diff --git a/Dockerfile b/Dockerfile index 3ad3e778..60ae46bc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,7 @@ RUN export GOOS=$TARGETOS && \ export GOARM=$(echo ${TARGETPLATFORM} | cut -d / -f3 | tr -d 'v') && \ make build -FROM registry.k8s.io/build-image/debian-iptables:bullseye-v1.5.6 AS nmi +FROM registry.k8s.io/build-image/debian-iptables:bullseye-v1.5.7 AS nmi RUN apt update && \ apt upgrade -y && \ clean-install ca-certificates diff --git a/charts/aad-pod-identity-4.1.18.tgz b/charts/aad-pod-identity-4.1.18.tgz new file mode 100644 index 00000000..631bd2ec Binary files /dev/null and b/charts/aad-pod-identity-4.1.18.tgz differ diff --git a/charts/aad-pod-identity/Chart.yaml b/charts/aad-pod-identity/Chart.yaml index bf5875a8..83f80c80 100644 --- a/charts/aad-pod-identity/Chart.yaml +++ b/charts/aad-pod-identity/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: Deploy components for aad-pod-identity name: aad-pod-identity -version: 4.1.17 -appVersion: 1.8.16 +version: 4.1.18 +appVersion: 1.8.17 home: https://github.com/Azure/aad-pod-identity sources: - https://github.com/Azure/aad-pod-identity diff --git a/charts/aad-pod-identity/README.md b/charts/aad-pod-identity/README.md index a8be67c4..c8f651c6 100755 --- a/charts/aad-pod-identity/README.md +++ b/charts/aad-pod-identity/README.md @@ -252,7 +252,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `adminsecret.useMSI` | Set to `true` when using a user managed identity | ` ` | | `adminsecret.userAssignedMSIClientID` | Azure user managed identity client ID | ` ` | | `mic.image` | MIC image name | `mic` | -| `mic.tag` | MIC image tag | `v1.8.16` | +| `mic.tag` | MIC image tag | `v1.8.17` | | `mic.priorityClassName` | MIC priority class (can only be set when deploying to kube-system namespace) | | | `mic.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `mic.loggingFormat` | Log format. One of (text \| json) | `text` | @@ -278,7 +278,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `mic.updateUserMSIRetryInterval` | The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors | If not provided, default value is `1s` | | `mic.identityAssignmentReconcileInterval` | The interval between reconciling identity assignment on Azure based on an existing list of AzureAssignedIdentities | If not provided, default value is `3m` | | `nmi.image` | NMI image name | `nmi` | -| `nmi.tag` | NMI image tag | `v1.8.16` | +| `nmi.tag` | NMI image tag | `v1.8.17` | | `nmi.priorityClassName` | NMI priority class (can only be set when deploying to kube-system namespace) | | | `nmi.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `nmi.loggingFormat` | Log format. One of (text \| json) | `text` | diff --git a/charts/aad-pod-identity/values.yaml b/charts/aad-pod-identity/values.yaml index 5441fa4f..9cae2e4b 100644 --- a/charts/aad-pod-identity/values.yaml +++ b/charts/aad-pod-identity/values.yaml @@ -43,7 +43,7 @@ operationMode: "standard" mic: image: mic - tag: v1.8.16 + tag: v1.8.17 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" @@ -163,7 +163,7 @@ mic: nmi: image: nmi - tag: v1.8.16 + tag: v1.8.17 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" diff --git a/charts/index.yaml b/charts/index.yaml index ad5b5ab3..b0298cca 100644 --- a/charts/index.yaml +++ b/charts/index.yaml @@ -1,6 +1,21 @@ apiVersion: v1 entries: aad-pod-identity: + - apiVersion: v2 + appVersion: 1.8.17 + created: "2023-06-15T23:23:21.230954465Z" + description: Deploy components for aad-pod-identity + digest: ffc6d41aa3d8a4e36bfff77332f433e0288324051224bc8183584cc2f991fa28 + home: https://github.com/Azure/aad-pod-identity + maintainers: + - email: anish.ramasekar@gmail.com + name: aramase + name: aad-pod-identity + sources: + - https://github.com/Azure/aad-pod-identity + urls: + - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-4.1.18.tgz + version: 4.1.18 - apiVersion: v2 appVersion: 1.8.16 created: "2023-05-15T23:15:42.29707676Z" @@ -496,4 +511,4 @@ entries: urls: - https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity-1.5.2.tgz version: 1.5.2 -generated: "2023-05-15T23:15:42.295949743Z" +generated: "2023-06-15T23:23:21.229735612Z" diff --git a/deploy/demo/deployment.yaml b/deploy/demo/deployment.yaml index 3d2c2082..0b5e23d9 100644 --- a/deploy/demo/deployment.yaml +++ b/deploy/demo/deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: demo - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.17" args: - "--subscription-id=SUBSCRIPTION_ID" - "--identity-client-id=CLIENT_ID" diff --git a/deploy/infra/deployment-rbac.yaml b/deploy/infra/deployment-rbac.yaml index 05db7454..66c89a22 100644 --- a/deploy/infra/deployment-rbac.yaml +++ b/deploy/infra/deployment-rbac.yaml @@ -475,7 +475,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -597,7 +597,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.17" args: - "--cloudconfig=/etc/kubernetes/azure.json" - "--logtostderr" diff --git a/deploy/infra/deployment.yaml b/deploy/infra/deployment.yaml index c0d6d987..829d5a52 100644 --- a/deploy/infra/deployment.yaml +++ b/deploy/infra/deployment.yaml @@ -431,7 +431,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -498,7 +498,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.17" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--cloudconfig=/etc/kubernetes/azure.json" diff --git a/deploy/infra/managed-mode-deployment.yaml b/deploy/infra/managed-mode-deployment.yaml index 3afa2d72..4ef68174 100644 --- a/deploy/infra/managed-mode-deployment.yaml +++ b/deploy/infra/managed-mode-deployment.yaml @@ -306,7 +306,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--operation-mode=managed" diff --git a/deploy/infra/noazurejson/deployment-rbac.yaml b/deploy/infra/noazurejson/deployment-rbac.yaml index 98d8b7bd..aaf3d8cc 100644 --- a/deploy/infra/noazurejson/deployment-rbac.yaml +++ b/deploy/infra/noazurejson/deployment-rbac.yaml @@ -473,7 +473,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -607,7 +607,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.17" args: - "--logtostderr" securityContext: diff --git a/deploy/infra/noazurejson/deployment.yaml b/deploy/infra/noazurejson/deployment.yaml index 80957381..3f7edb26 100644 --- a/deploy/infra/noazurejson/deployment.yaml +++ b/deploy/infra/noazurejson/deployment.yaml @@ -429,7 +429,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -510,7 +510,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.17" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--logtostderr" diff --git a/manifest_staging/charts/aad-pod-identity/Chart.yaml b/manifest_staging/charts/aad-pod-identity/Chart.yaml index bf5875a8..83f80c80 100644 --- a/manifest_staging/charts/aad-pod-identity/Chart.yaml +++ b/manifest_staging/charts/aad-pod-identity/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: Deploy components for aad-pod-identity name: aad-pod-identity -version: 4.1.17 -appVersion: 1.8.16 +version: 4.1.18 +appVersion: 1.8.17 home: https://github.com/Azure/aad-pod-identity sources: - https://github.com/Azure/aad-pod-identity diff --git a/manifest_staging/charts/aad-pod-identity/README.md b/manifest_staging/charts/aad-pod-identity/README.md index a8be67c4..c8f651c6 100755 --- a/manifest_staging/charts/aad-pod-identity/README.md +++ b/manifest_staging/charts/aad-pod-identity/README.md @@ -252,7 +252,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `adminsecret.useMSI` | Set to `true` when using a user managed identity | ` ` | | `adminsecret.userAssignedMSIClientID` | Azure user managed identity client ID | ` ` | | `mic.image` | MIC image name | `mic` | -| `mic.tag` | MIC image tag | `v1.8.16` | +| `mic.tag` | MIC image tag | `v1.8.17` | | `mic.priorityClassName` | MIC priority class (can only be set when deploying to kube-system namespace) | | | `mic.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `mic.loggingFormat` | Log format. One of (text \| json) | `text` | @@ -278,7 +278,7 @@ The following tables list the configurable parameters of the aad-pod-identity ch | `mic.updateUserMSIRetryInterval` | The duration to wait before retrying UpdateUserMSI (batch assigning/un-assigning identity from VM/VMSS) in case of errors | If not provided, default value is `1s` | | `mic.identityAssignmentReconcileInterval` | The interval between reconciling identity assignment on Azure based on an existing list of AzureAssignedIdentities | If not provided, default value is `3m` | | `nmi.image` | NMI image name | `nmi` | -| `nmi.tag` | NMI image tag | `v1.8.16` | +| `nmi.tag` | NMI image tag | `v1.8.17` | | `nmi.priorityClassName` | NMI priority class (can only be set when deploying to kube-system namespace) | | | `nmi.logVerbosity` | Log level. Uses V logs (klog) | `0` | | `nmi.loggingFormat` | Log format. One of (text \| json) | `text` | diff --git a/manifest_staging/charts/aad-pod-identity/values.yaml b/manifest_staging/charts/aad-pod-identity/values.yaml index 5441fa4f..9cae2e4b 100644 --- a/manifest_staging/charts/aad-pod-identity/values.yaml +++ b/manifest_staging/charts/aad-pod-identity/values.yaml @@ -43,7 +43,7 @@ operationMode: "standard" mic: image: mic - tag: v1.8.16 + tag: v1.8.17 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" @@ -163,7 +163,7 @@ mic: nmi: image: nmi - tag: v1.8.16 + tag: v1.8.17 # ref: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical priorityClassName: "" diff --git a/manifest_staging/deploy/demo/deployment.yaml b/manifest_staging/deploy/demo/deployment.yaml index 3d2c2082..0b5e23d9 100644 --- a/manifest_staging/deploy/demo/deployment.yaml +++ b/manifest_staging/deploy/demo/deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: demo - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.17" args: - "--subscription-id=SUBSCRIPTION_ID" - "--identity-client-id=CLIENT_ID" diff --git a/manifest_staging/deploy/infra/deployment-rbac.yaml b/manifest_staging/deploy/infra/deployment-rbac.yaml index 05db7454..66c89a22 100644 --- a/manifest_staging/deploy/infra/deployment-rbac.yaml +++ b/manifest_staging/deploy/infra/deployment-rbac.yaml @@ -475,7 +475,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -597,7 +597,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.17" args: - "--cloudconfig=/etc/kubernetes/azure.json" - "--logtostderr" diff --git a/manifest_staging/deploy/infra/deployment.yaml b/manifest_staging/deploy/infra/deployment.yaml index c0d6d987..829d5a52 100644 --- a/manifest_staging/deploy/infra/deployment.yaml +++ b/manifest_staging/deploy/infra/deployment.yaml @@ -431,7 +431,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -498,7 +498,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.17" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--cloudconfig=/etc/kubernetes/azure.json" diff --git a/manifest_staging/deploy/infra/managed-mode-deployment.yaml b/manifest_staging/deploy/infra/managed-mode-deployment.yaml index 3afa2d72..4ef68174 100644 --- a/manifest_staging/deploy/infra/managed-mode-deployment.yaml +++ b/manifest_staging/deploy/infra/managed-mode-deployment.yaml @@ -306,7 +306,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--operation-mode=managed" diff --git a/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml b/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml index 98d8b7bd..aaf3d8cc 100644 --- a/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml +++ b/manifest_staging/deploy/infra/noazurejson/deployment-rbac.yaml @@ -473,7 +473,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -607,7 +607,7 @@ spec: serviceAccountName: aad-pod-id-mic-service-account containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.17" args: - "--logtostderr" securityContext: diff --git a/manifest_staging/deploy/infra/noazurejson/deployment.yaml b/manifest_staging/deploy/infra/noazurejson/deployment.yaml index 80957381..3f7edb26 100644 --- a/manifest_staging/deploy/infra/noazurejson/deployment.yaml +++ b/manifest_staging/deploy/infra/noazurejson/deployment.yaml @@ -429,7 +429,7 @@ spec: type: FileOrCreate containers: - name: nmi - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.17" args: - "--node=$(NODE_NAME)" - "--http-probe-port=8085" @@ -510,7 +510,7 @@ spec: spec: containers: - name: mic - image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.16" + image: "mcr.microsoft.com/oss/azure/aad-pod-identity/mic:v1.8.17" args: - "--kubeconfig=/var/lib/kubelet/kubeconfig" - "--logtostderr" diff --git a/test/e2e/framework/config.go b/test/e2e/framework/config.go index fbde773b..fb346565 100644 --- a/test/e2e/framework/config.go +++ b/test/e2e/framework/config.go @@ -22,10 +22,10 @@ type Config struct { KeyvaultName string `envconfig:"KEYVAULT_NAME"` KeyvaultSecretName string `envconfig:"KEYVAULT_SECRET_NAME"` KeyvaultSecretVersion string `envconfig:"KEYVAULT_SECRET_VERSION"` - MICVersion string `envconfig:"MIC_VERSION" default:"v1.8.16"` - NMIVersion string `envconfig:"NMI_VERSION" default:"v1.8.16"` + MICVersion string `envconfig:"MIC_VERSION" default:"v1.8.17"` + NMIVersion string `envconfig:"NMI_VERSION" default:"v1.8.17"` Registry string `envconfig:"REGISTRY" default:"mcr.microsoft.com/oss/azure/aad-pod-identity"` - IdentityValidatorVersion string `envconfig:"IDENTITY_VALIDATOR_VERSION" default:"v1.8.16"` + IdentityValidatorVersion string `envconfig:"IDENTITY_VALIDATOR_VERSION" default:"v1.8.17"` EnableScaleFeatures bool `envconfig:"ENABLE_SCALE_FEATURES" default:"true"` ImmutableUserMSIs string `envconfig:"IMMUTABLE_IDENTITY_CLIENT_ID"` NMIMode string `envconfig:"NMI_MODE" default:"standard"` diff --git a/test/e2e/framework/iptables/iptables_helpers.go b/test/e2e/framework/iptables/iptables_helpers.go index c297ecdf..6384fed4 100644 --- a/test/e2e/framework/iptables/iptables_helpers.go +++ b/test/e2e/framework/iptables/iptables_helpers.go @@ -79,7 +79,7 @@ func WaitForRules(input WaitForRulesInput) { Containers: []corev1.Container{ { Name: busybox, - Image: "registry.k8s.io/build-image/debian-iptables:bullseye-v1.5.6", + Image: "registry.k8s.io/build-image/debian-iptables:bullseye-v1.5.7", Stdin: true, Command: []string{ "sleep", @@ -153,7 +153,7 @@ func WaitForRules(input WaitForRulesInput) { }, { command: "iptables -t nat -L aad-metadata", - expectedErrorMsg: "No chain/target/match by that name", + expectedErrorMsg: "chain `aad-metadata' in table `nat' is incompatible", }, } { stderr, err := exec.KubectlExec(input.KubeconfigPath, p.Name, input.Namespace, strings.Split(cmd.command, " ")) diff --git a/website/content/en/changelog/_index.md b/website/content/en/changelog/_index.md index 703621ac..a025b16b 100644 --- a/website/content/en/changelog/_index.md +++ b/website/content/en/changelog/_index.md @@ -7,6 +7,22 @@ menu: weight: 10 --- +## v1.8.17 + +### Continuous Integration + +- ci: restrict permissions for gh workflows ([#1428](https://github.com/Azure/aad-pod-identity/pull/1428)) +- ci: remove nightly and load test pipeline ([#1432](https://github.com/Azure/aad-pod-identity/pull/1432)) + +### Documentation + +- docs: Update RELEASE.md to clarify September EOL ([#1433](https://github.com/Azure/aad-pod-identity/pull/1433)) + +### Maintenance + +- chore: use ubuntu-latest gh runner ([#1427](https://github.com/Azure/aad-pod-identity/pull/1427)) +- chore: update debian-iptables to bullseye-v1.5.7 ([#1435](https://github.com/Azure/aad-pod-identity/pull/1435)) + ## v1.8.16 ### Maintenance diff --git a/website/content/en/docs/Demo/standard_walkthrough.md b/website/content/en/docs/Demo/standard_walkthrough.md index e8dd4516..98646158 100644 --- a/website/content/en/docs/Demo/standard_walkthrough.md +++ b/website/content/en/docs/Demo/standard_walkthrough.md @@ -124,7 +124,7 @@ metadata: spec: containers: - name: demo - image: mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.16 + image: mcr.microsoft.com/oss/azure/aad-pod-identity/demo:v1.8.17 args: - --subscription-id=${SUBSCRIPTION_ID} - --resource-group=${IDENTITY_RESOURCE_GROUP} diff --git a/website/content/en/docs/Getting started/installation.md b/website/content/en/docs/Getting started/installation.md index 57104237..21b0067b 100644 --- a/website/content/en/docs/Getting started/installation.md +++ b/website/content/en/docs/Getting started/installation.md @@ -11,7 +11,7 @@ description: > To install/upgrade AAD Pod Identity on RBAC-enabled clusters: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.16/deploy/infra/deployment-rbac.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.17/deploy/infra/deployment-rbac.yaml ```
@@ -37,7 +37,7 @@ deployment.apps/mic created To install/upgrade aad-pod-identity on RBAC-disabled clusters: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.16/deploy/infra/deployment.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.17/deploy/infra/deployment.yaml ```
@@ -57,7 +57,7 @@ deployment.apps/mic created For AKS clusters, you will have to allow MIC and AKS add-ons to access IMDS without being intercepted by NMI: ``` -kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.16/deploy/infra/mic-exception.yaml +kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/v1.8.17/deploy/infra/mic-exception.yaml ``` {{% alert title="Warning" color="warning" %}}