Skip to content

Commit

Permalink
release: update manifest and helm charts for v0.0.13
Browse files Browse the repository at this point in the history
  • Loading branch information
aramase committed Aug 18, 2020
1 parent 26c0a57 commit e10c6c5
Show file tree
Hide file tree
Showing 25 changed files with 295 additions and 176 deletions.
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,10 @@ kubectl apply -f deploy/secrets-store.csi.x-k8s.io_secretproviderclasses.yaml
kubectl apply -f deploy/secrets-store.csi.x-k8s.io_secretproviderclasspodstatuses.yaml
kubectl apply -f deploy/secrets-store-csi-driver.yaml --namespace $NAMESPACE

# If using the driver to sync secrets-store content as Kubernetes Secrets, deploy the additional RBAC permissions
# required to enable this feature
kubectl apply -f deploy/rbac-secretproviderclass.yaml

# [OPTIONAL] For kubernetes version < 1.16 running `kubectl apply -f deploy/csidriver.yaml` will fail. To install the driver run
kubectl apply -f deploy/csidriver-1.15.yaml

Expand Down
27 changes: 22 additions & 5 deletions charts/index.yaml
Original file line number Diff line number Diff line change
@@ -1,9 +1,26 @@
apiVersion: v1
entries:
secrets-store-csi-driver:
- apiVersion: v1
appVersion: 0.0.13
created: "2020-08-17T18:08:01.599946-07:00"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes
cluster.
digest: 426ea403ad1083cae569a13d8ecf686e4797b7816f6254709070afc4f4b858ab
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
kubeVersion: '>=1.15.0-0'
maintainers:
- email: [email protected]
name: Rita Zhang
name: secrets-store-csi-driver
sources:
- https://github.com/kubernetes-sigs/secrets-store-csi-driver
urls:
- https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.13.tgz
version: 0.0.13
- apiVersion: v1
appVersion: 0.0.12
created: "2020-07-21T17:21:06.530228-07:00"
created: "2020-08-17T18:08:01.599247-07:00"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes
cluster.
digest: 0c132d4be8c4eb48109a4fe8cc0ce29e6fc9f68647bb522c4040d033861a0e78
Expand All @@ -20,7 +37,7 @@ entries:
version: 0.0.12
- apiVersion: v1
appVersion: 0.0.11
created: "2020-07-21T17:21:06.529597-07:00"
created: "2020-08-17T18:08:01.597723-07:00"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes
cluster.
digest: 2751ae7aed8ea2fc7dcdcbbf26240fccb2eefd83d3943cef45bb58bb1d297692
Expand All @@ -37,7 +54,7 @@ entries:
version: 0.0.11
- apiVersion: v1
appVersion: 0.0.10
created: "2020-07-21T17:21:06.528357-07:00"
created: "2020-08-17T18:08:01.595105-07:00"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes
cluster.
digest: 9fae95e4611c9c120ed12505e735680b70ed133ea987fd32db05046cb45eda9e
Expand All @@ -54,7 +71,7 @@ entries:
version: 0.0.10
- apiVersion: v1
appVersion: 0.0.9
created: "2020-07-21T17:21:06.530963-07:00"
created: "2020-08-17T18:08:01.601014-07:00"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes
cluster.
digest: 0f74454ca36c979a352d8a7b6d847521897ebf78195527ed8946201a841887a7
Expand All @@ -69,4 +86,4 @@ entries:
urls:
- https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.9.tgz
version: 0.0.9
generated: "2020-07-21T17:21:06.526827-07:00"
generated: "2020-08-17T18:08:01.591471-07:00"
Binary file added charts/secrets-store-csi-driver-0.0.13.tgz
Binary file not shown.
4 changes: 2 additions & 2 deletions charts/secrets-store-csi-driver/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
name: secrets-store-csi-driver
version: 0.0.12
appVersion: 0.0.12
version: 0.0.13
appVersion: 0.0.13
kubeVersion: ">=1.15.0-0"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
Expand Down
63 changes: 40 additions & 23 deletions charts/secrets-store-csi-driver/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,26 +19,43 @@ $ helm install csi-secrets-store secrets-store-csi-driver/secrets-store-csi-driv

The following table lists the configurable parameters of the csi-secrets-store-provider-azure chart and their default values.

| Parameter | Description | Default |
| --------- | ----------- | ------- |
| `nameOverride` | String to partially override secrets-store-csi-driver.fullname template with a string (will prepend the release name) | `""` |
| `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` |
| `linux.image.repository` | Linux image repository | `us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver` |
| `linux.image.pullPolicy` | Linux image pull policy | `Always` |
| `linux.image.tag` | Linux image tag | `v0.0.12` |
| `linux.enabled` | Install secrets store csi driver on linux nodes | true |
| `linux.kubeletRootDir` | Configure the kubelet root dir | `/var/lib/kubelet` |
| `linux.nodeSelector` | Node Selector for the daemonset on linux nodes | `{}` |
| `linux.metricsAddr` | The address the metric endpoint binds to | `:8080` |
| `windows.image.repository` | Windows image repository | `us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver` |
| `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` |
| `windows.image.tag` | Windows image tag | `v0.0.12` |
| `windows.enabled` | Install secrets store csi driver on windows nodes | false |
| `windows.kubeletRootDir` | Configure the kubelet root dir | `C:\var\lib\kubelet` |
| `windows.nodeSelector` | Node Selector for the daemonset on windows nodes | `{}` |
| `windows.metricsAddr` | The address the metric endpoint binds to | `:8080` |
| `logLevel.debug` | Enable debug logging | true |
| `livenessProbe.port` | Liveness probe port | `9808` |
| `livenessProbe.logLevel` | Liveness probe container logging verbosity level | `2` |
| `rbac.install` | Install default rbac roles and bindings | true |
| `minimumProviderVersions` | A comma delimited list of key-value pairs of minimum provider versions with driver | `""` |
| Parameter | Description | Default |
| --------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------- |
| `nameOverride` | String to partially override secrets-store-csi-driver.fullname template with a string (will prepend the release name) | `""` |
| `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` |
| `linux.image.repository` | Linux image repository | `us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver` |
| `linux.image.pullPolicy` | Linux image pull policy | `Always` |
| `linux.image.tag` | Linux image tag | `v0.0.13` |
| `linux.enabled` | Install secrets store csi driver on linux nodes | true |
| `linux.kubeletRootDir` | Configure the kubelet root dir | `/var/lib/kubelet` |
| `linux.nodeSelector` | Node Selector for the daemonset on linux nodes | `{}` |
| `linux.tolerations` | Tolerations for the daemonset on linux nodes | `[]` |
| `linux.metricsAddr` | The address the metric endpoint binds to | `:8080` |
| `linux.registrarImage.repository` | Linux node-driver-registrar image repository | `quay.io/k8scsi/csi-node-driver-registrar` |
| `linux.registrarImage.pullPolicy` | Linux node-driver-registrar image pull policy | `Always` |
| `linux.registrarImage.tag` | Linux node-driver-registrar image tag | `v1.2.0` |
| `linux.livenessProbeImage.repository` | Linux liveness-probe image repository | `quay.io/k8scsi/livenessprobe` |
| `linux.livenessProbeImage.pullPolicy` | Linux liveness-probe image pull policy | `Always` |
| `linux.livenessProbeImage.tag` | Linux liveness-probe image tag | `v2.0.0` |
| `linux.env` | Environment variables to be passed for the daemonset on linux nodes | `[]` |
| `windows.image.repository` | Windows image repository | `us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver` |
| `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` |
| `windows.image.tag` | Windows image tag | `v0.0.13` |
| `windows.enabled` | Install secrets store csi driver on windows nodes | false |
| `windows.kubeletRootDir` | Configure the kubelet root dir | `C:\var\lib\kubelet` |
| `windows.nodeSelector` | Node Selector for the daemonset on windows nodes | `{}` |
| `windows.tolerations` | Tolerations for the daemonset on windows nodes | `[]` |
| `windows.metricsAddr` | The address the metric endpoint binds to | `:8080` |
| `windows.registrarImage.repository` | Windows node-driver-registrar image repository | `mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar` |
| `windows.registrarImage.pullPolicy` | Windows node-driver-registrar image pull policy | `Always` |
| `windows.registrarImage.tag` | Windows node-driver-registrar image tag | `v1.2.1-alpha.1-windows-1809-amd64` |
| `windows.livenessProbeImage.repository` | Windows liveness-probe image repository | `mcr.microsoft.com/oss/kubernetes-csi/livenessprobe` |
| `windows.livenessProbeImage.pullPolicy` | Windows liveness-probe image pull policy | `Always` |
| `windows.livenessProbeImage.tag` | Windows liveness-probe image tag | `v2.0.1-alpha.1-windows-1809-amd64` |
| `windows.env` | Environment variables to be passed for the daemonset on windows nodes | `[]` |
| `logLevel.debug` | Enable debug logging | true |
| `livenessProbe.port` | Liveness probe port | `9808` |
| `livenessProbe.logLevel` | Liveness probe container logging verbosity level | `2` |
| `rbac.install` | Install default rbac roles and bindings | true |
| `syncSecret.enabled` | Enable rbac roles and bindings required for syncing to Kubernetes native secrets (the default will change to false after v0.0.14) | true |
| `minimumProviderVersions` | A comma delimited list of key-value pairs of minimum provider versions with driver | `""` |
10 changes: 5 additions & 5 deletions charts/secrets-store-csi-driver/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@ Standard labels for helm resources
*/}}
{{- define "sscd.labels" -}}
labels:
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
revision: "{{ .Release.Revision }}"
chart: "{{ .Chart.Name }}"
chartVersion: "{{ .Chart.Version }}"
app.kubernetes.io/instance: "{{ .Release.Name }}"
app.kubernetes.io/managed-by: "{{ .Release.Service }}"
app.kubernetes.io/name: "{{ template "sscd.name" . }}"
app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
app: {{ template "sscd.name" . }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
{{- end -}}
22 changes: 22 additions & 0 deletions charts/secrets-store-csi-driver/templates/role-syncsecret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{{ if .Values.syncSecret.enabled }}

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: secretprovidersyncing-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
{{ end }}
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{{ if .Values.syncSecret.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: secretprovidersyncing-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: secretprovidersyncing-role
subjects:
- kind: ServiceAccount
name: secrets-store-csi-driver
namespace: {{ .Release.Namespace }}
{{ end }}
26 changes: 3 additions & 23 deletions charts/secrets-store-csi-driver/templates/role.yaml
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
{{ if .Values.rbac.install }}

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: secretproviderclasses-role
rules:
- apiGroups:
Expand All @@ -12,29 +14,7 @@ rules:
verbs:
- get
- list
- update
- watch
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasses/status
verbs:
- get
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
Expand All @@ -53,6 +33,6 @@ rules:
- secretproviderclasspodstatuses/status
verbs:
- get
- update
- patch
- update
{{ end }}
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ spec:
serviceAccountName: secrets-store-csi-driver
containers:
- name: node-driver-registrar
image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v1.2.1-alpha.1-windows-1809-amd64
image: "{{ .Values.windows.registrarImage.repository }}:{{ .Values.windows.registrarImage.tag }}"
args:
- --v=5
- "--csi-address=unix://C:\\csi\\csi.sock"
Expand All @@ -31,12 +31,12 @@ spec:
"del /f C:\\registration\\secrets-store.csi.k8s.io-reg.sock",
]
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
imagePullPolicy: Always
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
imagePullPolicy: {{ .Values.windows.registrarImage.pullPolicy }}
volumeMounts:
- name: plugin-dir
mountPath: C:\csi
Expand All @@ -54,13 +54,16 @@ spec:
{{- end }}
- "--metrics-addr={{ .Values.windows.metricsAddr }}"
env:
- name: CSI_ENDPOINT
value: unix://C:\\csi\\csi.sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
{{- with .Values.windows.env }}
{{- toYaml . | nindent 10 }}
{{- end }}
- name: CSI_ENDPOINT
value: unix://C:\\csi\\csi.sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
imagePullPolicy: {{ .Values.windows.image.pullPolicy }}
securityContext:
privileged: true
Expand Down Expand Up @@ -88,8 +91,8 @@ spec:
mountPath: C:\k\secrets-store-csi-providers
{{- if semverCompare ">= v0.0.9-0" .Values.windows.image.tag }}
- name: liveness-probe
image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.0.1-alpha.1-windows-1809-amd64
imagePullPolicy: Always
image: "{{ .Values.windows.livenessProbeImage.repository }}:{{ .Values.windows.livenessProbeImage.tag }}"
imagePullPolicy: {{ .Values.windows.livenessProbeImage.pullPolicy }}
args:
- "--csi-address=unix://C:\\csi\\csi.sock"
- --probe-timeout=3s
Expand Down Expand Up @@ -120,4 +123,8 @@ spec:
{{- if .Values.windows.nodeSelector }}
{{- toYaml .Values.windows.nodeSelector | nindent 8 }}
{{- end }}
{{- with .Values.windows.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- end -}}
Loading

0 comments on commit e10c6c5

Please sign in to comment.