From 90d57dc0e288b08f3f3a96b191b18a40823582c2 Mon Sep 17 00:00:00 2001
From: Anish Ramasekar <anish.ramasekar@gmail.com>
Date: Thu, 10 Jun 2021 12:28:24 -0700
Subject: [PATCH] release: update manifest and helm charts for v0.0.23

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
---
 charts/index.yaml                             |  19 ++++++++-
 charts/secrets-store-csi-driver-0.0.23.tgz    | Bin 0 -> 8063 bytes
 charts/secrets-store-csi-driver/Chart.yaml    |   4 +-
 charts/secrets-store-csi-driver/README.md     |  12 ++++--
 .../templates/role-rotation.yaml              |  18 +++++++++
 .../templates/role-rotation_binding.yaml      |  14 +++++++
 .../secrets-store-csi-driver-windows.yaml     |  10 +++++
 .../templates/secrets-store-csi-driver.yaml   |  10 +++++
 charts/secrets-store-csi-driver/values.yaml   |  38 +++++++++++++-----
 deploy/rbac-secretproviderrotation.yaml       |  27 +++++++++++++
 deploy/secrets-store-csi-driver-windows.yaml  |   2 +-
 deploy/secrets-store-csi-driver.yaml          |   2 +-
 .../secrets-store-csi-driver/Chart.yaml       |   4 +-
 .../charts/secrets-store-csi-driver/README.md |   4 +-
 .../secrets-store-csi-driver/values.yaml      |   4 +-
 .../secrets-store-csi-driver-windows.yaml     |   2 +-
 .../deploy/secrets-store-csi-driver.yaml      |   2 +-
 17 files changed, 145 insertions(+), 27 deletions(-)
 create mode 100644 charts/secrets-store-csi-driver-0.0.23.tgz
 create mode 100644 charts/secrets-store-csi-driver/templates/role-rotation.yaml
 create mode 100644 charts/secrets-store-csi-driver/templates/role-rotation_binding.yaml
 create mode 100644 deploy/rbac-secretproviderrotation.yaml

diff --git a/charts/index.yaml b/charts/index.yaml
index 58b667afc..4edf15149 100644
--- a/charts/index.yaml
+++ b/charts/index.yaml
@@ -1,6 +1,23 @@
 apiVersion: v1
 entries:
   secrets-store-csi-driver:
+  - apiVersion: v1
+    appVersion: 0.0.23
+    created: "2021-06-10T12:27:24.468813-07:00"
+    description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes
+      cluster.
+    digest: 8207abf0e14ffe7d828119937e11fa72340d19d824e9a326b8f40fc8b6c8bd86
+    icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
+    kubeVersion: '>=1.16.0-0'
+    maintainers:
+    - email: ritazh@microsoft.com
+      name: Rita Zhang
+    name: secrets-store-csi-driver
+    sources:
+    - https://github.com/kubernetes-sigs/secrets-store-csi-driver
+    urls:
+    - https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.23.tgz
+    version: 0.0.23
   - apiVersion: v1
     appVersion: 0.0.22
     created: "2021-05-17T17:56:19.441550381-04:00"
@@ -239,4 +256,4 @@ entries:
     urls:
     - https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.9.tgz
     version: 0.0.9
-generated: "2021-05-17T17:56:19.439691442-04:00"
+generated: "2021-06-10T12:27:24.466683-07:00"
diff --git a/charts/secrets-store-csi-driver-0.0.23.tgz b/charts/secrets-store-csi-driver-0.0.23.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..7706f18906299009cef8ab207b4269c396e8c23a
GIT binary patch
literal 8063
zcmV-_AAsN=iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKBfcN96YXn)RM5y#9u19PWVFVHoIcOGpscl;WRpA9|dy`~RV
zWvZ%lQKoVvW#Izz-|vx>`(8URr4QXEOG|_ln<Au;z&6KHbcAFacWgmA4kvTWd*?I6
zWp{yG`qR3l-|zR&PEPdy`~80Y|NXP$!B2ye{#pOz?D*{X<fr~X{rMC0*B-e=34}!a
zr~cYw<&pbN3i8Qsm<z(Z5zGe`^8NUq{cgWIJhmJxY)*WszrBEeVCsUchyx@8;t7c;
z1v$fTYe?x<Q4*ZrUc!Z@Bvpqv7!dp#j4}7H#KHowX&@x#U5nVN<C&Dc81;HnB4@$4
zYcsd^F|MBeb4=N|=OWd%N7<C=|8#wCYN<*w@PGba&j;PXS-0Qm|Jia8@gyQ1=3-=Z
z0K16L5pW{W=h^>uiOrc{6R8HZ06gU45!?`o;Q!B%H?_=%Dn_vc3%HGS$F)dw1euCn
zWjFKOwC`yBEBSwpXn@5=1VBCi5BkHir+NNA9t;oszl%bN7u=650PLYL#m)#M53mJ5
zTr|b%2LO(JCWvHwF@lfJM0aZQE@3@IEE)3Yg`}+7NHiV6Jfvmy!4D|CW|Y{A5nN8L
zn7rm#U{6{Wz@tZS&G8(2QVS9#J4{zF;mn0GCf*c;J;P2wu>;J5IpH!uwDU0-Q!K$_
zjut9tG9ez3ixKEC)#n${C;des^RIw#>|6w#c+*?cDe<P4Q;)@;U*2Oo&=N0fW%|0s
z6x)*Vx0t&k`KbdglJ@N7z0a{wOq}{n{rV9vMj#hHPJIPnKITX=K7uPIFTKofhWSRB
zZ=E#Km|{J1W}2d9ibauWL5WLbsu$Z2MlkI6-S~@(UA?Nqe*ZN|O%N7^cBduH2D+K0
z+DwU%9P!IWsu5(WsRd23rXV%1q0H&T-K0op*d2EJjT98OTxKc;Wm7R|o{B-~42G>J
zoBoFRSfRcc!Kng{k~#LU5Z9cI@p3a1HT6}~%&Z)@n3c@Hdz~2tP2f97;#<j)#M6);
z6<3VlhEc_W?{ozNX8KDsh>Pyud1#IZRibJH1J!HD3^$C)3&Kaxn<L(%WZa9m1i<HP
zP8`gIseq-OHYkc3Fs^T9*?t6HzFGj1QN_8M&*Aq!EQPA%#1=0chmYWB^sN8$>5&$x
z^RR-?3FAaA&M6Y&O4}1hs)mEG%RGVQ3(sRR>Qj&6GpF?9D>TN`{98#*m@^u<SO5`#
zfD$2rP2!I(QifMFW6EF)u?3AS*n)&2q-#OcY6M<DsqS1!9b^7X7z@7uVAq!mJ(pP^
zUbDcHrI3WbOc-wgfT`RFg{!JvBRLyEZ>&YeqmVR_^Twl#P?K4oi080RBBSFbh>C-f
z`*D@rNtygQ`L|SZtLpn7U&(EJW_G6I&PVU(h`*;~{Ju)dosZsse1A}FKelRnq!<w>
zo@3gDcLEFeO??sY_#<W0CsvkC`(cBrQZy6BT_oZE+`hR|)&8#kss0ryN2|bBKI3u(
zKR@d~v$O<wrN$k>(6Syqg4gJtxPc3Te8xaL7%wCiYL=!q*XN2MeMJmL)%i4-5>Hqz
zx<5yh-e7zFT1;=rXFP(F!Othh{S)2iW$0YGz!MZu2{*sII9FVQ1t8CXG4UMYO@+nB
z$W{P`&Zu|`>kI#7R^z98t>`V*oq9=seRdo9wLmO9TTLCAm;uzk&2J^Pg&N5W9+Cy{
zkl<m0kqkJ7-x2j^=nu=ZG(FvfmD1hZ=Gyy=QXrnhe2yqMfniuH`u&<wdKvyY(jEMr
zP>B^rpOgmIe19E`DG{@9P&|of*P4WN|Ea2m*ri~(4&?{@10yPD=QC`7v?8IB`qtDY
zhQF+F3_T28%hER5bwFvj4qEQ)+imj0luG}f#I8?~+8|xMdHeFVEAQp1V>J8!&vO31
zr>Cc<2mjwL%G<<o4@J+tfGL(z2|Wk<lr6BM6zzfqJn`RKZyC%nCzA!p8Isk#&5%-!
zh)eAJ6?ou{BGbl}6gnNH28EAo{QS!o=-yz8k-*)n=qr5vs(?{;f`AT%Bjo$4W<;lO
zB!umBRWC=-g|A<aEbEGWQow?ZJeV*_*(bI25*UQUzKGrRRXorYWGcGKXeF!{PDCff
zpce=<#od{7sU;cM94i=5h<zmTv{4kBqkq+k28DC!s-0jU)Z`}7lT5?z4#Zpw{{Jw;
z)W=+OrN3Gzpn?B~Pft#>{6FlUoDL5Bzl-waOYbi*C+-LYmM|d{tL@5jS51pO!z1`h
z@9S4f)v{jR`-*-Qu_`W8#+~|G#{#=nSg!*Po)9m~j-BKuZOC;^a9Qy-bbm8}CROvz
z9CJ<_3=hh}@@zOe)_)TBHkeGvJsfqC&amg`zYTEb5d%hJOae+5@UH+-G9lOj<og=z
zuJuoBde`-(8bhHVV2o`PDB-|doQhQ%WG4huM*!m3Y$lB)lrtjW@pz#p;^OL7)zxks
zAKOp5*5w4akz=M4o9Qs52;-;v8<FsdPzqxVflzR&ErtR<gtmNMRfX)_{z>;XdftAL
zqn2cn0A_m0NZ+_#_G_ypq9SSTbK=Pf9Q}vr{D(No^=8IhX4#7*a4V7LAnpLw`$%oS
z&oFfpcR<Btn)+r4^S3hSk?(gCH?dLydVk^BYKNOwQCi=WwQ-S$rr7C>7r9oqn9qq_
z-O%g`kLopCS;IJxtcNp1@FEWDC(TAs*S7_F?z&>u)5MzTF2uN#e2IF00FHgC)b-JS
z9>LLvBRyVjt+LbK@r7SP&na^8g?|K(iD%Qm$wB%gLklq}++Z1SPje;mea?JNG`Gix
z9W-&A-(FsX8}tHU*n)&cK+@<a%`yVJbIi|~>noXXq>mds>-3MHdyafGCX`5mMfca_
zP(n9Zf&@c23cX;FoiQKO@lQ$hF_vgh&mT4NzlHu!reejz0FCzlprHSsK7D%7|GOyZ
z^FJARP|g5aG<+nUGfKF}a<N1Xl4um4p2<*E*A^rsS4$~I<4bZby$O5cX^&X!u|ZN<
z9XFu|CUPRwaNJpIjstiEFB}IuK)keeSDnBoB4@GUbeW@#n`_lrNbJdO;seUL_Q1o~
z5%AKVVeVp%sIm&iSQ%4^*Y6dXV0&Rx{F*sf=&(&kH_<JuFJB_zwTJa@!T)N<h3$Y7
zx$w0Qepxxt!2g5($#IVVho?`E5B$H267p7LAo4M?yNTaa5oKCJnDvj8PACYjnR6S`
zhl$aY2!w*Ek<<EJqZA>l<RinZ3lBg%M{Ssgs$wKX1b!7AUjpC(#Ur>0ycgnyw=j{3
zIiYx(I@A<}0W1@1oH3!@?BPERFDT2033-L(C&oV}v0`1BaT&LEi8q3N61N$_+3D%=
zsRb|*|HWD0hj1Zpnna>H*_vTv)zct_#p^&wjfthccrU~|5eGo?Xo|r1DR!|Z5!J(r
zO^ll|srF5xhqA@eLjH3`aVLr{tYQN;*?%X)eop=mPM;q9zdI>P<|g95EEJ`8Rh>>J
zqX@K~K!KbwPCgsLh&LpWeP|rSH;m$pLeQ>K!o0V{#X=(2kHev9+c63YMReCuRA?zF
zrB7NTpCq!bV<OI(sDCGpXaUSIABP{OTE2I53|If5Lt^_i!S-5~<^K<1oOBsE(8T|z
zXSw*#@c6iYIRCwq(vJUEXZ>Fcxm4~EOZhycF-!e@gD1utXBfU_d<&o`dD=)75sd#E
z+foY_(?jT-dtuvZds@D&O<&$H6?B|R+q$LUt8Y@uwB>)X@N83ec?+OX|3A&^|KVVG
z(EmFrS^iIsw1lF-*{}8wkKAlX`I{iE{?ow}hkq7K0$-a1>aQR=toP&E3Cr{U@)kg|
z{vYP`|Jm>m|J_Mx!~fgY{%Jnny7JEmm49d5|5JPZU+W%dlmGYZv~d3G>FLRV|94Tc
z{IA(7y3@T^&2LjA1QyF{etpBHTJam@-l`{`Iqkd$h2Dzculr6crb;c99NK#sR^cm=
z3<~3~Z#Qib)SmgHe8vhOHHSM2pqiLRIeDbRVkAFpfesr)t+X~UKeP;n#18mv>W-H3
ze-*b+TpI1a)04da_vGZ@|Jg~Ym;c+h{L*rM>y}?esr<WJex|hG|EemT@MdkJOsMDo
z!P&{v{QmFs_+bC-rsNc2w4~wgFFx#Zp>OluVwn*M$oGZf{uc56oO+9Br#%m~I~h=c
zPT6Hdb0`R<E+VR7B>R8JrR_S1hd#+E?Bskxc)QXvM+BrjdljEARi(`_%>0$oY9O;U
zbKpTdNC-`8%>XLqEqhbbbfe);&subvAiT<vJB}Kjs_IZS6`k;$G3Gg`T7y&$gczx3
z5j0stsgX?1YRDwMgBsPThAFJ~0A3oN6f6p~hz|7M8Rc@-q*+Q9C4UhvS&qULxp+;A
z^IGVoIHQ?44HrC4Fi^cxQJvBr<CV{(6fnY~`gVK@z3>2XZp`eR{BCmD9KL=XHP@GD
z8Xky_3gXj3N`g*j{=BZQZu*{Wf^yXSsH2w_IS$7{JP$l_KkD_)NAKU;g6RKr1+zaM
z6-Ev3cE@v~BUV0=vodJ1cf{fA*Z1Ky+xLYO7V(g&5wSPV=5sJh^Xt1`UVgZGbMf-S
z)r;3Ji|HHw&Y7E?E-+UmLi;USa>?fMKkJ6(+Oy)EuA&RYD0x!2PGtjVUgIQpKz3;|
zH?nhcZ;&?=*l`HYfttFXeLhmNS=v0aY)ze{D{C>LkEB+UT)Y|0B9+>srWiHh$ic8g
zOr?R&isjtIm-8TL$9kkS$K~W+J$Ge!v#xFl*5#umm*Go>Q;Mu(ZqIlATQDy-dUe~1
z;kA6gp5rs($>)E1e13cR;pNrE^_$D9w@>mi;i#iii4f=cpB`sfv#e^g?dcd&f38H%
z$M<zvA&$ys26+xVE*!o#d2fE!=dY_)`bqqgOFZHRZgjmdlmeo3GF;-NKsPnhvs~R*
z5&Y`)uET0@+7hj*^AaTstSW|LI6h31#;T&LougEiMxYd>_zZ>5DD6b|`O_#>bkzza
zLkTANh*q6tIxm%+q_p3LIT;RG&Php9gi?5;dL8Zc3|Bi1czH*gTI1ocB|arN7fSJo
zxp1Z{c5GEMjZb+;-vU0hq+5ztDGAs2ybPkT^eQAhDJOk&-?0&;9ggjJ#}(6#AfItY
z3>G_5YF?h5w1X^X@m1O!*qfK3l(H?NEzqE!tyns2WN4)IT+yx^L6w>OgBYo#);5g-
z3+K#}_+Dm#EV<W^p7FAqQf-uV76L!H>5xo!yotNksesa!PdZspS2fPlOyn6dEcZG0
zo6nhKHlrhWdw!kztt7cuYAFz*0mpA=9E%yF&InF(HD*%!|Al37k$sa~sT`On)lvDc
zYL810y}%SLZn4cgM~vXOpQ|N_i&-G!3WIzFA9JEF&V;|8HZjiD_ba-VHbd*XXt((^
z!P8<FocU-P<~aI=ID}(c{R7c*lp@Qt5v!(bXW7{;asFh|c@>Da#v7Drn39IW>J31p
zunn(VZhCjODY+0WOT?C)BxRo|HQU5ug23iIV@aFh2C|K~E$OIA_U8AaD>-n~Mp4gA
zClmzFk45fhC7Y6spIV20w?A4!rWW?Tnfg(Jwk-;gN-EAmvJGO+e5&&1<}(u}ElQFW
zmJm&`g9rFmz$C75lxA)iLL2ECT|&$$`Q=3I`%Gh#aq>dTR>l`^_<3}KBMVcFhiZMO
zjQ8<FIL4wD!UANaRJbXaN<5+~O<$FAS`yB5;?BI{X#%BImx-b|UaP_~;fy+l%VZ9X
zt7YRpOpG83@>M{Y?xrE)lBrr9bg7g`sl=uU8tH7O<ua(O{}xF#zN4~6{J-^Cpr-i$
z@afaS`R}ts{*RrMy!V@U!Tr{w|67jw8zfea`PVf6RwDie#LdO~O@Dig_Ll;%l~{i~
zQf;I^U+WO(kLF~TQGPRG+Zcao?Uf?@xt^LLkeS_K&laRt;;dXEq;G~Vn6JIid@XsC
z;>Qf=moDgb!}-1SgZaJsP=21azJWl#0jVL3pRRNW;_okrzr^!JO9w=sr5%B}1^+Q(
z`ISh0uaW#pguaJ3z5#xtQT)pJ_%37kmDqfj5&UJaImGXqAZv=>M_c)QM(?YP;qTWP
z-ACNMPAwmz_F3$I%&2|kwq%8vedX?QrxE+*Ug6A6a>1Lkbm+dM*@}Vt&{?>Tuzg#x
zuu9P0bhk{%zOuz~0sG2s+K21g`D1?U2z{?KK3_7qJCDwXp4C-j^Ht6F7@2P^P<I!W
zZ}1?-LHS-Cd<D4H3Cb_;(_Crl)(pu<)U~mId|J^ohvT!gHyn)DotH;LS_I-tDlQR*
zH?0pr_;0T)8~@MbYWYx_UZHR<pdtUq)6>&j{{Q2{`(L{%g$z%~C-`1sPy1nu89o9b
znR^o&2Nzh!0txdnhX4xkVzmS1j8e=yQ|xIiFb)WHFwZ<#H1Bs$^n=eUrHbm-<P?em
zv{REyq&EAIhhi%sN()kWnNR;piIBfm)p%vHB7stx9MKAxbqzthX+RM#tz!WQn<<?W
zAB}KKnxXg&_DJ{52l_!-<M<Hv47(`O2h7Lbi|fnZj&C!c0URuBPJFYuD|@?;2=h9j
zZl_;OQvWPP23}lW#vS{d`It+Rec(MsXc?`V0prgK((vIH^Bj|bA;cLwA#&ycIwF8$
z-#iCyT<vTE$OERcyL5F@7t95S84IYRNO6w21deSs^~mSAH(}m$!=QzpG!N8zh#E(f
zdAiX>3*cDw3xSvF!MtSOh1ZN@Al`(H;<qKIL`F<xGuI6~A{RZ)4`duj#zoIjdjS0&
zI^y<>NNmf1;~w%!M+56=M(VoGqu3_@bBReJBq!c9^@Aqfnpsw)YaX;VO$`>wWJV8D
z-n_hh8*c~9gqyids)}Tq)f5qLg1M=w-+NZQMB6CyWFRF<v5R2r5-H+$)<Lo^oNMW!
zpTpC~TbwRjdT@?hOwW<PTc2b#o1&v8uiZ3f&(&lrn|Vt62U7<{+A-j*kL?T>I9TY{
zsf9#RKT}jCp6WSK|AIJjvCN#-h&k19i1G4VSGKR2l@jF6nKvQR@U?35Ub>HMG9h+s
zwHG?5n8pw--KGds!>Cb1Ej24fEXBtNy*E+TsC-Kzv0FMtB};5Nsb5#I@NDeBug^sE
zg1DK7yps-U*Ej^BK%gz)Zh-y*NwgXU8l1`jn{YAZBVN?~oP%2pX#D?5%KOX@XnNCD
zR%!`5DF!3$rf3gN`uWswN+i?MwLVBSER(H*I7f@p8Z>iaF<;tBhSo4=rY3y5lTC_b
zQ;SVa71K%G5>+nFaxm0jsVlS@T~%Bj`^u4PC#Q-Is+5;bw7I1E(rq$gf{lf;6*i*5
z#*1s_tSX9sQH@Igtb+@XS{CfVc%h6;;yGkaoB+|(9%lvlOiGX_ftWZEVfxH5udRRL
zOyU^qpiDVH8v;$vW4GlIb4+_X@NAB33m*;fr6RE5gR0?|gvgO?V_#zDD!(5*I?8P9
z^gnIp8L22n@cSQ@=@mQCc_#gF-&_6CvT^@UDm8E92x{>EoSgP^`M-~cCxgTLk2@(p
zivK4~b~|(g#Tum9BNSI{;~L85;%@K}#g+H$EK1br5?-Si_=EfC;66IIk816oRV?tB
zDOWYcvm&mZK_NPYfJ+QogVdNYijkN5m2JYSk^#HK#S+rp1WS8{9Yb77*J(Z#=@-5?
zYQi_#-t#h<*1G*lwz7VKy?jgD=mE=2^U{4t#HY9<7GK-!VA^l1w6g#8jYec{G_LRh
zMAQ2Z$9emIIP4D&_rG^i+Q0u0?*VepBvifdu+D=CZLfWQ%P%W@AElE2Z(hE*c>S{L
zI_r;7&;KXGr~TafFN4#Q{(=8@QXW-vtM%v+TpC$m?y_3{Hz4*$Wh`>F!4Z-NwmHp}
z?C@mZ>%EShiMz2$<uDMay)FC$Q@5*zd<54VE0dlGBC)Wn4*afug!yr||DS(6j*Rx1
zY9MAkhuNY>Jjq$_UkW@8UGGsS#5$_l6Vq>qOSCbuXNXJ7y1Tm@BQdl71gfgqlrTV!
zQw?tf07sv?QzB=<I1ret?E>~>*Jf_&SbIm1X>|gXo{NOUyr&@%5d@L=Eu4s~1gUZW
zg`B}X69%=cw=)bAMk)KGX9JBX*3JuKC&z22J|{uq$k$r{EV++`J_kIUSxp6Uh6#r-
zDMYl-wX6rYj(RQHvzhV$7m1zUP<LBJ!C(+rx~261opuFU*W6xN9R`i*ol@>^=9qKh
z;Jdo{yfq#J$rN=-f+$@83maBad7MKg$(^Fln8pr>$DatL;B)L_LwdlCd7-V2Cpj4I
zj*e<ztY6c+2$TkF)0nCzo4|5uc-O<UJU2k0zXy1wDw?Yukh&zY!}0)kAD@Zt)Ye|*
z;(>BA!DUlXz%;pR(txR|7`_m=8ze&*?k*=+OkNxR*%GT;z*M4XRr4&S5-m@A>z4<(
zGZ%@EmnGp8rcuh8$}S>I<J>lTD2jUV!W;nj8!#VpBpDyU6_c0V-$LCvg5T$a%K*_R
zlguA?X-xC?&`PNHt(J?SJ2rHk_9)Sw)X0p}on=K-a*H&ihqW*@<Bee0@4Ik*{qC>o
zuh-;nu`hQ7r_nD1^@~9yg=v_gtePqwB6~0E*;CdFgq9rhLQFm8V6g^9)i6jNtTa_A
zOtW`pN)UdCtveHV4;uhyOoBt2OstKR2e|9a5${nl?uFyGWY`p@>3cV&t@D`14R(mD
z!nFO})w^;`)Awj9Fuh_9hWM^c#F=qcy6qFM!t~46buEX~^`7#s9^h^2TF^f5)R_MM
z$GVuN(wJ0YI>Qj&OVwDKCP{E>Ogu*i61P?!;BNG+|MThc$fhu@OvrW@kMb&BvO>zY
z9odLkYfzABCyWMY%dix(yCzJFW?>slw{0VC#2PH7&AZEw(v0c0ZA4`a4!gr{e`)e9
z!?emwTE<2ypN;ixrId{{=w~dUw2d@Ktf$CCD#tXPQSB~0$}2VnsxP4{yh^d@!aIQl
z{05Xw1w8&p+4RW@7}a39f;56GrnQL*?o!m7&4IAn?P|3|ilEX!m05VTm}aF?Ev7r#
zu5Lskm8X)(Qg1b;JKC-qiFCZ4M5;*0aF-gTy+q2*#>Td78<9xZo7Yd&1HAO+gfq{@
zo`gB#L~Zl5O*F>fBO$P}Z6k3b)?gt+MZQC|KXr(WWOz7*xIW_&dFD(tf@|gg#}r92
z#|nKWXPB$6qPr%3X&5%(8!StdeU}}@@abRTG~$0r9}(RcHns3>VlR_TPhGkb4>7%F
z&hBxHVAu?%Ch>KXZ_r>GUfS7l*$Ad#vW+@FlEE~}%CV2KK}=0zp$eZv8q+W>){e_Y
zFwN%0Z}6BQu=Sbt@VqF9D4qWHwag9E(dc((U>)WefQ#<md1#IZRhq9dT2b}*a$(o@
zPg8M^k(o8)GF2}oHekAs$jq8{Z{g{+DnC*d(|tr{){M(Um^MUa5={3OnOQR~Q}wW4
zfqL6m_+e*Tip-=e{FB(iKWQD8N#2XCjm)%*%S4!N$Lae36GX*Iewj3;4Uw5|BrbD4
zdOt_}JtgD!%S2`}m^MUazLB_0(<`7=QYMXQLu95^TxPq(yRMB?@+4ZR?ro0CY#GnB
zcj6__#8+VYy~kxDOdBFIi9X$5WM<8{Oa-QSv#=ee+qDrlWDPb%X4+x8T^n)DxJ&`l
zax-Z;8)-X{nRaJaD!rgZOiLp(KR{fj)vM2UDeB!{WM<8{OsglR8!_F<c6CD%sUb4c
zfay-Qt82z(8XmGvqW{ZCr0qmzHYAZ6A~UPUWj1FdZpa#Jh|K%|ahcfXP#>8|_;i1f
znGNk_8X_|(O!pR<*&L>Ik(oTE`-seJ2-AkhOoHkDA~PGsv@$Z2$8;Z&nGIpu5Sdv$
zF0)ZBvrb&5;-pn^l-R=GvK?Os!`<@ck!cxXn!J-)7e9R`FzB~5DVt7-HwE+X<{FSM
z4KLhjhwsX#Uh~hqRK`zDMKBhgeh_B2<pJ(~e%61s!m^fN8a+@`dIu_lX=2MpYdnu1
za5dZ5jh6?w8?HgU#n<;L*7P;HCvM<^AfGW155@~+8L|mXZ?4ak?e8lgWRl5*kD08C
zS^<W;lflm?$NiI)Vr}W14z&^~ipxaTbyY*)Oquz}bF>qbc++hvo;B~wXiR<Kzif;^
zP2f(AboW=2Y7T1z1EI7I$3k*qOYG>RmeGrT(cWBXpXf#PTOGJMzrBPD6S(r3^H{VJ
z-fK!EvG8mIMQylE?b`Gu?y9BK_w0GNbyJ;&msNj_FSmeab~++{MSiW&S=rmTr6x}Z
zc$fk=dVv-u7)fOv{I0Xt{jmZV?crT-iOL?$EyeUUhoa9Yh3G9)aH13nTP$k3IT-fE
z@>@=G8M^o&Zh4p`T+^sN=ofZ1>0L1gUk77KMA*R%jx$CW159sZ;I5dkF-+VR2<$x9
zJl%llI%`_;nrtnm<|#_h&(mr=qs$6QxWqBit(47UT1LbV5G4Z(aW$y!ntF%s>RXfe
zF~U%)R~|)q<6&SN+*Brx(EX)o4?fMXr@gpJgz8S0TG@46KKsrgb0~*$DBoxKp8x;=
N|NjN$2J-;+002&S*46+3

literal 0
HcmV?d00001

diff --git a/charts/secrets-store-csi-driver/Chart.yaml b/charts/secrets-store-csi-driver/Chart.yaml
index 910f90177..6f348c6ce 100644
--- a/charts/secrets-store-csi-driver/Chart.yaml
+++ b/charts/secrets-store-csi-driver/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: secrets-store-csi-driver
-version: 0.0.22
-appVersion: 0.0.22
+version: 0.0.23
+appVersion: 0.0.23
 kubeVersion: ">=1.16.0-0"
 description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
 icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
diff --git a/charts/secrets-store-csi-driver/README.md b/charts/secrets-store-csi-driver/README.md
index d2f3b25f9..ec8950c6e 100644
--- a/charts/secrets-store-csi-driver/README.md
+++ b/charts/secrets-store-csi-driver/README.md
@@ -25,7 +25,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
 | `fullnameOverride`                      | String to fully override secrets-store-csi-driver.fullname template with a string                                                 | `""`                                                    |
 | `linux.image.repository`                | Linux image repository                                                                                                            | `k8s.gcr.io/csi-secrets-store/driver`                   |
 | `linux.image.pullPolicy`                | Linux image pull policy                                                                                                           | `IfNotPresent`                                          |
-| `linux.image.tag`                       | Linux image tag                                                                                                                   | `v0.0.22`                                               |
+| `linux.image.tag`                       | Linux image tag                                                                                                                   | `v0.0.23`                                               |
 | `linux.affinity`                        | Linux affinity                                                                                                                    | `key: type; operator: NotIn; values: [virtual-kubelet]` |
 | `linux.driver.resources`                | The resource request/limits for the linux secrets-store container image                                                           | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi`     |
 | `linux.enabled`                         | Install secrets store csi driver on linux nodes                                                                                   | true                                                    |
@@ -48,10 +48,12 @@ The following table lists the configurable parameters of the csi-secrets-store-p
 | `linux.daemonsetAnnotations`            | Linux *DaemonSet* annotations                                                                                                     | `{}`                                                    |
 | `linux.podAnnotations`                  | Linux *Pod* annotations                                                                                                           | `{}`                                                    |
 | `linux.podLabels`                       | Linux *Pod* labels                                                                                                                | `{}`                                                    |
+| `linux.volumes`                         | Linux volumes                                                                                                                     | `{}`                                                    |
+| `linux.volumeMounts`                    | Linux volumeMounts                                                                                                                | `{}`                                                    |
 | `linux.updateStrategy`                  | Configure a custom update strategy for the daemonset on linux nodes                                                               | `RollingUpdate with 1 maxUnavailable`                   |
 | `windows.image.repository`              | Windows image repository                                                                                                          | `k8s.gcr.io/csi-secrets-store/driver`                   |
 | `windows.image.pullPolicy`              | Windows image pull policy                                                                                                         | `IfNotPresent`                                          |
-| `windows.image.tag`                     | Windows image tag                                                                                                                 | `v0.0.22`                                               |
+| `windows.image.tag`                     | Windows image tag                                                                                                                 | `v0.0.23`                                               |
 | `windows.affinity`                      | Windows affinity                                                                                                                  | `key: type; operator: NotIn; values: [virtual-kubelet]` |
 | `windows.driver.resources`              | The resource request/limits for the windows secrets-store container image                                                         | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi`     |
 | `windows.enabled`                       | Install secrets store csi driver on windows nodes                                                                                 | false                                                   |
@@ -74,6 +76,8 @@ The following table lists the configurable parameters of the csi-secrets-store-p
 | `windows.daemonsetAnnotations`          | Windows *DaemonSet* annotations                                                                                                   | `{}`                                                    |
 | `windows.podAnnotations`                | Windows *Pod* annotations                                                                                                         | `{}`                                                    |
 | `windows.podLabels`                     | Windows *Pod* labels                                                                                                              | `{}`                                                    |
+| `windows.volumes`                       | Windows volumes                                                                                                                   | `{}`                                                    |
+| `windows.volumeMounts`                  | Windows volumeMounts                                                                                                              | `{}`                                                    |
 | `windows.updateStrategy`                | Configure a custom update strategy for the daemonset on windows nodes                                                             | `RollingUpdate with 1 maxUnavailable`                   |
 | `logVerbosity`                          | Log level. Uses V logs (klog)                                                                                                     | `0`                                                     |
 | `logFormatJSON`                         | Use JSON logging format                                                                                                           | `false`                                                 |
@@ -82,10 +86,10 @@ The following table lists the configurable parameters of the csi-secrets-store-p
 | `maxCallRecvMsgSize`                    | Maximum size in bytes of gRPC response from plugins                                                                               | `4194304`                                               |
 | `rbac.install`                          | Install default rbac roles and bindings                                                                                           | true                                                    |
 | `rbac.pspEnabled`                       | If `true`, create and use a restricted pod security policy for Secrets Store CSI Driver pod(s)                                    | `false`                                                 |
-| `syncSecret.enabled`                    | Enable rbac roles and bindings required for syncing to Kubernetes native secrets (the default will change to false after v0.0.14) | true                                                    |
-| `minimumProviderVersions`               | [**DEPRECATED**] A comma delimited list of key-value pairs of minimum provider versions with driver                               | `""`                                                    |
+| `syncSecret.enabled`                    | Enable rbac roles and bindings required for syncing to Kubernetes native secrets | false                                                   |
 | `enableSecretRotation`                  | Enable secret rotation feature [alpha]                                                                                            | `false`                                                 |
 | `rotationPollInterval`                  | Secret rotation poll interval duration                                                                                            | `"120s"`                                                |
 | `filteredWatchSecret`                   | Enable filtered watch for NodePublishSecretRef secrets with label `secrets-store.csi.k8s.io/used=true`                            | `false`                                                 |
 | `providerHealthCheck`                   | Enable health check for configured providers                                                                                      | `false`                                                 |
 | `providerHealthCheckInterval`           | Provider healthcheck interval duration                                                                                            | `2m`                                                    |
+| `imagePullSecrets`                      | One or more secrets to be used when pulling images                                            | `""`                                                    |
diff --git a/charts/secrets-store-csi-driver/templates/role-rotation.yaml b/charts/secrets-store-csi-driver/templates/role-rotation.yaml
new file mode 100644
index 000000000..432d0cd3b
--- /dev/null
+++ b/charts/secrets-store-csi-driver/templates/role-rotation.yaml
@@ -0,0 +1,18 @@
+{{ if .Values.enableSecretRotation }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: secretproviderrotation-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+{{ end }}
diff --git a/charts/secrets-store-csi-driver/templates/role-rotation_binding.yaml b/charts/secrets-store-csi-driver/templates/role-rotation_binding.yaml
new file mode 100644
index 000000000..5e2a6ea0e
--- /dev/null
+++ b/charts/secrets-store-csi-driver/templates/role-rotation_binding.yaml
@@ -0,0 +1,14 @@
+{{ if .Values.enableSecretRotation }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: secretproviderrotation-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: secretproviderrotation-role
+subjects:
+- kind: ServiceAccount
+  name: secrets-store-csi-driver
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml
index 92f9064c7..37f8e47f1 100644
--- a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml
+++ b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml
@@ -28,6 +28,10 @@ spec:
 {{- end }}
     spec:
       serviceAccountName: secrets-store-csi-driver
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
       affinity:
 {{ toYaml .Values.windows.affinity | indent 8 }}
       containers:
@@ -123,6 +127,9 @@ spec:
               mountPropagation: Bidirectional
             - name: providers-dir
               mountPath: C:\k\secrets-store-csi-providers
+            {{- if .Values.windows.volumeMounts }}
+              {{- toYaml .Values.windows.volumeMounts | nindent 12}}
+            {{- end }}
 {{- with .Values.windows.driver.resources }}
           resources:
 {{ toYaml . | indent 12 }}
@@ -164,6 +171,9 @@ spec:
           hostPath:
             path: {{ .Values.windows.providersDir }}
             type: DirectoryOrCreate
+        {{- if .Values.windows.volumes }}
+          {{- toYaml .Values.windows.volumes | nindent 8}}
+        {{- end }}
       nodeSelector:
         kubernetes.io/os: windows
 {{- if .Values.windows.nodeSelector }}
diff --git a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml
index 3528540ab..45651dd78 100644
--- a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml
+++ b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml
@@ -28,6 +28,10 @@ spec:
 {{- end }}
     spec:
       serviceAccountName: secrets-store-csi-driver
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{ toYaml .Values.imagePullSecrets | indent 8 }}
+      {{- end }}
       affinity:
 {{ toYaml .Values.linux.affinity | indent 8 }}
       containers:
@@ -123,6 +127,9 @@ spec:
               mountPropagation: Bidirectional
             - name: providers-dir
               mountPath: /etc/kubernetes/secrets-store-csi-providers
+            {{- if .Values.linux.volumeMounts }}
+              {{- toYaml .Values.linux.volumeMounts | nindent 12}}
+            {{- end }}
 {{- with .Values.linux.driver.resources }}
           resources:
 {{ toYaml . | indent 12 }}
@@ -164,6 +171,9 @@ spec:
           hostPath:
             path: {{ .Values.linux.providersDir }}
             type: DirectoryOrCreate
+        {{- if .Values.linux.volumes }}
+          {{- toYaml .Values.linux.volumes | nindent 8}}
+        {{- end }}
       nodeSelector:
         kubernetes.io/os: linux
 {{- if .Values.linux.nodeSelector }}
diff --git a/charts/secrets-store-csi-driver/values.yaml b/charts/secrets-store-csi-driver/values.yaml
index 1065cad6d..6ba16c6ae 100644
--- a/charts/secrets-store-csi-driver/values.yaml
+++ b/charts/secrets-store-csi-driver/values.yaml
@@ -2,7 +2,7 @@ linux:
   enabled: true
   image:
     repository: k8s.gcr.io/csi-secrets-store/driver
-    tag: v0.0.22
+    tag: v0.0.23
     pullPolicy: IfNotPresent
 
   ## Prevent the CSI driver from being scheduled on virtual-kublet nodes
@@ -71,11 +71,22 @@ linux:
   podAnnotations: {}
   podLabels: {}
 
+  # volumes is a list of volumes made available to secrets store csi driver.
+  volumes: null
+  #   - name: foo
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for secrets store csi driver.
+  volumeMounts: null
+  #   - name: foo
+  #     mountPath: /bar
+  #     readOnly: true
+
 windows:
   enabled: false
   image:
     repository: k8s.gcr.io/csi-secrets-store/driver
-    tag: v0.0.22
+    tag: v0.0.23
     pullPolicy: IfNotPresent
 
   ## Prevent the CSI driver from being scheduled on virtual-kublet nodes
@@ -143,6 +154,17 @@ windows:
   podAnnotations: {}
   podLabels: {}
 
+  # volumes is a list of volumes made available to secrets store csi driver.
+  volumes: null
+  #   - name: foo
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for secrets store csi driver.
+  volumeMounts: null
+  #   - name: foo
+  #     mountPath: /bar
+  #     readOnly: true
+
 # log level. Uses V logs (klog)
 logVerbosity: 0
 
@@ -161,15 +183,9 @@ rbac:
   install: true
   pspEnabled: false
 
-## Install RBAC roles and bindings required for K8S Secrets syncing. Change this
-## to false after v0.0.14
+## Install RBAC roles and bindings required for K8S Secrets syncing if true
 syncSecret:
-  enabled: true
-
-## [DEPRECATED] Minimum Provider Versions (optional)
-## A comma delimited list of key-value pairs of minimum provider versions
-## e.g. provider1=0.0.2,provider2=0.0.3
-minimumProviderVersions:
+  enabled: false
 
 ## Enable secret rotation feature [alpha]
 enableSecretRotation: false
@@ -185,3 +201,5 @@ providerHealthCheck: false
 
 ## Provider HealthCheck interval
 providerHealthCheckInterval: 2m
+
+imagePullSecrets: []
diff --git a/deploy/rbac-secretproviderrotation.yaml b/deploy/rbac-secretproviderrotation.yaml
new file mode 100644
index 000000000..53af8cd97
--- /dev/null
+++ b/deploy/rbac-secretproviderrotation.yaml
@@ -0,0 +1,27 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: secretproviderrotation-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: secretproviderrotation-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: secretproviderrotation-role
+subjects:
+- kind: ServiceAccount
+  name: secrets-store-csi-driver
+  namespace: kube-system
diff --git a/deploy/secrets-store-csi-driver-windows.yaml b/deploy/secrets-store-csi-driver-windows.yaml
index 7bbb14371..07f67dcf0 100644
--- a/deploy/secrets-store-csi-driver-windows.yaml
+++ b/deploy/secrets-store-csi-driver-windows.yaml
@@ -42,7 +42,7 @@ spec:
               cpu: 10m
               memory: 20Mi
         - name: secrets-store
-          image: k8s.gcr.io/csi-secrets-store/driver:v0.0.22
+          image: k8s.gcr.io/csi-secrets-store/driver:v0.0.23
           args:
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--nodeid=$(KUBE_NODE_NAME)"
diff --git a/deploy/secrets-store-csi-driver.yaml b/deploy/secrets-store-csi-driver.yaml
index 764ea13fa..9f9e42f5c 100644
--- a/deploy/secrets-store-csi-driver.yaml
+++ b/deploy/secrets-store-csi-driver.yaml
@@ -42,7 +42,7 @@ spec:
               cpu: 10m
               memory: 20Mi
         - name: secrets-store
-          image: k8s.gcr.io/csi-secrets-store/driver:v0.0.22
+          image: k8s.gcr.io/csi-secrets-store/driver:v0.0.23
           args:
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--nodeid=$(KUBE_NODE_NAME)"
diff --git a/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml b/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml
index 910f90177..6f348c6ce 100644
--- a/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml
+++ b/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: secrets-store-csi-driver
-version: 0.0.22
-appVersion: 0.0.22
+version: 0.0.23
+appVersion: 0.0.23
 kubeVersion: ">=1.16.0-0"
 description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
 icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
diff --git a/manifest_staging/charts/secrets-store-csi-driver/README.md b/manifest_staging/charts/secrets-store-csi-driver/README.md
index bf91d1531..ec8950c6e 100644
--- a/manifest_staging/charts/secrets-store-csi-driver/README.md
+++ b/manifest_staging/charts/secrets-store-csi-driver/README.md
@@ -25,7 +25,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
 | `fullnameOverride`                      | String to fully override secrets-store-csi-driver.fullname template with a string                                                 | `""`                                                    |
 | `linux.image.repository`                | Linux image repository                                                                                                            | `k8s.gcr.io/csi-secrets-store/driver`                   |
 | `linux.image.pullPolicy`                | Linux image pull policy                                                                                                           | `IfNotPresent`                                          |
-| `linux.image.tag`                       | Linux image tag                                                                                                                   | `v0.0.22`                                               |
+| `linux.image.tag`                       | Linux image tag                                                                                                                   | `v0.0.23`                                               |
 | `linux.affinity`                        | Linux affinity                                                                                                                    | `key: type; operator: NotIn; values: [virtual-kubelet]` |
 | `linux.driver.resources`                | The resource request/limits for the linux secrets-store container image                                                           | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi`     |
 | `linux.enabled`                         | Install secrets store csi driver on linux nodes                                                                                   | true                                                    |
@@ -53,7 +53,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
 | `linux.updateStrategy`                  | Configure a custom update strategy for the daemonset on linux nodes                                                               | `RollingUpdate with 1 maxUnavailable`                   |
 | `windows.image.repository`              | Windows image repository                                                                                                          | `k8s.gcr.io/csi-secrets-store/driver`                   |
 | `windows.image.pullPolicy`              | Windows image pull policy                                                                                                         | `IfNotPresent`                                          |
-| `windows.image.tag`                     | Windows image tag                                                                                                                 | `v0.0.22`                                               |
+| `windows.image.tag`                     | Windows image tag                                                                                                                 | `v0.0.23`                                               |
 | `windows.affinity`                      | Windows affinity                                                                                                                  | `key: type; operator: NotIn; values: [virtual-kubelet]` |
 | `windows.driver.resources`              | The resource request/limits for the windows secrets-store container image                                                         | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi`     |
 | `windows.enabled`                       | Install secrets store csi driver on windows nodes                                                                                 | false                                                   |
diff --git a/manifest_staging/charts/secrets-store-csi-driver/values.yaml b/manifest_staging/charts/secrets-store-csi-driver/values.yaml
index 12f16b880..6ba16c6ae 100644
--- a/manifest_staging/charts/secrets-store-csi-driver/values.yaml
+++ b/manifest_staging/charts/secrets-store-csi-driver/values.yaml
@@ -2,7 +2,7 @@ linux:
   enabled: true
   image:
     repository: k8s.gcr.io/csi-secrets-store/driver
-    tag: v0.0.22
+    tag: v0.0.23
     pullPolicy: IfNotPresent
 
   ## Prevent the CSI driver from being scheduled on virtual-kublet nodes
@@ -86,7 +86,7 @@ windows:
   enabled: false
   image:
     repository: k8s.gcr.io/csi-secrets-store/driver
-    tag: v0.0.22
+    tag: v0.0.23
     pullPolicy: IfNotPresent
 
   ## Prevent the CSI driver from being scheduled on virtual-kublet nodes
diff --git a/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml b/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml
index 7bbb14371..07f67dcf0 100644
--- a/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml
+++ b/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml
@@ -42,7 +42,7 @@ spec:
               cpu: 10m
               memory: 20Mi
         - name: secrets-store
-          image: k8s.gcr.io/csi-secrets-store/driver:v0.0.22
+          image: k8s.gcr.io/csi-secrets-store/driver:v0.0.23
           args:
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--nodeid=$(KUBE_NODE_NAME)"
diff --git a/manifest_staging/deploy/secrets-store-csi-driver.yaml b/manifest_staging/deploy/secrets-store-csi-driver.yaml
index 764ea13fa..9f9e42f5c 100644
--- a/manifest_staging/deploy/secrets-store-csi-driver.yaml
+++ b/manifest_staging/deploy/secrets-store-csi-driver.yaml
@@ -42,7 +42,7 @@ spec:
               cpu: 10m
               memory: 20Mi
         - name: secrets-store
-          image: k8s.gcr.io/csi-secrets-store/driver:v0.0.22
+          image: k8s.gcr.io/csi-secrets-store/driver:v0.0.23
           args:
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--nodeid=$(KUBE_NODE_NAME)"