deployment and helm charts update for release 1.5.3 (#394)

* update manifests for release 1.5.3 * add new feature flags * update changelog for 1.5.3 * unset enable scale features in helm * add selector as part of move to apps/v1 * remove testing changes * update test manifests
2019-10-14 10:55:17 -07:00 · 2019-10-14 10:55:17 -07:00 · 76d3a9bd1d
--- a/charts/aad-pod-identity-1.5.3.tgz
+++ b/charts/aad-pod-identity-1.5.3.tgz
--- a/charts/aad-pod-identity/Chart.yaml
+++ b/charts/aad-pod-identity/Chart.yaml
@ -1,8 +1,8 @@
 apiVersion: v1
 description: Deploy components for aad-pod-identity
 name: aad-pod-identity
-version: 1.5.2
+version: 1.5.3
-appVersion: 1.5.2
+appVersion: 1.5.3
 home: https://github.com/Azure/aad-pod-identity
 sources:
  - https://github.com/Azure/aad-pod-identity
--- a/charts/aad-pod-identity/templates/mic-deployment.yaml
+++ b/charts/aad-pod-identity/templates/mic-deployment.yaml
@ -56,6 +56,12 @@ spec:
          {{- if .Values.mic.probePort }}
          - --http-probe-port={{ .Values.mic.probePort }}
          {{- end }}
          {{- if .Values.mic.createDeleteBatch }}
          - --createDeleteBatch={{ .Values.mic.createDeleteBatch }}
          {{- end }}
          {{- if .Values.mic.clientQps }}
          - --clientQps={{ .Values.mic.clientQps }}
          {{- end }}
        env:
          - name: FORCENAMESPACED
            value: "{{ .Values.forceNameSpaced }}"
--- a/charts/aad-pod-identity/templates/nmi-clusterrole.yaml
+++ b/charts/aad-pod-identity/templates/nmi-clusterrole.yaml
@ -15,7 +15,7 @@ rules:
  verbs: ["get", "list"]
 - apiGroups: [""]
  resources: ["pods"]
-  verbs: ["get", "list"]
+  verbs: ["get", "list", "watch"]
 {{- if .Values.rbac.allowAccessToSecrets }}
 - apiGroups: [""]
  resources: ["secrets"]
@ -23,8 +23,8 @@ rules:
 {{- end }}
 - apiGroups: ["aadpodidentity.k8s.io"]
  resources: ["azureidentitybindings", "azureidentities", "azurepodidentityexceptions"]
-  verbs: ["get", "list"]
+  verbs: ["get", "list", "watch"]
 - apiGroups: ["aadpodidentity.k8s.io"]
  resources: ["azureassignedidentities"]
-  verbs: ["get", "list"]
+  verbs: ["get", "list", "watch"]
 {{- end }}
--- a/charts/aad-pod-identity/templates/nmi-daemonset.yaml
+++ b/charts/aad-pod-identity/templates/nmi-daemonset.yaml
@ -62,6 +62,9 @@ spec:
          {{- if .Values.nmi.findIdentityRetryIntervalInSeconds }}
          - --find-identity-retry-interval={{ .Values.nmi.findIdentityRetryIntervalInSeconds }}
          {{- end }}
          {{- if .Values.nmi.enableScaleFeatures }}
          - --enableScaleFeatures={{ .Values.nmi.enableScaleFeatures }}
          {{- end }}
        env:
          - name: HOST_IP
            valueFrom:
--- a/charts/aad-pod-identity/values.yaml
+++ b/charts/aad-pod-identity/values.yaml
@ -24,7 +24,7 @@ forceNameSpaced: "false"
 mic:
  image: mic
-  tag: 1.5.2
+  tag: 1.5.3
  # log level. Uses V logs (glog)
  # logVerbosity: 0
@ -62,9 +62,17 @@ mic:
  # Override interval in seconds at which sync loop should periodically check for errors and reconcile (default is 3600s)
  syncRetryDuration: ""
  # https://github.com/Azure/aad-pod-identity/blob/master/docs/readmes/README.featureflags.md#batch-create-delete-flag
  # default value is 20
  createDeleteBatch: ""
  # https://github.com/Azure/aad-pod-identity/blob/master/docs/readmes/README.featureflags.md#client-qps-flag
  # default value is 5
  clientQps: ""
 nmi:
  image: nmi
-  tag: 1.5.2
+  tag: 1.5.3
  resources:
    limits:
@ -101,6 +109,10 @@ nmi:
  # Override retry interval to find assigned identities in seconds (default is 5)
  findIdentityRetryIntervalInSeconds: ""
  # Enable scale features - https://github.com/Azure/aad-pod-identity/blob/master/docs/readmes/README.featureflags.md#enable-scale-features-flag
  # Accepted values are true/false. Default is false.
  enableScaleFeatures: ""
 rbac:
  enabled: true
  # NMI requires permissions to get secrets when service principal (type: 1) is used in AzureIdentity.
--- a/charts/index.yaml
+++ b/charts/index.yaml
@ -1,9 +1,24 @@
 apiVersion: v1
 entries:
  aad-pod-identity:
  - apiVersion: v1
    appVersion: 1.5.3
    created: "2019-10-11T15:59:33.322904-07:00"
    description: Deploy components for aad-pod-identity
    digest: 3dab91c7f115d23123f863eeea1c93a34640a42ac1e7052600020600fbfa55ad
    home: https://github.com/Azure/aad-pod-identity
    maintainers:
    - email: anish.ramasekar@gmail.com
      name: aramase
    name: aad-pod-identity
    sources:
    - https://github.com/Azure/aad-pod-identity
    urls:
    - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-1.5.3.tgz
    version: 1.5.3
  - apiVersion: v1
    appVersion: 1.5.2
-    created: "2019-09-16T11:43:42.435047-07:00"
+    created: "2019-10-11T15:59:33.321838-07:00"
    description: Deploy components for aad-pod-identity
    digest: 58a8ea212a1461f72ce17be5b767dac920d0f56803c026320a16c22de3ed365a
    home: https://github.com/Azure/aad-pod-identity
@ -16,4 +31,4 @@ entries:
    urls:
    - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-1.5.2.tgz
    version: 1.5.2
-generated: "2019-09-16T11:43:42.434192-07:00"
+generated: "2019-10-11T15:59:33.31978-07:00"
--- a/deploy/infra/deployment-rbac.yaml
+++ b/deploy/infra/deployment-rbac.yaml
@ -64,16 +64,16 @@ rules:
  verbs: ["get", "list"]
 - apiGroups: [""]
  resources: ["pods"]
-  verbs: ["get", "list"]
+  verbs: ["get", "list", "watch"]
 - apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
 - apiGroups: ["aadpodidentity.k8s.io"]
  resources: ["azureidentitybindings", "azureidentities", "azurepodidentityexceptions"]
-  verbs: ["get", "list"]
+  verbs: ["get", "list", "watch"]
 - apiGroups: ["aadpodidentity.k8s.io"]
  resources: ["azureassignedidentities"]
-  verbs: ["get", "list"]
+  verbs: ["get", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
@ -90,7 +90,7 @@ roleRef:
  name: aad-pod-id-nmi-role
  apiGroup: rbac.authorization.k8s.io
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: DaemonSet
 metadata:
  labels:
@ -103,6 +103,10 @@ metadata:
 spec:
  updateStrategy:
    type: RollingUpdate
  selector:
    matchLabels:
      component: nmi
      tier: node
  template:
    metadata:
      labels:
@ -118,7 +122,7 @@ spec:
        name: iptableslock
      containers:
      - name: nmi
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.5.2"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.5.3"
        imagePullPolicy: Always
        args:
          - "--host-ip=$(HOST_IP)"
@ -201,7 +205,7 @@ roleRef:
  name: aad-pod-id-mic-role
  apiGroup: rbac.authorization.k8s.io
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
  labels:
@ -211,6 +215,10 @@ metadata:
  namespace: default
 spec:
  replicas: 2
  selector:
    matchLabels:
      component: mic
      app: mic
  template:
    metadata:
      labels:
@ -220,7 +228,7 @@ spec:
      serviceAccountName: aad-pod-id-mic-service-account
      containers:
      - name: mic
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.5.2"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.5.3"
        imagePullPolicy: Always
        args:
          - "--cloudconfig=/etc/kubernetes/azure.json"
--- a/deploy/infra/deployment.yaml
+++ b/deploy/infra/deployment.yaml
@ -48,7 +48,7 @@ spec:
    plural: azurepodidentityexceptions
  scope: Namespaced
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: DaemonSet
 metadata:
  labels:
@ -60,6 +60,10 @@ metadata:
 spec:
  updateStrategy:
    type: RollingUpdate
  selector:
    matchLabels:
      component: nmi
      tier: node
  template:
    metadata:
      labels:
@ -74,7 +78,7 @@ spec:
        name: iptableslock
      containers:
      - name: nmi
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.5.2"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.5.3"
        imagePullPolicy: Always
        args:
          - "--host-ip=$(HOST_IP)"
@ -112,7 +116,7 @@ spec:
      nodeSelector:
        beta.kubernetes.io/os: linux
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
  labels:
@ -121,6 +125,9 @@ metadata:
  namespace: default
 spec:
  replicas: 2
  selector:
    matchLabels:
      component: mic
  template:
    metadata:
      labels:
@ -128,7 +135,7 @@ spec:
    spec:
      containers:
      - name: mic
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.5.2"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.5.3"
        imagePullPolicy: Always
        args:
          - "--kubeconfig=/etc/kubernetes/kubeconfig/kubeconfig"
--- a/deploy/infra/noazurejson/deployment-rbac.yaml
+++ b/deploy/infra/noazurejson/deployment-rbac.yaml
@ -64,16 +64,16 @@ rules:
  verbs: ["get", "list"]
 - apiGroups: [""]
  resources: ["pods"]
-  verbs: ["get", "list"]
+  verbs: ["get", "list", "watch"]
 - apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
 - apiGroups: ["aadpodidentity.k8s.io"]
  resources: ["azureidentitybindings", "azureidentities", "azurepodidentityexceptions"]
-  verbs: ["get", "list"]
+  verbs: ["get", "list", "watch"]
 - apiGroups: ["aadpodidentity.k8s.io"]
  resources: ["azureassignedidentities"]
-  verbs: ["get", "list"]
+  verbs: ["get", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
@ -90,7 +90,7 @@ roleRef:
  name: aad-pod-id-nmi-role
  apiGroup: rbac.authorization.k8s.io
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: DaemonSet
 metadata:
  labels:
@ -101,6 +101,10 @@ metadata:
  name: nmi
  namespace: default
 spec:
  selector:
    matchLabels:
      component: nmi
      tier: node
  template:
    metadata:
      labels:
@ -116,7 +120,7 @@ spec:
        name: iptableslock
      containers:
      - name: nmi
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.5.2"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.5.3"
        imagePullPolicy: Always
        args:
          - "--host-ip=$(HOST_IP)"
@ -213,7 +217,7 @@ metadata:
  name: aadpodidentity-admin-secret
  namespace: default
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
  labels:
@ -223,6 +227,9 @@ metadata:
  namespace: default
 spec:
  replicas: 2
  selector:
    matchLabels:
      component: mic
  template:
    metadata:
      labels:
@ -231,7 +238,7 @@ spec:
      serviceAccountName: aad-pod-id-mic-service-account
      containers:
      - name: mic
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.5.2"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.5.3"
        imagePullPolicy: Always
        args:
          - "--logtostderr"
--- a/deploy/infra/noazurejson/deployment.yaml
+++ b/deploy/infra/noazurejson/deployment.yaml
@ -58,6 +58,10 @@ metadata:
  name: nmi
  namespace: default
 spec:
  selector:
    matchLabels:
      component: nmi
      tier: node
  template:
    metadata:
      labels:
@ -72,7 +76,7 @@ spec:
        name: iptableslock
      containers:
      - name: nmi
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.5.2"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.5.3"
        imagePullPolicy: Always
        args:
          - "--host-ip=$(HOST_IP)"
@ -133,6 +137,9 @@ metadata:
  namespace: default
 spec:
  replicas: 2
  selector:
    matchLabels:
      component: mic
  template:
    metadata:
      labels:
@ -140,7 +147,7 @@ spec:
    spec:
      containers:
      - name: mic
-        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.5.2"
+        image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.5.3"
        imagePullPolicy: Always
        args:
          - "--kubeconfig=/etc/kubernetes/kubeconfig/kubeconfig"