Skip to content
This repository was archived by the owner on Oct 12, 2023. It is now read-only.

Commit 388ef37

Browse files
aramasearamase
authored
chore: update helm charts, docs for release 1.6.1 (#631)
* update helm charts, docs for release 1.6.1 * Review feedback
1 parent 7ba781f commit 388ef37

12 files changed

+85
-22
lines changed

CHANGELOG-1.6.md

+31-1
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,34 @@
1-
:warning: v1.6.0 contains breaking changes. Please carefully review this [doc](README.md#v160-breaking-change) before upgrade from 1.x.x versions of pod-identity.
1+
:warning: v1.6.0+ contains breaking changes. Please carefully review this [doc](README.md#v160-breaking-change) before upgrade from 1.x.x versions of pod-identity.
2+
3+
# v1.6.1
4+
5+
### Features
6+
- re-initialize MIC cloud client when cloud config is updated ([#590](https://github.com/Azure/aad-pod-identity/pull/590))
7+
- add finalizer for assigned identity ([#593](https://github.com/Azure/aad-pod-identity/pull/593))
8+
- make update user msi calls retriable ([#601](https://github.com/Azure/aad-pod-identity/pull/601))
9+
10+
### Bug Fixes
11+
- Fix issue that caused failures with long pod name > 63 chars ([#545](https://github.com/Azure/aad-pod-identity/pull/545))
12+
- Fix updating assigned identity when azure identity updated ([#559](https://github.com/Azure/aad-pod-identity/pull/559))
13+
14+
### Other Improvements
15+
- Add linting tools in Makefile ([#551](https://github.com/Azure/aad-pod-identity/pull/551))
16+
- Code clean up and enable linting tools in CI ([#597](https://github.com/Azure/aad-pod-identity/pull/597))
17+
- change to 404 instead if no azure identity found ([#629](https://github.com/Azure/aad-pod-identity/pull/629))
18+
19+
### Documentation
20+
- document required role assignments ([#592](https://github.com/Azure/aad-pod-identity/pull/592))
21+
- add `--subscription` parameter to az cli commands ([#602](https://github.com/Azure/aad-pod-identity/pull/602))
22+
- add mic pod exception to deployment ([#611](https://github.com/Azure/aad-pod-identity/pull/611))
23+
- reduce ambiguity in demo and role assignment docs ([#620](https://github.com/Azure/aad-pod-identity/pull/620))
24+
- add support information to readme ([#623](https://github.com/Azure/aad-pod-identity/pull/623))
25+
- update docs for pod-identity exception ([#624](https://github.com/Azure/aad-pod-identity/pull/624))
26+
27+
### Helm
28+
29+
- make cloud config configurable in helm chart ([#598](https://github.com/Azure/aad-pod-identity/pull/598))
30+
- Support multiple identities in helm chart ([#457](https://github.com/Azure/aad-pod-identity/pull/457))
31+
232

333
# v1.6.0
434

charts/aad-pod-identity-2.0.0.tgz

10.3 KB
Binary file not shown.

charts/aad-pod-identity/Chart.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ apiVersion: v1
22
description: Deploy components for aad-pod-identity
33
name: aad-pod-identity
44
version: 2.0.0
5-
appVersion: 1.6.0
5+
appVersion: 1.6.1
66
home: https://github.com/Azure/aad-pod-identity
77
sources:
88
- https://github.com/Azure/aad-pod-identity

charts/aad-pod-identity/README.md

+4-2
Original file line numberDiff line numberDiff line change
@@ -186,7 +186,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch
186186
| `adminsecret.clientID` | Azure service principal clientID | ` ` |
187187
| `adminsecret.clientSecret` | Azure service principal clientSecret | ` ` |
188188
| `mic.image` | MIC image name | `mic` |
189-
| `mic.tag` | MIC image tag | `1.6.0` |
189+
| `mic.tag` | MIC image tag | `1.6.1` |
190190
| `mic.PriorityClassName` | MIC priority class (can only be set when deploying to kube-system namespace) | |
191191
| `mic.logVerbosity` | Log level. Uses V logs (glog) | `0` |
192192
| `mic.resources` | Resource limit for MIC | `{}` |
@@ -201,8 +201,10 @@ The following tables list the configurable parameters of the aad-pod-identity ch
201201
| `mic.syncRetryDuration` | Override interval in seconds at which sync loop should periodically check for errors and reconcile | If not provided, default value is `3600s` |
202202
| `mic.immutableUserMSIs` | List of user-defined identities that shouldn't be deleted from VM/VMSS. | If not provided, default value is empty |
203203
| `mic.cloudConfig` | The cloud configuration used to authenticate with Azure | If not provided, default value is `/etc/kubernetes/azure.json` |
204+
| `mic.updateUserMSIMaxRetry` | The maximum retry of UpdateUserMSI call in case of assignment errors | If not provided, default value is `2` |
205+
| `mic.updateUserMSIRetryInterval` | The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors | If not provided, default value is `1s` |
204206
| `nmi.image` | NMI image name | `nmi` |
205-
| `nmi.tag` | NMI image tag | `1.6.0` |
207+
| `nmi.tag` | NMI image tag | `1.6.1` |
206208
| `nmi.PriorityClassName` | NMI priority class (can only be set when deploying to kube-system namespace) | |
207209
| `nmi.resources` | Resource limit for NMI | `{}` |
208210
| `nmi.podAnnotations` | Pod annotations for NMI | `{}` |

charts/aad-pod-identity/templates/mic-deployment.yaml

+6
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,12 @@ spec:
6969
{{- if .Values.mic.prometheusPort }}
7070
- --prometheus-port={{ .Values.mic.prometheusPort }}
7171
{{- end }}
72+
{{- if .Values.mic.updateUserMSIMaxRetry }}
73+
- --update-user-msi-max-retry={{ .Values.mic.updateUserMSIMaxRetry }}
74+
{{- end }}
75+
{{- if .Values.mic.updateUserMSIRetryInterval }}
76+
- --update-user-msi-retry-interval={{ .Values.mic.updateUserMSIRetryInterval }}
77+
{{- end }}
7278
env:
7379
- name: MIC_POD_NAMESPACE
7480
valueFrom:

charts/aad-pod-identity/values.yaml

+12-2
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ operationMode: "standard"
3838

3939
mic:
4040
image: mic
41-
tag: 1.6.0
41+
tag: 1.6.1
4242

4343
priorityClassName: ""
4444

@@ -101,9 +101,19 @@ mic:
101101
# cloud configuration used to authenticate with Azure
102102
cloudConfig: "/etc/kubernetes/azure.json"
103103

104+
# The maximum retry of UpdateUserMSI call. MIC updates all the identities in a batch. If a single identity contains an error
105+
# or is invalid, then the entire operation fails. Configuring this flag will make MIC retry by removing the erroneous identities
106+
# returned in the error
107+
# Default value is 2.
108+
updateUserMSIMaxRetry: ""
109+
110+
# The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors
111+
# Default value is 1s
112+
updateUserMSIRetryInterval: ""
113+
104114
nmi:
105115
image: nmi
106-
tag: 1.6.0
116+
tag: 1.6.1
107117

108118
priorityClassName: ""
109119

charts/index.yaml

+22-7
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,24 @@
11
apiVersion: v1
22
entries:
33
aad-pod-identity:
4+
- apiVersion: v1
5+
appVersion: 1.6.1
6+
created: "2020-05-22T14:56:07.980088-07:00"
7+
description: Deploy components for aad-pod-identity
8+
digest: 2f1a2cdd4b89a93bca6e5e14cc4f701f6f9b774b51cbfdd5ca269c1be0c455af
9+
home: https://github.com/Azure/aad-pod-identity
10+
maintainers:
11+
- email: anish.ramasekar@gmail.com
12+
name: aramase
13+
name: aad-pod-identity
14+
sources:
15+
- https://github.com/Azure/aad-pod-identity
16+
urls:
17+
- https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-2.0.0.tgz
18+
version: 2.0.0
419
- apiVersion: v1
520
appVersion: 1.6.0
6-
created: "2020-04-24T12:12:20.536485-07:00"
21+
created: "2020-05-22T14:56:07.978819-07:00"
722
description: Deploy components for aad-pod-identity
823
digest: 7753d4ca3f27f2abcf7def0733c8b3543483266435a2fb3b038b254385a1ef19
924
home: https://github.com/Azure/aad-pod-identity
@@ -18,7 +33,7 @@ entries:
1833
version: 1.6.0
1934
- apiVersion: v1
2035
appVersion: 1.5.5
21-
created: "2020-04-24T12:12:20.535282-07:00"
36+
created: "2020-05-22T14:56:07.972945-07:00"
2237
description: Deploy components for aad-pod-identity
2338
digest: 8cd12b380d1ae694d0c916409cd6747572f80e83bdbfec7ce806a496da37aa07
2439
home: https://github.com/Azure/aad-pod-identity
@@ -33,7 +48,7 @@ entries:
3348
version: 1.5.6
3449
- apiVersion: v1
3550
appVersion: 1.5.5
36-
created: "2020-04-24T12:12:20.533483-07:00"
51+
created: "2020-05-22T14:56:07.970997-07:00"
3752
description: Deploy components for aad-pod-identity
3853
digest: a35ceab66397ef58df6b60cb446445e68baaced1d7526690896dcfba21758abb
3954
home: https://github.com/Azure/aad-pod-identity
@@ -48,7 +63,7 @@ entries:
4863
version: 1.5.5
4964
- apiVersion: v1
5065
appVersion: 1.5.4
51-
created: "2020-04-24T12:12:20.531964-07:00"
66+
created: "2020-05-22T14:56:07.969295-07:00"
5267
description: Deploy components for aad-pod-identity
5368
digest: b04a1510d3bb0f9afb5e3f7a9ba9af313027615cbb6d480050b992423819e13f
5469
home: https://github.com/Azure/aad-pod-identity
@@ -63,7 +78,7 @@ entries:
6378
version: 1.5.4
6479
- apiVersion: v1
6580
appVersion: 1.5.3
66-
created: "2020-04-24T12:12:20.530686-07:00"
81+
created: "2020-05-22T14:56:07.94658-07:00"
6782
description: Deploy components for aad-pod-identity
6883
digest: 3dab91c7f115d23123f863eeea1c93a34640a42ac1e7052600020600fbfa55ad
6984
home: https://github.com/Azure/aad-pod-identity
@@ -78,7 +93,7 @@ entries:
7893
version: 1.5.3
7994
- apiVersion: v1
8095
appVersion: 1.5.2
81-
created: "2020-04-24T12:12:20.529371-07:00"
96+
created: "2020-05-22T14:56:07.943989-07:00"
8297
description: Deploy components for aad-pod-identity
8398
digest: 58a8ea212a1461f72ce17be5b767dac920d0f56803c026320a16c22de3ed365a
8499
home: https://github.com/Azure/aad-pod-identity
@@ -91,4 +106,4 @@ entries:
91106
urls:
92107
- https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-1.5.2.tgz
93108
version: 1.5.2
94-
generated: "2020-04-24T12:12:20.526788-07:00"
109+
generated: "2020-05-22T14:56:07.927709-07:00"

deploy/infra/deployment-rbac.yaml

+2-2
Original file line numberDiff line numberDiff line change
@@ -121,7 +121,7 @@ spec:
121121
name: iptableslock
122122
containers:
123123
- name: nmi
124-
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.0"
124+
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1"
125125
imagePullPolicy: Always
126126
args:
127127
- "--host-ip=$(HOST_IP)"
@@ -233,7 +233,7 @@ spec:
233233
serviceAccountName: aad-pod-id-mic-service-account
234234
containers:
235235
- name: mic
236-
image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.0"
236+
image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.1"
237237
imagePullPolicy: Always
238238
args:
239239
- "--cloudconfig=/etc/kubernetes/azure.json"

deploy/infra/deployment.yaml

+2-2
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ spec:
7777
name: iptableslock
7878
containers:
7979
- name: nmi
80-
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.0"
80+
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1"
8181
imagePullPolicy: Always
8282
args:
8383
- "--host-ip=$(HOST_IP)"
@@ -134,7 +134,7 @@ spec:
134134
spec:
135135
containers:
136136
- name: mic
137-
image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.0"
137+
image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.1"
138138
imagePullPolicy: Always
139139
args:
140140
- "--kubeconfig=/etc/kubernetes/kubeconfig/kubeconfig"

deploy/infra/managed-mode-deployment.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ spec:
106106
name: iptableslock
107107
containers:
108108
- name: nmi
109-
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.0"
109+
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1"
110110
imagePullPolicy: Always
111111
args:
112112
- "--host-ip=$(HOST_IP)"

deploy/infra/noazurejson/deployment-rbac.yaml

+2-2
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@ spec:
119119
name: iptableslock
120120
containers:
121121
- name: nmi
122-
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.0"
122+
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1"
123123
imagePullPolicy: Always
124124
args:
125125
- "--host-ip=$(HOST_IP)"
@@ -243,7 +243,7 @@ spec:
243243
serviceAccountName: aad-pod-id-mic-service-account
244244
containers:
245245
- name: mic
246-
image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.0"
246+
image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.1"
247247
imagePullPolicy: Always
248248
args:
249249
- "--logtostderr"

deploy/infra/noazurejson/deployment.yaml

+2-2
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@ spec:
7575
name: iptableslock
7676
containers:
7777
- name: nmi
78-
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.0"
78+
image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1"
7979
imagePullPolicy: Always
8080
args:
8181
- "--host-ip=$(HOST_IP)"
@@ -146,7 +146,7 @@ spec:
146146
spec:
147147
containers:
148148
- name: mic
149-
image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.0"
149+
image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.1"
150150
imagePullPolicy: Always
151151
args:
152152
- "--kubeconfig=/etc/kubernetes/kubeconfig/kubeconfig"

0 commit comments

Comments
 (0)