From 388ef37c062f6dc618b6071d16cff8d2451a2dd3 Mon Sep 17 00:00:00 2001 From: Anish Ramasekar Date: Fri, 22 May 2020 16:09:08 -0700 Subject: [PATCH] chore: update helm charts, docs for release 1.6.1 (#631) * update helm charts, docs for release 1.6.1 * Review feedback --- CHANGELOG-1.6.md | 32 +++++++++++++++++- charts/aad-pod-identity-2.0.0.tgz | Bin 0 -> 10535 bytes charts/aad-pod-identity/Chart.yaml | 2 +- charts/aad-pod-identity/README.md | 6 ++-- .../templates/mic-deployment.yaml | 6 ++++ charts/aad-pod-identity/values.yaml | 14 ++++++-- charts/index.yaml | 29 ++++++++++++---- deploy/infra/deployment-rbac.yaml | 4 +-- deploy/infra/deployment.yaml | 4 +-- deploy/infra/managed-mode-deployment.yaml | 2 +- deploy/infra/noazurejson/deployment-rbac.yaml | 4 +-- deploy/infra/noazurejson/deployment.yaml | 4 +-- 12 files changed, 85 insertions(+), 22 deletions(-) create mode 100644 charts/aad-pod-identity-2.0.0.tgz diff --git a/CHANGELOG-1.6.md b/CHANGELOG-1.6.md index 9984bf3d6..9ac1ad3c3 100644 --- a/CHANGELOG-1.6.md +++ b/CHANGELOG-1.6.md @@ -1,4 +1,34 @@ -:warning: v1.6.0 contains breaking changes. Please carefully review this [doc](README.md#v160-breaking-change) before upgrade from 1.x.x versions of pod-identity. +:warning: v1.6.0+ contains breaking changes. Please carefully review this [doc](README.md#v160-breaking-change) before upgrade from 1.x.x versions of pod-identity. + +# v1.6.1 + +### Features +- re-initialize MIC cloud client when cloud config is updated ([#590](https://github.com/Azure/aad-pod-identity/pull/590)) +- add finalizer for assigned identity ([#593](https://github.com/Azure/aad-pod-identity/pull/593)) +- make update user msi calls retriable ([#601](https://github.com/Azure/aad-pod-identity/pull/601)) + +### Bug Fixes +- Fix issue that caused failures with long pod name > 63 chars ([#545](https://github.com/Azure/aad-pod-identity/pull/545)) +- Fix updating assigned identity when azure identity updated ([#559](https://github.com/Azure/aad-pod-identity/pull/559)) + +### Other Improvements +- Add linting tools in Makefile ([#551](https://github.com/Azure/aad-pod-identity/pull/551)) +- Code clean up and enable linting tools in CI ([#597](https://github.com/Azure/aad-pod-identity/pull/597)) +- change to 404 instead if no azure identity found ([#629](https://github.com/Azure/aad-pod-identity/pull/629)) + +### Documentation +- document required role assignments ([#592](https://github.com/Azure/aad-pod-identity/pull/592)) +- add `--subscription` parameter to az cli commands ([#602](https://github.com/Azure/aad-pod-identity/pull/602)) +- add mic pod exception to deployment ([#611](https://github.com/Azure/aad-pod-identity/pull/611)) +- reduce ambiguity in demo and role assignment docs ([#620](https://github.com/Azure/aad-pod-identity/pull/620)) +- add support information to readme ([#623](https://github.com/Azure/aad-pod-identity/pull/623)) +- update docs for pod-identity exception ([#624](https://github.com/Azure/aad-pod-identity/pull/624)) + +### Helm + +- make cloud config configurable in helm chart ([#598](https://github.com/Azure/aad-pod-identity/pull/598)) +- Support multiple identities in helm chart ([#457](https://github.com/Azure/aad-pod-identity/pull/457)) + # v1.6.0 diff --git a/charts/aad-pod-identity-2.0.0.tgz b/charts/aad-pod-identity-2.0.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..02666c98f017b00856d6521e26d7c3e6a132e4a6 GIT binary patch literal 10535 zcmV+?DcIH@iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDJavL}D;Ql>N(MRQ1krEF-Bw6m=D*TdtG| z&VVFVGlL0$q0Cr*ldF5Udy-$_YraX2BudT)QMDV312h`wMx)U{cO&GxG4);I<46!O z?;K4L6YV()gTJk-bi3W|!T!GbZ@1em|F^rp-~C%}@8Dp!yZ^j*(EVGtx4*Z0@HgnL z4TB{m;R3P0bsyYUd2oM_f@1O>GfrsKhgr`-ah(3yYag_Gj*q#=NG#M($2bn?96TDv zG{TYKFs2O3JmgGii2E=VBIf;0XF|j@8MQqcb`F0_817W+hloT1kq9&1cU-_BB0(Qe zMEJDLP>49bM(lr2%X`EV()o*{U3C@oAv(`Webk+7$t!KP59ac?M`tJww*1wni39#1A>1a zp1yI%l!ZtL?8BG@SXMa3UVs>e8Da#D0?a{B7-5JJ=hz1l2?}$XFc3J510*nSJ8Jp9 zongj^kNePSIpZVSMT>Vus;# za3rbEl1O&+Orj8}9|gU}5itB~g1G<>1%cv{fKz8n5*;%S$C6J*a|ykz8hI%CR=@-c zK$7{0Z@?fuDG?C_1>`pjDDqWT&K4lf$wZIc5~U4;hzk@1a_lGq{7LpjXrx$Kc639N zzy}=hgkg}l70~6*R$5cdtxp*CL@P|= zI-`J&Iw9f$vyM+a-eDN|A?BTnlf&cFlQxQDHyu+u^c|vydpbBeu|M~rC21>3xCMhT zBwS4fa2z9s1O|@TjCdGgMk0^ID5zcMAVFi~1091GBod{XmORED8PC-OjA;6L#|Qg>BaiwLH`)E1ChEUN@`x!CAcY4Plqq2W9D584 z-rjMLACgG_*@w?xoGk$G0-E@Jc%}XeIGPbgqYy_zt&7*H4o^m@{xUf3!>jxcKzv<` zVXZ6t%xDrThEz7zQvSOe83P5P4G)VYPht zGsQr|S;)DrY&-CkLWO;}Az~`mL8&$OP#~!%bl(C;C=z-c6}sq;>6pBL;DvSd$5P!( zGrf!JYXZEMlHzTQnPPSbrGSuw%Ck~C-B$<)J5jo-qVp7Swc>m#xgljhy}l(4oh>+& zyoG(kAAM+9IIU;U3Q>e6*l#)1B63RAPLWn}oRD~ZEBgBo63+n;Xkt}c2jmDTBVv9O zAkNQ}8Y#CLfGr5<1Ohz6K^xw2%;CNKg~RqFppzX3^?s@B?^7&A4U-sYW!R+42k;| zoXLp}&fgjs~;mQHAg^1f*x=bQ$HM!XLnevv<+@mNauxy3oa$j9tNLY4ANf!zYD0GQ8! z&37fJP~_pGG$X67vka!u~CLsO9tjavt-gB;@*smFvr-0;!1p%4ifJB&ch#8f78)c#Z z>Sgz3cSkK8I>P6ai5gI9!=ItRNN^hY9FTyUDeNlN>8oa(u9ha+K_2&tsz6tK1u z7v}eO9JABQf#z8~?uLxL?ATGsI4*8HC> zt+aN}6u0L8Y%$|qpVl$PNF)r812p07(BB#OVE4n*e&n>#5}{QQt#!Ttz%g3Qk!sY3RtF2OlZn<2lC|3Z z;WRRxNS!N0pGcU5z~m~By!kHnk+A%$^l`0nC+c^umEdWf@#R`Yps3uI8YBX#LS}1Y zZci9o>DY2{s_rS16GbAW{F)Pige)5|4C&?!V?+Yph9ff@a@SYK5=kYkE{5n@A2IYW zMsr{|q%&O;t3D%46Q09bp}??6Sfmw3TTvr-T;WT(zLWgqoT5)kc4SnO6PijW zD|`n=#%jEykmMAdC?w4loqOpl&wINYl_kI9#X?&<7UP46mG~PgK35j=BP+J~NGl-IKgqdV{xsr_7IXfN5 zag0f12`<-ib|i(Pi<85vlVf>|5JerJcd(;aSg`q_5IBql|B13Awek3C>;Lfba`5w6 zEdu*>{T~`2H3(?Yma@m9ZVhI2tn*yvP|PeB~iaL!4jbR2z>G}|SIJD9}pya!{| zqpNy!ZI9V@eCQctkU96uBfnq??kF=<;ozu$aR4;PO9}BO18~W{{rB$QyARm6A5n`6 zsCVt!BZ(VgfqW!TRaLQLcK}qIfoXDTT08}^DRxtJ#&D%TAq@LVv9*ofO}K+{I1y}*B3t0v6QQb*61k;5%KwqEGFbX}Od_1u z%nJR@wdy4YWGzufi{kQZnr$?Qt6!CM&-76~>gs;wghID3XZM-@qt}N^L$Y&AGE?2m ze%iQ`x6bjxUoP=GR##EhIG+CLs=qriqch@T#yh9!g}|w{5?P{l5{^^xoXu({J#Wh~ z8Eh={!EtVUnNcnM$&jjV{)BqMxTabwt)?|iZnP3j2NZA$5!Oe9k<=r+An`R(a;g!E zV?!^i8YzetRv%hE4r!~&{8a1TLq7?x6^h8QV|WXJO(Nt=^0z! zqNv}9NM*Fz+7Jh%Mr4MtdgASMYBpbFoX&Omt~IT*utFn(1U!TEjT%S)hvqcT;h9c} zhSI*!^Q9Z7xE6lBGlEi+5MyZl7kB@Qw@T1-zjxunMgLw-rI2_vl**wN60Zf@W=mMO zzS=v5ephxIg=BfRQAqCFZMGJ3{48aNd1NDbS@E=4Ai9>?=$i1gs$Pq;qGF!O^uNv1 zCb+f6T4;UWg4V}YO5TIL#zKaMA&t^Kmp4H;t*n8fI4+qWwCeErbNW1D@q9xqfb6#8 z^XC#DFB^r{Et(8L*UU+hg?y14>;h!X6`nhq7tyua;+HRudU(R89YyL@Gh_InT^{P! z-eZ5yWr_ahF@HVpz*fEg?Ctl;`rmGEqyIfgk?Vw^XoBIJ7>VgK_+~VhI!*rvX#Ye4 z%-cT)bObHQ44v;3JGA8b0=X8yu~o3p&E*%@b@SW6*B;=eEG`+L33`hSXIwCsoq*v4Tj=BYwnvOMh=m8I}p{F+35AKnly93pVY`%WfL7QoTM z!-YH~xs}J%PdD=Gmr6gF_4FmU?xkRzbM)PkF@~DErc`@UI+E_F^d{r;=kyTrO+h`< zR<3qt@Jd^2jmP#O<=!%_$LdGlz%4{1l0U;s3rwE+EFf+AlE^9}S=wFR?DYAwwTk-C z%08$!nCAEY(SmmFOA014R26{OpUWW9-`7H&AGNJ(1(A$J?2kaKJP*(7SS&NW6{gz` zF}3oQroHmLc!YWaC3cDY4~gfRcZ!S#`2L%~3i-d=>z3sIZg=m+=KcSZ6eIuTq1*~= zHbP$8+|j@`{x$tjcxjn?Xt@KWok2lBiI`GGep4+np<(unBh6SBG{8_`Msn1)_przgy7urKBAY90AH%NHX7Bql{ zXE+iiH1zu|2`5%?8i3JnokA3sKuxg1CxfWpNi+e8BR{63j9ea;0lo-i?e10WM~Qe_ z%U-`pxcLtR*AJ{X;c~_(UmH@nim4w!2@Tu-I=ZuO5f%+ua_8oJ_h%{1_kXLa++7V= zb^hyhOZR`fy%)RBH~arnlqcW+M_8a5CBPmT{!qFAPqbrzR0s5kjOqH&^Jt=O=I=d* z;yI}1`19q9BbVg`9?OANwW)zt zA>M~wCuaxJwl8@ccvCP*-QmtO8_q#yXlgJZJJtPK``i62WbHZ&StEQ(&rKw;i!K1U zvE?Ztd4~QQg~76>w~)svwXDUFJLWdOi$8rJGWX0<*D6j&svVji|_O8!|ufd`mghmg_3tDs80rp@eA8?W%xq%{->y z0y+_t3m-F9Zcw6i-dVT|$eopOSzNmom%9E6?zHXHUAEk{t1G(Je>8oYUO}k|z zW5-{FURrepehWZ80KsOsH9%`E7^MzsE3vXQS725Tuqk$_&rcPfsSvTNzPmAHqKw9Z zmQ6dZ_?T7^s8p$}{N*qjqhcLOYf!MCszRr>P17zbp2{^cDy`!t95XlML}KB>e<+Ed z^{llVU;{~5&ki}qn(BOH-xu-3!sbm;sCDwJVxp_1Q{#r{ldF8R$~ZNEcQ4cm-dn5j zQ@FX-e{3m|OCZ-^ilbS-(6?3$P6tOH&)*(@JUcu+xja8SI?2@m?Qr!IqhY`BGw8?A z#xha!mHj3v5)?)>P@+jlix){R($ z`6r&&j`|wU`*0*RjLN5bpODJPUcUSB^5|l4el>V|_HnR2v@Z)0bRG}?i<8T@?=Fr` zKK^|1_TBl~(7(us_IW()-=BWG`uBOm<9%eL1LVPOE#k_8x@Gui(tfE=)0z#o| zqUC)#l!a_ltjsX--$uba^$g8p)cl~QQM!J~UG0N6CIMcA)Y4O6bL2|X6_6Q@Fz4q| zyUov+)P{e?qDao)a-!Tr* zJoP*8^Pn0=~-sV{iYUeE-wk+xUMxNhxhGHL*p@_dZLW1LvLspVQRo zK7~|sGo)_Ojh#NGe*Ufm#c^hsu3U07ym{E%P_HN}*1z7<9@qb4w|h{I|NUZbcW<-) zpQ6;f|H&&e_j>-5UJ9E7${*@N*dltQg9{g)^B z;*H&9DNu23$ED!Kt9vYlKVH!FMKStuZO_F>$g4XpL{whTueNb4=x`S5=rJpM((#xV zba9miOkP6BG;s3j&TIhY1>GIhd);K+nOLArSj9NxEbGVyY+lxxS;!4L)DUYs-E60S z#ABE&e z{Qr6fz4H3+?r-8hJWW~gFzyMx`ig;wo^Y{8A$ba~zPzhgQ~$ozzGlCaA6RNC)dZfD zbFs2l6KJ#Aalz;7kv;6}PYoR3md{DUSIv*;EVl%|a)hw2v(Ge_|BvVY)!o~z_1tV#Z_*{kcT?geY|>Z%>X6M1#j_Pz1y+LTIJA^&}ZLmKgiT>-4{|LX2Nuetx* z_n;9NPl?``~6py-s;T&!K|+yJ3QRK>+5=SnN%*n8;>qK!=+g+X%UhE?&;)J z)AVaQdDXIW?VG5&X}GVGSAFBvPF_>W#TgbilwB8Is#V@aEqVOJlBn}ZXS8Vt)Vt2r z&|%AdA_0DD@~osEwP>)ZaB}Sy`<><4>F$1Ka*FEw&gAcp>UX9bE9CsSB>v%>?SH(z zy!tpe-)WVr$hGmqH``}#k5AMK`kf_@(KWsA<3_WjWfPYKHH#}V5mhlFv9Rt5)*r#; z*ehdpSI|vS&L=IZB6m7CI;(RPTi&v1-wP5BRngGy8pzai$CMd&B)^PQBarvS&t|-6 zgrGHPtirG!Xj2qdXE3TFE8AoVH5R+V+y{PBylWB>RS~VJRK{;5oTdmpz}IS3^QI`& zW+bkQ_fH>SmQOq&I{ zX0cdLC?)6oHOb+kQ{jhcu1|>+j@*QI%&x^dNHunS+qkm>+lPn8J8j3= z+JdV$|MU2w?>NKZ(4!Hj0d~HDDGowlIHpozt|lC}oilXP){~KN%si>1M`Bs_U6XiM z<*4GeALDLS>88?L;^;UhpJME()aHqZ6H!E69!2^}Tg^3lb9i|L$0z4+-v0aKxDTf^ zf=e7j?*Mwe{{D;p{&U#v_Wtgq=a{}tx!_!09bUb=?5C|A$3|$l>^ndF@ET^lPX1I?kl@i zt?%Oa?-BxcjxZaTle_z>IC5M{o&xv;g4@lK$%S7^5o6Q(be0F zM))eU_H32(AKlX5kf#?&L)6;nd2M+Ct)05_#mZjwu9L0f;%Sjq)PT`l6fbwPDyFiN3QZR>#VK`$BVWn zIHx`g?z3-_D7R&{9p`FFxZWi+aw-X|j>oGo8`B`5HxkvHS>U^3A|4nXsmH0-!|OPG zoH{I5HH_b&MJa!FlTPZqf$xADq~Qj)scMUYokjT9S2cOSQ_3jm#Apy;2HU5Dqa7G# zOe_08qdu;-+CDoS$f|Y?Yi9e|u*{`EOkm%+Do}?D9CJ;*DGp+o(*!)5p*X@fdKg(k z_U#Y0Tbl>7%1%D@c&+AxG;@{J9-C=1d!}k4QlzZYp)=VVzS#lF;6o*0`~Ca&@eBtv z?w~k!seW1KqR6+V1vgFO&v$l|ABw(!0wUy6i>c3nB~helD`$`8RZH_gRVj2^aL%wY z-g6=_cfPZWH1AuvTz}lj8s$2%v$1{n&&!?V08-U6la+R)9X+*&|Gb2gXhI^qOgvn3 z7pqD;`AqNM!3PP~6FGVmg|ehhM<9O9JA%@HcZ`bZns!nHMv0h8KJbvqQoUeO)nxob zN}$6%Y=vm zE-v>%1=OcEQ9zN;cO2(6TwsreA&#Wf*26IQe_z8;4ye65Y{P)_1nU#W(ZwuN`_60l`0?!R)k**3 zM;M52x!GWu-5q6hjzV1a8%DgsY$}0~%A2kk9s59{HvB{x$fcq(s1vRro*sStt^~0S zgRvH=DEd|`>-(9k_H7WTeO%%>VJH%+c9r$zh|Ho-<&&z~s_Y4G)vXa_El^%kQU&2t z90U&fEfeZS;JXueWwCMU?MCRm~QSu#{aPWf+EqZFi_d z_ONa%9_Ehrg2D)=V?Z2YsnXDKF73Aw0Ln`6OdY<(6o+<1B_9z82$xONx0$wG&QTaB zY;1Dx{7ejvpQSkwb1bc!D#g##mM3hf(dE}DkqTLHMifqE<3J{P1(@}`*| zxw=7ZD+_~@^AqnopzSt&cvT+;;k5(6OTi3Yl>!&M&NL7uVMFZA8KqO>ITlicurbY^ydR9fe{T&Rz4vu-3R` z0l7-%Kvun}8A@x)S~%rQdy?mKCm6WWtd@TEP-IR{$A@p$pih=QxH+|k(8vwQh#{sj z*9xlm8gl^%1ii))j2R8}o^m+=n`2H2ri3RbNOu*VsyJ_6!WfQ3Fo!9cVc>~31r+5+ z_Y4sDIHZLU6AoyGNPtHA?8%m@e5JYGlHgnv$2)m!>;_lv>lwtFhWbgKsxvHQZy9DB zlNSMnwVBCD7#tgETG+uQ&$Qt%;1oi1En73Q<=QJ{g{eHushwQ2$$||+J*UQcb01p2 zyOI5>ZhC-5X29uK)S>HLM6z8=R#30F)k;b1r;e|JdaKU?;vxs6c4Y*qVb(PKP-^uH zxNe-V2{x-z8wf%@O(C60MaC@AyiSqX5D@3oBWe>&X`vUhgrR%o`8C~^imdEMDyMe; z9L@6$8CE>15l|m()?5jbPiYePa`z2Ul%PPW5&=e%I7tlKWSolp9W^B*#HWrqEZAxA zm=6ow9ox0uk_!Pmv|;KuddKFquA~cKSR2wibp}xEMFGJXzJXKpAIdbRfw>oToI?oJ z&zcl?&;m&lzw zMuJG`u{~lKU6W|CVsLX9@5Vy#QO0)qWiKO$1Km#pEF@z`-o8KE6l zJ)%?B=H^M3n?8rqp2DeIZ>67%BVg%!mg7R#)GzM4>fia~;Aui|m-xD7rh}L~-{wml zUHgj>bPa_x&@8icOYS)>=X)qozwdmXdlpw2?f1$y+ibkLt{t)dYw?)%_xe%mZzDU{ z?~RFg#ei+K%Al=G&|z3ju8cCP=~r)hA!ysNsVo<8j2H^Bz>Hh|s~jJ)jX*CNE5^JPdBooZokSX-QagEm;Wb7Jf`^1JB^_@VM|;AvMOR zD_21a2RX@2JX7L%8?LBs05l5bx{WzNWx4l^$KI%umV`todo1t1eWRs)e-pdDJsZ`htpB6~wGiJfkp`AZ}e zL26}D#&_Arjj}`GNEr;3l`M}ZPwOdG(pKGI4ihSo7@Qtos_r8y)K61JlZiH;6^>8} zd2L0wg`s4v`|n(eT9xq43*g&+3#NT zR6l@TDYXQetOS#%mOy_^%j`qSEew0@gLdy>whT$F^Ky{78jzY=Hk=)JvMOwQDALxW zk=EpHrZ_T+pRw0pCnN0gITtw0%u0X03z3!O_Q3!wwE{YMkJ*UwWhP*FLnjd684lX; zj$;n*A)pfu+mnD!{({qg$8rn9?t1pE^jXUiaJOmxE(l0SL~2Oelt$$ihM&JY_} zS}w#bU35A=r+z*N>V{l*D(jC}2W;wRKD?WA*y3^v z1D%9EW^_h;>_00$7zDy$IHg=f^*Z@NYNd+yu+Updt>PW8pw_vqOhx1D`-D^SJ1(~{ zG}O800$WC{3dkjEYqO*pltyc-E<}Z;#3E|>=IL-#NoebTooV=klt$F*Jzt{cr5d~q z4Z8Hal~QXeM63dv1|-6qgKDnAg+9_q{|sdbwbaZ>V!iCXTzrB~sm14!r($~_*R3ks zTS_e(DjY}z+{6G!0&b?nn}UP|0j05Zn9^ZdiKjiLrr5jIPO^+q#*Jf~MCdxzN9mnkSa!}VG)8MrmPU=ROJw;RQQkq85w*p4k_HjQiG)cADvyF(a_{m$%)7w|Jj9j9oPP7CUbGn* zxG9YYxVwl>g|rkah?VMrg2D|VQtpkZdJ-j=x-2OYZ+oPk=4zUeXwpd{H~k|EA(EGv zJ9%PnD4Z+J)Jty2oF*k&dEI<=I@nw{-@E9ke&}_xNfp)Lx;dlP=DPXrWj)u;l3LBK zn$z?&q_Mc`1*Rn6rZg(+xn!v(UcAc%=7wBN%lfFbxxjqHUfJkdb*9EmDV19o9z5usR7$OUM$g5M+EQwT#4BE4@+oBkJi@$$ zh^i0ehIY$O!Sei@UT$U+TLzG78JkO%M=vX=we)^P1IRS^+QhVrE-<4c9AOnCOg1Ds zaG2B%1%)w5qkHEA*^&s3E=~@wPL5T2$iLtwx13rq>>aE!CM}|tjn%*4DaZY&b$EF> z`1$NFORiPa+F!M&rPNxTq`07EXiI&nTP&iHA>&5xP-PXho;RXaJ}=&K4c>-rk9-xY z_2S3FBXvTqOY@Wqki99YtS4xLq817QdUL2^o?lVzYF9odYdfKd1IZ!AEF_%UEM*gH zgD`V#E3EqQZR=2ly&cI*>e5q+$9$+06}wl*8&|eRbvt7M9PU(VKQkSwzB6=G=;RRw zpKzU-ag-kC(=aM3GRYHPd#@?PMk$!+;@<4(809mj*g&JGm`25h87&5(H%}G+l4T92 zW0f_J(L|ngr<6(tbew?>XPHY?M0olrBaIouunBx)eEMl3vWUd0whiR$F`t`oHYTxy zj!YBjYe`TMb=^Yz=Kufy{_he=Y$h3Mud5`G^%m6yo!ji2Tv;%yWY{7K+Q$p{lK z*hCX;8XCC;C}0@*bHJYn7ba!ZAkqujLmWQ?P9mMYK*t1*Xd2a<+8KfjEmNHcxItXU zxlX70SvrMsGeTJuQg!S_bG0*?Tm@4~uXV(qEYSSX#c?rG_QPjc{zhHdnI8Ms&Vc#X zE)^2W)hGY&p1Gdu%8LBY``v^6QvTQd7cVyXpP!`U6Fk>Rw~oo_XHq{eO4(ME1p00P z;~{^gq|-pRY=xM zYe4ZBdlKD=&UdnC8fLk4+a_$b9;7BfZ3aH|Jq{9vf`#+$0C0~=y)!kH`i|?m&LeX` z!@&I;`rm>6rC9D&@|P$5D-(aS?AJxDx=hrsg7s9w$8FCo3bgJvMCQQ{~Z7T|NqdGe24%R0RS3fn<)SQ literal 0 HcmV?d00001 diff --git a/charts/aad-pod-identity/Chart.yaml b/charts/aad-pod-identity/Chart.yaml index e750f46a6..687bd9dd8 100644 --- a/charts/aad-pod-identity/Chart.yaml +++ b/charts/aad-pod-identity/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: Deploy components for aad-pod-identity name: aad-pod-identity version: 2.0.0 -appVersion: 1.6.0 +appVersion: 1.6.1 home: https://github.com/Azure/aad-pod-identity sources: - https://github.com/Azure/aad-pod-identity diff --git a/charts/aad-pod-identity/README.md b/charts/aad-pod-identity/README.md index 17a2593a6..d95299cea 100755 --- a/charts/aad-pod-identity/README.md +++ b/charts/aad-pod-identity/README.md @@ -186,7 +186,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `adminsecret.clientID` | Azure service principal clientID | ` ` | | `adminsecret.clientSecret` | Azure service principal clientSecret | ` ` | | `mic.image` | MIC image name | `mic` | -| `mic.tag` | MIC image tag | `1.6.0` | +| `mic.tag` | MIC image tag | `1.6.1` | | `mic.PriorityClassName` | MIC priority class (can only be set when deploying to kube-system namespace) | | | `mic.logVerbosity` | Log level. Uses V logs (glog) | `0` | | `mic.resources` | Resource limit for MIC | `{}` | @@ -201,8 +201,10 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `mic.syncRetryDuration` | Override interval in seconds at which sync loop should periodically check for errors and reconcile | If not provided, default value is `3600s` | | `mic.immutableUserMSIs` | List of user-defined identities that shouldn't be deleted from VM/VMSS. | If not provided, default value is empty | | `mic.cloudConfig` | The cloud configuration used to authenticate with Azure | If not provided, default value is `/etc/kubernetes/azure.json` | +| `mic.updateUserMSIMaxRetry` | The maximum retry of UpdateUserMSI call in case of assignment errors | If not provided, default value is `2` | +| `mic.updateUserMSIRetryInterval` | The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors | If not provided, default value is `1s` | | `nmi.image` | NMI image name | `nmi` | -| `nmi.tag` | NMI image tag | `1.6.0` | +| `nmi.tag` | NMI image tag | `1.6.1` | | `nmi.PriorityClassName` | NMI priority class (can only be set when deploying to kube-system namespace) | | | `nmi.resources` | Resource limit for NMI | `{}` | | `nmi.podAnnotations` | Pod annotations for NMI | `{}` | diff --git a/charts/aad-pod-identity/templates/mic-deployment.yaml b/charts/aad-pod-identity/templates/mic-deployment.yaml index 567fb5aea..7f706520a 100644 --- a/charts/aad-pod-identity/templates/mic-deployment.yaml +++ b/charts/aad-pod-identity/templates/mic-deployment.yaml @@ -69,6 +69,12 @@ spec: {{- if .Values.mic.prometheusPort }} - --prometheus-port={{ .Values.mic.prometheusPort }} {{- end }} + {{- if .Values.mic.updateUserMSIMaxRetry }} + - --update-user-msi-max-retry={{ .Values.mic.updateUserMSIMaxRetry }} + {{- end }} + {{- if .Values.mic.updateUserMSIRetryInterval }} + - --update-user-msi-retry-interval={{ .Values.mic.updateUserMSIRetryInterval }} + {{- end }} env: - name: MIC_POD_NAMESPACE valueFrom: diff --git a/charts/aad-pod-identity/values.yaml b/charts/aad-pod-identity/values.yaml index 92c4aed5d..290aa7712 100644 --- a/charts/aad-pod-identity/values.yaml +++ b/charts/aad-pod-identity/values.yaml @@ -38,7 +38,7 @@ operationMode: "standard" mic: image: mic - tag: 1.6.0 + tag: 1.6.1 priorityClassName: "" @@ -101,9 +101,19 @@ mic: # cloud configuration used to authenticate with Azure cloudConfig: "/etc/kubernetes/azure.json" + # The maximum retry of UpdateUserMSI call. MIC updates all the identities in a batch. If a single identity contains an error + # or is invalid, then the entire operation fails. Configuring this flag will make MIC retry by removing the erroneous identities + # returned in the error + # Default value is 2. + updateUserMSIMaxRetry: "" + + # The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors + # Default value is 1s + updateUserMSIRetryInterval: "" + nmi: image: nmi - tag: 1.6.0 + tag: 1.6.1 priorityClassName: "" diff --git a/charts/index.yaml b/charts/index.yaml index 393c3581b..e9b8eb835 100644 --- a/charts/index.yaml +++ b/charts/index.yaml @@ -1,9 +1,24 @@ apiVersion: v1 entries: aad-pod-identity: + - apiVersion: v1 + appVersion: 1.6.1 + created: "2020-05-22T14:56:07.980088-07:00" + description: Deploy components for aad-pod-identity + digest: 2f1a2cdd4b89a93bca6e5e14cc4f701f6f9b774b51cbfdd5ca269c1be0c455af + home: https://github.com/Azure/aad-pod-identity + maintainers: + - email: anish.ramasekar@gmail.com + name: aramase + name: aad-pod-identity + sources: + - https://github.com/Azure/aad-pod-identity + urls: + - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-2.0.0.tgz + version: 2.0.0 - apiVersion: v1 appVersion: 1.6.0 - created: "2020-04-24T12:12:20.536485-07:00" + created: "2020-05-22T14:56:07.978819-07:00" description: Deploy components for aad-pod-identity digest: 7753d4ca3f27f2abcf7def0733c8b3543483266435a2fb3b038b254385a1ef19 home: https://github.com/Azure/aad-pod-identity @@ -18,7 +33,7 @@ entries: version: 1.6.0 - apiVersion: v1 appVersion: 1.5.5 - created: "2020-04-24T12:12:20.535282-07:00" + created: "2020-05-22T14:56:07.972945-07:00" description: Deploy components for aad-pod-identity digest: 8cd12b380d1ae694d0c916409cd6747572f80e83bdbfec7ce806a496da37aa07 home: https://github.com/Azure/aad-pod-identity @@ -33,7 +48,7 @@ entries: version: 1.5.6 - apiVersion: v1 appVersion: 1.5.5 - created: "2020-04-24T12:12:20.533483-07:00" + created: "2020-05-22T14:56:07.970997-07:00" description: Deploy components for aad-pod-identity digest: a35ceab66397ef58df6b60cb446445e68baaced1d7526690896dcfba21758abb home: https://github.com/Azure/aad-pod-identity @@ -48,7 +63,7 @@ entries: version: 1.5.5 - apiVersion: v1 appVersion: 1.5.4 - created: "2020-04-24T12:12:20.531964-07:00" + created: "2020-05-22T14:56:07.969295-07:00" description: Deploy components for aad-pod-identity digest: b04a1510d3bb0f9afb5e3f7a9ba9af313027615cbb6d480050b992423819e13f home: https://github.com/Azure/aad-pod-identity @@ -63,7 +78,7 @@ entries: version: 1.5.4 - apiVersion: v1 appVersion: 1.5.3 - created: "2020-04-24T12:12:20.530686-07:00" + created: "2020-05-22T14:56:07.94658-07:00" description: Deploy components for aad-pod-identity digest: 3dab91c7f115d23123f863eeea1c93a34640a42ac1e7052600020600fbfa55ad home: https://github.com/Azure/aad-pod-identity @@ -78,7 +93,7 @@ entries: version: 1.5.3 - apiVersion: v1 appVersion: 1.5.2 - created: "2020-04-24T12:12:20.529371-07:00" + created: "2020-05-22T14:56:07.943989-07:00" description: Deploy components for aad-pod-identity digest: 58a8ea212a1461f72ce17be5b767dac920d0f56803c026320a16c22de3ed365a home: https://github.com/Azure/aad-pod-identity @@ -91,4 +106,4 @@ entries: urls: - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-1.5.2.tgz version: 1.5.2 -generated: "2020-04-24T12:12:20.526788-07:00" +generated: "2020-05-22T14:56:07.927709-07:00" diff --git a/deploy/infra/deployment-rbac.yaml b/deploy/infra/deployment-rbac.yaml index 436e5abe0..6a875e7f4 100644 --- a/deploy/infra/deployment-rbac.yaml +++ b/deploy/infra/deployment-rbac.yaml @@ -121,7 +121,7 @@ spec: name: iptableslock containers: - name: nmi - image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.0" + image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1" imagePullPolicy: Always args: - "--host-ip=$(HOST_IP)" @@ -233,7 +233,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.0" + image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.1" imagePullPolicy: Always args: - "--cloudconfig=/etc/kubernetes/azure.json" diff --git a/deploy/infra/deployment.yaml b/deploy/infra/deployment.yaml index 1097e333e..36c2f1190 100644 --- a/deploy/infra/deployment.yaml +++ b/deploy/infra/deployment.yaml @@ -77,7 +77,7 @@ spec: name: iptableslock containers: - name: nmi - image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.0" + image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1" imagePullPolicy: Always args: - "--host-ip=$(HOST_IP)" @@ -134,7 +134,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.0" + image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.1" imagePullPolicy: Always args: - "--kubeconfig=/etc/kubernetes/kubeconfig/kubeconfig" diff --git a/deploy/infra/managed-mode-deployment.yaml b/deploy/infra/managed-mode-deployment.yaml index a961f3477..966c83c3e 100644 --- a/deploy/infra/managed-mode-deployment.yaml +++ b/deploy/infra/managed-mode-deployment.yaml @@ -106,7 +106,7 @@ spec: name: iptableslock containers: - name: nmi - image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.0" + image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1" imagePullPolicy: Always args: - "--host-ip=$(HOST_IP)" diff --git a/deploy/infra/noazurejson/deployment-rbac.yaml b/deploy/infra/noazurejson/deployment-rbac.yaml index 686063868..64d6d2853 100644 --- a/deploy/infra/noazurejson/deployment-rbac.yaml +++ b/deploy/infra/noazurejson/deployment-rbac.yaml @@ -119,7 +119,7 @@ spec: name: iptableslock containers: - name: nmi - image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.0" + image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1" imagePullPolicy: Always args: - "--host-ip=$(HOST_IP)" @@ -243,7 +243,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.0" + image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.1" imagePullPolicy: Always args: - "--logtostderr" diff --git a/deploy/infra/noazurejson/deployment.yaml b/deploy/infra/noazurejson/deployment.yaml index 7c1e24db2..45f8313d9 100644 --- a/deploy/infra/noazurejson/deployment.yaml +++ b/deploy/infra/noazurejson/deployment.yaml @@ -75,7 +75,7 @@ spec: name: iptableslock containers: - name: nmi - image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.0" + image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1" imagePullPolicy: Always args: - "--host-ip=$(HOST_IP)" @@ -146,7 +146,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.0" + image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.1" imagePullPolicy: Always args: - "--kubeconfig=/etc/kubernetes/kubeconfig/kubeconfig"