Skip to content

Commit

Permalink
Merge pull request #54 from lijiuxing1/feature/oos-secret-parameter
Browse files Browse the repository at this point in the history 
support synchronization Alibaba Cloud OOS encrypted parameter
  • Loading branch information
@DahuK
DahuK authored Nov 28, 2024
2 parents af87c76 + afa8f3c commit 1079c02
Show file tree
Hide file tree
Showing 18 changed files with 661 additions and 285 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.16.12 as builder
FROM golang:1.23.1 as builder
ENV GO111MODULE off
WORKDIR /go/src/github.com/AliyunContainerService/secrets-store-csi-driver-provider-alibaba-cloud
COPY . .
Expand Down
228 changes: 137 additions & 91 deletions README.md
View file

Large diffs are not rendered by default.

Binary file added charts/csi-secrets-store-provider-alibabacloud-0.3.0.tgz
View file
Binary file not shown.
19 changes: 12 additions & 7 deletions charts/csi-secrets-store-provider-alibabacloud/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,19 @@
apiVersion: v1
name: csi-secrets-store-provider-alibabacloud
version: 0.2.0
appVersion: 0.2.0
version: 0.3.0
appVersion: 0.3.0
kubeVersion: ">=1.16.0-0"
description: A Helm chart to install the Secrets Store CSI Driver and the Alibaba Cloud KMS Secret Manager Provider inside a Kubernetes cluster.
description: A Helm chart to install the Secrets Store CSI Driver, the Alibaba Cloud KMS Secret Manager and OOS Eencrypted Parameter Provider inside a Kubernetes cluster.
sources:
- https://github.com/AliyunContainerService/secrets-store-csi-driver-provider-alibabacloud
home: https://github.com/AliyunContainerService/secrets-store-csi-driver-provider-alibabacloud
keywords:
- releaseName:csi-secrets-store-provider-alibabacloud
- arch:amd64
- namespace:kube-system
- supportType:ExternalKubernetes,Kubernetes,ManagedKubernetes
dependencies:
- name: secrets-store-csi-driver
repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
version: 1.3.4
condition: secrets-store-csi-driver.install
- name: secrets-store-csi-driver
repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
version: 1.4.6
condition: secrets-store-csi-driver.install
226 changes: 135 additions & 91 deletions charts/csi-secrets-store-provider-alibabacloud/README.md
View file

Large diffs are not rendered by default.

Binary file removed charts/csi-secrets-store-provider-alibabacloud/charts/secrets-store-csi-driver-1.3.3.tgz
View file
Binary file not shown.
Binary file added charts/csi-secrets-store-provider-alibabacloud/charts/secrets-store-csi-driver-1.4.6.tgz
View file
Binary file not shown.
6 changes: 3 additions & 3 deletions charts/csi-secrets-store-provider-alibabacloud/requirements.lock
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
dependencies:
- name: secrets-store-csi-driver
repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
version: 1.1.2
digest: sha256:543dde1cbada9fd6b4851ae330a536d65e0041c966188d70db27bb7eecbbcbc1
generated: "2022-09-29T11:11:26.118364+08:00"
version: 1.4.6
digest: sha256:4cca22eafe8fdf6595262f23d7a7b0fef387973298772dc51c618a064c1b0a5e
generated: "2024-11-27T16:22:06.8520173+08:00"
40 changes: 22 additions & 18 deletions charts/csi-secrets-store-provider-alibabacloud/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,16 @@
nameOverride: ""
fullnameOverride: ""

# One or more secrets to be used when pulling images
imagePullSecrets: []
# - name: myRegistryKeySecretName

# log level. Uses V logs (klog)
logVerbosity: 0

regionId: __ACK_REGION_ID__

linux:
image:
repository: registry.cn-hangzhou.aliyuncs.com/acs/secrets-store-csi-driver-provider-alibaba-cloud
tag: v0.1.0
repository: registry.__ACK_REGION_ID__.aliyuncs.com/acs/secrets-store-csi-driver-provider-alibaba-cloud
tag: v0.3.0
pullPolicy: Always
nodeSelector: {}
tolerations: []
Expand Down Expand Up @@ -40,11 +39,11 @@ linux:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: type
operator: NotIn
values:
- virtual-kubelet
- matchExpressions:
- key: type
operator: NotIn
values:
- virtual-kubelet

## Configuration values for the secrets-store-csi-driver dependency.
## ref: https://github.com/kubernetes-sigs/secrets-store-csi-driver/tree/master/charts/secrets-store-csi-driver/README.md
Expand All @@ -59,24 +58,29 @@ secrets-store-csi-driver:
kubeletRootDir: /var/lib/kubelet
metricsAddr: ":8080"
image:
repository: registry.cn-hangzhou.aliyuncs.com/acs/csi-secrets-store-driver
tag: v1.3.4
repository: registry.__ACK_REGION_ID__.aliyuncs.com/acs/csi-secrets-store-driver
tag: v1.4.6
pullPolicy: Always
providersDir: /var/run/secrets-store-csi-providers
registrarImage:
repository: registry.cn-hangzhou.aliyuncs.com/acs/csi-node-driver-registrar
tag: v2.8.0
repository: registry.__ACK_REGION_ID__.aliyuncs.com/acs/csi-node-driver-registrar
tag: v2.11.1
pullPolicy: Always
livenessProbeImage:
repository: registry.cn-hangzhou.aliyuncs.com/acs/csi-secrets-store-livenessprobe
tag: v2.10.0
repository: registry.__ACK_REGION_ID__.aliyuncs.com/acs/csi-secrets-store-livenessprobe
tag: v2.13.1
pullPolicy: Always
crds:
image:
repository: registry.__ACK_REGION_ID__.aliyuncs.com/acs/csi-secrets-store-driver-crds
tag: v1.4.6
pullPolicy: Always

enableSecretRotation: false
rotationPollInterval: 2m
# Refer to https://secrets-store-csi-driver.sigs.k8s.io/load-tests.html for more details on actions to take before enabling this feature
filteredWatchSecret: true

syncSecret:
enabled: false

Expand Down Expand Up @@ -106,4 +110,4 @@ rrsa:

## Install default service account
rbac:
install: true
install: true
26 changes: 23 additions & 3 deletions charts/index.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,29 @@
apiVersion: v1
entries:
csi-secrets-store-provider-alibabacloud:
- apiVersion: v1
appVersion: 0.3.0
created: "2024-11-27T16:28:49.3196364+08:00"
description: A Helm chart to install the Secrets Store CSI Driver, the Alibaba
Cloud KMS Secret Manager and OOS Eencrypted Parameter Provider inside a Kubernetes
cluster.
digest: 52ff9d0209df271bd5a261ac0a81c6a7086a51b6a98499913ef9d258a27560c4
home: https://raw.githubusercontent.com/AliyunContainerService/secrets-store-csi-driver-provider-alibaba-cloud/charts
keywords:
- releaseName:csi-secrets-store-provider-alibabacloud
- arch:amd64
- namespace:kube-system
- supportType:ExternalKubernetes,Kubernetes,ManagedKubernetes
kubeVersion: '>=1.16.0-0'
name: csi-secrets-store-provider-alibabacloud
sources:
- https://github.com/AliyunContainerService/secrets-store-csi-driver-provider-alibaba-cloud
urls:
- https://raw.githubusercontent.com/AliyunContainerService/secrets-store-csi-driver-provider-alibaba-cloud/main/charts/csi-secrets-store-provider-alibabacloud-0.3.0.tgz
version: 0.3.0
- apiVersion: v1
appVersion: 0.2.0
created: "2023-06-19T15:59:18.815766+08:00"
created: "2024-11-27T16:28:49.3175869+08:00"
description: A Helm chart to install the Secrets Store CSI Driver and the Alibaba
Cloud KMS Secret Manager Provider inside a Kubernetes cluster.
digest: 9d26d57d2e551be3ef0c15efcf22e01cad45f6011f970f624ae78c9c1d9a9382
Expand All @@ -17,7 +37,7 @@ entries:
version: 0.2.0
- apiVersion: v1
appVersion: 0.1.0
created: "2023-06-19T15:59:18.811955+08:00"
created: "2024-11-27T16:28:49.315417+08:00"
description: A Helm chart to install the Secrets Store CSI Driver and the Alibaba
Cloud KMS Secret Manager Provider inside a Kubernetes cluster.
digest: 94b65d1ede3dc3143d8385ad76446a8140fd50dc0cf8ce85e088aa2c14e83302
Expand All @@ -29,4 +49,4 @@ entries:
urls:
- https://raw.githubusercontent.com/AliyunContainerService/secrets-store-csi-driver-provider-alibaba-cloud/main/charts/csi-secrets-store-provider-alibabacloud-0.1.0.tgz
version: 0.1.0
generated: "2023-06-19T15:59:18.810129+08:00"
generated: "2024-11-27T16:28:49.3137425+08:00"
9 changes: 6 additions & 3 deletions examples/secretproviderclass.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,13 @@
apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: test-secrets
namespace: kube-system
spec:
provider: alibabacloud # please using fixed value 'alibabacloud'
provider: alibabacloud # please using fixed value 'alibabacloud'
parameters:
objects: |
- objectName: "test"
- objectName: "test-kms"
objectType: "kms"
- objectName: "test-oos"
objectType: "oos" # support kms and oos, default is kms
49 changes: 42 additions & 7 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,59 @@
module github.com/AliyunContainerService/secrets-store-csi-driver-provider-alibaba-cloud

go 1.16
go 1.18

require (
github.com/AliyunContainerService/ack-secret-manager v0.0.0-20220112125214-d31312f5d710
github.com/alibabacloud-go/darabonba-openapi v0.1.7
github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9
github.com/alibabacloud-go/kms-20160120/v2 v2.0.0
github.com/alibabacloud-go/sts-20150401 v1.1.0 // indirect
github.com/alibabacloud-go/tea v1.1.15
github.com/alibabacloud-go/oos-20190601/v4 v4.2.2
github.com/alibabacloud-go/tea v1.2.2
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1473
github.com/aliyun/credentials-go v1.2.2
github.com/aliyun/credentials-go v1.3.1
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af
github.com/pkg/errors v0.9.1
golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e
google.golang.org/grpc v1.29.1
k8s.io/api v0.20.2 // indirect
k8s.io/apimachinery v0.20.2 // indirect
k8s.io/client-go v12.0.0+incompatible // indirect
k8s.io/klog/v2 v2.8.0
sigs.k8s.io/secrets-store-csi-driver v0.0.22
sigs.k8s.io/yaml v1.2.0
)

require (
github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect
github.com/alibabacloud-go/debug v1.0.0 // indirect
github.com/alibabacloud-go/endpoint-util v1.1.0 // indirect
github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
github.com/alibabacloud-go/tea-utils v1.3.9 // indirect
github.com/alibabacloud-go/tea-utils/v2 v2.0.6 // indirect
github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
github.com/clbanning/mxj/v2 v2.5.5 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/go-logr/logr v0.4.0 // indirect
github.com/gogo/protobuf v1.3.1 // indirect
github.com/golang/protobuf v1.4.3 // indirect
github.com/google/gofuzz v1.1.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/tjfoc/gmsm v1.3.2 // indirect
golang.org/x/crypto v0.18.0 // indirect
golang.org/x/net v0.20.0 // indirect
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect
golang.org/x/sys v0.16.0 // indirect
golang.org/x/term v0.16.0 // indirect
golang.org/x/text v0.14.0 // indirect
google.golang.org/appengine v1.6.6 // indirect
google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a // indirect
google.golang.org/protobuf v1.25.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.66.2 // indirect
gopkg.in/yaml.v2 v2.3.0 // indirect
k8s.io/apimachinery v0.20.2 // indirect
k8s.io/client-go v12.0.0+incompatible // indirect
k8s.io/utils v0.0.0-20210111153108-fddb29f9d009 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.0.2 // indirect
)

replace k8s.io/client-go => k8s.io/client-go v0.20.2
Loading

0 comments on commit 1079c02

Please sign in to comment.