Skip to content

Commit

Permalink
Merge pull request #662 from aramase/automated-cherry-pick-of-#660-up…
Browse files Browse the repository at this point in the history
…stream-release-0.1

Automated cherry pick of #660: release: update manifests for v0.1.0
  • Loading branch information
k8s-ci-robot authored Jul 26, 2021
2 parents 1a1ddca + d42639b commit 7f131d7
Show file tree
Hide file tree
Showing 24 changed files with 308 additions and 133 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -436,7 +436,7 @@ e2e-aws:
manifests: $(CONTROLLER_GEN) $(KUSTOMIZE)
# Generate the base CRD/RBAC
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=secretproviderclasses-role paths="./apis/..." paths="./controllers" output:crd:artifacts:config=config/crd/bases
cp config/crd/bases/* manifest_staging/charts/secrets-store-csi-driver/templates
cp config/crd/bases/* manifest_staging/charts/secrets-store-csi-driver/crds
cp config/crd/bases/* manifest_staging/deploy/

# generate rbac-secretproviderclass
Expand Down
19 changes: 18 additions & 1 deletion charts/index.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,23 @@
apiVersion: v1
entries:
secrets-store-csi-driver:
- apiVersion: v2
appVersion: 0.1.0
created: "2021-07-26T09:41:27.883002-07:00"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes
cluster.
digest: 4a8afc66ad5d9b42c3759213520da7024e966dbe0ab13a005f03fe32b10fac2e
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
kubeVersion: '>=1.16.0-0'
maintainers:
- email: ritazh@microsoft.com
name: Rita Zhang
name: secrets-store-csi-driver
sources:
- https://github.com/kubernetes-sigs/secrets-store-csi-driver
urls:
- https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.1.0.tgz
version: 0.1.0
- apiVersion: v1
appVersion: 0.0.23
created: "2021-06-10T12:27:24.468813-07:00"
Expand Down Expand Up @@ -256,4 +273,4 @@ entries:
urls:
- https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.9.tgz
version: 0.0.9
generated: "2021-06-10T12:27:24.466683-07:00"
generated: "2021-07-26T09:41:27.881293-07:00"
Binary file added charts/secrets-store-csi-driver-0.1.0.tgz
Binary file not shown.
6 changes: 3 additions & 3 deletions charts/secrets-store-csi-driver/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
apiVersion: v2
name: secrets-store-csi-driver
version: 0.0.23
appVersion: 0.0.23
version: 0.1.0
appVersion: 0.1.0
kubeVersion: ">=1.16.0-0"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
Expand Down
155 changes: 80 additions & 75 deletions charts/secrets-store-csi-driver/README.md

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,11 @@ spec:
items:
description: SecretObject defines the desired state of synced K8s secret objects
properties:
annotations:
additionalProperties:
type: string
description: annotations of k8s secret object
type: object
data:
items:
description: SecretObjectData defines the desired state of synced K8s secret object data
Expand Down
71 changes: 71 additions & 0 deletions charts/secrets-store-csi-driver/templates/crds-upgrade-hook.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "sscd.fullname" . }}-upgrade-crds
{{ include "sscd.labels" . | indent 2 }}
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "1"
rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "create", "update", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "sscd.fullname" . }}-upgrade-crds
{{ include "sscd.labels" . | indent 2 }}
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "1"
subjects:
- kind: ServiceAccount
name: {{ template "sscd.fullname" . }}-upgrade-crds
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ template "sscd.fullname" . }}-upgrade-crds
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "sscd.fullname" . }}-upgrade-crds
namespace: {{ .Release.Namespace }}
{{ include "sscd.labels" . | indent 2 }}
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "1"
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "sscd.fullname" . }}-upgrade-crds
namespace: {{ .Release.Namespace }}
{{ include "sscd.labels" . | indent 2 }}
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-weight: "1"
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
spec:
backoffLimit: 0
template:
metadata:
name: {{ template "sscd.fullname" . }}-upgrade-crds
spec:
serviceAccountName: {{ template "sscd.fullname" . }}-upgrade-crds
restartPolicy: Never
containers:
- name: crds-upgrade
image: "{{ .Values.linux.crds.image.repository }}:{{ .Values.linux.crds.image.tag }}"
args:
- apply
- -f
- crds/
imagePullPolicy: {{ .Values.linux.crds.image.pullPolicy }}
nodeSelector:
kubernetes.io/os: linux
2 changes: 0 additions & 2 deletions charts/secrets-store-csi-driver/templates/csidriver.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@ metadata:
spec:
podInfoOnMount: true
attachRequired: false
{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.Version }}
# Added in Kubernetes 1.16 with default mode of Persistent. Secrets store csi driver needs Ephermeral to be set.
volumeLifecycleModes:
- Ephemeral
{{ end }}
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "sscd.fullname" . }}-keep-crds
{{ include "sscd.labels" . | indent 2 }}
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "2"
rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "sscd.fullname" . }}-keep-crds
{{ include "sscd.labels" . | indent 2 }}
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "2"
subjects:
- kind: ServiceAccount
name: {{ template "sscd.fullname" . }}-keep-crds
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ template "sscd.fullname" . }}-keep-crds
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "sscd.fullname" . }}-keep-crds
namespace: {{ .Release.Namespace }}
{{ include "sscd.labels" . | indent 2 }}
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "2"
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "sscd.fullname" . }}-keep-crds
namespace: {{ .Release.Namespace }}
{{ include "sscd.labels" . | indent 2 }}
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-weight: "2"
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
spec:
backoffLimit: 0
template:
metadata:
name: {{ template "sscd.fullname" . }}-keep-crds
spec:
serviceAccountName: {{ template "sscd.fullname" . }}-keep-crds
restartPolicy: Never
containers:
- name: crds-keep
image: "{{ .Values.linux.crds.image.repository }}:{{ .Values.linux.crds.image.tag }}"
args:
- patch
- crd
- secretproviderclasses.secrets-store.csi.x-k8s.io
- secretproviderclasspodstatuses.secrets-store.csi.x-k8s.io
- -p
- '{"metadata":{"annotations": {"helm.sh/resource-policy": "keep"}}}'
imagePullPolicy: {{ .Values.linux.crds.image.pullPolicy }}
nodeSelector:
kubernetes.io/os: linux
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,11 @@ spec:
{{ toYaml .Values.windows.updateStrategy | indent 4 }}
template:
metadata:
{{- if .Values.windows.podAnnotations }}
annotations:
kubectl.kubernetes.io/default-logs-container: secrets-store
{{- if .Values.windows.podAnnotations }}
{{ toYaml .Values.windows.podAnnotations | indent 8 }}
{{- end }}
{{- end }}
{{ include "sscd.labels" . | indent 6 }}
{{- if .Values.windows.podLabels }}
{{- toYaml .Values.windows.podLabels | nindent 8 }}
Expand Down Expand Up @@ -103,8 +103,6 @@ spec:
apiVersion: v1
fieldPath: spec.nodeName
imagePullPolicy: {{ .Values.windows.image.pullPolicy }}
securityContext:
privileged: true
{{- if semverCompare ">= v0.0.9-0" .Values.windows.image.tag }}
ports:
- containerPort: {{ .Values.livenessProbe.port }}
Expand All @@ -124,7 +122,6 @@ spec:
mountPath: C:\csi
- name: mountpoint-dir
mountPath: {{ .Values.windows.kubeletRootDir }}\pods
mountPropagation: Bidirectional
- name: providers-dir
mountPath: C:\k\secrets-store-csi-providers
{{- if .Values.windows.volumeMounts }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,11 @@ spec:
{{ toYaml .Values.linux.updateStrategy | indent 4 }}
template:
metadata:
{{- if .Values.linux.podAnnotations }}
annotations:
kubectl.kubernetes.io/default-logs-container: secrets-store
{{- if .Values.linux.podAnnotations }}
{{ toYaml .Values.linux.podAnnotations | indent 8 }}
{{- end }}
{{- end }}
{{ include "sscd.labels" . | indent 6 }}
{{- if .Values.linux.podLabels }}
{{- toYaml .Values.linux.podLabels | nindent 8 }}
Expand Down
12 changes: 9 additions & 3 deletions charts/secrets-store-csi-driver/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,14 @@ linux:
enabled: true
image:
repository: k8s.gcr.io/csi-secrets-store/driver
tag: v0.0.23
tag: v0.1.0
pullPolicy: IfNotPresent

crds:
image:
repository: k8s.gcr.io/csi-secrets-store/driver-crds
tag: v0.1.0
pullPolicy: IfNotPresent

## Prevent the CSI driver from being scheduled on virtual-kublet nodes
affinity:
Expand Down Expand Up @@ -86,7 +92,7 @@ windows:
enabled: false
image:
repository: k8s.gcr.io/csi-secrets-store/driver
tag: v0.0.23
tag: v0.1.0
pullPolicy: IfNotPresent

## Prevent the CSI driver from being scheduled on virtual-kublet nodes
Expand Down Expand Up @@ -194,7 +200,7 @@ enableSecretRotation: false
rotationPollInterval:

## Filtered watch nodePublishSecretRef secrets
filteredWatchSecret: false
filteredWatchSecret: true

## Provider HealthCheck
providerHealthCheck: false
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,11 @@ spec:
items:
description: SecretObject defines the desired state of synced K8s secret objects
properties:
annotations:
additionalProperties:
type: string
description: annotations of k8s secret object
type: object
data:
items:
description: SecretObjectData defines the desired state of synced K8s secret object data
Expand All @@ -61,11 +66,6 @@ spec:
type: string
description: labels of K8s secret object
type: object
annotations:
additionalProperties:
type: string
description: annotations of K8s secret object
type: object
secretName:
description: name of the K8s secret object
type: string
Expand Down
29 changes: 13 additions & 16 deletions deploy/secrets-store-csi-driver-windows.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -42,15 +42,15 @@ spec:
cpu: 10m
memory: 20Mi
- name: secrets-store
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.23
image: k8s.gcr.io/csi-secrets-store/driver:v0.1.0
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
- "--provider-volume=C:\\k\\secrets-store-csi-providers"
- "--metrics-addr=:8095"
- "--enable-secret-rotation=false"
- "--rotation-poll-interval=2m"
- "--filtered-watch-secret=false"
- "--filtered-watch-secret=true"
- "--provider-health-check=false"
- "--provider-health-check-interval=2m"
env:
Expand All @@ -62,20 +62,18 @@ spec:
apiVersion: v1
fieldPath: spec.nodeName
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
ports:
- containerPort: 9808
name: healthz
protocol: TCP
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 30
timeoutSeconds: 10
periodSeconds: 15
failureThreshold: 5
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 30
timeoutSeconds: 10
periodSeconds: 15
resources:
limits:
cpu: 400m
Expand All @@ -88,17 +86,16 @@ spec:
mountPath: C:\csi
- name: mountpoint-dir
mountPath: "C:\\var\\lib\\kubelet\\pods"
mountPropagation: Bidirectional
- name: providers-dir
mountPath: C:\k\secrets-store-csi-providers
- name: liveness-probe
image: k8s.gcr.io/sig-storage/livenessprobe:v2.3.0
imagePullPolicy: IfNotPresent
args:
- "--csi-address=unix://C:\\csi\\csi.sock"
- --probe-timeout=3s
- --http-endpoint=0.0.0.0:9808
- -v=2
- "--csi-address=unix://C:\\csi\\csi.sock"
- --probe-timeout=3s
- --http-endpoint=0.0.0.0:9808
- -v=2
volumeMounts:
- name: plugin-dir
mountPath: C:\csi
Expand Down
Loading

0 comments on commit 7f131d7

Please sign in to comment.