Skip to content

Commit

Permalink
Merge pull request #590 from aramase/release-v0.0.23
Browse files Browse the repository at this point in the history 
release: update manifest and helm charts for v0.0.23
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot authored Jun 10, 2021
2 parents baf2df8 + 90d57dc commit 9db32c7
Show file tree
Hide file tree
Showing 17 changed files with 145 additions and 27 deletions.
19 changes: 18 additions & 1 deletion charts/index.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,23 @@
apiVersion: v1
entries:
secrets-store-csi-driver:
- apiVersion: v1
appVersion: 0.0.23
created: "2021-06-10T12:27:24.468813-07:00"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes
cluster.
digest: 8207abf0e14ffe7d828119937e11fa72340d19d824e9a326b8f40fc8b6c8bd86
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
kubeVersion: '>=1.16.0-0'
maintainers:
- email: ritazh@microsoft.com
name: Rita Zhang
name: secrets-store-csi-driver
sources:
- https://github.com/kubernetes-sigs/secrets-store-csi-driver
urls:
- https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.23.tgz
version: 0.0.23
- apiVersion: v1
appVersion: 0.0.22
created: "2021-05-17T17:56:19.441550381-04:00"
Expand Down Expand Up @@ -239,4 +256,4 @@ entries:
urls:
- https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.9.tgz
version: 0.0.9
generated: "2021-05-17T17:56:19.439691442-04:00"
generated: "2021-06-10T12:27:24.466683-07:00"
Binary file added charts/secrets-store-csi-driver-0.0.23.tgz
View file
Binary file not shown.
4 changes: 2 additions & 2 deletions charts/secrets-store-csi-driver/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
name: secrets-store-csi-driver
version: 0.0.22
appVersion: 0.0.22
version: 0.0.23
appVersion: 0.0.23
kubeVersion: ">=1.16.0-0"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
Expand Down
12 changes: 8 additions & 4 deletions charts/secrets-store-csi-driver/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` |
| `linux.image.repository` | Linux image repository | `k8s.gcr.io/csi-secrets-store/driver` |
| `linux.image.pullPolicy` | Linux image pull policy | `IfNotPresent` |
| `linux.image.tag` | Linux image tag | `v0.0.22` |
| `linux.image.tag` | Linux image tag | `v0.0.23` |
| `linux.affinity` | Linux affinity | `key: type; operator: NotIn; values: [virtual-kubelet]` |
| `linux.driver.resources` | The resource request/limits for the linux secrets-store container image | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` |
| `linux.enabled` | Install secrets store csi driver on linux nodes | true |
Expand All @@ -48,10 +48,12 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `linux.daemonsetAnnotations` | Linux *DaemonSet* annotations | `{}` |
| `linux.podAnnotations` | Linux *Pod* annotations | `{}` |
| `linux.podLabels` | Linux *Pod* labels | `{}` |
| `linux.volumes` | Linux volumes | `{}` |
| `linux.volumeMounts` | Linux volumeMounts | `{}` |
| `linux.updateStrategy` | Configure a custom update strategy for the daemonset on linux nodes | `RollingUpdate with 1 maxUnavailable` |
| `windows.image.repository` | Windows image repository | `k8s.gcr.io/csi-secrets-store/driver` |
| `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` |
| `windows.image.tag` | Windows image tag | `v0.0.22` |
| `windows.image.tag` | Windows image tag | `v0.0.23` |
| `windows.affinity` | Windows affinity | `key: type; operator: NotIn; values: [virtual-kubelet]` |
| `windows.driver.resources` | The resource request/limits for the windows secrets-store container image | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` |
| `windows.enabled` | Install secrets store csi driver on windows nodes | false |
Expand All @@ -74,6 +76,8 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `windows.daemonsetAnnotations` | Windows *DaemonSet* annotations | `{}` |
| `windows.podAnnotations` | Windows *Pod* annotations | `{}` |
| `windows.podLabels` | Windows *Pod* labels | `{}` |
| `windows.volumes` | Windows volumes | `{}` |
| `windows.volumeMounts` | Windows volumeMounts | `{}` |
| `windows.updateStrategy` | Configure a custom update strategy for the daemonset on windows nodes | `RollingUpdate with 1 maxUnavailable` |
| `logVerbosity` | Log level. Uses V logs (klog) | `0` |
| `logFormatJSON` | Use JSON logging format | `false` |
Expand All @@ -82,10 +86,10 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `maxCallRecvMsgSize` | Maximum size in bytes of gRPC response from plugins | `4194304` |
| `rbac.install` | Install default rbac roles and bindings | true |
| `rbac.pspEnabled` | If `true`, create and use a restricted pod security policy for Secrets Store CSI Driver pod(s) | `false` |
| `syncSecret.enabled` | Enable rbac roles and bindings required for syncing to Kubernetes native secrets (the default will change to false after v0.0.14) | true |
| `minimumProviderVersions` | [**DEPRECATED**] A comma delimited list of key-value pairs of minimum provider versions with driver | `""` |
| `syncSecret.enabled` | Enable rbac roles and bindings required for syncing to Kubernetes native secrets | false |
| `enableSecretRotation` | Enable secret rotation feature [alpha] | `false` |
| `rotationPollInterval` | Secret rotation poll interval duration | `"120s"` |
| `filteredWatchSecret` | Enable filtered watch for NodePublishSecretRef secrets with label `secrets-store.csi.k8s.io/used=true` | `false` |
| `providerHealthCheck` | Enable health check for configured providers | `false` |
| `providerHealthCheckInterval` | Provider healthcheck interval duration | `2m` |
| `imagePullSecrets` | One or more secrets to be used when pulling images | `""` |
18 changes: 18 additions & 0 deletions charts/secrets-store-csi-driver/templates/role-rotation.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{{ if .Values.enableSecretRotation }}

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: secretproviderrotation-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
{{ end }}
14 changes: 14 additions & 0 deletions charts/secrets-store-csi-driver/templates/role-rotation_binding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{{ if .Values.enableSecretRotation }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: secretproviderrotation-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: secretproviderrotation-role
subjects:
- kind: ServiceAccount
name: secrets-store-csi-driver
namespace: {{ .Release.Namespace }}
{{ end }}
10 changes: 10 additions & 0 deletions charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,10 @@ spec:
{{- end }}
spec:
serviceAccountName: secrets-store-csi-driver
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
affinity:
{{ toYaml .Values.windows.affinity | indent 8 }}
containers:
Expand Down Expand Up @@ -123,6 +127,9 @@ spec:
mountPropagation: Bidirectional
- name: providers-dir
mountPath: C:\k\secrets-store-csi-providers
{{- if .Values.windows.volumeMounts }}
{{- toYaml .Values.windows.volumeMounts | nindent 12}}
{{- end }}
{{- with .Values.windows.driver.resources }}
resources:
{{ toYaml . | indent 12 }}
Expand Down Expand Up @@ -164,6 +171,9 @@ spec:
hostPath:
path: {{ .Values.windows.providersDir }}
type: DirectoryOrCreate
{{- if .Values.windows.volumes }}
{{- toYaml .Values.windows.volumes | nindent 8}}
{{- end }}
nodeSelector:
kubernetes.io/os: windows
{{- if .Values.windows.nodeSelector }}
Expand Down
10 changes: 10 additions & 0 deletions charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,10 @@ spec:
{{- end }}
spec:
serviceAccountName: secrets-store-csi-driver
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
affinity:
{{ toYaml .Values.linux.affinity | indent 8 }}
containers:
Expand Down Expand Up @@ -123,6 +127,9 @@ spec:
mountPropagation: Bidirectional
- name: providers-dir
mountPath: /etc/kubernetes/secrets-store-csi-providers
{{- if .Values.linux.volumeMounts }}
{{- toYaml .Values.linux.volumeMounts | nindent 12}}
{{- end }}
{{- with .Values.linux.driver.resources }}
resources:
{{ toYaml . | indent 12 }}
Expand Down Expand Up @@ -164,6 +171,9 @@ spec:
hostPath:
path: {{ .Values.linux.providersDir }}
type: DirectoryOrCreate
{{- if .Values.linux.volumes }}
{{- toYaml .Values.linux.volumes | nindent 8}}
{{- end }}
nodeSelector:
kubernetes.io/os: linux
{{- if .Values.linux.nodeSelector }}
Expand Down
38 changes: 28 additions & 10 deletions charts/secrets-store-csi-driver/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ linux:
enabled: true
image:
repository: k8s.gcr.io/csi-secrets-store/driver
tag: v0.0.22
tag: v0.0.23
pullPolicy: IfNotPresent

## Prevent the CSI driver from being scheduled on virtual-kublet nodes
Expand Down Expand Up @@ -71,11 +71,22 @@ linux:
podAnnotations: {}
podLabels: {}

# volumes is a list of volumes made available to secrets store csi driver.
volumes: null
# - name: foo
# emptyDir: {}

# volumeMounts is a list of volumeMounts for secrets store csi driver.
volumeMounts: null
# - name: foo
# mountPath: /bar
# readOnly: true

windows:
enabled: false
image:
repository: k8s.gcr.io/csi-secrets-store/driver
tag: v0.0.22
tag: v0.0.23
pullPolicy: IfNotPresent

## Prevent the CSI driver from being scheduled on virtual-kublet nodes
Expand Down Expand Up @@ -143,6 +154,17 @@ windows:
podAnnotations: {}
podLabels: {}

# volumes is a list of volumes made available to secrets store csi driver.
volumes: null
# - name: foo
# emptyDir: {}

# volumeMounts is a list of volumeMounts for secrets store csi driver.
volumeMounts: null
# - name: foo
# mountPath: /bar
# readOnly: true

# log level. Uses V logs (klog)
logVerbosity: 0

Expand All @@ -161,15 +183,9 @@ rbac:
install: true
pspEnabled: false

## Install RBAC roles and bindings required for K8S Secrets syncing. Change this
## to false after v0.0.14
## Install RBAC roles and bindings required for K8S Secrets syncing if true
syncSecret:
enabled: true

## [DEPRECATED] Minimum Provider Versions (optional)
## A comma delimited list of key-value pairs of minimum provider versions
## e.g. provider1=0.0.2,provider2=0.0.3
minimumProviderVersions:
enabled: false

## Enable secret rotation feature [alpha]
enableSecretRotation: false
Expand All @@ -185,3 +201,5 @@ providerHealthCheck: false

## Provider HealthCheck interval
providerHealthCheckInterval: 2m

imagePullSecrets: []
27 changes: 27 additions & 0 deletions deploy/rbac-secretproviderrotation.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: secretproviderrotation-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: secretproviderrotation-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: secretproviderrotation-role
subjects:
- kind: ServiceAccount
name: secrets-store-csi-driver
namespace: kube-system
2 changes: 1 addition & 1 deletion deploy/secrets-store-csi-driver-windows.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ spec:
cpu: 10m
memory: 20Mi
- name: secrets-store
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.22
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.23
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
Expand Down
2 changes: 1 addition & 1 deletion deploy/secrets-store-csi-driver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ spec:
cpu: 10m
memory: 20Mi
- name: secrets-store
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.22
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.23
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
Expand Down
4 changes: 2 additions & 2 deletions manifest_staging/charts/secrets-store-csi-driver/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
name: secrets-store-csi-driver
version: 0.0.22
appVersion: 0.0.22
version: 0.0.23
appVersion: 0.0.23
kubeVersion: ">=1.16.0-0"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
Expand Down
Loading

0 comments on commit 9db32c7

Please sign in to comment.