diff --git a/.github/workflows/build-n-push.yaml b/.github/workflows/build-n-push.yaml
new file mode 100644
index 00000000..f2369973
--- /dev/null
+++ b/.github/workflows/build-n-push.yaml
@@ -0,0 +1,49 @@
+name: BuildnPush
+
+on:
+ workflow_call:
+ inputs:
+ IMAGE_REGISTRY:
+ required: true
+ type: string
+ outputs:
+ IMAGE_PATH:
+ description: "Image Path"
+ value: ${{ jobs.image-build-n-push.outputs.IMAGE_PATH }}
+
+jobs:
+ unit-tests:
+ uses: ./.github/workflows/unit-tests.yaml
+ image-build-n-push:
+ needs: [unit-tests]
+ runs-on: ubuntu-latest
+ name: Builds container image and pushes to registry
+ env:
+ IMAGE_REGISTRY: ${{ inputs.IMAGE_REGISTRY }}
+ outputs:
+ IMAGE_PATH: ${{ steps.print-docker-image-path.outputs.IMAGE_PATH }}
+ steps:
+
+ - name: Checkout
+ uses: actions/checkout@v3.3.0
+
+ - name: Set up QEMU
+ uses: docker/setup-qemu-action@v2
+ with:
+ platforms: amd64
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v2
+
+ - name: Log into GitHub Container Registry
+ run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${GITHUB_ACTOR,,} --password-stdin
+
+ - name: Build Image
+ run: IMAGE_REGISTRY="${{ env.IMAGE_REGISTRY }}" make docker-build
+
+ - name: Push Image
+ run: IMAGE_REGISTRY="${{ env.IMAGE_REGISTRY }}" make docker-push
+
+ - name: Print Image Path
+ id: print-docker-image-path
+ run: echo IMAGE_PATH=`IMAGE_REGISTRY="${{ env.IMAGE_REGISTRY }}" make print-docker-image-path` >> $GITHUB_OUTPUT
\ No newline at end of file
diff --git a/.github/workflows/e2e-tests.yaml b/.github/workflows/e2e-tests.yaml
new file mode 100644
index 00000000..b7b56b0f
--- /dev/null
+++ b/.github/workflows/e2e-tests.yaml
@@ -0,0 +1,292 @@
+name: E2E Tests
+
+on:
+ pull_request: {}
+ # workflow_run:
+ # workflows: ["BuildnPush"]
+ # types:
+ # - completed
+concurrency: dev_environment
+
+env:
+ OCI_CLI_USER: ${{ secrets.OCI_CLI_USER }}
+ OCI_CLI_TENANCY: ${{ secrets.OCI_CLI_TENANCY }}
+ OCI_CLI_FINGERPRINT: ${{ secrets.OCI_CLI_FINGERPRINT }}
+ OCI_CLI_KEY_CONTENT: ${{ secrets.OCI_CLI_KEY_CONTENT }}
+ OCI_CLI_REGION: ${{ secrets.OCI_CLI_REGION }}
+
+ # OCI_CLUSTER_ID: ${{ vars.CLUSTER_ID }}
+ # OCI_VAULT_ID: ${{ vars.VAULT_ID }}
+ OCI_VAULT_SECRET_VALUE: ${{ vars.VAULT_SECRET_VALUE }}
+# OCI_DEBUG: "--debug"
+
+jobs:
+ build:
+ uses: ./.github/workflows/build-n-push.yaml
+ with:
+ IMAGE_REGISTRY: ${{ vars.IMAGE_REGISTRY }}
+ secrets: inherit
+ setup-vault:
+ runs-on: ubuntu-latest
+ name: Setup Vault and secrets
+ needs: [ build ]
+ env:
+ OCI_VAULT_ID: ${{ vars.VAULT_ID }}
+ OCI_VAULT_KEY_ID: ${{ vars.VAULT_KEY_ID }}
+ outputs:
+ OCI_VAULT_ID: ${{ env.OCI_VAULT_ID }}
+ OCI_VAULT_KEY_ID: ${{ env.OCI_VAULT_KEY_ID }}
+ VAULT_SECRET_NAME: ${{ vars.SECRET_NAME_PREFIX }}-${{ env.OCI_RANDOM }}
+ VAULT_SECRET_OCID: ${{ steps.extract-secret-ocid.outputs.VAULT_SECRET_OCID }}
+ steps:
+ - name: create env with random
+ id: gen-random
+ run: echo "OCI_RANDOM=${RANDOM}" >> $GITHUB_ENV
+
+ - name: Create vault if doesn't exist
+ if: ${{ vars.USE_EXISTING_VAULT != 'true' }}
+ uses: oracle-actions/run-oci-cli-command@v1.1
+ id: create-vault
+ with:
+ silent: false
+ command: "kms management vault create --compartment-id ${{ vars.COMPARTMENT_ID }} --display-name ${{ vars.VAULT_NAME_PREFIX }}-${{ env.OCI_RANDOM }} --vault-type default"
+ query: "data.id"
+
+ - name: get vault from previous output
+ if: ${{ vars.USE_EXISTING_VAULT != 'true' }}
+ run: echo "OCI_VAULT_ID=${{ steps.create-vault.outputs.raw_output }}" >> $GITHUB_ENV
+
+ - name: create key if doesn't exist
+ if: ${{ vars.USE_EXISTING_VAULT != 'true' }}
+ uses: oracle-actions/run-oci-cli-command@v1.1
+ id: create-vault-key
+ with:
+ silent: false
+ command: "kms management key create --endpoint ${{ vars.VAULT_MGMT_ENDPOINT }} --compartment-id ${{ vars.COMPARTMENT_ID }} --display-name key-${RANDOM} --key-shape '{ \"algorithm\" : \"AES\", \"length\" : 32 }'"
+ query: "data.id"
+
+ - name: create env for key id from create-vault-key output
+ if: ${{ vars.USE_EXISTING_VAULT != 'true' }}
+ run: echo "OCI_VAULT_KEY_ID=${{ steps.create-vault-key.outputs.raw_output }}" >> $GITHUB_ENV
+
+ - name: create secret in vault
+ uses: oracle-actions/run-oci-cli-command@v1.1
+ id: create-secret
+ with:
+ silent: false
+ command: vault secret create-base64 --compartment-id ${{ vars.COMPARTMENT_ID }} --vault-id ${{ env.OCI_VAULT_ID }} --key-id ${{ env.OCI_VAULT_KEY_ID }} --secret-name ${{ vars.SECRET_NAME_PREFIX }}-${{ env.OCI_RANDOM }} --secret-content-content ${{ env.OCI_VAULT_SECRET_VALUE }}"
+# query: "data.id"
+
+ - name: extract secret id
+ id: extract-secret-ocid
+ run: echo VAULT_SECRET_OCID=`echo ${{ steps.create-secret.outputs.output }} | jq -r ".data.id"` >> $GITHUB_OUTPUT
+
+ setup-cluster:
+ runs-on: ubuntu-latest
+ name: Setup Cluster
+ needs: [ build ]
+ env:
+ OCI_CLUSTER_ID: ${{ vars.CLUSTER_ID }}
+ outputs:
+ OCI_CLUSTER_ID: ${{ steps.print-cluster-id.outputs.clusterId }}
+ steps:
+ # - name: create vcn if doesn't exist
+ # - name: get vcn id from previous output or existing var
+ # - name: create cluster
+ # if: ${{ vars.USE_EXISTING_CLUSTER != 'true' }}
+ # uses: oracle-actions/run-oci-cli-command@v1.1
+ # id: create-cluster
+ # with:
+ # silent: false
+ # command: "ce cluster create --compartment-id ${{ vars.COMPARTMENT_ID }}
+ # --vcn-id ${{ vars.VCN_ID }} --kubernetes-version ${{ vars.K8S_VERSION }}
+ # --wait-for-state succeeded"
+ # query: "data.secret-name"
+
+ # - name: create env for key id from create-vault-key output
+ # if: ${{ vars.USE_EXISTING_CLUSTER != 'true' }}
+ # run: echo "OCI_CLUSTER_ID=${{ steps.create-cluster.outputs.raw_output }}" >> $GITHUB_ENV
+
+ # - name: create nodepool
+ # if: ${{ vars.USE_EXISTING_CLUSTER != 'true' }}
+
+ # - name: get kubeconfig
+ # uses: oracle-actions/run-oci-cli-command@v1.1
+ # id: get-kube-config
+ # with:
+ # silent: false
+ # command: "ce cluster create-kubeconfig --cluster-id ${{ env.OCI_CLUSTER_ID }} --file $HOME/.kube/config --region ${{ env.OCI_CLI_REGION }} --token-version 2.0.0 --kube-endpoint PUBLIC_ENDPOINT"
+
+ - name: print cluster id from vars
+ id: print-cluster-id
+ run: echo "clusterId=${{ env.OCI_CLUSTER_ID }}" >> $GITHUB_OUTPUT
+
+ deploy-provider:
+ runs-on: ubuntu-latest
+ name: Deploy Provider
+ needs: [ setup-vault , setup-cluster , build ]
+ env:
+ OCI_VAULT_ID: ${{ needs.setup-vault.outputs.OCI_VAULT_ID }}
+ OCI_VAULT_SECRET_NAME: ${{ needs.setup-vault.outputs.VAULT_SECRET_NAME }}
+ OCI_VAULT_SECRET_OCID: ${{ needs.setup-vault.outputs.VAULT_SECRET_OCID }}
+ OCI_VAULT_SECRET_OCID_1: ${{ needs.setup-vault.outputs.VAULT_SECRET_OCID_1 }}
+ OCI_CLUSTER_ID: ${{ needs.setup-cluster.outputs.OCI_CLUSTER_ID }}
+ PROVIDER_NAMESPACE: ${{ vars.PROVIDER_NAMESPACE }}
+ IMAGE_PATH : ${{ needs.build.outputs.IMAGE_PATH }}
+ outputs:
+ OCI_VAULT_SECRET_NAME: ${{ needs.setup-vault.outputs.VAULT_SECRET_NAME }}
+ OCI_VAULT_SECRET_OCID: ${{ needs.setup-vault.outputs.VAULT_SECRET_OCID }}
+ OCI_CLUSTER_ID: ${{ needs.setup-cluster.outputs.OCI_CLUSTER_ID }}
+ steps:
+ - name: Configure Kubectl
+ uses: oracle-actions/configure-kubectl-oke@v1.3.1
+ id: test-configure-kubectl-oke-action
+ with:
+ cluster: ${{ env.OCI_CLUSTER_ID }}
+
+ - name: test cluster access
+ run: kubectl get nodes -A
+
+ - name: create namespace in the cluster
+ continue-on-error: true
+ run: kubectl create namespace ${{ env.PROVIDER_NAMESPACE }}
+
+ # - name: Install Helm
+ # uses: azure/setup-helm@v3
+
+ - name: Checkout
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+
+ - name: split image path into repo and tag
+ id: split-image-path
+ run: |
+ echo PROVIDER_IMAGE_REPO=`echo ${{ env.IMAGE_PATH }} | sed -e "s/:.*$//"` >> $GITHUB_OUTPUT
+ echo PROVIDER_IMAGE_TAG=`echo ${{ env.IMAGE_PATH }} | sed -e "s/.*://"` >> $GITHUB_OUTPUT
+
+ - name: print image values
+ run: |
+ echo ${{ steps.split-image-path.outputs.PROVIDER_IMAGE_REPO }}
+ echo ${{ steps.split-image-path.outputs.PROVIDER_IMAGE_TAG }}
+
+ - name: Deploy Helm chart
+ run: |
+ helm upgrade --install oci-provider charts/oci-secrets-store-csi-driver-provider \
+ --namespace ${{ env.PROVIDER_NAMESPACE }} \
+ --set "provider.image.repository=${{ steps.split-image-path.outputs.PROVIDER_IMAGE_REPO }},provider.image.tag=${{ steps.split-image-path.outputs.PROVIDER_IMAGE_TAG }}"
+
+ - name: list pods
+ run: |
+ kubectl get daemonset --namespace oci-provider \
+ --selector='app.kubernetes.io/name in (oci-secrets-store-csi-driver-provider, secrets-store-csi-driver)'
+
+ - name: update auth file with correct values
+ run: |
+ sed -e 's/region:.*/region: ${{ env.OCI_CLI_REGION }}/' \
+ -e 's/tenancy:.*/tenancy: ${{ env.OCI_CLI_TENANCY }}/' \
+ -e 's/user:.*/user: ${{ env.OCI_CLI_USER }}/' \
+ -e 's/fingerprint:.*/fingerprint: ${{ env.OCI_CLI_FINGERPRINT }}/' e2e/example/user-auth-config-example.yaml > e2e/example/user-auth-config-example.yaml.tmp
+
+ # - name: print updated yaml file
+ # run: cat e2e/example/user-auth-config-example.yaml.tmp
+
+ - name: delete secret if exists
+ continue-on-error: true
+ run: kubectl delete secret oci-config
+
+ - name: create kubernetes secret for user auth config
+ run: |
+ kubectl create secret generic oci-config \
+ --from-file=config=e2e/example/user-auth-config-example.yaml.tmp \
+ --from-literal=private-key="${{ env.OCI_CLI_KEY_CONTENT }}"
+
+ - name: update spc file with correct values
+ run: |
+ sed -e 's/vaultId:.*/vaultId: ${{ env.OCI_VAULT_ID }}/' \
+ -e 's/authType:.*/authType: user/' \
+ -e 's/- name:.*/- name: ${{ env.OCI_VAULT_SECRET_NAME }}/' e2e/example/secret-provider-class.yaml > e2e/example/secret-provider-class.yaml.tmp
+
+ - name: update deployment file with secret name
+ run: |
+ sed -e 's/testingSecretName:.*/testingSecretName: ${{ env.OCI_VAULT_SECRET_NAME }}/' \
+ e2e/example/app.deployment.yaml > e2e/example/app.deployment.yaml.tmp
+
+ - name: print updated yaml file
+ run: cat e2e/example/secret-provider-class.yaml.tmp
+
+ - name: deploy spc
+ run: kubectl apply -f e2e/example/secret-provider-class.yaml.tmp
+
+ - name: deploy workload
+ run: kubectl apply -f e2e/example/app.deployment.yaml.tmp
+
+ - name: Wait for pod to run
+ id: wait-on-pod
+ # run: kubectl wait --for=jsonpath='{.status.phase}'=Running pods/${{ env.POD_NAME }} --timeout=90s
+ run: sleep 90
+
+ - name: Verify pods are running
+ id: pod-names
+ run: kubectl get pods -l testingSecretName=${{ env.OCI_VAULT_SECRET_NAME }} -o='custom-columns=PodName:.metadata.name' --no-headers
+
+ - name: capture pod name into env
+ run: echo "POD_NAME=`kubectl get pods -l testingSecretName=${{ env.OCI_VAULT_SECRET_NAME }} -o='custom-columns=PodName:.metadata.name' --no-headers`" >> $GITHUB_ENV
+
+ - name: print secret value
+ id: print-secret-content
+ run: echo "SECRET_CONTENT=`kubectl exec -it ${{ env.POD_NAME }} -- cat /mnt/secrets-store/${{ env.OCI_VAULT_SECRET_NAME }} 2> /dev/null | base64`" >> $GITHUB_ENV
+
+ # - name: convert to base64
+ # id: convert-to-base64
+ # run: echo -n ${{ steps.print-secret-content.outputs.output }} | base64
+
+ - name: print values
+ run: echo "${{ env.SECRET_CONTENT }} == ${{ env.OCI_VAULT_SECRET_VALUE}}"
+
+ - name: verify value
+ run: if [ "${{ env.SECRET_CONTENT }}" == "${{ env.OCI_VAULT_SECRET_VALUE}}" ]; then exit 0; else exit 1; fi
+
+ # cleanup
+ - name: remove deployment
+ if: ${{ always() }}
+ run: |
+ kubectl delete -f e2e/example/app.deployment.yaml.tmp \
+ -f e2e/example/secret-provider-class.yaml.tmp
+
+ - name: delete secret
+ if: ${{ always() }}
+ run: kubectl delete secret oci-config
+
+ - name: uninstall provider
+ if: ${{ always() }}
+ run: helm uninstall oci-provider -n ${{ env.PROVIDER_NAMESPACE }}
+
+ cleanup:
+ runs-on: ubuntu-latest
+ needs: [deploy-provider]
+ name: Cleanup resources
+ env:
+ OCI_VAULT_SECRET_NAME: ${{ needs.deploy-provider.outputs.OCI_VAULT_SECRET_NAME }}
+ OCI_VAULT_SECRET_OCID: ${{ needs.deploy-provider.outputs.OCI_VAULT_SECRET_OCID }}
+ OCI_CLUSTER_ID: ${{ needs.deploy-provider.outputs.OCI_CLUSTER_ID }}
+ steps:
+ - name: delete cluster
+ if: ${{ vars.USE_EXISTING_CLUSTER != 'true' }}
+ uses: oracle-actions/run-oci-cli-command@v1.1
+ with:
+ command: "ce cluster delete --cluster-id ${{ env.OCI_CLUSTER_ID }} --wait-for-state SUCCEEDED"
+
+ # - name: get secret id
+ # id: get-secret-ocid
+ # uses: oracle-actions/run-oci-cli-command@v1.1
+ # with:
+ # command: "vault secret list --name ${{ env.OCI_VAULT_SECRET_NAME }} --compartment-id ${{ vars.COMPARTMENT_ID }}"
+ # query: data[0].id
+
+ - name: delete secrets
+ uses: oracle-actions/run-oci-cli-command@v1.1
+ with:
+ command: "vault secret schedule-secret-deletion --secret-id ${{ env.OCI_VAULT_SECRET_OCID }}"
+ # - name: delete vcn if created
+ # - name: delete vault if created
\ No newline at end of file
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index ad07f74b..311f04bb 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -8,27 +8,51 @@ on:
jobs:
build:
+ uses: ./.github/workflows/build-n-push.yaml
+ with:
+ IMAGE_REGISTRY: ${{ vars.IMAGE_REGISTRY }}
+ secrets: inherit
+ image-publish:
runs-on: ubuntu-latest
+ needs: ["build"]
env:
- IMAGE_REGISTRY: ${{ vars.IMAGE_REGISTRY }}
+ IMAGE_PATH : ${{ needs.build.outputs.IMAGE_PATH }}
steps:
- - name: Checkout
- uses: actions/checkout@v3.3.0
-
- - name: Set up QEMU
- uses: docker/setup-qemu-action@v2
- with:
- platforms: amd64
-
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v2
-
- name: Log into GitHub Container Registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${GITHUB_ACTOR,,} --password-stdin
- - name: Build Image
- run: IMAGE_REGISTRY="${{ env.IMAGE_REGISTRY }}" make docker-build
+ - name: split image path into repo and tag
+ id: split-image-path
+ run: |
+ echo PROVIDER_IMAGE_REPO=`echo ${{ env.IMAGE_PATH }} | sed -e "s/:.*$//"` >> $GITHUB_ENV
+ echo PROVIDER_IMAGE_NEW_TAG=${{ github.ref_name }} >> $GITHUB_ENV
+
+ - name: tag Image with release name
+ run: |
+ docker pull ${{ env.IMAGE_PATH }}
+ docker tag ${{ env.IMAGE_PATH }} ${{ env.PROVIDER_IMAGE_REPO }}:${{ env.PROVIDER_IMAGE_NEW_TAG }}
+ docker push ${{ env.PROVIDER_IMAGE_REPO }}:${{ env.PROVIDER_IMAGE_NEW_TAG }}
- - name: Push Image
- run: IMAGE_REGISTRY="${{ env.IMAGE_REGISTRY }}" make docker-push
\ No newline at end of file
+ - name: Checkout
+ uses: actions/checkout@v3.3.0
+ with:
+ fetch-depth: 0
+
+ - name: Configure Git
+ run: |
+ git config user.name "$GITHUB_ACTOR"
+ git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+ - name: helm release
+ run: |
+ git checkout gh-pages
+ git checkout origin/main charts
+ sed -i -e 's|repository:.*|repository: ${{ env.PROVIDER_IMAGE_REPO }}|' \
+ -e 's|tag:.*|tag: ${{ env.PROVIDER_IMAGE_NEW_TAG }}|' \
+ charts/oci-secrets-store-csi-driver-provider/values.yaml
+ helm package charts/oci-secrets-store-csi-driver-provider -d charts
+ helm repo index --url https://${GITHUB_ACTOR,,}.github.io/oci-secrets-store-csi-driver-provider/charts --merge charts/index.yaml charts
+ git add charts
+ git commit -m "Releasing chart version: ${{ github.ref_name }}"
+ git push -u origin gh-pages
\ No newline at end of file
diff --git a/.github/workflows/build.yml b/.github/workflows/unit-tests.yaml
similarity index 77%
rename from .github/workflows/build.yml
rename to .github/workflows/unit-tests.yaml
index 68f0b883..b8ed7c20 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/unit-tests.yaml
@@ -1,22 +1,24 @@
name: Unit Tests
on:
- pull_request: {}
- push: {}
+ workflow_call: {}
+ push:
+ branches-ignore:
+ - gh-pages
jobs:
- build:
- name: Build
+ build-binary-n-test:
+ name: Build Binary locally and run unit tests
runs-on: ubuntu-latest
steps:
- name: Set up Go 1.x
uses: actions/setup-go@v2
with:
- go-version: 1.17.5
+ go-version: 1.19
id: go
- name: Check out code into the Go module directory
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: build the binary
run: |
diff --git a/GettingStarted.md b/GettingStarted.md
index e77fbcc7..3b566621 100644
--- a/GettingStarted.md
+++ b/GettingStarted.md
@@ -28,6 +28,7 @@ The provider is a gRPC server accessible via the Unix domain socket. It's interf
* [How to introduce new modules or upgrade existing ones?](#dep-management-vendoring)
* [Versioning](#versioning)
* [Linter](#linter)
+ * [CI Setup](#ci-setup)
* [Known Issues](#known-issues)
* [FAQ](#faq)
@@ -354,6 +355,57 @@ Here is the tool's [documentation](https://golangci-lint.run/).
Since this tool is standalone, the developers have to control the version themselves.
> **_NOTE:_** Current version is 1.46.2
+
+## CI Setup
+GitHub Actions is used to implement Continuous integration pipeline.
+Location in the code base: .github/workflows
+Github workflows:
+1. unit-tests.yaml – Runs unit test cases
+ * Functionality:
+ * builds binary
+ * run unit tests and test coverage reports
+ * send report to coveralls
+
+ * triggers:
+ * On pushing a commit
+ * dependencies:
+ * None
+2. build-n-push.yaml – builds and pushes to image registry
+ * Functionality:
+ * builds docker image
+ * pushes to registry
+ * triggers:
+ * on workflow_call from e2e tests and release workflows
+ * dependencies:
+ * unit-tests.yaml
+3. e2e-tests.yaml – Runs end to end test cases
+ * Functionality:
+ * Creates cluster
+ * Creates Vault and Secrets
+ * Deploys the provider and sample workload
+ * Tests mounted contents with in a workload pod
+ * Cleans up created resources
+ * triggers:
+ * on pull request
+ * dependencies:
+ * unit-tests.yaml
+ * build-n-push.yaml
+ * flow:
+ 
+
+4. release.yaml – Release
+ * Functionality:
+ * Tags the docker image with release version
+ * Releases helm charts
+ * triggers:
+ * on creating a release tag
+ * dependencies:
+ * unit-tests.yaml
+ * build-n-push.yaml
+ * flow:
+ 
+
+
## Known Issues
diff --git a/Makefile b/Makefile
index 0d9ce1c9..d2dddfb4 100644
--- a/Makefile
+++ b/Makefile
@@ -55,6 +55,9 @@ docker-push:
docker-build-push: docker-build
docker push ${IMAGE_PATH}
+print-docker-image-path:
+ @echo ${IMAGE_PATH}
+
test-coverage:
go test -coverprofile=cover.out ./…
go tool cover -html=cover.out
\ No newline at end of file
diff --git a/charts/oci-secrets-store-csi-driver-provider/Chart.yaml b/charts/oci-secrets-store-csi-driver-provider/Chart.yaml
index 5e106c6c..9cd365a6 100644
--- a/charts/oci-secrets-store-csi-driver-provider/Chart.yaml
+++ b/charts/oci-secrets-store-csi-driver-provider/Chart.yaml
@@ -7,10 +7,10 @@
apiVersion: v2
name: oci-secrets-store-csi-driver-provider
description: OCI Vault provider for the Secrets Store CSI driver.
-version: 0.2.5
+version: 0.2.8
type: application
-appVersion: "0.9.2"
+appVersion: "0.9.4"
kubeVersion: ">=1.19.0-0" # CSI Driver 1.2.0 is compatible with K8S 1.19+
dependencies:
diff --git a/e2e/example/app.deployment.yaml b/e2e/example/app.deployment.yaml
new file mode 100644
index 00000000..453e9050
--- /dev/null
+++ b/e2e/example/app.deployment.yaml
@@ -0,0 +1,46 @@
+#
+# OCI Secrets Store CSI Driver Provider
+#
+# Copyright (c) 2022 Oracle America, Inc. and its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
+#
+
+# This Deployment is used as a reference example of how to mount secrets into the pod
+# via Secrets Store CSI Driver and OCI Vault Provider.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nginx
+ labels:
+ app: nginx
+spec:
+ selector:
+ matchLabels:
+ app: nginx
+ template:
+ metadata:
+ labels:
+ app: nginx
+ testingSecretName: abc
+ spec:
+ containers:
+ - name: nginx
+ image: nginx:1.21.4-alpine
+ ports:
+ - containerPort: 80
+ resources:
+ limits:
+ memory: 128Mi
+ cpu: 200m
+ volumeMounts:
+ - name: 'some-creds'
+ mountPath: '/mnt/secrets-store' # here are mounted secrets
+ readOnly: true
+ volumes:
+ - name: some-creds
+ csi:
+ driver: 'secrets-store.csi.k8s.io'
+ readOnly: true
+ volumeAttributes:
+ secretProviderClass: 'test-oci-provider-class' # here we reference particular SecretProviderClass
\ No newline at end of file
diff --git a/e2e/example/secret-provider-class.yaml b/e2e/example/secret-provider-class.yaml
new file mode 100644
index 00000000..4bd29aa2
--- /dev/null
+++ b/e2e/example/secret-provider-class.yaml
@@ -0,0 +1,31 @@
+#
+# OCI Secrets Store CSI Driver Provider
+#
+# Copyright (c) 2022 Oracle America, Inc. and its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
+#
+
+# SecretProviderClass is a custom resource to provide driver configurations and
+# provider-specific parameters to the CSI driver.
+#
+# On pod start and restart, the driver will communicate with the provider to retrieve the secret content
+# from the external Secrets Store you have specified in the SecretProviderClass resource.
+#
+# For more information check: https://secrets-store-csi-driver.sigs.k8s.io/getting-started/usage.html
+#
+# This SecretProviderClass is used as a reference example of how to configure the OCI Vault provider.
+# Each SecretProviderClass enumerates secrets to mount into the pod.
+# So, multiple SecretProviderClass resources could exist in a single Kubernetes cluster.
+
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+ name: test-oci-provider-class # SecretProviderClass name is referenced from pod definition
+spec:
+ parameters:
+ authSecretName: oci-config
+ authType: user
+ secrets: |
+ - name: test-secret-12813
+ vaultId: ocid1.vault.oc1..aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+ provider: oci
\ No newline at end of file
diff --git a/e2e/example/user-auth-config-example.yaml b/e2e/example/user-auth-config-example.yaml
new file mode 100644
index 00000000..476914f8
--- /dev/null
+++ b/e2e/example/user-auth-config-example.yaml
@@ -0,0 +1,13 @@
+#
+# OCI Secrets Store CSI Driver Provider
+#
+# Copyright (c) 2022 Oracle America, Inc. and its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
+#
+auth:
+ region: us-phoenix-1
+ tenancy: ocid1.tenancy.oc1..aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+ user: ocid1.user.oc1..aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+ # Omit if there is not a password for the key
+ # passphrase: supersecretpassword
+ fingerprint: 12:bf:17:7b:5f:e0:7d:13:75:11:d6:39:0d:e2:84:74
\ No newline at end of file