Skip to content
This repository has been archived by the owner on Oct 12, 2023. It is now read-only.

Commit

Permalink
release: update manifest and helm charts for v1.7.2 (#955)
Browse files Browse the repository at this point in the history 
Signed-off-by: Ernest Wong <chuwon@microsoft.com>
  • Loading branch information
Ernest Wong authored Feb 2, 2021
1 parent 4eb50e3 commit d83ef21
Show file tree
Hide file tree
Showing 27 changed files with 133 additions and 64 deletions.
Binary file added charts/aad-pod-identity-3.0.1.tgz
View file
Binary file not shown.
6 changes: 3 additions & 3 deletions charts/aad-pod-identity/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ helm install aad-pod-identity/aad-pod-identity --set=installCRDs=true
| `2.0.2` | `1.6.3` |
| `2.1.0` | `1.7.0` |
| `3.0.0` | `1.7.1` |
| `3.0.1` | `1.7.2` |

## Introduction

Expand Down Expand Up @@ -231,7 +232,6 @@ The following tables list the configurable parameters of the aad-pod-identity ch
| `image.repository` | Image repository | `mcr.microsoft.com/oss/azure/aad-pod-identity` |
| `image.pullPolicy` | Image pull policy | `Always` |
| `imagePullSecrets` | One or more secrets to be used when pulling images | `[]` |
| `forceNameSpaced` (**DEPRECATED**) | By default, AAD Pod Identity matches pods to identities across namespaces. To match only pods in the namespace containing AzureIdentity set this to true. | `false` |
| `forceNamespaced` | By default, AAD Pod Identity matches pods to identities across namespaces. To match only pods in the namespace containing AzureIdentity set this to true. | `false` |
| `installMICException` | When NMI runs on a node where MIC is running, then MIC token request call is also intercepted by NMI. MIC can't get a valid token to initialize and then assign the identity. Installing an exception for MIC would ensure all token requests for MIC pods directly go to IMDS and not go through the pod-identity validation | `true` |
| `adminsecret.cloud` | Azure cloud environment name | ` ` |
Expand All @@ -244,7 +244,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch
| `adminsecret.useMSI` | Set to `true` when using a user managed identity | ` ` |
| `adminsecret.userAssignedMSIClientID` | Azure user managed identity client ID | ` ` |
| `mic.image` | MIC image name | `mic` |
| `mic.tag` | MIC image tag | `v1.7.1` |
| `mic.tag` | MIC image tag | `v1.7.2` |
| `mic.priorityClassName` | MIC priority class (can only be set when deploying to kube-system namespace) | |
| `mic.logVerbosity` | Log level. Uses V logs (klog) | `0` |
| `mic.loggingFormat` | Log format. One of (text \| json) | `text` |
Expand All @@ -266,7 +266,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch
| `mic.updateUserMSIRetryInterval` | The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors | If not provided, default value is `1s` |
| `mic.identityAssignmentReconcileInterval` | The interval between reconciling identity assignment on Azure based on an existing list of AzureAssignedIdentities | If not provided, default value is `3m` |
| `nmi.image` | NMI image name | `nmi` |
| `nmi.tag` | NMI image tag | `v1.7.1` |
| `nmi.tag` | NMI image tag | `v1.7.2` |
| `nmi.priorityClassName` | NMI priority class (can only be set when deploying to kube-system namespace) | |
| `nmi.logVerbosity` | Log level. Uses V logs (klog) | `0` |
| `nmi.loggingFormat` | Log format. One of (text \| json) | `text` |
Expand Down
4 changes: 0 additions & 4 deletions charts/aad-pod-identity/templates/NOTES.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,4 @@ To verify that AAD Pod Identity has started in {{ .Values.operationMode }} mode,
kubectl --namespace={{ .Release.Namespace }} get pods -l "app.kubernetes.io/component=nmi"
{{ end }}

{{- if .Values.forceNameSpaced }}
forceNameSpaced configuration has been DEPRECATED and will be removed in a future release. Please use forceNamespaced instead.
{{- end }}

Now you can follow the demos to get familiar with AAD Pod Identity: https://azure.github.io/aad-pod-identity/docs/demo/
2 changes: 1 addition & 1 deletion charts/aad-pod-identity/templates/mic-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ spec:
fieldRef:
fieldPath: metadata.namespace
- name: FORCENAMESPACED
value: "{{ .Values.forceNameSpaced | default .Values.forceNamespaced }}"
value: "{{ .Values.forceNamespaced }}"
{{- if .Values.adminsecret }}
- name: CLOUD
valueFrom:
Expand Down
2 changes: 2 additions & 0 deletions charts/aad-pod-identity/templates/mic-exception.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
{{- if .Values.installMICException }}
{{- if eq .Values.operationMode "standard"}}
apiVersion: "aadpodidentity.k8s.io/v1"
kind: AzurePodIdentityException
metadata:
Expand All @@ -10,6 +11,7 @@ spec:
component: mic
app.kubernetes.io/component: mic
---
{{- end}}
apiVersion: "aadpodidentity.k8s.io/v1"
kind: AzurePodIdentityException
metadata:
Expand Down
6 changes: 5 additions & 1 deletion charts/aad-pod-identity/templates/nmi-daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ spec:
fieldPath: spec.nodeName
{{- if eq .Values.operationMode "standard" }}
- name: FORCENAMESPACED
value: "{{ .Values.forceNameSpaced | default .Values.forceNamespaced }}"
value: "{{ .Values.forceNamespaced }}"
{{- end }}
{{- if .Values.nmi.prometheusPort }}
ports:
Expand All @@ -128,8 +128,12 @@ spec:
securityContext:
runAsUser: 0
capabilities:
drop:
- ALL
add:
- DAC_READ_SEARCH
- NET_ADMIN
- NET_RAW
volumeMounts:
- mountPath: /run/xtables.lock
name: iptableslock
Expand Down
10 changes: 2 additions & 8 deletions charts/aad-pod-identity/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,6 @@ image:
# imagePullSecrets:
# - name: myRegistryKeySecretName

# https://github.com/Azure/aad-pod-identity#4-optional-match-pods-in-the-namespace
# By default, AAD Pod Identity matches pods to identities across namespaces.
# To match only pods in the namespace containing AzureIdentity set this to true.
# DEPRECATED - use 'forceNamespaced' instead.
forceNameSpaced: ""

# https://github.com/Azure/aad-pod-identity#4-optional-match-pods-in-the-namespace
# By default, AAD Pod Identity matches pods to identities across namespaces.
# To match only pods in the namespace containing AzureIdentity set this to true.
Expand Down Expand Up @@ -49,7 +43,7 @@ operationMode: "standard"

mic:
image: mic
tag: v1.7.1
tag: v1.7.2

priorityClassName: ""

Expand Down Expand Up @@ -145,7 +139,7 @@ mic:

nmi:
image: nmi
tag: v1.7.1
tag: v1.7.2

priorityClassName: ""

Expand Down
17 changes: 16 additions & 1 deletion charts/index.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,21 @@
apiVersion: v1
entries:
aad-pod-identity:
- apiVersion: v1
appVersion: 1.7.2
created: "2021-02-02T11:32:04.401348-08:00"
description: Deploy components for aad-pod-identity
digest: f56691eff8703d1204718b9ddc94ce922d83ca1fbe9245e66f33dc5d8e10015c
home: https://github.com/Azure/aad-pod-identity
maintainers:
- email: anish.ramasekar@gmail.com
name: aramase
name: aad-pod-identity
sources:
- https://github.com/Azure/aad-pod-identity
urls:
- https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-3.0.1.tgz
version: 3.0.1
- apiVersion: v1
appVersion: 1.7.1
created: "2020-12-15T14:48:11.083624-08:00"
Expand Down Expand Up @@ -166,4 +181,4 @@ entries:
urls:
- https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-1.5.2.tgz
version: 1.5.2
generated: "2020-12-15T14:48:11.082284-08:00"
generated: "2021-02-02T11:32:04.397377-08:00"
2 changes: 1 addition & 1 deletion deploy/demo/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ spec:
spec:
containers:
- name: demo
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.7.1"
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.7.2"
imagePullPolicy: Always
args:
- "--subscriptionid=SUBSCRIPTION_ID"
Expand Down
8 changes: 6 additions & 2 deletions deploy/infra/deployment-rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ spec:
path: /etc/default/kubelet
containers:
- name: nmi
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.7.1"
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.7.2"
imagePullPolicy: Always
args:
- "--node=$(NODE_NAME)"
Expand All @@ -149,8 +149,12 @@ spec:
securityContext:
runAsUser: 0
capabilities:
drop:
- ALL
add:
- DAC_READ_SEARCH
- NET_ADMIN
- NET_RAW
volumeMounts:
- mountPath: /run/xtables.lock
name: iptableslock
Expand Down Expand Up @@ -240,7 +244,7 @@ spec:
serviceAccountName: aad-pod-id-mic-service-account
containers:
- name: mic
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.7.1"
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.7.2"
imagePullPolicy: Always
args:
- "--cloudconfig=/etc/kubernetes/azure.json"
Expand Down
8 changes: 6 additions & 2 deletions deploy/infra/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ spec:
path: /etc/default/kubelet
containers:
- name: nmi
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.7.1"
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.7.2"
imagePullPolicy: Always
args:
- "--node=$(NODE_NAME)"
Expand All @@ -98,8 +98,12 @@ spec:
securityContext:
runAsUser: 0
capabilities:
drop:
- ALL
add:
- DAC_READ_SEARCH
- NET_ADMIN
- NET_RAW
resources:
limits:
cpu: 200m
Expand Down Expand Up @@ -141,7 +145,7 @@ spec:
spec:
containers:
- name: mic
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.7.1"
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.7.2"
imagePullPolicy: Always
args:
- "--kubeconfig=/etc/kubernetes/kubeconfig/kubeconfig"
Expand Down
6 changes: 5 additions & 1 deletion deploy/infra/managed-mode-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ spec:
path: /etc/default/kubelet
containers:
- name: nmi
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.7.1"
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.7.2"
imagePullPolicy: Always
args:
- "--node=$(NODE_NAME)"
Expand All @@ -136,8 +136,12 @@ spec:
securityContext:
runAsUser: 0
capabilities:
drop:
- ALL
add:
- DAC_READ_SEARCH
- NET_ADMIN
- NET_RAW
volumeMounts:
- mountPath: /run/xtables.lock
name: iptableslock
Expand Down
8 changes: 6 additions & 2 deletions deploy/infra/noazurejson/deployment-rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ spec:
path: /etc/default/kubelet
containers:
- name: nmi
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.7.1"
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.7.2"
imagePullPolicy: Always
args:
- "--node=$(NODE_NAME)"
Expand All @@ -147,8 +147,12 @@ spec:
securityContext:
runAsUser: 0
capabilities:
drop:
- ALL
add:
- DAC_READ_SEARCH
- NET_ADMIN
- NET_RAW
volumeMounts:
- mountPath: /run/xtables.lock
name: iptableslock
Expand Down Expand Up @@ -250,7 +254,7 @@ spec:
serviceAccountName: aad-pod-id-mic-service-account
containers:
- name: mic
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.7.1"
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.7.2"
imagePullPolicy: Always
args:
- "--logtostderr"
Expand Down
8 changes: 6 additions & 2 deletions deploy/infra/noazurejson/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ spec:
path: /etc/default/kubelet
containers:
- name: nmi
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.7.1"
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.7.2"
imagePullPolicy: Always
args:
- "--node=$(NODE_NAME)"
Expand All @@ -103,8 +103,12 @@ spec:
securityContext:
runAsUser: 0
capabilities:
drop:
- ALL
add:
- DAC_READ_SEARCH
- NET_ADMIN
- NET_RAW
volumeMounts:
- mountPath: /run/xtables.lock
name: iptableslock
Expand Down Expand Up @@ -153,7 +157,7 @@ spec:
spec:
containers:
- name: mic
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.7.1"
image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.7.2"
imagePullPolicy: Always
args:
- "--kubeconfig=/etc/kubernetes/kubeconfig/kubeconfig"
Expand Down
Loading

0 comments on commit d83ef21

Please sign in to comment.