diff --git a/files/secrets-store/csi-secrets-store-DaemonSet.yaml b/files/secrets-store/csi-secrets-store-DaemonSet.yaml index e88104e..d06f605 100644 --- a/files/secrets-store/csi-secrets-store-DaemonSet.yaml +++ b/files/secrets-store/csi-secrets-store-DaemonSet.yaml @@ -12,8 +12,6 @@ spec: labels: app: csi-secrets-store spec: - nodeSelector: - beta.kubernetes.io/os: linux serviceAccountName: secrets-store-csi-driver hostNetwork: true containers: @@ -45,12 +43,13 @@ spec: - name: registration-dir mountPath: /registration - name: secrets-store - image: docker.io/deislabs/secrets-store-csi:v0.0.11 + image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.12 args: - "--debug=true" - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" - "--provider-volume=/etc/kubernetes/secrets-store-csi-providers" + - "--metrics-addr=:8080" env: - name: CSI_ENDPOINT value: unix:///csi/csi.sock @@ -83,12 +82,13 @@ spec: - name: providers-dir mountPath: /etc/kubernetes/secrets-store-csi-providers - name: liveness-probe - image: quay.io/k8scsi/livenessprobe:v1.1.0 + image: quay.io/k8scsi/livenessprobe:v2.0.0 imagePullPolicy: Always args: - --csi-address=/csi/csi.sock - --probe-timeout=3s - --health-port=9808 + - -v=2 volumeMounts: - name: plugin-dir mountPath: /csi @@ -109,3 +109,5 @@ spec: hostPath: path: /etc/kubernetes/secrets-store-csi-providers type: DirectoryOrCreate + nodeSelector: + kubernetes.io/os: linux diff --git a/files/secrets-store/secretproviderclasses-role-ClusterRole.yaml b/files/secrets-store/secretproviderclasses-role-ClusterRole.yaml index 093e607..0ae0e1b 100644 --- a/files/secrets-store/secretproviderclasses-role-ClusterRole.yaml +++ b/files/secrets-store/secretproviderclasses-role-ClusterRole.yaml @@ -11,6 +11,7 @@ rules: - get - list - update + - watch - apiGroups: - secrets-store.csi.x-k8s.io resources: @@ -19,6 +20,7 @@ rules: - get - patch - update + - watch - apiGroups: - "" resources: @@ -28,3 +30,26 @@ rules: - delete - get - update + - patch + - list + - watch +- apiGroups: + - secrets-store.csi.x-k8s.io + resources: + - secretproviderclasspodstatuses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - secrets-store.csi.x-k8s.io + resources: + - secretproviderclasspodstatuses/status + verbs: + - get + - update + - patch diff --git a/files/secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml b/files/secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml index 117a6b7..9b0466b 100644 --- a/files/secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml +++ b/files/secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 + controller-gen.kubebuilder.io/version: v0.3.0 creationTimestamp: null name: secretproviderclasses.secrets-store.csi.x-k8s.io spec: @@ -21,12 +21,12 @@ spec: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object