Skip to content

Commit

Permalink
Merge pull request #841 from tam7t/automated-cherry-pick-of-#840-upst…
Browse files Browse the repository at this point in the history 
…ream-release-1.0

Automated cherry pick of #840: release: update manifests and helm chart for 1.0.1
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot authored Jan 13, 2022
2 parents 613b942 + a83f656 commit df341d4
Show file tree
Hide file tree
Showing 13 changed files with 38 additions and 42 deletions.
4 changes: 2 additions & 2 deletions charts/secrets-store-csi-driver/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
name: secrets-store-csi-driver
version: 1.0.0
appVersion: 1.0.0
version: 1.0.1
appVersion: 1.0.1
kubeVersion: ">=1.16.0-0"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
Expand Down
16 changes: 9 additions & 7 deletions charts/secrets-store-csi-driver/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,10 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` |
| `linux.image.repository` | Linux image repository | `k8s.gcr.io/csi-secrets-store/driver` |
| `linux.image.pullPolicy` | Linux image pull policy | `IfNotPresent` |
| `linux.image.tag` | Linux image tag | `v1.0.0` |
| `linux.image.tag` | Linux image tag | `v1.0.1` |
| `linux.crds.image.repository` | Linux crds image repository | `k8s.gcr.io/csi-secrets-store/driver-crds` |
| `linux.crds.image.pullPolicy` | Linux crds image pull policy | `IfNotPresent` |
| `linux.crds.image.tag` | Linux crds image tag | `v1.0.1` |
| `linux.affinity` | Linux affinity | `key: type; operator: NotIn; values: [virtual-kubelet]` |
| `linux.driver.resources` | The resource request/limits for the linux secrets-store container image | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` |
| `linux.enabled` | Install secrets store csi driver on linux nodes | true |
Expand All @@ -58,12 +61,12 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `linux.metricsAddr` | The address the metric endpoint binds to | `:8095` |
| `linux.registrarImage.repository` | Linux node-driver-registrar image repository | `k8s.gcr.io/sig-storage/csi-node-driver-registrar` |
| `linux.registrarImage.pullPolicy` | Linux node-driver-registrar image pull policy | `IfNotPresent` |
| `linux.registrarImage.tag` | Linux node-driver-registrar image tag | `v2.3.0` |
| `linux.registrarImage.tag` | Linux node-driver-registrar image tag | `v2.4.0` |
| `linux.registrar.resources` | The resource request/limits for the linux node-driver-registrar container image | `limits: 100m CPU, 100Mi; requests: 10m CPU, 20Mi` |
| `linux.registrar.logVerbosity` | Log level for node-driver-registrar. Uses V logs (klog) | `5` |
| `linux.livenessProbeImage.repository` | Linux liveness-probe image repository | `k8s.gcr.io/sig-storage/livenessprobe` |
| `linux.livenessProbeImage.pullPolicy` | Linux liveness-probe image pull policy | `IfNotPresent` |
| `linux.livenessProbeImage.tag` | Linux liveness-probe image tag | `v2.4.0` |
| `linux.livenessProbeImage.tag` | Linux liveness-probe image tag | `v2.5.0` |
| `linux.livenessProbe.resources` | The resource request/limits for the linux liveness-probe container image | `limits: 100m CPU, 100Mi; requests: 10m CPU, 20Mi` |
| `linux.env` | Environment variables to be passed for the daemonset on linux nodes | `[]` |
| `linux.priorityClassName` | Indicates the importance of a Pod relative to other Pods. | `""` |
Expand All @@ -76,7 +79,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `linux.updateStrategy` | Configure a custom update strategy for the daemonset on linux nodes | `RollingUpdate with 1 maxUnavailable` |
| `windows.image.repository` | Windows image repository | `k8s.gcr.io/csi-secrets-store/driver` |
| `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` |
| `windows.image.tag` | Windows image tag | `v1.0.0` |
| `windows.image.tag` | Windows image tag | `v1.0.1` |
| `windows.affinity` | Windows affinity | `key: type; operator: NotIn; values: [virtual-kubelet]` |
| `windows.driver.resources` | The resource request/limits for the windows secrets-store container image | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` |
| `windows.enabled` | Install secrets store csi driver on windows nodes | false |
Expand All @@ -87,12 +90,12 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `windows.metricsAddr` | The address the metric endpoint binds to | `:8095` |
| `windows.registrarImage.repository` | Windows node-driver-registrar image repository | `k8s.gcr.io/sig-storage/csi-node-driver-registrar` |
| `windows.registrarImage.pullPolicy` | Windows node-driver-registrar image pull policy | `IfNotPresent` |
| `windows.registrarImage.tag` | Windows node-driver-registrar image tag | `v2.3.0` |
| `windows.registrarImage.tag` | Windows node-driver-registrar image tag | `v2.4.0` |
| `windows.registrar.resources` | The resource request/limits for the windows node-driver-registrar container image | `limits: 200m CPU, 200Mi; requests: 10m CPU, 20Mi` |
| `windows.registrar.logVerbosity` | Log level for node-driver-registrar. Uses V logs (klog) | `5` |
| `windows.livenessProbeImage.repository` | Windows liveness-probe image repository | `k8s.gcr.io/sig-storage/livenessprobe` |
| `windows.livenessProbeImage.pullPolicy` | Windows liveness-probe image pull policy | `IfNotPresent` |
| `windows.livenessProbeImage.tag` | Windows liveness-probe image tag | `v2.4.0` |
| `windows.livenessProbeImage.tag` | Windows liveness-probe image tag | `v2.5.0` |
| `windows.livenessProbe.resources` | The resource request/limits for the windows liveness-probe container image | `limits: 200m CPU, 200Mi; requests: 10m CPU, 20Mi` |
| `windows.env` | Environment variables to be passed for the daemonset on windows nodes | `[]` |
| `windows.priorityClassName` | Indicates the importance of a Pod relative to other Pods. | `""` |
Expand All @@ -112,7 +115,6 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `syncSecret.enabled` | Enable rbac roles and bindings required for syncing to Kubernetes native secrets | false |
| `enableSecretRotation` | Enable secret rotation feature [alpha] | `false` |
| `rotationPollInterval` | Secret rotation poll interval duration | `"120s"` |
| `filteredWatchSecret` | Enable filtered watch for NodePublishSecretRef secrets with label `secrets-store.csi.k8s.io/used=true` | `true` |
| `providerHealthCheck` | Enable health check for configured providers | `false` |
| `providerHealthCheckInterval` | Provider healthcheck interval duration | `2m` |
| `imagePullSecrets` | One or more secrets to be used when pulling images | `""` |
2 changes: 2 additions & 0 deletions charts/secrets-store-csi-driver/templates/keep-crds-upgrade-hook.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ roleRef:
name: {{ template "sscd.fullname" . }}-keep-crds
apiGroup: rbac.authorization.k8s.io
---
{{- if .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
Expand All @@ -56,6 +57,7 @@ spec:
rule: RunAsAny
volumes:
- secret
{{- end }}
---
apiVersion: v1
kind: ServiceAccount
Expand Down
3 changes: 0 additions & 3 deletions charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,9 +87,6 @@ spec:
- "--rotation-poll-interval={{ .Values.rotationPollInterval }}"
{{- end }}
- "--metrics-addr={{ .Values.windows.metricsAddr }}"
{{- if and (semverCompare ">= v0.0.21-0" .Values.windows.image.tag) .Values.filteredWatchSecret }}
- "--filtered-watch-secret={{ .Values.filteredWatchSecret }}"
{{- end }}
{{- if and (semverCompare ">= v0.0.22-0" .Values.windows.image.tag) .Values.providerHealthCheck }}
- "--provider-health-check={{ .Values.providerHealthCheck }}"
{{- end }}
Expand Down
3 changes: 0 additions & 3 deletions charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,9 +87,6 @@ spec:
- "--rotation-poll-interval={{ .Values.rotationPollInterval }}"
{{- end }}
- "--metrics-addr={{ .Values.linux.metricsAddr }}"
{{- if and (semverCompare ">= v0.0.21-0" .Values.linux.image.tag) .Values.filteredWatchSecret }}
- "--filtered-watch-secret={{ .Values.filteredWatchSecret }}"
{{- end }}
{{- if and (semverCompare ">= v0.0.22-0" .Values.linux.image.tag) .Values.providerHealthCheck }}
- "--provider-health-check={{ .Values.providerHealthCheck }}"
{{- end }}
Expand Down
17 changes: 7 additions & 10 deletions charts/secrets-store-csi-driver/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@ linux:
enabled: true
image:
repository: k8s.gcr.io/csi-secrets-store/driver
tag: v1.0.0
tag: v1.0.1
pullPolicy: IfNotPresent

crds:
image:
repository: k8s.gcr.io/csi-secrets-store/driver-crds
tag: v1.0.0
tag: v1.0.1
pullPolicy: IfNotPresent
annotations: {}

Expand All @@ -34,7 +34,7 @@ linux:

registrarImage:
repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar
tag: v2.3.0
tag: v2.4.0
pullPolicy: IfNotPresent

registrar:
Expand All @@ -49,7 +49,7 @@ linux:

livenessProbeImage:
repository: k8s.gcr.io/sig-storage/livenessprobe
tag: v2.4.0
tag: v2.5.0
pullPolicy: IfNotPresent

livenessProbe:
Expand Down Expand Up @@ -93,7 +93,7 @@ windows:
enabled: false
image:
repository: k8s.gcr.io/csi-secrets-store/driver
tag: v1.0.0
tag: v1.0.1
pullPolicy: IfNotPresent

## Prevent the CSI driver from being scheduled on virtual-kubelet nodes
Expand All @@ -118,7 +118,7 @@ windows:

registrarImage:
repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar
tag: v2.3.0
tag: v2.4.0
pullPolicy: IfNotPresent

registrar:
Expand All @@ -133,7 +133,7 @@ windows:

livenessProbeImage:
repository: k8s.gcr.io/sig-storage/livenessprobe
tag: v2.4.0
tag: v2.5.0
pullPolicy: IfNotPresent

livenessProbe:
Expand Down Expand Up @@ -200,9 +200,6 @@ enableSecretRotation: false
## Secret rotation poll interval duration
rotationPollInterval:

## Filtered watch nodePublishSecretRef secrets
filteredWatchSecret: true

## Provider HealthCheck
providerHealthCheck: false

Expand Down
7 changes: 3 additions & 4 deletions deploy/secrets-store-csi-driver-windows.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ spec:
serviceAccountName: secrets-store-csi-driver
containers:
- name: node-driver-registrar
image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.3.0
image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.4.0
args:
- --v=5
- "--csi-address=unix://C:\\csi\\csi.sock"
Expand Down Expand Up @@ -50,15 +50,14 @@ spec:
cpu: 100m
memory: 100Mi
- name: secrets-store
image: k8s.gcr.io/csi-secrets-store/driver:v1.0.0
image: k8s.gcr.io/csi-secrets-store/driver:v1.0.1
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
- "--provider-volume=C:\\k\\secrets-store-csi-providers"
- "--metrics-addr=:8095"
- "--enable-secret-rotation=false"
- "--rotation-poll-interval=2m"
- "--filtered-watch-secret=true"
- "--provider-health-check=false"
- "--provider-health-check-interval=2m"
env:
Expand Down Expand Up @@ -100,7 +99,7 @@ spec:
- name: providers-dir
mountPath: C:\k\secrets-store-csi-providers
- name: liveness-probe
image: k8s.gcr.io/sig-storage/livenessprobe:v2.4.0
image: k8s.gcr.io/sig-storage/livenessprobe:v2.5.0
imagePullPolicy: IfNotPresent
args:
- "--csi-address=unix://C:\\csi\\csi.sock"
Expand Down
7 changes: 3 additions & 4 deletions deploy/secrets-store-csi-driver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ spec:
serviceAccountName: secrets-store-csi-driver
containers:
- name: node-driver-registrar
image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.3.0
image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.4.0
args:
- --v=5
- --csi-address=/csi/csi.sock
Expand Down Expand Up @@ -50,15 +50,14 @@ spec:
cpu: 10m
memory: 20Mi
- name: secrets-store
image: k8s.gcr.io/csi-secrets-store/driver:v1.0.0
image: k8s.gcr.io/csi-secrets-store/driver:v1.0.1
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
- "--provider-volume=/etc/kubernetes/secrets-store-csi-providers"
- "--metrics-addr=:8095"
- "--enable-secret-rotation=false"
- "--rotation-poll-interval=2m"
- "--filtered-watch-secret=true"
- "--provider-health-check=false"
- "--provider-health-check-interval=2m"
env:
Expand Down Expand Up @@ -103,7 +102,7 @@ spec:
cpu: 50m
memory: 100Mi
- name: liveness-probe
image: k8s.gcr.io/sig-storage/livenessprobe:v2.4.0
image: k8s.gcr.io/sig-storage/livenessprobe:v2.5.0
imagePullPolicy: IfNotPresent
args:
- --csi-address=/csi/csi.sock
Expand Down
4 changes: 2 additions & 2 deletions manifest_staging/charts/secrets-store-csi-driver/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
name: secrets-store-csi-driver
version: 1.0.0
appVersion: 1.0.0
version: 1.0.1
appVersion: 1.0.1
kubeVersion: ">=1.16.0-0"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
Expand Down
Loading

0 comments on commit df341d4

Please sign in to comment.