diff --git a/charts/aad-pod-identity-4.1.15.tgz b/charts/aad-pod-identity-4.1.15.tgz new file mode 100644 index 000000000..0adbaf81e Binary files /dev/null and b/charts/aad-pod-identity-4.1.15.tgz differ diff --git a/charts/aad-pod-identity/Chart.yaml b/charts/aad-pod-identity/Chart.yaml index 8fc7f96a6..42b8dc60b 100644 --- a/charts/aad-pod-identity/Chart.yaml +++ b/charts/aad-pod-identity/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: Deploy components for aad-pod-identity name: aad-pod-identity -version: 4.1.14 -appVersion: 1.8.13 +version: 4.1.15 +appVersion: 1.8.14 home: https://github.com/Azure/aad-pod-identity sources: - https://github.com/Azure/aad-pod-identity diff --git a/charts/aad-pod-identity/README.md b/charts/aad-pod-identity/README.md index a16e7de14..c8138ac04 100755 --- a/charts/aad-pod-identity/README.md +++ b/charts/aad-pod-identity/README.md @@ -52,7 +52,7 @@ The following steps will help you create a new Azure identity ([Managed Service ### Prerequisites * [Azure Subscription](https://azure.microsoft.com/) -* [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/services/kubernetes-service/) or [AKS Engine](https://github.com/Azure/aks-engine) deployment +* [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/services/kubernetes-service/) deployment * [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (authenticated to your Kubernetes cluster) * [Helm 3](https://v3.helm.sh/) * [Azure CLI 2.0](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) @@ -252,7 +252,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `adminsecret.useMSI` | Set to `true` when using a user managed identity | ` ` | | `adminsecret.userAssignedMSIClientID` | Azure user managed identity client ID | ` ` | | `mic.image` | MIC image name | `mic` | -| `mic.tag` | MIC image tag | `v1.8.13` | +| `mic.tag` | MIC image tag | `v1.8.14` | | `mic.priorityClassName` | MIC priority class (can only be set when deploying to kube-system namespace) | | | `mic.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `mic.loggingFormat` | Log format. One of (text \| json) | `text` | @@ -278,7 +278,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `mic.updateUserMSIRetryInterval` | The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors | If not provided, default value is `1s` | | `mic.identityAssignmentReconcileInterval` | The interval between reconciling identity assignment on Azure based on an existing list of AzureAssignedIdentities | If not provided, default value is `3m` | | `nmi.image` | NMI image name | `nmi` | -| `nmi.tag` | NMI image tag | `v1.8.13` | +| `nmi.tag` | NMI image tag | `v1.8.14` | | `nmi.priorityClassName` | NMI priority class (can only be set when deploying to kube-system namespace) | | | `nmi.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `nmi.loggingFormat` | Log format. One of (text \| json) | `text` | @@ -286,7 +286,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `nmi.podAnnotations` | Pod annotations for NMI | `{}` | | `nmi.podLabels` | Pod labels for NMI | `{}` | | `nmi.affinity` | Affinity settings | `{}` | -| `nmi.tolerations` | List of node taints to tolerate | `[]` | +| `nmi.tolerations` | List of node taints to tolerate | `[{"operator": "Exists"}]` | | `nmi.ipTableUpdateTimeIntervalInSeconds` | Override iptables update interval in seconds | `60` | | `nmi.micNamespace` | Override mic namespace to short circuit MIC token requests | If not provided, default is `default` namespace | | `nmi.probePort` | Override http liveliness probe port | If not provided, default is `8085` | diff --git a/charts/aad-pod-identity/values.yaml b/charts/aad-pod-identity/values.yaml index 58821b4d4..a6b608357 100644 --- a/charts/aad-pod-identity/values.yaml +++ b/charts/aad-pod-identity/values.yaml @@ -43,7 +43,7 @@ operationMode: "standard" mic: image: mic - tag: v1.8.13 + tag: v1.8.14 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" @@ -163,7 +163,7 @@ mic: nmi: image: nmi - tag: v1.8.13 + tag: v1.8.14 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" @@ -194,9 +194,10 @@ nmi: nodeSelector: kubernetes.io/os: linux - tolerations: [] - # - key: "CriticalAddonsOnly" - # operator: "Exists" + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + ## An empty key with operator Exists matches all keys, values and effects which means this will tolerate everything. + tolerations: + - operator: "Exists" # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity affinity: {} diff --git a/charts/index.yaml b/charts/index.yaml index 80f2f5bb7..907f14ad7 100644 --- a/charts/index.yaml +++ b/charts/index.yaml @@ -1,6 +1,21 @@ apiVersion: v1 entries: aad-pod-identity: + - apiVersion: v2 + appVersion: 1.8.14 + created: "2022-12-08T22:25:24.92663713Z" + description: Deploy components for aad-pod-identity + digest: 6227d3661a5ef5d7f79d0a6317334936f78d164a2a47d0c5269d9599c60a5688 + home: https://github.com/Azure/aad-pod-identity + maintainers: + - email: anish.ramasekar@gmail.com + name: aramase + name: aad-pod-identity + sources: + - https://github.com/Azure/aad-pod-identity + urls: + - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-4.1.15.tgz + version: 4.1.15 - apiVersion: v2 appVersion: 1.8.13 created: "2022-10-12T17:16:18.073622064Z" @@ -451,4 +466,4 @@ entries: urls: - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-1.5.2.tgz version: 1.5.2 -generated: "2022-10-12T17:16:18.06692047Z" +generated: "2022-12-08T22:25:24.925460108Z" diff --git a/deploy/demo/deployment.yaml b/deploy/demo/deployment.yaml index da03477ff..e9dc16575 100644 --- a/deploy/demo/deployment.yaml +++ b/deploy/demo/deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: demo - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.14" args: - "--subscription-id=SUBSCRIPTION_ID" - "--identity-client-id=CLIENT_ID" diff --git a/deploy/infra/deployment-rbac.yaml b/deploy/infra/deployment-rbac.yaml index a0e3cbc4c..7f0c0be6d 100644 --- a/deploy/infra/deployment-rbac.yaml +++ b/deploy/infra/deployment-rbac.yaml @@ -475,7 +475,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -518,6 +518,8 @@ spec: port: 8085 initialDelaySeconds: 10 periodSeconds: 5 + tolerations: + - operator: Exists nodeSelector: kubernetes.io/os: linux --- @@ -595,7 +597,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.14" args: - "--cloudconfig=/etc/kubernetes/azure.json" - "--logtostderr" diff --git a/deploy/infra/deployment.yaml b/deploy/infra/deployment.yaml index 2a9e9e700..9090e99dc 100644 --- a/deploy/infra/deployment.yaml +++ b/deploy/infra/deployment.yaml @@ -431,7 +431,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -474,6 +474,8 @@ spec: port: 8085 initialDelaySeconds: 10 periodSeconds: 5 + tolerations: + - operator: Exists nodeSelector: kubernetes.io/os: linux --- @@ -496,7 +498,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.14" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--cloudconfig=/etc/kubernetes/azure.json" diff --git a/deploy/infra/managed-mode-deployment.yaml b/deploy/infra/managed-mode-deployment.yaml index f07facf7b..bdecf2945 100644 --- a/deploy/infra/managed-mode-deployment.yaml +++ b/deploy/infra/managed-mode-deployment.yaml @@ -306,7 +306,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--operation-mode=managed" @@ -351,5 +351,7 @@ spec: port: 8085 initialDelaySeconds: 10 periodSeconds: 5 + tolerations: + - operator: Exists nodeSelector: kubernetes.io/os: linux diff --git a/deploy/infra/noazurejson/deployment-rbac.yaml b/deploy/infra/noazurejson/deployment-rbac.yaml index d4f6466ea..f64ad125e 100644 --- a/deploy/infra/noazurejson/deployment-rbac.yaml +++ b/deploy/infra/noazurejson/deployment-rbac.yaml @@ -473,7 +473,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -516,6 +516,8 @@ spec: port: 8085 initialDelaySeconds: 10 periodSeconds: 5 + tolerations: + - operator: Exists nodeSelector: kubernetes.io/os: linux --- @@ -605,7 +607,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.14" args: - "--logtostderr" securityContext: diff --git a/deploy/infra/noazurejson/deployment.yaml b/deploy/infra/noazurejson/deployment.yaml index 732542e79..149407335 100644 --- a/deploy/infra/noazurejson/deployment.yaml +++ b/deploy/infra/noazurejson/deployment.yaml @@ -429,7 +429,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -472,6 +472,8 @@ spec: port: 8085 initialDelaySeconds: 10 periodSeconds: 5 + tolerations: + - operator: Exists nodeSelector: kubernetes.io/os: linux --- @@ -508,7 +510,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.14" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--logtostderr" diff --git a/manifest_staging/charts/aad-pod-identity/Chart.yaml b/manifest_staging/charts/aad-pod-identity/Chart.yaml index 8fc7f96a6..42b8dc60b 100644 --- a/manifest_staging/charts/aad-pod-identity/Chart.yaml +++ b/manifest_staging/charts/aad-pod-identity/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: Deploy components for aad-pod-identity name: aad-pod-identity -version: 4.1.14 -appVersion: 1.8.13 +version: 4.1.15 +appVersion: 1.8.14 home: https://github.com/Azure/aad-pod-identity sources: - https://github.com/Azure/aad-pod-identity diff --git a/manifest_staging/charts/aad-pod-identity/README.md b/manifest_staging/charts/aad-pod-identity/README.md index 038aee88d..c8138ac04 100755 --- a/manifest_staging/charts/aad-pod-identity/README.md +++ b/manifest_staging/charts/aad-pod-identity/README.md @@ -252,7 +252,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `adminsecret.useMSI` | Set to `true` when using a user managed identity | ` ` | | `adminsecret.userAssignedMSIClientID` | Azure user managed identity client ID | ` ` | | `mic.image` | MIC image name | `mic` | -| `mic.tag` | MIC image tag | `v1.8.13` | +| `mic.tag` | MIC image tag | `v1.8.14` | | `mic.priorityClassName` | MIC priority class (can only be set when deploying to kube-system namespace) | | | `mic.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `mic.loggingFormat` | Log format. One of (text \| json) | `text` | @@ -278,7 +278,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `mic.updateUserMSIRetryInterval` | The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors | If not provided, default value is `1s` | | `mic.identityAssignmentReconcileInterval` | The interval between reconciling identity assignment on Azure based on an existing list of AzureAssignedIdentities | If not provided, default value is `3m` | | `nmi.image` | NMI image name | `nmi` | -| `nmi.tag` | NMI image tag | `v1.8.13` | +| `nmi.tag` | NMI image tag | `v1.8.14` | | `nmi.priorityClassName` | NMI priority class (can only be set when deploying to kube-system namespace) | | | `nmi.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `nmi.loggingFormat` | Log format. One of (text \| json) | `text` | diff --git a/manifest_staging/charts/aad-pod-identity/values.yaml b/manifest_staging/charts/aad-pod-identity/values.yaml index 09a9f5303..a6b608357 100644 --- a/manifest_staging/charts/aad-pod-identity/values.yaml +++ b/manifest_staging/charts/aad-pod-identity/values.yaml @@ -43,7 +43,7 @@ operationMode: "standard" mic: image: mic - tag: v1.8.13 + tag: v1.8.14 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" @@ -163,7 +163,7 @@ mic: nmi: image: nmi - tag: v1.8.13 + tag: v1.8.14 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" diff --git a/manifest_staging/deploy/demo/deployment.yaml b/manifest_staging/deploy/demo/deployment.yaml index da03477ff..e9dc16575 100644 --- a/manifest_staging/deploy/demo/deployment.yaml +++ b/manifest_staging/deploy/demo/deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: demo - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.14" args: - "--subscription-id=SUBSCRIPTION_ID" - "--identity-client-id=CLIENT_ID" diff --git a/manifest_staging/deploy/infra/deployment-rbac.yaml b/manifest_staging/deploy/infra/deployment-rbac.yaml index 11cc81ac5..7f0c0be6d 100644 --- a/manifest_staging/deploy/infra/deployment-rbac.yaml +++ b/manifest_staging/deploy/infra/deployment-rbac.yaml @@ -475,7 +475,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -597,7 +597,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.14" args: - "--cloudconfig=/etc/kubernetes/azure.json" - "--logtostderr" diff --git a/manifest_staging/deploy/infra/deployment.yaml b/manifest_staging/deploy/infra/deployment.yaml index 69a7c47c4..9090e99dc 100644 --- a/manifest_staging/deploy/infra/deployment.yaml +++ b/manifest_staging/deploy/infra/deployment.yaml @@ -431,7 +431,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -498,7 +498,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.14" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--cloudconfig=/etc/kubernetes/azure.json" diff --git a/manifest_staging/deploy/infra/managed-mode-deployment.yaml b/manifest_staging/deploy/infra/managed-mode-deployment.yaml index 818f95a72..bdecf2945 100644 --- a/manifest_staging/deploy/infra/managed-mode-deployment.yaml +++ b/manifest_staging/deploy/infra/managed-mode-deployment.yaml @@ -306,7 +306,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--operation-mode=managed" diff --git a/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml b/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml index af13bc492..f64ad125e 100644 --- a/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml +++ b/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml @@ -473,7 +473,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -607,7 +607,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.14" args: - "--logtostderr" securityContext: diff --git a/manifest_staging/deploy/infra/noazurejson/deployment.yaml b/manifest_staging/deploy/infra/noazurejson/deployment.yaml index 0d1a0d02e..149407335 100644 --- a/manifest_staging/deploy/infra/noazurejson/deployment.yaml +++ b/manifest_staging/deploy/infra/noazurejson/deployment.yaml @@ -429,7 +429,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -510,7 +510,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.14" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--logtostderr" diff --git a/test/e2e/framework/config.go b/test/e2e/framework/config.go index 53a64fff5..c9182b800 100644 --- a/test/e2e/framework/config.go +++ b/test/e2e/framework/config.go @@ -22,10 +22,10 @@ type Config struct { KeyvaultName string `envconfig:"KEYVAULT_NAME"` KeyvaultSecretName string `envconfig:"KEYVAULT_SECRET_NAME"` KeyvaultSecretVersion string `envconfig:"KEYVAULT_SECRET_VERSION"` - MICVersion string `envconfig:"MIC_VERSION" default:"v1.8.13"` - NMIVersion string `envconfig:"NMI_VERSION" default:"v1.8.13"` + MICVersion string `envconfig:"MIC_VERSION" default:"v1.8.14"` + NMIVersion string `envconfig:"NMI_VERSION" default:"v1.8.14"` Registry string `envconfig:"REGISTRY" default:"mcr.microsoft.com/oss/azure/aad-pod-identity"` - IdentityValidatorVersion string `envconfig:"IDENTITY_VALIDATOR_VERSION" default:"v1.8.13"` + IdentityValidatorVersion string `envconfig:"IDENTITY_VALIDATOR_VERSION" default:"v1.8.14"` EnableScaleFeatures bool `envconfig:"ENABLE_SCALE_FEATURES" default:"true"` ImmutableUserMSIs string `envconfig:"IMMUTABLE_IDENTITY_CLIENT_ID"` NMIMode string `envconfig:"NMI_MODE" default:"standard"` diff --git a/website/content/en/changelog/_index.md b/website/content/en/changelog/_index.md index 92c7f4d4c..dfd227301 100644 --- a/website/content/en/changelog/_index.md +++ b/website/content/en/changelog/_index.md @@ -7,6 +7,40 @@ menu: weight: 10 --- +## v1.8.14 + +### Continuous Integration + +- ci: exclude .github path and README.md in tests ([#1343](https://github.com/Azure/aad-pod-identity/pull/1343)) +- ci: remove aks-engine soak clusters from pr and nightly ([#1346](https://github.com/Azure/aad-pod-identity/pull/1346)) + +### Documentation + +- docs: add deprecation notice to readme ([#1345](https://github.com/Azure/aad-pod-identity/pull/1345)) +- Link to full description of Standard and Managed modes ([#1348](https://github.com/Azure/aad-pod-identity/pull/1348)) +- docs: add an anchor for deprecation announcement ([#1353](https://github.com/Azure/aad-pod-identity/pull/1353)) + +### Maintenance + +- chore: add dependabot.yml ([#1331](https://github.com/Azure/aad-pod-identity/pull/1331)) +- chore: bump actions/stale from 4 to 6 ([#1332](https://github.com/Azure/aad-pod-identity/pull/1332)) +- chore: bump actions/setup-go from 2 to 3 ([#1333](https://github.com/Azure/aad-pod-identity/pull/1333)) +- chore: bump codecov/codecov-action from 2 to 3 ([#1334](https://github.com/Azure/aad-pod-identity/pull/1334)) +- chore: bump actions/checkout from 2 to 3 ([#1335](https://github.com/Azure/aad-pod-identity/pull/1335)) +- chore: bump postcss-cli from 7.1.2 to 10.0.0 in /website ([#1336](https://github.com/Azure/aad-pod-identity/pull/1336)) +- chore: bump autoprefixer from 9.8.6 to 10.4.13 in /website ([#1351](https://github.com/Azure/aad-pod-identity/pull/1351)) +- chore: bump k8s.io/client-go from 0.23.0 to 0.23.14 ([#1359](https://github.com/Azure/aad-pod-identity/pull/1359)) +- chore: bump github.com/Azure/go-autorest/autorest from 0.11.23 to 0.11.28 ([#1363](https://github.com/Azure/aad-pod-identity/pull/1363)) +- chore: bump github.com/stretchr/testify from 1.8.0 to 1.8.1 ([#1364](https://github.com/Azure/aad-pod-identity/pull/1364)) +- chore: bump postcss-cli from 10.0.0 to 10.1.0 in /website ([#1365](https://github.com/Azure/aad-pod-identity/pull/1365)) +- chore: bump github.com/Azure/go-autorest/autorest/adal from 0.9.18 to 0.9.21 ([#1367](https://github.com/Azure/aad-pod-identity/pull/1367)) +- chore: bump k8s.io/component-base from 0.23.0 to 0.23.14 ([#1368](https://github.com/Azure/aad-pod-identity/pull/1368)) +- chore: bump github.com/Azure/azure-sdk-for-go from 57.2.0+incompatible to 67.1.0+incompatible ([#1369](https://github.com/Azure/aad-pod-identity/pull/1369)) + +### Security Fix + +- security: fix CVE-2022-32149 ([#1330](https://github.com/Azure/aad-pod-identity/pull/1330)) + ## v1.8.13 ### Bug Fixes diff --git a/website/content/en/docs/Demo/standard_walkthrough.md b/website/content/en/docs/Demo/standard_walkthrough.md index 7047ee2a2..c4fe2c8c1 100644 --- a/website/content/en/docs/Demo/standard_walkthrough.md +++ b/website/content/en/docs/Demo/standard_walkthrough.md @@ -124,7 +124,7 @@ metadata: spec: containers: - name: demo - image: mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.13 + image: mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.14 args: - --subscription-id=${SUBSCRIPTION_ID} - --resource-group=${IDENTITY_RESOURCE_GROUP} @@ -175,4 +175,4 @@ iptables -t nat -F aad-metadata # remove the custom chain iptables -t nat -X aad-metadata -``` \ No newline at end of file +``` diff --git a/website/content/en/docs/Getting started/installation.md b/website/content/en/docs/Getting started/installation.md index a8eb6f143..8dbf18ba7 100644 --- a/website/content/en/docs/Getting started/installation.md +++ b/website/content/en/docs/Getting started/installation.md @@ -11,7 +11,7 @@ description: > To install/upgrade AAD Pod Identity on RBAC-enabled clusters: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.13/deploy/infra/deployment-rbac.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.14/deploy/infra/deployment-rbac.yaml ```
@@ -37,7 +37,7 @@ deployment.apps/mic created To install/upgrade aad-pod-identity on RBAC-disabled clusters: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.13/deploy/infra/deployment.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.14/deploy/infra/deployment.yaml ```
@@ -57,7 +57,7 @@ deployment.apps/mic created For AKS clusters, you will have to allow MIC and AKS add-ons to access IMDS without being intercepted by NMI: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.13/deploy/infra/mic-exception.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.14/deploy/infra/mic-exception.yaml ``` {{% alert title="Warning" color="warning" %}}