v0.0.18

Features 🌈

• best-effort cleanup socket (#387)
• create target path in node publish (#383)
  • ❗ This is required for Kubernetes version v1.20+. Older version of driver will not work with v1.20+
• Build and reuse provider grpc clients across mounts and reconciliation (#394)
• add pprof profiling (#396)
• csidriver object api version v1 (#402)

Bug Fixes 🐞

• skip pods in succeeded or failed phase (#388)
• set key type to rsa or ec (#393)
• windows image build with buildx (#404)

Documentation 📘

• add netlify book configuration (#360)
• add mailing list url to readme (#381)
• update doc link for azure tls sample (#391)
• update install doc for crds to check (#400)

Testing 💚

• Fix vault bats tests for v0.0.6 of the provider (#380)

Maintenance 🔧

• add tam7t as reviewer (#397)
• deploy: set namespace as kube-system (#386)

Driver images are hosted in GCR at k8s.gcr.io/csi-secrets-store/driver

v0.0.17

Warning ⚠️

• CVE-2020-8568 (Medium): Secrets sync/rotate directory traversal. See #378 for more details.

Features 🌈

• update deps and switch to klog (#365)

Bug Fixes 🐞

• validate SPCPS targetPaths match Pod UIDs (#371)
• handle pod termination during reconcile (#373)

Documentation 📘

• add link to GCP provider (#348)
• update demo in the readme (#363)

Testing 💚

• gcp integration tests (#340)
• add gosec linter and fix warnings (#352)
• make tests more deterministic and retries (#359)

Helm 📈

• Add priorityClassName to daemonsets (#337)
• Allow the 'updateStrategy' of the Daemonset to be configured in Helm (#362)

Maintenance 🔧

• add gcp as grpcSupportedProviders by default (#351)
• Switch to using official images for containers (#358)
• remove lifecycle prestop hook command (#366)
• Update otel to 0.13.0 (#374)
• Driver images are now hosted in GCR at k8s.gcr.io/csi-secrets-store/driver

v0.0.16

Warning ⚠️

• The SecretProviderClass needs to be in the same namespace as the pod referencing it as of v0.0.12.
• Defining driver configuration and provider-specific parameters to the CSI driver in pod.Spec[].Volumes has been deprecated in v0.0.12. It is now mandatory to use SecretProviderClass custom resource.

Bug Fixes 🐞

• marshal secrets for non node publish secret ref (#339)

v0.0.15

Warning ⚠️

• The SecretProviderClass needs to be in the same namespace as the pod referencing it as of v0.0.12.
• Defining driver configuration and provider-specific parameters to the CSI driver in pod.Spec[].Volumes has been deprecated in v0.0.12. It is now mandatory to use SecretProviderClass custom resource.

Features 🌈

• add rotation reconciler (#303)
• add trimspace to sanitize yaml fields (#327)
• add event recorder (#323)

Documentation 📘

• add doc for new provider gRPC (#317)
• add doc for auto rotation (#331)

Testing 💚

• Add more unit tests for secrets-store pkg (#308)
• update e2e helm install for grpc supported provider (#328)
• add e2e tests for rotation with azure provider (#329)

Maintenance 🔧

• remove unused PodUID field in secretproviderclasspodstatus (#325)
• update default rotation poll interval to 2m (#326)
• change health check port to 8095 (#332)

v0.0.14

Warning ⚠️

• The SecretProviderClass needs to be in the same namespace as the pod referencing it as of v0.0.12.
• Defining driver configuration and provider-specific parameters to the CSI driver in pod.Spec[].Volumes has been deprecated in v0.0.12. It is now mandatory to use SecretProviderClass custom resource.

Features 🌈

• gRPC support for driver-provider communication (#280)
• add managed label to secret created by driver (#314)

Documentation 📘

• update install doc for sync secret rbac (#306)
• add known limitations docs (#311)

Testing 💚

• update test for secret with multiple owner references (#309)

Helm 📈

• set resource limits in deploy and charts (#312)
• add option to set --grpc-supported-providers in helm charts (#312)

Maintenance 🔧

• update crd apiversion to apiextensions.k8s.io/v1 (#313)

v0.0.13

Warning ⚠️

• The SecretProviderClass needs to be in the same namespace as the pod referencing it as of v0.0.12.
• Defining driver configuration and provider-specific parameters to the CSI driver in pod.Spec[].Volumes has been deprecated in v0.0.12. It is now mandatory to use SecretProviderClass custom resource.

Features 🌈

• Add stripping sensitive information while logging the grpc request (#259)
• attributes: pass csi.storage.k8s.io/serviceAccount.name (#267)
• add preserveUnknownFields=false marker (#274)
• Add metadata.label support for sync secret (#273)
• rbac: move secrets sync to own role (secretprovidersyncing-role) (#266)

Bug Fixes 🐞

• use namespace for spc lookup + unit tests (#264)

Documentation 📘

• add release doc and targets (#258)
• add release, go report, go version badge (#278)
• Fixing links where files were moved to a new subdirectory (#283)

Testing 💚

• check pod ready status before getting name (#270)
• move tests to subdir for provider (#276)
• add test for multiple secret provider class (#261)
• remove az cli req (#284)

Helm 📈

• add tolerations to helm charts (#262)
• Move tolerations block inside OS conditional in helm chart (#272)
• regenerate manifests to remove unused rbac permissions (#275)
• make all images configurable (#260)
• Add support for envs in helm chart (#279)
• implement helm best practices, add recommended standard helm labels (#240)

Maintenance 🔧

• update golangci-lint (#282)
• Driver images are now hosted in GCR at us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver

v0.0.12

Warning ⚠️

This release includes breaking changes:

• The SecretProviderClass needs to be in the same namespace as the pod referencing it.
• Defining driver configuration and provider-specific parameters to the CSI driver in pod.Spec[].Volumes has been deprecated. It is now mandatory to use SecretProviderClass custom resource.

Features 🌈

• Use controller to reconcile k8s secrets (#224)

Bug Fixes 🐞

• set context for provider binary calls (#238)

Documentation 📘

• add docs for ingress tls with vault (#212)
• add note about community call (#244)
• Update community meeting (#250)

Testing 💚

• update azure key tests for latest release 0.0.6 (#213)
• Update and fix e2e-vault (#234)

Helm 📈

• update node selector and make it configurable (#232)

Maintenance 🔧

• Adds image automated build (#189)
• set DOCKER_CLI_EXPERIMENTAL in makefile (#218)
• Switch from manifest-tool to docker manifest (#225)
• update to livenessprobe v2.0.0 (#248)
• Driver images are now hosted in GCR at us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver

v0.0.11

Features 🌈

• allow kubelet root dir to be configurable (#207)
• update base image with debian base (#205)

Documentation 📘

• add slack channel for csi-secrets-store (#208)

Helm 📈

• allow kubelet root dir to be configurable (#207)

v0.0.10

Features 🌈

• Add support to sync k8s secret (#186)

Documentation 📘

• documentation for windows install (#183)
• Add sample for ingress controller with TLS (#192)

Testing 💚

• E2E tests enabled for windows(#181)

Helm 📈

• Switch to using version instead of gitversion (#184)
• Package helm charts (#191)