Merge pull request #498 from aramase/release-v0.0.21

k8s-ci-robot · web-flow · commit 58c586d3bb32 · 2021-04-01T15:07:11.000-07:00
release: update manifest and helm charts for v0.0.21
diff --git a/Makefile b/Makefile
@@ -25,7 +25,7 @@ REGISTRY ?= gcr.io/k8s-staging-csi-secrets-store
 IMAGE_NAME ?= driver
 # Release version is the current supported release for the driver
 # Update this version when the helm chart is being updated for release
-RELEASE_VERSION := v0.0.20
+RELEASE_VERSION := v0.0.21
 IMAGE_VERSION ?= v0.0.21
 # Use a custom version for E2E tests if we are testing in CI
 ifdef CI
@@ -293,7 +293,7 @@ e2e-helm-deploy:
 e2e-helm-deploy-release:
 	set -x; \
 	current_release=$(shell (echo ${RELEASE_VERSION} | sed s/"v"//)); \
-	helm install csi charts/secrets-store-csi-driver-$${current_release}.tgz --namespace default --wait --timeout=15m -v=5 --debug \
+	helm install csi-secrets-store charts/secrets-store-csi-driver-$${current_release}.tgz --namespace default --wait --timeout=15m -v=5 --debug \
 		--set linux.image.pullPolicy="IfNotPresent" \
 		--set windows.image.pullPolicy="IfNotPresent" \
 		--set windows.enabled=true \
diff --git a/charts/index.yaml b/charts/index.yaml
@@ -1,6 +1,22 @@
 apiVersion: v1
 entries:
   secrets-store-csi-driver:
+  - apiVersion: v1
+    appVersion: 0.0.21
+    created: "2021-04-01T09:50:24.248603-07:00"
+    description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
+    digest: cab95625686b388faa1e298dc913a14c5b28ffff7888074664e98dc392c94814
+    icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
+    kubeVersion: '>=1.16.0-0'
+    maintainers:
+    - email: ritazh@microsoft.com
+      name: Rita Zhang
+    name: secrets-store-csi-driver
+    sources:
+    - https://github.com/kubernetes-sigs/secrets-store-csi-driver
+    urls:
+    - https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.21.tgz
+    version: 0.0.21
   - apiVersion: v1
     appVersion: 0.0.20
     created: "2021-02-18T11:02:39.04869-08:00"
@@ -193,4 +209,4 @@ entries:
     urls:
     - https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.9.tgz
     version: 0.0.9
-generated: "2021-02-18T11:02:39.046817-08:00"
+generated: "2021-04-01T09:50:24.246699-07:00"
diff --git a/charts/secrets-store-csi-driver-0.0.21.tgz b/charts/secrets-store-csi-driver-0.0.21.tgz
diff --git a/charts/secrets-store-csi-driver/Chart.yaml b/charts/secrets-store-csi-driver/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: secrets-store-csi-driver
-version: 0.0.20
-appVersion: 0.0.20
+version: 0.0.21
+appVersion: 0.0.21
 kubeVersion: ">=1.16.0-0"
 description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
 icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
diff --git a/charts/secrets-store-csi-driver/README.md b/charts/secrets-store-csi-driver/README.md
@@ -25,7 +25,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
 | `fullnameOverride`                      | String to fully override secrets-store-csi-driver.fullname template with a string                                                 | `""`                                                |
 | `linux.image.repository`                | Linux image repository                                                                                                            | `k8s.gcr.io/csi-secrets-store/driver`               |
 | `linux.image.pullPolicy`                | Linux image pull policy                                                                                                           | `Always`                                            |
-| `linux.image.tag`                       | Linux image tag                                                                                                                   | `v0.0.20`                                           |
+| `linux.image.tag`                       | Linux image tag                                                                                                                   | `v0.0.21`                                           |
 | `linux.driver.resources`                | The resource request/limits for the linux secrets-store container image                                                           | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` |
 | `linux.enabled`                         | Install secrets store csi driver on linux nodes                                                                                   | true                                                |
 | `linux.kubeletRootDir`                  | Configure the kubelet root dir                                                                                                    | `/var/lib/kubelet`                                  |
@@ -50,7 +50,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
 | `linux.updateStrategy`                  | Configure a custom update strategy for the daemonset on linux nodes                                                               | `RollingUpdate with 1 maxUnavailable`               |
 | `windows.image.repository`              | Windows image repository                                                                                                          | `k8s.gcr.io/csi-secrets-store/driver`               |
 | `windows.image.pullPolicy`              | Windows image pull policy                                                                                                         | `IfNotPresent`                                      |
-| `windows.image.tag`                     | Windows image tag                                                                                                                 | `v0.0.20`                                           |
+| `windows.image.tag`                     | Windows image tag                                                                                                                 | `v0.0.21`                                           |
 | `windows.driver.resources`              | The resource request/limits for the windows secrets-store container image                                                         | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` |
 | `windows.enabled`                       | Install secrets store csi driver on windows nodes                                                                                 | false                                               |
 | `windows.kubeletRootDir`                | Configure the kubelet root dir                                                                                                    | `C:\var\lib\kubelet`                                |
@@ -80,6 +80,6 @@ The following table lists the configurable parameters of the csi-secrets-store-p
 | `rbac.install`                          | Install default rbac roles and bindings                                                                                           | true                                                |
 | `syncSecret.enabled`                    | Enable rbac roles and bindings required for syncing to Kubernetes native secrets (the default will change to false after v0.0.14) | true                                                |
 | `minimumProviderVersions`               | [**DEPRECATED**] A comma delimited list of key-value pairs of minimum provider versions with driver                               | `""`                                                |
-| `grpcSupportedProviders`                | A `;` delimited list of providers that support grpc for driver-provider                                                           | `"gcp;azure;vault;"`                                |
 | `enableSecretRotation`                  | Enable secret rotation feature [alpha]                                                                                            | `false`                                             |
 | `rotationPollInterval`                  | Secret rotation poll interval duration                                                                                            | `"120s"`                                            |
+| `filteredWatchSecret`                   | Enable filtered watch for NodePublishSecretRef secrets with label `secrets-store.csi.k8s.io/used=true`                            | `false`                                             |
diff --git a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml
@@ -66,16 +66,16 @@ spec:
             {{- if and (semverCompare ">= v0.0.9-0" .Values.windows.image.tag) .Values.minimumProviderVersions }}
             - "--min-provider-version={{ .Values.minimumProviderVersions }}"
             {{- end }}
-            {{- if and (semverCompare ">= v0.0.14-0" .Values.windows.image.tag) .Values.grpcSupportedProviders }}
-            - "--grpc-supported-providers={{ .Values.grpcSupportedProviders }}"
-            {{- end }}
             {{- if and (semverCompare ">= v0.0.15-0" .Values.windows.image.tag) .Values.enableSecretRotation }}
             - "--enable-secret-rotation={{ .Values.enableSecretRotation }}"
             {{- end }}
             {{- if and (semverCompare ">= v0.0.15-0" .Values.windows.image.tag) .Values.rotationPollInterval }}
             - "--rotation-poll-interval={{ .Values.rotationPollInterval }}"
             {{- end }}
             - "--metrics-addr={{ .Values.windows.metricsAddr }}"
+            {{- if and (semverCompare ">= v0.0.21-0" .Values.windows.image.tag) .Values.filteredWatchSecret }}
+            - "--filtered-watch-secret={{ .Values.filteredWatchSecret }}"
+            {{- end }}
           env:
           {{- with .Values.windows.env }}
             {{- toYaml . | nindent 10 }}
diff --git a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml
@@ -66,16 +66,16 @@ spec:
             {{- if and (semverCompare ">= v0.0.8-0" .Values.linux.image.tag) .Values.minimumProviderVersions }}
             - "--min-provider-version={{ .Values.minimumProviderVersions }}"
             {{- end }}
-            {{- if and (semverCompare ">= v0.0.14-0" .Values.linux.image.tag) .Values.grpcSupportedProviders }}
-            - "--grpc-supported-providers={{ .Values.grpcSupportedProviders }}"
-            {{- end }}
             {{- if and (semverCompare ">= v0.0.15-0" .Values.linux.image.tag) .Values.enableSecretRotation }}
             - "--enable-secret-rotation={{ .Values.enableSecretRotation }}"
             {{- end }}
             {{- if and (semverCompare ">= v0.0.15-0" .Values.linux.image.tag) .Values.rotationPollInterval }}
             - "--rotation-poll-interval={{ .Values.rotationPollInterval }}"
             {{- end }}
             - "--metrics-addr={{ .Values.linux.metricsAddr }}"
+            {{- if and (semverCompare ">= v0.0.21-0" .Values.linux.image.tag) .Values.filteredWatchSecret }}
+            - "--filtered-watch-secret={{ .Values.filteredWatchSecret }}"
+            {{- end }}
           env:
           {{- with .Values.linux.env }}
             {{- toYaml . | nindent 10 }}
diff --git a/charts/secrets-store-csi-driver/values.yaml b/charts/secrets-store-csi-driver/values.yaml
@@ -2,7 +2,7 @@ linux:
   enabled: true
   image:
     repository: k8s.gcr.io/csi-secrets-store/driver
-    tag: v0.0.20
+    tag: v0.0.21
     pullPolicy: Always
 
   driver:
@@ -63,7 +63,7 @@ windows:
   enabled: false
   image:
     repository: k8s.gcr.io/csi-secrets-store/driver
-    tag: v0.0.20
+    tag: v0.0.21
     pullPolicy: IfNotPresent
 
   driver:
@@ -144,11 +144,11 @@ syncSecret:
 ## e.g. provider1=0.0.2,provider2=0.0.3
 minimumProviderVersions:
 
-## ; delimited list of providers that support grpc for driver-provider [alpha]
-grpcSupportedProviders: gcp;azure;vault;
-
 ## Enable secret rotation feature [alpha]
 enableSecretRotation: false
 
 ## Secret rotation poll interval duration
 rotationPollInterval:
+
+## Filtered watch nodePublishSecretRef secrets
+filteredWatchSecret: false
diff --git a/deploy/csidriver-1.15.yaml b/deploy/csidriver-1.15.yaml
diff --git a/deploy/secrets-store-csi-driver-windows.yaml b/deploy/secrets-store-csi-driver-windows.yaml
@@ -42,15 +42,15 @@ spec:
               cpu: 10m
               memory: 20Mi
         - name: secrets-store
-          image: k8s.gcr.io/csi-secrets-store/driver:v0.0.20
+          image: k8s.gcr.io/csi-secrets-store/driver:v0.0.21
           args:
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--nodeid=$(KUBE_NODE_NAME)"
             - "--provider-volume=C:\\k\\secrets-store-csi-providers"
             - "--metrics-addr=:8095"
-            - "--grpc-supported-providers=azure;"
             - "--enable-secret-rotation=false"
             - "--rotation-poll-interval=2m"
+            - "--filtered-watch-secret=false"
           env:
             - name: CSI_ENDPOINT
               value: unix://C:\\csi\\csi.sock
diff --git a/deploy/secrets-store-csi-driver.yaml b/deploy/secrets-store-csi-driver.yaml
@@ -42,15 +42,15 @@ spec:
               cpu: 10m
               memory: 20Mi
         - name: secrets-store
-          image: k8s.gcr.io/csi-secrets-store/driver:v0.0.20
+          image: k8s.gcr.io/csi-secrets-store/driver:v0.0.21
           args:
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--nodeid=$(KUBE_NODE_NAME)"
             - "--provider-volume=/etc/kubernetes/secrets-store-csi-providers"
             - "--metrics-addr=:8095"
-            - "--grpc-supported-providers=gcp;azure;vault;"
             - "--enable-secret-rotation=false"
             - "--rotation-poll-interval=2m"
+            - "--filtered-watch-secret=false"
           env:
             - name: CSI_ENDPOINT
               value: unix:///csi/csi.sock
diff --git a/docs/book/src/load-tests.md b/docs/book/src/load-tests.md
@@ -61,7 +61,7 @@ As of Secrets Store CSI Driver `v0.0.21`, the memory consumption for the driver
 If the secret rotation feature is enabled and filtered secret watch is not enabled, it'll cache Kubernetes secrets across all namespaces. To only cache the secrets with the above 2 labels:
 
 1. Label all existing `nodePublishSecretRef` secrets with `secrets-store.csi.k8s.io/used=true` by running `kubectl label secret <node publish secret ref name> secrets-store.csi.k8s.io/used=true`.
-2. Enable filtered secret watch by setting `--filtered-secret-watch=true` in `secrets-store` container or via helm using `--set filteredSecretWatch=true`.
+2. Enable filtered secret watch by setting `--filtered-watch-secret=true` in `secrets-store` container or via helm using `--set filteredWatchSecret=true`.
 
-**NOTE:** `--filtered-secret-watch=true` will be enabled by default in n+3 releases (`v0.0.25`). Please take the necessary action to label the `nodePublishSecretRef` secrets with the `secrets-store.csi.k8s.io/used=true` label.
+**NOTE:** `--filtered-watch-secret=true` will be enabled by default in n+3 releases (`v0.0.25`). Please take the necessary action to label the `nodePublishSecretRef` secrets with the `secrets-store.csi.k8s.io/used=true` label.
 </aside>
diff --git a/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml b/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: secrets-store-csi-driver
-version: 0.0.20
-appVersion: 0.0.20
+version: 0.0.21
+appVersion: 0.0.21
 kubeVersion: ">=1.16.0-0"
 description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
 icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
diff --git a/manifest_staging/charts/secrets-store-csi-driver/README.md b/manifest_staging/charts/secrets-store-csi-driver/README.md
@@ -25,7 +25,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
 | `fullnameOverride`                      | String to fully override secrets-store-csi-driver.fullname template with a string                                                 | `""`                                                |
 | `linux.image.repository`                | Linux image repository                                                                                                            | `k8s.gcr.io/csi-secrets-store/driver`               |
 | `linux.image.pullPolicy`                | Linux image pull policy                                                                                                           | `Always`                                            |
-| `linux.image.tag`                       | Linux image tag                                                                                                                   | `v0.0.20`                                           |
+| `linux.image.tag`                       | Linux image tag                                                                                                                   | `v0.0.21`                                           |
 | `linux.driver.resources`                | The resource request/limits for the linux secrets-store container image                                                           | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` |
 | `linux.enabled`                         | Install secrets store csi driver on linux nodes                                                                                   | true                                                |
 | `linux.kubeletRootDir`                  | Configure the kubelet root dir                                                                                                    | `/var/lib/kubelet`                                  |
@@ -50,7 +50,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
 | `linux.updateStrategy`                  | Configure a custom update strategy for the daemonset on linux nodes                                                               | `RollingUpdate with 1 maxUnavailable`               |
 | `windows.image.repository`              | Windows image repository                                                                                                          | `k8s.gcr.io/csi-secrets-store/driver`               |
 | `windows.image.pullPolicy`              | Windows image pull policy                                                                                                         | `IfNotPresent`                                      |
-| `windows.image.tag`                     | Windows image tag                                                                                                                 | `v0.0.20`                                           |
+| `windows.image.tag`                     | Windows image tag                                                                                                                 | `v0.0.21`                                           |
 | `windows.driver.resources`              | The resource request/limits for the windows secrets-store container image                                                         | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` |
 | `windows.enabled`                       | Install secrets store csi driver on windows nodes                                                                                 | false                                               |
 | `windows.kubeletRootDir`                | Configure the kubelet root dir                                                                                                    | `C:\var\lib\kubelet`                                |
diff --git a/manifest_staging/charts/secrets-store-csi-driver/values.yaml b/manifest_staging/charts/secrets-store-csi-driver/values.yaml
@@ -2,7 +2,7 @@ linux:
   enabled: true
   image:
     repository: k8s.gcr.io/csi-secrets-store/driver
-    tag: v0.0.20
+    tag: v0.0.21
     pullPolicy: Always
 
   driver:
@@ -63,7 +63,7 @@ windows:
   enabled: false
   image:
     repository: k8s.gcr.io/csi-secrets-store/driver
-    tag: v0.0.20
+    tag: v0.0.21
     pullPolicy: IfNotPresent
 
   driver:
diff --git a/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml b/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml
@@ -42,15 +42,15 @@ spec:
               cpu: 10m
               memory: 20Mi
         - name: secrets-store
-          image: k8s.gcr.io/csi-secrets-store/driver:v0.0.20
+          image: k8s.gcr.io/csi-secrets-store/driver:v0.0.21
           args:
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--nodeid=$(KUBE_NODE_NAME)"
             - "--provider-volume=C:\\k\\secrets-store-csi-providers"
             - "--metrics-addr=:8095"
             - "--enable-secret-rotation=false"
             - "--rotation-poll-interval=2m"
-            - "--filtered-secret-watch=false"
+            - "--filtered-watch-secret=false"
           env:
             - name: CSI_ENDPOINT
               value: unix://C:\\csi\\csi.sock
diff --git a/manifest_staging/deploy/secrets-store-csi-driver.yaml b/manifest_staging/deploy/secrets-store-csi-driver.yaml
@@ -42,15 +42,15 @@ spec:
               cpu: 10m
               memory: 20Mi
         - name: secrets-store
-          image: k8s.gcr.io/csi-secrets-store/driver:v0.0.20
+          image: k8s.gcr.io/csi-secrets-store/driver:v0.0.21
           args:
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--nodeid=$(KUBE_NODE_NAME)"
             - "--provider-volume=/etc/kubernetes/secrets-store-csi-providers"
             - "--metrics-addr=:8095"
             - "--enable-secret-rotation=false"
             - "--rotation-poll-interval=2m"
-            - "--filtered-secret-watch=false"
+            - "--filtered-watch-secret=false"
           env:
             - name: CSI_ENDPOINT
               value: unix:///csi/csi.sock
