update manifests and helm chart for 1.6.2 (#709)

aramase · web-flow · commit d3072a93280a · 2020-07-24T16:04:38.000-07:00
diff --git a/CHANGELOG-1.6.md b/CHANGELOG-1.6.md
@@ -1,5 +1,49 @@
 :warning: v1.6.0+ contains breaking changes. Please carefully review this [doc](README.md#v160-breaking-change) before upgrade from 1.x.x versions of pod-identity.
 
+# v1.6.2
+
+### Features
+
+- Acquire an token with the certificate of service principal ([#517](https://github.com/Azure/aad-pod-identity/pull/517))
+- Handle MSI auth requests by ResourceID ([#540](https://github.com/Azure/aad-pod-identity/pull/540))
+- make NMI listen only on localhost ([#658](https://github.com/Azure/aad-pod-identity/pull/658))
+- trigger MIC sync when a pod label changes ([#682](https://github.com/Azure/aad-pod-identity/pull/682))
+
+### Bug Fixes
+
+- check iptable rules match expected ([#663](https://github.com/Azure/aad-pod-identity/pull/663))
+
+### Other Improvements
+
+- update base image with debian base ([#641](https://github.com/Azure/aad-pod-identity/pull/641))
+- update node selector label to kubernetes.io/os ([#652](https://github.com/Azure/aad-pod-identity/pull/652))
+- better error messages and handling ([#666](https://github.com/Azure/aad-pod-identity/pull/666))
+- add default known types to scheme ([#668](https://github.com/Azure/aad-pod-identity/pull/668))
+- Remove unused cert volumes from mic deployment ([#670](https://github.com/Azure/aad-pod-identity/pull/670))
+
+### Documentation
+
+- update typed namespacedname case for sp example ([#649](https://github.com/Azure/aad-pod-identity/pull/649))
+- list components prometheus enpoints ([#660](https://github.com/Azure/aad-pod-identity/pull/660))
+- add helm upgrade guide and known issues ([#683](https://github.com/Azure/aad-pod-identity/pull/683))
+- add requirements to PR template and test standard to CONTRIBUTING.md ([#706](https://github.com/Azure/aad-pod-identity/pull/706))
+
+### Helm
+
+- add aks add-on exception in kube-system ([#634](https://github.com/Azure/aad-pod-identity/pull/634))
+- disable crd-install when using Helm 3 ([#642](https://github.com/Azure/aad-pod-identity/pull/642))
+- update default http probe port at deploy to 8085 ([#708](https://github.com/Azure/aad-pod-identity/pull/708))
+
+### Test Improvements
+
+- new test framework for aad-pod-identity ([#640](https://github.com/Azure/aad-pod-identity/pull/640))
+- convert e2e test cases from old to new framework ([#650](https://github.com/Azure/aad-pod-identity/pull/650)), ([#656](https://github.com/Azure/aad-pod-identity/pull/656)), ([#662](https://github.com/Azure/aad-pod-identity/pull/662)), ([#664](https://github.com/Azure/aad-pod-identity/pull/664)), ([#667](https://github.com/Azure/aad-pod-identity/pull/667)), ([#680](https://github.com/Azure/aad-pod-identity/pull/680))
+- add soak testing as part of nightly build & test and remove Jenkinsfile ([#687](https://github.com/Azure/aad-pod-identity/pull/687))
+- update e2e suite to remove flakes ([#693](https://github.com/Azure/aad-pod-identity/pull/693)), ([#695](https://github.com/Azure/aad-pod-identity/pull/695)), ([#697](https://github.com/Azure/aad-pod-identity/pull/697)), ([#699](https://github.com/Azure/aad-pod-identity/pull/699)), ([#701](https://github.com/Azure/aad-pod-identity/pull/701))
+- add e2e tests with resource id ([#696](https://github.com/Azure/aad-pod-identity/pull/696))
+- add code coverage as part of CI ([#705](https://github.com/Azure/aad-pod-identity/pull/705))
+
+
 # v1.6.1
 
 ### Features
diff --git a/charts/aad-pod-identity-2.0.1.tgz b/charts/aad-pod-identity-2.0.1.tgz
diff --git a/charts/aad-pod-identity/Chart.yaml b/charts/aad-pod-identity/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 description: Deploy components for aad-pod-identity
 name: aad-pod-identity
-version: 2.0.0
-appVersion: 1.6.1
+version: 2.0.1
+appVersion: 1.6.2
 home: https://github.com/Azure/aad-pod-identity
 sources:
   - https://github.com/Azure/aad-pod-identity
diff --git a/charts/aad-pod-identity/README.md b/charts/aad-pod-identity/README.md
diff --git a/charts/aad-pod-identity/values.yaml b/charts/aad-pod-identity/values.yaml
@@ -38,7 +38,7 @@ operationMode: "standard"
 
 mic:
   image: mic
-  tag: 1.6.1
+  tag: 1.6.2
 
   priorityClassName: ""
 
@@ -113,7 +113,7 @@ mic:
 
 nmi:
   image: nmi
-  tag: 1.6.1
+  tag: 1.6.2
 
   priorityClassName: ""
 
diff --git a/charts/index.yaml b/charts/index.yaml
@@ -1,9 +1,24 @@
 apiVersion: v1
 entries:
   aad-pod-identity:
+  - apiVersion: v1
+    appVersion: 1.6.2
+    created: "2020-07-24T14:28:04.610381-07:00"
+    description: Deploy components for aad-pod-identity
+    digest: 01245ef2726b40c098d56856f16eb868fc7ea226190a4f3f072c2ecec857fccb
+    home: https://github.com/Azure/aad-pod-identity
+    maintainers:
+    - email: anish.ramasekar@gmail.com
+      name: aramase
+    name: aad-pod-identity
+    sources:
+    - https://github.com/Azure/aad-pod-identity
+    urls:
+    - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-2.0.1.tgz
+    version: 2.0.1
   - apiVersion: v1
     appVersion: 1.6.1
-    created: "2020-05-22T14:56:07.980088-07:00"
+    created: "2020-07-24T14:28:04.609238-07:00"
     description: Deploy components for aad-pod-identity
     digest: 2f1a2cdd4b89a93bca6e5e14cc4f701f6f9b774b51cbfdd5ca269c1be0c455af
     home: https://github.com/Azure/aad-pod-identity
@@ -18,7 +33,7 @@ entries:
     version: 2.0.0
   - apiVersion: v1
     appVersion: 1.6.0
-    created: "2020-05-22T14:56:07.978819-07:00"
+    created: "2020-07-24T14:28:04.608137-07:00"
     description: Deploy components for aad-pod-identity
     digest: 7753d4ca3f27f2abcf7def0733c8b3543483266435a2fb3b038b254385a1ef19
     home: https://github.com/Azure/aad-pod-identity
@@ -33,7 +48,7 @@ entries:
     version: 1.6.0
   - apiVersion: v1
     appVersion: 1.5.5
-    created: "2020-05-22T14:56:07.972945-07:00"
+    created: "2020-07-24T14:28:04.60689-07:00"
     description: Deploy components for aad-pod-identity
     digest: 8cd12b380d1ae694d0c916409cd6747572f80e83bdbfec7ce806a496da37aa07
     home: https://github.com/Azure/aad-pod-identity
@@ -48,7 +63,7 @@ entries:
     version: 1.5.6
   - apiVersion: v1
     appVersion: 1.5.5
-    created: "2020-05-22T14:56:07.970997-07:00"
+    created: "2020-07-24T14:28:04.605475-07:00"
     description: Deploy components for aad-pod-identity
     digest: a35ceab66397ef58df6b60cb446445e68baaced1d7526690896dcfba21758abb
     home: https://github.com/Azure/aad-pod-identity
@@ -63,7 +78,7 @@ entries:
     version: 1.5.5
   - apiVersion: v1
     appVersion: 1.5.4
-    created: "2020-05-22T14:56:07.969295-07:00"
+    created: "2020-07-24T14:28:04.604594-07:00"
     description: Deploy components for aad-pod-identity
     digest: b04a1510d3bb0f9afb5e3f7a9ba9af313027615cbb6d480050b992423819e13f
     home: https://github.com/Azure/aad-pod-identity
@@ -78,7 +93,7 @@ entries:
     version: 1.5.4
   - apiVersion: v1
     appVersion: 1.5.3
-    created: "2020-05-22T14:56:07.94658-07:00"
+    created: "2020-07-24T14:28:04.603611-07:00"
     description: Deploy components for aad-pod-identity
     digest: 3dab91c7f115d23123f863eeea1c93a34640a42ac1e7052600020600fbfa55ad
     home: https://github.com/Azure/aad-pod-identity
@@ -93,7 +108,7 @@ entries:
     version: 1.5.3
   - apiVersion: v1
     appVersion: 1.5.2
-    created: "2020-05-22T14:56:07.943989-07:00"
+    created: "2020-07-24T14:28:04.601707-07:00"
     description: Deploy components for aad-pod-identity
     digest: 58a8ea212a1461f72ce17be5b767dac920d0f56803c026320a16c22de3ed365a
     home: https://github.com/Azure/aad-pod-identity
@@ -106,4 +121,4 @@ entries:
     urls:
     - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-1.5.2.tgz
     version: 1.5.2
-generated: "2020-05-22T14:56:07.927709-07:00"
+generated: "2020-07-24T14:28:04.600208-07:00"
diff --git a/deploy/infra/deployment-rbac.yaml b/deploy/infra/deployment-rbac.yaml
@@ -121,10 +121,9 @@ spec:
         name: iptableslock
       containers:
       - name: nmi
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.2"
         imagePullPolicy: Always
         args:
-          - "--host-ip=$(HOST_IP)"
           - "--node=$(NODE_NAME)"
           - "--http-probe-port=8085"
         env:
@@ -234,7 +233,7 @@ spec:
       serviceAccountName: aad-pod-id-mic-service-account
       containers:
       - name: mic
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.1"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.2"
         imagePullPolicy: Always
         args:
           - "--cloudconfig=/etc/kubernetes/azure.json"
diff --git a/deploy/infra/deployment.yaml b/deploy/infra/deployment.yaml
@@ -77,10 +77,9 @@ spec:
         name: iptableslock
       containers:
       - name: nmi
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.2"
         imagePullPolicy: Always
         args:
-          - "--host-ip=$(HOST_IP)"
           - "--node=$(NODE_NAME)"
           - "--http-probe-port=8085"
         env:
@@ -135,7 +134,7 @@ spec:
     spec:
       containers:
       - name: mic
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.1"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.2"
         imagePullPolicy: Always
         args:
           - "--kubeconfig=/etc/kubernetes/kubeconfig/kubeconfig"
@@ -157,9 +156,6 @@ spec:
           - name: kubeconfig
             mountPath: /etc/kubernetes/kubeconfig
             readOnly: true
-          - name: certificates
-            mountPath: /etc/kubernetes/certs
-            readOnly: true
           - name: k8s-azure-file
             mountPath: /etc/kubernetes/azure.json
             readOnly: true
@@ -173,9 +169,6 @@ spec:
       - name: kubeconfig
         hostPath:
           path: /var/lib/kubelet
-      - name: certificates
-        hostPath:
-          path: /etc/kubernetes/certs
       - name: k8s-azure-file
         hostPath:
           path: /etc/kubernetes/azure.json
diff --git a/deploy/infra/managed-mode-deployment.yaml b/deploy/infra/managed-mode-deployment.yaml
@@ -106,10 +106,9 @@ spec:
         name: iptableslock
       containers:
       - name: nmi
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.2"
         imagePullPolicy: Always
         args:
-          - "--host-ip=$(HOST_IP)"
           - "--node=$(NODE_NAME)"
           - "--operation-mode=managed"
           - "--forceNamespaced"
diff --git a/deploy/infra/noazurejson/deployment-rbac.yaml b/deploy/infra/noazurejson/deployment-rbac.yaml
@@ -119,10 +119,9 @@ spec:
         name: iptableslock
       containers:
       - name: nmi
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.2"
         imagePullPolicy: Always
         args:
-          - "--host-ip=$(HOST_IP)"
           - "--node=$(NODE_NAME)"
           - "--http-probe-port=8085"
         env:
@@ -244,7 +243,7 @@ spec:
       serviceAccountName: aad-pod-id-mic-service-account
       containers:
       - name: mic
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.1"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.2"
         imagePullPolicy: Always
         args:
           - "--logtostderr"
diff --git a/deploy/infra/noazurejson/deployment.yaml b/deploy/infra/noazurejson/deployment.yaml
@@ -75,10 +75,9 @@ spec:
         name: iptableslock
       containers:
       - name: nmi
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.1"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.6.2"
         imagePullPolicy: Always
         args:
-          - "--host-ip=$(HOST_IP)"
           - "--node=$(NODE_NAME)"
           - "--http-probe-port=8085"
         env:
@@ -147,7 +146,7 @@ spec:
     spec:
       containers:
       - name: mic
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.1"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.6.2"
         imagePullPolicy: Always
         args:
           - "--kubeconfig=/etc/kubernetes/kubeconfig/kubeconfig"
@@ -203,9 +202,6 @@ spec:
           - name: kubeconfig
             mountPath: /etc/kubernetes/kubeconfig
             readOnly: true
-          - name: certificates
-            mountPath: /etc/kubernetes/certs
-            readOnly: true
         livenessProbe:
           httpGet:
             path: /healthz
@@ -216,8 +212,5 @@ spec:
       - name: kubeconfig
         hostPath:
           path: /var/lib/kubelet
-      - name: certificates
-        hostPath:
-          path: /etc/kubernetes/certs
       nodeSelector:
         kubernetes.io/os: linux
diff --git a/test/e2e/README.md b/test/e2e/README.md
@@ -19,7 +19,7 @@ export KEYVAULT_SECRET_NAME="test-secret"
 The E2E test suite extracts runtime configurations through environment variables. Below is a list of environment variables to set before running the E2E test suite.
 
 | Variable                       | Description                                                                            |
-|--------------------------------|----------------------------------------------------------------------------------------|
+| ------------------------------ | -------------------------------------------------------------------------------------- |
 | `SUBSCRIPTION_ID`              | The Azure subscription ID.                                                             |
 | `RESOURCE_GROUP`               | The resource group of your Azure Kubernetes cluster.                                   |
 | `AZURE_CLIENT_ID`              | The client ID of your service principal.                                               |
@@ -68,7 +68,7 @@ spec:
   selector: keyvault-identity
 EOF
 
-kubectl run identityvalidator --image=mcr.microsoft.com/k8s/aad-pod-identity/identityvalidator:1.6.1 --labels=aadpodidbinding=keyvault-identity --command sleep -- 3600
+kubectl run identityvalidator --image=mcr.microsoft.com/k8s/aad-pod-identity/identityvalidator:1.6.2 --labels=aadpodidbinding=keyvault-identity --command sleep -- 3600
 
 kubectl exec identityvalidator -- identityvalidator \
                                   --subscription-id "$SUBSCRIPTION_ID" \
diff --git a/test/e2e/framework/config.go b/test/e2e/framework/config.go
@@ -20,10 +20,10 @@ type Config struct {
 	KeyvaultName             string `envconfig:"KEYVAULT_NAME"`
 	KeyvaultSecretName       string `envconfig:"KEYVAULT_SECRET_NAME"`
 	KeyvaultSecretVersion    string `envconfig:"KEYVAULT_SECRET_VERSION"`
-	MICVersion               string `envconfig:"MIC_VERSION" default:"1.6.1"`
-	NMIVersion               string `envconfig:"NMI_VERSION" default:"1.6.1"`
+	MICVersion               string `envconfig:"MIC_VERSION" default:"1.6.2"`
+	NMIVersion               string `envconfig:"NMI_VERSION" default:"1.6.2"`
 	Registry                 string `envconfig:"REGISTRY" default:"mcr.microsoft.com/k8s/aad-pod-identity"`
-	IdentityValidatorVersion string `envconfig:"IDENTITY_VALIDATOR_VERSION" default:"1.6.1"`
+	IdentityValidatorVersion string `envconfig:"IDENTITY_VALIDATOR_VERSION" default:"1.6.2"`
 	SystemMSICluster         bool   `envconfig:"SYSTEM_MSI_CLUSTER" default:"false"`
 	EnableScaleFeatures      bool   `envconfig:"ENABLE_SCALE_FEATURES" default:"false"`
 	ImmutableUserMSIs        string `envconfig:"IMMUTABLE_IDENTITY_CLIENT_ID"`
