diff --git a/charts/index.yaml b/charts/index.yaml index f819e22cc..01cb707e8 100644 --- a/charts/index.yaml +++ b/charts/index.yaml @@ -1,9 +1,26 @@ apiVersion: v1 entries: secrets-store-csi-driver: + - apiVersion: v1 + appVersion: 0.0.17 + created: "2020-11-10T12:43:33.124534-08:00" + description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes + cluster. + digest: d83ee8e6e436c90350c5371a9e597663bd586286a1e9f851a6010eb79f3c9244 + icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png + kubeVersion: '>=1.16.0-0' + maintainers: + - email: ritazh@microsoft.com + name: Rita Zhang + name: secrets-store-csi-driver + sources: + - https://github.com/kubernetes-sigs/secrets-store-csi-driver + urls: + - https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.17.tgz + version: 0.0.17 - apiVersion: v1 appVersion: 0.0.16 - created: "2020-10-09T15:44:41.406908-07:00" + created: "2020-11-10T12:43:33.123624-08:00" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. digest: 28801272b580f6c5a8ec7cf634b05176debf8b7e92724847f594512ac081171c @@ -20,7 +37,7 @@ entries: version: 0.0.16 - apiVersion: v1 appVersion: 0.0.15 - created: "2020-10-09T15:44:41.405923-07:00" + created: "2020-11-10T12:43:33.120968-08:00" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. digest: 155ead450f2f8824f99f8508a11d14ae703084a5b95d7dbac391658199cf4a9a @@ -37,7 +54,7 @@ entries: version: 0.0.15 - apiVersion: v1 appVersion: 0.0.14 - created: "2020-10-09T15:44:41.404302-07:00" + created: "2020-11-10T12:43:33.119724-08:00" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. digest: 6390ebd13eeb76d1ed22263831d5383f8258bec1731d4f98e6c8dfe8b6256249 @@ -54,7 +71,7 @@ entries: version: 0.0.14 - apiVersion: v1 appVersion: 0.0.13 - created: "2020-10-09T15:44:41.402899-07:00" + created: "2020-11-10T12:43:33.11841-08:00" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. digest: 426ea403ad1083cae569a13d8ecf686e4797b7816f6254709070afc4f4b858ab @@ -71,7 +88,7 @@ entries: version: 0.0.13 - apiVersion: v1 appVersion: 0.0.12 - created: "2020-10-09T15:44:41.401745-07:00" + created: "2020-11-10T12:43:33.1164-08:00" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. digest: 0c132d4be8c4eb48109a4fe8cc0ce29e6fc9f68647bb522c4040d033861a0e78 @@ -88,7 +105,7 @@ entries: version: 0.0.12 - apiVersion: v1 appVersion: 0.0.11 - created: "2020-10-09T15:44:41.399985-07:00" + created: "2020-11-10T12:43:33.115646-08:00" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. digest: 2751ae7aed8ea2fc7dcdcbbf26240fccb2eefd83d3943cef45bb58bb1d297692 @@ -105,7 +122,7 @@ entries: version: 0.0.11 - apiVersion: v1 appVersion: 0.0.10 - created: "2020-10-09T15:44:41.398579-07:00" + created: "2020-11-10T12:43:33.11489-08:00" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. digest: 9fae95e4611c9c120ed12505e735680b70ed133ea987fd32db05046cb45eda9e @@ -122,7 +139,7 @@ entries: version: 0.0.10 - apiVersion: v1 appVersion: 0.0.9 - created: "2020-10-09T15:44:41.407595-07:00" + created: "2020-11-10T12:43:33.125205-08:00" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. digest: 0f74454ca36c979a352d8a7b6d847521897ebf78195527ed8946201a841887a7 @@ -137,4 +154,4 @@ entries: urls: - https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts/secrets-store-csi-driver-0.0.9.tgz version: 0.0.9 -generated: "2020-10-09T15:44:41.397295-07:00" +generated: "2020-11-10T12:43:33.109635-08:00" diff --git a/charts/secrets-store-csi-driver-0.0.17.tgz b/charts/secrets-store-csi-driver-0.0.17.tgz new file mode 100644 index 000000000..5d9b9f0a0 Binary files /dev/null and b/charts/secrets-store-csi-driver-0.0.17.tgz differ diff --git a/charts/secrets-store-csi-driver/Chart.yaml b/charts/secrets-store-csi-driver/Chart.yaml index 26693c6f8..b57b621b4 100644 --- a/charts/secrets-store-csi-driver/Chart.yaml +++ b/charts/secrets-store-csi-driver/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: secrets-store-csi-driver -version: 0.0.16 -appVersion: 0.0.16 +version: 0.0.17 +appVersion: 0.0.17 kubeVersion: ">=1.16.0-0" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png diff --git a/charts/secrets-store-csi-driver/README.md b/charts/secrets-store-csi-driver/README.md index 90046e2f8..04887c870 100644 --- a/charts/secrets-store-csi-driver/README.md +++ b/charts/secrets-store-csi-driver/README.md @@ -19,52 +19,57 @@ $ helm install csi-secrets-store secrets-store-csi-driver/secrets-store-csi-driv The following table lists the configurable parameters of the csi-secrets-store-provider-azure chart and their default values. -| Parameter | Description | Default | -| --------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------- | -| `nameOverride` | String to partially override secrets-store-csi-driver.fullname template with a string (will prepend the release name) | `""` | -| `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` | -| `linux.image.repository` | Linux image repository | `us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver` | -| `linux.image.pullPolicy` | Linux image pull policy | `Always` | -| `linux.image.tag` | Linux image tag | `v0.0.16` | -| `linux.driver.resources` | The resource request/limits for the linux secrets-store container image | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` | -| `linux.enabled` | Install secrets store csi driver on linux nodes | true | -| `linux.kubeletRootDir` | Configure the kubelet root dir | `/var/lib/kubelet` | -| `linux.nodeSelector` | Node Selector for the daemonset on linux nodes | `{}` | -| `linux.tolerations` | Tolerations for the daemonset on linux nodes | `[]` | -| `linux.metricsAddr` | The address the metric endpoint binds to | `:8095` | -| `linux.registrarImage.repository` | Linux node-driver-registrar image repository | `quay.io/k8scsi/csi-node-driver-registrar` | -| `linux.registrarImage.pullPolicy` | Linux node-driver-registrar image pull policy | `Always` | -| `linux.registrarImage.tag` | Linux node-driver-registrar image tag | `v1.2.0` | -| `linux.registrar.resources` | The resource request/limits for the linux node-driver-registrar container image | `limits: 100m CPU, 100Mi; requests: 10m CPU, 20Mi` | -| `linux.livenessProbeImage.repository` | Linux liveness-probe image repository | `quay.io/k8scsi/livenessprobe` | -| `linux.livenessProbeImage.pullPolicy` | Linux liveness-probe image pull policy | `Always` | -| `linux.livenessProbeImage.tag` | Linux liveness-probe image tag | `v2.0.0` | -| `linux.livenessProbe.resources` | The resource request/limits for the linux liveness-probe container image | `limits: 100m CPU, 100Mi; requests: 10m CPU, 20Mi` | -| `linux.env` | Environment variables to be passed for the daemonset on linux nodes | `[]` | -| `windows.image.repository` | Windows image repository | `us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver` | -| `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` | -| `windows.image.tag` | Windows image tag | `v0.0.16` | -| `windows.driver.resources` | The resource request/limits for the windows secrets-store container image | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` | -| `windows.enabled` | Install secrets store csi driver on windows nodes | false | -| `windows.kubeletRootDir` | Configure the kubelet root dir | `C:\var\lib\kubelet` | -| `windows.nodeSelector` | Node Selector for the daemonset on windows nodes | `{}` | -| `windows.tolerations` | Tolerations for the daemonset on windows nodes | `[]` | -| `windows.metricsAddr` | The address the metric endpoint binds to | `:8095` | -| `windows.registrarImage.repository` | Windows node-driver-registrar image repository | `mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar` | -| `windows.registrarImage.pullPolicy` | Windows node-driver-registrar image pull policy | `Always` | -| `windows.registrarImage.tag` | Windows node-driver-registrar image tag | `v1.2.1-alpha.1-windows-1809-amd64` | -| `windows.registrar.resources` | The resource request/limits for the windows node-driver-registrar container image | `limits: 200m CPU, 200Mi; requests: 10m CPU, 20Mi` | -| `windows.livenessProbeImage.repository` | Windows liveness-probe image repository | `mcr.microsoft.com/oss/kubernetes-csi/livenessprobe` | -| `windows.livenessProbeImage.pullPolicy` | Windows liveness-probe image pull policy | `Always` | -| `windows.livenessProbeImage.tag` | Windows liveness-probe image tag | `v2.0.1-alpha.1-windows-1809-amd64` | -| `windows.livenessProbe.resources` | The resource request/limits for the windows liveness-probe container image | `limits: 200m CPU, 200Mi; requests: 10m CPU, 20Mi` | -| `windows.env` | Environment variables to be passed for the daemonset on windows nodes | `[]` | -| `logLevel.debug` | Enable debug logging | true | -| `livenessProbe.port` | Liveness probe port | `9808` | -| `livenessProbe.logLevel` | Liveness probe container logging verbosity level | `2` | -| `rbac.install` | Install default rbac roles and bindings | true | -| `syncSecret.enabled` | Enable rbac roles and bindings required for syncing to Kubernetes native secrets (the default will change to false after v0.0.14) | true | -| `minimumProviderVersions` | A comma delimited list of key-value pairs of minimum provider versions with driver | `""` | -| `grpcSupportedProviders` | A `;` delimited list of providers that support grpc for driver-provider [alpha] | `""` | -| `enableSecretRotation` | Enable secret rotation feature [alpha] | `false` | -| `rotationPollInterval` | Secret rotation poll interval duration | `"120s"` | +| Parameter | Description | Default | +| --------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------- | +| `nameOverride` | String to partially override secrets-store-csi-driver.fullname template with a string (will prepend the release name) | `""` | +| `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` | +| `linux.image.repository` | Linux image repository | `k8s.gcr.io/csi-secrets-store/driver` | +| `linux.image.pullPolicy` | Linux image pull policy | `Always` | +| `linux.image.tag` | Linux image tag | `v0.0.17` | +| `linux.driver.resources` | The resource request/limits for the linux secrets-store container image | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` | +| `linux.enabled` | Install secrets store csi driver on linux nodes | true | +| `linux.kubeletRootDir` | Configure the kubelet root dir | `/var/lib/kubelet` | +| `linux.nodeSelector` | Node Selector for the daemonset on linux nodes | `{}` | +| `linux.tolerations` | Tolerations for the daemonset on linux nodes | `[]` | +| `linux.metricsAddr` | The address the metric endpoint binds to | `:8095` | +| `linux.registrarImage.repository` | Linux node-driver-registrar image repository | `k8s.gcr.io/sig-storage/csi-node-driver-registrar` | +| `linux.registrarImage.pullPolicy` | Linux node-driver-registrar image pull policy | `Always` | +| `linux.registrarImage.tag` | Linux node-driver-registrar image tag | `v2.0.1` | +| `linux.registrar.resources` | The resource request/limits for the linux node-driver-registrar container image | `limits: 100m CPU, 100Mi; requests: 10m CPU, 20Mi` | +| `linux.livenessProbeImage.repository` | Linux liveness-probe image repository | `k8s.gcr.io/sig-storage/livenessprobe` | +| `linux.livenessProbeImage.pullPolicy` | Linux liveness-probe image pull policy | `Always` | +| `linux.livenessProbeImage.tag` | Linux liveness-probe image tag | `v2.1.0` | +| `linux.livenessProbe.resources` | The resource request/limits for the linux liveness-probe container image | `limits: 100m CPU, 100Mi; requests: 10m CPU, 20Mi` | +| `linux.env` | Environment variables to be passed for the daemonset on linux nodes | `[]` | +| `linux.priorityClassName` | Indicates the importance of a Pod relative to other Pods. | `""` | +| `linux.updateStrategy` | Configure a custom update strategy for the daemonset on linux nodes | `RollingUpdate with 1 maxUnavailable` | +| `windows.image.repository` | Windows image repository | `k8s.gcr.io/csi-secrets-store/driver` | +| `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` | +| `windows.image.tag` | Windows image tag | `v0.0.17` | +| `windows.driver.resources` | The resource request/limits for the windows secrets-store container image | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` | +| `windows.enabled` | Install secrets store csi driver on windows nodes | false | +| `windows.kubeletRootDir` | Configure the kubelet root dir | `C:\var\lib\kubelet` | +| `windows.nodeSelector` | Node Selector for the daemonset on windows nodes | `{}` | +| `windows.tolerations` | Tolerations for the daemonset on windows nodes | `[]` | +| `windows.metricsAddr` | The address the metric endpoint binds to | `:8095` | +| `windows.registrarImage.repository` | Windows node-driver-registrar image repository | `k8s.gcr.io/sig-storage/csi-node-driver-registrar` | +| `windows.registrarImage.pullPolicy` | Windows node-driver-registrar image pull policy | `Always` | +| `windows.registrarImage.tag` | Windows node-driver-registrar image tag | `v2.0.1` | +| `windows.registrar.resources` | The resource request/limits for the windows node-driver-registrar container image | `limits: 200m CPU, 200Mi; requests: 10m CPU, 20Mi` | +| `windows.livenessProbeImage.repository` | Windows liveness-probe image repository | `k8s.gcr.io/sig-storage/livenessprobe` | +| `windows.livenessProbeImage.pullPolicy` | Windows liveness-probe image pull policy | `Always` | +| `windows.livenessProbeImage.tag` | Windows liveness-probe image tag | `v2.1.0` | +| `windows.livenessProbe.resources` | The resource request/limits for the windows liveness-probe container image | `limits: 200m CPU, 200Mi; requests: 10m CPU, 20Mi` | +| `windows.env` | Environment variables to be passed for the daemonset on windows nodes | `[]` | +| `windows.priorityClassName` | Indicates the importance of a Pod relative to other Pods. | `""` | +| `windows.updateStrategy` | Configure a custom update strategy for the daemonset on windows nodes | `RollingUpdate with 1 maxUnavailable` | +| `logVerbosity` | Log level. Uses V logs (klog) | `0` | +| `logFormatJSON` | Use JSON logging format | `false` | +| `livenessProbe.port` | Liveness probe port | `9808` | +| `livenessProbe.logLevel` | Liveness probe container logging verbosity level | `2` | +| `rbac.install` | Install default rbac roles and bindings | true | +| `syncSecret.enabled` | Enable rbac roles and bindings required for syncing to Kubernetes native secrets (the default will change to false after v0.0.14) | true | +| `minimumProviderVersions` | A comma delimited list of key-value pairs of minimum provider versions with driver | `""` | +| `grpcSupportedProviders` | A `;` delimited list of providers that support grpc for driver-provider [alpha] | `""` | +| `enableSecretRotation` | Enable secret rotation feature [alpha] | `false` | +| `rotationPollInterval` | Secret rotation poll interval duration | `"120s"` | diff --git a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml index bb5e57954..be5a3b7a3 100644 --- a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml +++ b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml @@ -9,6 +9,8 @@ spec: selector: matchLabels: app: {{ template "sscd.name" . }} + updateStrategy: +{{ toYaml .Values.windows.updateStrategy | indent 4 }} template: metadata: {{ include "sscd.labels" . | indent 6 }} @@ -21,15 +23,6 @@ spec: - --v=5 - "--csi-address=unix://C:\\csi\\csi.sock" - --kubelet-registration-path={{ .Values.windows.kubeletRootDir }}\plugins\csi-secrets-store\csi.sock - lifecycle: - preStop: - exec: - command: - [ - "cmd", - "/c", - "del /f C:\\registration\\secrets-store.csi.k8s.io-reg.sock", - ] env: - name: KUBE_NODE_NAME valueFrom: @@ -49,7 +42,12 @@ spec: - name: secrets-store image: "{{ .Values.windows.image.repository }}:{{ .Values.windows.image.tag }}" args: - - "--debug={{ .Values.logLevel.debug }}" + {{- if .Values.logVerbosity }} + - -v={{ .Values.logVerbosity }} + {{- end }} + {{- if .Values.logFormatJSON }} + - --log-format-json={{ .Values.logFormatJSON }} + {{- end }} - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" - "--provider-volume=C:\\k\\secrets-store-csi-providers" @@ -122,6 +120,9 @@ spec: {{ toYaml . | indent 12 }} {{- end }} {{- end }} + {{- if .Values.windows.priorityClassName }} + priorityClassName: {{ .Values.windows.priorityClassName | quote }} + {{- end }} volumes: - name: mountpoint-dir hostPath: diff --git a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml index 7cd8cdc20..7feac1894 100644 --- a/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml +++ b/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml @@ -9,6 +9,8 @@ spec: selector: matchLabels: app: {{ template "sscd.name" . }} + updateStrategy: +{{ toYaml .Values.linux.updateStrategy | indent 4 }} template: metadata: {{ include "sscd.labels" . | indent 6 }} @@ -23,15 +25,6 @@ spec: - --v=5 - --csi-address=/csi/csi.sock - --kubelet-registration-path={{ .Values.linux.kubeletRootDir }}/plugins/csi-secrets-store/csi.sock - lifecycle: - preStop: - exec: - command: - [ - "/bin/sh", - "-c", - "rm -rf /registration/secrets-store.csi.k8s.io-reg.sock", - ] env: - name: KUBE_NODE_NAME valueFrom: @@ -51,7 +44,12 @@ spec: - name: secrets-store image: "{{ .Values.linux.image.repository }}:{{ .Values.linux.image.tag }}" args: - - "--debug={{ .Values.logLevel.debug }}" + {{- if .Values.logVerbosity }} + - -v={{ .Values.logVerbosity }} + {{- end }} + {{- if .Values.logFormatJSON }} + - --log-format-json={{ .Values.logFormatJSON }} + {{- end }} - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" - "--provider-volume=/etc/kubernetes/secrets-store-csi-providers" @@ -125,6 +123,9 @@ spec: {{ toYaml . | indent 12 }} {{- end }} {{- end }} + {{- if .Values.linux.priorityClassName }} + priorityClassName: {{ .Values.linux.priorityClassName | quote }} + {{- end }} volumes: - name: mountpoint-dir hostPath: diff --git a/charts/secrets-store-csi-driver/values.yaml b/charts/secrets-store-csi-driver/values.yaml index a1a73ae55..c3e161b6b 100644 --- a/charts/secrets-store-csi-driver/values.yaml +++ b/charts/secrets-store-csi-driver/values.yaml @@ -1,8 +1,8 @@ linux: enabled: true image: - repository: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver - tag: v0.0.16 + repository: k8s.gcr.io/csi-secrets-store/driver + tag: v0.0.17 pullPolicy: Always driver: @@ -15,8 +15,8 @@ linux: memory: 100Mi registrarImage: - repository: quay.io/k8scsi/csi-node-driver-registrar - tag: v1.2.0 + repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar + tag: v2.0.1 pullPolicy: Always registrar: @@ -29,8 +29,8 @@ linux: memory: 20Mi livenessProbeImage: - repository: quay.io/k8scsi/livenessprobe - tag: v2.0.0 + repository: k8s.gcr.io/sig-storage/livenessprobe + tag: v2.1.0 pullPolicy: Always livenessProbe: @@ -42,17 +42,23 @@ linux: cpu: 10m memory: 20Mi + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + kubeletRootDir: /var/lib/kubelet nodeSelector: {} tolerations: [] metricsAddr: ":8095" env: [] + priorityClassName: "" windows: enabled: false image: - repository: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver - tag: v0.0.16 + repository: k8s.gcr.io/csi-secrets-store/driver + tag: v0.0.17 pullPolicy: IfNotPresent driver: @@ -65,8 +71,8 @@ windows: memory: 100Mi registrarImage: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar - tag: v1.2.1-alpha.1-windows-1809-amd64 + repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar + tag: v2.0.1 pullPolicy: IfNotPresent registrar: @@ -79,8 +85,8 @@ windows: memory: 20Mi livenessProbeImage: - repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe - tag: v2.0.1-alpha.1-windows-1809-amd64 + repository: k8s.gcr.io/sig-storage/livenessprobe + tag: v2.1.0 pullPolicy: IfNotPresent livenessProbe: @@ -92,14 +98,23 @@ windows: cpu: 10m memory: 20Mi + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + kubeletRootDir: C:\var\lib\kubelet nodeSelector: {} tolerations: [] metricsAddr: ":8095" env: [] + priorityClassName: "" + +# log level. Uses V logs (klog) +logVerbosity: 0 -logLevel: - debug: true +# logging format JSON +logFormatJSON: false livenessProbe: port: 9808 @@ -120,7 +135,7 @@ syncSecret: minimumProviderVersions: ## ; delimited list of providers that support grpc for driver-provider [alpha] -grpcSupportedProviders: +grpcSupportedProviders: gcp; ## Enable secret rotation feature [alpha] enableSecretRotation: false diff --git a/deploy/secrets-store-csi-driver-windows.yaml b/deploy/secrets-store-csi-driver-windows.yaml index b332b6d75..e79ce5475 100644 --- a/deploy/secrets-store-csi-driver-windows.yaml +++ b/deploy/secrets-store-csi-driver-windows.yaml @@ -14,20 +14,11 @@ spec: serviceAccountName: secrets-store-csi-driver containers: - name: node-driver-registrar - image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v1.2.1-alpha.1-windows-1809-amd64 + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1 args: - --v=5 - "--csi-address=unix://C:\\csi\\csi.sock" - "--kubelet-registration-path=C:\\var\\lib\\kubelet\\plugins\\csi-secrets-store\\csi.sock" - lifecycle: - preStop: - exec: - command: - [ - "cmd", - "/c", - "del /f C:\\registration\\secrets-store.csi.k8s.io-reg.sock", - ] env: - name: KUBE_NODE_NAME valueFrom: @@ -48,9 +39,8 @@ spec: cpu: 10m memory: 20Mi - name: secrets-store - image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.16 + image: k8s.gcr.io/csi-secrets-store/driver:v0.0.17 args: - - "--debug=true" - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" - "--provider-volume=C:\\k\\secrets-store-csi-providers" @@ -96,7 +86,7 @@ spec: - name: providers-dir mountPath: C:\k\secrets-store-csi-providers - name: liveness-probe - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.0.1-alpha.1-windows-1809-amd64 + image: k8s.gcr.io/sig-storage/livenessprobe:v2.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=unix://C:\\csi\\csi.sock" diff --git a/deploy/secrets-store-csi-driver.yaml b/deploy/secrets-store-csi-driver.yaml index 7ebe66981..9d1edcb9f 100644 --- a/deploy/secrets-store-csi-driver.yaml +++ b/deploy/secrets-store-csi-driver.yaml @@ -15,20 +15,11 @@ spec: hostNetwork: true containers: - name: node-driver-registrar - image: quay.io/k8scsi/csi-node-driver-registrar:v1.2.0 + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1 args: - --v=5 - --csi-address=/csi/csi.sock - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-secrets-store/csi.sock - lifecycle: - preStop: - exec: - command: - [ - "/bin/sh", - "-c", - "rm -rf /registration/secrets-store.csi.k8s.io-reg.sock", - ] env: - name: KUBE_NODE_NAME valueFrom: @@ -49,13 +40,13 @@ spec: cpu: 10m memory: 20Mi - name: secrets-store - image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.16 + image: k8s.gcr.io/csi-secrets-store/driver:v0.0.17 args: - - "--debug=true" - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" - "--provider-volume=/etc/kubernetes/secrets-store-csi-providers" - "--metrics-addr=:8095" + - "--grpc-supported-providers=gcp;" - "--enable-secret-rotation=false" - "--rotation-poll-interval=2m" env: @@ -97,7 +88,7 @@ spec: cpu: 50m memory: 100Mi - name: liveness-probe - image: quay.io/k8scsi/livenessprobe:v2.0.0 + image: k8s.gcr.io/sig-storage/livenessprobe:v2.1.0 imagePullPolicy: Always args: - --csi-address=/csi/csi.sock diff --git a/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml b/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml index 26693c6f8..b57b621b4 100644 --- a/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml +++ b/manifest_staging/charts/secrets-store-csi-driver/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: secrets-store-csi-driver -version: 0.0.16 -appVersion: 0.0.16 +version: 0.0.17 +appVersion: 0.0.17 kubeVersion: ">=1.16.0-0" description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster. icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png diff --git a/manifest_staging/charts/secrets-store-csi-driver/README.md b/manifest_staging/charts/secrets-store-csi-driver/README.md index 9bf532155..04887c870 100644 --- a/manifest_staging/charts/secrets-store-csi-driver/README.md +++ b/manifest_staging/charts/secrets-store-csi-driver/README.md @@ -19,57 +19,57 @@ $ helm install csi-secrets-store secrets-store-csi-driver/secrets-store-csi-driv The following table lists the configurable parameters of the csi-secrets-store-provider-azure chart and their default values. -| Parameter | Description | Default | -| --------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------- | -| `nameOverride` | String to partially override secrets-store-csi-driver.fullname template with a string (will prepend the release name) | `""` | -| `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` | -| `linux.image.repository` | Linux image repository | `us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver` | -| `linux.image.pullPolicy` | Linux image pull policy | `Always` | -| `linux.image.tag` | Linux image tag | `v0.0.16` | -| `linux.driver.resources` | The resource request/limits for the linux secrets-store container image | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` | -| `linux.enabled` | Install secrets store csi driver on linux nodes | true | -| `linux.kubeletRootDir` | Configure the kubelet root dir | `/var/lib/kubelet` | -| `linux.nodeSelector` | Node Selector for the daemonset on linux nodes | `{}` | -| `linux.tolerations` | Tolerations for the daemonset on linux nodes | `[]` | -| `linux.metricsAddr` | The address the metric endpoint binds to | `:8095` | -| `linux.registrarImage.repository` | Linux node-driver-registrar image repository | `k8s.gcr.io/sig-storage/csi-node-driver-registrar` | -| `linux.registrarImage.pullPolicy` | Linux node-driver-registrar image pull policy | `Always` | -| `linux.registrarImage.tag` | Linux node-driver-registrar image tag | `v2.0.1` | -| `linux.registrar.resources` | The resource request/limits for the linux node-driver-registrar container image | `limits: 100m CPU, 100Mi; requests: 10m CPU, 20Mi` | -| `linux.livenessProbeImage.repository` | Linux liveness-probe image repository | `k8s.gcr.io/sig-storage/livenessprobe` | -| `linux.livenessProbeImage.pullPolicy` | Linux liveness-probe image pull policy | `Always` | -| `linux.livenessProbeImage.tag` | Linux liveness-probe image tag | `v2.1.0` | -| `linux.livenessProbe.resources` | The resource request/limits for the linux liveness-probe container image | `limits: 100m CPU, 100Mi; requests: 10m CPU, 20Mi` | -| `linux.env` | Environment variables to be passed for the daemonset on linux nodes | `[]` | -| `linux.priorityClassName` | Indicates the importance of a Pod relative to other Pods. | `""` | -| `linux.updateStrategy` | Configure a custom update strategy for the daemonset on linux nodes | `RollingUpdate with 1 maxUnavailable` | -| `windows.image.repository` | Windows image repository | `us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver` | -| `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` | -| `windows.image.tag` | Windows image tag | `v0.0.16` | -| `windows.driver.resources` | The resource request/limits for the windows secrets-store container image | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` | -| `windows.enabled` | Install secrets store csi driver on windows nodes | false | -| `windows.kubeletRootDir` | Configure the kubelet root dir | `C:\var\lib\kubelet` | -| `windows.nodeSelector` | Node Selector for the daemonset on windows nodes | `{}` | -| `windows.tolerations` | Tolerations for the daemonset on windows nodes | `[]` | -| `windows.metricsAddr` | The address the metric endpoint binds to | `:8095` | -| `windows.registrarImage.repository` | Windows node-driver-registrar image repository | `k8s.gcr.io/sig-storage/csi-node-driver-registrar` | -| `windows.registrarImage.pullPolicy` | Windows node-driver-registrar image pull policy | `Always` | -| `windows.registrarImage.tag` | Windows node-driver-registrar image tag | `v2.0.1` | -| `windows.registrar.resources` | The resource request/limits for the windows node-driver-registrar container image | `limits: 200m CPU, 200Mi; requests: 10m CPU, 20Mi` | -| `windows.livenessProbeImage.repository` | Windows liveness-probe image repository | `k8s.gcr.io/sig-storage/livenessprobe` | -| `windows.livenessProbeImage.pullPolicy` | Windows liveness-probe image pull policy | `Always` | -| `windows.livenessProbeImage.tag` | Windows liveness-probe image tag | `v2.1.0` | -| `windows.livenessProbe.resources` | The resource request/limits for the windows liveness-probe container image | `limits: 200m CPU, 200Mi; requests: 10m CPU, 20Mi` | -| `windows.env` | Environment variables to be passed for the daemonset on windows nodes | `[]` | -| `windows.priorityClassName` | Indicates the importance of a Pod relative to other Pods. | `""` | -| `windows.updateStrategy` | Configure a custom update strategy for the daemonset on windows nodes | `RollingUpdate with 1 maxUnavailable` | -| `logVerbosity` | Log level. Uses V logs (klog) | `0` | -| `logFormatJSON` | Use JSON logging format | `false` | -| `livenessProbe.port` | Liveness probe port | `9808` | -| `livenessProbe.logLevel` | Liveness probe container logging verbosity level | `2` | -| `rbac.install` | Install default rbac roles and bindings | true | -| `syncSecret.enabled` | Enable rbac roles and bindings required for syncing to Kubernetes native secrets (the default will change to false after v0.0.14) | true | -| `minimumProviderVersions` | A comma delimited list of key-value pairs of minimum provider versions with driver | `""` | -| `grpcSupportedProviders` | A `;` delimited list of providers that support grpc for driver-provider [alpha] | `""` | -| `enableSecretRotation` | Enable secret rotation feature [alpha] | `false` | -| `rotationPollInterval` | Secret rotation poll interval duration | `"120s"` | +| Parameter | Description | Default | +| --------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------- | +| `nameOverride` | String to partially override secrets-store-csi-driver.fullname template with a string (will prepend the release name) | `""` | +| `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` | +| `linux.image.repository` | Linux image repository | `k8s.gcr.io/csi-secrets-store/driver` | +| `linux.image.pullPolicy` | Linux image pull policy | `Always` | +| `linux.image.tag` | Linux image tag | `v0.0.17` | +| `linux.driver.resources` | The resource request/limits for the linux secrets-store container image | `limits: 200m CPU, 200Mi; requests: 50m CPU, 100Mi` | +| `linux.enabled` | Install secrets store csi driver on linux nodes | true | +| `linux.kubeletRootDir` | Configure the kubelet root dir | `/var/lib/kubelet` | +| `linux.nodeSelector` | Node Selector for the daemonset on linux nodes | `{}` | +| `linux.tolerations` | Tolerations for the daemonset on linux nodes | `[]` | +| `linux.metricsAddr` | The address the metric endpoint binds to | `:8095` | +| `linux.registrarImage.repository` | Linux node-driver-registrar image repository | `k8s.gcr.io/sig-storage/csi-node-driver-registrar` | +| `linux.registrarImage.pullPolicy` | Linux node-driver-registrar image pull policy | `Always` | +| `linux.registrarImage.tag` | Linux node-driver-registrar image tag | `v2.0.1` | +| `linux.registrar.resources` | The resource request/limits for the linux node-driver-registrar container image | `limits: 100m CPU, 100Mi; requests: 10m CPU, 20Mi` | +| `linux.livenessProbeImage.repository` | Linux liveness-probe image repository | `k8s.gcr.io/sig-storage/livenessprobe` | +| `linux.livenessProbeImage.pullPolicy` | Linux liveness-probe image pull policy | `Always` | +| `linux.livenessProbeImage.tag` | Linux liveness-probe image tag | `v2.1.0` | +| `linux.livenessProbe.resources` | The resource request/limits for the linux liveness-probe container image | `limits: 100m CPU, 100Mi; requests: 10m CPU, 20Mi` | +| `linux.env` | Environment variables to be passed for the daemonset on linux nodes | `[]` | +| `linux.priorityClassName` | Indicates the importance of a Pod relative to other Pods. | `""` | +| `linux.updateStrategy` | Configure a custom update strategy for the daemonset on linux nodes | `RollingUpdate with 1 maxUnavailable` | +| `windows.image.repository` | Windows image repository | `k8s.gcr.io/csi-secrets-store/driver` | +| `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` | +| `windows.image.tag` | Windows image tag | `v0.0.17` | +| `windows.driver.resources` | The resource request/limits for the windows secrets-store container image | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` | +| `windows.enabled` | Install secrets store csi driver on windows nodes | false | +| `windows.kubeletRootDir` | Configure the kubelet root dir | `C:\var\lib\kubelet` | +| `windows.nodeSelector` | Node Selector for the daemonset on windows nodes | `{}` | +| `windows.tolerations` | Tolerations for the daemonset on windows nodes | `[]` | +| `windows.metricsAddr` | The address the metric endpoint binds to | `:8095` | +| `windows.registrarImage.repository` | Windows node-driver-registrar image repository | `k8s.gcr.io/sig-storage/csi-node-driver-registrar` | +| `windows.registrarImage.pullPolicy` | Windows node-driver-registrar image pull policy | `Always` | +| `windows.registrarImage.tag` | Windows node-driver-registrar image tag | `v2.0.1` | +| `windows.registrar.resources` | The resource request/limits for the windows node-driver-registrar container image | `limits: 200m CPU, 200Mi; requests: 10m CPU, 20Mi` | +| `windows.livenessProbeImage.repository` | Windows liveness-probe image repository | `k8s.gcr.io/sig-storage/livenessprobe` | +| `windows.livenessProbeImage.pullPolicy` | Windows liveness-probe image pull policy | `Always` | +| `windows.livenessProbeImage.tag` | Windows liveness-probe image tag | `v2.1.0` | +| `windows.livenessProbe.resources` | The resource request/limits for the windows liveness-probe container image | `limits: 200m CPU, 200Mi; requests: 10m CPU, 20Mi` | +| `windows.env` | Environment variables to be passed for the daemonset on windows nodes | `[]` | +| `windows.priorityClassName` | Indicates the importance of a Pod relative to other Pods. | `""` | +| `windows.updateStrategy` | Configure a custom update strategy for the daemonset on windows nodes | `RollingUpdate with 1 maxUnavailable` | +| `logVerbosity` | Log level. Uses V logs (klog) | `0` | +| `logFormatJSON` | Use JSON logging format | `false` | +| `livenessProbe.port` | Liveness probe port | `9808` | +| `livenessProbe.logLevel` | Liveness probe container logging verbosity level | `2` | +| `rbac.install` | Install default rbac roles and bindings | true | +| `syncSecret.enabled` | Enable rbac roles and bindings required for syncing to Kubernetes native secrets (the default will change to false after v0.0.14) | true | +| `minimumProviderVersions` | A comma delimited list of key-value pairs of minimum provider versions with driver | `""` | +| `grpcSupportedProviders` | A `;` delimited list of providers that support grpc for driver-provider [alpha] | `""` | +| `enableSecretRotation` | Enable secret rotation feature [alpha] | `false` | +| `rotationPollInterval` | Secret rotation poll interval duration | `"120s"` | diff --git a/manifest_staging/charts/secrets-store-csi-driver/values.yaml b/manifest_staging/charts/secrets-store-csi-driver/values.yaml index aef610326..c3e161b6b 100644 --- a/manifest_staging/charts/secrets-store-csi-driver/values.yaml +++ b/manifest_staging/charts/secrets-store-csi-driver/values.yaml @@ -1,8 +1,8 @@ linux: enabled: true image: - repository: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver - tag: v0.0.16 + repository: k8s.gcr.io/csi-secrets-store/driver + tag: v0.0.17 pullPolicy: Always driver: @@ -57,8 +57,8 @@ linux: windows: enabled: false image: - repository: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver - tag: v0.0.16 + repository: k8s.gcr.io/csi-secrets-store/driver + tag: v0.0.17 pullPolicy: IfNotPresent driver: diff --git a/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml b/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml index 856f19928..e79ce5475 100644 --- a/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml +++ b/manifest_staging/deploy/secrets-store-csi-driver-windows.yaml @@ -39,7 +39,7 @@ spec: cpu: 10m memory: 20Mi - name: secrets-store - image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.16 + image: k8s.gcr.io/csi-secrets-store/driver:v0.0.17 args: - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" diff --git a/manifest_staging/deploy/secrets-store-csi-driver.yaml b/manifest_staging/deploy/secrets-store-csi-driver.yaml index 52422d30d..9d1edcb9f 100644 --- a/manifest_staging/deploy/secrets-store-csi-driver.yaml +++ b/manifest_staging/deploy/secrets-store-csi-driver.yaml @@ -40,7 +40,7 @@ spec: cpu: 10m memory: 20Mi - name: secrets-store - image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.16 + image: k8s.gcr.io/csi-secrets-store/driver:v0.0.17 args: - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)"