Azure
/
azure-workload-identity
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

release: update manifest and helm charts for v1.1.0 (#935) 

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
This commit is contained in:
Anish Ramasekar 2023-05-08 12:24:16 -07:00 коммит произвёл GitHub
Родитель c972b6a81c
Коммит 656a0335f1
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
17 изменённых файлов: 55 добавлений и 44 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
Makefile
Просмотреть файл

@ -2,7 +2,7 @@ REGISTRY ?= mcr.microsoft.com/oss/azure/workload-identity
PROXY_IMAGE_NAME := proxy
INIT_IMAGE_NAME := proxy-init
WEBHOOK_IMAGE_NAME := webhook
IMAGE_VERSION ?= v1.0.0
IMAGE_VERSION ?= v1.1.0
ORG_PATH := github.com/Azure
PROJECT_NAME := azure-workload-identity

4
charts/workload-identity-webhook/Chart.yaml
Просмотреть файл

@ -2,8 +2,8 @@ apiVersion: v2
name: workload-identity-webhook
description: A Helm chart to install the azure-workload-identity webhook
type: application
version: 1.0.0
appVersion: v1.0.0
version: 1.1.0
appVersion: v1.1.0
home: https://github.com/Azure/azure-workload-identity
sources:
- https://github.com/Azure/azure-workload-identity

50
charts/workload-identity-webhook/README.md
Просмотреть файл

@ -29,30 +29,32 @@ helm upgrade -n azure-workload-identity-system [RELEASE_NAME] azure-workload-ide
## Parameters
| Parameter | Description | Default |
| :------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------ |
| replicaCount | The number of azure-workload-identity replicas to deploy for the webhook | `2` |
| image.repository | Image repository | `mcr.microsoft.com/oss/azure/workload-identity/webhook` |
| image.pullPolicy | Image pullPolicy | `IfNotPresent` |
| image.release | The image release tag to use | Current release version: `v1.0.0` |
| imagePullSecrets | Image pull secrets to use for retrieving images from private registries | `[]` |
| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` |
| resources | The resource request/limits for the container image | limits: 100m CPU, 30Mi, requests: 100m CPU, 20Mi |
| affinity | The node affinity to use for pod scheduling | `{}` |
| tolerations | The tolerations to use for pod scheduling | `[]` |
| service.type | Service type | `ClusterIP` |
| service.port | Service port | `443` |
| service.targetPort | Service target port | `9443` |
| azureTenantID | [**REQUIRED**] Azure tenant ID | `` |
| azureEnvironment | Azure Environment | `AzurePublicCloud` |
| logLevel | The log level to use for the webhook manager. In order of increasing verbosity: unset (empty string), info, debug, trace and all. | `info` |
| metricsAddr | The address to bind the metrics server to | `:8095` |
| metricsBackend | The metrics backend to use (`prometheus`) | `prometheus` |
| priorityClassName | The priority class name for webhook manager | `system-cluster-critical` |
| mutatingWebhookAnnotations | The annotations to add to the MutatingWebhookConfiguration | `{}` |
| podLabels | The labels to add to the azure-workload-identity webhook pods | `{}` |
| podAnnotations | The annotations to add to the azure-workload-identity webhook pods | `{}` |
| mutatingWebhookNamespaceSelector | The namespace selector to further refine which namespaces will be selected by the webhook. | `{}` |
| Parameter | Description | Default |
| :--------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------ |
| replicaCount | The number of azure-workload-identity replicas to deploy for the webhook | `2` |
| image.repository | Image repository | `mcr.microsoft.com/oss/azure/workload-identity/webhook` |
| image.pullPolicy | Image pullPolicy | `IfNotPresent` |
| image.release | The image release tag to use | Current release version: `v1.1.0` |
| imagePullSecrets | Image pull secrets to use for retrieving images from private registries | `[]` |
| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` |
| resources | The resource request/limits for the container image | limits: 100m CPU, 30Mi, requests: 100m CPU, 20Mi |
| affinity | The node affinity to use for pod scheduling | `{}` |
| tolerations | The tolerations to use for pod scheduling | `[]` |
| service.type | Service type | `ClusterIP` |
| service.port | Service port | `443` |
| service.targetPort | Service target port | `9443` |
| azureTenantID | [**REQUIRED**] Azure tenant ID | `` |
| azureEnvironment | Azure Environment | `AzurePublicCloud` |
| logLevel | The log level to use for the webhook manager. In order of increasing verbosity: unset (empty string), info, debug, trace and all. | `info` |
| metricsAddr | The address to bind the metrics server to | `:8095` |
| metricsBackend | The metrics backend to use (`prometheus`) | `prometheus` |
| priorityClassName | The priority class name for webhook manager | `system-cluster-critical` |
| mutatingWebhookAnnotations | The annotations to add to the MutatingWebhookConfiguration | `{}` |
| podLabels | The labels to add to the azure-workload-identity webhook pods | `{}` |
| podAnnotations | The annotations to add to the azure-workload-identity webhook pods | `{}` |
| mutatingWebhookNamespaceSelector | The namespace selector to further refine which namespaces will be selected by the webhook. | `{}` |
| podDisruptionBudget.minAvailable | The minimum number of pods that must be available for the webhook to be considered available | `1` |
| podDisruptionBudget.maxUnavailable | The maximum number of pods that may be unavailable for the webhook to be considered available | `nil` |
## Contributing Changes

7
charts/workload-identity-webhook/templates/azure-wi-webhook-controller-manager-poddisruptionbudget.yaml
Просмотреть файл

@ -9,7 +9,12 @@ metadata:
name: azure-wi-webhook-controller-manager
namespace: '{{ .Release.Namespace }}'
spec:
minAvailable: 1
{{- if .Values.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
{{- end }}
{{- if .Values.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
{{- end }}
selector:
matchLabels:
app: '{{ template "workload-identity-webhook.name" . }}'

6
charts/workload-identity-webhook/values.yaml
Просмотреть файл

@ -7,7 +7,7 @@ image:
repository: mcr.microsoft.com/oss/azure/workload-identity/webhook
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
release: v1.0.0
release: v1.1.0
imagePullSecrets: []
nodeSelector:
kubernetes.io/os: linux
@ -34,3 +34,7 @@ mutatingWebhookAnnotations: {}
podLabels: {}
podAnnotations: {}
mutatingWebhookNamespaceSelector: {}
# minAvailable and maxUnavailable are mutually exclusive
podDisruptionBudget:
minAvailable: 1
# maxUnavailable: 0

2
config/manager/kustomization.yaml
Просмотреть файл

@ -5,7 +5,7 @@ kind: Kustomization
images:
- name: manager
newName: mcr.microsoft.com/oss/azure/workload-identity/webhook
newTag: v1.0.0
newTag: v1.1.0
configMapGenerator:
- literals:
- AZURE_TENANT_ID="${AZURE_TENANT_ID}"

2
deploy/azure-wi-webhook.yaml
Просмотреть файл

@ -162,7 +162,7 @@ spec:
envFrom:
- configMapRef:
name: azure-wi-webhook-config
image: mcr.microsoft.com/oss/azure/workload-identity/webhook:v1.0.0
image: mcr.microsoft.com/oss/azure/workload-identity/webhook:v1.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6

2
docs/book/src/installation/mutating-admission-webhook.md
Просмотреть файл

@ -73,7 +73,7 @@ The deployment YAML contains the environment variables we defined above and we r
Install the webhook using the deployment YAML via `kubectl apply -f` and `envsubst`:
```bash
curl -sL https://github.com/Azure/azure-workload-identity/releases/download/v1.0.0/azure-wi-webhook.yaml | envsubst | kubectl apply -f -
curl -sL https://github.com/Azure/azure-workload-identity/releases/download/v1.1.0/azure-wi-webhook.yaml | envsubst | kubectl apply -f -
```
<details>

4
examples/migration/pod-with-proxy-init-and-proxy-sidecar.yaml
Просмотреть файл

@ -8,7 +8,7 @@ spec:
serviceAccountName: workload-identity-sa
initContainers:
- name: init-networking
image: mcr.microsoft.com/oss/azure/workload-identity/proxy-init:v1.0.0
image: mcr.microsoft.com/oss/azure/workload-identity/proxy-init:v1.1.0
securityContext:
capabilities:
add:
@ -26,6 +26,6 @@ spec:
ports:
- containerPort: 80
- name: proxy
image: mcr.microsoft.com/oss/azure/workload-identity/proxy:v1.0.0
image: mcr.microsoft.com/oss/azure/workload-identity/proxy:v1.1.0
ports:
- containerPort: 8000

4
manifest_staging/charts/workload-identity-webhook/Chart.yaml
Просмотреть файл

@ -2,8 +2,8 @@ apiVersion: v2
name: workload-identity-webhook
description: A Helm chart to install the azure-workload-identity webhook
type: application
version: 1.0.0
appVersion: v1.0.0
version: 1.1.0
appVersion: v1.1.0
home: https://github.com/Azure/azure-workload-identity
sources:
- https://github.com/Azure/azure-workload-identity

2
manifest_staging/charts/workload-identity-webhook/README.md
Просмотреть файл

@ -34,7 +34,7 @@ helm upgrade -n azure-workload-identity-system [RELEASE_NAME] azure-workload-ide
| replicaCount | The number of azure-workload-identity replicas to deploy for the webhook | `2` |
| image.repository | Image repository | `mcr.microsoft.com/oss/azure/workload-identity/webhook` |
| image.pullPolicy | Image pullPolicy | `IfNotPresent` |
| image.release | The image release tag to use | Current release version: `v1.0.0` |
| image.release | The image release tag to use | Current release version: `v1.1.0` |
| imagePullSecrets | Image pull secrets to use for retrieving images from private registries | `[]` |
| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` |
| resources | The resource request/limits for the container image | limits: 100m CPU, 30Mi, requests: 100m CPU, 20Mi |

2
manifest_staging/charts/workload-identity-webhook/values.yaml
Просмотреть файл

@ -7,7 +7,7 @@ image:
repository: mcr.microsoft.com/oss/azure/workload-identity/webhook
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
release: v1.0.0
release: v1.1.0
imagePullSecrets: []
nodeSelector:
kubernetes.io/os: linux

2
manifest_staging/deploy/azure-wi-webhook.yaml
Просмотреть файл

@ -162,7 +162,7 @@ spec:
envFrom:
- configMapRef:
name: azure-wi-webhook-config
image: mcr.microsoft.com/oss/azure/workload-identity/webhook:v1.0.0
image: mcr.microsoft.com/oss/azure/workload-identity/webhook:v1.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6

2
pkg/cmd/podidentity/detect.go
Просмотреть файл

@ -35,7 +35,7 @@ var (
const (
imageRepository = "mcr.microsoft.com/oss/azure/workload-identity"
imageTag = "v1.0.0"
imageTag = "v1.1.0"
proxyInitImageName = "proxy-init"
proxyImageName = "proxy"

4
third_party/open-policy-agent/gatekeeper/helmify/static/Chart.yaml поставляемый
Просмотреть файл

@ -2,8 +2,8 @@ apiVersion: v2
name: workload-identity-webhook
description: A Helm chart to install the azure-workload-identity webhook
type: application
version: 1.0.0
appVersion: v1.0.0
version: 1.1.0
appVersion: v1.1.0
home: https://github.com/Azure/azure-workload-identity
sources:
- https://github.com/Azure/azure-workload-identity

2
third_party/open-policy-agent/gatekeeper/helmify/static/README.md поставляемый
Просмотреть файл

@ -34,7 +34,7 @@ helm upgrade -n azure-workload-identity-system [RELEASE_NAME] azure-workload-ide
| replicaCount | The number of azure-workload-identity replicas to deploy for the webhook | `2` |
| image.repository | Image repository | `mcr.microsoft.com/oss/azure/workload-identity/webhook` |
| image.pullPolicy | Image pullPolicy | `IfNotPresent` |
| image.release | The image release tag to use | Current release version: `v1.0.0` |
| image.release | The image release tag to use | Current release version: `v1.1.0` |
| imagePullSecrets | Image pull secrets to use for retrieving images from private registries | `[]` |
| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` |
| resources | The resource request/limits for the container image | limits: 100m CPU, 30Mi, requests: 100m CPU, 20Mi |

2
third_party/open-policy-agent/gatekeeper/helmify/static/values.yaml поставляемый
Просмотреть файл

@ -7,7 +7,7 @@ image:
repository: mcr.microsoft.com/oss/azure/workload-identity/webhook
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
release: v1.0.0
release: v1.1.0
imagePullSecrets: []
nodeSelector:
kubernetes.io/os: linux