Merge pull request #976 from aramase/automated-cherry-pick-of-#975-upstream-release-1.2

Automated cherry pick of #975: release: update manifest and helm charts for v1.2.0

Author: k8s-ci-robot

Makefile

@@ -34,7 +34,7 @@ IMAGE_VERSION ?= v1.2.0
 
 # Use a custom version for E2E tests if we are testing in CI
 ifdef CI
-override IMAGE_VERSION := v1.1.0-e2e-$(BUILD_COMMIT)
+override IMAGE_VERSION := v1.2.0-e2e-$(BUILD_COMMIT)
 endif
 
 IMAGE_TAG=$(REGISTRY)/$(IMAGE_NAME):$(IMAGE_VERSION)

charts/secrets-store-csi-driver/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: secrets-store-csi-driver
-version: 1.1.2
-appVersion: 1.1.2
+version: 1.2.0
+appVersion: 1.2.0
 kubeVersion: ">=1.16.0-0"
 description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
 icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png

charts/secrets-store-csi-driver/README.md

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
+    controller-gen.kubebuilder.io/version: v0.9.0
   creationTimestamp: null
   name: secretproviderclasses.secrets-store.csi.x-k8s.io
 spec:
@@ -191,9 +190,3 @@ spec:
         type: object
     served: true
     storage: false
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/secrets-store-csi-driver/crds/secrets-store.csi.x-k8s.io_secretproviderclasses.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
+    controller-gen.kubebuilder.io/version: v0.9.0
   creationTimestamp: null
   name: secretproviderclasspodstatuses.secrets-store.csi.x-k8s.io
 spec:
@@ -107,9 +106,3 @@ spec:
         type: object
     served: true
     storage: false
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/secrets-store-csi-driver/crds/secrets-store.csi.x-k8s.io_secretproviderclasspodstatuses.yaml

@@ -78,7 +78,7 @@ metadata:
 {{ include "sscd.labels" . | indent 2 }}
   annotations:
     helm.sh/hook: pre-install,pre-upgrade
-    helm.sh/hook-weight: "1"
+    helm.sh/hook-weight: "10"
     helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
 spec:
   backoffLimit: 0
@@ -87,7 +87,11 @@ spec:
       name: {{ template "sscd.fullname" . }}-upgrade-crds
       {{- if .Values.linux.crds.annotations }}
       annotations:
-        {{ toYaml .Values.linux.crds.annotations}}
+        {{ toYaml .Values.linux.crds.annotations }}
+      {{- end }}
+      {{- if .Values.linux.crds.podLabels }}
+      labels:
+        {{- toYaml .Values.linux.crds.podLabels | nindent 8 }}
       {{- end }}
     spec:
       serviceAccountName: {{ template "sscd.fullname" . }}-upgrade-crds

charts/secrets-store-csi-driver/templates/crds-upgrade-hook.yaml

@@ -10,5 +10,5 @@ spec:
   - Ephemeral
   {{- if and (semverCompare ">=1.20-0" .Capabilities.KubeVersion.Version) .Values.tokenRequests }}
   tokenRequests:
-    {{- toYaml .Values.tokenRequests | nindent 2}}
+    {{- toYaml .Values.tokenRequests | nindent 2 }}
   {{- end }}

charts/secrets-store-csi-driver/templates/csidriver.yaml

@@ -78,7 +78,7 @@ metadata:
 {{ include "sscd.labels" . | indent 2 }}
   annotations:
     helm.sh/hook: pre-upgrade
-    helm.sh/hook-weight: "2"
+    helm.sh/hook-weight: "20"
     helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
 spec:
   backoffLimit: 0
@@ -89,6 +89,10 @@ spec:
       annotations:
         {{ toYaml .Values.linux.crds.annotations}}
       {{- end }}
+      {{- if .Values.linux.crds.podLabels }}
+      labels:
+        {{- toYaml .Values.linux.crds.podLabels | nindent 8 }}
+      {{- end }}
     spec:
       serviceAccountName: {{ template "sscd.fullname" . }}-keep-crds
       {{- if .Values.imagePullSecrets }}

charts/secrets-store-csi-driver/templates/keep-crds-upgrade-hook.yaml

@@ -1,5 +1,4 @@
 {{ if .Values.enableSecretRotation }}
-
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

charts/secrets-store-csi-driver/templates/role-rotation.yaml

@@ -1,5 +1,4 @@
 {{ if .Values.syncSecret.enabled }}
-
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

charts/secrets-store-csi-driver/templates/role-syncsecret.yaml

@@ -1,5 +1,4 @@
 {{ if .Values.tokenRequests }}
-
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

charts/secrets-store-csi-driver/templates/role-tokenrequest.yaml

@@ -1,5 +1,4 @@
 {{ if .Values.rbac.install }}
-
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

charts/secrets-store-csi-driver/templates/role.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.windows.enabled}}
+{{- if .Values.windows.enabled }}
 kind: DaemonSet
 apiVersion: apps/v1
 metadata:
@@ -49,12 +49,6 @@ spec:
               - --mode=kubelet-registration-probe
             initialDelaySeconds: 30
             timeoutSeconds: 15
-          env:
-          - name: KUBE_NODE_NAME
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: spec.nodeName
           imagePullPolicy: {{ .Values.windows.registrarImage.pullPolicy }}
           volumeMounts:
             - name: plugin-dir
@@ -138,7 +132,7 @@ spec:
             {{- end }}
             {{- end }}
             {{- if .Values.windows.volumeMounts }}
-              {{- toYaml .Values.windows.volumeMounts | nindent 12}}
+              {{- toYaml .Values.windows.volumeMounts | nindent 12 }}
             {{- end }}
 {{- with .Values.windows.driver.resources }}
           resources:
@@ -191,7 +185,7 @@ spec:
         {{- end }}
         {{- end }}
         {{- if .Values.windows.volumes }}
-          {{- toYaml .Values.windows.volumes | nindent 8}}
+          {{- toYaml .Values.windows.volumes | nindent 8 }}
         {{- end }}
       nodeSelector:
         kubernetes.io/os: windows

charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.linux.enabled}}
+{{- if .Values.linux.enabled }}
 kind: DaemonSet
 apiVersion: apps/v1
 metadata:
@@ -49,12 +49,6 @@ spec:
               - --mode=kubelet-registration-probe
             initialDelaySeconds: 30
             timeoutSeconds: 15
-          env:
-          - name: KUBE_NODE_NAME
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: spec.nodeName
           imagePullPolicy: {{ .Values.linux.registrarImage.pullPolicy }}
           volumeMounts:
             - name: plugin-dir
@@ -141,7 +135,7 @@ spec:
             {{- end }}
             {{- end }}
             {{- if .Values.linux.volumeMounts }}
-              {{- toYaml .Values.linux.volumeMounts | nindent 12}}
+              {{- toYaml .Values.linux.volumeMounts | nindent 12 }}
             {{- end }}
 {{- with .Values.linux.driver.resources }}
           resources:
@@ -191,10 +185,10 @@ spec:
           hostPath:
             path: "{{ $path }}"
             type: DirectoryOrCreate
-        {{- end}}
+        {{- end }}
         {{- end }}
         {{- if .Values.linux.volumes }}
-          {{- toYaml .Values.linux.volumes | nindent 8}}
+          {{- toYaml .Values.linux.volumes | nindent 8 }}
         {{- end }}
       nodeSelector:
         kubernetes.io/os: linux

charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml

@@ -2,15 +2,16 @@ linux:
   enabled: true
   image:
     repository: k8s.gcr.io/csi-secrets-store/driver
-    tag: v1.1.2
+    tag: v1.2.0
     pullPolicy: IfNotPresent
 
   crds:
     image:
       repository: k8s.gcr.io/csi-secrets-store/driver-crds
-      tag: v1.1.2
+      tag: v1.2.0
       pullPolicy: IfNotPresent
     annotations: {}
+    podLabels: {}
 
   ## Prevent the CSI driver from being scheduled on virtual-kubelet nodes
   affinity:
@@ -34,7 +35,7 @@ linux:
 
   registrarImage:
     repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar
-    tag: v2.5.0
+    tag: v2.5.1
     pullPolicy: IfNotPresent
 
   registrar:
@@ -49,7 +50,7 @@ linux:
 
   livenessProbeImage:
     repository: k8s.gcr.io/sig-storage/livenessprobe
-    tag: v2.6.0
+    tag: v2.7.0
     pullPolicy: IfNotPresent
 
   livenessProbe:
@@ -67,9 +68,9 @@ linux:
       maxUnavailable: 1
 
   kubeletRootDir: /var/lib/kubelet
-  providersDir: /etc/kubernetes/secrets-store-csi-providers
-  additionalProvidersDirs: 
-    - /var/run/secrets-store-csi-providers
+  providersDir: /var/run/secrets-store-csi-providers
+  additionalProvidersDirs:
+    - /etc/kubernetes/secrets-store-csi-providers
   nodeSelector: {}
   tolerations: []
   metricsAddr: ":8095"
@@ -94,7 +95,7 @@ windows:
   enabled: false
   image:
     repository: k8s.gcr.io/csi-secrets-store/driver
-    tag: v1.1.2
+    tag: v1.2.0
     pullPolicy: IfNotPresent
 
   ## Prevent the CSI driver from being scheduled on virtual-kubelet nodes
@@ -119,7 +120,7 @@ windows:
 
   registrarImage:
     repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar
-    tag: v2.5.0
+    tag: v2.5.1
     pullPolicy: IfNotPresent
 
   registrar:
@@ -134,7 +135,7 @@ windows:
 
   livenessProbeImage:
     repository: k8s.gcr.io/sig-storage/livenessprobe
-    tag: v2.6.0
+    tag: v2.7.0
     pullPolicy: IfNotPresent
 
   livenessProbe:

charts/secrets-store-csi-driver/values.yaml

@@ -17,7 +17,7 @@ spec:
       serviceAccountName: secrets-store-csi-driver
       containers:
         - name: node-driver-registrar
-          image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.0
+          image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.1
           args:
             - --v=5
             - "--csi-address=unix://C:\\csi\\csi.sock"
@@ -30,12 +30,6 @@ spec:
               - --mode=kubelet-registration-probe
             initialDelaySeconds: 30
             timeoutSeconds: 15
-          env:
-            - name: KUBE_NODE_NAME
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: spec.nodeName
           imagePullPolicy: IfNotPresent
           volumeMounts:
             - name: plugin-dir
@@ -50,7 +44,7 @@ spec:
               cpu: 100m
               memory: 100Mi
         - name: secrets-store
-          image: k8s.gcr.io/csi-secrets-store/driver:v1.1.2
+          image: k8s.gcr.io/csi-secrets-store/driver:v1.2.0
           args:
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--nodeid=$(KUBE_NODE_NAME)"
@@ -99,7 +93,7 @@ spec:
             - name: providers-dir
               mountPath: C:\k\secrets-store-csi-providers
         - name: liveness-probe
-          image: k8s.gcr.io/sig-storage/livenessprobe:v2.6.0
+          image: k8s.gcr.io/sig-storage/livenessprobe:v2.7.0
           imagePullPolicy: IfNotPresent
           args:
           - "--csi-address=unix://C:\\csi\\csi.sock"

deploy/secrets-store-csi-driver-windows.yaml

@@ -17,7 +17,7 @@ spec:
       serviceAccountName: secrets-store-csi-driver
       containers:
         - name: node-driver-registrar
-          image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.0
+          image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.1
           args:
             - --v=5
             - --csi-address=/csi/csi.sock
@@ -30,12 +30,6 @@ spec:
               - --mode=kubelet-registration-probe
             initialDelaySeconds: 30
             timeoutSeconds: 15
-          env:
-            - name: KUBE_NODE_NAME
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: spec.nodeName
           imagePullPolicy: IfNotPresent
           volumeMounts:
             - name: plugin-dir
@@ -50,12 +44,12 @@ spec:
               cpu: 10m
               memory: 20Mi
         - name: secrets-store
-          image: k8s.gcr.io/csi-secrets-store/driver:v1.1.2
+          image: k8s.gcr.io/csi-secrets-store/driver:v1.2.0
           args:
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--nodeid=$(KUBE_NODE_NAME)"
-            - "--provider-volume=/etc/kubernetes/secrets-store-csi-providers"
-            - "--additional-provider-volume-paths=/var/run/secrets-store-csi-providers"
+            - "--provider-volume=/var/run/secrets-store-csi-providers"
+            - "--additional-provider-volume-paths=/etc/kubernetes/secrets-store-csi-providers"
             - "--metrics-addr=:8095"
             - "--enable-secret-rotation=false"
             - "--rotation-poll-interval=2m"
@@ -105,7 +99,7 @@ spec:
               cpu: 50m
               memory: 100Mi
         - name: liveness-probe
-          image: k8s.gcr.io/sig-storage/livenessprobe:v2.6.0
+          image: k8s.gcr.io/sig-storage/livenessprobe:v2.7.0
           imagePullPolicy: IfNotPresent
           args:
           - --csi-address=/csi/csi.sock

deploy/secrets-store-csi-driver.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
+    controller-gen.kubebuilder.io/version: v0.9.0
   creationTimestamp: null
   name: secretproviderclasses.secrets-store.csi.x-k8s.io
 spec:
@@ -191,9 +190,3 @@ spec:
         type: object
     served: true
     storage: false
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []