Skip to content

Commit 9db32c7

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #590 from aramase/release-v0.0.23
release: update manifest and helm charts for v0.0.23
2 parents baf2df8 + 90d57dc commit 9db32c7

17 files changed

+145
-27
lines changed

charts/index.yaml

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,23 @@
11
apiVersion: v1
22
entries:
33
secrets-store-csi-driver:
4+
- apiVersion: v1
5+
appVersion: 0.0.23
6+
created: "2021-06-10T12:27:24.468813-07:00"
7+
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes
8+
cluster.
9+
digest: 8207abf0e14ffe7d828119937e11fa72340d19d824e9a326b8f40fc8b6c8bd86
10+
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
11+
kubeVersion: '>=1.16.0-0'
12+
maintainers:
13+
- email: ritazh@microsoft.com
14+
name: Rita Zhang
15+
name: secrets-store-csi-driver
16+
sources:
17+
- https://github.com/kubernetes-sigs/secrets-store-csi-driver
18+
urls:
19+
- https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.23.tgz
20+
version: 0.0.23
421
- apiVersion: v1
522
appVersion: 0.0.22
623
created: "2021-05-17T17:56:19.441550381-04:00"
@@ -239,4 +256,4 @@ entries:
239256
urls:
240257
- https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.9.tgz
241258
version: 0.0.9
242-
generated: "2021-05-17T17:56:19.439691442-04:00"
259+
generated: "2021-06-10T12:27:24.466683-07:00"

charts/secrets-store-csi-driver-0.0.23.tgz

7.87 KB
Binary file not shown.

charts/secrets-store-csi-driver/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
apiVersion: v1
22
name: secrets-store-csi-driver
3-
version: 0.0.22
4-
appVersion: 0.0.22
3+
version: 0.0.23
4+
appVersion: 0.0.23
55
kubeVersion: ">=1.16.0-0"
66
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
77
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png

charts/secrets-store-csi-driver/README.md

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
2525
| `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` |
2626
| `linux.image.repository` | Linux image repository | `k8s.gcr.io/csi-secrets-store/driver` |
2727
| `linux.image.pullPolicy` | Linux image pull policy | `IfNotPresent` |
28-
| `linux.image.tag` | Linux image tag | `v0.0.22` |
28+
| `linux.image.tag` | Linux image tag | `v0.0.23` |
2929
| `linux.affinity` | Linux affinity | `key: type; operator: NotIn; values: [virtual-kubelet]` |
3030
| `linux.driver.resources` | The resource request/limits for the linux secrets-store container image | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` |
3131
| `linux.enabled` | Install secrets store csi driver on linux nodes | true |
@@ -48,10 +48,12 @@ The following table lists the configurable parameters of the csi-secrets-store-p
4848
| `linux.daemonsetAnnotations` | Linux *DaemonSet* annotations | `{}` |
4949
| `linux.podAnnotations` | Linux *Pod* annotations | `{}` |
5050
| `linux.podLabels` | Linux *Pod* labels | `{}` |
51+
| `linux.volumes` | Linux volumes | `{}` |
52+
| `linux.volumeMounts` | Linux volumeMounts | `{}` |
5153
| `linux.updateStrategy` | Configure a custom update strategy for the daemonset on linux nodes | `RollingUpdate with 1 maxUnavailable` |
5254
| `windows.image.repository` | Windows image repository | `k8s.gcr.io/csi-secrets-store/driver` |
5355
| `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` |
54-
| `windows.image.tag` | Windows image tag | `v0.0.22` |
56+
| `windows.image.tag` | Windows image tag | `v0.0.23` |
5557
| `windows.affinity` | Windows affinity | `key: type; operator: NotIn; values: [virtual-kubelet]` |
5658
| `windows.driver.resources` | The resource request/limits for the windows secrets-store container image | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` |
5759
| `windows.enabled` | Install secrets store csi driver on windows nodes | false |
@@ -74,6 +76,8 @@ The following table lists the configurable parameters of the csi-secrets-store-p
7476
| `windows.daemonsetAnnotations` | Windows *DaemonSet* annotations | `{}` |
7577
| `windows.podAnnotations` | Windows *Pod* annotations | `{}` |
7678
| `windows.podLabels` | Windows *Pod* labels | `{}` |
79+
| `windows.volumes` | Windows volumes | `{}` |
80+
| `windows.volumeMounts` | Windows volumeMounts | `{}` |
7781
| `windows.updateStrategy` | Configure a custom update strategy for the daemonset on windows nodes | `RollingUpdate with 1 maxUnavailable` |
7882
| `logVerbosity` | Log level. Uses V logs (klog) | `0` |
7983
| `logFormatJSON` | Use JSON logging format | `false` |
@@ -82,10 +86,10 @@ The following table lists the configurable parameters of the csi-secrets-store-p
8286
| `maxCallRecvMsgSize` | Maximum size in bytes of gRPC response from plugins | `4194304` |
8387
| `rbac.install` | Install default rbac roles and bindings | true |
8488
| `rbac.pspEnabled` | If `true`, create and use a restricted pod security policy for Secrets Store CSI Driver pod(s) | `false` |
85-
| `syncSecret.enabled` | Enable rbac roles and bindings required for syncing to Kubernetes native secrets (the default will change to false after v0.0.14) | true |
86-
| `minimumProviderVersions` | [**DEPRECATED**] A comma delimited list of key-value pairs of minimum provider versions with driver | `""` |
89+
| `syncSecret.enabled` | Enable rbac roles and bindings required for syncing to Kubernetes native secrets | false |
8790
| `enableSecretRotation` | Enable secret rotation feature [alpha] | `false` |
8891
| `rotationPollInterval` | Secret rotation poll interval duration | `"120s"` |
8992
| `filteredWatchSecret` | Enable filtered watch for NodePublishSecretRef secrets with label `secrets-store.csi.k8s.io/used=true` | `false` |
9093
| `providerHealthCheck` | Enable health check for configured providers | `false` |
9194
| `providerHealthCheckInterval` | Provider healthcheck interval duration | `2m` |
95+
| `imagePullSecrets` | One or more secrets to be used when pulling images | `""` |

charts/secrets-store-csi-driver/templates/role-rotation.yaml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
{{ if .Values.enableSecretRotation }}
2+
3+
---
4+
apiVersion: rbac.authorization.k8s.io/v1
5+
kind: ClusterRole
6+
metadata:
7+
creationTimestamp: null
8+
name: secretproviderrotation-role
9+
rules:
10+
- apiGroups:
11+
- ""
12+
resources:
13+
- secrets
14+
verbs:
15+
- get
16+
- list
17+
- watch
18+
{{ end }}

charts/secrets-store-csi-driver/templates/role-rotation_binding.yaml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
{{ if .Values.enableSecretRotation }}
2+
apiVersion: rbac.authorization.k8s.io/v1
3+
kind: ClusterRoleBinding
4+
metadata:
5+
name: secretproviderrotation-rolebinding
6+
roleRef:
7+
apiGroup: rbac.authorization.k8s.io
8+
kind: ClusterRole
9+
name: secretproviderrotation-role
10+
subjects:
11+
- kind: ServiceAccount
12+
name: secrets-store-csi-driver
13+
namespace: {{ .Release.Namespace }}
14+
{{ end }}

charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,10 @@ spec:
2828
{{- end }}
2929
spec:
3030
serviceAccountName: secrets-store-csi-driver
31+
{{- if .Values.imagePullSecrets }}
32+
imagePullSecrets:
33+
{{ toYaml .Values.imagePullSecrets | indent 8 }}
34+
{{- end }}
3135
affinity:
3236
{{ toYaml .Values.windows.affinity | indent 8 }}
3337
containers:
@@ -123,6 +127,9 @@ spec:
123127
mountPropagation: Bidirectional
124128
- name: providers-dir
125129
mountPath: C:\k\secrets-store-csi-providers
130+
{{- if .Values.windows.volumeMounts }}
131+
{{- toYaml .Values.windows.volumeMounts | nindent 12}}
132+
{{- end }}
126133
{{- with .Values.windows.driver.resources }}
127134
resources:
128135
{{ toYaml . | indent 12 }}
@@ -164,6 +171,9 @@ spec:
164171
hostPath:
165172
path: {{ .Values.windows.providersDir }}
166173
type: DirectoryOrCreate
174+
{{- if .Values.windows.volumes }}
175+
{{- toYaml .Values.windows.volumes | nindent 8}}
176+
{{- end }}
167177
nodeSelector:
168178
kubernetes.io/os: windows
169179
{{- if .Values.windows.nodeSelector }}

charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,10 @@ spec:
2828
{{- end }}
2929
spec:
3030
serviceAccountName: secrets-store-csi-driver
31+
{{- if .Values.imagePullSecrets }}
32+
imagePullSecrets:
33+
{{ toYaml .Values.imagePullSecrets | indent 8 }}
34+
{{- end }}
3135
affinity:
3236
{{ toYaml .Values.linux.affinity | indent 8 }}
3337
containers:
@@ -123,6 +127,9 @@ spec:
123127
mountPropagation: Bidirectional
124128
- name: providers-dir
125129
mountPath: /etc/kubernetes/secrets-store-csi-providers
130+
{{- if .Values.linux.volumeMounts }}
131+
{{- toYaml .Values.linux.volumeMounts | nindent 12}}
132+
{{- end }}
126133
{{- with .Values.linux.driver.resources }}
127134
resources:
128135
{{ toYaml . | indent 12 }}
@@ -164,6 +171,9 @@ spec:
164171
hostPath:
165172
path: {{ .Values.linux.providersDir }}
166173
type: DirectoryOrCreate
174+
{{- if .Values.linux.volumes }}
175+
{{- toYaml .Values.linux.volumes | nindent 8}}
176+
{{- end }}
167177
nodeSelector:
168178
kubernetes.io/os: linux
169179
{{- if .Values.linux.nodeSelector }}

charts/secrets-store-csi-driver/values.yaml

Lines changed: 28 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ linux:
22
enabled: true
33
image:
44
repository: k8s.gcr.io/csi-secrets-store/driver
5-
tag: v0.0.22
5+
tag: v0.0.23
66
pullPolicy: IfNotPresent
77

88
## Prevent the CSI driver from being scheduled on virtual-kublet nodes
@@ -71,11 +71,22 @@ linux:
7171
podAnnotations: {}
7272
podLabels: {}
7373

74+
# volumes is a list of volumes made available to secrets store csi driver.
75+
volumes: null
76+
# - name: foo
77+
# emptyDir: {}
78+
79+
# volumeMounts is a list of volumeMounts for secrets store csi driver.
80+
volumeMounts: null
81+
# - name: foo
82+
# mountPath: /bar
83+
# readOnly: true
84+
7485
windows:
7586
enabled: false
7687
image:
7788
repository: k8s.gcr.io/csi-secrets-store/driver
78-
tag: v0.0.22
89+
tag: v0.0.23
7990
pullPolicy: IfNotPresent
8091

8192
## Prevent the CSI driver from being scheduled on virtual-kublet nodes
@@ -143,6 +154,17 @@ windows:
143154
podAnnotations: {}
144155
podLabels: {}
145156

157+
# volumes is a list of volumes made available to secrets store csi driver.
158+
volumes: null
159+
# - name: foo
160+
# emptyDir: {}
161+
162+
# volumeMounts is a list of volumeMounts for secrets store csi driver.
163+
volumeMounts: null
164+
# - name: foo
165+
# mountPath: /bar
166+
# readOnly: true
167+
146168
# log level. Uses V logs (klog)
147169
logVerbosity: 0
148170

@@ -161,15 +183,9 @@ rbac:
161183
install: true
162184
pspEnabled: false
163185

164-
## Install RBAC roles and bindings required for K8S Secrets syncing. Change this
165-
## to false after v0.0.14
186+
## Install RBAC roles and bindings required for K8S Secrets syncing if true
166187
syncSecret:
167-
enabled: true
168-
169-
## [DEPRECATED] Minimum Provider Versions (optional)
170-
## A comma delimited list of key-value pairs of minimum provider versions
171-
## e.g. provider1=0.0.2,provider2=0.0.3
172-
minimumProviderVersions:
188+
enabled: false
173189

174190
## Enable secret rotation feature [alpha]
175191
enableSecretRotation: false
@@ -185,3 +201,5 @@ providerHealthCheck: false
185201

186202
## Provider HealthCheck interval
187203
providerHealthCheckInterval: 2m
204+
205+
imagePullSecrets: []

deploy/rbac-secretproviderrotation.yaml

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
apiVersion: rbac.authorization.k8s.io/v1
2+
kind: ClusterRole
3+
metadata:
4+
creationTimestamp: null
5+
name: secretproviderrotation-role
6+
rules:
7+
- apiGroups:
8+
- ""
9+
resources:
10+
- secrets
11+
verbs:
12+
- get
13+
- list
14+
- watch
15+
---
16+
apiVersion: rbac.authorization.k8s.io/v1
17+
kind: ClusterRoleBinding
18+
metadata:
19+
name: secretproviderrotation-rolebinding
20+
roleRef:
21+
apiGroup: rbac.authorization.k8s.io
22+
kind: ClusterRole
23+
name: secretproviderrotation-role
24+
subjects:
25+
- kind: ServiceAccount
26+
name: secrets-store-csi-driver
27+
namespace: kube-system

deploy/secrets-store-csi-driver-windows.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ spec:
4242
cpu: 10m
4343
memory: 20Mi
4444
- name: secrets-store
45-
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.22
45+
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.23
4646
args:
4747
- "--endpoint=$(CSI_ENDPOINT)"
4848
- "--nodeid=$(KUBE_NODE_NAME)"

deploy/secrets-store-csi-driver.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ spec:
4242
cpu: 10m
4343
memory: 20Mi
4444
- name: secrets-store
45-
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.22
45+
image: k8s.gcr.io/csi-secrets-store/driver:v0.0.23
4646
args:
4747
- "--endpoint=$(CSI_ENDPOINT)"
4848
- "--nodeid=$(KUBE_NODE_NAME)"

manifest_staging/charts/secrets-store-csi-driver/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
apiVersion: v1
22
name: secrets-store-csi-driver
3-
version: 0.0.22
4-
appVersion: 0.0.22
3+
version: 0.0.23
4+
appVersion: 0.0.23
55
kubeVersion: ">=1.16.0-0"
66
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
77
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png

0 commit comments

Comments
 (0)