Announcement 📢
--filtered-watch-secret
has been enabled by default inv0.1.0
release. Refer to kubernetes-sigs/secrets-store-csi-driver#550 for more info.- CustomResourceDefinitions in helm charts have been moved from
templates
tocrds
directory.pre-upgrade
hooks have been added to manage the lifecycle of CRDs during install/upgrade.
Breaking Changes ⚠️
syncSecret.enabled
has been set to false by default. This means the RBAC clusterrole and clusterrolebinding required for sync mounted content as Kubernetes secret will no longer be created by default as part ofhelm install/upgrade
. If you're using the driver to sync mounted content as Kubernetes secret, you'll need to setsyncSecret.enabled=true
as part ofhelm install/upgrade
. Ref: https://azure.github.io/secrets-store-csi-driver-provider-azure/upgrading/#upgrading-to-helm-chart-version-0020--filtered-watch-secret
has been enabled by default inv0.1.0
release. Refer to kubernetes-sigs/secrets-store-csi-driver#550 for more info. If you're usingnodePublishSecretRef
in the volume, refer to https://secrets-store-csi-driver.sigs.k8s.io/load-tests.html on actions to take before upgrade.- Refer to https://secrets-store-csi-driver.sigs.k8s.io/getting-started/upgrades.html#pre-v010 before upgrade
Features 🌈
- default driver-write-secrets to true (#541, @aramase)
- update driver release to v0.1.0 (#587, @aramase)
Documentation 📘
- add syncSecret.enabled=true in helm install for load test (#538, @aramase)
- add note for syncSecret.enabled=true (#543, @aramase)
- set secrets-store-csi-driver.syncSecret.enabled for sync secret (#555, @aramase)
- add nodepublishsecretref namespace limitation (#559, @aramase)
- adds release management doc (#558, @nilekhc)
- adds sample cmds to test AKV connectivity (#562, @nilekhc)
- add note about the lifetime of synced k8s secrets (#572, @aramase)
Testing 💚
Helm 📈
- Added kubeletRootDir (#539, @dmcconnell-m)
- fix security context privileged for linux (#563, @aramase)
Maintenance 🔧
- bump glob-parent from 5.1.1 to 5.1.2 in /website (#540, @depandabot)
- bump postcss from 7.0.32 to 7.0.36 in /website (#545, @depandabot)
- set allowPrivilegeEscalation to false (#549, @nilekhc)
- log pod identity response for error (#554, @aramase)
- update kind version to v0.11.0 (#573, @aramase)
- update golangci-lint to v1.41.1 and enable additional linters (#574, @aramase)
- updates docker image to distroless (#578, @nilekhc)
- add release branch for pr pipeline (#581, @aramase)