Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update all patch dependencies #2370

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 10, 2024

This PR contains the following updates:

Package Update Change
application patch 2.3.2 -> 2.3.4
secrets-store-csi-driver patch 1.4.1 -> 1.4.6
secrets-store-csi-driver-provider-aws patch 0.3.5 -> 0.3.10

Review

  • Updates have been tested and work
  • If updates are AWS related, versions match the infrastructure (e.g. Lambda runtime, database, etc.)

Release Notes

stakater/application (application)

v2.3.3

Compare Source

kubernetes-sigs/secrets-store-csi-driver (secrets-store-csi-driver)

v1.4.6

Compare Source

v1.4.6 - 2024-10-09

Changelog

Continuous Integration 💜
  • a2c307a ci: update goreleaser config for v2
Maintenance 🔧
  • b52af8c chore: bumps base images
  • 71941d5 chore: bumps version for v1.4.6 release

v1.4.5

Compare Source

v1.4.5 - 2024-08-20

Changelog

Continuous Integration 💜
  • 7a6ed16 ci: migrate azure job to eks prow cluster
  • fff3865 ci: use v2 for goreleaser
Documentation 📘
  • e6da463 docs: akeyless provider supports rotation
Maintenance 🔧
  • 8e2cc82 chore: bump version to v1.4.5 in release-1.4
  • 18619d1 chore: handle sha tags correctly in helm charts
  • c807dca chore: bump node-driver-registrar to v2.11.1
  • 36c6a8d chore: bump livenessprobe to v2.13.1
Testing 💚
  • 6be9c97 test: reset rotation response in mock server for upgrade tests
  • 32a95ae add namespace to all kubectl commands in azure.bats

v1.4.4

Compare Source

v1.4.4 - 2024-06-18

Changelog

Continuous Integration 💜
  • 62d6dce ci: use --clean instead of --rm-dist
  • a067688 ci: use --verbose instead of --debug in goreleaser
Maintenance 🔧
  • 640a771 chore: bump version to v1.4.4 in release-1.4
  • ccce7f7 chore: update debian-base to bookworm-v1.0.3
Security Fix 🛡️
Testing 💚
  • dbe92af test: remove target path check in fake provider server

v1.4.3

Compare Source

v1.4.3 - 2024-04-17

Changelog

Bug Fixes 🐞
  • d84a7a1 fix: support more than one linux.crds.annotations in helm charts
Continuous Integration 💜
Maintenance 🔧
  • aa75fe5 chore: bump version to v1.4.3 in release-1.4
  • 3c3889a chore: update debian-base to bookworm-v1.0.2
Security Fix 🛡️
  • 412c477 security: bump golang.org/x/net to v0.23.0+ to fix GO-2024-2687
  • 9ee78b8 security: bump kubectl to v1.29.3 in driver-crds for CVE-2024-24786

v1.4.2

Compare Source

v1.4.2 - 2024-03-11
Changelog
Maintenance 🔧
  • 9039cc9 chore: bump version to v1.4.2 in release-1.4
  • 9fd198c chore: update node-driver-registrar:v2.10.0, livenessprobe:v2.12.0
  • b303fae chore: update debian-base to bookworm-v1.0.1
aws/secrets-store-csi-driver-provider-aws (secrets-store-csi-driver-provider-aws)

v0.3.10

Compare Source

A Helm chart for the AWS Secrets Manager and Config Provider for Secret Store CSI Driver

What's Changed

Full Changelog: aws/secrets-store-csi-driver-provider-aws@secrets-store-csi-driver-provider-aws-0.3.9...secrets-store-csi-driver-provider-aws-0.3.10

v0.3.9

Compare Source

A Helm chart for the AWS Secrets Manager and Config Provider for Secret Store CSI Driver

What's Changed

Full Changelog: aws/secrets-store-csi-driver-provider-aws@secrets-store-csi-driver-provider-aws-0.3.8...secrets-store-csi-driver-provider-aws-0.3.9

v0.3.8

Compare Source

A Helm chart for the AWS Secrets Manager and Config Provider for Secret Store CSI Driver

What's Changed

New Contributors

Full Changelog: aws/secrets-store-csi-driver-provider-aws@secrets-store-csi-driver-provider-aws-0.3.7...secrets-store-csi-driver-provider-aws-0.3.8

v0.3.7

Compare Source

A Helm chart for the AWS Secrets Manager and Config Provider for Secret Store CSI Driver

v0.3.6

Compare Source

A Helm chart for the AWS Secrets Manager and Config Provider for Secret Store CSI Driver


Configuration

📅 Schedule: Branch creation - "every weekend" in timezone America/Montreal, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Copy link

github-actions bot commented Feb 10, 2024

ingress	nginx    	2       	2024-02-12 19:08:42.93215444 +0000 UTC	deployed	nginx-ingress-1.1.2	3.4.2      

xray-daemon	xray     	1       	2024-07-29 19:45:48.684608347 +0000 UTC	deployed	aws-xray-4.0.8	3.3.12     

Comparing release=k8s-event-logger, chart=/tmp/helmfile3873212582/amazon-cloudwatch/staging/k8s-event-logger/k8s-event-logger/1.1.8/k8s-event-logger
Comparing release=karpenter-crd, chart=/tmp/helmfile3873212582/karpenter/staging/karpenter-crd/karpenter-crd/0.36.1/karpenter-crd
Comparing release=karpenter, chart=/tmp/helmfile3873212582/karpenter/staging/karpenter/karpenter/0.36.1/karpenter
Comparing release=karpenter-nodepool, chart=charts/karpenter-nodepool
Comparing release=priority-classes, chart=deliveryhero/priority-class
Comparing release=secrets-store-csi-driver, chart=secrets-store-csi-driver/secrets-store-csi-driver
kube-system, secretproviderclasses-admin-role, ClusterRole (rbac.authorization.k8s.io) has changed:
  # Source: secrets-store-csi-driver/templates/role-secretproviderclasses-admin.yaml
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    creationTimestamp: null
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
      rbac.authorization.k8s.io/aggregate-to-admin: "true"
      rbac.authorization.k8s.io/aggregate-to-edit: "true"
    name: secretproviderclasses-admin-role
  rules:
  - apiGroups:
    - secrets-store.csi.x-k8s.io
    resources:
    - secretproviderclasses
    verbs:
    - get
    - list
    - watch
    - create
    - update
    - patch
    - delete
kube-system, secretproviderclasses-role, ClusterRole (rbac.authorization.k8s.io) has changed:
  # Source: secrets-store-csi-driver/templates/role.yaml
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    name: secretproviderclasses-role
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
  rules:
  - apiGroups:
    - ""
    resources:
    - events
    verbs:
    - create
    - patch
  - apiGroups:
    - ""
    resources:
    - pods
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - secrets-store.csi.x-k8s.io
    resources:
    - secretproviderclasses
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - secrets-store.csi.x-k8s.io
    resources:
    - secretproviderclasspodstatuses
    verbs:
    - create
    - delete
    - get
    - list
    - patch
    - update
    - watch
  - apiGroups:
    - secrets-store.csi.x-k8s.io
    resources:
    - secretproviderclasspodstatuses/status
    verbs:
    - get
    - patch
    - update
  - apiGroups:
    - storage.k8s.io
    resourceNames:
    - secrets-store.csi.k8s.io
    resources:
    - csidrivers
    verbs:
    - get
    - list
    - watch
kube-system, secretproviderclasses-rolebinding, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
  # Source: secrets-store-csi-driver/templates/role_binding.yaml
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    name: secretproviderclasses-rolebinding
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: secretproviderclasses-role
  subjects:
  - kind: ServiceAccount
    name: secrets-store-csi-driver
    namespace: kube-system
kube-system, secretproviderclasses-viewer-role, ClusterRole (rbac.authorization.k8s.io) has changed:
  # Source: secrets-store-csi-driver/templates/role-secretproviderclasses-viewer.yaml
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    creationTimestamp: null
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
      rbac.authorization.k8s.io/aggregate-to-view: "true"
    name: secretproviderclasses-viewer-role
  rules:
  - apiGroups:
    - secrets-store.csi.x-k8s.io
    resources:
    - secretproviderclasses
    verbs:
    - get
    - list
    - watch
kube-system, secretproviderclasspodstatuses-viewer-role, ClusterRole (rbac.authorization.k8s.io) has changed:
  # Source: secrets-store-csi-driver/templates/role-secretproviderclasspodstatuses-viewer.yaml
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    creationTimestamp: null
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
      rbac.authorization.k8s.io/aggregate-to-view: "true"
    name: secretproviderclasspodstatuses-viewer-role
  rules:
  - apiGroups:
    - secrets-store.csi.x-k8s.io
    resources:
    - secretproviderclasspodstatuses
    verbs:
    - get
    - list
    - watch
kube-system, secretproviderrotation-role, ClusterRole (rbac.authorization.k8s.io) has changed:
  # Source: secrets-store-csi-driver/templates/role-rotation.yaml
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    name: secretproviderrotation-role
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
  rules:
  - apiGroups:
    - ""
    resources:
    - secrets
    verbs:
    - get
    - list
    - watch
kube-system, secretproviderrotation-rolebinding, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
  # Source: secrets-store-csi-driver/templates/role-rotation_binding.yaml
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    name: secretproviderrotation-rolebinding
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: secretproviderrotation-role
  subjects:
  - kind: ServiceAccount
    name: secrets-store-csi-driver
    namespace: kube-system
kube-system, secretprovidersyncing-role, ClusterRole (rbac.authorization.k8s.io) has changed:
  # Source: secrets-store-csi-driver/templates/role-syncsecret.yaml
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    name: secretprovidersyncing-role
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
  rules:
  - apiGroups:
    - ""
    resources:
    - secrets
    verbs:
    - create
    - delete
    - get
    - list
    - patch
    - update
    - watch
kube-system, secretprovidersyncing-rolebinding, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
  # Source: secrets-store-csi-driver/templates/role-syncsecret_binding.yaml
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    name: secretprovidersyncing-rolebinding
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: secretprovidersyncing-role
  subjects:
  - kind: ServiceAccount
    name: secrets-store-csi-driver
    namespace: kube-system
kube-system, secrets-store-csi-driver, DaemonSet (apps) has changed:
  # Source: secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml
  kind: DaemonSet
  apiVersion: apps/v1
  metadata:
    name: secrets-store-csi-driver
    namespace: kube-system
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
  spec:
    selector:
      matchLabels:
        app: secrets-store-csi-driver
    updateStrategy:
      rollingUpdate:
        maxUnavailable: 1
      type: RollingUpdate
    template:
      metadata:
        labels:
          app.kubernetes.io/instance: "secrets-store-csi-driver"
          app.kubernetes.io/managed-by: "Helm"
          app.kubernetes.io/name: "secrets-store-csi-driver"
-         app.kubernetes.io/version: "1.4.1"
+         app.kubernetes.io/version: "1.4.6"
          app: secrets-store-csi-driver
-         helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+         helm.sh/chart: "secrets-store-csi-driver-1.4.6"
        annotations:
          kubectl.kubernetes.io/default-container: secrets-store
      spec:
        serviceAccountName: secrets-store-csi-driver
        affinity:
          nodeAffinity:
            requiredDuringSchedulingIgnoredDuringExecution:
              nodeSelectorTerms:
              - matchExpressions:
                - key: type
                  operator: NotIn
                  values:
                  - virtual-kubelet
        containers:
          - name: node-driver-registrar
-           image: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0"
+           image: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1"
            args:
              - --v=5
              - --csi-address=/csi/csi.sock
              - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-secrets-store/csi.sock
-           livenessProbe:
-             exec:
-               command:
-               - /csi-node-driver-registrar
-               - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-secrets-store/csi.sock
-               - --mode=kubelet-registration-probe
-             initialDelaySeconds: 30
-             timeoutSeconds: 15
            imagePullPolicy: IfNotPresent
            volumeMounts:
              - name: plugin-dir
                mountPath: /csi
              - name: registration-dir
                mountPath: /registration
            resources:
              limits:
                cpu: 100m
                memory: 100Mi
              requests:
                cpu: 10m
                memory: 20Mi
          - name: secrets-store
-           image: "registry.k8s.io/csi-secrets-store/driver:v1.4.1"
+           image: "registry.k8s.io/csi-secrets-store/driver:v1.4.6"
            args:
              - "--endpoint=$(CSI_ENDPOINT)"
              - "--nodeid=$(KUBE_NODE_NAME)"
              - "--provider-volume=/var/run/secrets-store-csi-providers"
              - "--additional-provider-volume-paths=/etc/kubernetes/secrets-store-csi-providers"
              - "--enable-secret-rotation=true"
              - "--metrics-addr=:8095"
              - "--provider-health-check-interval=2m"
              - "--max-call-recv-msg-size=4194304"
            env:
            - name: CSI_ENDPOINT
              value: unix:///csi/csi.sock
            - name: KUBE_NODE_NAME
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: spec.nodeName
            imagePullPolicy: IfNotPresent
            securityContext:
              privileged: true
            ports:
              - containerPort: 9808
                name: healthz
                protocol: TCP
              - containerPort: 8095
                name: metrics
                protocol: TCP
            livenessProbe:
                failureThreshold: 5
                httpGet:
                  path: /healthz
                  port: healthz
                initialDelaySeconds: 30
                timeoutSeconds: 10
                periodSeconds: 15
            volumeMounts:
              - name: plugin-dir
                mountPath: /csi
              - name: mountpoint-dir
                mountPath: /var/lib/kubelet/pods
                mountPropagation: Bidirectional
              - name: providers-dir
                mountPath: /var/run/secrets-store-csi-providers
              - name: providers-dir-0
                mountPath: "/etc/kubernetes/secrets-store-csi-providers"
            resources:
              limits:
                cpu: 200m
                memory: 200Mi
              requests:
                cpu: 50m
                memory: 100Mi
          - name: liveness-probe
-           image: "registry.k8s.io/sig-storage/livenessprobe:v2.10.0"
+           image: "registry.k8s.io/sig-storage/livenessprobe:v2.13.1"
            imagePullPolicy: IfNotPresent
            args:
            - --csi-address=/csi/csi.sock
            - --probe-timeout=3s
            - --http-endpoint=0.0.0.0:9808
            - -v=2
            volumeMounts:
              - name: plugin-dir
                mountPath: /csi
            resources:
              limits:
                cpu: 100m
                memory: 100Mi
              requests:
                cpu: 10m
                memory: 20Mi
        priorityClassName: "high-priority"
        volumes:
          - name: mountpoint-dir
            hostPath:
              path: /var/lib/kubelet/pods
              type: DirectoryOrCreate
          - name: registration-dir
            hostPath:
              path: /var/lib/kubelet/plugins_registry/
              type: Directory
          - name: plugin-dir
            hostPath:
              path: /var/lib/kubelet/plugins/csi-secrets-store/
              type: DirectoryOrCreate
          - name: providers-dir
            hostPath:
              path: /var/run/secrets-store-csi-providers
              type: DirectoryOrCreate
          - name: providers-dir-0
            hostPath:
              path: "/etc/kubernetes/secrets-store-csi-providers"
              type: DirectoryOrCreate
        nodeSelector:
          kubernetes.io/os: linux
        tolerations:
          - operator: Exists
kube-system, secrets-store-csi-driver, ServiceAccount (v1) has changed:
  # Source: secrets-store-csi-driver/templates/serviceaccount.yaml
  apiVersion: v1
  kind: ServiceAccount
  metadata:
    name: secrets-store-csi-driver
    namespace: kube-system
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
kube-system, secrets-store-csi-driver-keep-crds, ClusterRole (rbac.authorization.k8s.io) has changed:
  # Source: secrets-store-csi-driver/templates/keep-crds-upgrade-hook.yaml
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    name: secrets-store-csi-driver-keep-crds
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
    annotations:
      helm.sh/hook: pre-upgrade
      helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
      helm.sh/hook-weight: "2"
  rules:
    - apiGroups: ["apiextensions.k8s.io"]
      resources: ["customresourcedefinitions"]
      verbs: ["get", "patch"]
kube-system, secrets-store-csi-driver-keep-crds, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
  # Source: secrets-store-csi-driver/templates/keep-crds-upgrade-hook.yaml
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    name: secrets-store-csi-driver-keep-crds
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
    annotations:
      helm.sh/hook: pre-upgrade
      helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
      helm.sh/hook-weight: "2"
  subjects:
    - kind: ServiceAccount
      name: secrets-store-csi-driver-keep-crds
      namespace: kube-system
  roleRef:
    kind: ClusterRole
    name: secrets-store-csi-driver-keep-crds
    apiGroup: rbac.authorization.k8s.io
kube-system, secrets-store-csi-driver-keep-crds, Job (batch) has changed:
  # Source: secrets-store-csi-driver/templates/keep-crds-upgrade-hook.yaml
  apiVersion: batch/v1
  kind: Job
  metadata:
    name: secrets-store-csi-driver-keep-crds
    namespace: kube-system
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
    annotations:
      helm.sh/hook: pre-upgrade
      helm.sh/hook-weight: "20"
      helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
  spec:
    backoffLimit: 3
    template:
      metadata:
        name: secrets-store-csi-driver-keep-crds
      spec:
        serviceAccountName: secrets-store-csi-driver-keep-crds
        restartPolicy: Never
        containers:
        - name: crds-keep
-         image: "registry.k8s.io/csi-secrets-store/driver-crds:v1.4.1"
+         image: "registry.k8s.io/csi-secrets-store/driver-crds:v1.4.6"
          args:
          - patch
          - crd
          - secretproviderclasses.secrets-store.csi.x-k8s.io
          - secretproviderclasspodstatuses.secrets-store.csi.x-k8s.io
          - -p
          - '{"metadata":{"annotations": {"helm.sh/resource-policy": "keep"}}}'
          imagePullPolicy: IfNotPresent
        nodeSelector:
          kubernetes.io/os: linux
        tolerations:
          - operator: Exists
kube-system, secrets-store-csi-driver-keep-crds, ServiceAccount (v1) has changed:
  apiVersion: v1
  kind: ServiceAccount
  metadata:
    name: secrets-store-csi-driver-keep-crds
    namespace: kube-system
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
    annotations:
      helm.sh/hook: pre-upgrade
      helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
      helm.sh/hook-weight: "2"
kube-system, secrets-store-csi-driver-upgrade-crds, ClusterRole (rbac.authorization.k8s.io) has changed:
  # Source: secrets-store-csi-driver/templates/crds-upgrade-hook.yaml
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    name: secrets-store-csi-driver-upgrade-crds
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
    annotations:
      helm.sh/hook: pre-install,pre-upgrade
      helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
      helm.sh/hook-weight: "1"
  rules:
    - apiGroups: ["apiextensions.k8s.io"]
      resources: ["customresourcedefinitions"]
      verbs: ["get", "create", "update", "patch"]
kube-system, secrets-store-csi-driver-upgrade-crds, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
  # Source: secrets-store-csi-driver/templates/crds-upgrade-hook.yaml
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    name: secrets-store-csi-driver-upgrade-crds
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
    annotations:
      helm.sh/hook: pre-install,pre-upgrade
      helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
      helm.sh/hook-weight: "1"
  subjects:
    - kind: ServiceAccount
      name: secrets-store-csi-driver-upgrade-crds
      namespace: kube-system
  roleRef:
    kind: ClusterRole
    name: secrets-store-csi-driver-upgrade-crds
    apiGroup: rbac.authorization.k8s.io
kube-system, secrets-store-csi-driver-upgrade-crds, Job (batch) has changed:
  # Source: secrets-store-csi-driver/templates/crds-upgrade-hook.yaml
  apiVersion: batch/v1
  kind: Job
  metadata:
    name: secrets-store-csi-driver-upgrade-crds
    namespace: kube-system
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
    annotations:
      helm.sh/hook: pre-install,pre-upgrade
      helm.sh/hook-weight: "10"
      helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
  spec:
    backoffLimit: 3
    template:
      metadata:
        name: secrets-store-csi-driver-upgrade-crds
      spec:
        serviceAccountName: secrets-store-csi-driver-upgrade-crds
        restartPolicy: Never
        containers:
        - name: crds-upgrade
-         image: "registry.k8s.io/csi-secrets-store/driver-crds:v1.4.1"
+         image: "registry.k8s.io/csi-secrets-store/driver-crds:v1.4.6"
          args:
          - apply
          - -f
          - crds/
          imagePullPolicy: IfNotPresent
        nodeSelector:
          kubernetes.io/os: linux
        tolerations:
          - operator: Exists
kube-system, secrets-store-csi-driver-upgrade-crds, ServiceAccount (v1) has changed:
  apiVersion: v1
  kind: ServiceAccount
  metadata:
    name: secrets-store-csi-driver-upgrade-crds
    namespace: kube-system
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
    annotations:
      helm.sh/hook: pre-install,pre-upgrade
      helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
      helm.sh/hook-weight: "1"
kube-system, secrets-store.csi.k8s.io, CSIDriver (storage.k8s.io) has changed:
  # Source: secrets-store-csi-driver/templates/csidriver.yaml
  apiVersion: storage.k8s.io/v1
  kind: CSIDriver
  metadata:
    name: secrets-store.csi.k8s.io
    labels:
      app.kubernetes.io/instance: "secrets-store-csi-driver"
      app.kubernetes.io/managed-by: "Helm"
      app.kubernetes.io/name: "secrets-store-csi-driver"
-     app.kubernetes.io/version: "1.4.1"
+     app.kubernetes.io/version: "1.4.6"
      app: secrets-store-csi-driver
-     helm.sh/chart: "secrets-store-csi-driver-1.4.1"
+     helm.sh/chart: "secrets-store-csi-driver-1.4.6"
  spec:
    podInfoOnMount: true
    attachRequired: false
    # Added in Kubernetes 1.16 with default mode of Persistent. Secrets store csi driver needs Ephermeral to be set.
    volumeLifecycleModes: 
    - Ephemeral

Comparing release=aws-secrets-provider, chart=aws-secrets-manager/secrets-store-csi-driver-provider-aws
kube-system, aws-secrets-provider-secrets-store-csi-driver-provider-aws, DaemonSet (apps) has changed:
  # Source: secrets-store-csi-driver-provider-aws/templates/daemonset.yaml
  apiVersion: apps/v1
  kind: DaemonSet
  metadata:
    namespace: kube-system
    name: aws-secrets-provider-secrets-store-csi-driver-provider-aws
    labels:
-     helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.5
+     helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.10
      app.kubernetes.io/name: secrets-store-csi-driver-provider-aws
      app.kubernetes.io/instance: aws-secrets-provider
      app.kubernetes.io/managed-by: Helm
      app: secrets-store-csi-driver-provider-aws
  spec:
    updateStrategy:
      type: RollingUpdate
    selector:
      matchLabels:
        app: secrets-store-csi-driver-provider-aws
    template:
      metadata:
        labels:
-         helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.5
+         helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.10
          app.kubernetes.io/name: secrets-store-csi-driver-provider-aws
          app.kubernetes.io/instance: aws-secrets-provider
          app.kubernetes.io/managed-by: Helm
          app: secrets-store-csi-driver-provider-aws
      spec:
        serviceAccountName: aws-secrets-provider-secrets-store-csi-driver-provider-aws
        hostNetwork: false
        containers:
          - name: provider-aws-installer
-           image: public.ecr.aws/aws-secrets-manager/secrets-store-csi-driver-provider-aws:1.0.r2-56-g41fa54f-2023.11.15.21.38
+           image: public.ecr.aws/aws-secrets-manager/secrets-store-csi-driver-provider-aws:1.0.r2-75-g1f97be0-2024.10.17.19.45
            imagePullPolicy: IfNotPresent
            args:
              - --provider-volume=/etc/kubernetes/secrets-store-csi-providers
            resources:
              limits:
                cpu: 50m
                memory: 100Mi
              requests:
                cpu: 50m
                memory: 100Mi
            securityContext:
              allowPrivilegeEscalation: false
              privileged: false
            volumeMounts:
              - mountPath: /etc/kubernetes/secrets-store-csi-providers
                name: providervol
              - name: mountpoint-dir
                mountPath: /var/lib/kubelet/pods
                mountPropagation: HostToContainer
        volumes:
          - name: providervol
            hostPath:
              path: /etc/kubernetes/secrets-store-csi-providers
          - name: mountpoint-dir
            hostPath:
              path: /var/lib/kubelet/pods
              type: DirectoryOrCreate
        priorityClassName: "high-priority"
        nodeSelector:
          kubernetes.io/os: linux
kube-system, aws-secrets-provider-secrets-store-csi-driver-provider-aws, ServiceAccount (v1) has changed:
  # Source: secrets-store-csi-driver-provider-aws/templates/rbac.yaml
  apiVersion: v1
  kind: ServiceAccount
  metadata:
    name: aws-secrets-provider-secrets-store-csi-driver-provider-aws
    namespace: kube-system
    labels:
-     helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.5
+     helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.10
      app.kubernetes.io/name: secrets-store-csi-driver-provider-aws
      app.kubernetes.io/instance: aws-secrets-provider
      app.kubernetes.io/managed-by: Helm
      app: secrets-store-csi-driver-provider-aws
kube-system, aws-secrets-provider-secrets-store-csi-driver-provider-aws-cluster-role, ClusterRole (rbac.authorization.k8s.io) has changed:
  # Source: secrets-store-csi-driver-provider-aws/templates/rbac.yaml
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    name: aws-secrets-provider-secrets-store-csi-driver-provider-aws-cluster-role
    labels:
-     helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.5
+     helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.10
      app.kubernetes.io/name: secrets-store-csi-driver-provider-aws
      app.kubernetes.io/instance: aws-secrets-provider
      app.kubernetes.io/managed-by: Helm
      app: secrets-store-csi-driver-provider-aws
  rules:
    - apiGroups: [""]
      resources: ["serviceaccounts/token"]
      verbs: ["create"]
    - apiGroups: [""]
      resources: ["serviceaccounts"]
      verbs: ["get"]
    - apiGroups: [""]
      resources: ["pods"]
      verbs: ["get"]
    - apiGroups: [""]
      resources: ["nodes"]
      verbs: ["get"]
kube-system, aws-secrets-provider-secrets-store-csi-driver-provider-aws-cluster-role-binding, ClusterRoleBinding (rbac.authorization.k8s.io) has changed:
  # Source: secrets-store-csi-driver-provider-aws/templates/rbac.yaml
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    name: aws-secrets-provider-secrets-store-csi-driver-provider-aws-cluster-role-binding
    labels:
-     helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.5
+     helm.sh/chart: secrets-store-csi-driver-provider-aws-0.3.10
      app.kubernetes.io/name: secrets-store-csi-driver-provider-aws
      app.kubernetes.io/instance: aws-secrets-provider
      app.kubernetes.io/managed-by: Helm
      app: secrets-store-csi-driver-provider-aws
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: aws-secrets-provider-secrets-store-csi-driver-provider-aws-cluster-role
  subjects:
    - kind: ServiceAccount
      name: aws-secrets-provider-secrets-store-csi-driver-provider-aws
      namespace: kube-system

Comparing release=kube-state-metrics, chart=prometheus-community/kube-state-metrics
Comparing release=blazer, chart=stakater/application
tools, blazer, Deployment (apps) has changed:
  # Source: application/templates/deployment.yaml
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    labels:
-     helm.sh/chart: application-2.3.2
+     helm.sh/chart: application-2.3.4
      app.kubernetes.io/version: "bootstrap"
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/part-of: blazer
    annotations: 
      reloader.stakater.com/auto: "true"
    name: blazer
    namespace: tools
  spec:
    replicas: 1
    selector:
      matchLabels:
        app.kubernetes.io/name: blazer
    strategy:
      type: RollingUpdate
    revisionHistoryLimit: 2
    template:
      metadata:
        labels:
          app.kubernetes.io/name: blazer
      spec:
        initContainers:
        - name: migrate
          command:
          - rails
          - db:migrate
          env:
          - name: DATABASE_URL
            valueFrom:
              secretKeyRef:
                key: DATABASE_URL
                name: blazer
          - name: BLAZER_DATABASE_URL
            valueFrom:
              secretKeyRef:
                key: BLAZER_DATABASE_URL
                name: blazer
          image: ankane/blazer
          imagePullPolicy: IfNotPresent
          volumeMounts:
          - mountPath: /mnt/secrets-store
            name: secrets-store-inline
            readOnly: true
          volumes:
          - csi:
              driver: secrets-store.csi.k8s.io
              readOnly: true
              volumeAttributes:
                secretProviderClass: blazer-secrets
            name: secrets-store-inline
        containers:
        - name: blazer
          image: 239043911459.dkr.ecr.ca-central-1.amazonaws.com/database-tools/blazer:bootstrap

          imagePullPolicy: IfNotPresent
          env:
          - name: BLAZER_DATABASE_URL
            valueFrom:
              secretKeyRef:
                key: BLAZER_DATABASE_URL
                name: blazer
          - name: DATABASE_URL
            valueFrom:
              secretKeyRef:
                key: DATABASE_URL
                name: blazer
          - name: GOOGLE_OAUTH_CLIENT_ID
            valueFrom:
              secretKeyRef:
                key: GOOGLE_OAUTH_CLIENT_ID
                name: blazer
          - name: GOOGLE_OAUTH_CLIENT_SECRET
            valueFrom:
              secretKeyRef:
                key: GOOGLE_OAUTH_CLIENT_SECRET
                name: blazer
          - name: LOG_LEVEL
            value: info
          - name: NOTIFY_URL
            value: staging.notification.cdssandbox.xyz 
          volumeMounts:
          - name: 0
            mountPath: /mnt/secrets-store
            name: secrets-store-inline
            readOnly: true
          resources:
            limits:
              cpu: 1
              memory: 1024Mi
            requests:
              cpu: 0.1
              memory: 128Mi
          securityContext:
            readOnlyRootFilesystem: true
            runAsNonRoot: false 
        volumes:
        - name: 0
          csi:
            driver: secrets-store.csi.k8s.io
            readOnly: true
            volumeAttributes:
              secretProviderClass: blazer-secrets
          name: secrets-store-inline
        serviceAccountName: blazer
        terminationGracePeriodSeconds:
tools, blazer, Ingress (networking.k8s.io) has changed:
  # Source: application/templates/ingress.yaml
  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: blazer
    namespace: tools
    labels:
-     helm.sh/chart: application-2.3.2
+     helm.sh/chart: application-2.3.4
      app.kubernetes.io/version: "bootstrap"
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/part-of: blazer
  spec:
    ingressClassName: nginx
    rules:
      - host: blazer.staging.notification.internal.com
        http:
          paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: blazer
                port:
                  name: http
tools, blazer, Service (v1) has changed:
  # Source: application/templates/service.yaml
  apiVersion: v1
  kind: Service
  metadata:
    name: blazer
    namespace: tools
    labels:
-     helm.sh/chart: application-2.3.2
+     helm.sh/chart: application-2.3.4
      app.kubernetes.io/version: "bootstrap"
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/part-of: blazer
  spec:
    type: ClusterIP
    selector:
      app.kubernetes.io/name: blazer
    ports:
      - name: http
        port: 8080
        protocol: TCP
        targetPort: 8080
tools, blazer, ServiceAccount (v1) has changed:
  # Source: application/templates/serviceaccount.yaml
  apiVersion: v1
  kind: ServiceAccount
  metadata:
    name: blazer
    namespace: tools
    labels:
-     helm.sh/chart: application-2.3.2
+     helm.sh/chart: application-2.3.4
      app.kubernetes.io/version: "bootstrap"
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/part-of: blazer
    annotations:
      eks.amazonaws.com/role-arn: arn:aws:iam::239043911459:role/secrets-csi-role-blazer
tools, blazer-secrets, SecretProviderClass (secrets-store.csi.x-k8s.io) has changed:
  # Source: application/templates/secretproviderclass.yaml
  apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
  kind: SecretProviderClass
  metadata:
    name: blazer-secrets
    namespace: tools
    labels:
-     helm.sh/chart: application-2.3.2
+     helm.sh/chart: application-2.3.4
      app.kubernetes.io/version: "bootstrap"
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/part-of: blazer  
  spec:
    provider: aws
    parameters:
      roleName: 
      objects:
          |
        - objectName: sqlalchemy_database_reader_uri
          objectType: "ssmparameter"
        - objectName: BLAZER_DATABASE_URL
          objectType: "ssmparameter"
        - objectName: notify_o11y_google_oauth_client_id
          objectType: "ssmparameter"
        - objectName: notify_o11y_google_oauth_client_secret
          objectType: "ssmparameter"
    secretObjects:
      - data:
          - key: BLAZER_DATABASE_URL
            objectName: sqlalchemy_database_reader_uri
          - key: DATABASE_URL
            objectName: BLAZER_DATABASE_URL
          - key: GOOGLE_OAUTH_CLIENT_ID
            objectName: notify_o11y_google_oauth_client_id
          - key: GOOGLE_OAUTH_CLIENT_SECRET
            objectName: notify_o11y_google_oauth_client_secret  
        secretName: blazer
        type: Opaque

Comparing release=ingress, chart=charts/nginx-ingress
Comparing release=xray-daemon, chart=okgolove/aws-xray

@renovate renovate bot force-pushed the renovate/all-patch branch 10 times, most recently from cca9e30 to 8a3ba9a Compare February 19, 2024 16:50
@renovate renovate bot force-pushed the renovate/all-patch branch 12 times, most recently from 2b3033e to c94bf34 Compare February 26, 2024 16:22
@renovate renovate bot force-pushed the renovate/all-patch branch 4 times, most recently from 8025950 to 938dcd0 Compare March 4, 2024 16:54
@renovate renovate bot force-pushed the renovate/all-patch branch 8 times, most recently from 7acd225 to 97744fa Compare November 4, 2024 16:32
@renovate renovate bot force-pushed the renovate/all-patch branch 9 times, most recently from 597ca6a to f856367 Compare November 12, 2024 16:26
@renovate renovate bot force-pushed the renovate/all-patch branch 11 times, most recently from c403b2a to 1becf91 Compare November 14, 2024 19:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants