diff --git a/charts/aad-pod-identity-4.1.9.tgz b/charts/aad-pod-identity-4.1.9.tgz new file mode 100644 index 000000000..51c637472 Binary files /dev/null and b/charts/aad-pod-identity-4.1.9.tgz differ diff --git a/charts/aad-pod-identity/Chart.yaml b/charts/aad-pod-identity/Chart.yaml index 5ee6b0ec4..89d658d25 100644 --- a/charts/aad-pod-identity/Chart.yaml +++ b/charts/aad-pod-identity/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: Deploy components for aad-pod-identity name: aad-pod-identity -version: 4.1.8 -appVersion: 1.8.7 +version: 4.1.9 +appVersion: 1.8.8 home: https://github.com/Azure/aad-pod-identity sources: - https://github.com/Azure/aad-pod-identity diff --git a/charts/aad-pod-identity/README.md b/charts/aad-pod-identity/README.md index 73881c736..a320953e1 100755 --- a/charts/aad-pod-identity/README.md +++ b/charts/aad-pod-identity/README.md @@ -259,7 +259,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `adminsecret.useMSI` | Set to `true` when using a user managed identity | ` ` | | `adminsecret.userAssignedMSIClientID` | Azure user managed identity client ID | ` ` | | `mic.image` | MIC image name | `mic` | -| `mic.tag` | MIC image tag | `v1.8.7` | +| `mic.tag` | MIC image tag | `v1.8.8` | | `mic.priorityClassName` | MIC priority class (can only be set when deploying to kube-system namespace) | | | `mic.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `mic.loggingFormat` | Log format. One of (text \| json) | `text` | @@ -285,7 +285,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `mic.updateUserMSIRetryInterval` | The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors | If not provided, default value is `1s` | | `mic.identityAssignmentReconcileInterval` | The interval between reconciling identity assignment on Azure based on an existing list of AzureAssignedIdentities | If not provided, default value is `3m` | | `nmi.image` | NMI image name | `nmi` | -| `nmi.tag` | NMI image tag | `v1.8.7` | +| `nmi.tag` | NMI image tag | `v1.8.8` | | `nmi.priorityClassName` | NMI priority class (can only be set when deploying to kube-system namespace) | | | `nmi.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `nmi.loggingFormat` | Log format. One of (text \| json) | `text` | diff --git a/charts/aad-pod-identity/templates/mic-pod-disruption-budget.yaml b/charts/aad-pod-identity/templates/mic-pod-disruption-budget.yaml index bde0d68e4..9d7a16b9d 100644 --- a/charts/aad-pod-identity/templates/mic-pod-disruption-budget.yaml +++ b/charts/aad-pod-identity/templates/mic-pod-disruption-budget.yaml @@ -1,5 +1,9 @@ {{- if .Values.mic.podDisruptionBudget }} +{{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.Version }} +apiVersion: policy/v1 +{{- else }} apiVersion: policy/v1beta1 +{{- end }} kind: PodDisruptionBudget metadata: name: mic-pdb diff --git a/charts/aad-pod-identity/values.yaml b/charts/aad-pod-identity/values.yaml index 93f4151c5..ed3076713 100644 --- a/charts/aad-pod-identity/values.yaml +++ b/charts/aad-pod-identity/values.yaml @@ -43,7 +43,7 @@ operationMode: "standard" mic: image: mic - tag: v1.8.7 + tag: v1.8.8 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" @@ -163,7 +163,7 @@ mic: nmi: image: nmi - tag: v1.8.7 + tag: v1.8.8 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" @@ -202,7 +202,7 @@ nmi: affinity: {} # nodeAffinity: # preferredDuringSchedulingIgnoredDuringExecution: - # - weight 1 + # - weight: 1 # preference: # matchExpressions: # - key: kubernetes.azure.com/mode diff --git a/charts/index.yaml b/charts/index.yaml index 8f9f83a20..89f7ba9d8 100644 --- a/charts/index.yaml +++ b/charts/index.yaml @@ -1,6 +1,21 @@ apiVersion: v1 entries: aad-pod-identity: + - apiVersion: v2 + appVersion: 1.8.8 + created: "2022-03-31T18:37:48.296961013Z" + description: Deploy components for aad-pod-identity + digest: d111544d31c099c4c75aaf55af77b4ed74c8a0c88ec736939b180c90f1c5047e + home: https://github.com/Azure/aad-pod-identity + maintainers: + - email: anish.ramasekar@gmail.com + name: aramase + name: aad-pod-identity + sources: + - https://github.com/Azure/aad-pod-identity + urls: + - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-4.1.9.tgz + version: 4.1.9 - apiVersion: v2 appVersion: 1.8.7 created: "2022-02-09T18:40:16.229845191Z" @@ -361,4 +376,4 @@ entries: urls: - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-1.5.2.tgz version: 1.5.2 -generated: "2022-02-09T18:40:16.228402613Z" +generated: "2022-03-31T18:37:48.295446527Z" diff --git a/deploy/demo/deployment.yaml b/deploy/demo/deployment.yaml index fb724772d..cf73a7a10 100644 --- a/deploy/demo/deployment.yaml +++ b/deploy/demo/deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: demo - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.8" args: - "--subscription-id=SUBSCRIPTION_ID" - "--identity-client-id=CLIENT_ID" diff --git a/deploy/infra/deployment-rbac.yaml b/deploy/infra/deployment-rbac.yaml index 60b128d2a..c29c17d59 100644 --- a/deploy/infra/deployment-rbac.yaml +++ b/deploy/infra/deployment-rbac.yaml @@ -475,7 +475,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -595,7 +595,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.8" args: - "--cloudconfig=/etc/kubernetes/azure.json" - "--logtostderr" diff --git a/deploy/infra/deployment.yaml b/deploy/infra/deployment.yaml index 46b02613a..1ec2cbd00 100644 --- a/deploy/infra/deployment.yaml +++ b/deploy/infra/deployment.yaml @@ -431,7 +431,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -496,7 +496,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.8" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--cloudconfig=/etc/kubernetes/azure.json" diff --git a/deploy/infra/managed-mode-deployment.yaml b/deploy/infra/managed-mode-deployment.yaml index 15909e2a3..454a14e80 100644 --- a/deploy/infra/managed-mode-deployment.yaml +++ b/deploy/infra/managed-mode-deployment.yaml @@ -306,7 +306,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--operation-mode=managed" diff --git a/deploy/infra/noazurejson/deployment-rbac.yaml b/deploy/infra/noazurejson/deployment-rbac.yaml index cd95748db..50a879a82 100644 --- a/deploy/infra/noazurejson/deployment-rbac.yaml +++ b/deploy/infra/noazurejson/deployment-rbac.yaml @@ -473,7 +473,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -605,7 +605,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.8" args: - "--logtostderr" securityContext: diff --git a/deploy/infra/noazurejson/deployment.yaml b/deploy/infra/noazurejson/deployment.yaml index eec73095c..253992110 100644 --- a/deploy/infra/noazurejson/deployment.yaml +++ b/deploy/infra/noazurejson/deployment.yaml @@ -429,7 +429,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -508,7 +508,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.8" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--logtostderr" diff --git a/manifest_staging/charts/aad-pod-identity/Chart.yaml b/manifest_staging/charts/aad-pod-identity/Chart.yaml index 5ee6b0ec4..89d658d25 100644 --- a/manifest_staging/charts/aad-pod-identity/Chart.yaml +++ b/manifest_staging/charts/aad-pod-identity/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: Deploy components for aad-pod-identity name: aad-pod-identity -version: 4.1.8 -appVersion: 1.8.7 +version: 4.1.9 +appVersion: 1.8.8 home: https://github.com/Azure/aad-pod-identity sources: - https://github.com/Azure/aad-pod-identity diff --git a/manifest_staging/charts/aad-pod-identity/README.md b/manifest_staging/charts/aad-pod-identity/README.md index 73881c736..a320953e1 100755 --- a/manifest_staging/charts/aad-pod-identity/README.md +++ b/manifest_staging/charts/aad-pod-identity/README.md @@ -259,7 +259,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `adminsecret.useMSI` | Set to `true` when using a user managed identity | ` ` | | `adminsecret.userAssignedMSIClientID` | Azure user managed identity client ID | ` ` | | `mic.image` | MIC image name | `mic` | -| `mic.tag` | MIC image tag | `v1.8.7` | +| `mic.tag` | MIC image tag | `v1.8.8` | | `mic.priorityClassName` | MIC priority class (can only be set when deploying to kube-system namespace) | | | `mic.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `mic.loggingFormat` | Log format. One of (text \| json) | `text` | @@ -285,7 +285,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `mic.updateUserMSIRetryInterval` | The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors | If not provided, default value is `1s` | | `mic.identityAssignmentReconcileInterval` | The interval between reconciling identity assignment on Azure based on an existing list of AzureAssignedIdentities | If not provided, default value is `3m` | | `nmi.image` | NMI image name | `nmi` | -| `nmi.tag` | NMI image tag | `v1.8.7` | +| `nmi.tag` | NMI image tag | `v1.8.8` | | `nmi.priorityClassName` | NMI priority class (can only be set when deploying to kube-system namespace) | | | `nmi.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `nmi.loggingFormat` | Log format. One of (text \| json) | `text` | diff --git a/manifest_staging/charts/aad-pod-identity/values.yaml b/manifest_staging/charts/aad-pod-identity/values.yaml index a0eba15c1..ed3076713 100644 --- a/manifest_staging/charts/aad-pod-identity/values.yaml +++ b/manifest_staging/charts/aad-pod-identity/values.yaml @@ -43,7 +43,7 @@ operationMode: "standard" mic: image: mic - tag: v1.8.7 + tag: v1.8.8 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" @@ -163,7 +163,7 @@ mic: nmi: image: nmi - tag: v1.8.7 + tag: v1.8.8 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" diff --git a/manifest_staging/deploy/demo/deployment.yaml b/manifest_staging/deploy/demo/deployment.yaml index fb724772d..cf73a7a10 100644 --- a/manifest_staging/deploy/demo/deployment.yaml +++ b/manifest_staging/deploy/demo/deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: demo - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.8" args: - "--subscription-id=SUBSCRIPTION_ID" - "--identity-client-id=CLIENT_ID" diff --git a/manifest_staging/deploy/infra/deployment-rbac.yaml b/manifest_staging/deploy/infra/deployment-rbac.yaml index 60b128d2a..c29c17d59 100644 --- a/manifest_staging/deploy/infra/deployment-rbac.yaml +++ b/manifest_staging/deploy/infra/deployment-rbac.yaml @@ -475,7 +475,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -595,7 +595,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.8" args: - "--cloudconfig=/etc/kubernetes/azure.json" - "--logtostderr" diff --git a/manifest_staging/deploy/infra/deployment.yaml b/manifest_staging/deploy/infra/deployment.yaml index 46b02613a..1ec2cbd00 100644 --- a/manifest_staging/deploy/infra/deployment.yaml +++ b/manifest_staging/deploy/infra/deployment.yaml @@ -431,7 +431,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -496,7 +496,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.8" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--cloudconfig=/etc/kubernetes/azure.json" diff --git a/manifest_staging/deploy/infra/managed-mode-deployment.yaml b/manifest_staging/deploy/infra/managed-mode-deployment.yaml index 15909e2a3..454a14e80 100644 --- a/manifest_staging/deploy/infra/managed-mode-deployment.yaml +++ b/manifest_staging/deploy/infra/managed-mode-deployment.yaml @@ -306,7 +306,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--operation-mode=managed" diff --git a/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml b/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml index cd95748db..50a879a82 100644 --- a/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml +++ b/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml @@ -473,7 +473,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -605,7 +605,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.8" args: - "--logtostderr" securityContext: diff --git a/manifest_staging/deploy/infra/noazurejson/deployment.yaml b/manifest_staging/deploy/infra/noazurejson/deployment.yaml index eec73095c..253992110 100644 --- a/manifest_staging/deploy/infra/noazurejson/deployment.yaml +++ b/manifest_staging/deploy/infra/noazurejson/deployment.yaml @@ -429,7 +429,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -508,7 +508,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.8" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--logtostderr" diff --git a/test/e2e/README.md b/test/e2e/README.md index 02617c8d3..346053af9 100644 --- a/test/e2e/README.md +++ b/test/e2e/README.md @@ -71,7 +71,7 @@ spec: selector: keyvault-identity EOF -kubectl run identityvalidator --image=mcr.microsoft.com/oss/azure/aad-pod-identity/identityvalidator:v1.8.7 --labels=aadpodidbinding=keyvault-identity -- --sleep +kubectl run identityvalidator --image=mcr.microsoft.com/oss/azure/aad-pod-identity/identityvalidator:v1.8.8 --labels=aadpodidbinding=keyvault-identity -- --sleep kubectl exec identityvalidator -- identityvalidator \ --subscription-id "$SUBSCRIPTION_ID" \ diff --git a/test/e2e/framework/config.go b/test/e2e/framework/config.go index 3bae1d2a1..cfa3180a4 100644 --- a/test/e2e/framework/config.go +++ b/test/e2e/framework/config.go @@ -22,10 +22,10 @@ type Config struct { KeyvaultName string `envconfig:"KEYVAULT_NAME"` KeyvaultSecretName string `envconfig:"KEYVAULT_SECRET_NAME"` KeyvaultSecretVersion string `envconfig:"KEYVAULT_SECRET_VERSION"` - MICVersion string `envconfig:"MIC_VERSION" default:"v1.8.7"` - NMIVersion string `envconfig:"NMI_VERSION" default:"v1.8.7"` + MICVersion string `envconfig:"MIC_VERSION" default:"v1.8.8"` + NMIVersion string `envconfig:"NMI_VERSION" default:"v1.8.8"` Registry string `envconfig:"REGISTRY" default:"mcr.microsoft.com/oss/azure/aad-pod-identity"` - IdentityValidatorVersion string `envconfig:"IDENTITY_VALIDATOR_VERSION" default:"v1.8.7"` + IdentityValidatorVersion string `envconfig:"IDENTITY_VALIDATOR_VERSION" default:"v1.8.8"` EnableScaleFeatures bool `envconfig:"ENABLE_SCALE_FEATURES" default:"true"` ImmutableUserMSIs string `envconfig:"IMMUTABLE_IDENTITY_CLIENT_ID"` NMIMode string `envconfig:"NMI_MODE" default:"standard"` diff --git a/website/content/en/changelog/_index.md b/website/content/en/changelog/_index.md index e3d9e43d2..a3a3600c2 100644 --- a/website/content/en/changelog/_index.md +++ b/website/content/en/changelog/_index.md @@ -7,6 +7,21 @@ menu: weight: 10 --- +## v1.8.8 + +### Security Fix + +- fix CVE-2022-23218 ([#1259](https://github.com/Azure/aad-pod-identity/issues/1259)) + +### Helm + +- use policy/v1 for PodDisruptionBudget ([#1254](https://github.com/Azure/aad-pod-identity/issues/1254)) +- update nmi affinity sample in charts ([#1256](https://github.com/Azure/aad-pod-identity/issues/1256)) + +### Other Improvements + +- remove redundant token get from demo ([#1258](https://github.com/Azure/aad-pod-identity/issues/1258)) + ## v1.8.7 ### Bug Fixes diff --git a/website/content/en/docs/Demo/standard_walkthrough.md b/website/content/en/docs/Demo/standard_walkthrough.md index 575da0acd..164d1e168 100644 --- a/website/content/en/docs/Demo/standard_walkthrough.md +++ b/website/content/en/docs/Demo/standard_walkthrough.md @@ -124,7 +124,7 @@ metadata: spec: containers: - name: demo - image: mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.7 + image: mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.8 args: - --subscription-id=${SUBSCRIPTION_ID} - --resource-group=${IDENTITY_RESOURCE_GROUP} @@ -146,7 +146,6 @@ If successful, the log output would be similar to the following output: ```log I0510 18:16:53.042124 1 main.go:128] curl -H Metadata:true "http://169.254.169.254/metadata/instance?api-version=2017-08-01": {"compute":{"location":"westus2","name":"aks-nodepool1-17529566-vmss_1","offer":"aks","osType":"Linux","placementGroupId":"877d5750-2bed-43dd-bad6-62e4f3b58a3c","platformFaultDomain":"0","platformUpdateDomain":"1","publisher":"microsoft-aks","resourceGroupName":"MC_chuwon_chuwon_westus2","sku":"aks-ubuntu-1804-gen2-2021-q1","subscriptionId":"2d31b5ab-0ddc-4991-bf8d-61b6ad196f5a","tags":"aksEngineVersion:v0.47.0-aks-gomod-b4-aks;creationSource:aks-aks-nodepool1-17529566-vmss;orchestrator:Kubernetes:1.18.14;poolName:nodepool1;resourceNameSuffix:17529566","version":"2021.01.28","vmId":"4fc9f60c-170c-4e76-84ff-81c6c0cecea1","vmSize":"Standard_DS2_v2"},"network":{"interface":[{"ipv4":{"ipAddress":[{"privateIpAddress":"10.240.0.5","publicIpAddress":""}],"subnet":[{"address":"10.240.0.0","prefix":"16"}]},"ipv6":{"ipAddress":[]},"macAddress":"000D3AFE98BF"}]}} -I0510 18:17:04.463222 1 main.go:75] successfully acquired a service principal token from http://169.254.169.254/metadata/identity/oauth2/token I0510 18:17:04.474588 1 main.go:100] successfully acquired a service principal token from http://169.254.169.254/metadata/identity/oauth2/token using a user-assigned identity (a9979fb6-6655-4612-95c9-7e4d0c83001b) I0510 18:17:04.474610 1 main.go:50] Try decoding your token at https://jwt.io ``` diff --git a/website/content/en/docs/Getting started/installation.md b/website/content/en/docs/Getting started/installation.md index 0b3ed8346..0994121e4 100644 --- a/website/content/en/docs/Getting started/installation.md +++ b/website/content/en/docs/Getting started/installation.md @@ -11,7 +11,7 @@ description: > To install/upgrade AAD Pod Identity on RBAC-enabled clusters: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.7/deploy/infra/deployment-rbac.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.8/deploy/infra/deployment-rbac.yaml ```
@@ -37,7 +37,7 @@ deployment.apps/mic created To install/upgrade aad-pod-identity on RBAC-disabled clusters: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.7/deploy/infra/deployment.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.8/deploy/infra/deployment.yaml ```
@@ -57,7 +57,7 @@ deployment.apps/mic created For AKS clusters, you will have to allow MIC and AKS add-ons to access IMDS without being intercepted by NMI: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.7/deploy/infra/mic-exception.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.8/deploy/infra/mic-exception.yaml ``` {{% alert title="Warning" color="warning" %}}