Merge pull request #690 from aramase/automated-cherry-pick-of-#689-upstream-release-0.2

Automated cherry pick of #689: release: update manifest and helm charts for v0.2.0

Author: k8s-ci-robot

charts/index.yaml

@@ -1,6 +1,23 @@
 apiVersion: v1
 entries:
   secrets-store-csi-driver:
+  - apiVersion: v2
+    appVersion: 0.2.0
+    created: "2021-08-12T13:36:37.324621-07:00"
+    description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes
+      cluster.
+    digest: 63d3111b172313165bb2e7406b8c3f3a4d9341a97e3dcf213b4b6c28b0b59443
+    icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
+    kubeVersion: '>=1.16.0-0'
+    maintainers:
+    - email: ritazh@microsoft.com
+      name: Rita Zhang
+    name: secrets-store-csi-driver
+    sources:
+    - https://github.com/kubernetes-sigs/secrets-store-csi-driver
+    urls:
+    - https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.2.0.tgz
+    version: 0.2.0
   - apiVersion: v2
     appVersion: 0.1.0
     created: "2021-07-26T09:41:27.883002-07:00"
@@ -273,4 +290,4 @@ entries:
     urls:
     - https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.9.tgz
     version: 0.0.9
-generated: "2021-07-26T09:41:27.881293-07:00"
+generated: "2021-08-12T13:36:37.321857-07:00"

charts/secrets-store-csi-driver-0.2.0.tgz

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: secrets-store-csi-driver
-version: 0.1.0
-appVersion: 0.1.0
+version: 0.2.0
+appVersion: 0.2.0
 kubeVersion: ">=1.16.0-0"
 description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
 icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png

charts/secrets-store-csi-driver/Chart.yaml

@@ -30,7 +30,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
 | `fullnameOverride`                      | String to fully override secrets-store-csi-driver.fullname template with a string                                     | `""`                                                    |
 | `linux.image.repository`                | Linux image repository                                                                                                | `k8s.gcr.io/csi-secrets-store/driver`                   |
 | `linux.image.pullPolicy`                | Linux image pull policy                                                                                               | `IfNotPresent`                                          |
-| `linux.image.tag`                       | Linux image tag                                                                                                       | `v0.1.0`                                               |
+| `linux.image.tag`                       | Linux image tag                                                                                                       | `v0.2.0`                                               |
 | `linux.affinity`                        | Linux affinity                                                                                                        | `key: type; operator: NotIn; values: [virtual-kubelet]` |
 | `linux.driver.resources`                | The resource request/limits for the linux secrets-store container image                                               | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi`     |
 | `linux.enabled`                         | Install secrets store csi driver on linux nodes                                                                       | true                                                    |
@@ -58,7 +58,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
 | `linux.updateStrategy`                  | Configure a custom update strategy for the daemonset on linux nodes                                                   | `RollingUpdate with 1 maxUnavailable`                   |
 | `windows.image.repository`              | Windows image repository                                                                                              | `k8s.gcr.io/csi-secrets-store/driver`                   |
 | `windows.image.pullPolicy`              | Windows image pull policy                                                                                             | `IfNotPresent`                                          |
-| `windows.image.tag`                     | Windows image tag                                                                                                     | `v0.1.0`                                               |
+| `windows.image.tag`                     | Windows image tag                                                                                                     | `v0.2.0`                                               |
 | `windows.affinity`                      | Windows affinity                                                                                                      | `key: type; operator: NotIn; values: [virtual-kubelet]` |
 | `windows.driver.resources`              | The resource request/limits for the windows secrets-store container image                                             | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi`     |
 | `windows.enabled`                       | Install secrets store csi driver on windows nodes                                                                     | false                                                   |

charts/secrets-store-csi-driver/README.md

@@ -19,13 +19,18 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: SecretProviderClass is the Schema for the secretproviderclasses API
+        description: SecretProviderClass is the Schema for the secretproviderclasses
+          API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
             type: string
           metadata:
             type: object
@@ -42,7 +47,8 @@ spec:
                 type: string
               secretObjects:
                 items:
-                  description: SecretObject defines the desired state of synced K8s secret objects
+                  description: SecretObject defines the desired state of synced K8s
+                    secret objects
                   properties:
                     annotations:
                       additionalProperties:
@@ -51,7 +57,8 @@ spec:
                       type: object
                     data:
                       items:
-                        description: SecretObjectData defines the desired state of synced K8s secret object data
+                        description: SecretObjectData defines the desired state of
+                          synced K8s secret object data
                         properties:
                           key:
                             description: data field to populate
@@ -80,7 +87,8 @@ spec:
             properties:
               byPod:
                 items:
-                  description: ByPodStatus defines the state of SecretProviderClass as seen by an individual controller
+                  description: ByPodStatus defines the state of SecretProviderClass
+                    as seen by an individual controller
                   properties:
                     id:
                       description: id of the pod that wrote the status

charts/secrets-store-csi-driver/crds/secrets-store.csi.x-k8s.io_secretproviderclasses.yaml

@@ -19,24 +19,31 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: SecretProviderClassPodStatus is the Schema for the secretproviderclassespodstatus API
+        description: SecretProviderClassPodStatus is the Schema for the secretproviderclassespodstatus
+          API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
             type: string
           metadata:
             type: object
           status:
-            description: SecretProviderClassPodStatusStatus defines the observed state of SecretProviderClassPodStatus
+            description: SecretProviderClassPodStatusStatus defines the observed state
+              of SecretProviderClassPodStatus
             properties:
               mounted:
                 type: boolean
               objects:
                 items:
-                  description: SecretProviderClassObject defines the object fetched from external secrets store
+                  description: SecretProviderClassObject defines the object fetched
+                    from external secrets store
                   properties:
                     id:
                       type: string

charts/secrets-store-csi-driver/crds/secrets-store.csi.x-k8s.io_secretproviderclasspodstatuses.yaml

@@ -12,13 +12,17 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "sscd.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- if contains $name .Release.Name -}}
 {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
+{{- end -}}
 
 {{/*
 Standard labels for helm resources

charts/secrets-store-csi-driver/templates/_helpers.tpl

@@ -48,7 +48,7 @@ metadata:
   namespace: {{ .Release.Namespace }}
 {{ include "sscd.labels" . | indent 2 }}
   annotations:
-    helm.sh/hook: pre-upgrade
+    helm.sh/hook: pre-install,pre-upgrade
     helm.sh/hook-weight: "1"
     helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
 spec:
@@ -69,3 +69,10 @@ spec:
         imagePullPolicy: {{ .Values.linux.crds.image.pullPolicy }}
       nodeSelector:
         kubernetes.io/os: linux
+{{- if .Values.linux.nodeSelector }}
+{{- toYaml .Values.linux.nodeSelector | nindent 8 }}
+{{- end }}
+{{- with .Values.linux.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}

charts/secrets-store-csi-driver/templates/crds-upgrade-hook.yaml

@@ -72,3 +72,10 @@ spec:
         imagePullPolicy: {{ .Values.linux.crds.image.pullPolicy }}
       nodeSelector:
         kubernetes.io/os: linux
+{{- if .Values.linux.nodeSelector }}
+{{- toYaml .Values.linux.nodeSelector | nindent 8 }}
+{{- end }}
+{{- with .Values.linux.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}

charts/secrets-store-csi-driver/templates/keep-crds-upgrade-hook.yaml

@@ -108,6 +108,9 @@ spec:
             - containerPort: {{ .Values.livenessProbe.port }}
               name: healthz
               protocol: TCP
+            - containerPort: {{ trimPrefix ":" .Values.windows.metricsAddr }}
+              name: metrics
+              protocol: TCP
           livenessProbe:
               failureThreshold: 5
               httpGet:

charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml

@@ -110,6 +110,9 @@ spec:
             - containerPort: {{ .Values.livenessProbe.port }}
               name: healthz
               protocol: TCP
+            - containerPort: {{ trimPrefix ":" .Values.linux.metricsAddr }}
+              name: metrics
+              protocol: TCP
           livenessProbe:
               failureThreshold: 5
               httpGet:

charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml

@@ -2,13 +2,13 @@ linux:
   enabled: true
   image:
     repository: k8s.gcr.io/csi-secrets-store/driver
-    tag: v0.1.0
+    tag: v0.2.0
     pullPolicy: IfNotPresent
 
   crds:
     image:
       repository: k8s.gcr.io/csi-secrets-store/driver-crds
-      tag: v0.1.0
+      tag: v0.2.0
       pullPolicy: IfNotPresent
 
   ## Prevent the CSI driver from being scheduled on virtual-kublet nodes
@@ -92,7 +92,7 @@ windows:
   enabled: false
   image:
     repository: k8s.gcr.io/csi-secrets-store/driver
-    tag: v0.1.0
+    tag: v0.2.0
     pullPolicy: IfNotPresent
 
   ## Prevent the CSI driver from being scheduled on virtual-kublet nodes

charts/secrets-store-csi-driver/values.yaml

@@ -19,13 +19,18 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: SecretProviderClass is the Schema for the secretproviderclasses API
+        description: SecretProviderClass is the Schema for the secretproviderclasses
+          API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
             type: string
           metadata:
             type: object
@@ -42,7 +47,8 @@ spec:
                 type: string
               secretObjects:
                 items:
-                  description: SecretObject defines the desired state of synced K8s secret objects
+                  description: SecretObject defines the desired state of synced K8s
+                    secret objects
                   properties:
                     annotations:
                       additionalProperties:
@@ -51,7 +57,8 @@ spec:
                       type: object
                     data:
                       items:
-                        description: SecretObjectData defines the desired state of synced K8s secret object data
+                        description: SecretObjectData defines the desired state of
+                          synced K8s secret object data
                         properties:
                           key:
                             description: data field to populate
@@ -80,7 +87,8 @@ spec:
             properties:
               byPod:
                 items:
-                  description: ByPodStatus defines the state of SecretProviderClass as seen by an individual controller
+                  description: ByPodStatus defines the state of SecretProviderClass
+                    as seen by an individual controller
                   properties:
                     id:
                       description: id of the pod that wrote the status

config/crd/bases/secrets-store.csi.x-k8s.io_secretproviderclasses.yaml

@@ -19,24 +19,31 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: SecretProviderClassPodStatus is the Schema for the secretproviderclassespodstatus API
+        description: SecretProviderClassPodStatus is the Schema for the secretproviderclassespodstatus
+          API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
             type: string
           metadata:
             type: object
           status:
-            description: SecretProviderClassPodStatusStatus defines the observed state of SecretProviderClassPodStatus
+            description: SecretProviderClassPodStatusStatus defines the observed state
+              of SecretProviderClassPodStatus
             properties:
               mounted:
                 type: boolean
               objects:
                 items:
-                  description: SecretProviderClassObject defines the object fetched from external secrets store
+                  description: SecretProviderClassObject defines the object fetched
+                    from external secrets store
                   properties:
                     id:
                       type: string

config/crd/bases/secrets-store.csi.x-k8s.io_secretproviderclasspodstatuses.yaml

@@ -42,7 +42,7 @@ spec:
               cpu: 10m
               memory: 20Mi
         - name: secrets-store
-          image: k8s.gcr.io/csi-secrets-store/driver:v0.1.0
+          image: k8s.gcr.io/csi-secrets-store/driver:v0.2.0
           args:
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--nodeid=$(KUBE_NODE_NAME)"
@@ -66,6 +66,9 @@ spec:
             - containerPort: 9808
               name: healthz
               protocol: TCP
+            - containerPort: 8095
+              name: metrics
+              protocol: TCP
           livenessProbe:
               failureThreshold: 5
               httpGet: