Secrets Store Csi Driver Versions Save

Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.

v1.2.3

1 year ago

v1.2.3 - 2022-08-11

Changelog

Bug Fixes 🐞

  • 8775b331 fix: sanitize service account tokens in logs

Maintenance 🔧

  • a8a646ea chore: bump version to v1.2.3 in release-1.2
  • f8d0e254 chore: update debian-base to bullseye-v1.4.1

Security Fix 🛡️

  • 116118f9 security: fix multiple CVEs
  • 5db802fc security: fix CVE-2022-29526

v1.2.2

1 year ago

v1.2.2 - 2022-07-14

Changelog

Bug Fixes 🐞

  • e558fc0c fix: use os.Lstat to resolve os.Stat issue in windows

Maintenance 🔧

  • e76d9806 chore: bump version to v1.2.2 in release-1.2

v1.2.1

1 year ago

v1.2.1 - 2022-07-12

Changelog

Maintenance 🔧

  • 42fd02c0 chore: bump version to v1.2.1 in release-1.2
  • b6f0933b chore: update debian-base to bullseye-v1.4.0

Security Fix 🛡️

  • 53d63412 security: fix CVE-2021-4209
  • 9e8aaa29 security: fix CVE-2022-1996
  • a23f86a0 security: fix CVE-2022-34903
  • c524aeff security: fix CVE-2022-2068

v1.2.0

1 year ago

v1.2.0 - 2022-06-22

Changelog

Bug Fixes 🐞

  • 3ae12bd2 fix: remove files before cleanup mount point in unpublish
  • 0af24830 fix: panic when using --log-format-json
  • 830d184a fix: update err variable in defer to prevent err shadowing
  • c452ac46 fix: add unit test to validate error shadowed bug

Code Refactoring 💎

  • b0af2b93 refactor: use NewSharedInformerFactoryWithOptions for new shared informer
  • 14489c70 refactor: update mdbook install and serve

Continuous Integration 💜

  • d1181e3c ci: add kubernetes 1.24 in e2e matrix
  • ce476721 ci: fix aws eks cluster creation
  • 384db8bb ci: fix markdown link check workflow failures
  • 12d1c991 ci: update kubernetes version matrix in staging e2e workflow
  • 0246e35d ci: update e2e_mock_provider_tests kubernetes versions
  • 2f161323 ci: add goreleaser workflow for release
  • d0e614fd ci: fix shellcheck file paths
  • 00a1445d ci: add markdown-link-check workflow

Documentation 📘

  • 3787ca2e docs: include security explanations for root/privileged/and pod tokens
  • b55eaeff docs: update instructions on generating release notes
  • c0e97a56 docs: add subPath volume mount limitation
  • 592ad7b5 docs: update supported versions and replace v1alpha1 with v1
  • 8c41c4a1 docs: remove helm repo url change note in install steps
  • 052429b0 docs: add slack badge
  • 95218a6b docs: fix dead links based on errors
  • 0391489d docs: update features and add toc
  • ba364e14 docs: Update helm README.md with linux crd image values (#797)
  • 856ad859 docs: update supported feature by current providers
  • a760c186 docs: fix typo in api version group name
  • ed9ecf3a docs: add design docs and roadmap to website
  • 99aafa5d docs: add project status to docs

Features 🌈

  • 0723e1ef feat: support provider paths under /var/run
  • 7ac887a5 feat: add token requests client (#805)
  • 4b8c4427 feat: send NodePublishVolumeRequest.VolumeContext in MountRequest to provider

Maintenance 🔧

  • 23ae1fb5 chore: bump version to v1.2.0 in release-1.2
  • a95f0e59 chore: update kustomize to v4
  • 1d264d2e chore: update tools dependencies and generate manifests
  • e0f18506 chore: update kubernetes deps to v1.24.1
  • 5ddc9693 chore: add crds.podLabels for helm hook jobs (#962)
  • d70d198e chore: update debian-base to bullseye-v1.3.0
  • a48fddee chore: bump node-driver-registrar:v2.5.1 and livenessprobe:v2.7.0
  • 68ef4714 chore: bump kind version to v0.13.0 to support kubernetes v1.24
  • 75d28a44 chore: update pull request template
  • 1faac89f chore: change default to /var/run for providers path
  • e6cc3d52 chore: upgrade makefile test binary versions
  • 4b09e85c chore: upgrade to go 1.18
  • 1ec0f8bc chore: remove deprecated minimumProviderVersions in helm chart
  • b46dfcb3 chore: make token requests conditional for v1.20+
  • 37f55b2b chore: bump node-driver-registrar:v2.5.0 and livenessprobe:v2.6.0
  • ca257a83 chore: mark v1alpha1 api version as deprecated
  • ae872432 chore: remove old helm packages and index
  • ccb9fa47 chore: updates trivy command
  • a5966246 chore: log invalid key in error
  • dac5381d chore: update debian-base to bullseye-v1.1.0
  • f694be21 chore: bump node-driver-reegistrar image to v2.4.0
  • 97507719 chore: remove deprecated --filtered-watch-secret flag
  • c78559ef chore: bump livenessprobe image to v2.5.0
  • 2b27e0c8 chore: upgrade kubernetes deps
  • 60692157 chore: use TARGETARCH for image build and makefile update
  • e1f143c6 chore: use corev1 as import alias instead of v1

Security Fix 🛡️

  • 84f8b21b security: fix CVE-2022-1664
  • 860c83e3 security: fix CVE-2022-1292
  • 28a14d20 security: fix CVE-2022-1271
  • f4b9d0f5 security: fix CVE-2018-25032 and update to debian-base:bullseye-v1.2.0
  • 5a34967d security: fix CVEs
  • b558858b security: fix CVE-2022-0778, CVE-2021-4160
  • e6d1c8f2 security: fix CVE-2021-3995, CVE-2021-3996
  • 64623751 security: fix CVE-2021-43618

Testing 💚

  • df67b530 test: cleanup provider tests (part 1)
  • 725b77d5 test: use helm upgrade --install for azure e2e
  • 86d368e9 test: use helm charts for azure provider
  • 0ec62508 test: conditionally check token requests role and binding
  • 899d3ed4 test: add test for view and admin cluster role (#845)

v1.1.2

2 years ago

v1.1.2 - 2022-03-31

Changelog

Bug Fixes 🐞

  • 9e39ed64 Automated cherry pick of #898: fix: validate additionalProviderPaths does not contain providers dir (#902)

Maintenance 🔧

  • cf55d984 chore: bump version to 1.1.2 in release-1.1
  • 2c0743e5 chore: update golangci-lint to v1.45.2 and pin to go 1.17

Security Fix 🛡️

  • 78d25074 security: fix CVEs
  • 8cd6b628 security: fix CVE-2022-0778, CVE-2021-4160

v1.1.1

2 years ago

v1.1.1 - 2022-03-07

Changelog

Bug Fixes 🐞

  • 8b6a1e60 fix: panic when using --log-format-json

Maintenance 🔧

  • f2c8ae20 chore: bump version to 1.1.1 in release-1.1

v1.1.0

2 years ago

v1.1.0 - 2022-02-23

Announcement 📢

  • The helm charts were moved to https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts as part of v0.3.0 release. As part of this release, the old charts from the main branch have been removed. Update to https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts to use the helm charts for all releases.
  • secrets-store.csi.x-k8s.io/v1alpha1 is deprecated. Use secrets-store.csi.x-k8s.io/v1 instead for SecretProviderClass API version.
  • Note to Providers: The provider volume default will move from /etc/kubernetes/secrets-store-csi-providers to /var/run/secrets-store-csi-providers in a future version of the driver. For more info see #823 and #870.

Changelog

Bug Fixes 🐞

  • c8c45330 fix: update err variable in defer to prevent err shadowing
  • 91440b7c fix: add unit test to validate error shadowed bug

Code Refactoring 💎

  • b0af2b93 refactor: use NewSharedInformerFactoryWithOptions for new shared informer
  • 14489c70 refactor: update mdbook install and serve

Continuous Integration 💜

  • 2f161323 ci: add goreleaser workflow for release
  • d0e614fd ci: fix shellcheck file paths
  • 00a1445d ci: add markdown-link-check workflow

Documentation 📘

  • 8c41c4a1 docs: remove helm repo url change note in install steps
  • 052429b0 docs: add slack badge
  • 95218a6b docs: fix dead links based on errors
  • 0391489d docs: update features and add toc
  • ba364e14 docs: Update helm README.md with linux crd image values (#797)
  • 856ad859 docs: update supported feature by current providers
  • a760c186 docs: fix typo in api version group name
  • ed9ecf3a docs: add design docs and roadmap to website
  • 99aafa5d docs: add project status to docs

Features 🌈

  • 7ac887a5 feat: add token requests client (#805)
  • 4b8c4427 feat: send NodePublishVolumeRequest.VolumeContext in MountRequest to provider
  • d7809a7d feat: support provider paths under /var/run

Maintenance 🔧

  • 06931d3a chore: bump version to v1.1.0-rc.0 in release-1.1
  • ca257a83 chore: mark v1alpha1 api version as deprecated
  • ccb9fa47 chore: updates trivy command
  • a5966246 chore: log invalid key in error
  • dac5381d chore: update debian-base to bullseye-v1.1.0
  • f694be21 chore: bump node-driver-reegistrar image to v2.4.0
  • 97507719 chore: remove deprecated --filtered-watch-secret flag
  • c78559ef chore: bump livenessprobe image to v2.5.0
  • 2b27e0c8 chore: upgrade kubernetes deps
  • 60692157 chore: use TARGETARCH for image build and makefile update
  • e1f143c6 chore: use corev1 as import alias instead of v1
  • 331cf9f9 chore: bump version to v1.1.0 in release-1.1
  • 1ecec55b chore: make token requests conditional for v1.20+
  • a036d143 chore: bump node-driver-registrar:v2.5.0 and livenessprobe:v2.6.0

Security Fix 🛡️

  • e6d1c8f2 security: fix CVE-2021-3995, CVE-2021-3996
  • 64623751 security: fix CVE-2021-43618

Testing 💚

  • 899d3ed4 test: add test for view and admin cluster role (#845)

v1.1.0-rc.0

2 years ago

v1.1.0-rc.0 - 2022-02-08

Changelog

Code Refactoring 💎

  • b0af2b93 refactor: use NewSharedInformerFactoryWithOptions for new shared informer
  • 14489c70 refactor: update mdbook install and serve

Continuous Integration 💜

  • 2f161323 ci: add goreleaser workflow for release
  • d0e614fd ci: fix shellcheck file paths
  • 00a1445d ci: add markdown-link-check workflow

Documentation 📘

  • 8c41c4a1 docs: remove helm repo url change note in install steps
  • 052429b0 docs: add slack badge
  • 95218a6b docs: fix dead links based on errors
  • 0391489d docs: update features and add toc
  • ba364e14 docs: Update helm README.md with linux crd image values (#797)
  • 856ad859 docs: update supported feature by current providers
  • a760c186 docs: fix typo in api version group name
  • ed9ecf3a docs: add design docs and roadmap to website
  • 99aafa5d docs: add project status to docs

Features 🌈

  • 7ac887a5 feat: add token requests client (#805)
  • 4b8c4427 feat: send NodePublishVolumeRequest.VolumeContext in MountRequest to provider

Maintenance 🔧

  • 06931d3a chore: bump version to v1.1.0-rc.0 in release-1.1
  • ca257a83 chore: mark v1alpha1 api version as deprecated
  • ccb9fa47 chore: updates trivy command
  • a5966246 chore: log invalid key in error
  • dac5381d chore: update debian-base to bullseye-v1.1.0
  • f694be21 chore: bump node-driver-reegistrar image to v2.4.0
  • 97507719 chore: remove deprecated --filtered-watch-secret flag
  • c78559ef chore: bump livenessprobe image to v2.5.0
  • 2b27e0c8 chore: upgrade kubernetes deps
  • 60692157 chore: use TARGETARCH for image build and makefile update
  • e1f143c6 chore: use corev1 as import alias instead of v1

Security Fix 🛡️

  • e6d1c8f2 security: fix CVE-2021-3995, CVE-2021-3996
  • 64623751 security: fix CVE-2021-43618

Testing 💚

  • 899d3ed4 test: add test for view and admin cluster role (#845)

v1.0.1

2 years ago

Security Fix 🛡️

  • fix CVE-2021-43618 (#826, @aramase)

Maintenance 🔧

  • remove strict linting (#822, @aramase)
  • update livenessprobe image to v2.5.0 (#803, @aramase)
  • update node-driver-registrar image to v2.4.0 (#807, @aramase)
  • use k8s-staging-test-infra/gcb-docker-gcloud (#814, @spiffxp)
  • update debian-base to bullseye-v1.1.0 (#825, @aramase)

Driver images are hosted in GCR at k8s.gcr.io/csi-secrets-store/driver

v1.0.0

2 years ago

Announcement 📢

  • This is the first stable release for the driver!
  • The SecretProviderClass and SecretProviderClassPodStatus CRDs are now v1 🎉

Refer to https://secrets-store-csi-driver.sigs.k8s.io/getting-started/upgrades.html#pre-v100 before upgrade. Refer to https://secrets-store-csi-driver.sigs.k8s.io/load-tests.html for load test results.

Features 🌈

  • Promoted CRDs to v1 (#760, @aramase)
  • Add Windows Server 2022 (#757, @nick5616)

Bug Fixes 🐞

  • create or update secretproviderclasspodstatus post mount (#735, @aramase)
  • Update base image for ltsc2022 (#770, @aramase)

Documentation 📘

  • update RELEASE docs based on v0.3.0 experience (#718, @tam7t)
  • fix typo in helm url (#720, @nilekhc)
  • fix typo in chart url in charts dir (#721, @aramase)
  • add detail about pprof and metrics endpoint (#731, @aramase)
  • update design docs status (#737, @aramase)
  • add providers support matrix (#724, @nilekhc)
  • add supported kubernetes versions (#751, @aramase)
  • additional release note updates based on v1.0.0-rc.1 (#776, @tam7t)
  • update docs for v1.0.0 and CRD version upgrades (#781, @tam7t)

Helm 📈

  • Support imagePullSecrets in Job/secrets-store-csi-driver-keep-crds (#778, @remm)

Maintenance 🔧

  • rename references from master to main (#726, @aramase)
  • add LICENSE to all files (#727, @aramase)
  • remove deprecated --prometheus-port flag (#732, @aramase)
  • update the initialDelaySeconds and timeoutSeconds for node-driver-registrar livenessprobe (#729, @aramase)
  • use structured logging and update imports order (#736, @aramase)
  • use kubectl.kubernetes.io/default-container annotation (#738, @aramase)
  • update to debian-base:bullseye-v1.0.0 (#742, @aramase)

Testing 💚

  • implement e2e provider (#682, @nilekhc)
  • add workflow for e2e using staging images (#730, @nilekhc)
  • adds support for inplace upgrade test (#741, @nilekhc)
  • adds e2e test for vault rotation (#758, @tam7t)
  • log the secrets-store API version (#764, @aramase)
  • add k8s test matrix for staging e2e (#774, @aramase)

Driver images are hosted in GCR at k8s.gcr.io/csi-secrets-store/driver