Skip to content

Commit

Permalink
Merge pull request #215 from RomanBednar/rebase-v1.15.0
Browse files Browse the repository at this point in the history 
OCPBUGS-6355: Rebase to v1.15.0 for OCP 4.13
  • Loading branch information
@RomanBednar
RomanBednar authored Feb 3, 2023
2 parents 4e938ca + 4a51720 commit 7f2b967
Show file tree
Hide file tree
Showing 2,949 changed files with 275,909 additions and 284,967 deletions.
48 changes: 48 additions & 0 deletions .github/workflows/trivy-containers.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
name: Trivy Scanner - Container Images
on:
push:
branches:
- master
paths:
- 'deploy/kubernetes/overlays/stable/gcr/kustomization.yaml'
schedule:
- cron: '0 */24 * * *'

jobs:
build-matrix:
runs-on: ubuntu-latest
outputs:
images: ${{ steps.set-matrix.outputs.result }}

steps:
- name: Checkout code
uses: actions/checkout@v3

- id: set-matrix
uses: mikefarah/yq@master
with:
# Dynamically build the matrix of images to scan using `deploy/kubernetes/overlays/stable/gcr/kustomization.yaml`
# matrix format: ['k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v1.11.3', 'k8s.gcr.io/sig-storage/csi-attacher:v3.4.0', ...]
cmd: yq '.images | map(.name + ":" + .newTag) | . style="flow"' < deploy/kubernetes/overlays/stable/gcr/kustomization.yaml

trivy-scan:
needs: build-matrix
runs-on: ubuntu-latest
strategy:
matrix:
image: ${{ fromJson(needs.build-matrix.outputs.images) }}

steps:
- name: Scan container image
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ matrix.image }}'
output: 'results.sarif'
format: 'sarif'
ignore-unfixed: true
severity: 'HIGH,CRITICAL'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'results.sarif'
28 changes: 28 additions & 0 deletions .github/workflows/trivy.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
name: Trivy Scanner
on:
push:
branches:
- master
pull_request:

jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'results.sarif'
severity: 'HIGH,CRITICAL'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'results.sarif'
3 changes: 3 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,6 @@ Vagrantfile

# Vendor dir
#vendor/

# .image-* files used by Makefile
.image-*
18 changes: 0 additions & 18 deletions .travis.yml
View file

This file was deleted.

82 changes: 82 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,85 @@
# v1.14.1
### Bug Fixes
* (Cherry-Pick) Fixed handling of volume limits for instance types m6id and x2idn

# v1.14.0
### Improvements
* Bumped golang dependencies
* Rebuilt driver container with newer base image (containing security fixes)
* In the next minor release (v1.15.0, scheduled for January) the default sidecars will be changed, see https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1456

# v1.13.0
### Bug Fixes

* Add version information from tag to GCR build ([#1426](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1426), [@ConnorJC3](https://github.com/ConnorJC3))
* `pkg/driver/controller.go` uses ToLower ([#1429](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1429), [@yevhenvolchenko](https://github.com/yevhenvolchenko))
* Increase cloudbuild timeout ([#1430](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1430), [@torredil](https://github.com/torredil))
* Use `PULL_BASE_REF` for `VERSION` instead of `GIT_TAG` for GCR builds ([#1439](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1439), [@ConnorJC3](https://github.com/ConnorJC3))
* Grab version via tag directly from git ([#1441](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1441), [@ConnorJC3](https://github.com/ConnorJC3))

### Improvements
* Upgrade K8s to `v1.25`; Upgrade ginkgo to `v2`; Use upstream binary for `e2e-kubernetes` ([#1341](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1341), [@torredil](https://github.com/torredil))
* Add release and support policy to README.md ([#1392](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1392), [@torredil](https://github.com/torredil))
* Update and run update-gomock ([#1422](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1422), [@torredil](https://github.com/torredil))
* Upgrade Go/CI dependencies ([#1433](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1433), [@torredil](https://github.com/torredil))
* Upgrade golangci-lint; Fix linter errors ([#1435](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1435), [@torredil](https://github.com/torredil))

### Acknowledgments
* We would like to sincerely thank:
[@yevhenvolchenko](https://github.com/yevhenvolchenko)

# v1.12.1
### Security
* Addreses [ALAS2-2022-1854](https://alas.aws.amazon.com/AL2/ALAS-2022-1854.html) and [ALAS2-2022-1849](https://alas.aws.amazon.com/AL2/ALAS-2022-1849.html)

# v1.11.5
### Backported Security
* Addreses [ALAS2-2022-1854](https://alas.aws.amazon.com/AL2/ALAS-2022-1854.html) and [ALAS2-2022-1849](https://alas.aws.amazon.com/AL2/ALAS-2022-1849.html)

# v1.12.0
### Notable Changes
* Unify IOPS handling across volume types ([#1366](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1366), [@torredil](https://github.com/torredil))
* Change fsGroupPolicy to File ([#1377](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1377), [@ConnorJC3](https://github.com/ConnorJC3))
* Add resolver to handle custom endpoints ([#1398](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1398), [@bertinatto](https://github.com/bertinatto))
* Add enableMetrics configuration ([#1380](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1380), [@torredil](https://github.com/torredil))
* Build Windows container for Windows Server 2022 LTSC ([#1408](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1408), [@ConnorJC3](https://github.com/ConnorJC3))
* Add support for io2 Block Express volumes ([#1409](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1409), [@ConnorJC3](https://github.com/ConnorJC3))

### Bug Fixes
* c6i.metal and g5g.metal are nitro instances ([#1358](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1358), [@wmesard](https://github.com/wmesard))
* Update release notes; Implement useOldCSIDriver parameter ([#1391](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1391), [@ConnorJC3](https://github.com/ConnorJC3))

### Improvements
* Add controller nodeAffinity to prefer EC2 over Fargate ([#1360](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1360), [@torredil](https://github.com/torredil))
* Add warning message when region is unavailable on the controller ([#1359](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1359), [@ConnorJC3](https://github.com/ConnorJC3))
* Retrieve region/AZ from topology label ([#1360](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1360), [@torredil](https://github.com/torredil))
* Update the kustomization deployment to latest image tag ([#1367](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1367), [@gtxu](https://github.com/gtxu))
* Update module k8s.io/klog to v2 ([#1370](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1370), [@torredil](https://github.com/torredil))
* Updating static example to include setting fsType ([#1376](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1376), [@jbehrends](https://github.com/jbehrends))
* Allow all taint for csi-node by default ([#1381](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1381), [@gtxu](https://github.com/gtxu))
* add link to install guide ([#1383](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1383), [@geoffcline](https://github.com/geoffcline))
* Add self to OWNERS ([#1399](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1399), [@ConnorJC3](https://github.com/ConnorJC3))
* Cleanup OWNERS ([#1403](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1403), [@ConnorJC3](https://github.com/ConnorJC3))
* Add snow device types to parameters ([#1404](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1404), [@TerryHowe](https://github.com/TerryHowe))
* revise preqs for install docs ([#1389](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1389), [@geoffcline](https://github.com/geoffcline))
* Update workflows ([#1401](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1401), [@torredil](https://github.com/torredil))
* Add .image-* files from Makefile to .gitignore ([#1410](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1410), [@ConnorJC3](https://github.com/ConnorJC3))
* Update trivy.yaml workflow event trigger ([#1411](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1411), [@torredil](https://github.com/torredil))

### Acknowledgments
* We would like to sincerely thank:
[@TerryHowe](https://github.com/TerryHowe), [@bertinatto](https://github.com/bertinatto), [@geoffcline](https://github.com/geoffcline), & [@jbehrends](https://github.com/jbehrends)

# v1.11.4
### Improvements
* Update go version; Update dependencies ([#1394](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1394), [@torredil](https://github.com/torredil))
- go `1.17` -> `1.19`
- github.com/aws/aws-sdk-go `v1.44.45` -> `v1.44.101`
- github.com/google/go-cmp `v0.5.8` -> `v0.5.9`
- github.com/onsi/gomega `v1.19.0` -> `v1.20.2`
- golang.org/x/sys `v0.0.0-20220728004956-3c1f35247d10` -> `v0.0.0-20220919091848-fb04ddd9f9c8`
- google.golang.org/grpc `v1.47.0` -> `v1.49.0`

# v1.11.3
### Vulnerability Fixes
* Address CVEs ([#1384](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1384), [@torredil](https://github.com/torredil))
Expand Down
6 changes: 3 additions & 3 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,14 @@ FROM public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-csi-ebs:lat
COPY --from=builder /go/src/github.com/kubernetes-sigs/aws-ebs-csi-driver/bin/aws-ebs-csi-driver /bin/aws-ebs-csi-driver
ENTRYPOINT ["/bin/aws-ebs-csi-driver"]

FROM mcr.microsoft.com/windows/servercore:1809 AS windows-1809
FROM mcr.microsoft.com/windows/servercore:20H2 AS windows-20H2
COPY --from=builder /go/src/github.com/kubernetes-sigs/aws-ebs-csi-driver/bin/aws-ebs-csi-driver.exe /aws-ebs-csi-driver.exe
ENTRYPOINT ["/aws-ebs-csi-driver.exe"]

FROM mcr.microsoft.com/windows/servercore:20H2 AS windows-20H2
FROM mcr.microsoft.com/windows/servercore:ltsc2019 AS windows-ltsc2019
COPY --from=builder /go/src/github.com/kubernetes-sigs/aws-ebs-csi-driver/bin/aws-ebs-csi-driver.exe /aws-ebs-csi-driver.exe
ENTRYPOINT ["/aws-ebs-csi-driver.exe"]

FROM mcr.microsoft.com/windows/servercore:ltsc2019 AS windows-ltsc2019
FROM mcr.microsoft.com/windows/servercore:ltsc2022 AS windows-ltsc2022
COPY --from=builder /go/src/github.com/kubernetes-sigs/aws-ebs-csi-driver/bin/aws-ebs-csi-driver.exe /aws-ebs-csi-driver.exe
ENTRYPOINT ["/aws-ebs-csi-driver.exe"]
35 changes: 18 additions & 17 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ undefine KUBERNETES_SERVICE_PORT_HTTPS
# Carry: VERSION is set by CI to go version, not CSI driver version
undefine VERSION

VERSION?=v1.11.3
VERSION?=v1.15.0

PKG=github.com/kubernetes-sigs/aws-ebs-csi-driver
GIT_COMMIT?=$(shell git rev-parse HEAD)
Expand Down Expand Up @@ -56,7 +56,7 @@ ALL_OSVERSION_linux?=amazon
ALL_OS_ARCH_OSVERSION_linux=$(foreach arch, $(ALL_ARCH_linux), $(foreach osversion, ${ALL_OSVERSION_linux}, linux-$(arch)-${osversion}))

ALL_ARCH_windows?=amd64
ALL_OSVERSION_windows?=1809 20H2 ltsc2019
ALL_OSVERSION_windows?=20H2 ltsc2019 ltsc2022
ALL_OS_ARCH_OSVERSION_windows=$(foreach arch, $(ALL_ARCH_windows), $(foreach osversion, ${ALL_OSVERSION_windows}, windows-$(arch)-${osversion}))

ALL_OS_ARCH_OSVERSION=$(foreach os, $(ALL_OS), ${ALL_OS_ARCH_OSVERSION_${os}})
Expand Down Expand Up @@ -128,12 +128,12 @@ bin /tmp/helm /tmp/kubeval:
@mkdir -p $@

bin/helm: | /tmp/helm bin
@curl -o /tmp/helm/helm.tar.gz -sSL https://get.helm.sh/helm-v3.5.3-${GOOS}-amd64.tar.gz
@curl -o /tmp/helm/helm.tar.gz -sSL https://get.helm.sh/helm-v3.10.1-${GOOS}-amd64.tar.gz
@tar -zxf /tmp/helm/helm.tar.gz -C bin --strip-components=1
@rm -rf /tmp/helm/*

bin/kubeval: | /tmp/kubeval bin
@curl -o /tmp/kubeval/kubeval.tar.gz -sSL https://github.com/instrumenta/kubeval/releases/download/0.15.0/kubeval-linux-amd64.tar.gz
@curl -o /tmp/kubeval/kubeval.tar.gz -sSL https://github.com/instrumenta/kubeval/releases/download/0.16.1/kubeval-linux-amd64.tar.gz
@tar -zxf /tmp/kubeval/kubeval.tar.gz -C bin kubeval
@rm -rf /tmp/kubeval/*

Expand All @@ -142,7 +142,7 @@ bin/mockgen: | bin

bin/golangci-lint: | bin
echo "Installing golangci-lint..."
curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh| sh -s v1.21.0
curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh| sh -s v1.50.1

.PHONY: kubeval
kubeval: bin/kubeval
Expand Down Expand Up @@ -190,15 +190,9 @@ test-e2e-multi-az:

.PHONY: test-e2e-migration
test-e2e-migration:
AWS_REGION=us-west-2 \
AWS_AVAILABILITY_ZONES=us-west-2a,us-west-2b,us-west-2c \
HELM_EXTRA_FLAGS='--set=controller.k8sTagClusterId=$$CLUSTER_NAME' \
EBS_INSTALL_SNAPSHOT="true" \
TEST_PATH=./tests/e2e-kubernetes/... \
GINKGO_FOCUS="\[ebs-csi-migration\]" \
GINKGO_SKIP="\[Disruptive\]|Pre-provisioned" \
EBS_CHECK_MIGRATION=true \
./hack/e2e/run.sh
# TODO: Remove once this test is removed from test-infra upstream
# https://github.com/kubernetes/test-infra/blob/master/config/jobs/kubernetes-sigs/aws-ebs-csi-driver/aws-ebs-csi-driver-presubmits.yaml
echo "succeed"

.PHONY: test-e2e-external
test-e2e-external:
Expand All @@ -214,7 +208,6 @@ test-e2e-external:
.PHONY: test-e2e-external-eks
test-e2e-external-eks:
CLUSTER_TYPE=eksctl \
K8S_VERSION="1.20" \
HELM_VALUES_FILE="./hack/values_eksctl.yaml" \
HELM_EXTRA_FLAGS='--set=controller.k8sTagClusterId=$$CLUSTER_NAME' \
EBS_INSTALL_SNAPSHOT="true" \
Expand All @@ -226,6 +219,14 @@ test-e2e-external-eks:
GINKGO_SKIP="\[Disruptive\]|\[Serial\]" \
./hack/e2e/run.sh

.PHONY: test-helm-chart
test-helm-chart:
AWS_REGION=us-west-2 \
AWS_AVAILABILITY_ZONES=us-west-2a,us-west-2b,us-west-2c \
EBS_INSTALL_SNAPSHOT="true" \
HELM_CT_TEST="true" \
./hack/e2e/run.sh

.PHONY: verify-vendor
test: verify-vendor
verify: verify-vendor
Expand All @@ -251,9 +252,9 @@ generate-kustomize: bin/helm
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrolebinding-provisioner.yaml > ../../deploy/kubernetes/base/clusterrolebinding-provisioner.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrolebinding-resizer.yaml > ../../deploy/kubernetes/base/clusterrolebinding-resizer.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrolebinding-snapshotter.yaml > ../../deploy/kubernetes/base/clusterrolebinding-snapshotter.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/controller.yaml --set "image.repository=k8s.gcr.io/provider-aws/aws-ebs-csi-driver" --api-versions 'snapshot.storage.k8s.io/v1' | sed -e "/namespace: /d" | sed -e "s/:v.*$$//g" > ../../deploy/kubernetes/base/controller.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/controller.yaml --api-versions 'snapshot.storage.k8s.io/v1' | sed -e "/namespace: /d" > ../../deploy/kubernetes/base/controller.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/csidriver.yaml > ../../deploy/kubernetes/base/csidriver.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/node.yaml --set "image.repository=k8s.gcr.io/provider-aws/aws-ebs-csi-driver" | sed -e "/namespace: /d" | sed -e "s/:v.*$$//g" > ../../deploy/kubernetes/base/node.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/node.yaml | sed -e "/namespace: /d" > ../../deploy/kubernetes/base/node.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/poddisruptionbudget-controller.yaml --api-versions 'policy/v1/PodDisruptionBudget' | sed -e "/namespace: /d" > ../../deploy/kubernetes/base/poddisruptionbudget-controller.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/serviceaccount-csi-controller.yaml | sed -e "/namespace: /d" > ../../deploy/kubernetes/base/serviceaccount-csi-controller.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/serviceaccount-csi-node.yaml | sed -e "/namespace: /d" > ../../deploy/kubernetes/base/serviceaccount-csi-node.yaml
Loading

0 comments on commit 7f2b967

Please sign in to comment.