From 03da61c487c70f6212c0272f83ff9e307f40f979 Mon Sep 17 00:00:00 2001 From: Ben <44718255+benjaminkz@users.noreply.github.com> Date: Mon, 18 Mar 2024 16:24:19 -0700 Subject: [PATCH 1/9] Make throttling params QPS and Burst configurable (#323) * Make throttling params of the underlying k8s client, QPS and Burst, configurable to users --------- Co-authored-by: Kai Zhu Co-authored-by: Simon Marty --- README.md | 6 ++++++ .../templates/daemonset.yaml | 8 ++++++++ main.go | 5 +++++ 3 files changed, 19 insertions(+) diff --git a/README.md b/README.md index 687df29..4af1510 100644 --- a/README.md +++ b/README.md @@ -225,6 +225,12 @@ helm repo add aws-secrets-manager https://aws.github.io/secrets-store-csi-driver helm install -n kube-system secrets-provider-aws aws-secrets-manager/secrets-store-csi-driver-provider-aws --set useFipsEndpoint=true ``` +### Client-Side Rate-Limitting to Kubernetes API server + +To mount each secret on each pod, the AWS CSI provider lookups the region of the pod and the role ARN associated with the service account by calling the Kubernetes APIs. You can increase the value of qps and burst if you notice the provider is throttled by client-side limit to the API server. + +If you use Helm chart to install the provider, append the `--set-json 'k8sThrottlingParams={"qps": "", "burst": ""}'` flag in the install step. + ### Security Considerations The AWS Secrets Manager and Config Provider provides compatibility for legacy applications that access secrets as mounted files in the pod. Security conscious applications should use the native AWS APIs to fetch secrets and optionally cache them in memory rather than storing them in the file system. diff --git a/charts/secrets-store-csi-driver-provider-aws/templates/daemonset.yaml b/charts/secrets-store-csi-driver-provider-aws/templates/daemonset.yaml index 9938cf6..e464742 100644 --- a/charts/secrets-store-csi-driver-provider-aws/templates/daemonset.yaml +++ b/charts/secrets-store-csi-driver-provider-aws/templates/daemonset.yaml @@ -31,6 +31,14 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} args: - --provider-volume={{ .Values.providerVolume }} + {{- if .Values.k8sThrottlingParams }} + {{- if .Values.k8sThrottlingParams.qps }} + - --qps={{ .Values.k8sThrottlingParams.qps }} + {{- end }} + {{- if .Values.k8sThrottlingParams.burst }} + - --burst={{ .Values.k8sThrottlingParams.burst }} + {{- end }} + {{- end }} resources: {{ toYaml .Values.resources | indent 12 }} securityContext: diff --git a/main.go b/main.go index d665102..e500010 100644 --- a/main.go +++ b/main.go @@ -22,6 +22,8 @@ import ( var ( endpointDir = flag.String("provider-volume", "/etc/kubernetes/secrets-store-csi-providers", "Rendezvous directory for provider socket") driverWriteSecrets = flag.Bool("driver-writes-secrets", false, "The driver will do the write instead of the plugin") + qps = flag.Int("qps", 5, "Maximum query per second to the Kubernetes API server. To mount the requested secret on the pod, the AWS CSI provider lookups the region of the pod and the role ARN associated with the service account by calling the K8s APIs. Increase the value if the provider is throttled by client-side limit to the API server.") + burst = flag.Int("burst", 10, "Maximum burst for throttle. To mount the requested secret on the pod, the AWS CSI provider lookups the region of the pod and the role ARN associated with the service account by calling the K8s APIs. Increase the value if the provider is throttled by client-side limit to the API server.") ) // Main entry point for the Secret Store CSI driver AWS provider. This main @@ -58,6 +60,9 @@ func main() { klog.Fatalf("Can not get cluster config. error: %v", err) } + cfg.QPS = float32(*qps) + cfg.Burst = *burst + clientset, err := kubernetes.NewForConfig(cfg) if err != nil { klog.Fatalf("Can not initialize kubernetes client. error: %v", err) From cb8413b1d1bb0b261848fe641a5cc8e456e8e2fc Mon Sep 17 00:00:00 2001 From: Kai Zhu Date: Mon, 18 Mar 2024 23:36:46 +0000 Subject: [PATCH 2/9] Increase the version to 0.3.8 --- charts/secrets-store-csi-driver-provider-aws/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/secrets-store-csi-driver-provider-aws/Chart.yaml b/charts/secrets-store-csi-driver-provider-aws/Chart.yaml index e26b294..ce91908 100644 --- a/charts/secrets-store-csi-driver-provider-aws/Chart.yaml +++ b/charts/secrets-store-csi-driver-provider-aws/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: secrets-store-csi-driver-provider-aws -version: 0.3.7 +version: 0.3.8 kubeVersion: ">=1.17.0-0" description: A Helm chart for the AWS Secrets Manager and Config Provider for Secret Store CSI Driver icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png From ab548b343dc69d3fd4c2bc06f3c7dc7d09040d2c Mon Sep 17 00:00:00 2001 From: Brent Stephens Date: Wed, 20 Mar 2024 14:19:11 -0700 Subject: [PATCH 3/9] Fix support for non-default kubelet root directory (#330) It turns out that the container-local path also needs to be updated to match what the path is on the host. Intuitively it seemed that updating the container-local path would have broken assumptions in the provider, but *counter-intuitively* it turns out that the mismatch between container and host path strings breaks the CSI driver stack. The breakage presents as the upstream CSI driver (not the AWS provider) being unable to mount the secrets volumes in pods. --- .../templates/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/secrets-store-csi-driver-provider-aws/templates/daemonset.yaml b/charts/secrets-store-csi-driver-provider-aws/templates/daemonset.yaml index e464742..bb7aaaa 100644 --- a/charts/secrets-store-csi-driver-provider-aws/templates/daemonset.yaml +++ b/charts/secrets-store-csi-driver-provider-aws/templates/daemonset.yaml @@ -47,7 +47,7 @@ spec: - mountPath: {{ .Values.providerVolume }} name: providervol - name: mountpoint-dir - mountPath: /var/lib/kubelet/pods + mountPath: {{ .Values.kubeletPath }}/pods mountPropagation: HostToContainer volumes: - name: providervol From 99bfaaed70964269feda0d35d2a9a29cafeff9bb Mon Sep 17 00:00:00 2001 From: Ben <44718255+benjaminkz@users.noreply.github.com> Date: Mon, 25 Mar 2024 11:33:27 -0700 Subject: [PATCH 4/9] Update the version of the image (#331) Co-authored-by: Kai Zhu --- charts/secrets-store-csi-driver-provider-aws/values.yaml | 2 +- deployment/aws-provider-installer.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/secrets-store-csi-driver-provider-aws/values.yaml b/charts/secrets-store-csi-driver-provider-aws/values.yaml index 5712a15..37b19d9 100644 --- a/charts/secrets-store-csi-driver-provider-aws/values.yaml +++ b/charts/secrets-store-csi-driver-provider-aws/values.yaml @@ -1,7 +1,7 @@ image: repository: public.ecr.aws/aws-secrets-manager/secrets-store-csi-driver-provider-aws pullPolicy: IfNotPresent - tag: 1.0.r2-58-g4ddce6a-2024.01.31.21.42 + tag: 1.0.r2-68-gab548b3-2024.03.20.21.58 nameOverride: "" fullnameOverride: "" diff --git a/deployment/aws-provider-installer.yaml b/deployment/aws-provider-installer.yaml index 423bbb9..3d14126 100644 --- a/deployment/aws-provider-installer.yaml +++ b/deployment/aws-provider-installer.yaml @@ -58,7 +58,7 @@ spec: hostNetwork: false containers: - name: provider-aws-installer - image: public.ecr.aws/aws-secrets-manager/secrets-store-csi-driver-provider-aws:1.0.r2-58-g4ddce6a-2024.01.31.21.42 + image: public.ecr.aws/aws-secrets-manager/secrets-store-csi-driver-provider-aws:1.0.r2-68-gab548b3-2024.03.20.21.58 imagePullPolicy: Always args: - --provider-volume=/etc/kubernetes/secrets-store-csi-providers From 74558278245dd6c1c867e135fe57be16a630c3b7 Mon Sep 17 00:00:00 2001 From: Gedimin <30520576+Gedimin@users.noreply.github.com> Date: Thu, 28 Mar 2024 01:44:22 +0300 Subject: [PATCH 5/9] Helm: fix environment variables location (#332) Fix environment variable in daemonset Environment variables have to be set on container level Co-authored-by: Aliaksei Anikiyenka Co-authored-by: Simon Marty --- .../templates/daemonset.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/secrets-store-csi-driver-provider-aws/templates/daemonset.yaml b/charts/secrets-store-csi-driver-provider-aws/templates/daemonset.yaml index bb7aaaa..e35ebc0 100644 --- a/charts/secrets-store-csi-driver-provider-aws/templates/daemonset.yaml +++ b/charts/secrets-store-csi-driver-provider-aws/templates/daemonset.yaml @@ -49,6 +49,11 @@ spec: - name: mountpoint-dir mountPath: {{ .Values.kubeletPath }}/pods mountPropagation: HostToContainer + {{- if .Values.useFipsEndpoint }} + env: + - name: AWS_USE_FIPS_ENDPOINT + value: {{ .Values.useFipsEndpoint | quote }} + {{- end }} volumes: - name: providervol hostPath: @@ -77,8 +82,3 @@ spec: affinity: {{ toYaml . | indent 8 }} {{- end }} -{{- if .Values.useFipsEndpoint }} - env: - - name: AWS_USE_FIPS_ENDPOINT - value: {{ .Values.useFipsEndpoint }} -{{- end }} From ff10885869951c0143764b5eec0ef82a2177a34a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 May 2024 11:32:29 -0600 Subject: [PATCH 6/9] Bump golang.org/x/net from 0.20.0 to 0.23.0 (#341) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.20.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.20.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index a771357..7345261 100644 --- a/go.mod +++ b/go.mod @@ -36,10 +36,10 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - golang.org/x/net v0.20.0 // indirect + golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.16.0 // indirect - golang.org/x/sys v0.16.0 // indirect - golang.org/x/term v0.16.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect google.golang.org/appengine v1.6.8 // indirect diff --git a/go.sum b/go.sum index 1072087..f440798 100644 --- a/go.sum +++ b/go.sum @@ -83,8 +83,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= -golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -98,12 +98,12 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= -golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= From fb78a3650c5a09bcb11175e39f573eb4ed1b5db2 Mon Sep 17 00:00:00 2001 From: Simon Marty Date: Wed, 29 May 2024 14:51:15 -0700 Subject: [PATCH 7/9] Update to Go 1.21 (#353) --- .github/workflows/go.yml | 2 +- .gitignore | 2 ++ go.mod | 2 +- go.sum | 11 +++++++++++ 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 1c405e4..7ba918d 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -11,7 +11,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v4 with: - go-version: "1.20" + go-version: "1.21" - name: Build run: go build -v ./... - name: Test diff --git a/.gitignore b/.gitignore index 658aa7c..088a7ea 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,5 @@ # VS Code .vscode/ _output + +secrets-store-csi-driver-provider-aws diff --git a/go.mod b/go.mod index 7345261..07a038d 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/aws/secrets-store-csi-driver-provider-aws -go 1.20 +go 1.21 require ( github.com/aws/aws-sdk-go v1.49.19 diff --git a/go.sum b/go.sum index f440798..bfbd5d1 100644 --- a/go.sum +++ b/go.sum @@ -16,6 +16,7 @@ github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHa github.com/go-openapi/swag v0.22.7 h1:JWrc1uc/P9cSomxfnsFSVWoE1FW6bNbrVPmpQYpCcR8= github.com/go-openapi/swag v0.22.7/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= @@ -27,10 +28,12 @@ github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1: github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU= github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= @@ -44,7 +47,9 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -56,13 +61,17 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= +github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= +github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= @@ -118,6 +127,7 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.12.0 h1:YW6HUoUmYBpwSgyaGaZq1fHjrBjX1rlpZ54T6mu2kss= +golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -134,6 +144,7 @@ google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGm google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= From 4e460219af7398aa2bbbdfb2d28cd0e302e8dcd2 Mon Sep 17 00:00:00 2001 From: Simon Marty Date: Wed, 29 May 2024 16:43:52 -0700 Subject: [PATCH 8/9] Update image tag (#355) Update image version --- charts/secrets-store-csi-driver-provider-aws/values.yaml | 2 +- deployment/aws-provider-installer.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/secrets-store-csi-driver-provider-aws/values.yaml b/charts/secrets-store-csi-driver-provider-aws/values.yaml index 37b19d9..2b3a627 100644 --- a/charts/secrets-store-csi-driver-provider-aws/values.yaml +++ b/charts/secrets-store-csi-driver-provider-aws/values.yaml @@ -1,7 +1,7 @@ image: repository: public.ecr.aws/aws-secrets-manager/secrets-store-csi-driver-provider-aws pullPolicy: IfNotPresent - tag: 1.0.r2-68-gab548b3-2024.03.20.21.58 + tag: 1.0.r2-72-gfb78a36-2024.05.29.23.03 nameOverride: "" fullnameOverride: "" diff --git a/deployment/aws-provider-installer.yaml b/deployment/aws-provider-installer.yaml index 3d14126..1b97801 100644 --- a/deployment/aws-provider-installer.yaml +++ b/deployment/aws-provider-installer.yaml @@ -58,7 +58,7 @@ spec: hostNetwork: false containers: - name: provider-aws-installer - image: public.ecr.aws/aws-secrets-manager/secrets-store-csi-driver-provider-aws:1.0.r2-68-gab548b3-2024.03.20.21.58 + image: public.ecr.aws/aws-secrets-manager/secrets-store-csi-driver-provider-aws:1.0.r2-72-gfb78a36-2024.05.29.23.03 imagePullPolicy: Always args: - --provider-volume=/etc/kubernetes/secrets-store-csi-providers From eec8172bd6de8c97c45bdef9d8681c32d16c326b Mon Sep 17 00:00:00 2001 From: Simon Marty Date: Thu, 30 May 2024 11:00:58 -0700 Subject: [PATCH 9/9] Increment helm chart version number --- charts/secrets-store-csi-driver-provider-aws/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/secrets-store-csi-driver-provider-aws/Chart.yaml b/charts/secrets-store-csi-driver-provider-aws/Chart.yaml index ce91908..515f39f 100644 --- a/charts/secrets-store-csi-driver-provider-aws/Chart.yaml +++ b/charts/secrets-store-csi-driver-provider-aws/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: secrets-store-csi-driver-provider-aws -version: 0.3.8 +version: 0.3.9 kubeVersion: ">=1.17.0-0" description: A Helm chart for the AWS Secrets Manager and Config Provider for Secret Store CSI Driver icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png