From db9867f3c9d6b51573cc39db8a88f11f586d547d Mon Sep 17 00:00:00 2001
From: Adrien Reslinger <adrien@reslinger.net>
Date: Thu, 16 Dec 2021 22:02:09 +0100
Subject: [PATCH 1/3] Update Linode CSI driver

---
 ...i-controller-attacher-binding-ClusterRoleBinding.yaml | 2 +-
 ...ontroller-provisioner-binding-ClusterRoleBinding.yaml | 2 +-
 ...si-controller-resizer-binding-ClusterRoleBinding.yaml | 2 +-
 files/linode/csi-linode-controller-StatefulSet.yaml      | 2 +-
 files/linode/csi-linode-node-DaemonSet.yaml              | 9 ++++++++-
 5 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml b/files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml
index e2196e6..c08de2e 100644
--- a/files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml
+++ b/files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml
@@ -5,7 +5,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: external-attacher-runner
+  name: external-attacher-role
 subjects:
 - kind: ServiceAccount
   name: csi-controller-sa
diff --git a/files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml b/files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml
index 084723d..0afdda4 100644
--- a/files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml
+++ b/files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml
@@ -5,7 +5,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: external-provisioner-runner
+  name: external-provisioner-role
 subjects:
 - kind: ServiceAccount
   name: csi-controller-sa
diff --git a/files/linode/csi-controller-resizer-binding-ClusterRoleBinding.yaml b/files/linode/csi-controller-resizer-binding-ClusterRoleBinding.yaml
index 5437085..831447f 100644
--- a/files/linode/csi-controller-resizer-binding-ClusterRoleBinding.yaml
+++ b/files/linode/csi-controller-resizer-binding-ClusterRoleBinding.yaml
@@ -5,7 +5,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: external-resizer-runner
+  name: external-resizer-role
 subjects:
 - kind: ServiceAccount
   name: csi-controller-sa
diff --git a/files/linode/csi-linode-controller-StatefulSet.yaml b/files/linode/csi-linode-controller-StatefulSet.yaml
index aca3b92..47f06bb 100644
--- a/files/linode/csi-linode-controller-StatefulSet.yaml
+++ b/files/linode/csi-linode-controller-StatefulSet.yaml
@@ -78,7 +78,7 @@ spec:
             secretKeyRef:
               key: token
               name: linode
-        image: linode/linode-blockstorage-csi-driver:v0.4.0
+        image: linode/linode-blockstorage-csi-driver:v0.4.1
         imagePullPolicy: Always
         name: linode-csi-plugin
         volumeMounts:
diff --git a/files/linode/csi-linode-node-DaemonSet.yaml b/files/linode/csi-linode-node-DaemonSet.yaml
index ec5ad39..6dcfa0b 100644
--- a/files/linode/csi-linode-node-DaemonSet.yaml
+++ b/files/linode/csi-linode-node-DaemonSet.yaml
@@ -56,7 +56,7 @@ spec:
             secretKeyRef:
               key: token
               name: linode
-        image: linode/linode-blockstorage-csi-driver:v0.4.0
+        image: linode/linode-blockstorage-csi-driver:v0.4.1
         imagePullPolicy: Always
         name: csi-linode-plugin
         securityContext:
@@ -94,6 +94,13 @@ spec:
         - mountPath: /scripts
           name: get-linode-id
       serviceAccount: csi-node-sa
+      tolerations:
+      - effect: NoSchedule
+        operator: Exists
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - effect: NoExecute
+        operator: Exists
       volumes:
       - emptyDir: {}
         name: linode-info

From 66d6fe44265e1eb51b89cf833900b836ab14276d Mon Sep 17 00:00:00 2001
From: Adrien Reslinger <adrien@reslinger.net>
Date: Thu, 16 Dec 2021 22:40:36 +0100
Subject: [PATCH 2/3] Add secrets store gopass provider

---
 bin/update.sh                                 |  3 ++
 .../provider-gopass-installer.yaml            | 42 +++++++++++++++++++
 tasks/secrets-store.yml                       | 10 ++++-
 3 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 files/secrets-provider-gopass/provider-gopass-installer.yaml

diff --git a/bin/update.sh b/bin/update.sh
index 7c2a587..6f068e4 100755
--- a/bin/update.sh
+++ b/bin/update.sh
@@ -36,6 +36,9 @@ for i in do-block-storage-StorageClass.yaml do-block-storage-VolumeSnapshotClass
 done
 rm -fr files/digitalocean.old
 
+if [ ! -d files/secrets-provider-gopass ]; then mkdir files/secrets-provider-gopass; fi
+wget https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass/raw/master/deployment/provider-gopass-installer.yaml && \
+  \mv provider-gopass-installer.yaml files/secrets-provider-gopass/
 
 
 #https://github.com/scaleway/scaleway-csi
diff --git a/files/secrets-provider-gopass/provider-gopass-installer.yaml b/files/secrets-provider-gopass/provider-gopass-installer.yaml
new file mode 100644
index 0000000..74e1e90
--- /dev/null
+++ b/files/secrets-provider-gopass/provider-gopass-installer.yaml
@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    app: csi-secrets-store-provider-gopass
+  name: csi-secrets-store-provider-gopass
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: csi-secrets-store-provider-gopass
+  template:
+    metadata:
+      labels:
+        app: csi-secrets-store-provider-gopass
+    spec:
+      tolerations:
+      containers:
+        - name: provider-gopass-installer
+          image: camptocamp/secrets-store-csi-driver-provider-gopass:0.0.1
+          imagePullPolicy: Always
+          resources:
+            requests:
+              cpu: 50m
+              memory: 100Mi
+            limits:
+              cpu: 50m
+              memory: 100Mi
+          env:
+            # set TARGET_DIR env var and mount the same directory to to the container
+            - name: TARGET_DIR
+              value: "/etc/kubernetes/secrets-store-csi-providers"
+          volumeMounts:
+            - mountPath: "/etc/kubernetes/secrets-store-csi-providers"
+              name: providervol
+      volumes:
+        - name: providervol
+          hostPath:
+              path: "/etc/kubernetes/secrets-store-csi-providers"
+      nodeSelector:
+        beta.kubernetes.io/os: linux
diff --git a/tasks/secrets-store.yml b/tasks/secrets-store.yml
index 589ec22..00acb6f 100644
--- a/tasks/secrets-store.yml
+++ b/tasks/secrets-store.yml
@@ -26,10 +26,18 @@
       name: csi-secrets-store
       chart_ref: secrets-store-csi-driver/secrets-store-csi-driver
 
+  # https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass
+  - name: Deploy Secrets Store CSI driver provider gopass
+    kubernetes.core.k8s:
+      state: "{{ storage_secrets_store_state }}"
+      context: "{{ my_context }}"
+      namespace: "{{ storage_localpath_namespace }}"
+      apply: true
+      resource_definition: "{{ lookup('file', 'secrets-provider-gopass/provider-gopass-installer.yaml') | from_yaml }}"
+
   tags:
     - storage
     - secrets-store
 
-# https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass
 # https://github.com/hashicorp/vault-csi-provider
 # https://github.com/Azure/secrets-store-csi-driver-provider-azure

From 44059978765dc6f125c7d2dd3aede20074d26595 Mon Sep 17 00:00:00 2001
From: Adrien Reslinger <adrien@reslinger.net>
Date: Thu, 16 Dec 2021 23:31:56 +0100
Subject: [PATCH 3/3] Add Azure provider for secrets store

---
 tasks/secrets-store.yml | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/tasks/secrets-store.yml b/tasks/secrets-store.yml
index 00acb6f..791dc85 100644
--- a/tasks/secrets-store.yml
+++ b/tasks/secrets-store.yml
@@ -17,13 +17,14 @@
   - name: Defined Secrets Store repository
     kubernetes.core.helm_repository:
       name: secrets-store-csi-driver
-      repo_url: "https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts"
+      repo_url: "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts"
 
   - name: Deploy Secrets Store chart
     kubernetes.core.helm:
       context: "{{ my_context }}"
       state: "{{ storage_secrets_store_state }}"
       name: csi-secrets-store
+      namespace: "kube-system"
       chart_ref: secrets-store-csi-driver/secrets-store-csi-driver
 
   # https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass
@@ -31,13 +32,28 @@
     kubernetes.core.k8s:
       state: "{{ storage_secrets_store_state }}"
       context: "{{ my_context }}"
-      namespace: "{{ storage_localpath_namespace }}"
+      namespace: "kube-system"
       apply: true
       resource_definition: "{{ lookup('file', 'secrets-provider-gopass/provider-gopass-installer.yaml') | from_yaml }}"
 
+  # https://github.com/Azure/secrets-store-csi-driver-provider-azure
+  - name: Deploy Secrets Store CSI driver provider azure
+    kubernetes.core.helm_repository:
+      name: csi-secrets-store-provider-azure
+      repo_url: "https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts"
+  - name: Deploy Secrets Store chart
+    kubernetes.core.helm:
+      context: "{{ my_context }}"
+      state: "{{ storage_secrets_store_state }}"
+      name: csi-secrets-store-provider-azure
+      namespace: "kube-system"
+      chart_ref: csi-secrets-store-provider-azure/csi-secrets-store-provider-azure
+      values:
+        secrets-store-csi-driver:
+          install: false
+
   tags:
     - storage
     - secrets-store
 
 # https://github.com/hashicorp/vault-csi-provider
-# https://github.com/Azure/secrets-store-csi-driver-provider-azure