Skip to content
This repository has been archived by the owner on Oct 12, 2023. It is now read-only.

Commit

Permalink
chore: update helm charts, docs for release 1.6.1 (#631)
Browse files Browse the repository at this point in the history 
* update helm charts, docs for release 1.6.1

* Review feedback
  • Loading branch information
@aramase
aramase committed May 22, 2020
1 parent 7ba781f commit 388ef37
Show file tree
Hide file tree
Showing 12 changed files with 85 additions and 22 deletions.
32 changes: 31 additions & 1 deletion CHANGELOG-1.6.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,34 @@
:warning: v1.6.0 contains breaking changes. Please carefully review this [doc](README.md#v160-breaking-change) before upgrade from 1.x.x versions of pod-identity.
:warning: v1.6.0+ contains breaking changes. Please carefully review this [doc](README.md#v160-breaking-change) before upgrade from 1.x.x versions of pod-identity.

# v1.6.1

### Features
- re-initialize MIC cloud client when cloud config is updated ([#590](https://github.com/Azure/aad-pod-identity/pull/590))
- add finalizer for assigned identity ([#593](https://github.com/Azure/aad-pod-identity/pull/593))
- make update user msi calls retriable ([#601](https://github.com/Azure/aad-pod-identity/pull/601))

### Bug Fixes
- Fix issue that caused failures with long pod name > 63 chars ([#545](https://github.com/Azure/aad-pod-identity/pull/545))
- Fix updating assigned identity when azure identity updated ([#559](https://github.com/Azure/aad-pod-identity/pull/559))

### Other Improvements
- Add linting tools in Makefile ([#551](https://github.com/Azure/aad-pod-identity/pull/551))
- Code clean up and enable linting tools in CI ([#597](https://github.com/Azure/aad-pod-identity/pull/597))
- change to 404 instead if no azure identity found ([#629](https://github.com/Azure/aad-pod-identity/pull/629))

### Documentation
- document required role assignments ([#592](https://github.com/Azure/aad-pod-identity/pull/592))
- add `--subscription` parameter to az cli commands ([#602](https://github.com/Azure/aad-pod-identity/pull/602))
- add mic pod exception to deployment ([#611](https://github.com/Azure/aad-pod-identity/pull/611))
- reduce ambiguity in demo and role assignment docs ([#620](https://github.com/Azure/aad-pod-identity/pull/620))
- add support information to readme ([#623](https://github.com/Azure/aad-pod-identity/pull/623))
- update docs for pod-identity exception ([#624](https://github.com/Azure/aad-pod-identity/pull/624))

### Helm

- make cloud config configurable in helm chart ([#598](https://github.com/Azure/aad-pod-identity/pull/598))
- Support multiple identities in helm chart ([#457](https://github.com/Azure/aad-pod-identity/pull/457))


# v1.6.0

Expand Down
Binary file added charts/aad-pod-identity-2.0.0.tgz
View file
Binary file not shown.
2 changes: 1 addition & 1 deletion charts/aad-pod-identity/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v1
description: Deploy components for aad-pod-identity
name: aad-pod-identity
version: 2.0.0
appVersion: 1.6.0
appVersion: 1.6.1
home: https://github.com/Azure/aad-pod-identity
sources:
- https://github.com/Azure/aad-pod-identity
Expand Down
6 changes: 4 additions & 2 deletions charts/aad-pod-identity/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch
| `adminsecret.clientID` | Azure service principal clientID | ` ` |
| `adminsecret.clientSecret` | Azure service principal clientSecret | ` ` |
| `mic.image` | MIC image name | `mic` |
| `mic.tag` | MIC image tag | `1.6.0` |
| `mic.tag` | MIC image tag | `1.6.1` |
| `mic.PriorityClassName` | MIC priority class (can only be set when deploying to kube-system namespace) | |
| `mic.logVerbosity` | Log level. Uses V logs (glog) | `0` |
| `mic.resources` | Resource limit for MIC | `{}` |
Expand All @@ -201,8 +201,10 @@ The following tables list the configurable parameters of the aad-pod-identity ch
| `mic.syncRetryDuration` | Override interval in seconds at which sync loop should periodically check for errors and reconcile | If not provided, default value is `3600s` |
| `mic.immutableUserMSIs` | List of user-defined identities that shouldn't be deleted from VM/VMSS. | If not provided, default value is empty |
| `mic.cloudConfig` | The cloud configuration used to authenticate with Azure | If not provided, default value is `/etc/kubernetes/azure.json` |
| `mic.updateUserMSIMaxRetry` | The maximum retry of UpdateUserMSI call in case of assignment errors | If not provided, default value is `2` |
| `mic.updateUserMSIRetryInterval` | The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors | If not provided, default value is `1s` |
| `nmi.image` | NMI image name | `nmi` |
| `nmi.tag` | NMI image tag | `1.6.0` |
| `nmi.tag` | NMI image tag | `1.6.1` |
| `nmi.PriorityClassName` | NMI priority class (can only be set when deploying to kube-system namespace) | |
| `nmi.resources` | Resource limit for NMI | `{}` |
| `nmi.podAnnotations` | Pod annotations for NMI | `{}` |
Expand Down
6 changes: 6 additions & 0 deletions charts/aad-pod-identity/templates/mic-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,12 @@ spec:
{{- if .Values.mic.prometheusPort }}
- --prometheus-port={{ .Values.mic.prometheusPort }}
{{- end }}
{{- if .Values.mic.updateUserMSIMaxRetry }}
- --update-user-msi-max-retry={{ .Values.mic.updateUserMSIMaxRetry }}
{{- end }}
{{- if .Values.mic.updateUserMSIRetryInterval }}
- --update-user-msi-retry-interval={{ .Values.mic.updateUserMSIRetryInterval }}
{{- end }}
env:
- name: MIC_POD_NAMESPACE
valueFrom:
Expand Down
14 changes: 12 additions & 2 deletions charts/aad-pod-identity/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ operationMode: "standard"

mic:
image: mic
tag: 1.6.0
tag: 1.6.1

priorityClassName: ""

Expand Down Expand Up @@ -101,9 +101,19 @@ mic:
# cloud configuration used to authenticate with Azure
cloudConfig: "/etc/kubernetes/azure.json"

# The maximum retry of UpdateUserMSI call. MIC updates all the identities in a batch. If a single identity contains an error
# or is invalid, then the entire operation fails. Configuring this flag will make MIC retry by removing the erroneous identities
# returned in the error
# Default value is 2.
updateUserMSIMaxRetry: ""

# The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors
# Default value is 1s
updateUserMSIRetryInterval: ""

nmi:
image: nmi
tag: 1.6.0
tag: 1.6.1

priorityClassName: ""

Expand Down
29 changes: 22 additions & 7 deletions charts/index.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,24 @@
apiVersion: v1
entries:
aad-pod-identity:
- apiVersion: v1
appVersion: 1.6.1
created: "2020-05-22T14:56:07.980088-07:00"
description: Deploy components for aad-pod-identity
digest: 2f1a2cdd4b89a93bca6e5e14cc4f701f6f9b774b51cbfdd5ca269c1be0c455af
home: https://github.com/Azure/aad-pod-identity
maintainers:
- email: anish.ramasekar@gmail.com
name: aramase
name: aad-pod-identity
sources:
- https://github.com/Azure/aad-pod-identity
urls:
- https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-2.0.0.tgz
version: 2.0.0
- apiVersion: v1
appVersion: 1.6.0
created: "2020-04-24T12:12:20.536485-07:00"
created: "2020-05-22T14:56:07.978819-07:00"
description: Deploy components for aad-pod-identity
digest: 7753d4ca3f27f2abcf7def0733c8b3543483266435a2fb3b038b254385a1ef19
home: https://github.com/Azure/aad-pod-identity
Expand All @@ -18,7 +33,7 @@ entries:
version: 1.6.0
- apiVersion: v1
appVersion: 1.5.5
created: "2020-04-24T12:12:20.535282-07:00"
created: "2020-05-22T14:56:07.972945-07:00"
description: Deploy components for aad-pod-identity
digest: 8cd12b380d1ae694d0c916409cd6747572f80e83bdbfec7ce806a496da37aa07
home: https://github.com/Azure/aad-pod-identity
Expand All @@ -33,7 +48,7 @@ entries:
version: 1.5.6
- apiVersion: v1
appVersion: 1.5.5
created: "2020-04-24T12:12:20.533483-07:00"
created: "2020-05-22T14:56:07.970997-07:00"
description: Deploy components for aad-pod-identity
digest: a35ceab66397ef58df6b60cb446445e68baaced1d7526690896dcfba21758abb
home: https://github.com/Azure/aad-pod-identity
Expand All @@ -48,7 +63,7 @@ entries:
version: 1.5.5
- apiVersion: v1
appVersion: 1.5.4
created: "2020-04-24T12:12:20.531964-07:00"
created: "2020-05-22T14:56:07.969295-07:00"
description: Deploy components for aad-pod-identity
digest: b04a1510d3bb0f9afb5e3f7a9ba9af313027615cbb6d480050b992423819e13f
home: https://github.com/Azure/aad-pod-identity
Expand All @@ -63,7 +78,7 @@ entries:
version: 1.5.4
- apiVersion: v1
appVersion: 1.5.3
created: "2020-04-24T12:12:20.530686-07:00"
created: "2020-05-22T14:56:07.94658-07:00"
description: Deploy components for aad-pod-identity
digest: 3dab91c7f115d23123f863eeea1c93a34640a42ac1e7052600020600fbfa55ad
home: https://github.com/Azure/aad-pod-identity
Expand All @@ -78,7 +93,7 @@ entries:
version: 1.5.3
- apiVersion: v1
appVersion: 1.5.2
created: "2020-04-24T12:12:20.529371-07:00"
created: "2020-05-22T14:56:07.943989-07:00"
description: Deploy components for aad-pod-identity
digest: 58a8ea212a1461f72ce17be5b767dac920d0f56803c026320a16c22de3ed365a
home: https://github.com/Azure/aad-pod-identity
Expand All @@ -91,4 +106,4 @@ entries:
urls:
- https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-1.5.2.tgz
version: 1.5.2
generated: "2020-04-24T12:12:20.526788-07:00"
generated: "2020-05-22T14:56:07.927709-07:00"
4 changes: 2 additions & 2 deletions deploy/infra/deployment-rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ spec:
name: iptableslock
containers:
- name: nmi
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.0"
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1"
imagePullPolicy: Always
args:
- "--host-ip=$(HOST_IP)"
Expand Down Expand Up @@ -233,7 +233,7 @@ spec:
serviceAccountName: aad-pod-id-mic-service-account
containers:
- name: mic
image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.0"
image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.1"
imagePullPolicy: Always
args:
- "--cloudconfig=/etc/kubernetes/azure.json"
Expand Down
4 changes: 2 additions & 2 deletions deploy/infra/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ spec:
name: iptableslock
containers:
- name: nmi
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.0"
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1"
imagePullPolicy: Always
args:
- "--host-ip=$(HOST_IP)"
Expand Down Expand Up @@ -134,7 +134,7 @@ spec:
spec:
containers:
- name: mic
image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.0"
image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.1"
imagePullPolicy: Always
args:
- "--kubeconfig=/etc/kubernetes/kubeconfig/kubeconfig"
Expand Down
2 changes: 1 addition & 1 deletion deploy/infra/managed-mode-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ spec:
name: iptableslock
containers:
- name: nmi
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.0"
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1"
imagePullPolicy: Always
args:
- "--host-ip=$(HOST_IP)"
Expand Down
4 changes: 2 additions & 2 deletions deploy/infra/noazurejson/deployment-rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ spec:
name: iptableslock
containers:
- name: nmi
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.0"
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1"
imagePullPolicy: Always
args:
- "--host-ip=$(HOST_IP)"
Expand Down Expand Up @@ -243,7 +243,7 @@ spec:
serviceAccountName: aad-pod-id-mic-service-account
containers:
- name: mic
image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.0"
image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.1"
imagePullPolicy: Always
args:
- "--logtostderr"
Expand Down
4 changes: 2 additions & 2 deletions deploy/infra/noazurejson/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ spec:
name: iptableslock
containers:
- name: nmi
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.0"
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1"
imagePullPolicy: Always
args:
- "--host-ip=$(HOST_IP)"
Expand Down Expand Up @@ -146,7 +146,7 @@ spec:
spec:
containers:
- name: mic
image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.0"
image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.1"
imagePullPolicy: Always
args:
- "--kubeconfig=/etc/kubernetes/kubeconfig/kubeconfig"
Expand Down

0 comments on commit 388ef37

Please sign in to comment.