From 576d3a94c5fe68b03a9dfed7928da90ba2cfcdc9 Mon Sep 17 00:00:00 2001 From: Anish Ramasekar Date: Thu, 17 Sep 2020 12:03:59 -0700 Subject: [PATCH] release: update manifest and helm charts for v0.0.14 --- charts/index.yaml | 29 +++- charts/secrets-store-csi-driver-0.0.14.tgz | Bin 0 -> 6408 bytes charts/secrets-store-csi-driver/Chart.yaml | 6 +- charts/secrets-store-csi-driver/README.md | 11 +- .../secrets-store-csi-driver-windows.yaml | 15 ++ .../templates/secrets-store-csi-driver.yaml | 15 ++ ...re.csi.x-k8s.io_secretproviderclasses.yaml | 160 +++++++++--------- ...k8s.io_secretproviderclasspodstatuses.yaml | 83 +++++---- charts/secrets-store-csi-driver/values.yaml | 71 +++++++- deploy/secrets-store-csi-driver-windows.yaml | 23 ++- deploy/secrets-store-csi-driver.yaml | 23 ++- ...re.csi.x-k8s.io_secretproviderclasses.yaml | 160 +++++++++--------- ...k8s.io_secretproviderclasspodstatuses.yaml | 83 +++++---- .../secrets-store-csi-driver/Chart.yaml | 6 +- .../charts/secrets-store-csi-driver/README.md | 4 +- .../secrets-store-csi-driver-windows.yaml | 2 +- .../secrets-store-csi-driver/values.yaml | 4 +- .../secrets-store-csi-driver-windows.yaml | 2 +- .../deploy/secrets-store-csi-driver.yaml | 2 +- 19 files changed, 436 insertions(+), 263 deletions(-) create mode 100644 charts/secrets-store-csi-driver-0.0.14.tgz diff --git a/charts/index.yaml b/charts/index.yaml index 4c3f7e0e1..f7953ee55 100644 --- a/charts/index.yaml +++ b/charts/index.yaml @@ -1,9 +1,26 @@ apiVersion: v1 entries: secrets-store-csi-driver: + - apiVersion: v1 + appVersion: 0.0.14 + created: "2020-09-17T12:11:25.687333-07:00" + description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes + cluster. + digest: 6390ebd13eeb76d1ed22263831d5383f8258bec1731d4f98e6c8dfe8b6256249 + icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png + kubeVersion: '>=1.16.0-0' + maintainers: + - email: ritazh@microsoft.com + name: Rita Zhang + name: secrets-store-csi-driver + sources: + - https://github.com/kubernetes-sigs/secrets-store-csi-driver + urls: + - https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.14.tgz + version: 0.0.14 - apiVersion: v1 appVersion: 0.0.13 - created: "2020-08-17T18:08:01.599946-07:00" + created: "2020-09-17T12:11:25.686272-07:00" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. digest: 426ea403ad1083cae569a13d8ecf686e4797b7816f6254709070afc4f4b858ab @@ -20,7 +37,7 @@ entries: version: 0.0.13 - apiVersion: v1 appVersion: 0.0.12 - created: "2020-08-17T18:08:01.599247-07:00" + created: "2020-09-17T12:11:25.684686-07:00" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. digest: 0c132d4be8c4eb48109a4fe8cc0ce29e6fc9f68647bb522c4040d033861a0e78 @@ -37,7 +54,7 @@ entries: version: 0.0.12 - apiVersion: v1 appVersion: 0.0.11 - created: "2020-08-17T18:08:01.597723-07:00" + created: "2020-09-17T12:11:25.683375-07:00" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. digest: 2751ae7aed8ea2fc7dcdcbbf26240fccb2eefd83d3943cef45bb58bb1d297692 @@ -54,7 +71,7 @@ entries: version: 0.0.11 - apiVersion: v1 appVersion: 0.0.10 - created: "2020-08-17T18:08:01.595105-07:00" + created: "2020-09-17T12:11:25.681638-07:00" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. digest: 9fae95e4611c9c120ed12505e735680b70ed133ea987fd32db05046cb45eda9e @@ -71,7 +88,7 @@ entries: version: 0.0.10 - apiVersion: v1 appVersion: 0.0.9 - created: "2020-08-17T18:08:01.601014-07:00" + created: "2020-09-17T12:11:25.689493-07:00" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. digest: 0f74454ca36c979a352d8a7b6d847521897ebf78195527ed8946201a841887a7 @@ -86,4 +103,4 @@ entries: urls: - https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.9.tgz version: 0.0.9 -generated: "2020-08-17T18:08:01.591471-07:00" +generated: "2020-09-17T12:11:25.679851-07:00" diff --git a/charts/secrets-store-csi-driver-0.0.14.tgz b/charts/secrets-store-csi-driver-0.0.14.tgz new file mode 100644 index 0000000000000000000000000000000000000000..19f15cc2f74d57114e8d9e3935f74d83a8b0453f GIT binary patch literal 6408 zcmV+j8TaNNiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<$bK5wQ^O?V*OPQ@nc8Ao%&(W5z&SPhHT}d2YoSmt=aVmmH zNWz&UH~^?b6Z^kk0U#+pMe6BHPWX_>B+%?`bT=B^cyMepEV#)9W!SViF&##xn6)n^ zhzV*aYFq*OuGgOg5=MR)v>yVhJ(4yNFda+bNCl_J+P&4fS^Ep zE|BYjm|(coqI4@I2`+B0;8IDFtV0|O2wsIl%zP{`Hvnum`3jDDlD<#PP@E>Pgt9xv9%+3#nhlno_@iF6l z!vyRh;`V_Nf&Q5Mr$=l?IUNc4Q3Jq79`3_CA`tw~1o>k_Kd4d^gVT`NSOH#0gvrU6 zw=2O+b8O#H|5xh&6uBYh8!-Si`hR%b?dA3VpmVU-|6LT9_~GZi0f2opbg|P1!9r{R z5D$&9d;!34KsgbV&H4~>Yiu)%(DwZ)HxUzLglxghfKjI{#U~?B?MS#K6oJNlm`2hq z9|WQ6-cXm=vp$@=pU{jO27qo6e>hPtP{k!45y@Wwb`bWV*Xel46Aya|&t9kVhD1*p z{yoIJ(C(f=kbD}8sse>c!F_Y#g(z{mA>MWoZ$3Lw%Wzw9i`%uus*b> zh_ziZY)3ET;6NRGi(PCB%KGr-(Et$C#SF>ek@w-Z4~B#*7_s@eN4!5j)p3SVxu-&FS?If7XsAShf zZZJVs*Npnb?4EXhGLh#T*E4J-on6&nt*f(**tSTM*J9Pms=f_&X+!&LzXU z4J*4#$FK1eyAnAE55sXZ!WspB1eA$B{B+tmmE4M(LC-LrJ%g*r(Z0kZ6uJW5{d|4_ zjJlWu@*Nlw-y!~(8*GSd2`qBVi;pxSBy8VSr28zZahrbV|xHhV*S;)NdEFghg;W)S)89G+7(%Ruf6S??Td>Ujtp ztfT@v;1Vu?j^G~8Oy!hA+1f)HaB zBh^~Of$PR=t3v9*0$m}E-{iby1gCQ&2>dM%OKgavKa`pFf4kB<@=2&lusbfJZUK-P@q6k43yjwPYAz=FremSJ4ePZC+Mkq;y4y7Uu>3Fa8M zzyV)py8bNW*c20NR?g=I1)E`s7>ZaD>-vR@I8VmDAC(nG5raMK3kbR7_&lVNX=rWM zP&Cm0j}z<$m~l%4tAzq;^uO0V&c*+Fox_8pz5ef_eEHJ;D@=*k2aW}dh>OK6z-OLh zi#@@8_-p&|(U7%_m!AVEs!}ecmdPiYT<`nU94Q4m=3;XqEkl~3*4xDT!T5T(YOvNj&_(HJ}CaF%Oz zi`kUe)eUvjxwUwND{GhplGW$55S%Ar{du!KEP`!-;+@4OZ6&N3a1q7k{7DS`K~6Yb zIb65?)`Hf@mik`0ub$fA?MtRK82@cf^s`ly0d@ZW(aB+c{69H4*^mFbDCzv4lmRrx z*8QnAB;6qvsB7F4-|0(7UiZ|HmJuS$<|G1P$Z=4IHk>PeMBn;vXy}V1 z$AE-%GTudjhd2ltjY%APQ_L=?7sx@krSo}arv=sp3eb?aL=eoaSM#i&HMemFz%w{^ z9P9w`(}TGL0-uPOB;%w<9p%g1$i`e?Us&_dhnmCKoJ6yE@G*8cybLCod6*$rIsrp0 zeJ9HRm{K?N@M|){_RMzi8|q-*2Lr%VO;iix%NJz}zYrzavB_t?t?Mpt1?u$w z@T8N||6aGZpa1WqeEA}EE%p!Ru{$dY+(|h#Ow%;dhJp=|ZJ|(1C?kKUXz1K##O6YW z2i{Q^XAFj#6BFvcCm!Ykc|jli&~LcT2v}shB7^m#LJMs-{Fy-ifM&k@OcBEXm}bJ z6&?=%7u!PF6%8Pon4R0U^i|4zoOGa1S5PrZHKi&IU4FHeqoMw zlYRVeHzlk8O1yzTp$q^ zzQ4YIvPD$e`bRm(3MhT8=5AkdrJ?;_-sww~TL14TAOGnd9vtuO|1Qd6`@en9FKy?y z?)hZ~mH+RapDqpbzp6^S2&~p7EY|;S@8B@E{-bwvaJY~E?4(4&*4O~VT^h~)9v>sk zzC_rg{w)?6lYoMNOYJWzc`>y#&sbXU_!!Gha~&eS?S@W1WoN+y5Z}SRfS#-v2b_7l zY)`EK^rU<8I?3$G(j);Ezl(q*L^i?ZSc3qFF;c%X2IjiXx~P?mbiQ*XUd(7lOs-zt zs*7GrtP^*+{>`qiwdSit;qkFwUtgeclt_#VV&fEs8cWlho*m_$wM<1LavX*^KMQ^G zx!-PI^zZI$PSigZr}llT04iFRnGh;R05d>ha#n(Fc6lc}KHddxI3_;7E3B1HKAHNW z8%OZ76afSb-wGP!9|Pde^IlFDwS>`k%3cBdR{9j6WqVHR$EufYyZW7jU1*O$vNO%6 zySu6kjbx{0csa}usi)YVrs;^K@YTP6e);kG?d8jl*XM6uW}v7=n*U(b%hRt`Q$$02 zw&eDsjnq~e_ zGjl_lSsAi~acP;RT27r-|9H`~rQYO#M2)cT1eEyV?EB{zw^tuuUSHn4y}Ew?qNJ)6 zF5;Yh|2!+=WmRJj)6^n!CN=Orr*_KlB|*q6kZ2f2z5~w-iBG+>`X`n9tm4><}QkQ&tJC5n-BndgZ?w z%gP3!)Xsn$+?*w?)Me~X%UGJySwB|VPPSqx-mwCw<-TaI`%pC~e3u9Xq>C|RH8*?n|4z+rHC;fVm&bD zJK}U%;O`W78lXkZ#l zEatHaEUG&9Pfv5&QK^in4YqTYN$qTfn_ps~%^U3Q>mDxTy9+B?e)EFT=$S!Q4vYug;Bra1z|n0$sn zbE`pqprqmw*#X^ppBvbGSvLNk*+cfRbbCc1FHp1p=j7xl7ym!#93Jh@f8R+d?C?YZ z!Jh^8)y%%Q!zbi|dhepK?h=obM^61r5&-!=6|qV}6pd!obulx?*jL7N7!udPEOTJh zv|}Br)52HUDrzm*>llaQ$9gZ(!d;OnGokU0w*?grVN`Ej!o{nq8n5+kO^{;|Lv97m zI#)paap)peTE_t3HkI}}NsTyq4Pno$r!5)h3ISsIXeslH9!ENR- zK<09fvSTU<*9TFmcIrqq`DZmTx}4u!C4U8s2ABzgGu~NBLR^(0m`n|fa86ESNm zts%ouP{!MibbQ;Kj7`Ms2@%*9A;WDH5L2PINo{(NKSK8GPYS4q)lhOvgTSk zHWlO(Np&iG8(=%5Jr3sToNq3WP$yqi8MwHVYp{BQ81k^lq#5Ia9Ea!#!%b!T1zag1 z?t=OwG7h!3r)-hr1{o1Maiscs`+Yiq_>}qJJ!;p&F0&9-)X)j5!fqb zQArnTAdCBz&wLv@@aitDnUYu-Yjhj(aLsp zRO)h%XNz9vD3Tx4k!m@51T+ZU^dzvXEL4Me(G;mg1kKS&AJ-ePL{P=9^-)@&VA(2& zF*GZ!;bzuo8L0+3#nO9MFUyXMU|bi91aVpR27y^fJJlv*KQ9^c+ET_>)2QjKliXw?9~S2S8;}2_ zjtq(eK{fH8!;^!fT>PhZ*xko}c2d5T_)l8wb{GgsEP8!JD5=^cG?YCftR_a3RDR-M z(R_GYB5IUIJ}&$4(LQ{%4W?is!1GD>S9z- z)=k7%GH90sTq2nqVPQ{{p)D3AjB-3xTF%qQ%5T&~ul22`W!AEB`;~lQb?krnGT;de>wYH`%4c7A^5_ zz0hzYTH+~(y4K7v27|#6@rm($d{+wNn#qt`w5ONL{;2CLl>*yh4yQczLSsVDc8o?pmELZ zl?~vaNFJo`n;b0S@U4yx2rA`G5ahZupz%eOl?M>SyUOSLxz(!CB-rp=-K-ff9N_5U z()4wlFLF2xTCD{*Htgj=j8hHSX_EC-rR$TsG`<@mxqN450q_I7mKF6L21xCO*kO5q zLCCGKtpd;Yr`(j%HbS;gTRWVR)!mx+g9Rkdw^!7VEGt5wH)8CRD+SE02rkL98%}WY@|HEpgl#b?UG?T`u?&Ko+3HD z8>1A=16)%FL$YHd7G+1B2g9-0ekV(kzdUYikV@?qDTnz0?^C->o`PUS@^2qDMsjNJ zc_qmc4AG`PMXqi#PoNBm@2Eu9*2)76`lp@K&KgvwNUl7nW{`aDb<&B2qi}ZQpgh3f z_Yln@MT-;YLZ(UIFD5yw z&kIT3(JW)Lx?H~bJw5AMMDmVi8B&*fR%b)HT(PTskosJ6UCyy(WAlp5>N57Hi&^&o zFa0TD)c3G2V2T)#^AH~0vK}DLv9oQbY*XG>)!i3`LF!js@d@K1n~I85ov>d+@>9e` z9$;`ax~AerFDF{1ze`B2jEm$+eu}urrlKNM=eHMnxrzCTfNd!*k}_Y1iTOHQJ}Q#C z7Ogt=)g&qslf0c7bcxLgw#`Ie$0wYUBaqR;)B>cppsi#))tH(Jp^@*XSq1UOTS_fQIBZ6+`OLTV zPN{`~kwllPC{?R{S!BZ`&}d!UtHezJ9|Y3_mv-xU!u$BF!=kRgy7^*Qhho@bQV8IxT?n^S34p8H|0lsSOworko?pu^7mz5 W_GMpoQ~oai0RR8{Y&-4%x&QzjH=1.15.0-0" +version: 0.0.14 +appVersion: 0.0.14 +kubeVersion: ">=1.16.0-0" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png sources: diff --git a/charts/secrets-store-csi-driver/README.md b/charts/secrets-store-csi-driver/README.md index 71df05b29..608ed5856 100644 --- a/charts/secrets-store-csi-driver/README.md +++ b/charts/secrets-store-csi-driver/README.md @@ -25,7 +25,8 @@ The following table lists the configurable parameters of the csi-secrets-store-p | `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` | | `linux.image.repository` | Linux image repository | `us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver` | | `linux.image.pullPolicy` | Linux image pull policy | `Always` | -| `linux.image.tag` | Linux image tag | `v0.0.13` | +| `linux.image.tag` | Linux image tag | `v0.0.14` | +| `linux.driver.resources` | The resource request/limits for the linux secrets-store container image | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` | | `linux.enabled` | Install secrets store csi driver on linux nodes | true | | `linux.kubeletRootDir` | Configure the kubelet root dir | `/var/lib/kubelet` | | `linux.nodeSelector` | Node Selector for the daemonset on linux nodes | `{}` | @@ -34,13 +35,16 @@ The following table lists the configurable parameters of the csi-secrets-store-p | `linux.registrarImage.repository` | Linux node-driver-registrar image repository | `quay.io/k8scsi/csi-node-driver-registrar` | | `linux.registrarImage.pullPolicy` | Linux node-driver-registrar image pull policy | `Always` | | `linux.registrarImage.tag` | Linux node-driver-registrar image tag | `v1.2.0` | +| `linux.registrar.resources` | The resource request/limits for the linux node-driver-registrar container image | `limits: 100m CPU, 100Mi; requests: 10m CPU, 20Mi` | | `linux.livenessProbeImage.repository` | Linux liveness-probe image repository | `quay.io/k8scsi/livenessprobe` | | `linux.livenessProbeImage.pullPolicy` | Linux liveness-probe image pull policy | `Always` | | `linux.livenessProbeImage.tag` | Linux liveness-probe image tag | `v2.0.0` | +| `linux.livenessProbe.resources` | The resource request/limits for the linux liveness-probe container image | `limits: 100m CPU, 100Mi; requests: 10m CPU, 20Mi` | | `linux.env` | Environment variables to be passed for the daemonset on linux nodes | `[]` | | `windows.image.repository` | Windows image repository | `us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver` | | `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` | -| `windows.image.tag` | Windows image tag | `v0.0.13` | +| `windows.image.tag` | Windows image tag | `v0.0.14` | +| `windows.driver.resources` | The resource request/limits for the windows secrets-store container image | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` | | `windows.enabled` | Install secrets store csi driver on windows nodes | false | | `windows.kubeletRootDir` | Configure the kubelet root dir | `C:\var\lib\kubelet` | | `windows.nodeSelector` | Node Selector for the daemonset on windows nodes | `{}` | @@ -49,9 +53,11 @@ The following table lists the configurable parameters of the csi-secrets-store-p | `windows.registrarImage.repository` | Windows node-driver-registrar image repository | `mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar` | | `windows.registrarImage.pullPolicy` | Windows node-driver-registrar image pull policy | `Always` | | `windows.registrarImage.tag` | Windows node-driver-registrar image tag | `v1.2.1-alpha.1-windows-1809-amd64` | +| `windows.registrar.resources` | The resource request/limits for the windows node-driver-registrar container image | `limits: 200m CPU, 200Mi; requests: 10m CPU, 20Mi` | | `windows.livenessProbeImage.repository` | Windows liveness-probe image repository | `mcr.microsoft.com/oss/kubernetes-csi/livenessprobe` | | `windows.livenessProbeImage.pullPolicy` | Windows liveness-probe image pull policy | `Always` | | `windows.livenessProbeImage.tag` | Windows liveness-probe image tag | `v2.0.1-alpha.1-windows-1809-amd64` | +| `windows.livenessProbe.resources` | The resource request/limits for the windows liveness-probe container image | `limits: 200m CPU, 200Mi; requests: 10m CPU, 20Mi` | | `windows.env` | Environment variables to be passed for the daemonset on windows nodes | `[]` | | `logLevel.debug` | Enable debug logging | true | | `livenessProbe.port` | Liveness probe port | `9808` | @@ -59,3 +65,4 @@ The following table lists the configurable parameters of the csi-secrets-store-p | `rbac.install` | Install default rbac roles and bindings | true | | `syncSecret.enabled` | Enable rbac roles and bindings required for syncing to Kubernetes native secrets (the default will change to false after v0.0.14) | true | | `minimumProviderVersions` | A comma delimited list of key-value pairs of minimum provider versions with driver | `""` | +| `grpcSupportedProviders` | A `;` delimited list of providers that support grpc for driver-provider [alpha] | `""` | diff --git a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml index 22fd9006e..a12b834fb 100644 --- a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml +++ b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml @@ -42,6 +42,10 @@ spec: mountPath: C:\csi - name: registration-dir mountPath: C:\registration +{{- with .Values.windows.registrar.resources }} + resources: +{{ toYaml . | indent 12 }} +{{- end }} - name: secrets-store image: "{{ .Values.windows.image.repository }}:{{ .Values.windows.image.tag }}" args: @@ -52,6 +56,9 @@ spec: {{- if and (semverCompare ">= v0.0.9-0" .Values.windows.image.tag) .Values.minimumProviderVersions }} - "--min-provider-version={{ .Values.minimumProviderVersions }}" {{- end }} + {{- if and (semverCompare ">= v0.0.14-0" .Values.windows.image.tag) .Values.grpcSupportedProviders }} + - "--grpc-supported-providers={{ .Values.grpcSupportedProviders }}" + {{- end }} - "--metrics-addr={{ .Values.windows.metricsAddr }}" env: {{- with .Values.windows.env }} @@ -89,6 +96,10 @@ spec: mountPropagation: Bidirectional - name: providers-dir mountPath: C:\k\secrets-store-csi-providers +{{- with .Values.windows.driver.resources }} + resources: +{{ toYaml . | indent 12 }} +{{- end }} {{- if semverCompare ">= v0.0.9-0" .Values.windows.image.tag }} - name: liveness-probe image: "{{ .Values.windows.livenessProbeImage.repository }}:{{ .Values.windows.livenessProbeImage.tag }}" @@ -100,6 +111,10 @@ spec: volumeMounts: - name: plugin-dir mountPath: C:\csi +{{- with .Values.windows.livenessProbe.resources }} + resources: +{{ toYaml . | indent 12 }} +{{- end }} {{- end }} volumes: - name: mountpoint-dir diff --git a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml index 50ccf33fc..fcbee8b75 100644 --- a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml +++ b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml @@ -44,6 +44,10 @@ spec: mountPath: /csi - name: registration-dir mountPath: /registration +{{- with .Values.linux.registrar.resources }} + resources: +{{ toYaml . | indent 12 }} +{{- end }} - name: secrets-store image: "{{ .Values.linux.image.repository }}:{{ .Values.linux.image.tag }}" args: @@ -54,6 +58,9 @@ spec: {{- if and (semverCompare ">= v0.0.8-0" .Values.linux.image.tag) .Values.minimumProviderVersions }} - "--min-provider-version={{ .Values.minimumProviderVersions }}" {{- end }} + {{- if and (semverCompare ">= v0.0.14-0" .Values.linux.image.tag) .Values.grpcSupportedProviders }} + - "--grpc-supported-providers={{ .Values.grpcSupportedProviders }}" + {{- end }} - "--metrics-addr={{ .Values.linux.metricsAddr }}" env: {{- with .Values.linux.env }} @@ -91,6 +98,10 @@ spec: mountPropagation: Bidirectional - name: providers-dir mountPath: /etc/kubernetes/secrets-store-csi-providers +{{- with .Values.linux.driver.resources }} + resources: +{{ toYaml . | indent 12 }} +{{- end }} {{- if semverCompare ">= v0.0.8-0" .Values.linux.image.tag }} - name: liveness-probe image: "{{ .Values.linux.livenessProbeImage.repository }}:{{ .Values.linux.livenessProbeImage.tag }}" @@ -103,6 +114,10 @@ spec: volumeMounts: - name: plugin-dir mountPath: /csi +{{- with .Values.linux.livenessProbe.resources }} + resources: +{{ toYaml . | indent 12 }} +{{- end }} {{- end }} volumes: - name: mountpoint-dir diff --git a/charts/secrets-store-csi-driver/templates/secrets-store.csi.x-k8s.io_secretproviderclasses.yaml b/charts/secrets-store-csi-driver/templates/secrets-store.csi.x-k8s.io_secretproviderclasses.yaml index 36df2f17f..6af278238 100644 --- a/charts/secrets-store-csi-driver/templates/secrets-store.csi.x-k8s.io_secretproviderclasses.yaml +++ b/charts/secrets-store-csi-driver/templates/secrets-store.csi.x-k8s.io_secretproviderclasses.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 + controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null name: secretproviderclasses.secrets-store.csi.x-k8s.io spec: @@ -14,89 +14,87 @@ spec: listKind: SecretProviderClassList plural: secretproviderclasses singular: secretproviderclass - preserveUnknownFields: false scope: Namespaced - validation: - openAPIV3Schema: - description: SecretProviderClass is the Schema for the secretproviderclasses - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SecretProviderClassSpec defines the desired state of SecretProviderClass - properties: - parameters: - additionalProperties: + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: SecretProviderClass is the Schema for the secretproviderclasses + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SecretProviderClassSpec defines the desired state of SecretProviderClass + properties: + parameters: + additionalProperties: + type: string + description: Configuration for specific provider + type: object + provider: + description: Configuration for provider name type: string - description: Configuration for specific provider - type: object - provider: - description: Configuration for provider name - type: string - secretObjects: - items: - description: SecretObject defines the desired state of synced K8s - secret objects - properties: - data: - items: - description: SecretObjectData defines the desired state of synced - K8s secret object data - properties: - key: - description: data field to populate - type: string - objectName: - description: name of the object to sync - type: string + secretObjects: + items: + description: SecretObject defines the desired state of synced K8s + secret objects + properties: + data: + items: + description: SecretObjectData defines the desired state of + synced K8s secret object data + properties: + key: + description: data field to populate + type: string + objectName: + description: name of the object to sync + type: string + type: object + type: array + labels: + additionalProperties: + type: string + description: labels of K8s secret object type: object - type: array - labels: - additionalProperties: + secretName: + description: name of the K8s secret object type: string - description: labels of K8s secret object - type: object - secretName: - description: name of the K8s secret object - type: string - type: - description: type of K8s secret object - type: string - type: object - type: array - type: object - status: - description: SecretProviderClassStatus defines the observed state of SecretProviderClass - properties: - byPod: - items: - description: ByPodStatus defines the state of SecretProviderClass - as seen by an individual controller - properties: - id: - description: id of the pod that wrote the status - type: string - namespace: - description: namespace of the pod that wrote the status - type: string - type: object - type: array - type: object - type: object - version: v1alpha1 - versions: - - name: v1alpha1 + type: + description: type of K8s secret object + type: string + type: object + type: array + type: object + status: + description: SecretProviderClassStatus defines the observed state of SecretProviderClass + properties: + byPod: + items: + description: ByPodStatus defines the state of SecretProviderClass + as seen by an individual controller + properties: + id: + description: id of the pod that wrote the status + type: string + namespace: + description: namespace of the pod that wrote the status + type: string + type: object + type: array + type: object + type: object served: true storage: true status: diff --git a/charts/secrets-store-csi-driver/templates/secrets-store.csi.x-k8s.io_secretproviderclasspodstatuses.yaml b/charts/secrets-store-csi-driver/templates/secrets-store.csi.x-k8s.io_secretproviderclasspodstatuses.yaml index 098e25531..0cb6d27d8 100644 --- a/charts/secrets-store-csi-driver/templates/secrets-store.csi.x-k8s.io_secretproviderclasspodstatuses.yaml +++ b/charts/secrets-store-csi-driver/templates/secrets-store.csi.x-k8s.io_secretproviderclasspodstatuses.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 + controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null name: secretproviderclasspodstatuses.secrets-store.csi.x-k8s.io spec: @@ -14,44 +14,53 @@ spec: listKind: SecretProviderClassPodStatusList plural: secretproviderclasspodstatuses singular: secretproviderclasspodstatus - preserveUnknownFields: false scope: Namespaced - validation: - openAPIV3Schema: - description: SecretProviderClassPodStatus is the Schema for the secretproviderclassespodstatus - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: SecretProviderClassPodStatusStatus defines the observed state - of SecretProviderClassPodStatus - properties: - mounted: - type: boolean - podName: - type: string - podUID: - type: string - secretProviderClassName: - type: string - targetPath: - type: string - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: SecretProviderClassPodStatus is the Schema for the secretproviderclassespodstatus + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: SecretProviderClassPodStatusStatus defines the observed state + of SecretProviderClassPodStatus + properties: + mounted: + type: boolean + objects: + items: + description: SecretProviderClassObject defines the object fetched + from external secrets store + properties: + id: + type: string + version: + type: string + type: object + type: array + podName: + type: string + podUID: + type: string + secretProviderClassName: + type: string + targetPath: + type: string + type: object + type: object served: true storage: true status: diff --git a/charts/secrets-store-csi-driver/values.yaml b/charts/secrets-store-csi-driver/values.yaml index ca74e6df8..9677723ef 100644 --- a/charts/secrets-store-csi-driver/values.yaml +++ b/charts/secrets-store-csi-driver/values.yaml @@ -2,16 +2,46 @@ linux: enabled: true image: repository: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver - tag: v0.0.13 + tag: v0.0.14 pullPolicy: Always + + driver: + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 50m + memory: 100Mi + registrarImage: repository: quay.io/k8scsi/csi-node-driver-registrar tag: v1.2.0 pullPolicy: Always + + registrar: + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + livenessProbeImage: repository: quay.io/k8scsi/livenessprobe tag: v2.0.0 pullPolicy: Always + + livenessProbe: + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + kubeletRootDir: /var/lib/kubelet nodeSelector: {} tolerations: [] @@ -22,16 +52,46 @@ windows: enabled: false image: repository: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver - tag: v0.0.13 + tag: v0.0.14 pullPolicy: IfNotPresent + + driver: + resources: + limits: + cpu: 400m + memory: 400Mi + requests: + cpu: 50m + memory: 100Mi + registrarImage: repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar tag: v1.2.1-alpha.1-windows-1809-amd64 - pullPolicy: Always + pullPolicy: IfNotPresent + + registrar: + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 10m + memory: 20Mi + livenessProbeImage: repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe tag: v2.0.1-alpha.1-windows-1809-amd64 - pullPolicy: Always + pullPolicy: IfNotPresent + + livenessProbe: + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 10m + memory: 20Mi + kubeletRootDir: C:\var\lib\kubelet nodeSelector: {} tolerations: [] @@ -58,3 +118,6 @@ syncSecret: ## A comma delimited list of key-value pairs of minimum provider versions ## e.g. provider1=0.0.2,provider2=0.0.3 minimumProviderVersions: + +## ; delimited list of providers that support grpc for driver-provider [alpha] +grpcSupportedProviders: diff --git a/deploy/secrets-store-csi-driver-windows.yaml b/deploy/secrets-store-csi-driver-windows.yaml index 19dc49782..e93c38bec 100644 --- a/deploy/secrets-store-csi-driver-windows.yaml +++ b/deploy/secrets-store-csi-driver-windows.yaml @@ -40,8 +40,15 @@ spec: mountPath: C:\csi - name: registration-dir mountPath: C:\registration + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 10m + memory: 20Mi - name: secrets-store - image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.13 + image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.14 args: - "--debug=true" - "--endpoint=$(CSI_ENDPOINT)" @@ -71,6 +78,13 @@ spec: initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 15 + resources: + limits: + cpu: 400m + memory: 400Mi + requests: + cpu: 50m + memory: 100Mi volumeMounts: - name: plugin-dir mountPath: C:\csi @@ -89,6 +103,13 @@ spec: volumeMounts: - name: plugin-dir mountPath: C:\csi + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 10m + memory: 20Mi volumes: - name: mountpoint-dir hostPath: diff --git a/deploy/secrets-store-csi-driver.yaml b/deploy/secrets-store-csi-driver.yaml index 6a783d12f..8358140e0 100644 --- a/deploy/secrets-store-csi-driver.yaml +++ b/deploy/secrets-store-csi-driver.yaml @@ -41,8 +41,15 @@ spec: mountPath: /csi - name: registration-dir mountPath: /registration + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi - name: secrets-store - image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.13 + image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.14 args: - "--debug=true" - "--endpoint=$(CSI_ENDPOINT)" @@ -80,6 +87,13 @@ spec: mountPropagation: Bidirectional - name: providers-dir mountPath: /etc/kubernetes/secrets-store-csi-providers + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 50m + memory: 100Mi - name: liveness-probe image: quay.io/k8scsi/livenessprobe:v2.0.0 imagePullPolicy: Always @@ -91,6 +105,13 @@ spec: volumeMounts: - name: plugin-dir mountPath: /csi + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi volumes: - name: mountpoint-dir hostPath: diff --git a/deploy/secrets-store.csi.x-k8s.io_secretproviderclasses.yaml b/deploy/secrets-store.csi.x-k8s.io_secretproviderclasses.yaml index 36df2f17f..6af278238 100644 --- a/deploy/secrets-store.csi.x-k8s.io_secretproviderclasses.yaml +++ b/deploy/secrets-store.csi.x-k8s.io_secretproviderclasses.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 + controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null name: secretproviderclasses.secrets-store.csi.x-k8s.io spec: @@ -14,89 +14,87 @@ spec: listKind: SecretProviderClassList plural: secretproviderclasses singular: secretproviderclass - preserveUnknownFields: false scope: Namespaced - validation: - openAPIV3Schema: - description: SecretProviderClass is the Schema for the secretproviderclasses - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SecretProviderClassSpec defines the desired state of SecretProviderClass - properties: - parameters: - additionalProperties: + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: SecretProviderClass is the Schema for the secretproviderclasses + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SecretProviderClassSpec defines the desired state of SecretProviderClass + properties: + parameters: + additionalProperties: + type: string + description: Configuration for specific provider + type: object + provider: + description: Configuration for provider name type: string - description: Configuration for specific provider - type: object - provider: - description: Configuration for provider name - type: string - secretObjects: - items: - description: SecretObject defines the desired state of synced K8s - secret objects - properties: - data: - items: - description: SecretObjectData defines the desired state of synced - K8s secret object data - properties: - key: - description: data field to populate - type: string - objectName: - description: name of the object to sync - type: string + secretObjects: + items: + description: SecretObject defines the desired state of synced K8s + secret objects + properties: + data: + items: + description: SecretObjectData defines the desired state of + synced K8s secret object data + properties: + key: + description: data field to populate + type: string + objectName: + description: name of the object to sync + type: string + type: object + type: array + labels: + additionalProperties: + type: string + description: labels of K8s secret object type: object - type: array - labels: - additionalProperties: + secretName: + description: name of the K8s secret object type: string - description: labels of K8s secret object - type: object - secretName: - description: name of the K8s secret object - type: string - type: - description: type of K8s secret object - type: string - type: object - type: array - type: object - status: - description: SecretProviderClassStatus defines the observed state of SecretProviderClass - properties: - byPod: - items: - description: ByPodStatus defines the state of SecretProviderClass - as seen by an individual controller - properties: - id: - description: id of the pod that wrote the status - type: string - namespace: - description: namespace of the pod that wrote the status - type: string - type: object - type: array - type: object - type: object - version: v1alpha1 - versions: - - name: v1alpha1 + type: + description: type of K8s secret object + type: string + type: object + type: array + type: object + status: + description: SecretProviderClassStatus defines the observed state of SecretProviderClass + properties: + byPod: + items: + description: ByPodStatus defines the state of SecretProviderClass + as seen by an individual controller + properties: + id: + description: id of the pod that wrote the status + type: string + namespace: + description: namespace of the pod that wrote the status + type: string + type: object + type: array + type: object + type: object served: true storage: true status: diff --git a/deploy/secrets-store.csi.x-k8s.io_secretproviderclasspodstatuses.yaml b/deploy/secrets-store.csi.x-k8s.io_secretproviderclasspodstatuses.yaml index 098e25531..0cb6d27d8 100644 --- a/deploy/secrets-store.csi.x-k8s.io_secretproviderclasspodstatuses.yaml +++ b/deploy/secrets-store.csi.x-k8s.io_secretproviderclasspodstatuses.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.3.0 + controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null name: secretproviderclasspodstatuses.secrets-store.csi.x-k8s.io spec: @@ -14,44 +14,53 @@ spec: listKind: SecretProviderClassPodStatusList plural: secretproviderclasspodstatuses singular: secretproviderclasspodstatus - preserveUnknownFields: false scope: Namespaced - validation: - openAPIV3Schema: - description: SecretProviderClassPodStatus is the Schema for the secretproviderclassespodstatus - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - status: - description: SecretProviderClassPodStatusStatus defines the observed state - of SecretProviderClassPodStatus - properties: - mounted: - type: boolean - podName: - type: string - podUID: - type: string - secretProviderClassName: - type: string - targetPath: - type: string - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: SecretProviderClassPodStatus is the Schema for the secretproviderclassespodstatus + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: SecretProviderClassPodStatusStatus defines the observed state + of SecretProviderClassPodStatus + properties: + mounted: + type: boolean + objects: + items: + description: SecretProviderClassObject defines the object fetched + from external secrets store + properties: + id: + type: string + version: + type: string + type: object + type: array + podName: + type: string + podUID: + type: string + secretProviderClassName: + type: string + targetPath: + type: string + type: object + type: object served: true storage: true status: diff --git a/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml b/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml index 6b5bf01e3..f092636ee 100644 --- a/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml +++ b/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: secrets-store-csi-driver -version: 0.0.13 -appVersion: 0.0.13 -kubeVersion: ">=1.15.0-0" +version: 0.0.14 +appVersion: 0.0.14 +kubeVersion: ">=1.16.0-0" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png sources: diff --git a/manifest_staging/charts/secrets-store-csi-driver/README.md b/manifest_staging/charts/secrets-store-csi-driver/README.md index f1d65072d..608ed5856 100644 --- a/manifest_staging/charts/secrets-store-csi-driver/README.md +++ b/manifest_staging/charts/secrets-store-csi-driver/README.md @@ -25,7 +25,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p | `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` | | `linux.image.repository` | Linux image repository | `us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver` | | `linux.image.pullPolicy` | Linux image pull policy | `Always` | -| `linux.image.tag` | Linux image tag | `v0.0.13` | +| `linux.image.tag` | Linux image tag | `v0.0.14` | | `linux.driver.resources` | The resource request/limits for the linux secrets-store container image | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` | | `linux.enabled` | Install secrets store csi driver on linux nodes | true | | `linux.kubeletRootDir` | Configure the kubelet root dir | `/var/lib/kubelet` | @@ -43,7 +43,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p | `linux.env` | Environment variables to be passed for the daemonset on linux nodes | `[]` | | `windows.image.repository` | Windows image repository | `us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver` | | `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` | -| `windows.image.tag` | Windows image tag | `v0.0.13` | +| `windows.image.tag` | Windows image tag | `v0.0.14` | | `windows.driver.resources` | The resource request/limits for the windows secrets-store container image | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` | | `windows.enabled` | Install secrets store csi driver on windows nodes | false | | `windows.kubeletRootDir` | Configure the kubelet root dir | `C:\var\lib\kubelet` | diff --git a/manifest_staging/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml b/manifest_staging/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml index e2902d155..a12b834fb 100644 --- a/manifest_staging/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml +++ b/manifest_staging/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml @@ -56,7 +56,7 @@ spec: {{- if and (semverCompare ">= v0.0.9-0" .Values.windows.image.tag) .Values.minimumProviderVersions }} - "--min-provider-version={{ .Values.minimumProviderVersions }}" {{- end }} - {{- if and (semverCompare ">= v0.0.14-0" .Values.linux.image.tag) .Values.grpcSupportedProviders }} + {{- if and (semverCompare ">= v0.0.14-0" .Values.windows.image.tag) .Values.grpcSupportedProviders }} - "--grpc-supported-providers={{ .Values.grpcSupportedProviders }}" {{- end }} - "--metrics-addr={{ .Values.windows.metricsAddr }}" diff --git a/manifest_staging/charts/secrets-store-csi-driver/values.yaml b/manifest_staging/charts/secrets-store-csi-driver/values.yaml index 9fad32776..9677723ef 100644 --- a/manifest_staging/charts/secrets-store-csi-driver/values.yaml +++ b/manifest_staging/charts/secrets-store-csi-driver/values.yaml @@ -2,7 +2,7 @@ linux: enabled: true image: repository: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver - tag: v0.0.13 + tag: v0.0.14 pullPolicy: Always driver: @@ -52,7 +52,7 @@ windows: enabled: false image: repository: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver - tag: v0.0.13 + tag: v0.0.14 pullPolicy: IfNotPresent driver: diff --git a/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml b/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml index fcab55696..e93c38bec 100644 --- a/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml +++ b/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml @@ -48,7 +48,7 @@ spec: cpu: 10m memory: 20Mi - name: secrets-store - image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.13 + image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.14 args: - "--debug=true" - "--endpoint=$(CSI_ENDPOINT)" diff --git a/manifest_staging/deploy/secrets-store-csi-driver.yaml b/manifest_staging/deploy/secrets-store-csi-driver.yaml index fbb10ab90..8358140e0 100644 --- a/manifest_staging/deploy/secrets-store-csi-driver.yaml +++ b/manifest_staging/deploy/secrets-store-csi-driver.yaml @@ -49,7 +49,7 @@ spec: cpu: 10m memory: 20Mi - name: secrets-store - image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.13 + image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.14 args: - "--debug=true" - "--endpoint=$(CSI_ENDPOINT)"