-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update all patch dependencies #2370
Open
renovate
wants to merge
1
commit into
main
Choose a base branch
from
renovate/all-patch
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ingress nginx 19 2024-12-18 15:14:15.243433696 +0000 UTC deployed nginx-ingress-1.1.2 3.4.2
xray-daemon xray 18 2024-12-18 15:14:13.675131065 +0000 UTC deployed aws-xray-4.0.8 3.3.12
Comparing release=notify-documentation, chart=charts/notify-documentation
Comparing release=notify-api, chart=charts/notify-api
Comparing release=notify-admin, chart=charts/notify-admin
Comparing release=notify-document-download, chart=charts/notify-document-download
Comparing release=notify-celery, chart=charts/notify-celery
Comparing release=k8s-event-logger, chart=/tmp/helmfile4255934049/amazon-cloudwatch/staging/k8s-event-logger/k8s-event-logger/1.1.8/k8s-event-logger
Comparing release=karpenter-crd, chart=/tmp/helmfile4255934049/karpenter/staging/karpenter-crd/karpenter-crd/0.36.1/karpenter-crd
Comparing release=karpenter, chart=/tmp/helmfile4255934049/karpenter/staging/karpenter/karpenter/0.36.1/karpenter
Comparing release=karpenter-nodepool, chart=charts/karpenter-nodepool
Comparing release=priority-classes, chart=deliveryhero/priority-class
Comparing release=secrets-store-csi-driver, chart=secrets-store-csi-driver/secrets-store-csi-driver
kube-system, secretproviderclasses-admin-role, ClusterRole (rbac.authorization.k8s.io) has changed:
# Source: secrets-store-csi-driver/templates/role-secretproviderclasses-admin.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: secretproviderclasses-admin-role
rules:
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasses
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
kube-system, secretproviderclasses-role, ClusterRole (rbac.authorization.k8s.io) has changed:
# Source: secrets-store-csi-driver/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: secretproviderclasses-role
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasses
verbs:
- get
- list
- watch
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasspodstatuses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasspodstatuses/status
verbs:
- get
- patch
- update
- apiGroups:
- storage.k8s.io
resourceNames:
- secrets-store.csi.k8s.io
resources:
- csidrivers
verbs:
- get
- list
- watch
kube-system, secretproviderclasses-rolebinding, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
# Source: secrets-store-csi-driver/templates/role_binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: secretproviderclasses-rolebinding
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: secretproviderclasses-role
subjects:
- kind: ServiceAccount
name: secrets-store-csi-driver
namespace: kube-system
kube-system, secretproviderclasses-viewer-role, ClusterRole (rbac.authorization.k8s.io) has changed:
# Source: secrets-store-csi-driver/templates/role-secretproviderclasses-viewer.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: secretproviderclasses-viewer-role
rules:
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasses
verbs:
- get
- list
- watch
kube-system, secretproviderclasspodstatuses-viewer-role, ClusterRole (rbac.authorization.k8s.io) has changed:
# Source: secrets-store-csi-driver/templates/role-secretproviderclasspodstatuses-viewer.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: secretproviderclasspodstatuses-viewer-role
rules:
- apiGroups:
- secrets-store.csi.x-k8s.io
resources:
- secretproviderclasspodstatuses
verbs:
- get
- list
- watch
kube-system, secretproviderrotation-role, ClusterRole (rbac.authorization.k8s.io) has changed:
# Source: secrets-store-csi-driver/templates/role-rotation.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: secretproviderrotation-role
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
kube-system, secretproviderrotation-rolebinding, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
# Source: secrets-store-csi-driver/templates/role-rotation_binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: secretproviderrotation-rolebinding
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: secretproviderrotation-role
subjects:
- kind: ServiceAccount
name: secrets-store-csi-driver
namespace: kube-system
kube-system, secretprovidersyncing-role, ClusterRole (rbac.authorization.k8s.io) has changed:
# Source: secrets-store-csi-driver/templates/role-syncsecret.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: secretprovidersyncing-role
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
kube-system, secretprovidersyncing-rolebinding, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
# Source: secrets-store-csi-driver/templates/role-syncsecret_binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: secretprovidersyncing-rolebinding
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: secretprovidersyncing-role
subjects:
- kind: ServiceAccount
name: secrets-store-csi-driver
namespace: kube-system
kube-system, secrets-store-csi-driver, DaemonSet (apps) has changed:
# Source: secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: secrets-store-csi-driver
namespace: kube-system
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
spec:
selector:
matchLabels:
app: secrets-store-csi-driver
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
annotations:
kubectl.kubernetes.io/default-container: secrets-store
spec:
serviceAccountName: secrets-store-csi-driver
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: type
operator: NotIn
values:
- virtual-kubelet
containers:
- name: node-driver-registrar
- image: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0"
+ image: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1"
args:
- --v=5
- --csi-address=/csi/csi.sock
- --kubelet-registration-path=/var/lib/kubelet/plugins/csi-secrets-store/csi.sock
- livenessProbe:
- exec:
- command:
- - /csi-node-driver-registrar
- - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-secrets-store/csi.sock
- - --mode=kubelet-registration-probe
- initialDelaySeconds: 30
- timeoutSeconds: 15
imagePullPolicy: IfNotPresent
volumeMounts:
- name: plugin-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
- name: secrets-store
- image: "registry.k8s.io/csi-secrets-store/driver:v1.4.1"
+ image: "registry.k8s.io/csi-secrets-store/driver:v1.4.7"
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
- "--provider-volume=/var/run/secrets-store-csi-providers"
- "--additional-provider-volume-paths=/etc/kubernetes/secrets-store-csi-providers"
- "--enable-secret-rotation=true"
- "--metrics-addr=:8095"
- "--provider-health-check-interval=2m"
- "--max-call-recv-msg-size=4194304"
env:
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
ports:
- containerPort: 9808
name: healthz
protocol: TCP
- containerPort: 8095
name: metrics
protocol: TCP
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 30
timeoutSeconds: 10
periodSeconds: 15
volumeMounts:
- name: plugin-dir
mountPath: /csi
- name: mountpoint-dir
mountPath: /var/lib/kubelet/pods
mountPropagation: Bidirectional
- name: providers-dir
mountPath: /var/run/secrets-store-csi-providers
- name: providers-dir-0
mountPath: "/etc/kubernetes/secrets-store-csi-providers"
resources:
limits:
cpu: 200m
memory: 200Mi
requests:
cpu: 50m
memory: 100Mi
- name: liveness-probe
- image: "registry.k8s.io/sig-storage/livenessprobe:v2.10.0"
+ image: "registry.k8s.io/sig-storage/livenessprobe:v2.13.1"
imagePullPolicy: IfNotPresent
args:
- --csi-address=/csi/csi.sock
- --probe-timeout=3s
- --http-endpoint=0.0.0.0:9808
- -v=2
volumeMounts:
- name: plugin-dir
mountPath: /csi
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
priorityClassName: "high-priority"
volumes:
- name: mountpoint-dir
hostPath:
path: /var/lib/kubelet/pods
type: DirectoryOrCreate
- name: registration-dir
hostPath:
path: /var/lib/kubelet/plugins_registry/
type: Directory
- name: plugin-dir
hostPath:
path: /var/lib/kubelet/plugins/csi-secrets-store/
type: DirectoryOrCreate
- name: providers-dir
hostPath:
path: /var/run/secrets-store-csi-providers
type: DirectoryOrCreate
- name: providers-dir-0
hostPath:
path: "/etc/kubernetes/secrets-store-csi-providers"
type: DirectoryOrCreate
nodeSelector:
kubernetes.io/os: linux
tolerations:
- operator: Exists
kube-system, secrets-store-csi-driver, ServiceAccount (v1) has changed:
# Source: secrets-store-csi-driver/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: secrets-store-csi-driver
namespace: kube-system
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
kube-system, secrets-store-csi-driver-keep-crds, ClusterRole (rbac.authorization.k8s.io) has changed:
# Source: secrets-store-csi-driver/templates/keep-crds-upgrade-hook.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: secrets-store-csi-driver-keep-crds
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "2"
rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "patch"]
kube-system, secrets-store-csi-driver-keep-crds, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
# Source: secrets-store-csi-driver/templates/keep-crds-upgrade-hook.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: secrets-store-csi-driver-keep-crds
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "2"
subjects:
- kind: ServiceAccount
name: secrets-store-csi-driver-keep-crds
namespace: kube-system
roleRef:
kind: ClusterRole
name: secrets-store-csi-driver-keep-crds
apiGroup: rbac.authorization.k8s.io
kube-system, secrets-store-csi-driver-keep-crds, Job (batch) has changed:
# Source: secrets-store-csi-driver/templates/keep-crds-upgrade-hook.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: secrets-store-csi-driver-keep-crds
namespace: kube-system
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-weight: "20"
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
spec:
backoffLimit: 3
template:
metadata:
name: secrets-store-csi-driver-keep-crds
spec:
serviceAccountName: secrets-store-csi-driver-keep-crds
restartPolicy: Never
containers:
- name: crds-keep
- image: "registry.k8s.io/csi-secrets-store/driver-crds:v1.4.1"
+ image: "registry.k8s.io/csi-secrets-store/driver-crds:v1.4.7"
args:
- patch
- crd
- secretproviderclasses.secrets-store.csi.x-k8s.io
- secretproviderclasspodstatuses.secrets-store.csi.x-k8s.io
- -p
- '{"metadata":{"annotations": {"helm.sh/resource-policy": "keep"}}}'
imagePullPolicy: IfNotPresent
nodeSelector:
kubernetes.io/os: linux
tolerations:
- operator: Exists
kube-system, secrets-store-csi-driver-keep-crds, ServiceAccount (v1) has changed:
apiVersion: v1
kind: ServiceAccount
metadata:
name: secrets-store-csi-driver-keep-crds
namespace: kube-system
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
annotations:
helm.sh/hook: pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "2"
kube-system, secrets-store-csi-driver-upgrade-crds, ClusterRole (rbac.authorization.k8s.io) has changed:
# Source: secrets-store-csi-driver/templates/crds-upgrade-hook.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: secrets-store-csi-driver-upgrade-crds
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "1"
rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "create", "update", "patch"]
kube-system, secrets-store-csi-driver-upgrade-crds, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
# Source: secrets-store-csi-driver/templates/crds-upgrade-hook.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: secrets-store-csi-driver-upgrade-crds
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "1"
subjects:
- kind: ServiceAccount
name: secrets-store-csi-driver-upgrade-crds
namespace: kube-system
roleRef:
kind: ClusterRole
name: secrets-store-csi-driver-upgrade-crds
apiGroup: rbac.authorization.k8s.io
kube-system, secrets-store-csi-driver-upgrade-crds, Job (batch) has changed:
# Source: secrets-store-csi-driver/templates/crds-upgrade-hook.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: secrets-store-csi-driver-upgrade-crds
namespace: kube-system
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-weight: "10"
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
spec:
backoffLimit: 3
template:
metadata:
name: secrets-store-csi-driver-upgrade-crds
spec:
serviceAccountName: secrets-store-csi-driver-upgrade-crds
restartPolicy: Never
containers:
- name: crds-upgrade
- image: "registry.k8s.io/csi-secrets-store/driver-crds:v1.4.1"
+ image: "registry.k8s.io/csi-secrets-store/driver-crds:v1.4.7"
args:
- apply
- -f
- crds/
imagePullPolicy: IfNotPresent
nodeSelector:
kubernetes.io/os: linux
tolerations:
- operator: Exists
kube-system, secrets-store-csi-driver-upgrade-crds, ServiceAccount (v1) has changed:
apiVersion: v1
kind: ServiceAccount
metadata:
name: secrets-store-csi-driver-upgrade-crds
namespace: kube-system
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
helm.sh/hook-weight: "1"
kube-system, secrets-store.csi.k8s.io, CSIDriver (storage.k8s.io) has changed:
# Source: secrets-store-csi-driver/templates/csidriver.yaml
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: secrets-store.csi.k8s.io
labels:
app.kubernetes.io/instance: "secrets-store-csi-driver"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/name: "secrets-store-csi-driver"
- app.kubernetes.io/version: "1.4.1"
+ app.kubernetes.io/version: "1.4.7"
app: secrets-store-csi-driver
- helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+ helm.sh/chart: "secrets-store-csi-driver-1.4.7"
spec:
podInfoOnMount: true
attachRequired: false
# Added in Kubernetes 1.16 with default mode of Persistent. Secrets store csi driver needs Ephermeral to be set.
volumeLifecycleModes:
- Ephemeral
Comparing release=aws-secrets-provider, chart=aws-secrets-manager/secrets-store-csi-driver-provider-aws
kube-system, aws-secrets-provider-secrets-store-csi-driver-provider-aws, DaemonSet (apps) has changed:
# Source: secrets-store-csi-driver-provider-aws/templates/daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
namespace: kube-system
name: aws-secrets-provider-secrets-store-csi-driver-provider-aws
labels:
- helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.5
+ helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.10
app.kubernetes.io/name: secrets-store-csi-driver-provider-aws
app.kubernetes.io/instance: aws-secrets-provider
app.kubernetes.io/managed-by: Helm
app: secrets-store-csi-driver-provider-aws
spec:
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: secrets-store-csi-driver-provider-aws
template:
metadata:
labels:
- helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.5
+ helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.10
app.kubernetes.io/name: secrets-store-csi-driver-provider-aws
app.kubernetes.io/instance: aws-secrets-provider
app.kubernetes.io/managed-by: Helm
app: secrets-store-csi-driver-provider-aws
spec:
serviceAccountName: aws-secrets-provider-secrets-store-csi-driver-provider-aws
hostNetwork: false
containers:
- name: provider-aws-installer
- image: public.ecr.aws/aws-secrets-manager/secrets-store-csi-driver-provider-aws:1.0.r2-56-g41fa54f-2023.11.15.21.38
+ image: public.ecr.aws/aws-secrets-manager/secrets-store-csi-driver-provider-aws:1.0.r2-75-g1f97be0-2024.10.17.19.45
imagePullPolicy: IfNotPresent
args:
- --provider-volume=/etc/kubernetes/secrets-store-csi-providers
resources:
limits:
cpu: 50m
memory: 100Mi
requests:
cpu: 50m
memory: 100Mi
securityContext:
allowPrivilegeEscalation: false
privileged: false
volumeMounts:
- mountPath: /etc/kubernetes/secrets-store-csi-providers
name: providervol
- name: mountpoint-dir
mountPath: /var/lib/kubelet/pods
mountPropagation: HostToContainer
volumes:
- name: providervol
hostPath:
path: /etc/kubernetes/secrets-store-csi-providers
- name: mountpoint-dir
hostPath:
path: /var/lib/kubelet/pods
type: DirectoryOrCreate
priorityClassName: "high-priority"
nodeSelector:
kubernetes.io/os: linux
kube-system, aws-secrets-provider-secrets-store-csi-driver-provider-aws, ServiceAccount (v1) has changed:
# Source: secrets-store-csi-driver-provider-aws/templates/rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: aws-secrets-provider-secrets-store-csi-driver-provider-aws
namespace: kube-system
labels:
- helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.5
+ helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.10
app.kubernetes.io/name: secrets-store-csi-driver-provider-aws
app.kubernetes.io/instance: aws-secrets-provider
app.kubernetes.io/managed-by: Helm
app: secrets-store-csi-driver-provider-aws
kube-system, aws-secrets-provider-secrets-store-csi-driver-provider-aws-cluster-role, ClusterRole (rbac.authorization.k8s.io) has changed:
# Source: secrets-store-csi-driver-provider-aws/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: aws-secrets-provider-secrets-store-csi-driver-provider-aws-cluster-role
labels:
- helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.5
+ helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.10
app.kubernetes.io/name: secrets-store-csi-driver-provider-aws
app.kubernetes.io/instance: aws-secrets-provider
app.kubernetes.io/managed-by: Helm
app: secrets-store-csi-driver-provider-aws
rules:
- apiGroups: [""]
resources: ["serviceaccounts/token"]
verbs: ["create"]
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get"]
kube-system, aws-secrets-provider-secrets-store-csi-driver-provider-aws-cluster-role-binding, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
# Source: secrets-store-csi-driver-provider-aws/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: aws-secrets-provider-secrets-store-csi-driver-provider-aws-cluster-role-binding
labels:
- helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.5
+ helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.10
app.kubernetes.io/name: secrets-store-csi-driver-provider-aws
app.kubernetes.io/instance: aws-secrets-provider
app.kubernetes.io/managed-by: Helm
app: secrets-store-csi-driver-provider-aws
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: aws-secrets-provider-secrets-store-csi-driver-provider-aws-cluster-role
subjects:
- kind: ServiceAccount
name: aws-secrets-provider-secrets-store-csi-driver-provider-aws
namespace: kube-system
Comparing release=kube-state-metrics, chart=prometheus-community/kube-state-metrics
Comparing release=blazer, chart=stakater/application
tools, blazer, Deployment (apps) has changed:
# Source: application/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
- helm.sh/chart: application-2.3.2
+ helm.sh/chart: application-2.3.4
app.kubernetes.io/version: "bootstrap"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: blazer
annotations:
reloader.stakater.com/auto: "true"
name: blazer
namespace: tools
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: blazer
strategy:
type: RollingUpdate
revisionHistoryLimit: 2
template:
metadata:
labels:
app.kubernetes.io/name: blazer
spec:
initContainers:
- name: migrate
command:
- rails
- db:migrate
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: DATABASE_URL
name: blazer
- name: BLAZER_DATABASE_URL
valueFrom:
secretKeyRef:
key: BLAZER_DATABASE_URL
name: blazer
image: ankane/blazer
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /mnt/secrets-store
name: secrets-store-inline
readOnly: true
volumes:
- csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: blazer-secrets
name: secrets-store-inline
containers:
- name: blazer
image: 239043911459.dkr.ecr.ca-central-1.amazonaws.com/database-tools/blazer:bootstrap
imagePullPolicy: IfNotPresent
env:
- name: BLAZER_DATABASE_URL
valueFrom:
secretKeyRef:
key: BLAZER_DATABASE_URL
name: blazer
- name: DATABASE_URL
valueFrom:
secretKeyRef:
key: DATABASE_URL
name: blazer
- name: GOOGLE_OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
key: GOOGLE_OAUTH_CLIENT_ID
name: blazer
- name: GOOGLE_OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: GOOGLE_OAUTH_CLIENT_SECRET
name: blazer
- name: LOG_LEVEL
value: info
- name: NOTIFY_URL
value: staging.notification.cdssandbox.xyz
volumeMounts:
- name: 0
mountPath: /mnt/secrets-store
name: secrets-store-inline
readOnly: true
resources:
limits:
cpu: 1
memory: 1024Mi
requests:
cpu: 0.1
memory: 128Mi
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: false
volumes:
- name: 0
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: blazer-secrets
name: secrets-store-inline
serviceAccountName: blazer
terminationGracePeriodSeconds:
tools, blazer, Ingress (networking.k8s.io) has changed:
# Source: application/templates/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: blazer
namespace: tools
labels:
- helm.sh/chart: application-2.3.2
+ helm.sh/chart: application-2.3.4
app.kubernetes.io/version: "bootstrap"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: blazer
spec:
ingressClassName: nginx
rules:
- host: blazer.staging.notification.internal.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: blazer
port:
name: http
tools, blazer, Service (v1) has changed:
# Source: application/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: blazer
namespace: tools
labels:
- helm.sh/chart: application-2.3.2
+ helm.sh/chart: application-2.3.4
app.kubernetes.io/version: "bootstrap"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: blazer
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: blazer
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
tools, blazer, ServiceAccount (v1) has changed:
# Source: application/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: blazer
namespace: tools
labels:
- helm.sh/chart: application-2.3.2
+ helm.sh/chart: application-2.3.4
app.kubernetes.io/version: "bootstrap"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: blazer
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::239043911459:role/secrets-csi-role-blazer
tools, blazer-secrets, SecretProviderClass (secrets-store.csi.x-k8s.io) has changed:
# Source: application/templates/secretproviderclass.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
kind: SecretProviderClass
metadata:
name: blazer-secrets
namespace: tools
labels:
- helm.sh/chart: application-2.3.2
+ helm.sh/chart: application-2.3.4
app.kubernetes.io/version: "bootstrap"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: blazer
spec:
provider: aws
parameters:
roleName:
objects:
|
- objectName: sqlalchemy_database_reader_uri
objectType: "ssmparameter"
- objectName: BLAZER_DATABASE_URL
objectType: "ssmparameter"
- objectName: notify_o11y_google_oauth_client_id
objectType: "ssmparameter"
- objectName: notify_o11y_google_oauth_client_secret
objectType: "ssmparameter"
secretObjects:
- data:
- key: BLAZER_DATABASE_URL
objectName: sqlalchemy_database_reader_uri
- key: DATABASE_URL
objectName: BLAZER_DATABASE_URL
- key: GOOGLE_OAUTH_CLIENT_ID
objectName: notify_o11y_google_oauth_client_id
- key: GOOGLE_OAUTH_CLIENT_SECRET
objectName: notify_o11y_google_oauth_client_secret
secretName: blazer
type: Opaque
Comparing release=ingress, chart=charts/nginx-ingress
Comparing release=xray-daemon, chart=okgolove/aws-xray |
renovate
bot
force-pushed
the
renovate/all-patch
branch
10 times, most recently
from
February 19, 2024 16:50
cca9e30
to
8a3ba9a
Compare
renovate
bot
force-pushed
the
renovate/all-patch
branch
12 times, most recently
from
February 26, 2024 16:22
2b3033e
to
c94bf34
Compare
renovate
bot
force-pushed
the
renovate/all-patch
branch
4 times, most recently
from
March 4, 2024 16:54
8025950
to
938dcd0
Compare
renovate
bot
force-pushed
the
renovate/all-patch
branch
22 times, most recently
from
December 16, 2024 15:53
ac6b39c
to
fb39596
Compare
renovate
bot
force-pushed
the
renovate/all-patch
branch
6 times, most recently
from
December 18, 2024 15:12
0cbdab6
to
2f1d7b8
Compare
renovate
bot
force-pushed
the
renovate/all-patch
branch
from
December 18, 2024 19:14
2f1d7b8
to
a4cb12a
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.3.2
->2.3.4
1.4.1
->1.4.7
0.3.5
->0.3.10
Review
Release Notes
stakater/application (application)
v2.3.3
Compare Source
kubernetes-sigs/secrets-store-csi-driver (secrets-store-csi-driver)
v1.4.7
Compare Source
v1.4.7 - 2024-12-07
Changelog
Maintenance 🔧
9c9e8f9
chore: bump version to v1.4.7 in release-1.480a2c34
chore: bump to golang 1.22 builder image in dockerfiled54527d
chore: bump trivy to v0.57.1 to mitigate rate limit issues7523104
chore: bump kind version and k8s version in test matrixv1.4.6
Compare Source
v1.4.6 - 2024-10-09
Changelog
Continuous Integration 💜
a2c307a
ci: update goreleaser config for v2Maintenance 🔧
b52af8c
chore: bumps base images71941d5
chore: bumps version for v1.4.6 releasev1.4.5
Compare Source
v1.4.5 - 2024-08-20
Changelog
Continuous Integration 💜
7a6ed16
ci: migrate azure job to eks prow clusterfff3865
ci: use v2 for goreleaserDocumentation 📘
e6da463
docs: akeyless provider supports rotationMaintenance 🔧
8e2cc82
chore: bump version to v1.4.5 in release-1.418619d1
chore: handle sha tags correctly in helm chartsc807dca
chore: bump node-driver-registrar tov2.11.1
36c6a8d
chore: bump livenessprobe tov2.13.1
Testing 💚
6be9c97
test: reset rotation response in mock server for upgrade tests32a95ae
add namespace to all kubectl commands in azure.batsv1.4.4
Compare Source
v1.4.4 - 2024-06-18
Changelog
Continuous Integration 💜
62d6dce
ci: use--clean
instead of--rm-dist
a067688
ci: use--verbose
instead of--debug
in goreleaserMaintenance 🔧
640a771
chore: bump version to v1.4.4 in release-1.4ccce7f7
chore: update debian-base to bookworm-v1.0.3Security Fix 🛡️
5747aa8
chore: bump kubectl to v1.29.4 in driver-crds for CVE-2023-45288Testing 💚
dbe92af
test: remove target path check in fake provider serverv1.4.3
Compare Source
v1.4.3 - 2024-04-17
Changelog
Bug Fixes 🐞
d84a7a1
fix: support more than one linux.crds.annotations in helm chartsContinuous Integration 💜
03dd391
ci: add govulncheckMaintenance 🔧
aa75fe5
chore: bump version to v1.4.3 in release-1.43c3889a
chore: update debian-base to bookworm-v1.0.2Security Fix 🛡️
412c477
security: bump golang.org/x/net to v0.23.0+ to fix GO-2024-26879ee78b8
security: bump kubectl to v1.29.3 in driver-crds for CVE-2024-24786v1.4.2
Compare Source
v1.4.2 - 2024-03-11
Changelog
Maintenance 🔧
9039cc9
chore: bump version to v1.4.2 in release-1.49fd198c
chore: update node-driver-registrar:v2.10.0, livenessprobe:v2.12.0b303fae
chore: update debian-base to bookworm-v1.0.1aws/secrets-store-csi-driver-provider-aws (secrets-store-csi-driver-provider-aws)
v0.3.10
Compare Source
A Helm chart for the AWS Secrets Manager and Config Provider for Secret Store CSI Driver
What's Changed
Full Changelog: aws/secrets-store-csi-driver-provider-aws@secrets-store-csi-driver-provider-aws-0.3.9...secrets-store-csi-driver-provider-aws-0.3.10
v0.3.9
Compare Source
A Helm chart for the AWS Secrets Manager and Config Provider for Secret Store CSI Driver
What's Changed
Full Changelog: aws/secrets-store-csi-driver-provider-aws@secrets-store-csi-driver-provider-aws-0.3.8...secrets-store-csi-driver-provider-aws-0.3.9
v0.3.8
Compare Source
A Helm chart for the AWS Secrets Manager and Config Provider for Secret Store CSI Driver
What's Changed
New Contributors
Full Changelog: aws/secrets-store-csi-driver-provider-aws@secrets-store-csi-driver-provider-aws-0.3.7...secrets-store-csi-driver-provider-aws-0.3.8
v0.3.7
Compare Source
A Helm chart for the AWS Secrets Manager and Config Provider for Secret Store CSI Driver
v0.3.6
Compare Source
A Helm chart for the AWS Secrets Manager and Config Provider for Secret Store CSI Driver
Configuration
📅 Schedule: Branch creation - "every weekend" in timezone America/Montreal, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.