release: update manifest and helm charts for v1.4.0 (#1045)

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Makefile

@@ -8,7 +8,7 @@ REPO_PATH="$(ORG_PATH)/$(PROJECT_NAME)"
 REGISTRY_NAME ?= upstream
 REPO_PREFIX ?= k8s/csi/secrets-store
 REGISTRY ?= $(REGISTRY_NAME).azurecr.io/$(REPO_PREFIX)
-IMAGE_VERSION ?= v1.3.0
+IMAGE_VERSION ?= v1.4.0
 IMAGE_NAME ?= provider-azure
 CONFORMANCE_IMAGE_NAME ?= provider-azure-arc-conformance
 IMAGE_TAG := $(REGISTRY)/$(IMAGE_NAME):$(IMAGE_VERSION)

charts/csi-secrets-store-provider-azure/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: secrets-store-csi-driver
   repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
-  version: 1.2.3
-digest: sha256:9646ceda3b60e7795c1ecf730811a12770ba44160559065f660119cbdaf66641
-generated: "2022-08-11T21:35:23.149639291Z"
+  version: 1.3.0
+digest: sha256:fe75dc495385275b6cd108f2684d06d990dadbe8be9d82adba637b362c2b51a9
+generated: "2022-12-14T04:06:15.0527901Z"

charts/csi-secrets-store-provider-azure/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: csi-secrets-store-provider-azure
-version: 1.3.0
-appVersion: 1.3.0
+version: 1.4.0
+appVersion: 1.4.0
 kubeVersion: ">=1.16.0-0"
 description: A Helm chart to install the Secrets Store CSI Driver and the Azure Keyvault Provider inside a Kubernetes cluster.
 sources:
@@ -13,5 +13,5 @@ maintainers:
 dependencies:
 - name: secrets-store-csi-driver
   repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
-  version: 1.2.3
+  version: 1.3.0
   condition: secrets-store-csi-driver.install

charts/csi-secrets-store-provider-azure/arc-values.yaml

@@ -15,7 +15,7 @@ logVerbosity: 0
 linux:
   image:
     repository: mcr.microsoft.com/oss/azure/secrets-store/provider-azure
-    tag: v1.3.0
+    tag: v1.4.0
     pullPolicy: IfNotPresent
   nodeSelector: {}
   tolerations: []
@@ -58,7 +58,7 @@ linux:
 windows:
   image:
     repository: mcr.microsoft.com/oss/azure/secrets-store/provider-azure
-    tag: v1.3.0
+    tag: v1.4.0
     pullPolicy: IfNotPresent
   nodeSelector: {}
   tolerations: []
@@ -112,20 +112,20 @@ secrets-store-csi-driver:
     metricsAddr: ":8080"
     image:
       repository: mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver
-      tag: v1.2.3
+      tag: v1.3.0
       pullPolicy: IfNotPresent
     registrarImage:
       repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar
-      tag: v2.5.1
+      tag: v2.6.2
       pullPolicy: IfNotPresent
     livenessProbeImage:
       repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe
-      tag: v2.7.0
+      tag: v2.8.0
       pullPolicy: IfNotPresent
     crds:
       image:
         repository: mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver-crds
-        tag: v1.2.3
+        tag: v1.3.0
         pullPolicy: IfNotPresent
     podAnnotations:
       prometheus.io/scrape: "true"
@@ -137,22 +137,22 @@ secrets-store-csi-driver:
     metricsAddr: ":8080"
     image:
       repository: mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver
-      tag: v1.2.3
+      tag: v1.3.0
       pullPolicy: IfNotPresent
     registrarImage:
       repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar
-      tag: v2.5.1
+      tag: v2.6.2
       pullPolicy: IfNotPresent
     livenessProbeImage:
       repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe
-      tag: v2.7.0
+      tag: v2.8.0
       pullPolicy: IfNotPresent
 
   enableSecretRotation: false
   rotationPollInterval: 2m
   # Refer to https://secrets-store-csi-driver.sigs.k8s.io/load-tests.html for more details on actions to take before enabling this feature
   filteredWatchSecret: true
-  
+
   syncSecret:
     enabled: false
 

charts/csi-secrets-store-provider-azure/templates/podsecuritypolicy.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.rbac.pspEnabled }}
+{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:

charts/csi-secrets-store-provider-azure/templates/provider-azure-installer-windows.yaml

@@ -48,6 +48,9 @@ spec:
             - --healthz-port={{ .Values.windows.healthzPort }}
             - --healthz-path={{ .Values.windows.healthzPath }}
             - --healthz-timeout={{ .Values.windows.healthzTimeout }}
+            {{- if .Values.writeCertAndKeyInSeparateFiles }}
+            - --write-cert-and-key-in-separate-files={{ .Values.writeCertAndKeyInSeparateFiles }}
+            {{- end }}
           livenessProbe:
             httpGet:
               path: {{ .Values.windows.healthzPath }}

charts/csi-secrets-store-provider-azure/templates/provider-azure-installer.yaml

@@ -24,7 +24,7 @@ spec:
 {{- end }}
 {{- if .Values.enableArcExtension }}
 {{- if .Values.arc.enableMonitoring }}
-        prometheus.io/scrape: "true" 
+        prometheus.io/scrape: "true"
         prometheus.io/port: "8898"
 {{- end }}
 {{- end }}
@@ -63,6 +63,9 @@ spec:
             - --healthz-port={{ .Values.linux.healthzPort }}
             - --healthz-path={{ .Values.linux.healthzPath }}
             - --healthz-timeout={{ .Values.linux.healthzTimeout }}
+            {{- if .Values.writeCertAndKeyInSeparateFiles }}
+            - --write-cert-and-key-in-separate-files={{ .Values.writeCertAndKeyInSeparateFiles }}
+            {{- end }}
           livenessProbe:
             httpGet:
               path: {{ .Values.linux.healthzPath }}

charts/csi-secrets-store-provider-azure/templates/role.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.rbac.pspEnabled }}
+{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:

charts/csi-secrets-store-provider-azure/templates/rolebinding.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.rbac.pspEnabled }}
+{{- if and .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:

charts/csi-secrets-store-provider-azure/values.yaml

@@ -17,10 +17,13 @@ enableArcExtension: false
 linux:
   image:
     repository: mcr.microsoft.com/oss/azure/secrets-store/provider-azure
-    tag: v1.3.0
+    tag: v1.4.0
     pullPolicy: IfNotPresent
   nodeSelector: {}
-  tolerations: []
+  # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
+  # An empty key with operator Exists matches all keys, values and effects which means this will tolerate everything.
+  tolerations:
+  - operator: Exists
   enabled: true
   resources:
     requests:
@@ -60,10 +63,13 @@ linux:
 windows:
   image:
     repository: mcr.microsoft.com/oss/azure/secrets-store/provider-azure
-    tag: v1.3.0
+    tag: v1.4.0
     pullPolicy: IfNotPresent
   nodeSelector: {}
-  tolerations: []
+  # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
+  # An empty key with operator Exists matches all keys, values and effects which means this will tolerate everything.
+  tolerations:
+  - operator: Exists
   enabled: false
   resources:
     requests:
@@ -114,20 +120,20 @@ secrets-store-csi-driver:
     priorityClassName: ""
     image:
       repository: mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver
-      tag: v1.2.3
+      tag: v1.3.0
       pullPolicy: IfNotPresent
     registrarImage:
       repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar
-      tag: v2.5.1
+      tag: v2.6.2
       pullPolicy: IfNotPresent
     livenessProbeImage:
       repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe
-      tag: v2.7.0
+      tag: v2.8.0
       pullPolicy: IfNotPresent
     crds:
       image:
         repository: mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver-crds
-        tag: v1.2.3
+        tag: v1.3.0
         pullPolicy: IfNotPresent
     providersDir: /var/run/secrets-store-csi-providers
 
@@ -138,22 +144,22 @@ secrets-store-csi-driver:
     priorityClassName: ""
     image:
       repository: mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver
-      tag: v1.2.3
+      tag: v1.3.0
       pullPolicy: IfNotPresent
     registrarImage:
       repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar
-      tag: v2.5.1
+      tag: v2.6.2
       pullPolicy: IfNotPresent
     livenessProbeImage:
       repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe
-      tag: v2.7.0
+      tag: v2.8.0
       pullPolicy: IfNotPresent
 
   enableSecretRotation: false
   rotationPollInterval: 2m
   # Refer to https://secrets-store-csi-driver.sigs.k8s.io/load-tests.html for more details on actions to take before enabling this feature
   filteredWatchSecret: true
-  
+
   syncSecret:
     enabled: false
 
@@ -167,3 +173,6 @@ rbac:
 
 # explicitly reconstruct the pem chain in the order: SERVER, INTERMEDIATE, ROOT
 constructPEMChain: true
+
+# Write cert and key in separate files. The individual files will be named as <secret-name>.crt and <secret-name>.key. These files will be created in addition to the single file.
+writeCertAndKeyInSeparateFiles: false

deployment/provider-azure-installer-windows.yaml

@@ -23,7 +23,7 @@ spec:
       serviceAccountName: csi-secrets-store-provider-azure
       containers:
         - name: provider-azure-installer
-          image: mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.3.0
+          image: mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.0
           imagePullPolicy: IfNotPresent
           args:
             - --endpoint=unix://C:\\provider\\azure.sock
@@ -63,5 +63,7 @@ spec:
           hostPath:
             path: "C:\\k\\secrets-store-csi-providers"
             type: DirectoryOrCreate
+      tolerations:
+      - operator: Exists
       nodeSelector:
         kubernetes.io/os: windows

deployment/provider-azure-installer.yaml

@@ -24,7 +24,7 @@ spec:
       hostNetwork: true
       containers:
         - name: provider-azure-installer
-          image: mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.3.0
+          image: mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.4.0
           imagePullPolicy: IfNotPresent
           args:
             - --endpoint=unix:///provider/azure.sock
@@ -70,5 +70,7 @@ spec:
         - name: providervol
           hostPath:
             path: "/var/run/secrets-store-csi-providers"
+      tolerations:
+      - operator: Exists
       nodeSelector:
         kubernetes.io/os: linux

manifest_staging/charts/csi-secrets-store-provider-azure/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: secrets-store-csi-driver
   repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
-  version: 1.2.4
-digest: sha256:d97bc6f56c988ff2122036e7c89eac097f7200cd2923e1d3602dd3144a62bc64
-generated: "2022-12-02T00:01:43.727185604Z"
+  version: 1.3.0
+digest: sha256:fe75dc495385275b6cd108f2684d06d990dadbe8be9d82adba637b362c2b51a9
+generated: "2022-12-14T04:06:15.0527901Z"