From d17ea6a41aed5284fda895d6d48f50cc5f9f175f Mon Sep 17 00:00:00 2001 From: Anish Ramasekar Date: Fri, 16 Jun 2023 08:54:24 -0700 Subject: [PATCH] release: update manifest and helm charts for v1.8.17 (#1435) * chore: update debian-iptables to bullseye-v1.5.7 Signed-off-by: Anish Ramasekar * release: update manifest and helm charts for v1.8.17 Signed-off-by: Anish Ramasekar * test: update e2e string check Signed-off-by: Anish Ramasekar --------- Signed-off-by: Anish Ramasekar --- Dockerfile | 2 +- charts/aad-pod-identity-4.1.18.tgz | Bin 0 -> 17734 bytes charts/aad-pod-identity/Chart.yaml | 4 ++-- charts/aad-pod-identity/README.md | 4 ++-- charts/aad-pod-identity/values.yaml | 4 ++-- charts/index.yaml | 17 ++++++++++++++++- deploy/demo/deployment.yaml | 2 +- deploy/infra/deployment-rbac.yaml | 4 ++-- deploy/infra/deployment.yaml | 4 ++-- deploy/infra/managed-mode-deployment.yaml | 2 +- deploy/infra/noazurejson/deployment-rbac.yaml | 4 ++-- deploy/infra/noazurejson/deployment.yaml | 4 ++-- .../charts/aad-pod-identity/Chart.yaml | 4 ++-- .../charts/aad-pod-identity/README.md | 4 ++-- .../charts/aad-pod-identity/values.yaml | 4 ++-- manifest_staging/deploy/demo/deployment.yaml | 2 +- .../deploy/infra/deployment-rbac.yaml | 4 ++-- manifest_staging/deploy/infra/deployment.yaml | 4 ++-- .../deploy/infra/managed-mode-deployment.yaml | 2 +- .../infra/noazurejson/deployment-rbac.yaml | 4 ++-- .../deploy/infra/noazurejson/deployment.yaml | 4 ++-- test/e2e/framework/config.go | 6 +++--- .../e2e/framework/iptables/iptables_helpers.go | 4 ++-- website/content/en/changelog/_index.md | 16 ++++++++++++++++ .../en/docs/Demo/standard_walkthrough.md | 2 +- .../en/docs/Getting started/installation.md | 6 +++--- 26 files changed, 74 insertions(+), 43 deletions(-) create mode 100644 charts/aad-pod-identity-4.1.18.tgz diff --git a/Dockerfile b/Dockerfile index 3ad3e778..60ae46bc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,7 @@ RUN export GOOS=$TARGETOS && \ export GOARM=$(echo ${TARGETPLATFORM} | cut -d / -f3 | tr -d 'v') && \ make build -FROM registry.k8s.io/build-image/debian-iptables:bullseye-v1.5.6 AS nmi +FROM registry.k8s.io/build-image/debian-iptables:bullseye-v1.5.7 AS nmi RUN apt update && \ apt upgrade -y && \ clean-install ca-certificates diff --git a/charts/aad-pod-identity-4.1.18.tgz b/charts/aad-pod-identity-4.1.18.tgz new file mode 100644 index 0000000000000000000000000000000000000000..631bd2ec983ba4499818aefcb2c519152ac6d816 GIT binary patch literal 17734 zcmV*QKwrNfiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYQavM4FDA=EQihR_(XsKI8O0r~oxbEInOY)4OEmhAw16|`Ha z9}yNS!eT09ujK)a2n%~aVkXBOK_VjQ6%qg2NdK(Cv;bnFdm!dx%l@4a}jTK~%^Yj8-1Bn=f9 z!q={6Z%o6e(^`YeF_XX~5cseClQ-Uwi-;&i0~oT9>I#R{4~d{~O#~x@kV;S-1{4w^ zB@KYZio=Ab0u+sskSHoUEnK~Cuc;6$pgm}}Tf;OAD?heaL`JmN0uVIek|{1GJ&1hK ziI^|A+Ur^>4jA;x>8ip($8DO%tmP5TTEqbjr0Pw7kiYDiD#H13FU+KiuI3*F)y)7)2)^Xv0;L&7aZnGpPsswK@ZwP z5=z?EQ}GWyv!^G=AktU@kAXnU1FC0SP&he0(0nJ-Sa-CkQHb$J#jj`#g8ntR_zhUu6cf5W%rr>MM6>eAO;~Y2Bz?XMH1>I* zans#Tc#8kEGEa?(0xhKjdl9gID-ppz$>mJdS9r za9#Y2b!0lo6sP0E9=t0404y-I1T{*^-vm#S9=t-HcR#{N|7t2;N0*a?_TW`tDiQ}o z1brMrtYvTr*G#CCgb)#b%wmdbM{Xkb^sgf+O=UN=0jhCYo-sAni(sm?^hu~mr%d09 z#w1o|5EY`BkJ*6ykkQ7v<|DA60~cC4aOg*p^^I6{tn*G%0VgCTBbtk@BJc}KjOGpu zx$fCXD(T6^F@jf4cHO11*hf)8gOiKngM2o!u_GlkXEuU)n^1wv86wRNx_)u7bh160 zNpRd?sv;+kiA0$aaNMQb5;GD^b7^Z0_Vwzafn5PTXgfIVO=w33r*?}wL{2#F!dazO zD`I}nZKyqnnBM|WWYmLeYd5q2)5)3Bq-AmKOti-h&7kdHQ6p#S=fihNsdW|}d10-k?GM~sE z?3h0@lLG)CWD!&L-vEA+_F!jgE3$t_G(r_-duwO+gyD~FV<09wGkf7^=t-Sf?tLCHScjG}fCE>HsoL5-#+H%3}yw zoPN;87!T+L4XLlVFsPSF&1KKl)l9-e%T%%lzyE>N*T91-I_W|Cz*28t6Ii~D!%5rL z05IIhMGx9XADC3q(sF+|)O+>>L~1ook|f~-*Y22V-n0TwkFw!fGjEc8n%qF(kv6FA`^A8Bp3H^m5JE|uOP3$>9Y%go~ns-BjSOCLZJ zxKjq5xg?A*LP}g(Oh6`Dwb81oRD!TrNe~oS+K|w$i%cW7I))nw1Uw=vUY8q2z*6Fm z&4SYAP<%(S-*9miauUcc$}de?*O6xs^$Lh~TltJ$;MarvV`%|JV1pnBXBwe}b>rF2EzyHlFnE`>5k^NQIfi*=;YyB1>zv-gQK_6kUAHW{*!rc)9O zx<;5EW<&iY4MtWEH4_@Kc;Adb6KGq{Tu4bk#gV2*wuslj+0yniQ2QMxti9u95qzLG51~q+UT(eI+CVLZ59k>e zsso2fw2Qi?iRT1BrC%QvHi`IiB!I}qccZT5A{GTiBtoF7oUd{ixV#oV$x=FuimQ`1c52OM3J70s0n@WofL}PN28$P?`_0a0#MqT9@P#!~!U8ei48xSX{FB7nTxf#V?%(8h4S z;wR1#hk^$~x|F8e_!-h0MZ4^+a|uBADHmNzlA!ygCuNGM+#)jKKs1 zjrg_Or*)q(<*6)SZ8u_-irDydTt$Q2VP&;xsg)Kd=Y)JfiJ0@Ep3rP>P#kUuQ!t=I zE~vpwBUGN?b(}YAZ?SmP)tkQiBcH*c;1T?G(*5n^;$lN%>l29r(n#=nl(*$H%82i= z-8ss5XZy*3svC-~NV6d{cnY+JjH?OVXlV4IqmxNgk3uGu#t*AFx5sgL_A3ZK)7Gr( zYd`Di+-*%|%;Sg^{0wo#zEMBJJsb;r+dKF5D;R#d(7G-iS^H6;|M8rozuWM)0bcyY z^$?K{?_x5gnSO!ZinRyY^I9S*wAgdMN7umJkAX&sn!pvEn0?DRIKa3!vf~;pjj!lL zZaRmxR^{k$h?=y~1tUt(4r0>CO4}O+dQHVdjafYEOgUd##@i?v$6g)=`5NNpFE%~ETz9(_mzl`@~BwSwcp`l$-@VRn73cSSs)l?Fw( z)p1<&*?M4WzUbcML@F9hTLp;Wg{r)-H87#R(RUF$~vM3X@$MJ<}RHN-j z%rDz@a;&vBp9w!@s(J*sfMpjk|FmS#+=3?8J)J z4)U`oI5?@@guzbzM0V?Q0&2aA5|Nh0r@!w8s5!kKk z-|f9M2pDB4W09tAEoOD>v!{F1jocYUNx`V$o+H#-?J1HqDQ z=4Q*jZ%=`p{1g6h%=FnL{7-vCc!egzI-Z-1A zs7Xns)rbMbNwTs+<0+}a<-f1NnrSYL)U5sPA(J@I=-)ucA3ASiC5V5ejXxBHsM-nY zWd?<=V%%@&jd$b(8V3nysQDQJ9ynNswu1}_F(7y{nHkTPHP-B?ktL*Y@|s;<_cWp^ zi}%6#sGcpa8wGfKLr+g?!kNk;FNTg;6a=cEX#Sa&TN{-Yo3>NzKSv3C62pK(U}h1c zS0r^VX%kXoM3>`0E#aiRkV9+?%9cPTR24+_W)bL8N zQgPs*%2HHZM3UTRSt7L7c5Yd()9(?WI3Z@g4eAw50c`k&r} zr@}K8Tcj`sX0+5bXydP$$ZVTm_5auq4^0C)WHBvzdrDI{$=E52Lt({3)lA(a(j2bn zk=Q<_4+ZA*i^l?d*wla4r|s#AP73{$y3k7)wt5(};Z=0DP4j)b2NzauoH@B+Kkek7 za*=|(;!~m65Z#xyH!Ci(zPrWHAzAv%V?oy~0E`xr*`FT%-Ax3))})r*lPpfs2Aw$O z>=vU|a%y+8vlDw}Yp`*T>orunor1YmGAiL&;M+H%KLt6Lo_RW!+Mm4 zig^a(4cmaEA6UqUm|WU{xZ@H1(aIOMwla<^uRYIJYiHGrpHEu!gmKt}mRf-r2Y!T#a?n@!k1Kf%e<>J;ps9pjFyw+d@$c3Q^Q{m%7_Z1B0`slT*R z(bBWP?C$B?%cF~q`k)@#$DI2=+uP4yOvV2{-`d?<#s4p({1;DQOs*-&6g9|U8ipns zmxNmJtb~xW*aTYqnt8yS68GO)txFEqRG9D?qN`Ip2%kP#E6GPr9db8d4%@Cv!gOZcy*$fdnsv z_KdicpW=wM5fd6p`jj0-%x^#SD6~DL$Iv?EHy8}9?F|!AZO`{3o|#2M65%#w&sL{s z+PmZNrv}|!iRnK}nIZq*k7<}t(NW0*Z-UK{|Ic1j?tebt+uL2q|7DbqAG<%mHH&)a z5E!zMYQ6QRNKcDDrakzf`{`3l*J>SoNSw*)%&N>f>$Ge=&l+LSp60BMZqx=ZuZG^P zj=6A*_OTQ1#k*f{3reK14|{*bf3oNz9S+$CXnQ#@Ezb164WiC$&-yT%+P_m0vLT}Z zD!RIlPU|1kK*#zDoTh&f$3qZCo*N)p2!*-Jg1<49>C)(QA`%FW$PQut#JlTs z`FycqHrLa4?Xo(J6&50h-Xz^0f5CC|ep;O71w6AUF;GhTUyf_(*E=Jq4RSSv_J5b& zf0ykkXr|x0aADKGXHzL+ehsAxsA%4@YKDC@b7fC&DW-LE+riVIv|DU1%6+(F* zmJMKz{gw;@lt{x|HREu;(CZe6iB=)oH%Rf{Pa zNn@)E5|1eS<%&)=;V>3F4OqS)-= zw2eW_!0DJ1E$qO z2gn=-eEjHoM!#~_Y3?}x_|YA12GDjtwjxI5ZTuZOzvV?XR#`FwE2S02?r+86X6bsxcSrKiDFdP*!IsL|n9r@@Nqoplml+vrec8AerW$O z4ZjL2;el*#LK`ofmfAx*WK!vGH$?g4HY@;*Uej1jp<#k#G@JzCEC9xYvqdDC0yUzD zPY%%pE-wPoMSe|>F^6S=H-W6(Dy#kA9^z`b;2sUP_<_;-ft4p*&ls1FhE$phP&(`%`W!1oEJ+xmXG$L}>4Q$H0y8Qlq zDru=DY8vkP!c0+7<7VnK?A3q%t@=sI;`_hTdG4+T%scfcXj@=l=3Io z|D9>_MX3QYHHi$gCSXQn{dW7l&r^(^y7w5$mR9YFe@m~(b2`)mttwOx=-Wx{8ASZn zMdnvk=E(m--lY5cfM?79ovoee{I5G(JKHP!Zz*MNY*i-Zr-eL85}C{M!#r;EQRMg{ zGH`j)9*TDzOn0TU*cwH1$aa|jtf4zERh}oV5c8%7?mie)Wa(ORP5!Gp96IIWd|vQi z&L63xRIk=ocs~zbr_O`7AU*~6baCRcTjOPisp9`dqOhT6EfN*KYlYP4Qyx?QN~V!b z-+^>=<6g(JSNKck(oS9H7a}QM`D&vSwdp9e1Z{8NWXLhu*?TV2Xxal@9cAIhe7SPN zSc~-=W_@bNMOW$+4%3;9b12oE$5o6ft#4t0`L8oBX>M6M_ia(zI=!!$Sp)%`*Xaxo zdF`6y4^wNr+V~d!opMEI;9$dEFd@D>F|g^RvsIC0#b_5g#Gg8Oifs7wsXK)aR)J5S zdQ-nEGJ;Q^+GXg)WZ9K&rfQT{wiuPN_7x5qvy;F)vu?4a9%|e3FfEQ*Z9h#RTFC2D zLbzrgGjJgvDK1q&g_v$IMe9-mj%i2;$R<9YMr%exi&y2hYS&pdkV?Y&XPT$dXyyFy$+X%T?;#IEK%sR_Mu$n>2-J^;bRa9aSaN5LpdQ#2PV zS91<#^#B*eF3Z(W#b>Nk;^B8M;i9s%8d@&eaV39R6@f~XiqM%2V_{TWva}i$+^4F% zt8KGrmz6AhHR3U=gSSDwNHUFu2mj(MhW2KAHoygha6LN|@*h;^BmdsS6OGMhpil%+ z$#+;qqEclVjX5wDl>D_h$Ew(vY8j2Zh#`{wDY3?h}7^|QpcpHb4bI#Rk7E+VhC`(je3XQLOr7;_w_vHBC{n^{Y z_ow?OM;B-N2S?S3;f~=Zm9*^P|g0#@je|9v}B+G1)Os zwA2sv-Nn)SlZ)d=8{|9e>*+}I?&9eDz03EeF@OK~4EC=6Rhp-vS*@0{kZF|XKdw6b zic_}#f4ncuaDmxo$X)#ecr}A-A$fOdA=j*P8N(dSY%n1$y|CS z+uI$i8Aq5rbzEK&!4>y;*n`W1vsoILMV|{;Z_w;E?m~@g9;OjJ;c2WM;O8^rx_T)+ zlhP;MY?@`qJ6tZg?Qz_2`AJ8I& z#!4lBqpB<_62!ARrX*D3|CBy0?#MB0U&q?@wW~J(icnr|z1*r+pQfIDt?!VAWRfMK z+%7gWuOejM_Aq_{a~YHm;#?N70{BAO<-+MkevGlbGZjKsnz6@OYG$FysRNq1>ub*1 z8gprQvo*~Fi!8H6j!b3_YTo);9KAV9Y1XZZT0SUdht6A-b4J(l!poY#!V2{4sj2+5 zG0S*-f2f75&N<*xs^^EmZg_jB*i+NdKt>pZxjH2V4Q28~?doiT~N! zS-tf@>~oHLreSZd)@$_pS$Z`Fh~AxJ>Q$U|G%@d^Wxb`{x74{$DB<+I9S*NB#o}AIN(u21cmm` zKW%q*w!N)3bPh;j-ce*!c79C<)C$Ke@yL|OGJV(F5n{f7{Qd^}p@sJFEO3 zODXej^37O~*($uSJYvEC?-~K#bW5)oZG6w@?o2rn?3#siR7``9sp8Mvha>5ekQ84M z02oSh7Y3IrCU+=AV@Bjd51#MsJ=@EC6cLNvTSFq%V&f#0>O772rIrS1l7uv(u_B?p z82Ko0U3P*)!IPp0b{8b~-@Iu}d6B%#zheKC?g%G8&M)+aJ?+O66lrf*oPKEdy3!}V zxH3on7b4g1-^bki57YYJ_KRoFwpQ|g8Kvg_XVIN}uj`-Lr67AU{1sjZa>Fr?wU$%J z>;t}aYM+gz@ii0NJf>;#dFBaa+O>z&U#bFt?}cNJDAp;<7&PRGE+_&(uQmnWdzv z@9v;JXII{xedc-*RSVhUQs;OGvMMF5lEMRr@ zXAIz*Ne(f0|Ho@q#9XtwryelR|FgIKY})?Y+FRZKT}pY9{0{{Mpp+BgD^vu&bO|wI z{l^hoPX4#5|7UA=d*%OKN||%nc8OWt%IUb5n9e1R*fO%Z6;p*Rn%`}HuCe-DTy;-E zLM1C#O|SL|%xcGf6eZmgXIOJTEs*$Z_M9x3)#3@0rOm*v_(H%JlS{2;k$zL^@>f?D z-~XR5|J%-9CI8#r%Kx{N@?`t}eY3iKRyE*}vbxodVM$rtYWrSgbz7DCGDrRggho7; z4?6;yE&sQ7_nuAX|J+)=|GA_xBcmIV{^B0zH}@8Q%MZO zu-$pl*}}li!t9t7ano1K(g6*r^346KyWQc^KyCZFyPS<9x{q*hO5$0T} zG^?z*`y}?7(Q=WCx=5Mi67x{uo_5KiEcwoHY%hFPF=B~wd5T`smkPV17_&2G79- zYO2f~{{xb?&1=3W2?l!mI<~1LPpl?d#RRKmnJPV}vQA^P0JO$Ab}+rMNvG(7XDTb# z*84kFJ9kky^9FjaOr&!fE|8DTLRc^p>FnCGXj-RpJfEX;xUpyFIbNjqsscXclb%J# z-h5PK@65GpmUTJH*F88H&*`k@cowE37XO+KXk5*c;dxlqi%nfG!OGs1sXa}O1;O5x zHuLmBhiX|LoJMYjw)f}DkylGKNfk=w{h^}5Ea@s5k}9`J>1tL&Oi#vKP>bSZMEL=a zV+d>4M~xfnEz;o)moGPXlCs{Oa3EcB|S#|qgv2U zmr@6nokvfpgUtLmDRn;g@y^^b=lpLe_kVYuSKj}7zPEb+Zz<(ZbN_cv+{Xj&|JHfv zzxg}CI9M9gRVeEo^_ogi6Iop^{zA(f`M;F=KfAlr`CqoTUaaE(mQwBz|Myt8dcJ`0 zkZ(uQ%vk^EK^qdE#iL>zu)MPrn0NnY_xVmG|I;e}%W_KL{@;3?5ZIXd*_;CEE&Mfd zMj=2|KJXprI}4Js5b>@Vy?Hzt(TqD8jRYMLMLor_(;l?7O4+_kI~p)`pLTeyIcsRI zEomKV!7D6JcPHnuZ{<92Pz^V87QdVG=@X`V{CxbZS!C(_{8jU%5nj3to_Q4h<@3-! zai@PvkQFweZNfy#O!2uT_T!ey{;#dPlcP=)JYF9&_y6r@ThCuSpUVI9?8Vk9{(C89 z4W>Du)%tzS%@k~{Z->mc-c-eb;LTK< zS0#5mqoOlTe1=dq%( znlUNei0DnB>yL?0vejCHzw3^knf`3f|yqu3y%hA!BC2X0%p;8hCL{W#|ng6i*dwmVz>;&I0< z^zodj^rQRqKmW)7_5c09|7Z0Je%0`vb++o^ZQmc>b{)K(`@`F*gZJ$I@SfGd+r1yW z-KP25Yk>EE&jeOW+?S2Sod>Lj688sILxz`)Y%&j64Gms4^2j`3yLG^t7-Sx>y*gk` z+%XT>^EzPnWsMhgz@Fa|*vmR#FYXEKuXVs)-j``h3~GV>^{&9Qyg!bW;6aKCYpb;n zl0`{K;di~C=2t|X|Wr;dc(L@^RjcJ&`gr{KaEFcim z8#4^ZRFU=HUANYaT*FQQ_hqeOM+|dKYjrk6)64Bb`{Yr^I$eIPd!siSzy()ipR16i@afQ&hHoaEr8<6mqtDypcC5bmC@XegD^sjoAP)%{q6VyODM`?DEw- zru)%Vd{vm*vddjhbXO61CA*6AP9u}__wP^NULN({zlUS>y|kOG zaD>v;C5h;C(o-TUTpII0Tfu_b6+#1GaR**=0sFsRfYMtblL+zT;QbF%5Ib-@G-8#+ z->X@DZ|Z8_hav9e8qbj+vBKKbHKRvl7k(zAuxh)qFT6!JEf;OTL~z>dlw%r(E%KjS zuv?+;jo_8T%0sMv1}}zJEbw9y(VvaYy3+x(&ziZ4=}qV$1UX2J4M`Hg6TviW-Mb!^ z{yiJHo|zjQrgJQGTCchpx1!|K8WXM%O=o9?|KR2oXN$*FZw(O_6#AvDw~vdgU$-6i z3*HOGVL-Dn5DAH1Mto@WEL>CNWlDlTe~a9Rrd*p4GO3&3w`=1spO7d-Yy?e0;?vSh z93O5%mJl{)Y10%XhpnAZqtzAHDAP(=c}5VYX-`5f;@vu6N&>%$YnaIw6q}Jy;?OAx zviUGPSktKArOGdC6?Pl?m*jDOQ@4#Fjg8b)X5~oZxHX$=5LCFPFaebK<2(s2#$fAF zUz(8+BYZ0CU%;KzU@WPEzMFW1yvaV;Rg8+*H#0!0sJMg_Py1{wzmXR*@zNGekjW=cT7@$FYX6@tbpoWPh|Q;?}Y1`-!X zw+RFS8u8MIwa%A4QuOQ8 zC3Z>hwp?A%3BYqBvR0SY4>msb26=ZmTEEkANFJ<8(J?`S(m z_j7Q5nCV4>NwJ}z$jk--{20(7Nkaouj(HjeTC0jkoRUzhh#@7KifIDtY?y838#s3Z zBF8OjJ-R9IMF0))0G-;?=tck!ZI~Tn-?4e^$#w$_cOLXE83__l7^N(r#&=+T(yWPs zrflSGclJ7a+9ccS>=m7IW1<&~@io!_c5E;L+>Dt&1|P|ja4Fe9(`HQKkv$|b%~OMh z;cUI$-35(G{GBt`29q8#vaRThRRq_o>;|5}+cGqhFeVZPR0~t~!L0T2IQzQ6bJV92 zL9ew;A@Ky5lv+bX%!jGc^24GowWgI%h_Tty@>H5x)7D2kK})vOrxwF99gV2OmBYmq z5j>6YaR(YO<%C5XF=YCP`I_C?kV+-ZKA{%}s48<->?Dq%^4+;Cd*#E;Sv-KUtXczuXsV~O zB_^rokw045Tqv9H0ZRZrL&eJa7u6Bg#3$(@gTo!9q@~(&Mio!J}Q2_5}xZde(b+$G@?>jy*yE8#|kiZvn2n>jSbwfnpF>O-2 zWB&DlpyZ0hqYVc+rWBDg`!EpSY(mzzf=9)zRwaf&OXEQBB%y(e8jy+z)vyU6m@Y|@ z!nX9Hv)6%wp^-`7%nxK-uUQj5ti&?pim0SknQ|t52hQoxxb%>CzvG5kJwY3UeAJED zNDxImjk>45c-K3g;`X1KGWV_POIMFVXNF_}%9(b1jSThNRd zm3`~lA`p?J>^aH_TO6$DH{4kcu>~Jyc94|&O8f4BJ7Ebou?YywmU3Hv16b2Dp_NT*2v}cI=6K7!j<`MtC0}jsaLw*1Xv-|q zWK9=^I}GitSA3potEa8HP4mZgc7q~6e=@aAwzDnQv|F@;Wa%%D1zl$bp%o;%Wv6R5 z5&W73RLJg0X31JZ-Ytx7(G!qQW;fpvNkk1YxsS02?W`vj*kR_rl(zY2{>f^+J@XgT z)5x>6+OF0b8V;EOha|zn3g_7#P!|Y`^l@4dNBh5c5M=>o2|A&z4b^t*#|jJm2o=`B zA7}CoIxO^BsOO=KZ!EW5(TM?Rr=dN!gGXS_AFIsyyfRK&=Fa-?D1udRW}e3F{GG1IJO61A9xU}CszWv#m> zM39IoDx~ATit&{@?aZQaE;lPoTCH0+b5QDo&`P0d#f;dia@V5g&rJW*cU2p)eb;F1 zRavMkasEtzsTMhJuc;6$pfw?-MUJ~r!g?AKZH=R2o!h1ragp6h%WtmPb69D>tfOj? z2%1nMQc6dE8&A*IOD?z2Z?|X8@Z)u*3G3#6E^&*5)r}rP)NipYo3PV~$7c}s7!!~e za+I&i9m*~ABVSCN=yRE!=T9w;hp<3_uv4kt>!3QqCaIR7CL{c+EM9J*e>^

P%2c zWA&74Hz#c2iHsR5_H7}Y&_1eZJp-wvfr-@7WJlXkgOyK+{1;blq5u0I%iLq9{T$7R z{gTBfY*uegy66!M>sP$wq|m}g<_4<7a}8_&JPs$O4a>cX#*t@}q-r)P`zSE(Ys{nz z{^~4cwjNsaT$51F)=(d*D_pVW-00-^AiJ1T-}Np0LodnGlVcEREP=;BFfLIqRYBq8 z_y7a;%~cKSpVdE_;4K%-<&!YX0_!owzwXt9ww#_Ecd&_x;~r53L>t{Kus}4!m~5Wx zKhzoMvAZx*I2@XEit)@OhAc1yos7DV8;s4MF$P0nU{4WGnbkwCGZAay1V&sVaeQ)k zf!)Vk;ZI}1(~*hzDPJqr$Qx(ct&L=Tdb%3I7NT1_7}DC*^R12PuaA3O0=i##xrII~ zM-o>FTaHNXPa|dsI~6Rr98|x8@;M1x3L~FJ!Vz{V%yU&1ET5CGCh)(Z_gh%%b%5ne z!4k{oB&@qvQQLneiW_cRtfcbn@;M2cUtFq1tckGMMKdny?ycCUyF6~;+bo}-u^uR=ch1}SyNatr;s9E?xWRe`YiQ@72B0GhDo zt=x_|n;pWsq8}9e^A_*Yt%y6T+(KVZ*3wRQG+_nBR07S1>;|#ZG#XG07k3S^v#nK` zTW+CWmz(rSy2=S_gXm{4vI4# z0LkmED0`>!nFwoh3(Q1J6Si>IX+_gJmCr#~_fqPdJ$Bzcv1+piuVU5iQf^@%+L8}d z8%V5}mpxc3Qj^Y*TyqwH&%Kb_G);N*(H*cIdjuE@Dy`5b#}NJ&7&k$qmO<5KJNrx0`3d%)BOY8&Jk-&cnN&E*!3 zO#%g*Ss>UfUuy*>p+DwQ#SK2)J9O1R*vz9l^<+dw*m7XE;x1$IG{J2a`G-!)*HLbv zZwa})Lx38>)`{ZA6}wuf3zUUcY+bUiyYoR4VFP=?eqmAU8a(1Oe0^mh!fx-)_UkU# zReo&82lR}KnL?sK*s)RxgzTDzET&Qdwg*fRvMNnw24QjLG+keAy?l%lpp39`68q;= ziOFH@T6KtJgvBd2*CYfMgQPx>0|`Xge5D!~gq$ZXvur{I;{o$cYS}UMuS}MBlR3?# z#`SsZv+%2y=L@aaXV15`9=>J^p)pa4iA>%}Do!qrYeDA@3X?7;%i)|~tHX?jhMe*D z%4Eh0siJ{Nz4zNm_qUUai!bAH+@qI82uq{nF=7BS!s0zElfPz`=Lz#qG<1E?e&6uh&6@V8#6c8{F zEZNs-XVlp=RJ~BdzrqKJm`TY0&6b4-`#3jfYYA%>;~7!o%56KnVsi(zea59oQPUQ4 zm^~D?udm#1#a>A>!*^P>8DULQSG&QUkPoOxRd3sA!bao+i_!>$uA-^?uGrRIYmUJu z(qy~DC}q4wYn7#Mwk$;0$BD71CoEF+*y_FgB4V1bnaQd++z_TUq#?)4l}cb-VwuqE z158L@=*!|!H;ujQk38JGs9S9m8RIMBhQ;jI$1r0HTCttr{cL@mI|C%Aupw+_=?tj4 zp?J05)GQIIuuyqyRj2`x_}-aG9Ka;z<92B^>z+VmUsrOH#mt@P(FhwyY|)zlrzgj& zn*jGNX0Dfa6F?Jo!J7a%VOKW+?p~IC6F?Jo!J7b@u&bK@_bto537`qPx(Tp^vh14x zmawav08d?(eG@Kf&*S&XD}Q%Kvs z@Vt`X=6w{Nns-t)0~`_>X$JV#WOVZ$i~c(T{c|&0#!u9D$@TjY`S30#*Mx;+5Yj$A z%e>u(b=IMsP2e_LKM(~36pQGFA*>h>zd1_0gqX2{@U~4VDV+bZe_)=<4#Vn>n;iu% zZ|eTsW!dlUAYl`k9L=LGa-6|!)7^A-G$xvkN-$s101_T(O*q8}8v6*Irhnyet%L{b z@|!uGU$!Vl!lGKd@B38BOWyFv-L2h8@l|sP2^A5O5)Wn-2a}D$ymyCExSC;p-8{U# zjTb&pT(h|RxLHT@j!9aMaa0(YY@h4isMOxH9b(@(I^dHS?}IUktO|qdI4XNM4QF`C zm%~2GiZu)HouuM5@mV}NFlNg+5A&!BT(Qz*kJlL5N6xMpy}^}B1Ew;2N9dM-PyY_= zoBG+4EK^7I_y~Crv3S#f(6A8bAZ4NQSX|uBOYl2zIi`|Mb%yVp=jjtLtpe37OGI&l z(AyfCZ(6`)8;E^_9e9jSpFJk+m%U=A-p8LMicd&_*ETTzyZ9(!9F%{|CPMTS<_oMFc+}!Q2?SVBijdfg>wIJ z|IH@spPwL^3u|ou>=?zeUS{9)S;*_c?K_rM#A=HsB5{iM*0HwP)U+TDq?Owfp5hjW?@Y$#W)6hxih|c__4|FF z$C8J%^*{fg|6%&KeN>e0$^*&Zd3Zgc_*?5p!|&M}flhYdg>8mgL5C!aeo!<3QB^Bxwj(qFj}qS*zD&%k#rLzi+$V_1YYEb zxw8=Uu4ZNkaCBc^*G(nE~!*Re7E)BzNQEFg%pyo->A@QvIli5 zw0phXx?*wAvs;Y|vOUa}P%EN}1VoWu3yQj*{u4Azk0goU*EHzlS6e%b_aKek7p&^@ zSP346RCpsAV`Z%&22>y(4$JGU&R%D$1*mBB;7$Uh1vcK$A(xbK>ROmni=v^j%gnZL z1N&@`H<T7iI6-@kIJ1&esFvBwRs=LW&5DS@9zc$x- z!=%D`Ntg-}Hcm0t(MDPt5>a1E_a}X>4Y&Mt?G}I~CgST^LSAnhfc}_9#0&(0Cp6wa zJO1t2Md@dNfM$=rHVnf(oh?f*C&Mf6XS4_+k|cW9G^t^jv~PC@ove#Q@PrCI(!5(_ zXt!Wm#SOlM(Dxc=Q_E~N)L>!9O#?ejbB~^BWjir%*k{-4iAx06feX~tq{~|4^Z1$y zg%>_YG5b#jO}afUB#Porrl^QXXs$Jy2Q?$2Z6pmB(zpNttH=(VaJ_HFL*B!<64~o^ zM@%_k;PWU-W85b6Vr7F=aUr__y{2JTvXMuGKW2*hDiyS=*FGW}8x0@|)-t2w`_kkY z+g>W6m7@G-WaJsMteF^J+qO;Z{mpDLomO;yba9zKCyNtq<~FY?^J&&o#Nwge=XFiI z>#U*BI7m2)jWgLkxFyp;#FWhSXvI5lfKm|O`bX6x=)iFd2PC550g?2{Ct1&?^z`H{ zHqAu=K3&<&Q{jUXM-4QoU5Xb8^~=jq(9rA>W0qt$n8}o5$C#&6KmKCu(@qJ6`lX7? zRkyWm&gpRaa~<}1ZRD*OXf&WfK!cox1RYXAW8X1Y9froWHJIcTrl)1o3ZKlE_QA{d z3(xiHWxWm=4Fg={1BxD+%3zx30cMD<`o*;pVRsT?bJmzERgqRd`zz6QH_^7>^w*2J za^s4~bEPW!YH3#|3{V0Z4Z|!Wt%9JpRR59tz2DjNSIlNnvUQdIj&EFB2pmFfaSpl2 zq^E`2H5ZLB<%4w~6g_^HCpxvmm@PiQiBpGeQ>D37m`@3qPYqoprsm}0L73c7HX5sD z5GCUN11o1I7Z~9+N(IGJW+TpRZX~2tAsL6B{Tq~icr9EbUeq@05!do>M8&KUHR>!>n|e>gSaX^KI!csJxiZ1G|EJK?AFkXozgce0$<+)=cJZaapJC zy*C6$maY%l<4NEgm&bWryp3zh?rc`n8fP%aK^4!!uz5UaFKxmg|L7HvJnOD9|AniuR-y&CjS7QDw8*_U%g%C);LtnKgGgj>J0nuwaM2(UD;T1N zKdj@e#`g19i7x0xo$-ANk5dxi0a+Tef2StJF2h%+idO`kazM2VH$gT|PB+gSEXpL1 zcXmg_4T8lj-TY!lVN??Q*&vMvX;CVT)W;D&0{#maD34<0h(}V3@3bgqYtQ1Y(iGPu zDXz(E!)Fg$h04mudyB_Ju&5*)ABK*uviO`hF{NjOiwwK7xkBMH*@tz8q2{^|2LFp)?-`2CNTfl7nl+)1?l(eu34*AWo03WR`iAjGTyh}nS;vjZOP6zD(# z!-6E#`@5pzfQM=1IK#vAgJ(pId(hE??dYXp*NLIWW&T5DkyV>J+o=TNp!{PEn39mg z+c}KKmn@=Ekti_^9hLoA@#fgbQeDH`04O?iZisZj;vG0vCPGiaC?$f#iW-l)O`FPM z7?UKSvGi=xaxMa`Mf!qE36g3XTv0Ijba08<(HSR^28`kCx_@*%xh^xD&E13Z*9Xs@ zJ^L$)Pc#+HLlo~W51ec+%&c47CZxVNGo@+XAC(Ce5M_RNoM4yCLCc)^Q*gq#9VTRgx2F3U%DRn9#$*IeR*sFwacq1MaqDxg{WQm^ z&rs^`cM{eZhd!gHrnvLv#+yH}vGI8EcowN} z literal 0 HcmV?d00001 diff --git a/charts/aad-pod-identity/Chart.yaml b/charts/aad-pod-identity/Chart.yaml index bf5875a8..83f80c80 100644 --- a/charts/aad-pod-identity/Chart.yaml +++ b/charts/aad-pod-identity/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: Deploy components for aad-pod-identity name: aad-pod-identity -version: 4.1.17 -appVersion: 1.8.16 +version: 4.1.18 +appVersion: 1.8.17 home: https://github.com/Azure/aad-pod-identity sources: - https://github.com/Azure/aad-pod-identity diff --git a/charts/aad-pod-identity/README.md b/charts/aad-pod-identity/README.md index a8be67c4..c8f651c6 100755 --- a/charts/aad-pod-identity/README.md +++ b/charts/aad-pod-identity/README.md @@ -252,7 +252,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `adminsecret.useMSI` | Set to `true` when using a user managed identity | ` ` | | `adminsecret.userAssignedMSIClientID` | Azure user managed identity client ID | ` ` | | `mic.image` | MIC image name | `mic` | -| `mic.tag` | MIC image tag | `v1.8.16` | +| `mic.tag` | MIC image tag | `v1.8.17` | | `mic.priorityClassName` | MIC priority class (can only be set when deploying to kube-system namespace) | | | `mic.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `mic.loggingFormat` | Log format. One of (text \| json) | `text` | @@ -278,7 +278,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `mic.updateUserMSIRetryInterval` | The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors | If not provided, default value is `1s` | | `mic.identityAssignmentReconcileInterval` | The interval between reconciling identity assignment on Azure based on an existing list of AzureAssignedIdentities | If not provided, default value is `3m` | | `nmi.image` | NMI image name | `nmi` | -| `nmi.tag` | NMI image tag | `v1.8.16` | +| `nmi.tag` | NMI image tag | `v1.8.17` | | `nmi.priorityClassName` | NMI priority class (can only be set when deploying to kube-system namespace) | | | `nmi.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `nmi.loggingFormat` | Log format. One of (text \| json) | `text` | diff --git a/charts/aad-pod-identity/values.yaml b/charts/aad-pod-identity/values.yaml index 5441fa4f..9cae2e4b 100644 --- a/charts/aad-pod-identity/values.yaml +++ b/charts/aad-pod-identity/values.yaml @@ -43,7 +43,7 @@ operationMode: "standard" mic: image: mic - tag: v1.8.16 + tag: v1.8.17 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" @@ -163,7 +163,7 @@ mic: nmi: image: nmi - tag: v1.8.16 + tag: v1.8.17 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" diff --git a/charts/index.yaml b/charts/index.yaml index ad5b5ab3..b0298cca 100644 --- a/charts/index.yaml +++ b/charts/index.yaml @@ -1,6 +1,21 @@ apiVersion: v1 entries: aad-pod-identity: + - apiVersion: v2 + appVersion: 1.8.17 + created: "2023-06-15T23:23:21.230954465Z" + description: Deploy components for aad-pod-identity + digest: ffc6d41aa3d8a4e36bfff77332f433e0288324051224bc8183584cc2f991fa28 + home: https://github.com/Azure/aad-pod-identity + maintainers: + - email: anish.ramasekar@gmail.com + name: aramase + name: aad-pod-identity + sources: + - https://github.com/Azure/aad-pod-identity + urls: + - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-4.1.18.tgz + version: 4.1.18 - apiVersion: v2 appVersion: 1.8.16 created: "2023-05-15T23:15:42.29707676Z" @@ -496,4 +511,4 @@ entries: urls: - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-1.5.2.tgz version: 1.5.2 -generated: "2023-05-15T23:15:42.295949743Z" +generated: "2023-06-15T23:23:21.229735612Z" diff --git a/deploy/demo/deployment.yaml b/deploy/demo/deployment.yaml index 3d2c2082..0b5e23d9 100644 --- a/deploy/demo/deployment.yaml +++ b/deploy/demo/deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: demo - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.17" args: - "--subscription-id=SUBSCRIPTION_ID" - "--identity-client-id=CLIENT_ID" diff --git a/deploy/infra/deployment-rbac.yaml b/deploy/infra/deployment-rbac.yaml index 05db7454..66c89a22 100644 --- a/deploy/infra/deployment-rbac.yaml +++ b/deploy/infra/deployment-rbac.yaml @@ -475,7 +475,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -597,7 +597,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.17" args: - "--cloudconfig=/etc/kubernetes/azure.json" - "--logtostderr" diff --git a/deploy/infra/deployment.yaml b/deploy/infra/deployment.yaml index c0d6d987..829d5a52 100644 --- a/deploy/infra/deployment.yaml +++ b/deploy/infra/deployment.yaml @@ -431,7 +431,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -498,7 +498,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.17" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--cloudconfig=/etc/kubernetes/azure.json" diff --git a/deploy/infra/managed-mode-deployment.yaml b/deploy/infra/managed-mode-deployment.yaml index 3afa2d72..4ef68174 100644 --- a/deploy/infra/managed-mode-deployment.yaml +++ b/deploy/infra/managed-mode-deployment.yaml @@ -306,7 +306,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--operation-mode=managed" diff --git a/deploy/infra/noazurejson/deployment-rbac.yaml b/deploy/infra/noazurejson/deployment-rbac.yaml index 98d8b7bd..aaf3d8cc 100644 --- a/deploy/infra/noazurejson/deployment-rbac.yaml +++ b/deploy/infra/noazurejson/deployment-rbac.yaml @@ -473,7 +473,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -607,7 +607,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.17" args: - "--logtostderr" securityContext: diff --git a/deploy/infra/noazurejson/deployment.yaml b/deploy/infra/noazurejson/deployment.yaml index 80957381..3f7edb26 100644 --- a/deploy/infra/noazurejson/deployment.yaml +++ b/deploy/infra/noazurejson/deployment.yaml @@ -429,7 +429,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -510,7 +510,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.17" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--logtostderr" diff --git a/manifest_staging/charts/aad-pod-identity/Chart.yaml b/manifest_staging/charts/aad-pod-identity/Chart.yaml index bf5875a8..83f80c80 100644 --- a/manifest_staging/charts/aad-pod-identity/Chart.yaml +++ b/manifest_staging/charts/aad-pod-identity/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: Deploy components for aad-pod-identity name: aad-pod-identity -version: 4.1.17 -appVersion: 1.8.16 +version: 4.1.18 +appVersion: 1.8.17 home: https://github.com/Azure/aad-pod-identity sources: - https://github.com/Azure/aad-pod-identity diff --git a/manifest_staging/charts/aad-pod-identity/README.md b/manifest_staging/charts/aad-pod-identity/README.md index a8be67c4..c8f651c6 100755 --- a/manifest_staging/charts/aad-pod-identity/README.md +++ b/manifest_staging/charts/aad-pod-identity/README.md @@ -252,7 +252,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `adminsecret.useMSI` | Set to `true` when using a user managed identity | ` ` | | `adminsecret.userAssignedMSIClientID` | Azure user managed identity client ID | ` ` | | `mic.image` | MIC image name | `mic` | -| `mic.tag` | MIC image tag | `v1.8.16` | +| `mic.tag` | MIC image tag | `v1.8.17` | | `mic.priorityClassName` | MIC priority class (can only be set when deploying to kube-system namespace) | | | `mic.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `mic.loggingFormat` | Log format. One of (text \| json) | `text` | @@ -278,7 +278,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `mic.updateUserMSIRetryInterval` | The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors | If not provided, default value is `1s` | | `mic.identityAssignmentReconcileInterval` | The interval between reconciling identity assignment on Azure based on an existing list of AzureAssignedIdentities | If not provided, default value is `3m` | | `nmi.image` | NMI image name | `nmi` | -| `nmi.tag` | NMI image tag | `v1.8.16` | +| `nmi.tag` | NMI image tag | `v1.8.17` | | `nmi.priorityClassName` | NMI priority class (can only be set when deploying to kube-system namespace) | | | `nmi.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `nmi.loggingFormat` | Log format. One of (text \| json) | `text` | diff --git a/manifest_staging/charts/aad-pod-identity/values.yaml b/manifest_staging/charts/aad-pod-identity/values.yaml index 5441fa4f..9cae2e4b 100644 --- a/manifest_staging/charts/aad-pod-identity/values.yaml +++ b/manifest_staging/charts/aad-pod-identity/values.yaml @@ -43,7 +43,7 @@ operationMode: "standard" mic: image: mic - tag: v1.8.16 + tag: v1.8.17 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" @@ -163,7 +163,7 @@ mic: nmi: image: nmi - tag: v1.8.16 + tag: v1.8.17 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" diff --git a/manifest_staging/deploy/demo/deployment.yaml b/manifest_staging/deploy/demo/deployment.yaml index 3d2c2082..0b5e23d9 100644 --- a/manifest_staging/deploy/demo/deployment.yaml +++ b/manifest_staging/deploy/demo/deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: demo - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.17" args: - "--subscription-id=SUBSCRIPTION_ID" - "--identity-client-id=CLIENT_ID" diff --git a/manifest_staging/deploy/infra/deployment-rbac.yaml b/manifest_staging/deploy/infra/deployment-rbac.yaml index 05db7454..66c89a22 100644 --- a/manifest_staging/deploy/infra/deployment-rbac.yaml +++ b/manifest_staging/deploy/infra/deployment-rbac.yaml @@ -475,7 +475,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -597,7 +597,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.17" args: - "--cloudconfig=/etc/kubernetes/azure.json" - "--logtostderr" diff --git a/manifest_staging/deploy/infra/deployment.yaml b/manifest_staging/deploy/infra/deployment.yaml index c0d6d987..829d5a52 100644 --- a/manifest_staging/deploy/infra/deployment.yaml +++ b/manifest_staging/deploy/infra/deployment.yaml @@ -431,7 +431,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -498,7 +498,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.17" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--cloudconfig=/etc/kubernetes/azure.json" diff --git a/manifest_staging/deploy/infra/managed-mode-deployment.yaml b/manifest_staging/deploy/infra/managed-mode-deployment.yaml index 3afa2d72..4ef68174 100644 --- a/manifest_staging/deploy/infra/managed-mode-deployment.yaml +++ b/manifest_staging/deploy/infra/managed-mode-deployment.yaml @@ -306,7 +306,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--operation-mode=managed" diff --git a/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml b/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml index 98d8b7bd..aaf3d8cc 100644 --- a/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml +++ b/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml @@ -473,7 +473,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -607,7 +607,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.17" args: - "--logtostderr" securityContext: diff --git a/manifest_staging/deploy/infra/noazurejson/deployment.yaml b/manifest_staging/deploy/infra/noazurejson/deployment.yaml index 80957381..3f7edb26 100644 --- a/manifest_staging/deploy/infra/noazurejson/deployment.yaml +++ b/manifest_staging/deploy/infra/noazurejson/deployment.yaml @@ -429,7 +429,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -510,7 +510,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.17" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--logtostderr" diff --git a/test/e2e/framework/config.go b/test/e2e/framework/config.go index fbde773b..fb346565 100644 --- a/test/e2e/framework/config.go +++ b/test/e2e/framework/config.go @@ -22,10 +22,10 @@ type Config struct { KeyvaultName string `envconfig:"KEYVAULT_NAME"` KeyvaultSecretName string `envconfig:"KEYVAULT_SECRET_NAME"` KeyvaultSecretVersion string `envconfig:"KEYVAULT_SECRET_VERSION"` - MICVersion string `envconfig:"MIC_VERSION" default:"v1.8.16"` - NMIVersion string `envconfig:"NMI_VERSION" default:"v1.8.16"` + MICVersion string `envconfig:"MIC_VERSION" default:"v1.8.17"` + NMIVersion string `envconfig:"NMI_VERSION" default:"v1.8.17"` Registry string `envconfig:"REGISTRY" default:"mcr.microsoft.com/oss/azure/aad-pod-identity"` - IdentityValidatorVersion string `envconfig:"IDENTITY_VALIDATOR_VERSION" default:"v1.8.16"` + IdentityValidatorVersion string `envconfig:"IDENTITY_VALIDATOR_VERSION" default:"v1.8.17"` EnableScaleFeatures bool `envconfig:"ENABLE_SCALE_FEATURES" default:"true"` ImmutableUserMSIs string `envconfig:"IMMUTABLE_IDENTITY_CLIENT_ID"` NMIMode string `envconfig:"NMI_MODE" default:"standard"` diff --git a/test/e2e/framework/iptables/iptables_helpers.go b/test/e2e/framework/iptables/iptables_helpers.go index c297ecdf..6384fed4 100644 --- a/test/e2e/framework/iptables/iptables_helpers.go +++ b/test/e2e/framework/iptables/iptables_helpers.go @@ -79,7 +79,7 @@ func WaitForRules(input WaitForRulesInput) { Containers: []corev1.Container{ { Name: busybox, - Image: "registry.k8s.io/build-image/debian-iptables:bullseye-v1.5.6", + Image: "registry.k8s.io/build-image/debian-iptables:bullseye-v1.5.7", Stdin: true, Command: []string{ "sleep", @@ -153,7 +153,7 @@ func WaitForRules(input WaitForRulesInput) { }, { command: "iptables -t nat -L aad-metadata", - expectedErrorMsg: "No chain/target/match by that name", + expectedErrorMsg: "chain `aad-metadata' in table `nat' is incompatible", }, } { stderr, err := exec.KubectlExec(input.KubeconfigPath, p.Name, input.Namespace, strings.Split(cmd.command, " ")) diff --git a/website/content/en/changelog/_index.md b/website/content/en/changelog/_index.md index 703621ac..a025b16b 100644 --- a/website/content/en/changelog/_index.md +++ b/website/content/en/changelog/_index.md @@ -7,6 +7,22 @@ menu: weight: 10 --- +## v1.8.17 + +### Continuous Integration + +- ci: restrict permissions for gh workflows ([#1428](https://github.com/Azure/aad-pod-identity/pull/1428)) +- ci: remove nightly and load test pipeline ([#1432](https://github.com/Azure/aad-pod-identity/pull/1432)) + +### Documentation + +- docs: Update RELEASE.md to clarify September EOL ([#1433](https://github.com/Azure/aad-pod-identity/pull/1433)) + +### Maintenance + +- chore: use ubuntu-latest gh runner ([#1427](https://github.com/Azure/aad-pod-identity/pull/1427)) +- chore: update debian-iptables to bullseye-v1.5.7 ([#1435](https://github.com/Azure/aad-pod-identity/pull/1435)) + ## v1.8.16 ### Maintenance diff --git a/website/content/en/docs/Demo/standard_walkthrough.md b/website/content/en/docs/Demo/standard_walkthrough.md index e8dd4516..98646158 100644 --- a/website/content/en/docs/Demo/standard_walkthrough.md +++ b/website/content/en/docs/Demo/standard_walkthrough.md @@ -124,7 +124,7 @@ metadata: spec: containers: - name: demo - image: mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.16 + image: mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.17 args: - --subscription-id=${SUBSCRIPTION_ID} - --resource-group=${IDENTITY_RESOURCE_GROUP} diff --git a/website/content/en/docs/Getting started/installation.md b/website/content/en/docs/Getting started/installation.md index 57104237..21b0067b 100644 --- a/website/content/en/docs/Getting started/installation.md +++ b/website/content/en/docs/Getting started/installation.md @@ -11,7 +11,7 @@ description: > To install/upgrade AAD Pod Identity on RBAC-enabled clusters: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.16/deploy/infra/deployment-rbac.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.17/deploy/infra/deployment-rbac.yaml ```

@@ -37,7 +37,7 @@ deployment.apps/mic created To install/upgrade aad-pod-identity on RBAC-disabled clusters: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.16/deploy/infra/deployment.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.17/deploy/infra/deployment.yaml ```
@@ -57,7 +57,7 @@ deployment.apps/mic created For AKS clusters, you will have to allow MIC and AKS add-ons to access IMDS without being intercepted by NMI: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.16/deploy/infra/mic-exception.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.17/deploy/infra/mic-exception.yaml ``` {{% alert title="Warning" color="warning" %}}