Releases: kubernetes-sigs/secrets-store-csi-driver
Releases · kubernetes-sigs/secrets-store-csi-driver
v0.0.18
Features 🌈
- best-effort cleanup socket (#387)
- create target path in node publish (#383)
- ❗ This is required for Kubernetes version v1.20+. Older version of driver will not work with v1.20+
- Build and reuse provider grpc clients across mounts and reconciliation (#394)
- add pprof profiling (#396)
- csidriver object api version v1 (#402)
Bug Fixes 🐞
- skip pods in succeeded or failed phase (#388)
- set key type to rsa or ec (#393)
- windows image build with buildx (#404)
Documentation 📘
- add netlify book configuration (#360)
- add mailing list url to readme (#381)
- update doc link for azure tls sample (#391)
- update install doc for crds to check (#400)
Testing 💚
- Fix vault bats tests for v0.0.6 of the provider (#380)
Maintenance 🔧
Driver images are hosted in GCR at k8s.gcr.io/csi-secrets-store/driver
v0.0.17
Warning ⚠️
- CVE-2020-8568 (Medium): Secrets sync/rotate directory traversal. See #378 for more details.
Features 🌈
- update deps and switch to klog (#365)
Bug Fixes 🐞
Documentation 📘
Testing 💚
- gcp integration tests (#340)
- add gosec linter and fix warnings (#352)
- make tests more deterministic and retries (#359)
Helm 📈
- Add priorityClassName to daemonsets (#337)
- Allow the 'updateStrategy' of the Daemonset to be configured in Helm (#362)
Maintenance 🔧
v0.0.16
Warning ⚠️
- The
SecretProviderClass
needs to be in the same namespace as the pod referencing it as ofv0.0.12
. - Defining driver configuration and provider-specific parameters to the CSI driver in
pod.Spec[].Volumes
has been deprecated inv0.0.12
. It is now mandatory to useSecretProviderClass
custom resource.
Bug Fixes 🐞
- marshal secrets for non node publish secret ref (#339)
v0.0.15
Warning ⚠️
- The
SecretProviderClass
needs to be in the same namespace as the pod referencing it as ofv0.0.12
. - Defining driver configuration and provider-specific parameters to the CSI driver in
pod.Spec[].Volumes
has been deprecated inv0.0.12
. It is now mandatory to useSecretProviderClass
custom resource.
Features 🌈
- add rotation reconciler (#303)
- add trimspace to sanitize yaml fields (#327)
- add event recorder (#323)
Documentation 📘
Testing 💚
- Add more unit tests for secrets-store pkg (#308)
- update e2e helm install for grpc supported provider (#328)
- add e2e tests for rotation with azure provider (#329)
Maintenance 🔧
v0.0.14
Warning ⚠️
- The
SecretProviderClass
needs to be in the same namespace as the pod referencing it as ofv0.0.12
. - Defining driver configuration and provider-specific parameters to the CSI driver in
pod.Spec[].Volumes
has been deprecated inv0.0.12
. It is now mandatory to useSecretProviderClass
custom resource.
Features 🌈
- gRPC support for driver-provider communication (#280)
- add managed label to secret created by driver (#314)
Documentation 📘
Testing 💚
- update test for secret with multiple owner references (#309)
Helm 📈
- set resource limits in deploy and charts (#312)
- add option to set --grpc-supported-providers in helm charts (#312)
Maintenance 🔧
- update crd apiversion to apiextensions.k8s.io/v1 (#313)
v0.0.13
Warning ⚠️
- The
SecretProviderClass
needs to be in the same namespace as the pod referencing it as ofv0.0.12
. - Defining driver configuration and provider-specific parameters to the CSI driver in
pod.Spec[].Volumes
has been deprecated inv0.0.12
. It is now mandatory to useSecretProviderClass
custom resource.
Features 🌈
- Add stripping sensitive information while logging the grpc request (#259)
- attributes: pass csi.storage.k8s.io/serviceAccount.name (#267)
- add preserveUnknownFields=false marker (#274)
- Add metadata.label support for sync secret (#273)
- rbac: move secrets sync to own role (secretprovidersyncing-role) (#266)
Bug Fixes 🐞
- use namespace for spc lookup + unit tests (#264)
Documentation 📘
- add release doc and targets (#258)
- add release, go report, go version badge (#278)
- Fixing links where files were moved to a new subdirectory (#283)
Testing 💚
- check pod ready status before getting name (#270)
- move tests to subdir for provider (#276)
- add test for multiple secret provider class (#261)
- remove az cli req (#284)
Helm 📈
- add tolerations to helm charts (#262)
- Move tolerations block inside OS conditional in helm chart (#272)
- regenerate manifests to remove unused rbac permissions (#275)
- make all images configurable (#260)
- Add support for envs in helm chart (#279)
- implement helm best practices, add recommended standard helm labels (#240)
Maintenance 🔧
- update golangci-lint (#282)
- Driver images are now hosted in GCR at
us.gcr.io/k8s-artifacts-prod/csi-secrets-store/driver
v0.0.12
Warning ⚠️
This release includes breaking changes:
- The
SecretProviderClass
needs to be in the same namespace as the pod referencing it. - Defining driver configuration and provider-specific parameters to the CSI driver in
pod.Spec[].Volumes
has been deprecated. It is now mandatory to useSecretProviderClass
custom resource.
Features 🌈
- Use controller to reconcile k8s secrets (#224)
Bug Fixes 🐞
- set context for provider binary calls (#238)
Documentation 📘
- add docs for ingress tls with vault (#212)
- add note about community call (#244)
- Update community meeting (#250)
Testing 💚
Helm 📈
- update node selector and make it configurable (#232)