chore: remove deprecated --driver-write-secrets flag (#709)

* chore: remove deprecated --driver-write-secrets flag

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

* chore: remove driver write secrets parameters from test pipeline

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

.pipelines/nightly.yaml

@@ -14,10 +14,6 @@ jobs:
   # to get image scan results on nightly runs
   - template: templates/unit-test.yaml
   - template: templates/e2e-test-kind.yaml
-    parameters:
-      driverWriteSecrets:
-      - "true"
-      - "false"
   - template: templates/load-test.yaml
   - template: templates/e2e-test-azure.yaml
     parameters:

cmd/main.go

@@ -39,10 +39,6 @@ var (
 	healthzPath    = flag.String("healthz-path", "/healthz", "path for health check")
 	healthzTimeout = flag.Duration("healthz-timeout", 5*time.Second, "RPC timeout for health check")
 
-	// driverWriteSecrets feature is enabled by default in v0.1.0 release. All writes to the pod filesystem will now be done by the CSI driver instead of provider.
-	// this flag will be removed in the future.
-	driverWriteSecrets = flag.Bool("driver-write-secrets", true, "[DEPRECATED] Return secrets in gRPC response to the driver (supported in driver v0.0.21+) instead of writing to filesystem")
-
 	metricsBackend = flag.String("metrics-backend", "Prometheus", "Backend used for metrics")
 	prometheusPort = flag.Int("prometheus-port", 8898, "Prometheus port for metrics backend")
 )
@@ -86,9 +82,6 @@ func main() {
 	if *provider.ConstructPEMChain {
 		klog.Infof("construct pem chain feature enabled")
 	}
-	if !*driverWriteSecrets {
-		klog.Infof("driver write secrets feature can't be disabled. The --driver-write-secret flag will be removed in future releases.")
-	}
 	// Add csi-secrets-store user agent to adal requests
 	if err := adal.AddToUserAgent(version.GetUserAgent()); err != nil {
 		klog.ErrorS(err, "failed to add user agent to adal")

manifest_staging/charts/csi-secrets-store-provider-azure/README.md

@@ -133,4 +133,3 @@ The following table lists the configurable parameters of the csi-secrets-store-p
 | `rbac.install`                                                   | Install default service account                                                                                                                                                                       | true                                                                                             |
 | `rbac.pspEnabled`                                                | If `true`, create and use a restricted pod security policy for Secrets Store CSI Driver AKV provider pod(s)                                                                                           | false                                                                                            |
 | `constructPEMChain`                                              | Explicitly reconstruct the pem chain in the order: SERVER, INTERMEDIATE, ROOT                                                                                                                         | `true`                                                                                           |
-| `driverWriteSecrets`                                             | Return secrets in grpc response to the driver (supported in driver v0.0.21+) instead of writing to filesystem                                                                                         | `true`                                                                                           |

manifest_staging/charts/csi-secrets-store-provider-azure/templates/provider-azure-installer-windows.yaml

@@ -48,9 +48,6 @@ spec:
             - --healthz-port={{ .Values.windows.healthzPort }}
             - --healthz-path={{ .Values.windows.healthzPath }}
             - --healthz-timeout={{ .Values.windows.healthzTimeout }}
-            {{- if .Values.driverWriteSecrets }}
-            - --driver-write-secrets={{ .Values.driverWriteSecrets }}
-            {{- end }}
           livenessProbe:
             httpGet:
               path: {{ .Values.windows.healthzPath }}
@@ -64,11 +61,6 @@ spec:
           volumeMounts:
             - name: provider-vol
               mountPath: "C:\\provider"
-            {{- if not .Values.driverWriteSecrets }}
-            - name: mountpoint-dir
-              mountPath: {{ .Values.windows.kubeletRootDir }}\pods
-              mountPropagation: HostToContainer
-            {{- end }}
             {{- if .Values.windows.volumeMounts }}
             {{- toYaml .Values.windows.volumeMounts | nindent 12 }}
             {{- end}}
@@ -82,11 +74,6 @@ spec:
           hostPath:
             path: C:\k\secrets-store-csi-providers
             type: DirectoryOrCreate
-        {{- if not .Values.driverWriteSecrets }}
-        - name: mountpoint-dir
-          hostPath:
-            path: {{ .Values.windows.kubeletRootDir }}\pods\
-        {{- end }}
         {{- if .Values.windows.volumes }}
         {{- toYaml .Values.windows.volumes | nindent 8 }}
         {{- end}}

manifest_staging/charts/csi-secrets-store-provider-azure/templates/provider-azure-installer.yaml

@@ -55,9 +55,6 @@ spec:
             - --healthz-port={{ .Values.linux.healthzPort }}
             - --healthz-path={{ .Values.linux.healthzPath }}
             - --healthz-timeout={{ .Values.linux.healthzTimeout }}
-            {{- if .Values.driverWriteSecrets }}
-            - --driver-write-secrets={{ .Values.driverWriteSecrets }}
-            {{- end }}
           livenessProbe:
             httpGet:
               path: {{ .Values.linux.healthzPath }}
@@ -88,11 +85,6 @@ spec:
           volumeMounts:
             - name: provider-vol
               mountPath: /provider
-            {{- if not .Values.driverWriteSecrets }}
-            - name: mountpoint-dir
-              mountPath: {{ .Values.linux.kubeletRootDir }}/pods
-              mountPropagation: HostToContainer
-            {{- end }}
             {{- if .Values.linux.volumeMounts }}
             {{- toYaml .Values.linux.volumeMounts | nindent 12 }}
             {{- end}}
@@ -110,11 +102,6 @@ spec:
         - name: provider-vol
           hostPath:
             path: "/etc/kubernetes/secrets-store-csi-providers"
-        {{- if not .Values.driverWriteSecrets }}
-        - name: mountpoint-dir
-          hostPath:
-            path: {{ .Values.linux.kubeletRootDir }}/pods
-        {{- end }}
         {{- if .Values.linux.volumes }}
         {{- toYaml .Values.linux.volumes | nindent 8 }}
         {{- end}}

manifest_staging/charts/csi-secrets-store-provider-azure/values.yaml

@@ -163,6 +163,3 @@ rbac:
 
 # explicitly reconstruct the pem chain in the order: SERVER, INTERMEDIATE, ROOT
 constructPEMChain: true
-
-# Return secrets in grpc response to the driver (supported in driver v0.0.21+) instead of writing to filesystem
-driverWriteSecrets: true

manifest_staging/deployment/provider-azure-installer-windows.yaml

@@ -31,7 +31,6 @@ spec:
             - --healthz-port=8989
             - --healthz-path=/healthz
             - --healthz-timeout=5s
-            - --driver-write-secrets=true
           livenessProbe:
             httpGet:
               path: /healthz

manifest_staging/deployment/provider-azure-installer.yaml

@@ -32,7 +32,6 @@ spec:
             - --healthz-port=8989
             - --healthz-path=/healthz
             - --healthz-timeout=5s
-            - --driver-write-secrets=true
           livenessProbe:
             httpGet:
               path: /healthz