11 changed files with 32 additions and 80 deletions
--- a/files/longhorn/longhorn-driver-deployer-Deployment.yaml
+++ b/files/longhorn/longhorn-driver-deployer-Deployment.yaml
@ -15,18 +15,18 @@ spec:
    spec:
      initContainers:
        - name: wait-longhorn-manager
-          image: longhornio/longhorn-manager:v1.0.2
+          image: longhornio/longhorn-manager:v1.0.1
          command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done']
      containers:
        - name: longhorn-driver-deployer
-          image: longhornio/longhorn-manager:v1.0.2
+          image: longhornio/longhorn-manager:v1.0.1
          imagePullPolicy: IfNotPresent
          command:
          - longhorn-manager
          - -d
          - deploy-driver
          - --manager-image
-          - longhornio/longhorn-manager:v1.0.2
+          - longhornio/longhorn-manager:v1.0.1
          - --manager-url
          - http://longhorn-backend:9500/v1
          env:
--- a/files/longhorn/longhorn-manager-DaemonSet.yaml
+++ b/files/longhorn/longhorn-manager-DaemonSet.yaml
@ -16,7 +16,7 @@ spec:
    spec:
      containers:
      - name: longhorn-manager
-        image: longhornio/longhorn-manager:v1.0.2
+        image: longhornio/longhorn-manager:v1.0.1
        imagePullPolicy: IfNotPresent
        securityContext:
          privileged: true
@ -25,11 +25,11 @@ spec:
        - -d
        - daemon
        - --engine-image
-        - longhornio/longhorn-engine:v1.0.2
+        - longhornio/longhorn-engine:v1.0.1
        - --instance-manager-image
        - longhornio/longhorn-instance-manager:v1_20200514
        - --manager-image
-        - longhornio/longhorn-manager:v1.0.2
+        - longhornio/longhorn-manager:v1.0.1
        - --service-account
        - longhorn-service-account
        ports:
@ -45,7 +45,6 @@ spec:
          mountPath: /host/proc/
        - name: varrun
          mountPath: /var/run/
-          mountPropagation: Bidirectional
        - name: longhorn
          mountPath: /var/lib/longhorn/
          mountPropagation: Bidirectional
--- a/files/longhorn/longhorn-psp-PodSecurityPolicy.yaml
+++ b/files/longhorn/longhorn-psp-PodSecurityPolicy.yaml
@ -1,29 +0,0 @@
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: longhorn-psp
-spec:
-  privileged: true
-  allowPrivilegeEscalation: true
-  requiredDropCapabilities:
-    - NET_RAW
-  allowedCapabilities:
-    - SYS_ADMIN
-  hostNetwork: false
-  hostIPC: false
-  hostPID: true
-  runAsUser:
-    rule: RunAsAny
-  seLinux:
-    rule: RunAsAny
-  fsGroup:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  volumes:
-    - configMap
-    - downwardAPI
-    - emptyDir
-    - secret
-    - projected
-    - hostPath
--- a/files/longhorn/longhorn-psp-binding-RoleBinding.yaml
+++ b/files/longhorn/longhorn-psp-binding-RoleBinding.yaml
@ -1,16 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: longhorn-psp-binding
-  namespace: longhorn-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: longhorn-psp-role
-subjects:
-  - kind: ServiceAccount
-    name: longhorn-service-account
-    namespace: longhorn-system
-  - kind: ServiceAccount
-    name: default
-    namespace: longhorn-system
--- a/files/longhorn/longhorn-psp-role-Role.yaml
+++ b/files/longhorn/longhorn-psp-role-Role.yaml
@ -1,14 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: longhorn-psp-role
-  namespace: longhorn-system
-rules:
-  - apiGroups:
-      - policy
-    resources:
-      - podsecuritypolicies
-    verbs:
-      - use
-    resourceNames:
-      - longhorn-psp
--- a/files/longhorn/longhorn-ui-Deployment.yaml
+++ b/files/longhorn/longhorn-ui-Deployment.yaml
@ -17,7 +17,7 @@ spec:
    spec:
      containers:
      - name: longhorn-ui
-        image: longhornio/longhorn-ui:v1.0.2
+        image: longhornio/longhorn-ui:v1.0.1
        imagePullPolicy: IfNotPresent
        securityContext:
          runAsUser: 0
--- a/files/secrets-store/csi-secrets-store-DaemonSet.yaml
+++ b/files/secrets-store/csi-secrets-store-DaemonSet.yaml
@ -43,7 +43,7 @@ spec:
            - name: registration-dir
              mountPath: /registration
        - name: secrets-store
-          image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.13
+          image: us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver:v0.0.12
          args:
            - "--debug=true"
            - "--endpoint=$(CSI_ENDPOINT)"
--- a/files/secrets-store/secretproviderclasses-role-ClusterRole.yaml
+++ b/files/secrets-store/secretproviderclasses-role-ClusterRole.yaml
@ -1,7 +1,6 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  creationTimestamp: null
  name: secretproviderclasses-role
 rules:
 - apiGroups:
@ -11,6 +10,28 @@ rules:
  verbs:
  - get
  - list
+  - update
+  - watch
+- apiGroups:
+  - secrets-store.csi.x-k8s.io
+  resources:
+  - secretproviderclasses/status
+  verbs:
+  - get
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - update
+  - patch
+  - list
  - watch
 - apiGroups:
  - secrets-store.csi.x-k8s.io
@ -30,5 +51,5 @@ rules:
  - secretproviderclasspodstatuses/status
  verbs:
  - get
-  - patch
  - update
+  - patch
--- a/files/secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml
+++ b/files/secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml
@ -12,7 +12,6 @@ spec:
    listKind: SecretProviderClassList
    plural: secretproviderclasses
    singular: secretproviderclass
-  preserveUnknownFields: false
  scope: Namespaced
  validation:
    openAPIV3Schema:
@ -60,11 +59,6 @@ spec:
                          type: string
                      type: object
                    type: array
-                  labels:
-                    additionalProperties:
-                      type: string
-                    description: labels of K8s secret object
-                    type: object
                  secretName:
                    description: name of the K8s secret object
                    type: string
--- a/vars/longhorn.yaml
+++ b/vars/longhorn.yaml
@ -12,9 +12,6 @@ storage_longhorn_files_list:
  - "nodes.longhorn.io-CustomResourceDefinition.yaml"
  - "instancemanagers.longhorn.io-CustomResourceDefinition.yaml"
  - "longhorn-default-setting-ConfigMap.yaml"
-  - "longhorn-psp-PodSecurityPolicy.yaml"
-  - "longhorn-psp-role-Role.yaml"
-  - "longhorn-psp-binding-RoleBinding.yaml"
  - "longhorn-manager-DaemonSet.yaml"
  - "longhorn-backend-Service.yaml"
  - "longhorn-ui-Deployment.yaml"
--- a/vars/secrets_store_files_list.yml
+++ b/vars/secrets_store_files_list.yml
@ -1,7 +1,7 @@
 ---
 secrets_store_files:
-  - "secrets-store/secrets-store-csi-driver-ServiceAccount.yaml"
  - "secrets-store/secretproviderclasses-role-ClusterRole.yaml"
+  - "secrets-store/secrets-store-csi-driver-ServiceAccount.yaml"
  - "secrets-store/secretproviderclasses-rolebinding-ClusterRoleBinding.yaml"
  - "secrets-store/secrets-store.csi.k8s.io-CSIDriver.yaml"
  - "secrets-store/secretproviderclasses.secrets-store.csi.x-k8s.io-CustomResourceDefinition.yaml"