubeVersion: '>=1.16.0-0' + maintainers: + - email: ritazh@microsoft.com + name: Rita Zhang + name: secrets-store-csi-driver + sources: + - https://github.com/kubernetes-sigs/secrets-store-csi-driver + urls: + - https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.21.tgz + version: 0.0.21 - apiVersion: v1 appVersion: 0.0.20 created: "2021-02-18T11:02:39.04869-08:00" @@ -193,4 +209,4 @@ entries: urls: - https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.9.tgz version: 0.0.9 -generated: "2021-02-18T11:02:39.046817-08:00" +generated: "2021-04-01T09:50:24.246699-07:00" diff --git a/charts/secrets-store-csi-driver-0.0.21.tgz b/charts/secrets-store-csi-driver-0.0.21.tgz new file mode 100644 index 0000000000000000000000000000000000000000..f5d6fad163bc31f76fa487b56b14ef88b3fa56b1 GIT binary patch literal 7136 zcmV<68z1B!iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBjciXnoU_bL$%yIghCb=ag`6WrUCwtbleed-)alCfYp53M= zf=Ech4M?y6s6>tZ-}e9@DZZ1EEIH|8d`M&oFEfLg!C(dh2<&n!g)JoG*mec6Jx=DB z_fBSrOJ{+6`rW3b-|zRI9Ukic`~80L|NgW6=idzu`v-%A=ZDYt```5k&-#bYzJvb8 zBX=l~kcfZR-*~Jda^FZnA^8<^L0B+^`M^S9nEu&!`p*8q^006@38nt-82*i^53XVk zkPJv5B%&1L48yfyrEA4WaB_VPr<#*g9pYg?@JlqtJirnQaA_nY=8i>N)$L5mPz-y$ zDUq{i?6}PDeM~E7KaMFI_k5(<_9&Y&{f`p{Q%hA!LI2@@z8pA%XHMVl|6uuu1QL+| zb1}4Rz&;{$2%Jdt*X)1!#N|w|iByAH00Hvx5Uz+s@c(8gm|EtGIx(>Xi@1w*$BjtX zf=orPwwrl@=sTPLTKS(N8ewrK3ZO;)kDl)jit>NZKYWn?T@*@!==0D5zyTUl>}L-_bYI8&E9g!L4&}#m@`~BA>{+8oEBP>eojw+fB zbTdn}nGzv6;^(bc3o_N%qAAuC2$+XsnX%JuG9=h{22Q_$0%@C7h%l%k!l0c9gG$=P zttgxRiuqU}y%@rg0*;b74zLiHoQ?5nv`LzVs%efM`;GL-4SBCLu>hjbLlR$0jwGHg zOhdT{)e6BVCBgKau3(_dev^#hqtEXGG)IIg=^Da7^{Q3{iscn!@|5r)^yY~7C>i(S zA1r{7vpMlF7p4N1Zgv$cEA6ztTEduzuQA20WPAu;ZY==GDCS5l;bI8C|6wUiB`2;p z_B=j>z2S@gPe*%N3(VsRAt#Izxj3Onhzq?4?x`9c!afTGmd8QBWYVV|C1hUZm#@$m zQ}eg=i3A?|Byt*Of~eTG$~m80FnP(bz=2#(@f=q1*WtIOc#3pbOZ}{?gTGq!Q>4n; zO6blhvoj@hGJHQr{5>V(_jPLMWcdE$`)^qHJW@Oc6wfhr;GMt%epTNHc>IyF=@To@ zf&I9_lmt_lFzzD>|NHvQg{t;X{ipgX(Oy=GWkSZ~5Po{me_?6nex=48!oFoadIab3 zzUdTCP(&qM{d|0)CJzfhfd^v}cqEt#i;t13I*a#Nv2~X1p{Au~G{Ui`K!;ymTqoNz z5R1Si!PJ2hwZFk2XGEwDB{Qf1nn=uzA{`uBs=8@fwh~pd-%rmjug*@6-=3ZR0k26w z{K$vPm?a?IkqLOr^bQiyC#umgxXkwvcvwpj_J9&0flc5eUf6o;0U;t>sIUCE(}d3; z-YjXTu`_kjUj{F=_Wv>Ydtd*3V8uNoP$fVOH3DZErFe%2JZ2%7U?d}s;deyC8T!LA zm>Wu5#g)>@fAlCO@3MW!CG`L$bcN84{p~ zEwT3_@F*B2%aAK6*mi(?EJEbsmtVesbA>5J0y`JUw{Ux_fKfVKfK6c!g`ujM@G0yG z;d+khWe*&aeMk0Y{LjaFl^TST81o9b?do z1e#)JCVgs21}?`61{7nTXd1nMrKZD=T0^6lmOc(7L_!gF={?Iebavnd>LC9gW|)SU z3rB|Qxq@2cfB#v(ApiUQ!@~#p-%0uMrS}x(#2-U6UY!?X9J1 zS!bU^#lMPKm6WNaS$)>NV8@E<+2G*`3G(7-FMrb3j$?ugO18oI)i@ee%{Oz*Iq@*u zDElIC;n{)yNc`()G9jN~&t7(h15bZ8z?~!ln2a%rC|$sx5u#*5um>m%HQ0{z8#cY` z`cjRdP!KT2E{c?LU_Q?Jsx`6`f~h9}aSVycBAK?G;PH5&32}OHt?DX)79n<@IM(?D zxY1*#6PIa6w21xZ`a2@w6QLBw7$TwI6o54FF|^fmRTc8I{a*JreA%7INlP+W0%m&2 zY2UP7{@YGdq|C|WkC2l=`v%s}Pfrq#URNMU8@SS1mFSl+r z#5DEI5azQobx{~POP`Bc0<;kxxN0|2T%z=PQ`N>t0h(gZ9xn>5t}&kzx4xl?JM1;D za8(V{P=X%LFu`#e)>$?iLQ~%sXxceq*3-n_IFUVfAGexvs0R4vzg|JZ}Q4|{sN z@?2eE8Sy}i4GKffLQb?erqL)pdnecD#&)O>16PoEm0mX5%ks3q{v7iY=7&mX_jE+) zh27r+=LCglOem2A3+I<*+{jtdXvwj#7rPV^Lts8=V(^OUV=U32nSt+5|94pbmy}*J z7}RS24~~lK|MTbj59|LfN;dwR(+Ab^rB%a65_rRaXQApe|EY>P$Un!2lNfj0R+eBLj}|NdbA!T#S#`SL}H zR$?D6oqbO1=~HZJ*|u$E6$Kw7*Flk-F;4!{?yTi%muLs$9=Ku@=k$Z#C=(XEB|a7s z`QZ?Ph|+@QNL|XtS7|F2w0K0#K?@X;e{mLt+Dx;JYdGhgw^K(Mz#Q{&{H58X>yI9$ zIQ}@*o^D%vAoYh3Nq43{MTukGHcq+w71gbj)#d*~>|*Y&2ioNS=-GZj{tuoF9?pO4 zq;!%0^+o?@!z#5FLY17y>}9FXS9oH!Vn*N_hPMF9il>885z+WR*p*tZm=5BN*|F;? z)1=y@$sXM@6||31n^2Xm%db{*bd>*%&VjYa|KQ+x@%-2G=ZAv_`QJs!%fA+{lEN~Xf6>fXxRpU-xxrYbF!0^0X7tio3!8I{K0 z+-}+;s6F$cnqno8zE(ASZ>6LDU)|`-lvexi=&)e_4Gs^E9`ye%O0)jozU7zI^INz4 za*N7;cgxR|4)R}D#g5N%w(5jt`5zn}?ic0%=-}|d|GSeC`&JVLkW6X3`%9g@r~2gG zHI_M*fWlBH=`Ra;IkdElSUPZfoA6F|86ts8Bd-{;bKnL@;Nd{RJ}hHDMRckT4jQL0 z${ZS0!$|gjkx#pIkPdwanRw3aZR+I~$w^4d9K)3E>{S|HRHaK8u6X>j9>{#n0(g)P z5<`=jGk_Yp-Ch2+6q)t6dalIP|vhZYJQJ^J!pg-ppmy5QQMV}02%e=LO$aXAX^{2m0F=y#b z(6#`5{>-_vJWLI@x5M`O5>4YEa#9eVW*{_B+V=cqQ(sQ@ujfrRJm|bbc4f2M7wnumYR9`hRfSwE$H7lFvrmd}$ zY-KHaI*eD(a_PP@k5p#6nNdSajWO7-5bZ3`c~w>*e6aa7y{x<_Nw0AHjmc==E)DhS&N52VTfXAYXp}_~iQh!`a2@<(u=1w@->X zVb9j7GQ@lN{o}l7R#i>53btYOmrCV)eBYGyuvbMH6nOBs6tFgj>VMKP>$;hKlKxb4 zYQ2&eJ_$0Qo0?fF*Y{Nhzka@(uo@h7M62o`ea!@`im@8DlY{eFtZKU2IZ9QB`YTaN zD%v5V)K0PkvMAMb)d?lT2`0HlFP&9uUMBgbvfmb(><>E9q#{M365gbqtv!YDY-a(l z?x+Jn3d?it0)c~h6?0@3g2cuf^z#)fhfP+6tWqi)0Yj*>Y5pb_1!*)S1a>2x;l%=p zKg&FjAt!S}@idc-o~3xzQJ^lGH4j0^c-e+YE$&O5yp>(1vguupYFy-*Wa~S_h|1Yt zh2KKXBy$-Z!rPO}%x@K$hMB2Aghm{{opCH?jCw;jD%6-s8U72)@+60P0(;fKB*|&j zzmkARg6JuxXmO2Q7IteR6VYqeW^i0`g#-@6jTgbs-u*vo`nQyPru za(ZyPMP1RRY+iTKZxtQYDZ8SzzSj0unbDdyb}V@>4@BW-r3{v4v6_dz(;u#aAZ zT>T`6b&FD4%f)#}w!zG~uj>3m#k}NYi;9%x3Z^M{a07ovOyc~|IamyVD_lUe>TJe@ zA!~kBT}`*W&owsr=BHYjF}`@iPm-8$9;Sx<`{qy?-^_=2j71}aCCDnd@UCF0@E5H` zzPi<5ML4r*`$aRQ8I)Z9e$KPI^yo4%gv5PcBPiK!T70Rws`c*FTFsETUSNr8_RfK7 zT~O8k{bytBzHAWx>wFfVE&jKE_`G!f^XMV|zmrn*zk7`KRRXY;SYJ9)W2CQG>syNR8Q8l<`6_F#72_-P)E0xt?SOi&AiW9? z*a|^CGknQJ>%}Ho#ob|l&yZf_gl;#W*V{at*J}>u6?y9`2;~`&S^|05N)KVY`wQc( zaD(E?A(0nZXIEju{~po2TBN?!SY9nc-$EqM0Dq@(yjpsE{ZYJR$8w)BygKXU+ch8V zBYM}QM;~H$dF=n5vAbG3a*fDc?RH?Nal2J+Zmv;n_Y%PCDvRrc?@V{A1n+8FtQNYf z?WTL+uG_Bl?;We_RYvM6h`aMRUF@}4H%eF6{2pU;oweBR0(32YmNY!q+gW&Sb=2f#sJKE<&a{3A$$dLz)%ag7SNlU{dSxjt*pmPI{P|HK{&&zn zJbK9g+es(?!wA>-#OHeGpu!0gwt@RKoX#tnq1<>+Xr-H(!iah1($AS*1u9B(HfXd^oRu0h$3ED#{v*8Q|m$+8uiRw2O^45fJVS`zTo_Scrq; z%ky6ku5(`l{GuAXW*h?vCM@^vT_S2O z^Zh6wa?#ULL&lM0T=YC;&FdFV5O-%pVpm2S_fSY|4SJx(&GEfQsdfEBg>fMyC&4uH zgJ$uD8Bh$am;l914Hip6C)bx>on6084SVyZM1lI6?#qT^IR%PfB$!}sCUL@@ks^In1tfFeMC%`Yp|TE;dk&ljaDseHPmsV{p8!Q^VJpIRn}U2~ zK3~~TE$e#Agqkbnt3rgYL+s|H$HPKD3?d|w`l8D^1(%d+3D&g+rtwP}S{Es5kO^^9+q~344H;v!bel3zEu*Fnkpy|SYAZfQZN5qF zohY^>68n`Ts+eNaN%OplMc`r&etA)p#Vj;2ZK|r&&wC73iD^6F(t^<`lBf}@+Abl3 zZyq-dXl=VTEKT`{7fnAGFj4~=N4#1+LKa3eyQ8csjbgAY1|#jd=nhWyy8f6Xl4){n z4pM`F<*Ojh(W0^j&7F`cmaclFGt4>C#COHBNttaLv1zDcI%%4s+R0fBh6XHkg)XD3 zimPK^J8~m&>iD2;snZvGt+?3fHaP{t#zNT{ce37%7njUiS8@NW8dm_=8Lp%tHB~r( z@j@B2B=E?bcoCwRebySTiM;68eAA3eB_w&Ffo!=_Hfy4AQYOH8ZEOiI0Vszd0w!Z;zRvUB^jY+?P% zPxUsq)kl^i{mOkv#HY9-Cg0fXn={?-q;#_Xbw(318BJ^40Nr-~^FitT&;9=3A^y9Q z(*6GDbPrItCb{MHueB~r?wa=bHQ%iKZIoL1zdAcUeSPNm-sWR8%m2aA^Jj(k{{}~g zgM$b8-$i*;FRj+2M{sU*f!PmP|0g2uNArd^C@sMw*PQZN?(k$3>RpVRi<+@X?J)5Z z*#E}Vchr!N;F4oykP|^97M5kh@9IaGA2|Jg{P8$3xs%sPJ?4rY2_$E|KNWZyy56H$ ziP@^!6Vq>uOS0wA&zf4+XfzrlF|)o;-ii$wAkV9ZHvxd7PtKIcSu~CW=E~T|fplEv zXU==uf=uf#Q0VzcNX*Rxt0I9QQNN{Ai?txt4xo@TxaWeHmi2aq;|I|-HPD!1?YuB{ zZ8~@A>t%>Heek&m*fLiQ{T1<;vJk%&O?djSV!VU3tQ)vYdM(?UxpD)iOS`OP)iH_IC2Oyc^DoGHf3t-7})V0@)BzH$F?@Z8V zPE(h{WBq=1$Z?3{=gG5=Za*o&FxuN|fU$lqM+q1$m}apwZ;)?};mYu?k7adMbE&Tz zc%>?ubPLENZtSq!!06)(;Y?laMJ^xmHpDH0Ucz#j{LzA?stBP;6WLw4fzdJjgcf3@ z`7B{6(X_6EJeCrz&TpHS8yLlDsjHxw!LpboRWX-uwPuK2jIqnFryuiQ8Zf%Eyr3=< z3u6jxgrym82>boM4=0!JepH`clmC(WAct_2{4!9#jIvn97xUE9=q9mp^1i0*i^VL6 zu?(1p#Rk~a!ytLIGMO@1<}*1ekiALm858D>8vtiaf=AkniaRMcFzU?_?@==D#p8Ei z-3*r5OpwZ!MJ&?>JH%6A**%4ERK_x!Nm7I51@kbZ*(Ql3ruQ#xpJ5f2Uv4*9FEhz4 z)!p2{+e}i-ec-6E{QZwju*_UJP>baZL!2F{F*HqI1fDHA{ifnAb!ZWM1eVl zi{O%Zz%fOV%&|h9$rcB7`c3!UVQsBd#LfwFlmH$(>+Q4 zGS$jmbd2RC^LCG40>kE5nk!n{yjup#INf8%Wn(P!H~qGFL=d?8lx}=}4McK5@bQ}?peH&wf>u_c#nSP4ZO~EPb0Npc^`h~8yKBW zE||PDr!713ZUvULe&-^V_u+Tm!0TN1yiRE@yVyQ)XIt_+XKbIt)b=^-P*$?LpbhTX&}sCfLOs-q5G=Pl#7(VnE@$;uimzh$p;>$BXWc!b|FQ*}Rn=MB8h ztq)DFg5`ECq7D2$^-rc3_Lp6-+^$8mf!Dd=W$jUJgjH;x?f9L$Mcga>KFv?okCr2R z(_ZIJZz+y49D9F$=MB8hogQs$#d0Sbu{+Q{Eq><~EO)XI+raDG@+9Okez}VF*^b}& z4zy2;-+6tn^W7PKcVOYQ_?^FTuXE}vX!biV$&SSFYJ zSDstXVY#$tlDVCyPlcJS%bk}S811jgvDqxtM!8J9&PjriY6zSu0|*74cKeWEx=ppa z!C7aq2wZc|K%;wIS$H}Ts}4DxE5~CqPjwn6pZt;@*@eJZMu~I&vAI{#&`c-KxHA+? zwdrJ>=x8D_j~~uDe6k6aHBXh5&lUXs^y%r@<<;5A@!PZ0r%(TYV{n=8Bk-`cp|Phk z)Re*Z5ie|Wk4T7!$xDleSzgVV+<9Y`gE$D$0`K}3Ue)7em0ss~F5{c_k|)Aof{|2< z=%L6kae7Uq)j}MBKp@P7`1aLuz{vM&G+{M Wl!x+Fl>Z+90RR7SGaq;W&;S7H=1.16.0-0" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png diff --git a/charts/secrets-store-csi-driver/README.md b/charts/secrets-store-csi-driver/README.md index d8a190e00..4ea53fe16 100644 --- a/charts/secrets-store-csi-driver/README.md +++ b/charts/secrets-store-csi-driver/README.md @@ -25,7 +25,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p | `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` | | `linux.image.repository` | Linux image repository | `k8s.gcr.io/csi-secrets-store/driver` | | `linux.image.pullPolicy` | Linux image pull policy | `Always` | -| `linux.image.tag` | Linux image tag | `v0.0.20` | +| `linux.image.tag` | Linux image tag | `v0.0.21` | | `linux.driver.resources` | The resource request/limits for the linux secrets-store container image | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` | | `linux.enabled` | Install secrets store csi driver on linux nodes | true | | `linux.kubeletRootDir` | Configure the kubelet root dir | `/var/lib/kubelet` | @@ -50,7 +50,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p | `linux.updateStrategy` | Configure a custom update strategy for the daemonset on linux nodes | `RollingUpdate with 1 maxUnavailable` | | `windows.image.repository` | Windows image repository | `k8s.gcr.io/csi-secrets-store/driver` | | `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` | -| `windows.image.tag` | Windows image tag | `v0.0.20` | +| `windows.image.tag` | Windows image tag | `v0.0.21` | | `windows.driver.resources` | The resource request/limits for the windows secrets-store container image | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` | | `windows.enabled` | Install secrets store csi driver on windows nodes | false | | `windows.kubeletRootDir` | Configure the kubelet root dir | `C:\var\lib\kubelet` | @@ -80,6 +80,6 @@ The following table lists the configurable parameters of the csi-secrets-store-p | `rbac.install` | Install default rbac roles and bindings | true | | `syncSecret.enabled` | Enable rbac roles and bindings required for syncing to Kubernetes native secrets (the default will change to false after v0.0.14) | true | | `minimumProviderVersions` | [**DEPRECATED**] A comma delimited list of key-value pairs of minimum provider versions with driver | `""` | -| `grpcSupportedProviders` | A `;` delimited list of providers that support grpc for driver-provider | `"gcp;azure;vault;"` | | `enableSecretRotation` | Enable secret rotation feature [alpha] | `false` | | `rotationPollInterval` | Secret rotation poll interval duration | `"120s"` | +| `filteredWatchSecret` | Enable filtered watch for NodePublishSecretRef secrets with label `secrets-store.csi.k8s.io/used=true` | `false` | diff --git a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml index 94065992a..1c915a83d 100644 --- a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml +++ b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml @@ -66,9 +66,6 @@ spec: {{- if and (semverCompare ">= v0.0.9-0" .Values.windows.image.tag) .Values.minimumProviderVersions }} - "--min-provider-version={{ .Values.minimumProviderVersions }}" {{- end }} - {{- if and (semverCompare ">= v0.0.14-0" .Values.windows.image.tag) .Values.grpcSupportedProviders }} - - "--grpc-supported-providers={{ .Values.grpcSupportedProviders }}" - {{- end }} {{- if and (semverCompare ">= v0.0.15-0" .Values.windows.image.tag) .Values.enableSecretRotation }} - "--enable-secret-rotation={{ .Values.enableSecretRotation }}" {{- end }} @@ -76,6 +73,9 @@ spec: - "--rotation-poll-interval={{ .Values.rotationPollInterval }}" {{- end }} - "--metrics-addr={{ .Values.windows.metricsAddr }}" + {{- if and (semverCompare ">= v0.0.21-0" .Values.windows.image.tag) .Values.filteredWatchSecret }} + - "--filtered-watch-secret={{ .Values.filteredWatchSecret }}" + {{- end }} env: {{- with .Values.windows.env }} {{- toYaml . | nindent 10 }} diff --git a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml index 3d6886919..277b1814a 100644 --- a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml +++ b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml @@ -66,9 +66,6 @@ spec: {{- if and (semverCompare ">= v0.0.8-0" .Values.linux.image.tag) .Values.minimumProviderVersions }} - "--min-provider-version={{ .Values.minimumProviderVersions }}" {{- end }} - {{- if and (semverCompare ">= v0.0.14-0" .Values.linux.image.tag) .Values.grpcSupportedProviders }} - - "--grpc-supported-providers={{ .Values.grpcSupportedProviders }}" - {{- end }} {{- if and (semverCompare ">= v0.0.15-0" .Values.linux.image.tag) .Values.enableSecretRotation }} - "--enable-secret-rotation={{ .Values.enableSecretRotation }}" {{- end }} @@ -76,6 +73,9 @@ spec: - "--rotation-poll-interval={{ .Values.rotationPollInterval }}" {{- end }} - "--metrics-addr={{ .Values.linux.metricsAddr }}" + {{- if and (semverCompare ">= v0.0.21-0" .Values.linux.image.tag) .Values.filteredWatchSecret }} + - "--filtered-watch-secret={{ .Values.filteredWatchSecret }}" + {{- end }} env: {{- with .Values.linux.env }} {{- toYaml . | nindent 10 }} diff --git a/charts/secrets-store-csi-driver/values.yaml b/charts/secrets-store-csi-driver/values.yaml index 210a4877b..f6ecda509 100644 --- a/charts/secrets-store-csi-driver/values.yaml +++ b/charts/secrets-store-csi-driver/values.yaml @@ -2,7 +2,7 @@ linux: enabled: true image: repository: k8s.gcr.io/csi-secrets-store/driver - tag: v0.0.20 + tag: v0.0.21 pullPolicy: Always driver: @@ -63,7 +63,7 @@ windows: enabled: false image: repository: k8s.gcr.io/csi-secrets-store/driver - tag: v0.0.20 + tag: v0.0.21 pullPolicy: IfNotPresent driver: @@ -144,11 +144,11 @@ syncSecret: ## e.g. provider1=0.0.2,provider2=0.0.3 minimumProviderVersions: -## ; delimited list of providers that support grpc for driver-provider [alpha] -grpcSupportedProviders: gcp;azure;vault; - ## Enable secret rotation feature [alpha] enableSecretRotation: false ## Secret rotation poll interval duration rotationPollInterval: + +## Filtered watch nodePublishSecretRef secrets +filteredWatchSecret: false diff --git a/deploy/csidriver-1.15.yaml b/deploy/csidriver-1.15.yaml deleted file mode 100644 index e6f4dc4dd..000000000 --- a/deploy/csidriver-1.15.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: storage.k8s.io/v1beta1 -kind: CSIDriver -metadata: - name: secrets-store.csi.k8s.io -spec: - podInfoOnMount: true - attachRequired: false diff --git a/deploy/secrets-store-csi-driver-windows.yaml b/deploy/secrets-store-csi-driver-windows.yaml index 6129d0137..92e0d839e 100644 --- a/deploy/secrets-store-csi-driver-windows.yaml +++ b/deploy/secrets-store-csi-driver-windows.yaml @@ -42,15 +42,15 @@ spec: cpu: 10m memory: 20Mi - name: secrets-store - image: k8s.gcr.io/csi-secrets-store/driver:v0.0.20 + image: k8s.gcr.io/csi-secrets-store/driver:v0.0.21 args: - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" - "--provider-volume=C:\\k\\secrets-store-csi-providers" - "--metrics-addr=:8095" - - "--grpc-supported-providers=azure;" - "--enable-secret-rotation=false" - "--rotation-poll-interval=2m" + - "--filtered-watch-secret=false" env: - name: CSI_ENDPOINT value: unix://C:\\csi\\csi.sock diff --git a/deploy/secrets-store-csi-driver.yaml b/deploy/secrets-store-csi-driver.yaml index 73b6a4132..8c7050c7a 100644 --- a/deploy/secrets-store-csi-driver.yaml +++ b/deploy/secrets-store-csi-driver.yaml @@ -42,15 +42,15 @@ spec: cpu: 10m memory: 20Mi - name: secrets-store - image: k8s.gcr.io/csi-secrets-store/driver:v0.0.20 + image: k8s.gcr.io/csi-secrets-store/driver:v0.0.21 args: - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" - "--provider-volume=/etc/kubernetes/secrets-store-csi-providers" - "--metrics-addr=:8095" - - "--grpc-supported-providers=gcp;azure;vault;" - "--enable-secret-rotation=false" - "--rotation-poll-interval=2m" + - "--filtered-watch-secret=false" env: - name: CSI_ENDPOINT value: unix:///csi/csi.sock diff --git a/docs/book/src/load-tests.md b/docs/book/src/load-tests.md index 163f3d829..fa3c77b2e 100644 --- a/docs/book/src/load-tests.md +++ b/docs/book/src/load-tests.md @@ -61,7 +61,7 @@ As of Secrets Store CSI Driver `v0.0.21`, the memory consumption for the driver If the secret rotation feature is enabled and filtered secret watch is not enabled, it'll cache Kubernetes secrets across all namespaces. To only cache the secrets with the above 2 labels: 1. Label all existing `nodePublishSecretRef` secrets with `secrets-store.csi.k8s.io/used=true` by running `kubectl label secret secrets-store.csi.k8s.io/used=true`. -2. Enable filtered secret watch by setting `--filtered-secret-watch=true` in `secrets-store` container or via helm using `--set filteredSecretWatch=true`. +2. Enable filtered secret watch by setting `--filtered-watch-secret=true` in `secrets-store` container or via helm using `--set filteredWatchSecret=true`. -**NOTE:** `--filtered-secret-watch=true` will be enabled by default in n+3 releases (`v0.0.25`). Please take the necessary action to label the `nodePublishSecretRef` secrets with the `secrets-store.csi.k8s.io/used=true` label. +**NOTE:** `--filtered-watch-secret=true` will be enabled by default in n+3 releases (`v0.0.25`). Please take the necessary action to label the `nodePublishSecretRef` secrets with the `secrets-store.csi.k8s.io/used=true` label. diff --git a/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml b/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml index f092edbdd..74e64172e 100644 --- a/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml +++ b/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: secrets-store-csi-driver -version: 0.0.20 -appVersion: 0.0.20 +version: 0.0.21 +appVersion: 0.0.21 kubeVersion: ">=1.16.0-0" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png diff --git a/manifest_staging/charts/secrets-store-csi-driver/README.md b/manifest_staging/charts/secrets-store-csi-driver/README.md index b162f76f1..4ea53fe16 100644 --- a/manifest_staging/charts/secrets-store-csi-driver/README.md +++ b/manifest_staging/charts/secrets-store-csi-driver/README.md @@ -25,7 +25,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p | `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` | | `linux.image.repository` | Linux image repository | `k8s.gcr.io/csi-secrets-store/driver` | | `linux.image.pullPolicy` | Linux image pull policy | `Always` | -| `linux.image.tag` | Linux image tag | `v0.0.20` | +| `linux.image.tag` | Linux image tag | `v0.0.21` | | `linux.driver.resources` | The resource request/limits for the linux secrets-store container image | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` | | `linux.enabled` | Install secrets store csi driver on linux nodes | true | | `linux.kubeletRootDir` | Configure the kubelet root dir | `/var/lib/kubelet` | @@ -50,7 +50,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p | `linux.updateStrategy` | Configure a custom update strategy for the daemonset on linux nodes | `RollingUpdate with 1 maxUnavailable` | | `windows.image.repository` | Windows image repository | `k8s.gcr.io/csi-secrets-store/driver` | | `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` | -| `windows.image.tag` | Windows image tag | `v0.0.20` | +| `windows.image.tag` | Windows image tag | `v0.0.21` | | `windows.driver.resources` | The resource request/limits for the windows secrets-store container image | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` | | `windows.enabled` | Install secrets store csi driver on windows nodes | false | | `windows.kubeletRootDir` | Configure the kubelet root dir | `C:\var\lib\kubelet` | diff --git a/manifest_staging/charts/secrets-store-csi-driver/values.yaml b/manifest_staging/charts/secrets-store-csi-driver/values.yaml index b5c1650f6..f6ecda509 100644 --- a/manifest_staging/charts/secrets-store-csi-driver/values.yaml +++ b/manifest_staging/charts/secrets-store-csi-driver/values.yaml @@ -2,7 +2,7 @@ linux: enabled: true image: repository: k8s.gcr.io/csi-secrets-store/driver - tag: v0.0.20 + tag: v0.0.21 pullPolicy: Always driver: @@ -63,7 +63,7 @@ windows: enabled: false image: repository: k8s.gcr.io/csi-secrets-store/driver - tag: v0.0.20 + tag: v0.0.21 pullPolicy: IfNotPresent driver: diff --git a/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml b/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml index 09c0b0b61..92e0d839e 100644 --- a/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml +++ b/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml @@ -42,7 +42,7 @@ spec: cpu: 10m memory: 20Mi - name: secrets-store - image: k8s.gcr.io/csi-secrets-store/driver:v0.0.20 + image: k8s.gcr.io/csi-secrets-store/driver:v0.0.21 args: - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" @@ -50,7 +50,7 @@ spec: - "--metrics-addr=:8095" - "--enable-secret-rotation=false" - "--rotation-poll-interval=2m" - - "--filtered-secret-watch=false" + - "--filtered-watch-secret=false" env: - name: CSI_ENDPOINT value: unix://C:\\csi\\csi.sock diff --git a/manifest_staging/deploy/secrets-store-csi-driver.yaml b/manifest_staging/deploy/secrets-store-csi-driver.yaml index bde860251..8c7050c7a 100644 --- a/manifest_staging/deploy/secrets-store-csi-driver.yaml +++ b/manifest_staging/deploy/secrets-store-csi-driver.yaml @@ -42,7 +42,7 @@ spec: cpu: 10m memory: 20Mi - name: secrets-store - image: k8s.gcr.io/csi-secrets-store/driver:v0.0.20 + image: k8s.gcr.io/csi-secrets-store/driver:v0.0.21 args: - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" @@ -50,7 +50,7 @@ spec: - "--metrics-addr=:8095" - "--enable-secret-rotation=false" - "--rotation-poll-interval=2m" - - "--filtered-secret-watch=false" + - "--filtered-watch-secret=false" env: - name: CSI_ENDPOINT value: unix:///csi/csi.sock