helm/secret-store-csi-driver/secrets-store-csi-driver 0.1.0

v0.1.0

on Artifact Hub

Announcement 📢

• --filtered-watch-secret has been enabled by default in v0.1.0 release. Refer to #550 for more info.
• Note to Providers: Return files in gRPC responses to the driver is now the recommended approach. See #551
• CustomResourceDefinitions in helm charts have been moved from templates to crds directory. pre-upgrade hooks have been added to manage the lifecycle of CRDs during install/upgrade.
• ❗ Rollback to previous helm chart versions after installing v0.1.0 will result in an error.

Breaking Changes ⚠️

• syncSecret.enabled has been set to false by default. This means the RBAC clusterrole and clusterrolebinding required for sync mounted content as Kubernetes secret will no longer be created by default as part of helm install/upgrade. If you're using the driver to sync mounted content as Kubernetes secret, you'll need to set syncSecret.enabled=true as part of helm install/upgrade.
• --filtered-watch-secret has been enabled by default in v0.1.0 release. Refer to #550 for more info. If you're using nodePublishSecretRef in the volume, refer to https://secrets-store-csi-driver.sigs.k8s.io/load-tests.html on actions to take before upgrade.
• Refer to https://secrets-store-csi-driver.sigs.k8s.io/getting-started/upgrades.html#pre-v010 before upgrade

Features 🌈

• set filtered-watch-secret to true by default for nodePublishSecretRef (#594, @aramase)
• use DynamicRESTMapper for manager (#608, @aramase)
• add possibility to annotate the created secret with CSI driver (#612, @tetianakravchenko)
• Initial implementation of token request (#471, @micahhausler)

Bug Fixes 🐞

• fix Windows nodes compatibility issues in pod definition (#625, @georgechang)
• fix CVE-2021-33910 (#645, @aramase)

Documentation 📘

• Debugging (#556, @nilekhc)
• Release management (#555, @nilekhc)
• update master to main release (#616, @ikarldasan)
• link and mention optional features (#627, @tam7t)
• use testgrid for readme test status (#631, @tam7t)
• adds note about crd upgrade (#642, @nilekhc)

Testing 💚

• add e2e for filtered-watch-secret=false (#596, @aramase)
• add kubernetes.io/os nodeselector for azure tests (#626, @aramase)
• use kubectl wait to check if pods ready (#628, @aramase)
• implements e2e upgrade test (#602, @nilekhc)
• ensure pod deletion is successful (#599, @tam7t)
• include more debug info in artifacts (#632, @tam7t)
• get logs for sidecar containers (#638, @aramase)
• gcp use workload id instead of node publish (#641, @tam7t)
• add driver-crd image to e2e-helm-upgrade target (#657, @aramase)

Helm 📈

• ❗ Move crds to crds dir for helm3 and installCRDs flag for supporting helm3 ( #289, @Evalle)
• move default annotations out of conditional (#629, @aramase)
• Crd upgrade via helm hooks (#623, @nilekhc)
• add keep-crd upgrade hook (#656, @aramase)

Maintenance 🔧

• upgrades controller-runtime to v0.9.0 (#593, @nilekhc)
• update to debian-base v1.7.2 and update packages to fix CVEs (#603, @aramase)
• add warning message for sync secret forbidden error (#606, @aramase)
• update debian base to buster-v1.8.0 (#609, @aramase)
• removes local cache used for rotation (#598, @nilekhc)
• revert changes from deploy and add to manifest_staging (#630, @aramase)
• switch to using distroless base image for driver-crds (#643, @aramase)

Driver images are hosted in GCR at k8s.gcr.io/csi-secrets-store/driver