From da05957599972ba34ac0d29b7405b452180d9031 Mon Sep 17 00:00:00 2001 From: Anish Ramasekar Date: Fri, 1 Apr 2022 13:25:08 -0700 Subject: [PATCH] release: update manifest and helm charts for v1.8.8 (#1260) --- charts/aad-pod-identity-4.1.9.tgz | Bin 0 -> 17698 bytes charts/aad-pod-identity/Chart.yaml | 4 ++-- charts/aad-pod-identity/README.md | 4 ++-- .../templates/mic-pod-disruption-budget.yaml | 4 ++++ charts/aad-pod-identity/values.yaml | 6 +++--- charts/index.yaml | 17 ++++++++++++++++- deploy/demo/deployment.yaml | 2 +- deploy/infra/deployment-rbac.yaml | 4 ++-- deploy/infra/deployment.yaml | 4 ++-- deploy/infra/managed-mode-deployment.yaml | 2 +- deploy/infra/noazurejson/deployment-rbac.yaml | 4 ++-- deploy/infra/noazurejson/deployment.yaml | 4 ++-- .../charts/aad-pod-identity/Chart.yaml | 4 ++-- .../charts/aad-pod-identity/README.md | 4 ++-- .../charts/aad-pod-identity/values.yaml | 4 ++-- manifest_staging/deploy/demo/deployment.yaml | 2 +- .../deploy/infra/deployment-rbac.yaml | 4 ++-- manifest_staging/deploy/infra/deployment.yaml | 4 ++-- .../deploy/infra/managed-mode-deployment.yaml | 2 +- .../infra/noazurejson/deployment-rbac.yaml | 4 ++-- .../deploy/infra/noazurejson/deployment.yaml | 4 ++-- test/e2e/README.md | 2 +- test/e2e/framework/config.go | 6 +++--- website/content/en/changelog/_index.md | 15 +++++++++++++++ .../en/docs/Demo/standard_walkthrough.md | 3 +-- .../en/docs/Getting started/installation.md | 6 +++--- 26 files changed, 76 insertions(+), 43 deletions(-) create mode 100644 charts/aad-pod-identity-4.1.9.tgz diff --git a/charts/aad-pod-identity-4.1.9.tgz b/charts/aad-pod-identity-4.1.9.tgz new file mode 100644 index 0000000000000000000000000000000000000000..51c6374723b746fe27a2738028cfa136b55efb71 GIT binary patch literal 17698 zcmZ6S18^t7x9?-ywr$(CosDhVwzIKqY;4=Moeekqz5MTeukNkaH8oS+b-HV+diqTF z_k0dv3=|sBe+qyah}Kw2g~>!po)?*~^5Xt#cze^w_s`to)hHm~ z47cUc6m6P1N=?hR`O#AEWcEuMCjNp^Olndaap$_#5wASp*4@C(pcRC~PuK)p5I=?M znDzLP>NJ*#d?6E7Exm9xRk9?aOlG8M?M9&@o1!>=uGk(R7)7)r^97|^#$+ZoZZIWE zHpq5OJYA9F4i?`)wx;#zfcn)8u_O{{90&Y6f&N1iyXH9R9y(AjFCBO7D`eLGtiE<` zCjX2f?JXc=D0G}s9q924uzN5&VC?lxcw2J@keP(wp)kn_g~1+OQ?PW98LU{^6w*|s zK~94z23+R%K9A~&X;GsTFvCaHIm&$^!3Ntm6nLVcM4?HN2LGZXhek4sF2+^_Qz45M zt%pd z`r4L&GRmPe_M8>Hob$G15;(flLz2$4ZsnNgl|aIzIt(U~_7zUO5-H+!Yk^i(|z@j`<)YTo zMM#v&6w4uw#X^iEa1x%s*q55hmCBT8sg*XmFFsrgB^Lh9MXF3p7(zN`P1So0qbBi1 zv4O^)VS7Sgdtm<1D1=sqvS}<20uPxfV5*`*xCnq6qyti`g%2$)L0$3~OGUt8s%$`p zm_~Z5a8jN%La`ES=Ys|n%aj8X&Ta$g&~eq1$Jz>nIjnXJr_e)X;o|QFL&4I#UsAg_ zWdX-|7&LwlWIz2FSMxx7Q05#|L0*9W!`KzPPejt>dx8?9}P1RsuyN)7VoNy`%kt>P{uEAtH0-`}*0?SRdcWlM|K8>?V zY7MDs`pQ2*>?f!G7S&-Pkt~lEh+p5(Wo?8HWaouz_l9EY@aQ?>q12g}f+F}?u_{wm zj@zR3kAg%vnL5E(v?mV1lun2}5Lq6AMN!`?YTZ$F=FAs`Yoe7*unkb*^WbG}j*<2i zO3(<(pV|km90-s724%+_TpIPldeUBXphV{ ziG(VPT5G;yZ07~CwfI~(63Ga0I&MXe1}H%a%tNTjm34ggvQx3l(Lli&6Q#bICAQV$JFTs zsvro}slR_ogjiAA*%kEW@sl;M7DQ|!DEQ#El8UN!jo=fP<7phUs8pjX_nl!Z6GT_+ ziAWttBkpASiNY4blZ|t2LF!SGl3*>^2%Jb9P|?+!VVYyD1Yc+a-zcEaF{y@v? zNwvg3`wF8!JDnd8?Zc(_-%5mzw0>7eLQS$o@0K+i2Yt8&bMt%{Jz2@k=UHhe4dYgGZWc3hR@_fNF;KS@}u*yocqkO=SC8t zDnV9%*@Jp>S`_u+f-f*EJyQqy%H&$uy38%jTus{LLTKiXB|bqmkRb~ z>FXUKMJW@swJl(!$0z>0Jf>zuQYx=XC4WFAhFY>g$pm7FGGTb~p2UWsmKC_1!9pA- zhmNZM!&HK)J!3Yvy23IjN~_uw;r|6+!AbF*^tq!LBhoZR0XXp7czkkvGx7T_4{Dj)` zeBIZGQNw(FWTf{6dIMiA5vBmq%)SD$>t!-i zClr^H8MQFWYI^YR+1N9tli8vbIAyfkm;s>tMY3O z?Ld*$&@qP4)=sh&tz|?yX6cQ87y2UWO@R|WEH-xwWC1lpn&G;{y@!L575M}D5T=P* zxO9l_uVHLT+iTM$QovSu#fiI#i7X`K(cpv^Bcc@`6`H*D?rr@t2c*ukVO7B3n*fLi zcgaC*B4iC6g)i!4*3;s|N303zYu463k3x+32XJqyhlU{~sKkE~8_7<;F7o%_9iy*KNaBqUv#lA< zm)#6U2C9eowev1OfloLP(7|%>ExSuX8O#7W78PvnHV;=m^J&}q6x(A6P-{?xM~U;s z70_&B`~6H#BQO&asSYm^0y)NckJubuT5hap2t{}DT_0l^=OoLq?eF#)b3}Jz(zjB- z?i!~ns+N78FIQ;)p}-O#vy(@$v5LT2ilr9xvbhZS(V)`&1gdB6dHaCUgC%MTz34zaFXc@&A7HPYYs_AKKG(s)dNa_s zLd6OwQAQyyJZsByx;p}*<)j_3F~>83{$z-&w$9F<)d4jIYuXYHVIGva3v0#}bnzEz zs1`l}@@9xl0%M@LY7a3sjfM$cgr~@)Y)WAnsOeQBq4ycBL_M%Mf@0gjnn@%=?sK|o z8J&PqG>y0JLaG*HI$Cu?hj$uF+bC<*NG8lt{X}N_MG@mIwA3o>eT!}KS`nAbKWJ`gp3DEP-v*o)t6&nU~gsZM<*^c@_y_U zE(30JcLR+qt8})CX8qP7KXTP<8ZlC!KW}N(N35oK?dVCsp6WgJojqlmasVLK)l`l93 zLrX`Ia#bJ1^&(ppa}nt!X1lC&RUC0Xj9_7vcSGxNICastw(;1L>F?y9g=COAV5aNb zbFBTbf9+cE!BRFYui0~MPRVzEepnLV<{VqHc%-|oiEkg2r}}GEGg_=M+2IctNEc_t z#q7}iD+QM7t)b5>|Dm|p0T8X;4u_S?YWBmtxzX>OO^j+Hj#7J= zZv;gfEE*{#S$aoNT&S{{y~2qwyCjSBgHqo7dWP8?GXa+MVk`BzNNXGd$CX@Ux2ch5 zuS_|rj}11*-^7*`ufpD!Rz}3i)I`m)m#INR{uAFjt#&%&tqk^PvMY4D3{fnsdqXDT zU@Ru*92iJFLZ;JMZO`^Q8k7!&Ql%a&q#z-tZeeArDBw$d^#j?)3{T6`U$@L@OtbqO zKmj=a#IjJ<`&NBul){WypbtykJL`UR>+B!9UyFr;GnX4FV?z*dYmH$D%Yj5{=9FiETJcLQBSon8prredp>FJ%C;hLqmkR>fX?*OB z`D=Kx?tM>EVAXOK-5(A%`#2^oKs;~UoULh~bucPLu)b#Oy zDte>q)2w1Lo(vE#36vQ1<4Q1M#yNrs^VAF8zR5xeu(>DAH0dPB5CRwGRf#=K53FB^ z-z0@(cr0uj7kUZ2sfHUEh5<216gWZ^-Eg)z*Q{O;xP(p2*eu1@P4=|jczhY*OBoUf z$^-J?B0V{r@!lE9d{ujE;Rh$Vai~P6I9)@1#jbTJ4_5Hr@$%-GD%~=q{ zr|&G;ij3Q&Lys5=F+czAd;V@LxJ=lK}^|YO`0iIDwWzJO!?+LG*B2go)Yt9HSM?I|0Y=|vO z%;SJLjmck5r){(xlfizs3*$ySV=BAOg*PXAfQ{9i4~wqXxfh%2IAV^={2RMR=;PW4 zeE+Y%`8SH#w;mk#jlsBf64DhF7F4@U@Qx2j;b<`%X*ZEuomUAOeSbRAWK5lIz1nnm zYt6SU7T@7xOOBMBha>-rB(xa(9U@~|VmRyWcgl$olp^NQ;$KFP8YYHtW|GjTo3>?L z5JQc$RM|&yQ-vF2HVzWD8v<_js?a6on>c(NYG@65ANy+Gst9m`2`QhUUKS+mkFLpp z=~}pMiG_XZ8G`$D-%*^pcG4kZCYS_a?lHHkpR4D-EcvX32YU;+z9s0T8vzjB;$7Dr z0W_7rV<;`79iWn-*E^5M;N;mD5L%=3poz<;#dJP%-Y;`H-u85AY2)o9nf|hBspBd# zgV6;mrn5YK+*LfrbU3I)vWevj2y-2^?JB+K^Z{>WS-h#wi;8PQolF!7@l>5H6d**oscOq7?`@)PY zdstbJS6%`I4=*6>V@b7?ZVs%Y%6okB0<7nEo`WAGsa>7`5!BEoBs?_!$MOx}?*V|5 z0RwG7pJ!t)pf&m7<8J3}9zM={zY}XI(GvC}LJBcPkevTX|8=Q6y>5l)4XbOWbqlEM zV_acs_3_#rxpgXeWg%{Je5xwQu+D@5Z%ARc^7V6v(KRAfDl@_06a8Ddc*>Noj8J)N zD$vTU3}6T4h7gVxp}qW_yPp_O4c$++#>G<`fCP$vN$dItaVN==wTLe19O&8t8mfIh z@*h_cm^4As=R0IEa~T<2EF#{lMXsF!`6gbL=i*VbtiI;fUlxjQjdFG@Qsbu%;N(%I z%r3fnT=mKo#9L-M^MjnN+PTw_#+9fSx>hN>%#jn4Z=aP33Cti8Q ztoSIPr48R^Eg1eioI#BRa&gKZeX@6bQ|{2&13rY*w(qaL4C2f62Ws(bc31`ST~oF> zhPkyMyJ42vVrRuG6hkS+&%dx4Z=L9l&Mw#s4A))azL9(8*p%%#LYi0gnAcdb&0EwF z%P>3<(z8~SdeZF^4?fXY0d1Hc3%RfjVmEhN6<>w9Fs}#Si!|wy$QG5Tq70&rIvYT> z*_ET1j~{mzC;O*=C0c=+piY`fV^5z4xopxef-AF@isPJX8q$8Z$07EkdEA`f&}w{bI*xE$;i*te&?Z+W@<+72*l8 z%|X0ZV)V;1Z6-5k7e()+5j`GQs~p~Meu;Kv%Sr(!_Xvs!6|m^xeFlAw@wNI5yR+=B zoAxl|^g5auO(cc1Pw*XLiL7tz9_RiRuXCU*lbF2#kIVtkJdzo`&!2@6Zw$KZE;v-` z^>Gzo!;5sWh9-CVYokQ&MA@z|w?^liswj~0Ln(pzwI`6(rL16ZK@|AUM+brHdn+5o zhOyYp_@9KwQOepBkUDN1D#tCDUSO5l9N?jGVtpk3%MuBz%V01bFM0dpK zE5PpT!0aZVFZmaG-){OJaGltOy+$Vi%jS)%JPOct5%MV@qJ1&>jsidsMpk$ehbRL_ zN!ps^)HQJQheWm5W0e_q>*7RZ8fZBd#;$yr>}e0ixrx*!vCsJ$M?Cdg1ysm5<<`cF zL)g6Elg$=hZD+nwhA{CzpsHOY=3wi+)&Sa}`oU-~qOGk8cuob_8)e=Sl?#Vk|R<2D*ES#8z1|bi^9s zx^!64MaM@%s>(Ypr~cJUE z%nqGLw;{yh7z`9^Wc{6Eg{rG_LphKxPKx;D-mSfZ5nlH^ZUo)r7ZV-jkDwX5Kkh{i z9l(ee2G4F2Rq;=swgw{qA@$!HOO)+5!hZ49D@9IEQJ-tw^}L(^U~>OS3x}oh?|2oP z`4X%Tk6j{YrA2$*ee5s+F8E^=O*fyLpr& z!}bocjoHNxhsV{`4bhcp7O?(5=`MVxtu~8-si&T;fAQZv2GO%bL*RXaV*lL^_m`z8 zScqq16z7UU3A#0*ZJaNa+eZ;p1Pl0Grul1n{yeQQ3(r!_H0M*T(ahU2(H37$5O9`K z`steOdrNPvw;qWYa{MNHZ{n`ryID}CAPrzL#k-HJ>brB!zXHhBk5sbrX^RV=cq)4c3=VY(=1>A=%xi0erg zXpk4Eloq+34ryhhWzg4#gS}Q(-C1wZ#WW>{*Gur1x$W;(VMVOVaXWhPRzh~8qpr9A}hB5*AAyE)OY2JiCh*%z0K+WSIMqr0n3~SX;s!D0a@ajGSmUSj=Xmh%4GU zFdr3y2X@%i$IC5QPpCeRk?_1IOu->#AA9CDZxHr>dfEBFNp<7rF!HBp-ZT(Rrk7&U zetR;Kl+Rk9dKJ_s(1)9?hq#*+fXj=&o*Hz)nUe&JOq_JRVoFjHe!Ks@{d!AD3P=h# zJ9?`CoIDM!1mrSu^QRMiWGq!{%jG5PR;M(7Z>*?JM#Z%G2xKShA}Hjgo4?A8H!t~m zIlDSJKM%X&p3N>T?bcB6o<^m=*Y)=Cy*YYwdp0TbLh8+pWxr-nViM|^^T@wNlw&r$ zKG!euA`D?lTxJPC#=PVqX&uCGP8``ui^2lA!< zM<%LTnc8lyf5uNinp;fG>Us-5)ee2yf{io`)Pooa;mWw9gA~Z{cg0>rOuGx&^5!>GS8-WF=c62jX9lrIHu2(d9+two)i`kbX~2= zWbf3#FjxV@&?qQ(kT)xjv$8*p5S=NloCP{_(G-MnA375Cl9RtfrB8TObk;wNp@lsR zXgU)lbOLuZ{yeiM|F*Dj2*3w4N2>_j)%V^?spquI%0 zC2_wQP_T@PvzaEq238F^<>cnCfo0RhO8n)kPvd^duPy$kv)N9$_@;UNhhni=`Wp9L zCtr4No11V3XpAS(MIYll;EUSFY7Tec!{t>U7ULX{JA_&K0r2thiC|oN4?r&!IIa0S zG_r?JBp)%Z*`P03 zsjg)vfw?=ssK7B)fI(#$ylh5uG ziT`K(duxYrE1)aF=jxM?mO94aVJ0i_g08!T<<}t49WL;$t1Kg--Dm&#?J^h2Q+T*( zvf?_T^v&E(1nR{R(%BxLkR{!WK2~O3;x;j69QHv1zw5ulk?)vgNo3_y196ln4czi5 zHB9I$*;@EyE(B?@%)!DQtT!@8efMCKfun91cTBPmhrKo#12V?v`gOrl-oc6ZN0)UV z)%+Qu(wy^$(Oy`sjr@p)^9`c$__x52c_WoyM;IP zcph9p5N5ER$FxoD2pWqYSVHcmhY567Ves!YHhFIGY`R5U|jsaecU52}Wn{KT=fWEX>`X?ec zXh9H%|^0J}SJcEHvqpgsA)_6i`{-07#mx*yflx$A5OOeE~7);1Vvu(H=sKLa;uH=V7x^|9~3gn&lVFT z9G2GErdw@buEe@>Gjj2vuBYSTrI9szf2GGtNu^rc8t&X7WI$MNt?iuHUN7*YoSr<7 ze4(CNfn1@Snic=;hJKWZ^{T~oS>MQ=!a8o^vBL0V`#xa&9T4E*^=$0e+p5>ZSF058 zZ|ZcT>j-tcL&ZuX%L!5Xn!Wsl1=B5v^)LEyVKDnmw1m||E^srZKsDNeRtKLrLstT2 zlwsL*Z$Sn*_m6VuLeaG}u%NB~(D_E6F#>;)`7T3iK)&}AQ=mcF-{_WKUwslsp&(q@-Dbp1V@u$hB;MSPD-(Rh}n{%>)N z*h{oQ1}w=;k6j((1%NEQg~4u^4o=$R3vX*Zp=uMQK^Sg?8KBjHLL>tX`M74ra42zfkf)&a6)SnK4V@^^b$oVpj}56IM^i>NJ2$>#wue=0rv;VqO0`G|IRYB;J+-e++ZileFoiafMNQbGD zJfC&}wFz(F(x}AzqrQlYlIAT`pYUT-JwWP`xk@>s%gINy`o8q9_mzr)3!|KfSkC-z zBCaGC@jr2oqYc`3`itptM?uR4HK`u|AxX%f@IFS!p!kj{8Nler&)e}nFDQVYv-0V` z0FZpQ@uQ$%%nz{4TPj#!y&rEi3i2qR7F-M_FCwO1gn1;K*=Suo7R=WDNJs{ZUnl30 z0F>#^&txk>M`u&Ymw}D_vr~EUKRhjrwH?3PlRx@=BGO&~2!=I#0A1;~p>2RZ((B*x zk3Kho_xf)ICf9T@H}vQ>$)3{WcCpp97(j_x(6`~lSAIx{^LNHh?vUH(p3EfwAt3Kk zV=kYF@Aztg&E-_kbAEKa+%`D@H2rlIB<2=?hj**~AXxj@S5tO;3$RNV*f+(@jE4i}VnkxLLZ0G~fJdN-_>cdq|BSwA2Ld(}R5wxqU0eEM4crQi;mk%*}eC_S*ZB-rvHU#(#3o!)PcGI*Ha@&1z0YMd@l4xt ztzPOZW2~My(p;>&>xRI6{=esgX(s_8OJbdR~@;YxKngY6s56f=)tAUl66Co!OY#U8aC- z<&WZzCqcj%;2H4M2e5dC^>w>{x!S)G#M>3d?+%F=@==Do8yPyl7ohGQnpHqIcpED{ zxN&p8Jh&0S+qK85z6OB0k<9Ejfv6;Vv! zishVU++yQT!=>-D(SoNo|Npe#T{)Sa+U71>u zmHEx~B9jW=_(|0Z$_EO)p3)nC z;xa#k6XK@Q`=4)$h&HZm>!QBi%gQL*nb=;^I&w0&D52j!XBT=lzVO00C{-K)HlkGP z%IU_1kfz(Kc%1Y*CoM|`46JzYs(KKwN|F}Nt-LhW4_lPDkxLqj)xo|aR0-VmRxN6S zNN7Dwz2952gJ49echVCGfBnqj5bQ@qi=NBSx3E5bgK-G*-}bKjnR8oY5RK3m)`n zB#oX_d$&zCQ;w3`SGhTfbCURHVf`B5+rdsK)JZsnps%OcWp4Q)Xjp{GQ5ZX|inz8& zs$?}a>qVcL%>}=v$?cD(=)vaE2{UE0p`H`bWYeyfXII`H#-*%E4=J#1pxkYxWXv@E zLNDskyeGY4&Y>mg0BKp@+#H(vkGM7Ykcu_=JmM)}<>6KIN07H*g=vthpovYV{DKOE z_)HJOgLJN5c}Iq~HBii#L^k%aN4&|BvQ2x`N?8_dz9I#DxqLj_7C-KR z;g{PN>!t^pWi&ImNKQUGwKPgn{{~8hf;X~;f<-nVcn^Uuy2xETr^p0)dOsa>p$sG7 z#Ktj&0_D6R@1ADK&Wq}jU40WKshc*B)T-P;~|`+ zh8n{HD0ShlWe()$Z6wnm)xIM6!VQ-CO}Iz|abCv_AhSj`V$n(43qz1hiP+h>;=vQZ zR~p#ecj&)-HeL8x+UMoZhAvwSJXEc~-KuBkGKsV2W)B{7aW%2%XCpPdkukyGVXvN% zC^j1G;R#RiepokT>5oA2=x4S=6O){Q92x~xJg|4&V{f&GALk;o1J=8fS)7F(FH#_p z$TciL9Xq`5iCfwc!J5P&FYL0u$;@14v4GBP0ET~D-;3~>c|pCh#_7lBq9%) z!3XFU@94GN6B-NY1z%=oTXo(cbdu4S5p{yUg>BOcx=;T*?xTPO&Tg5;S6%5sTUXstL;oXm)V?$xETs%iCOg9U{`KX`uf*uW^1T{@g zd2h|ckJpfQxWMx>b>z}?vSbr~U7MJDjQ<396dN3<{O+AkX-}qMFQklwqqY}At=Pp% zM6js+<*{&J39wQ3odcm@e<@@wUP+Ol;+07V^&eyz3nB+Iq0i2v?IDq&21GMWz1rg% zqa{XSde_+XKJnKWmWxfZ-^iNu6b^WC#kW5!bNQ6S+Tf0aN1S$JT*5V#?nSy1v=+v3&Ft8ri zkkfX3y8s`=2(paiy;uqFYYBG09&R-}%>R20LYb}KQ8MA~D5@V=I3*Nfmexb{n=cS0y0Y*GO@?w1jl#H?=vc4}n!SWjGw^ zhIemQmr$CLV!J->j5pDEThUex$R7hU_ItP;je<%sRl0>pOEVe4><)wLa^6H$ypiB- z%iQ1%IA!YAFsRf7)Y9jl=)JWpEiO{Cg>1B_m4y7Az&f0J6L^je{FEsRF^V|?=9<=h z=m0MXS-~VVEQT`Dd*r*$_C=-?`3z4XC8UZfgY+nHKc6d3U5c!|Ip+GHX(mz_h&H}p z-13nW?i#bk5@GLG4=ASL)xQ6G8~VY&H811N`G`r6v$JdTxrMU{pz|hc_{g;?2q3i3 z5(5c;n^KcP$Q~;uo!^+|EfF!|%R29}QRhs$JGf&W)#|1h%vLn_ExvrjQ*3_(p{KGT zj~|=ltMfhJIF3dWP#qLe7fI>#vd?fXMD8rq`c zhc+-L-fGT%XD(F_-5KNwbo>=*zwa3Ud*L=VX6`n+kAQN|g(^XMZMgRf*;CD-QeSN1 zR0_#ge#3N1*gO=-$sAu|oiir!xwfC$zFHkxb77MUi7#GyA4IKWP=uXM1gI?Lh^w8h z=eqm6U|WK8rMHrB{ExvBg|8m;?+G|%=^EyfwkLd7;nC4j$mtJsjOok9Evn-bdofB7 z+C!^F{;!d)jYqV0!1kTJ)sW+)13R1Un(NYwzEjLj+*U6>r=w1X8_^k1Q!n8W?!F&^0RKb3GRicHyYFxKV3hz^q=cA+pfUj;Qqo3 zk3H#-z>Ozu$KL_qxTb-mYkxSFiTt#eUBB`O#m*kaL!-c@B z;kG5^{Ioi!O2##@2(2Fd*KuC;($-rSl$=+xD!KkF?2k5czIJ;h*H`~GZ73Ql9;@H6 zSE$cV#lL;jR-I?Q*xg`Z?2=Hj%Ef7{O{Mu4neI3_5~Z6`GHtZXlv%lhrp1_o4BML8 zc1-9T#n6x!Ck)LV)3|S@OPm-utL1cRd0lS{mL==Z54RpB*49pX#S`+ezt1GqeYp2~ zF+o?&Dw_uXvMN{VoOJ&e2fsXAcuIb&0)1r_`D~AeceTw?TM_dFV(Kovm^UN?YK|%w zqm`J6m8Qb=zUA%TVc^suI^^zi3nhq8Go!`%4V(4bqQ?FStIR*nY$cZd>`(sCI`DDl zT1<8VhGy&q<@0?KQCYypnHO&`{Kfe z`l5$M}h1jC(H1g20QwN6F$# z0mSwpv)lA3+XwSCDG3&%aHT=S`=-lW_QV_^Oig1P$R$To!8ap{(o%eJxDhuZ|2fg>Lh^w+o4N z;wb7^+OU%N=upkEbYU>`;42M<-g08;Lz6P19AoLjyy~WsPh415!M-_-`b24a5E`CAhs_0(%p5-I9dAfNtgC!e z+sqctCM}iYl40LokRBJS)47_r^Gb-TlL{VeCg4G8ATtry;SJ3{oG=uo2mE4lt(&&i ze+IHU{}~9&Cgl8#xL1^6iv-3>Y$dz$mDa=Z-$yyRgi_$&;Sd26y{w#vID}{y0-~H1 zU6&Vw6ISNcQ;ba6Omo}Yx~1&$SDO5g##`lGa2wmbo>LoDgnE;eTh&`7!d7y^YK}oU zWkx?-Z8C~n;@$%`A%RyB`z1EB1<6;jG#;uZ$)q#z=APD!3!t>Y)GR9TE$^G?Y(owF zQcEn{$3#W*j7B0Zu0uH*U|(DesHLiPb#atS62a>3ym6PQGb7vS5EB}45GOf7@_~}m z~tuXHJ`-Fgh;!@(kMeh1hx!bHYR8^ zTk{~JF3(zY<*0B~26UVIi(OE4P!rVz`wOec)W(s1`w{)oW0oPi%eOIvi45i2`FWOy zjq)45(bdYsQS7d~3fa_Bb6fqU`j07LR1;920e>s?YaG4e1WY%)2#x6m@so zG0Eecm<}0|vGqz7=AZZ#G&QLTiDd$j_;@E<8h311(vq)V>*FQ0LZHg%B=#d?Buewq zX2&IzEHrlA0KILM0L#Po@Hi2LWNl2pfaTp6=2si{CnDpg1v4o zOL2%%C!dksf6mRsevBsm zff0}?6@dEP#$dUD&3i^1_fa5&4eL;VZPq#rk05w6wvtp*Z5!SemrsXA&q3Gj1pEj#IsD|MQL!;@Mtj6P@Z;jM(-Ai@b|}2@Lcv08nLeoc ztIRw|xg%;ai@i`nYtYAn!U-rXF=4B8rN)Od&0l*$I(_R_OmS2TW5LV;BqtYPl@pji zZ(6JVmLkynI++ugWwg!#WV^5C{r}e4OxAuZbTs@>g;?GFP>sONRycv_{?nM(_1{KA zprfts1{tN3RiY+Faekit|FWB>(&vWPA;Dtny}aumxUsqrundLY@M85LW9tiQcDzzo>+MT?A>W7w>>7mjJglB?c1^jQ*)%6hv_M100{O3#(n{RoZe1%B* z`Imo)Gc(*1Et!~as+(8rcZ(>`R^*oL7Zh!1QW5e7%a6Qr%_$j$3B}q)^v5nmDwx6l zk}#{hX{e#|uuL+j8n;u>UHiF7RADH%bhb9KcVro7-d(E;(uSXS^&K1_K5`$Ou>N0E`6-p_ia z3jiLmP9n13m0}Oh9QW z_-Dc+)Wnr+Uc>uRCly;aAvb5h|1vaa%2s#Jc-4DSHD@xDOUSSNkQ`#_u2Ba-`iX(^GQ6zqD`B0X1KBA(U;3BQq1A zg8^Z1X1aBc^j2pj4P|Mvb*q}EPp2AIDRix9Um|AXu!#kak2J_ZlSG*_5-jEN&2{#- z+r48msbI#}$9sh#{rac8+UKN5%IXI&*Y6!xNrLCEeFnIhbHU_8jQ#J7-lx5vgx=hp z|39U7|77aRVSaY0Am0$Bvf-ck*}|X6+>aDAyd}fP`RJyI%VqOd^Z&vio3Hv}d<7Jq zb!bUoAhiw*U{BzkzbF@(`0>Vq_YwsY(Bt^iOY1u4c*pg;f;yYF3(PRe#lHEMg-KLp;6*+9`Cc9 zP_5;)#eXGp&-Oe%58YvjW)$;R+7i3hIDy}(V(YG8#003Tf`p$<0ownt3j<3S|8lqv z^;j^#&S@8~?ItwH$2j8s>?x103Ks<`2wYXr8uyuzJIk?kkSsZkb-b#ph34C{%~hwg zfQFTfKjcBSjD%z}WX8{~!=b?29VuhKDZ?mo50HO} z_jfCaG2vx*m7S(7L0!dFhsU6#hXARYLgqT#O*b{$BMyLF*f<*?j)p^?L-L-T82 zP$}z;+Y9|B4`PwxH;1LidOt)8~QbVXcbTNB5qkIGPBL-n5&hiT7$H?)>4 z*y3svwl2keG&r+h_j4$q0U%=0N0vKtHRZmsQ)_Z0RLBy}95&YuhE# zhfA@M2nz+vg@R$D3TNJd)x?V&IpEDS!JHUxv`tdFIr={}JrBBQ^`Kp4CNl*}3y|z{ zRJ)dW;mzZ%s0((i(p($R*bd;ilvXWXN(R(!-j;8s<9&OpYuf55d)29_8`9rhrUF|E znHXnUmB=GG8ea)E4Mo0kP-3@M*4pZq_6-dkVSq>ypHYMrEahQXuWf&a^Wm*lr+5tM zWSuX&oAka5Ddh4v|E8fo9{isN2@#5mnePM@Xs9FfIhgKKU# zq$XHzmsvj*4tzA?OR#}`42z=mTTHaX<=Cu zW5;6OK@pDfqVV0c4V9w^=u5^0U>chBlCU_CN=~%H(kWlj>AzDC(2X-I2ma=$HwwL) zk;71choSY0uqDPdRFEv-smU(HBgu+rE!bopR<+c}oYVQ- zI?iwerI@p0tnD$9?FQ&W0GxJaoxU#Jv5)Bdn-V`$|ww?Q<&&QlcYUE!1L3Y+PjgNgBg z)UOtE;I`uqr=7ykL-Hqf}hriDPVr75hGk6)|#_Kl*OB;SYCy4S)Ka1tvVKhkpI7 zWuTJa7k3h^fAl=B^<@M^tOFrXF%V*20L1*jhxq{y_X>2tfe}F*>h)a_am2$Ua+2Xe zPRMhtrajcro$ctUVdshA$5r-2Ws+5!yS-BZ#8L6b8ZZSV2Un&jXIC^LQsF2z4jq;L zS@GuBa9>@+T+7HibZ)V95&RuAP$q0rp-F-TW{Mb(y3J)v8JglaCQN!ZlROuJwjzDO zr9_hGJ-8xBD@-%PI<|MlNu&Y89RrOYTu%;VO0&5Ta`EP9e}Dh4pgv)%XkG_-e|6+^ zb8ckadY;qrX0(K!a-99QTZdwRa>^VwaV^C(-w#rYJj%|@5z-0l2Q`-wW&WwXojiCvX* z$Y11|e5gxu{s7J}<1X=Gr5<$*+8mVyN#-?rqQdh5j7g9Ug zbz70TiYvSxUe}|dJ~G(>jUtz6UPv%L)f6ifaQ3Zo7ad#<^;mG9NMoK_OTxZw!C`5m zdZC-*aJ)87*T(7EIDMRPS~rIa7Aj2E)I4>Q*-n)Jay`09$_1TJrUlw?0>k`=iJrH2 z9gJ&!dEdD!{Hqm0E`zAj}k*0p@r0si7*-adB%qIFr9by=5n`7GuC4*&rF|DXD{a{%4} E0E$hZk^lez literal 0 HcmV?d00001 diff --git a/charts/aad-pod-identity/Chart.yaml b/charts/aad-pod-identity/Chart.yaml index 5ee6b0ec4..89d658d25 100644 --- a/charts/aad-pod-identity/Chart.yaml +++ b/charts/aad-pod-identity/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: Deploy components for aad-pod-identity name: aad-pod-identity -version: 4.1.8 -appVersion: 1.8.7 +version: 4.1.9 +appVersion: 1.8.8 home: https://github.com/Azure/aad-pod-identity sources: - https://github.com/Azure/aad-pod-identity diff --git a/charts/aad-pod-identity/README.md b/charts/aad-pod-identity/README.md index 73881c736..a320953e1 100755 --- a/charts/aad-pod-identity/README.md +++ b/charts/aad-pod-identity/README.md @@ -259,7 +259,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `adminsecret.useMSI` | Set to `true` when using a user managed identity | ` ` | | `adminsecret.userAssignedMSIClientID` | Azure user managed identity client ID | ` ` | | `mic.image` | MIC image name | `mic` | -| `mic.tag` | MIC image tag | `v1.8.7` | +| `mic.tag` | MIC image tag | `v1.8.8` | | `mic.priorityClassName` | MIC priority class (can only be set when deploying to kube-system namespace) | | | `mic.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `mic.loggingFormat` | Log format. One of (text \| json) | `text` | @@ -285,7 +285,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `mic.updateUserMSIRetryInterval` | The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors | If not provided, default value is `1s` | | `mic.identityAssignmentReconcileInterval` | The interval between reconciling identity assignment on Azure based on an existing list of AzureAssignedIdentities | If not provided, default value is `3m` | | `nmi.image` | NMI image name | `nmi` | -| `nmi.tag` | NMI image tag | `v1.8.7` | +| `nmi.tag` | NMI image tag | `v1.8.8` | | `nmi.priorityClassName` | NMI priority class (can only be set when deploying to kube-system namespace) | | | `nmi.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `nmi.loggingFormat` | Log format. One of (text \| json) | `text` | diff --git a/charts/aad-pod-identity/templates/mic-pod-disruption-budget.yaml b/charts/aad-pod-identity/templates/mic-pod-disruption-budget.yaml index bde0d68e4..9d7a16b9d 100644 --- a/charts/aad-pod-identity/templates/mic-pod-disruption-budget.yaml +++ b/charts/aad-pod-identity/templates/mic-pod-disruption-budget.yaml @@ -1,5 +1,9 @@ {{- if .Values.mic.podDisruptionBudget }} +{{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.Version }} +apiVersion: policy/v1 +{{- else }} apiVersion: policy/v1beta1 +{{- end }} kind: PodDisruptionBudget metadata: name: mic-pdb diff --git a/charts/aad-pod-identity/values.yaml b/charts/aad-pod-identity/values.yaml index 93f4151c5..ed3076713 100644 --- a/charts/aad-pod-identity/values.yaml +++ b/charts/aad-pod-identity/values.yaml @@ -43,7 +43,7 @@ operationMode: "standard" mic: image: mic - tag: v1.8.7 + tag: v1.8.8 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" @@ -163,7 +163,7 @@ mic: nmi: image: nmi - tag: v1.8.7 + tag: v1.8.8 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" @@ -202,7 +202,7 @@ nmi: affinity: {} # nodeAffinity: # preferredDuringSchedulingIgnoredDuringExecution: - # - weight 1 + # - weight: 1 # preference: # matchExpressions: # - key: kubernetes.azure.com/mode diff --git a/charts/index.yaml b/charts/index.yaml index 8f9f83a20..89f7ba9d8 100644 --- a/charts/index.yaml +++ b/charts/index.yaml @@ -1,6 +1,21 @@ apiVersion: v1 entries: aad-pod-identity: + - apiVersion: v2 + appVersion: 1.8.8 + created: "2022-03-31T18:37:48.296961013Z" + description: Deploy components for aad-pod-identity + digest: d111544d31c099c4c75aaf55af77b4ed74c8a0c88ec736939b180c90f1c5047e + home: https://github.com/Azure/aad-pod-identity + maintainers: + - email: anish.ramasekar@gmail.com + name: aramase + name: aad-pod-identity + sources: + - https://github.com/Azure/aad-pod-identity + urls: + - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-4.1.9.tgz + version: 4.1.9 - apiVersion: v2 appVersion: 1.8.7 created: "2022-02-09T18:40:16.229845191Z" @@ -361,4 +376,4 @@ entries: urls: - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-1.5.2.tgz version: 1.5.2 -generated: "2022-02-09T18:40:16.228402613Z" +generated: "2022-03-31T18:37:48.295446527Z" diff --git a/deploy/demo/deployment.yaml b/deploy/demo/deployment.yaml index fb724772d..cf73a7a10 100644 --- a/deploy/demo/deployment.yaml +++ b/deploy/demo/deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: demo - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.8" args: - "--subscription-id=SUBSCRIPTION_ID" - "--identity-client-id=CLIENT_ID" diff --git a/deploy/infra/deployment-rbac.yaml b/deploy/infra/deployment-rbac.yaml index 60b128d2a..c29c17d59 100644 --- a/deploy/infra/deployment-rbac.yaml +++ b/deploy/infra/deployment-rbac.yaml @@ -475,7 +475,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -595,7 +595,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.8" args: - "--cloudconfig=/etc/kubernetes/azure.json" - "--logtostderr" diff --git a/deploy/infra/deployment.yaml b/deploy/infra/deployment.yaml index 46b02613a..1ec2cbd00 100644 --- a/deploy/infra/deployment.yaml +++ b/deploy/infra/deployment.yaml @@ -431,7 +431,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -496,7 +496,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.8" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--cloudconfig=/etc/kubernetes/azure.json" diff --git a/deploy/infra/managed-mode-deployment.yaml b/deploy/infra/managed-mode-deployment.yaml index 15909e2a3..454a14e80 100644 --- a/deploy/infra/managed-mode-deployment.yaml +++ b/deploy/infra/managed-mode-deployment.yaml @@ -306,7 +306,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--operation-mode=managed" diff --git a/deploy/infra/noazurejson/deployment-rbac.yaml b/deploy/infra/noazurejson/deployment-rbac.yaml index cd95748db..50a879a82 100644 --- a/deploy/infra/noazurejson/deployment-rbac.yaml +++ b/deploy/infra/noazurejson/deployment-rbac.yaml @@ -473,7 +473,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -605,7 +605,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.8" args: - "--logtostderr" securityContext: diff --git a/deploy/infra/noazurejson/deployment.yaml b/deploy/infra/noazurejson/deployment.yaml index eec73095c..253992110 100644 --- a/deploy/infra/noazurejson/deployment.yaml +++ b/deploy/infra/noazurejson/deployment.yaml @@ -429,7 +429,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -508,7 +508,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.8" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--logtostderr" diff --git a/manifest_staging/charts/aad-pod-identity/Chart.yaml b/manifest_staging/charts/aad-pod-identity/Chart.yaml index 5ee6b0ec4..89d658d25 100644 --- a/manifest_staging/charts/aad-pod-identity/Chart.yaml +++ b/manifest_staging/charts/aad-pod-identity/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: Deploy components for aad-pod-identity name: aad-pod-identity -version: 4.1.8 -appVersion: 1.8.7 +version: 4.1.9 +appVersion: 1.8.8 home: https://github.com/Azure/aad-pod-identity sources: - https://github.com/Azure/aad-pod-identity diff --git a/manifest_staging/charts/aad-pod-identity/README.md b/manifest_staging/charts/aad-pod-identity/README.md index 73881c736..a320953e1 100755 --- a/manifest_staging/charts/aad-pod-identity/README.md +++ b/manifest_staging/charts/aad-pod-identity/README.md @@ -259,7 +259,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `adminsecret.useMSI` | Set to `true` when using a user managed identity | ` ` | | `adminsecret.userAssignedMSIClientID` | Azure user managed identity client ID | ` ` | | `mic.image` | MIC image name | `mic` | -| `mic.tag` | MIC image tag | `v1.8.7` | +| `mic.tag` | MIC image tag | `v1.8.8` | | `mic.priorityClassName` | MIC priority class (can only be set when deploying to kube-system namespace) | | | `mic.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `mic.loggingFormat` | Log format. One of (text \| json) | `text` | @@ -285,7 +285,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `mic.updateUserMSIRetryInterval` | The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors | If not provided, default value is `1s` | | `mic.identityAssignmentReconcileInterval` | The interval between reconciling identity assignment on Azure based on an existing list of AzureAssignedIdentities | If not provided, default value is `3m` | | `nmi.image` | NMI image name | `nmi` | -| `nmi.tag` | NMI image tag | `v1.8.7` | +| `nmi.tag` | NMI image tag | `v1.8.8` | | `nmi.priorityClassName` | NMI priority class (can only be set when deploying to kube-system namespace) | | | `nmi.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `nmi.loggingFormat` | Log format. One of (text \| json) | `text` | diff --git a/manifest_staging/charts/aad-pod-identity/values.yaml b/manifest_staging/charts/aad-pod-identity/values.yaml index a0eba15c1..ed3076713 100644 --- a/manifest_staging/charts/aad-pod-identity/values.yaml +++ b/manifest_staging/charts/aad-pod-identity/values.yaml @@ -43,7 +43,7 @@ operationMode: "standard" mic: image: mic - tag: v1.8.7 + tag: v1.8.8 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" @@ -163,7 +163,7 @@ mic: nmi: image: nmi - tag: v1.8.7 + tag: v1.8.8 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" diff --git a/manifest_staging/deploy/demo/deployment.yaml b/manifest_staging/deploy/demo/deployment.yaml index fb724772d..cf73a7a10 100644 --- a/manifest_staging/deploy/demo/deployment.yaml +++ b/manifest_staging/deploy/demo/deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: demo - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.8" args: - "--subscription-id=SUBSCRIPTION_ID" - "--identity-client-id=CLIENT_ID" diff --git a/manifest_staging/deploy/infra/deployment-rbac.yaml b/manifest_staging/deploy/infra/deployment-rbac.yaml index 60b128d2a..c29c17d59 100644 --- a/manifest_staging/deploy/infra/deployment-rbac.yaml +++ b/manifest_staging/deploy/infra/deployment-rbac.yaml @@ -475,7 +475,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -595,7 +595,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.8" args: - "--cloudconfig=/etc/kubernetes/azure.json" - "--logtostderr" diff --git a/manifest_staging/deploy/infra/deployment.yaml b/manifest_staging/deploy/infra/deployment.yaml index 46b02613a..1ec2cbd00 100644 --- a/manifest_staging/deploy/infra/deployment.yaml +++ b/manifest_staging/deploy/infra/deployment.yaml @@ -431,7 +431,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -496,7 +496,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.8" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--cloudconfig=/etc/kubernetes/azure.json" diff --git a/manifest_staging/deploy/infra/managed-mode-deployment.yaml b/manifest_staging/deploy/infra/managed-mode-deployment.yaml index 15909e2a3..454a14e80 100644 --- a/manifest_staging/deploy/infra/managed-mode-deployment.yaml +++ b/manifest_staging/deploy/infra/managed-mode-deployment.yaml @@ -306,7 +306,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--operation-mode=managed" diff --git a/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml b/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml index cd95748db..50a879a82 100644 --- a/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml +++ b/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml @@ -473,7 +473,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -605,7 +605,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.8" args: - "--logtostderr" securityContext: diff --git a/manifest_staging/deploy/infra/noazurejson/deployment.yaml b/manifest_staging/deploy/infra/noazurejson/deployment.yaml index eec73095c..253992110 100644 --- a/manifest_staging/deploy/infra/noazurejson/deployment.yaml +++ b/manifest_staging/deploy/infra/noazurejson/deployment.yaml @@ -429,7 +429,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.8" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -508,7 +508,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.7" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.8" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--logtostderr" diff --git a/test/e2e/README.md b/test/e2e/README.md index 02617c8d3..346053af9 100644 --- a/test/e2e/README.md +++ b/test/e2e/README.md @@ -71,7 +71,7 @@ spec: selector: keyvault-identity EOF -kubectl run identityvalidator --image=mcr.microsoft.com/oss/azure/aad-pod-identity/identityvalidator:v1.8.7 --labels=aadpodidbinding=keyvault-identity -- --sleep +kubectl run identityvalidator --image=mcr.microsoft.com/oss/azure/aad-pod-identity/identityvalidator:v1.8.8 --labels=aadpodidbinding=keyvault-identity -- --sleep kubectl exec identityvalidator -- identityvalidator \ --subscription-id "$SUBSCRIPTION_ID" \ diff --git a/test/e2e/framework/config.go b/test/e2e/framework/config.go index 3bae1d2a1..cfa3180a4 100644 --- a/test/e2e/framework/config.go +++ b/test/e2e/framework/config.go @@ -22,10 +22,10 @@ type Config struct { KeyvaultName string `envconfig:"KEYVAULT_NAME"` KeyvaultSecretName string `envconfig:"KEYVAULT_SECRET_NAME"` KeyvaultSecretVersion string `envconfig:"KEYVAULT_SECRET_VERSION"` - MICVersion string `envconfig:"MIC_VERSION" default:"v1.8.7"` - NMIVersion string `envconfig:"NMI_VERSION" default:"v1.8.7"` + MICVersion string `envconfig:"MIC_VERSION" default:"v1.8.8"` + NMIVersion string `envconfig:"NMI_VERSION" default:"v1.8.8"` Registry string `envconfig:"REGISTRY" default:"mcr.microsoft.com/oss/azure/aad-pod-identity"` - IdentityValidatorVersion string `envconfig:"IDENTITY_VALIDATOR_VERSION" default:"v1.8.7"` + IdentityValidatorVersion string `envconfig:"IDENTITY_VALIDATOR_VERSION" default:"v1.8.8"` EnableScaleFeatures bool `envconfig:"ENABLE_SCALE_FEATURES" default:"true"` ImmutableUserMSIs string `envconfig:"IMMUTABLE_IDENTITY_CLIENT_ID"` NMIMode string `envconfig:"NMI_MODE" default:"standard"` diff --git a/website/content/en/changelog/_index.md b/website/content/en/changelog/_index.md index e3d9e43d2..a3a3600c2 100644 --- a/website/content/en/changelog/_index.md +++ b/website/content/en/changelog/_index.md @@ -7,6 +7,21 @@ menu: weight: 10 --- +## v1.8.8 + +### Security Fix + +- fix CVE-2022-23218 ([#1259](https://github.com/Azure/aad-pod-identity/issues/1259)) + +### Helm + +- use policy/v1 for PodDisruptionBudget ([#1254](https://github.com/Azure/aad-pod-identity/issues/1254)) +- update nmi affinity sample in charts ([#1256](https://github.com/Azure/aad-pod-identity/issues/1256)) + +### Other Improvements + +- remove redundant token get from demo ([#1258](https://github.com/Azure/aad-pod-identity/issues/1258)) + ## v1.8.7 ### Bug Fixes diff --git a/website/content/en/docs/Demo/standard_walkthrough.md b/website/content/en/docs/Demo/standard_walkthrough.md index 575da0acd..164d1e168 100644 --- a/website/content/en/docs/Demo/standard_walkthrough.md +++ b/website/content/en/docs/Demo/standard_walkthrough.md @@ -124,7 +124,7 @@ metadata: spec: containers: - name: demo - image: mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.7 + image: mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.8 args: - --subscription-id=${SUBSCRIPTION_ID} - --resource-group=${IDENTITY_RESOURCE_GROUP} @@ -146,7 +146,6 @@ If successful, the log output would be similar to the following output: ```log I0510 18:16:53.042124 1 main.go:128] curl -H Metadata:true "http://169.254.169.254/metadata/instance?api-version=2017-08-01": {"compute":{"location":"westus2","name":"aks-nodepool1-17529566-vmss_1","offer":"aks","osType":"Linux","placementGroupId":"877d5750-2bed-43dd-bad6-62e4f3b58a3c","platformFaultDomain":"0","platformUpdateDomain":"1","publisher":"microsoft-aks","resourceGroupName":"MC_chuwon_chuwon_westus2","sku":"aks-ubuntu-1804-gen2-2021-q1","subscriptionId":"2d31b5ab-0ddc-4991-bf8d-61b6ad196f5a","tags":"aksEngineVersion:v0.47.0-aks-gomod-b4-aks;creationSource:aks-aks-nodepool1-17529566-vmss;orchestrator:Kubernetes:1.18.14;poolName:nodepool1;resourceNameSuffix:17529566","version":"2021.01.28","vmId":"4fc9f60c-170c-4e76-84ff-81c6c0cecea1","vmSize":"Standard_DS2_v2"},"network":{"interface":[{"ipv4":{"ipAddress":[{"privateIpAddress":"10.240.0.5","publicIpAddress":""}],"subnet":[{"address":"10.240.0.0","prefix":"16"}]},"ipv6":{"ipAddress":[]},"macAddress":"000D3AFE98BF"}]}} -I0510 18:17:04.463222 1 main.go:75] successfully acquired a service principal token from http://169.254.169.254/metadata/identity/oauth2/token I0510 18:17:04.474588 1 main.go:100] successfully acquired a service principal token from http://169.254.169.254/metadata/identity/oauth2/token using a user-assigned identity (a9979fb6-6655-4612-95c9-7e4d0c83001b) I0510 18:17:04.474610 1 main.go:50] Try decoding your token at https://jwt.io ``` diff --git a/website/content/en/docs/Getting started/installation.md b/website/content/en/docs/Getting started/installation.md index 0b3ed8346..0994121e4 100644 --- a/website/content/en/docs/Getting started/installation.md +++ b/website/content/en/docs/Getting started/installation.md @@ -11,7 +11,7 @@ description: > To install/upgrade AAD Pod Identity on RBAC-enabled clusters: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.7/deploy/infra/deployment-rbac.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.8/deploy/infra/deployment-rbac.yaml ```
@@ -37,7 +37,7 @@ deployment.apps/mic created To install/upgrade aad-pod-identity on RBAC-disabled clusters: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.7/deploy/infra/deployment.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.8/deploy/infra/deployment.yaml ```
@@ -57,7 +57,7 @@ deployment.apps/mic created For AKS clusters, you will have to allow MIC and AKS add-ons to access IMDS without being intercepted by NMI: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.7/deploy/infra/mic-exception.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.8/deploy/infra/mic-exception.yaml ``` {{% alert title="Warning" color="warning" %}}