From e818bb64f8217dc0036cb6181f8df24d86278879 Mon Sep 17 00:00:00 2001 From: Anish Ramasekar Date: Tue, 13 Dec 2022 10:26:18 -0800 Subject: [PATCH] release: update manifest and helm charts for v1.8.14 (#1370) Signed-off-by: Anish Ramasekar --- charts/aad-pod-identity-4.1.15.tgz | Bin 0 -> 17730 bytes charts/aad-pod-identity/Chart.yaml | 4 +-- charts/aad-pod-identity/README.md | 8 ++--- charts/aad-pod-identity/values.yaml | 11 +++--- charts/index.yaml | 17 ++++++++- deploy/demo/deployment.yaml | 2 +- deploy/infra/deployment-rbac.yaml | 6 ++-- deploy/infra/deployment.yaml | 6 ++-- deploy/infra/managed-mode-deployment.yaml | 4 ++- deploy/infra/noazurejson/deployment-rbac.yaml | 6 ++-- deploy/infra/noazurejson/deployment.yaml | 6 ++-- .../charts/aad-pod-identity/Chart.yaml | 4 +-- .../charts/aad-pod-identity/README.md | 4 +-- .../charts/aad-pod-identity/values.yaml | 4 +-- manifest_staging/deploy/demo/deployment.yaml | 2 +- .../deploy/infra/deployment-rbac.yaml | 4 +-- manifest_staging/deploy/infra/deployment.yaml | 4 +-- .../deploy/infra/managed-mode-deployment.yaml | 2 +- .../infra/noazurejson/deployment-rbac.yaml | 4 +-- .../deploy/infra/noazurejson/deployment.yaml | 4 +-- test/e2e/framework/config.go | 6 ++-- website/content/en/changelog/_index.md | 34 ++++++++++++++++++ .../en/docs/Demo/standard_walkthrough.md | 4 +-- .../en/docs/Getting started/installation.md | 6 ++-- 24 files changed, 106 insertions(+), 46 deletions(-) create mode 100644 charts/aad-pod-identity-4.1.15.tgz diff --git a/charts/aad-pod-identity-4.1.15.tgz b/charts/aad-pod-identity-4.1.15.tgz new file mode 100644 index 0000000000000000000000000000000000000000..0adbaf81e9399070b0ff4820b73480a2b51e78a4 GIT binary patch literal 17730 zcmYJ41CS=cllF%@wy|T|wr$(yj?Eq0wr$(CZQFit|9AJ@SJ7P^Rgn=D(VdZ*@$@h8 zBOy_N{xblSK-7j3N({ylvTQOQoUBI7Y78dItd?5JoNV%HYHYIVHdcmqCLSt^_Pi3N zHnu=l-M6kd><<)av)&OMOIs+Eiirs{+;}yKx}r*E&dB3hk~3MmW+!O|>=H&x+h@RY z37qk{hP_w5o#wg5xu-pSJp*{C{y)1U&#^gcL!8X@YXbTHRHzlue?bTXQt$eVfuqrs z8-MnbAeS@aDZVbsCuaVQ%5R^q+nE`;=U(p5PcQxJo8GnEUBBkm&ew;^?Coz1`j?)- zZ1O<^Imu$8gUW32SJmHJ_(gHS-%@`~c<}nB^+HJ`Urz0AUF_X@Q54Q$QYgNz!^jA8 z17-_@M_JU6M|1>|!?~34=7D9BrH=A;a~W7=#d&kZzk~cr17ED4i3f~CHDvzcI`iZq z8SVo~OdU0mONfwklO6bFp5?Np!3)SZBMf<8t@TzIkjnp+M>=|F+iJVNeRcKfr034f z5SrDtx&(v-Qzpw(0iDzWy4C4lTq`aC$8Pj1mwsrbpfP7@Mfo7YZzIoFvX+?7TsRJ_ zrpRevAOIJKk4W|tA|k1Ipb?s)jsc`+VIqnx#QrggB4pH1q`$!ulAs3l2MmYhK%#{t zBoPyO5bC#^I8GaPV(8?nF9;{kCgQYBu9hVSE3SVR~2g7&rB6?#+eiskRV}imjM(z zm~J_2q@bL!3YuGZwt^DaW}YosAz&Gzh?^u~S<8GfP-a%XH0S&(GHZXtaboPrcLbV=;;huF|2(cwt9;$O1*3J3& ze*LEhkglw@>;N1GmN1nglfXhSWWf^=GW%3%93=WD4WVISFfd$30?-@g7sE0IYf}=` z^SXNo3d4!vn7t;?{BL_bS;{vpr@z|hA#n=%rYLH-NRs;3pwT{f7F*7*%sB^s)l3;bBo>8b7AO~63mC(bu|%RNPK?3&AQyIn3fDlmCP;aDdIatz zC+fah(!eXI%=Q zsOhkKBO7qP{oxRuvo?WO&%+|pE@X2Zi5*enR~urbqbz5hXhL7eDUnFjl78hpm9j`Q z$31)ZqdrQW#S`o?-UNI{hlN>xE6O9qYi7e+^y~$euNz7f@eEFDP$Og4$H@~Ev9nxR zGD*Ct0*DMBxsDR6;m>+~i;aq&qt=03r|418<$Z;+M}d)9pwi`!fL^9@)5n2<5F5fM zKkb3|B_Zls8&TGKiLvvc8#^0Y{U+|jTN#rwu2wRyy1iW{oI{}y;1ANMNfJcfO?kN*VO}?XYdMrEiJU5MzLz;rSUT zNlH%!-D}*gGb5HSb4VrxGwXCJS9mN!^YAXMc)u-5D-@!URY*yl9p8`yXbdh?R{2qPB-{@U3U_&svhBDzTI zxR;E03)JS9aW3AXaFzE&yyggnjawWzoH$tpNR*sv%#Gz&;2-YZW_#RAX&6_5Gg$pG z@~oSyEerd#4k5c29O_-rye;?_sYHjWTNvGnSUM$r6itPfmN=EqpUj~amdi;J(=a%x zts%`{rpc;MRka+Gfqp5~?mf!*n@!IVHt9z(6^nG*zBw{Rd(%SQ~tVxk{IIWHWZHYPPJi3f1 zne&T1)^bJd*8SE<5;f7d>G+q!&}>_SPNKR^-kuoqH`|S9w|>(T%ZM0ubeX_*+^8CX zU|*4hVtNBK?nbibG4rlX&XceZcwxQ#F`E#HnyCmdhiM`unt&Z7%y`&eEubwqO^N0g zOvYko(d|ytvBGMf060#*mG#;VduE64q>3jo~HA$Wb3+Y51nX-;8i% zY6z?-*!6FHQ35Cy>a#i$k^;l^CE_h%?0xGCFU$&`zgg{(KSzp!rU}$(dt4`gUkjqxNYu#EDr1yzEXZ~6N{ayH%c2`LD z9SH&`rb~ZNk7!;9k9dGNMTM0cxe=aTux9#ll>peB+0gxeMYIJhFni1%h{)*muCMm$ zScYIKhOWwdoHG`Hf1A@0chhL17E3i6^cT(vU(fy2sBSM#CKmK@{RkA044r(y*lY+! zQCO)Cxt)aHD9jZ+8%Wme3$A7py2AlZrPwRGts__O{A$+j`LeNiOGJtTV}zOFyD8Q% z^8q7O2=sY`s!NOb^_zKT(Th#%iyfuq-oY+@OVdsrJoq_g9o>GUf8agoxo4<8cTv)f zRV!aVo-bG5NRfC7tfZ7J)q>6D!l?SaEms1+we%22=3E=*X{4RUEKTWEm3c)}=HrYV zK)6<9_=m(m&tA$OVE(LeKzRX@cv`Y?x#q3A^Y%)W?#Enn6pWh{CtH=N=5W#z`+%B) z4Z7rjOCi$qK7M_9fz^_Bzkee7z>GDptXPxJX}eKOhgfUnqOjUx&o{F$L=<)`P%*ss z6|jKhueRtp-X{1{v{KF6n(-J@{?J9&T50LbXn`OJ>|FPcV?tUObLihQpF)asV~fJO z&i++Qm=ibs?Zy#ZZxkqGW?0}!azU z1--5Xr(R0b=8LPQK=7ulWus|HDl*YYiZ4%O%0p4!qJ^CTzBQN4*570NUUVd_wa@U3Pq;(GG?ZFj&X4fws6)RqfR;+2Ay`xk&fB^mvwOGTt%cBc zuyZCxh^bZ*D4sYh(=3Wn=a=pF3ULRKs+UC=XHuh^2ELH=utZ}weTTi9cFM^$ubeRN zm&z>1?xoaS5uM~F%XE@A=IGsa`D%ive!@TP*r261E~4_I`qG$%BQ zs$%D9%75kM?cM{UmSWO zXi#B9E}wFj+bbu1Y~(HD<+kOn)^#qbAF*KB?B{^=+r{v z!f}7P?Y5lzTkE!1P%qPH(v>q&?-Cn}f~Rphqa%)JDx}|OTo$#?kWpJHDOs`_i8v-y zRn56eRXDukThy6lNE5SK_xcTy%rJkj&)tX4Y-&Iq=vyBmh!R$~270Co=2v3A;&>kZ z<_s7S9Kf>j4e<|!Ux~ja5EhDp%#kr0X*7+7@~KPOHZ>MIIA#s;q)41G7mr}8 z0SdA}*{2*+`Q5pb4K@Z=hbz;h1_ciqy4Qt8vWlX=bVyfWAPq`4Dq`l$%b;XNDVt(v zunUO+Cqg4r#OM$qxbFU|lV6q_IzQoWG~EOgGJSj4ve>&w8bT}o9dxEy5-sAw4R zB(It&kkzbsof%K;)eoC{MA7`%^O#l04@ijTEeV)mw@yeF^PB5)hnWiuf$?_nkO$Ny zvI8=|jMH+mw7$Kif<0?1duA&(&Sri>W{t<26tW+*>629?TS7EouHTqh0`H0~8xmD$5tLa9ATT4FEq`vQIM zHT+{YKW0Cgcy$*w^K+FjJfQ|>fP&b%GGkIGnF;NV&eG2Z=V)g}r?KyPf!tJ-Zu-(^|WASjG89IsNXFYy{^J z=uAXr>aGMg?jn9o55v{fQN)whvyICgnyiPXi7UN^9NEDM!ZOjF-bKd|_$2|FuHfV_ zk_ke2BERPQu?5)kkVY-06B#vnm@21-cx4%0r1Ec9Xc-eoSm0$=*&G=4Lp#voBz@xv zV7YM|9Gvea*>H8T4vs8cpy6la9mH3(|FW`p{XV?(J@pi0dt16+@@rCBTxjgO`dQzs zJe?p=iS;ri)L&&gGgSGCf{>C+~ zfoXkZdGuu=zwUBnQ^T{Xq}^c^Ttt_Gfuhe7Pa3^_yPbVo-DD;a!R;T4!*kM3ge(~l%NY`W`L$XtTv1t}s?B|W;XFdDT zk^z(^aXtXPlR}`-c$0Y^$kssK0SBEM-?QrU`Zra_0IG@G-q+p$9CWxjLIyL!WzWmk z_#AXUDTq5+z~N|2%`)dt97p1Ex@x-1%H^784(mXk_Hk8?-4Zx`ZOBedPP;?YOFhc% zaHqZlgj7*I0zDuKU@~vYh1ZBM_x#5|E9=}3M{@#z;oa!arl!*E zx`C@2Erlp-hh!VyZ@>|@M?dEToTrhJQ9v2gZ-5f`Qj-x-=8CJeu6}p5QZGzrG%;JRb~O`^N2?xD;xMtC$pcT}$PGq} zjvF9s{xqSiE@K|t$}a6PIf{BC0zw()`rcHHRn2|~$D^%nXsY*m*tgB;K6&oD1!nto zJE~p3TSIH;f#SgN1Uqh$AWM}^;L@t%-r?)V%ayaurzamt054BxImvK`A_~SNoiHr} zoO5FW<8OZpfps*xJqvZ=WmhmhziSphhGe&e84dqag>ZH+V0In=o!=EZ`KwLS@Z=s6d%ajg3^XR%-yg3EuZIrnL>ek0XLpv zy?<6LZ#V$oZf2f*zxU7+JeXZ+ zpOYC>3eG3#zU|rRyvEvO&T-u@IOapXnatcOxnFJlhWZ69rrw}MdYlkNSbCFR2lU{_ z`TL=xbaD98oc&)eMvSfI(0*B@N~n~Lr0U+j6^cd(>@Qb9#qokx%@Y&551Y5-^iD5; zuy;Bct-Clr9Vm?^!0qi#>MNi-`#ZZC;72+P?Q5IT2B#Gjw%a(*T(^GXGMfNwBPhx& z07;^%Ot;osFG`nRHKP#Lc7}R9&%`FMZr3E#M4^>}LfsvxvF;XVxWBB@Wz2V$$1_s& z`wvjBi{!u=gs5>8c|*|kPa$d>La)noK=CJ3HEf9ZhsJYA1d`fk$!9Fp7gtp zZkL0W6~gwv`m=W%`B=WQ4vfW9*jQC?5NzCn18P7MBnrwrQbGxsH9t%qejbdD9&|y} zS9LUPu%T~LfXy!X+1CNVv029qBp7co!hI*FRkedaO0Z&UiKF~1#s`G&H!FrdpGrS0aZm`5LbX1mUrQDU?$dZ z*d{UqF_Ujsh@M&Hs2tBb%!w4W!*Dy{Cgh)Rs$%R1M82}i(XHHrOGqVs<>twqkhd6(~8k|ie@cr`tgPmQsPwGV{!lwYEwq|@X=yM5%w%DV9I6cglLml`wAQ8P{gzsibx_xf?x+{{E0|10ioWBZEar^Gc%0hfx~3uaQc z(Xnf}{%s3cU;@Gq(;f6s!tp$gJNF9m1`C|rZvoSi4^&Jku^?2dIRTl<0H%x7O{vU} znN=wt8obpT5Vf^zZqjKv)cR@S0%@jV&1c3RStx5Wv4o>&lXvl0T{By!v(|jW9x_&g zun+Q#H^GKM_!-xP-M+r@_Lqj-H*=*p;xC&O|LKk<*UFp~%!e#Uxvh&4sg^>E24_e~ z`ikZpy;w`L!iw$+^S-;w@I$L4-J_K*dD$|Gyl19_)Om<+mzW9YVkxATqf!&+MoR*-KXh>IZ~qAYyJW&PfsB?WbeJh#CSWU%b%Zk1bSl5WsS>PQZw+C&@7MOx}*}{?frUqygxktzC6C!_)0Dx`eJ&{8GSkk zICy)w?u;BfeD!O0|GfDcpX;UQdA#>t19*P?T=dSQ>flM|eP5n0)8x;F-Y(y-_pdK2 zKZHlNc=2T+_;GUjYGrLx6VApw9^dZ|-!G#a+GcUf$9i?9U8R$2WrTj*JiL9MACD)( zJ^X%o_Ac^p^YFgkIrdsi>-F>e<+b`nHT^hOr8ucM!7}lPzxvyEn3DUAe@7R$m!I$R z`RL$!y*#HfSI(D{kH78XvLL#BLpDdwqn`L&4?T)a!$dQAT*s4abCb6UOFWIoMMn?0 zAMMqH!@qLy(E~e8G#6&gX8x+>MmQP=uLOzr*s=<5|CIT#!PTfe;?Fy5mIc}$?AG{11yyu3sDt%f zCFF|pUg_KvwTClOYQ=~bklGOw@A3@O33xrRLoxg zcGw9BN4iK2U~j_fKl{$a{3C1ImBDezW>=Oe8JZRie*_vGd}uYamFeK@T`PF%rkJ!( z#!PPV(5rKg=e6sSPPQv7j)II_&$?7O&7FzqyX+uossv|qGA8748ly%LLbb*&vOwvI zJ$+%XQd&bJc$<0Uo4kAd;x3VMbu|$IiTr@~FzP&*Lw+~wdwy=O%hz0WrHa$4qHfKCi2}$kzeg$AzzljsH!BA508%_0*Qa;DRNF- z{)GNC!X@cQe?Ew`{7itZN_euddQWO(GB0IvpB7@h)WaX?q=G-_`%U0)Jc_-2ZTY+g zfBK;1G>Ar)px7^RiIK%Q<~5H{R4Oemd?V%gt5p(6wZEczOAjTm)FkuZW73k zF+_z8uTESAY8+Vau6rrRBQJ$!+?-M>?B%%|}RAm|nVuKFs^z1!+umtXkQl#%ui)0%PXR9#Ix zMgu^%IKVru(zTejUwvmcGMva)A%C5fWP)PL4`#PRjn5O~Q1y|4Fr}R^ex*{AxlxE1 ziyaLD>2-U*ADEsLhG|^wU?Z2K@ zTlEwJHs`Csc}>plDCutK=r7JFmK3zQI;^MJR45Ba=~`BNjY%rg+rQaPuO>PhXLaZY zso3IIyJDuOvUbyTZ=_u<2wI#wOx8l6Dk(J8;8Zg^EuhTPAgaoLvVgrA#|hDI0PfQf zY1V28OQ7iQetI`OWgC9n^sBFa>Pk7J0AWF3ier&CShN8Cj^MP$pTn?fGJy6rps}&H z@dZ#*MAK%|IZ$PH?7T%SbBZi(gQmG1Q9h6|ecQsZs^LUeQ$kLdpORdeul@;U)_v%Q zO1jN#uHnQ_8~`F~EUIP%OFJ2^<{mCaTRyab?OkJ$6yt0>Vbu%VG-tiH!?=|>tAT4^ncDMcB3o-ys z=HEZ35ffQab`l?x5LvrC8ei3NbH;02g+~7I-?6i|FP12+=Sa(eudHY?fq$h*!wOKm z&hx&srNe%Fuk|MVA9Oft(uWmGXPcq5=cdJ7*vrTQtTI@3?;lRK z{4OF{Zv6VLxEnD306G)~dC;CvV9vD-b8;s6u-m7R7whI~Xsb|My>_2n8R{AtxXDCy zo+C853J6tm+WlO5xplD1YH)BD^GwYB_0B+sh)8 zBx@KD&~7Z%X(keGvxZ&<%zqQ7P^6ZQnZDkWJXfY|V>~rbh)?lb&ziV-{&8PP>az2l zH2oZLmVuCh(IfRcaFtx<=xg-I468nmZm)w{2&7Vy4)CV%y_xf+1k0v(MGBb~NELOQ zI=F(Dr!-y0jajt)!*As!R~6c4uQ`-s?z%6X8~j8rr9xF!^|GvBy8nhB-(;)!Xe!CD zu(=v8OY339I?qL>K|85(&Y9dCF^@c_b-LF7R6>?r0FzT*t)qQgt8qObx=(|B7Q_@! zXVE6Y#|2|JE>rYqJzHp*ICF0mFtb0BlYQzQzf%eQmL%_)^4sfEF}|C5)mCHWm_{FA z&xEJ6G2_r9O-|$MUz~H~l@B>JRHbKg=?0_rS}k!+#+452rnf~u4}xEA;L{Mbi)ney zO(m|4w@RQ&nu0JE{j0g)!a|~Im$LSbwWKvn!6E zOpTL^!`si%+u`Zw;cf5Wt~R;Wd{q4wAx2Jq2HUrn<4ya;+KG&;HqFl>XEAS?`EIP+ zAiyn;mVY6Twt$p!0s0Ytx?T(C0e`ysJ2wF^rXeXG4=6)=dMsWNG(8w>-gJhP zB8sLy{ZCNJzf45>>i6|l#X^&xOecK+yFZ1UG;okD-r;w!*1M{Z@0-waAki4N*}eKOZ{x*{y*B1 zCXJ4=@lvVU+D8G8>^p;MQ*9qQ)w-iH9I!X7lBrJW##2}tAHsYX{SC+M52{~}11&C- zSK8(uDQS(vsP8a73LRfipE}XgtYw;OU`+22{i$8&;o#7;eCf=_ws(;VI6f;_#DWjy zi!DxBQ^pp{`wR8YIi_LTa=_cK)6?g;8fJ|}jaki=K9J@!g?4k1^G!+{f&G?$cQbsi zXH7oeSQ%IqVZ(=VAcKX@DJE75b}(|MT{+*#=)#&oq^3Q>!^6kyWkKu_#X{%aZHd<_ zO2FyXedBGp-1JqVS$sJ5lY_BtU0%Pqh72FZaAO{DDxZtLp8Ng80xkicet_8zjIWCQ z?z3x_!A&2Iu5B`RFNDz6Rj}LP!ToNFz*Yc*`={;WYXkTWfEPo9*ipX~*$t`gmlO}K z1}K(ZYr{B^0UV3__5^XH|1~?XwQ-zipB@{q^1XkhJVHa4^&TZ+JgTtPcJ!A+f5(o%%Scj5OfTdK)q6@e~3`YdymWH03t|6uy;sW zvOo8Q0C%KFmO|~e1=by?r%{u5WgSP%P?P9$>26u((pwC9-I>ex^ zTG>dLp=XD&K_1Jra{h?3jnlmiLbu1h`rK|%KZ}ga*LCZ^GZ#nhlR$#U-a5*Q3~_Tb zB&~z-$9j^&d`!PDNzV!jfh3G22F~{RD!kyt=DVh>)~>HT&%J>>y`bSSTDxetDDH9j zu)0ezAB7z!6M|pgZWWg|s2o^I(Y^63_>35{URTcwZLohf zm~C0?;F4TcNn9GG29Ic+Mu?d_Tk>#Yr}s<;n;P|bn}oW0c1o@B zoNjOLR9eB4+60*}2d@WE0#Xk_ZcMBu`PH1U`r1-clQN=TK0dZ&KJ_tfjhVqspnSIxK&J@4$Q z_Qr0f=h)&d^SpxSC}^m$;ThUC79zWOU$@t-fGfs=0~#N9W;!$~Haozos#ih+`P4cV zU3Rb$94EOA*1L`A_Z}reXhdv*jGUWdc5q~Y(-2(8DVHR$R;~501phm9&7_-L+zuP({yJZ}Qdz>E`^?|51#VB)N$mok z0kb?y`$LvA_6gx{lObE?6b|h=m5_uw^LolZ&gv}2IfMhih=ByP9|Dz}fJk&8uPGDl z-Q?teB56s*jW=#W){!ew-TWje@jUe7ZwakKb;=I6FkS5M157?-3TIcAer#~lPpXOq zypR5lu&M^rdX%TTbL@J@#(OW^Az}M*#J`PcY-=IRl2N1>1SCR#5pyI^TnxO82N)Xy%DjHzQ-Vqv z*-T2H@BUhyA1!c%Dyu(fOCheD9~>D&ycG@%1p9s=ta&DtSLtap3EC5Z*jG5{Q6j+x zt={oNqPf;q0v2wX5PJpdWE0}XbTCUl0=bjK{lQiihOhBG8I^9DnU`a(!bYUV#oCaS z1j8vN&FT{ejed}f_LH;3E?*1-r{i!U{xgESs?V5v&xXc=yw}O9ZPR0ZJm!*Qaqjb^ z4T(Qgqyi)^#06<(2AWCWZX`q^JO9ab`9+3xQ@R}9T`wU5syT9%!;gqL7pZq1xG$QSlMglGU|DGwZI zwW=tIoMf5mP#m)CFiU_e+f2&?ZB{2z{9;Tq-ZttRk$;N2zuuvxGqwLH+f+>b?RwX} zNhf#+H-cxX3>XxJj1s!SAvXiR<%)=)GTVcz7rhsKv*b&|Yr|PmCUUnyRBimPI`bf; zJ=cjZ$~TFeVCiwO3^rwC`76SB%N%SLSo6#08#;@ngWIfjwhXwqcw15PDxx+)TlPEH zos|6aV9I!g0sC+r;_xE`~;4ov8w~Mg0iT z(D$1iu3qhIruHZ)<)G5{Lnz6T{%=8v6+Xh;6dSFtuIPD8cHb=jQB+w~V$Ldx@fPi; zf!Mvevv+3D z&wNJ7&D_Y&;E~^q-~*8EYwg1!c}irh+@^Xtk&|>9-5ZVxMw5vCnBo6A$dn!XP`fK@ zTPz<&w6Mg5%pqZMPy|&%%GY8e1Y0DRR9Z{vx$M3Y?4KJevOj@fs#&dq!e2GQ`Xj2M zR4K!m*aLy#Y@_2T(Y5O^Se2U>EyQ;&ZbKASkR!IesNa>zEARL@i}6icjVbqD9b$Hw zVYpFGZRh3o_%bkq!&SY-r{Dmjxf^>AdOj@+reacp93Fx=L zUD^T{JrjSFDHFF2Eca-nV$`qn$B@5EZ>%6}cy3+L5kWDj`W$S)0qaUP7xq9no@7l8 zmT<>-?eD`KM_#t;ah5&eMB>Jd9tRaubD@ z36i}s!slf^4}ow`ZKW=-0;c#itKAHK0?n{JTGUpTHv|R=nfKyI+%@)jHi<7l4CDFa zs1Gav7zhP4eKdmP&dvE7*WTL3`S$rETyKXuJA$Eq^?j|39eb3F;z+1~e&H`U*}9Lkx)GYj=A9asJB>tx5Y%0H;T6OywC z25okmxYu&l`=zwQAIX+lklo^huz%C5%~^Mi!C`pHF0&O}kI+KoS5TT3xVP8hj-{c?)5>=GN#Q>~E)Nh)YBS+e|su<3lZ}zqXE#ZZz z|5l(e8`VzwMCR}_f6wl!8V|kr6gID#mNyK%GXs}s9d&i*3)T6v1t+0%-Y7v`T1qsr z#>BYTWv&c~x>D2jwwuiw76UhiSBMf>2t`X!{{FV*<=3xm+v=~|%;p}HUri>f$^`r! zqD59?_k>mK9cr)|P(z8GCA@+nBcMN`&`Hx~Da$%@O3yx3M;|rT$P-wTs(2+U zi>Z^WAT1k*?4_Gb<;KkUe~dlv>BcmawmXsWOoWd%BzaS;mDa2Pm8AiZ3(NYv>yp7S zGZ7$^+Ku7s8ozSOxY9Sqb;x(h2({(1l}z^uGUSOuQ2HXyuE=Eaa> zJ<-FlMoA^s%p@OF%vV;^1#rJ-H74y?TF)9uic{+{`6aX(4JSKi&p&CpQo%_gotqa+EIv zDTua1*C5C+lwp&9vA=+QTGPd(#D$;s9CkND7DmSmloQ(?r5!Pw!wkx2s4ERCow^`g zO%H2!_=Qpv&%w#tF?3^Gb5~lvcRnQYl~jvneH6`nJtNk@$FB=#2s2;J3u|e6`93r9 z#6H?x1GLTW-X26)C5F5Tr5z)Ir-sBFTnz?O^J{rF&s%CBWnipQf@45!fM?Zo{DBh6 z8U*&CFs2ca>IT2=SYqQeU<`rEvq?RaEZi)xlWH=*u*xL9mx12R*W<*?vfs#fvL6?>N*b?1p|91r3nA4A!zn3XRIKU}{R1((>*q0KRe5PrdEar{1g>?$c<{8I*s1g;8rawZaY9-QrrmPUT71$wRz_UuPUbm5dBfQ?lNf6zcS^z zl0rhyq!8WoypG7wSNmOT0hxIhCvTP-o=3uQRIdVZt|muYBU)bxjeHrHtFA|X)c)^O zw*7vjM51Ai68uGj1qUm0C>)b#gJ87PBb^5C2wt`#lDva8KKf;+a+eUap{-{;hUb8d zUmhc`&-(&i?LjDs0{v#_kS&v|S^<)na_uUPk@By2y3L4ek7sH*QDczW@KM*WS(T8jLQRD_s z)l-PBZYJM-w@EuEVz1xAa-0~|B~T%`RjC60mu&8P@uw78DXyL(q?ySoxxCC?m3IV5 zLQRT=#ix5F8*mA zN494wONBcZjo|!pZwIO67lVXe?=aw8kKb9mu+Y&TfI5y$TdbD;) zo1cqg{?SUG(jZi2VJLt7Utsoqv<>(5$P{Z}fx;sKv+v*evlB

8Bn8UyJUflk_JY zjIG9Kp$C)vWDC2&z11)@okpiTMUJ^OOali_W}z8oH;!*))o&!yY@Xc3R#M=5q6pw% zuwc?JvKyICEpV#zX!o`Ef<$J>4}SHglmmRza2sL+8N=>!OHHnuaRq$5N(WQXsNiX%S&5MJxS1hCFoeIi>1s`vkSna8CTE#&I+1%a4U8aZzmWBYs)1WQ9G5#XyZcNL60d2bn+Ve>R=| z$H>RMuPtTfvOz`D#RB%G9svPUU)gp2Asq74-~XOf_Ewb-+;A26keVVluj`U;RF?ZnUJ+2DBPAys#uim}`I2l&PeCB7|yNx)7bp@#eD5Akho zp(@tXCI5>7>eLNxO#dPuzcnl;EpZAGn~^W)mx^4w!rp%)z)tHm<2<|SQznEgthsBU zZpmIbEB!XJdgzER&oh^)^36Fgu2ug*eJzqG-cc|@Ph_7~?iSk|nsuQ*iOSRx?w4md zfL=>He0K(oIJ!9a+PL^Y%6rD(JopR^+dePGkDRFux8F54W&J~uUiKayj_A$xX-qMY zUZ7@wF%4K5wMBgvJH4PEj|a<}P$}bZ(hjd)pr(ih`!EUWG#L-Z?dB-DOb$Q)p9cRv zv;7&{q8`Sp}Q)#r()7F^ywVEn2sXgXm0 z?lIiRWB86rz4C@dmrM{Lw}Bg(Y@Nh!&X_PGOKAH!@F*3S`Kst{wIjI<>mXuLgtaG~ zIDhR$^KlCaOFw0U#Xmnsx{CkrM`UN(79x6rqD1H$&EpLsn`Z1wOTebhw*V@l0!@K- zNS%?$*9*lxve5|iz$ROHk;DCAf4&D5H|!<1ohxcvNBQS0U8S!Z1XSkOkvo!Y{2{E} z=1oasA>+KWO5l6Muedt_>j6r!xi#@SmT&7=Yf_%IB>k!LuL@B{Wc1|&(A`ocz55jL zo0}`Sh}sNkiL$V?BzJ~Njx-z8lWy*$foIsq%#;0V-LAWUgN)(h(P_^NH<^V$QH29z zCZ9U5YSk|-*NC4p^T4@7?)XuXCaRdGql)W;mK=lBJ-9EDYE_#4w|K)<4T+rqvB&hVZ)ohfILowRZ=E5EnxLH<&?_zH9@O1(jX1P3E5j)^jHEX+7i6Lx$ZIY`Me}G z=|4wQcg6C{qvj@n)!G_-x!o%ca8Ll!WaDUNi_$N1x~UWTShLTUD^Gnjw4z4Pemu5Y zb)G${+8+xsF8fVx8cW<9Ea(jO3xPz`#aa;VppX0iDIS{+4vrBfbXE01k0_{e&<{9h7jyccnvH1#awVjTi*r&9@p_NR_l1VMCNV z+M^q0%8P*Fs}6gj20|AaNY!l55aj%)xSH>*6YT&9TYxUek`dnyh4G&5bIv4 zC7u`(6ckWqCp!^KgJ;fiMvb|jA`7;0G%t?Ii0<*kCo@7zof+wbWAhEm>4Dlrgd|FW zY|ESLsMy)8gn=R|_Hq$HB+N~vsH3&YGquy7*=F!A@}U^wK?^eczA4Z4TZ`H0^?uK1 zO2WcUaX-B~Q6l??`9I^*(7D`&u(SZ6yWkOsQ}W)PHkxl(#JQ{a)fB_F(nizs zV-xqoZ+~<_kpz+33^G>O#Fy)vyi}KX$Q*@y@eH>}*lTo|(zgCo#1E}Q8>{r`5Nw*O zHcNw0%bR)TY8&zsxX&w3UdQk~Plxc13};PiZ@gWF{JViu5;MR|o@DFjUlGNvaa1%$ zsOe_0$2>EUrs$%5A#4l+1GM!Z<(k)N_bCWWbs~uGpI}OISZ_R0%c#v@y(*g|DmoMX zynk(r(rou(ccn6l`o)1S&l}<<#)ZHl{bFV+-ntn)#+%ZlO-f0Cs3;!u6jqc&>&=$( z?%s6SlEnzR82Z|WQxnI5>8%r0Q@&}>2o0W<&#szqw`^9_|5gJX$u=QcO}HY`658>q z-4Wmwp%1hHWu9QX9O3(MA}l;43I8<4%k`w3oUY@Nc8b2rJ`Tqvp~R75_jHBc zE?jW9X*xzzN!Ors6JY zIANf;N&-iEjO)l?qpkn-E>NqKnr=epPNlx|Prky;K3|x2$NXcLb&iN5@G>?GHco+0 z!fH;2o6!wlkqu#1(x_eHS9m_H=Uw^dTaKRCBRl>aW{f!%(|urDu9CnifMCN7(hye% z=C!H-;y=50*Pqm<%oH13l7C|Cb+jRIg=`&T+Q*7Y|8B5jL^B=-xe%c8`lgV3Mh~XZ z^Yw)*huUcu|5eeDfzptH(pA67Oap0Twf zDN-fG3eEY}PV#l9)gjhfV#`EYeXtiA4r)_HN^U{?!`N$d_>f}@q}AW!F7IjzRq|(a z65|ED)Kx1jvXg_J{soWGO@6@7iF)dr!>E=< z^qirrD{YpzGtgTQv@+2m%x22l>%e+N=ETlXvlOq39c(nECU)acat}9^TwMC*iQiEX zLGP?z`|<7<-mknL)Bg&S1Z?}pKXc3s2S*T4MOY{oZSM0iPCu}a5iz@>F^Sd5(VShe zg!g4F;35MB3Sj{YWGgJDXf&s*rEmv`(-3#`#;vRhiwHqxEp>eR2>OzP|B>u- zv?!HE>f?x?0RJTnlqa!r#1pB-_ga+mwP$f(X^Lx-6xU?7;j_oBLS^OSgT-SaSX2^@ zk3&aSS$!k6a&fPBIp+hxrpUkN+RUM{N?M zmAH+tYCmFVT2LUPR9ujWBW&I)@qL;oYWS>p^xf^^AMX4b|MYnrm`J1n{PvHIfl7m4 z-AT0m(eu2{=MfOG4upVmAjG@?i1~pJ^8+6473e?$!-6E#`@5pzkcVmHIK#vAgXcs| z2hh`l?dhdq*NLIWRsKV5k=2_!+o=TNu>4~Kn39mg+c}KKS1h7Zkti_^9hLoA^XAyd zQeDH`04O?iZi#fk;ypM~CPGiaBqf5xiW-l)O`FPMn35!+vGi=xaxMa`Mf!qE36g3X zTv0Ijba08<(HSR^28`kCx_@*%xh^xD&E12GpAKKVc=2ZxpJ*zYhbZ1%9Xi=um|3^D zO-OxlW=hk1Fewu%AjZ&4K zp3gNpM**DU3Z0`*&v$)3yUTMPW=ps@pTf1->e8HR&M#$8G`TL@U6xPms+@!VBG=?Y zU6S+7_I4NK3S5s1d@~DNjjMAp&c$<%we=tqZRN)FeAnP(T!M4vt=$Fqc-P;&ZW~>F zk9YAsldIy(b5T5rzX5+qN10wXfZso^oe=kMLd@Ki(zPq1DQaq-N5WQ_>zK%RXIP^I^wZ)yUHs1W1 zjg6;^CtsT#YqMi1v!kGj(+_%dTV21rxAW-Fv|wwp|mriv@P z9^N#fvOF@0=!_tjSqef_KGl>c2zdOpau*$3y6!}9pGu>iT1~<}qrh=%V|t^Tl5o6M zPS?umS~-23a@w?pOByOJ)=WKhi`g!f0MiP(Mal)6uvjy+p#;J8j|;u1?>ZRU5J$|U zpi2b*Fth$q14}OeNl^lr{K7CI{&kkBiNrI_K`g*UxU5$5AVoBLc&*;5=+>Eci1V=X xiAO1mjdWc~V{B^qtP}j%#k_s$1VrnyF6*)`>+(s;{~rJV|Nmut&qn~-0RWN2aKZop literal 0 HcmV?d00001 diff --git a/charts/aad-pod-identity/Chart.yaml b/charts/aad-pod-identity/Chart.yaml index 8fc7f96a6..42b8dc60b 100644 --- a/charts/aad-pod-identity/Chart.yaml +++ b/charts/aad-pod-identity/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: Deploy components for aad-pod-identity name: aad-pod-identity -version: 4.1.14 -appVersion: 1.8.13 +version: 4.1.15 +appVersion: 1.8.14 home: https://github.com/Azure/aad-pod-identity sources: - https://github.com/Azure/aad-pod-identity diff --git a/charts/aad-pod-identity/README.md b/charts/aad-pod-identity/README.md index a16e7de14..c8138ac04 100755 --- a/charts/aad-pod-identity/README.md +++ b/charts/aad-pod-identity/README.md @@ -52,7 +52,7 @@ The following steps will help you create a new Azure identity ([Managed Service ### Prerequisites * [Azure Subscription](https://azure.microsoft.com/) -* [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/services/kubernetes-service/) or [AKS Engine](https://github.com/Azure/aks-engine) deployment +* [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/services/kubernetes-service/) deployment * [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) (authenticated to your Kubernetes cluster) * [Helm 3](https://v3.helm.sh/) * [Azure CLI 2.0](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) @@ -252,7 +252,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `adminsecret.useMSI` | Set to `true` when using a user managed identity | ` ` | | `adminsecret.userAssignedMSIClientID` | Azure user managed identity client ID | ` ` | | `mic.image` | MIC image name | `mic` | -| `mic.tag` | MIC image tag | `v1.8.13` | +| `mic.tag` | MIC image tag | `v1.8.14` | | `mic.priorityClassName` | MIC priority class (can only be set when deploying to kube-system namespace) | | | `mic.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `mic.loggingFormat` | Log format. One of (text \| json) | `text` | @@ -278,7 +278,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `mic.updateUserMSIRetryInterval` | The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors | If not provided, default value is `1s` | | `mic.identityAssignmentReconcileInterval` | The interval between reconciling identity assignment on Azure based on an existing list of AzureAssignedIdentities | If not provided, default value is `3m` | | `nmi.image` | NMI image name | `nmi` | -| `nmi.tag` | NMI image tag | `v1.8.13` | +| `nmi.tag` | NMI image tag | `v1.8.14` | | `nmi.priorityClassName` | NMI priority class (can only be set when deploying to kube-system namespace) | | | `nmi.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `nmi.loggingFormat` | Log format. One of (text \| json) | `text` | @@ -286,7 +286,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `nmi.podAnnotations` | Pod annotations for NMI | `{}` | | `nmi.podLabels` | Pod labels for NMI | `{}` | | `nmi.affinity` | Affinity settings | `{}` | -| `nmi.tolerations` | List of node taints to tolerate | `[]` | +| `nmi.tolerations` | List of node taints to tolerate | `[{"operator": "Exists"}]` | | `nmi.ipTableUpdateTimeIntervalInSeconds` | Override iptables update interval in seconds | `60` | | `nmi.micNamespace` | Override mic namespace to short circuit MIC token requests | If not provided, default is `default` namespace | | `nmi.probePort` | Override http liveliness probe port | If not provided, default is `8085` | diff --git a/charts/aad-pod-identity/values.yaml b/charts/aad-pod-identity/values.yaml index 58821b4d4..a6b608357 100644 --- a/charts/aad-pod-identity/values.yaml +++ b/charts/aad-pod-identity/values.yaml @@ -43,7 +43,7 @@ operationMode: "standard" mic: image: mic - tag: v1.8.13 + tag: v1.8.14 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" @@ -163,7 +163,7 @@ mic: nmi: image: nmi - tag: v1.8.13 + tag: v1.8.14 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" @@ -194,9 +194,10 @@ nmi: nodeSelector: kubernetes.io/os: linux - tolerations: [] - # - key: "CriticalAddonsOnly" - # operator: "Exists" + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + ## An empty key with operator Exists matches all keys, values and effects which means this will tolerate everything. + tolerations: + - operator: "Exists" # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity affinity: {} diff --git a/charts/index.yaml b/charts/index.yaml index 80f2f5bb7..907f14ad7 100644 --- a/charts/index.yaml +++ b/charts/index.yaml @@ -1,6 +1,21 @@ apiVersion: v1 entries: aad-pod-identity: + - apiVersion: v2 + appVersion: 1.8.14 + created: "2022-12-08T22:25:24.92663713Z" + description: Deploy components for aad-pod-identity + digest: 6227d3661a5ef5d7f79d0a6317334936f78d164a2a47d0c5269d9599c60a5688 + home: https://github.com/Azure/aad-pod-identity + maintainers: + - email: anish.ramasekar@gmail.com + name: aramase + name: aad-pod-identity + sources: + - https://github.com/Azure/aad-pod-identity + urls: + - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-4.1.15.tgz + version: 4.1.15 - apiVersion: v2 appVersion: 1.8.13 created: "2022-10-12T17:16:18.073622064Z" @@ -451,4 +466,4 @@ entries: urls: - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-1.5.2.tgz version: 1.5.2 -generated: "2022-10-12T17:16:18.06692047Z" +generated: "2022-12-08T22:25:24.925460108Z" diff --git a/deploy/demo/deployment.yaml b/deploy/demo/deployment.yaml index da03477ff..e9dc16575 100644 --- a/deploy/demo/deployment.yaml +++ b/deploy/demo/deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: demo - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.14" args: - "--subscription-id=SUBSCRIPTION_ID" - "--identity-client-id=CLIENT_ID" diff --git a/deploy/infra/deployment-rbac.yaml b/deploy/infra/deployment-rbac.yaml index a0e3cbc4c..7f0c0be6d 100644 --- a/deploy/infra/deployment-rbac.yaml +++ b/deploy/infra/deployment-rbac.yaml @@ -475,7 +475,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -518,6 +518,8 @@ spec: port: 8085 initialDelaySeconds: 10 periodSeconds: 5 + tolerations: + - operator: Exists nodeSelector: kubernetes.io/os: linux --- @@ -595,7 +597,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.14" args: - "--cloudconfig=/etc/kubernetes/azure.json" - "--logtostderr" diff --git a/deploy/infra/deployment.yaml b/deploy/infra/deployment.yaml index 2a9e9e700..9090e99dc 100644 --- a/deploy/infra/deployment.yaml +++ b/deploy/infra/deployment.yaml @@ -431,7 +431,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -474,6 +474,8 @@ spec: port: 8085 initialDelaySeconds: 10 periodSeconds: 5 + tolerations: + - operator: Exists nodeSelector: kubernetes.io/os: linux --- @@ -496,7 +498,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.14" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--cloudconfig=/etc/kubernetes/azure.json" diff --git a/deploy/infra/managed-mode-deployment.yaml b/deploy/infra/managed-mode-deployment.yaml index f07facf7b..bdecf2945 100644 --- a/deploy/infra/managed-mode-deployment.yaml +++ b/deploy/infra/managed-mode-deployment.yaml @@ -306,7 +306,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--operation-mode=managed" @@ -351,5 +351,7 @@ spec: port: 8085 initialDelaySeconds: 10 periodSeconds: 5 + tolerations: + - operator: Exists nodeSelector: kubernetes.io/os: linux diff --git a/deploy/infra/noazurejson/deployment-rbac.yaml b/deploy/infra/noazurejson/deployment-rbac.yaml index d4f6466ea..f64ad125e 100644 --- a/deploy/infra/noazurejson/deployment-rbac.yaml +++ b/deploy/infra/noazurejson/deployment-rbac.yaml @@ -473,7 +473,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -516,6 +516,8 @@ spec: port: 8085 initialDelaySeconds: 10 periodSeconds: 5 + tolerations: + - operator: Exists nodeSelector: kubernetes.io/os: linux --- @@ -605,7 +607,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.14" args: - "--logtostderr" securityContext: diff --git a/deploy/infra/noazurejson/deployment.yaml b/deploy/infra/noazurejson/deployment.yaml index 732542e79..149407335 100644 --- a/deploy/infra/noazurejson/deployment.yaml +++ b/deploy/infra/noazurejson/deployment.yaml @@ -429,7 +429,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -472,6 +472,8 @@ spec: port: 8085 initialDelaySeconds: 10 periodSeconds: 5 + tolerations: + - operator: Exists nodeSelector: kubernetes.io/os: linux --- @@ -508,7 +510,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.14" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--logtostderr" diff --git a/manifest_staging/charts/aad-pod-identity/Chart.yaml b/manifest_staging/charts/aad-pod-identity/Chart.yaml index 8fc7f96a6..42b8dc60b 100644 --- a/manifest_staging/charts/aad-pod-identity/Chart.yaml +++ b/manifest_staging/charts/aad-pod-identity/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: Deploy components for aad-pod-identity name: aad-pod-identity -version: 4.1.14 -appVersion: 1.8.13 +version: 4.1.15 +appVersion: 1.8.14 home: https://github.com/Azure/aad-pod-identity sources: - https://github.com/Azure/aad-pod-identity diff --git a/manifest_staging/charts/aad-pod-identity/README.md b/manifest_staging/charts/aad-pod-identity/README.md index 038aee88d..c8138ac04 100755 --- a/manifest_staging/charts/aad-pod-identity/README.md +++ b/manifest_staging/charts/aad-pod-identity/README.md @@ -252,7 +252,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `adminsecret.useMSI` | Set to `true` when using a user managed identity | ` ` | | `adminsecret.userAssignedMSIClientID` | Azure user managed identity client ID | ` ` | | `mic.image` | MIC image name | `mic` | -| `mic.tag` | MIC image tag | `v1.8.13` | +| `mic.tag` | MIC image tag | `v1.8.14` | | `mic.priorityClassName` | MIC priority class (can only be set when deploying to kube-system namespace) | | | `mic.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `mic.loggingFormat` | Log format. One of (text \| json) | `text` | @@ -278,7 +278,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `mic.updateUserMSIRetryInterval` | The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors | If not provided, default value is `1s` | | `mic.identityAssignmentReconcileInterval` | The interval between reconciling identity assignment on Azure based on an existing list of AzureAssignedIdentities | If not provided, default value is `3m` | | `nmi.image` | NMI image name | `nmi` | -| `nmi.tag` | NMI image tag | `v1.8.13` | +| `nmi.tag` | NMI image tag | `v1.8.14` | | `nmi.priorityClassName` | NMI priority class (can only be set when deploying to kube-system namespace) | | | `nmi.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `nmi.loggingFormat` | Log format. One of (text \| json) | `text` | diff --git a/manifest_staging/charts/aad-pod-identity/values.yaml b/manifest_staging/charts/aad-pod-identity/values.yaml index 09a9f5303..a6b608357 100644 --- a/manifest_staging/charts/aad-pod-identity/values.yaml +++ b/manifest_staging/charts/aad-pod-identity/values.yaml @@ -43,7 +43,7 @@ operationMode: "standard" mic: image: mic - tag: v1.8.13 + tag: v1.8.14 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" @@ -163,7 +163,7 @@ mic: nmi: image: nmi - tag: v1.8.13 + tag: v1.8.14 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" diff --git a/manifest_staging/deploy/demo/deployment.yaml b/manifest_staging/deploy/demo/deployment.yaml index da03477ff..e9dc16575 100644 --- a/manifest_staging/deploy/demo/deployment.yaml +++ b/manifest_staging/deploy/demo/deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: demo - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.14" args: - "--subscription-id=SUBSCRIPTION_ID" - "--identity-client-id=CLIENT_ID" diff --git a/manifest_staging/deploy/infra/deployment-rbac.yaml b/manifest_staging/deploy/infra/deployment-rbac.yaml index 11cc81ac5..7f0c0be6d 100644 --- a/manifest_staging/deploy/infra/deployment-rbac.yaml +++ b/manifest_staging/deploy/infra/deployment-rbac.yaml @@ -475,7 +475,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -597,7 +597,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.14" args: - "--cloudconfig=/etc/kubernetes/azure.json" - "--logtostderr" diff --git a/manifest_staging/deploy/infra/deployment.yaml b/manifest_staging/deploy/infra/deployment.yaml index 69a7c47c4..9090e99dc 100644 --- a/manifest_staging/deploy/infra/deployment.yaml +++ b/manifest_staging/deploy/infra/deployment.yaml @@ -431,7 +431,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -498,7 +498,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.14" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--cloudconfig=/etc/kubernetes/azure.json" diff --git a/manifest_staging/deploy/infra/managed-mode-deployment.yaml b/manifest_staging/deploy/infra/managed-mode-deployment.yaml index 818f95a72..bdecf2945 100644 --- a/manifest_staging/deploy/infra/managed-mode-deployment.yaml +++ b/manifest_staging/deploy/infra/managed-mode-deployment.yaml @@ -306,7 +306,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--operation-mode=managed" diff --git a/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml b/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml index af13bc492..f64ad125e 100644 --- a/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml +++ b/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml @@ -473,7 +473,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -607,7 +607,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.14" args: - "--logtostderr" securityContext: diff --git a/manifest_staging/deploy/infra/noazurejson/deployment.yaml b/manifest_staging/deploy/infra/noazurejson/deployment.yaml index 0d1a0d02e..149407335 100644 --- a/manifest_staging/deploy/infra/noazurejson/deployment.yaml +++ b/manifest_staging/deploy/infra/noazurejson/deployment.yaml @@ -429,7 +429,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.14" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -510,7 +510,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.13" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.14" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--logtostderr" diff --git a/test/e2e/framework/config.go b/test/e2e/framework/config.go index 53a64fff5..c9182b800 100644 --- a/test/e2e/framework/config.go +++ b/test/e2e/framework/config.go @@ -22,10 +22,10 @@ type Config struct { KeyvaultName string `envconfig:"KEYVAULT_NAME"` KeyvaultSecretName string `envconfig:"KEYVAULT_SECRET_NAME"` KeyvaultSecretVersion string `envconfig:"KEYVAULT_SECRET_VERSION"` - MICVersion string `envconfig:"MIC_VERSION" default:"v1.8.13"` - NMIVersion string `envconfig:"NMI_VERSION" default:"v1.8.13"` + MICVersion string `envconfig:"MIC_VERSION" default:"v1.8.14"` + NMIVersion string `envconfig:"NMI_VERSION" default:"v1.8.14"` Registry string `envconfig:"REGISTRY" default:"mcr.microsoft.com/oss/azure/aad-pod-identity"` - IdentityValidatorVersion string `envconfig:"IDENTITY_VALIDATOR_VERSION" default:"v1.8.13"` + IdentityValidatorVersion string `envconfig:"IDENTITY_VALIDATOR_VERSION" default:"v1.8.14"` EnableScaleFeatures bool `envconfig:"ENABLE_SCALE_FEATURES" default:"true"` ImmutableUserMSIs string `envconfig:"IMMUTABLE_IDENTITY_CLIENT_ID"` NMIMode string `envconfig:"NMI_MODE" default:"standard"` diff --git a/website/content/en/changelog/_index.md b/website/content/en/changelog/_index.md index 92c7f4d4c..dfd227301 100644 --- a/website/content/en/changelog/_index.md +++ b/website/content/en/changelog/_index.md @@ -7,6 +7,40 @@ menu: weight: 10 --- +## v1.8.14 + +### Continuous Integration + +- ci: exclude .github path and README.md in tests ([#1343](https://github.com/Azure/aad-pod-identity/pull/1343)) +- ci: remove aks-engine soak clusters from pr and nightly ([#1346](https://github.com/Azure/aad-pod-identity/pull/1346)) + +### Documentation + +- docs: add deprecation notice to readme ([#1345](https://github.com/Azure/aad-pod-identity/pull/1345)) +- Link to full description of Standard and Managed modes ([#1348](https://github.com/Azure/aad-pod-identity/pull/1348)) +- docs: add an anchor for deprecation announcement ([#1353](https://github.com/Azure/aad-pod-identity/pull/1353)) + +### Maintenance + +- chore: add dependabot.yml ([#1331](https://github.com/Azure/aad-pod-identity/pull/1331)) +- chore: bump actions/stale from 4 to 6 ([#1332](https://github.com/Azure/aad-pod-identity/pull/1332)) +- chore: bump actions/setup-go from 2 to 3 ([#1333](https://github.com/Azure/aad-pod-identity/pull/1333)) +- chore: bump codecov/codecov-action from 2 to 3 ([#1334](https://github.com/Azure/aad-pod-identity/pull/1334)) +- chore: bump actions/checkout from 2 to 3 ([#1335](https://github.com/Azure/aad-pod-identity/pull/1335)) +- chore: bump postcss-cli from 7.1.2 to 10.0.0 in /website ([#1336](https://github.com/Azure/aad-pod-identity/pull/1336)) +- chore: bump autoprefixer from 9.8.6 to 10.4.13 in /website ([#1351](https://github.com/Azure/aad-pod-identity/pull/1351)) +- chore: bump k8s.io/client-go from 0.23.0 to 0.23.14 ([#1359](https://github.com/Azure/aad-pod-identity/pull/1359)) +- chore: bump github.com/Azure/go-autorest/autorest from 0.11.23 to 0.11.28 ([#1363](https://github.com/Azure/aad-pod-identity/pull/1363)) +- chore: bump github.com/stretchr/testify from 1.8.0 to 1.8.1 ([#1364](https://github.com/Azure/aad-pod-identity/pull/1364)) +- chore: bump postcss-cli from 10.0.0 to 10.1.0 in /website ([#1365](https://github.com/Azure/aad-pod-identity/pull/1365)) +- chore: bump github.com/Azure/go-autorest/autorest/adal from 0.9.18 to 0.9.21 ([#1367](https://github.com/Azure/aad-pod-identity/pull/1367)) +- chore: bump k8s.io/component-base from 0.23.0 to 0.23.14 ([#1368](https://github.com/Azure/aad-pod-identity/pull/1368)) +- chore: bump github.com/Azure/azure-sdk-for-go from 57.2.0+incompatible to 67.1.0+incompatible ([#1369](https://github.com/Azure/aad-pod-identity/pull/1369)) + +### Security Fix + +- security: fix CVE-2022-32149 ([#1330](https://github.com/Azure/aad-pod-identity/pull/1330)) + ## v1.8.13 ### Bug Fixes diff --git a/website/content/en/docs/Demo/standard_walkthrough.md b/website/content/en/docs/Demo/standard_walkthrough.md index 7047ee2a2..c4fe2c8c1 100644 --- a/website/content/en/docs/Demo/standard_walkthrough.md +++ b/website/content/en/docs/Demo/standard_walkthrough.md @@ -124,7 +124,7 @@ metadata: spec: containers: - name: demo - image: mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.13 + image: mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.14 args: - --subscription-id=${SUBSCRIPTION_ID} - --resource-group=${IDENTITY_RESOURCE_GROUP} @@ -175,4 +175,4 @@ iptables -t nat -F aad-metadata # remove the custom chain iptables -t nat -X aad-metadata -``` \ No newline at end of file +``` diff --git a/website/content/en/docs/Getting started/installation.md b/website/content/en/docs/Getting started/installation.md index a8eb6f143..8dbf18ba7 100644 --- a/website/content/en/docs/Getting started/installation.md +++ b/website/content/en/docs/Getting started/installation.md @@ -11,7 +11,7 @@ description: > To install/upgrade AAD Pod Identity on RBAC-enabled clusters: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.13/deploy/infra/deployment-rbac.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.14/deploy/infra/deployment-rbac.yaml ```

@@ -37,7 +37,7 @@ deployment.apps/mic created To install/upgrade aad-pod-identity on RBAC-disabled clusters: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.13/deploy/infra/deployment.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.14/deploy/infra/deployment.yaml ```
@@ -57,7 +57,7 @@ deployment.apps/mic created For AKS clusters, you will have to allow MIC and AKS add-ons to access IMDS without being intercepted by NMI: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.13/deploy/infra/mic-exception.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.14/deploy/infra/mic-exception.yaml ``` {{% alert title="Warning" color="warning" %}}