v1.4.0 - 2023-11-20
Breaking Changes ⚠️
total_
prefix in the metrics name has been dropped as part of the latest otel bump in the driver. For Prometheus counters, by default the otel library appendstotal
suffix.total_rotation_reconcile
->rotation_reconcile_total
total_rotation_reconcile_error
->rotation_reconcile_error_total
total_node_publish
->node_publish_total
total_node_unpublish
->node_unpublish_total
total_node_publish_error
->node_publish_error_total
total_node_unpublish_error
->node_unpublish_error_total
total_sync_k8s_secret
->sync_k8s_secret_total
Changelog
Bug Fixes 🐞
- 604019c fix: make manifest diff
- a1380ba fix: update nodeserver publish logs
- cdf0b77 fix: put annotations in right position of daemonset
- bb1815a fix: escape dot in target path regex
- 97d3452 fix: fix CVE-2022-32149 and CVE-2022-27664 (#1059)
- d98c93c fix: handles pfx certs in k8s secrets sync
- 9fcdbb2 fix: update base image reference in script
- ede4c70 fix: sanitize service account tokens in logs
- 2ee77ca fix: use
os.Lstat
to resolveos.Stat
issue in windows - 3ae12bd fix: remove files before cleanup mount point in unpublish
- 0af2483 fix: panic when using --log-format-json
- 830d184 fix: update err variable in defer to prevent err shadowing
- c452ac4 fix: add unit test to validate error shadowed bug
Code Refactoring 💎
- b0af2b9 refactor: use NewSharedInformerFactoryWithOptions for new shared informer
- 14489c7 refactor: update mdbook install and serve
Continuous Integration 💜
- 35d88b7 ci: [StepSecurity] Apply security best practices
- 76b329d ci: add codecov.yml
- 0d4d5a3 ci: update kubernetes versions for staging image tests
- 47bd321 ci: enable tests with kubernetes v1.26
- 12cdcb4 ci: ignore slack badge in markdown link check
- a3c0e4e ci: add codeql action
- 9a120ea ci: bump kubernetes version to v1.25.0
- f8e3435 ci: bump kind version to v0.14.0
- d1181e3 ci: add kubernetes 1.24 in e2e matrix
- ce47672 ci: fix aws eks cluster creation
- 384db8b ci: fix markdown link check workflow failures
- 12d1c99 ci: update kubernetes version matrix in staging e2e workflow
- 0246e35 ci: update e2e_mock_provider_tests kubernetes versions
- 2f16132 ci: add goreleaser workflow for release
- d0e614f ci: fix shellcheck file paths
- 00a1445 ci: add markdown-link-check workflow
Documentation 📘
- d29d835 docs: mention sig-auth subproject in readme
- e0e5c06 docs: add openssf badge
- 905d82b docs: update reference to
registry.k8s.io
in release - 3864b78 docs: update supported releases - v1.3.x and v1.2.x
- b8c64cc docs: add security vuln scanning to release mgmt
- e195c55 docs: update supported releases - v1.2.x and v1.1.x
- 3787ca2 docs: include security explanations for root/privileged/and pod tokens
- b55eaef docs: update instructions on generating release notes
- c0e97a5 docs: add subPath volume mount limitation
- 592ad7b docs: update supported versions and replace v1alpha1 with v1
- 8c41c4a docs: remove helm repo url change note in install steps
- 052429b docs: add slack badge
- 95218a6 docs: fix dead links based on errors
- 0391489 docs: update features and add toc
- ba364e1 docs: Update helm README.md with linux crd image values (#797)
- 856ad85 docs: update supported feature by current providers
- a760c18 docs: fix typo in api version group name
- ed9ecf3 docs: add design docs and roadmap to website
- 99aafa5 docs: add project status to docs
Features 🌈
- 21694f0 feat: add
--version
flag to print the driver version - b4d2608 feat: add default toleration for all taints
- 34cb436 feat: Support disabling Helm chart CRD hooks
- 0723e1e feat: support provider paths under /var/run
- 7ac887a feat: add token requests client (#805)
- 4b8c442 feat: send NodePublishVolumeRequest.VolumeContext in MountRequest to provider
Maintenance 🔧
- 9056530 chore: bump version to v1.4.0 in release-1.4
- c4b22eb chore: update to go 1.21.4 in docker
- 7cdb803 chore: update to go 1.21
- a3fbe36 chore: bump google.golang.org/grpc from 1.49.0 to 1.56.3
- 2a6ad3c chore: bump google.golang.org/grpc in /test/e2eprovider
- 0de7b33 chore: bump golang.org/x/net from 0.10.0 to 0.17.0 in /hack/tools
- 41c8819 chore: bump golang.org/x/net from 0.8.0 to 0.17.0
- 7cf7be9 chore: bump golang.org/x/net from 0.8.0 to 0.17.0 in /test/e2eprovider
- 9743144 chore: bump actions/checkout from 3.5.3 to 4.0.0
- a4aa61d chore: bump github/codeql-action from 2.21.2 to 2.21.5
- dca6d3f chore: cleanup secretproviderclass status
- da9fd72 chore: bump github/codeql-action from 2.21.0 to 2.21.2
- 1b10489 chore: bump k8s.io/code-generator from 0.27.3 to 0.27.4 in /hack/tools
- 663d733 chore: bump github/codeql-action from 2.20.4 to 2.21.0
- a4aea02 chore: bump sigs.k8s.io/controller-tools in /hack/tools
- db8c839 chore: bump github/codeql-action from 2.20.3 to 2.20.4
- 14952e6 chore: bump github/codeql-action from 2.20.1 to 2.20.3
- 2403169 chore: update debian-base to bookworm-v1.0.0
- ca06ac3 chore: bump github/codeql-action from 2.20.0 to 2.20.1
- 19f5ce2 chore: bump ossf/scorecard-action from 2.1.3 to 2.2.0
- 61e53b7 chore: bump sigs.k8s.io/controller-tools in /hack/tools
- 3e9a018 chore: bump k8s.io/code-generator from 0.27.2 to 0.27.3 in /hack/tools
- 47468b8 chore: bump github.com/golangci/golangci-lint in /hack/tools
- 0d6bd57 chore: bump github/codeql-action from 2.3.6 to 2.20.0
- f87cf12 chore: bump actions/dependency-review-action from 3.0.4 to 3.0.6
- fb2ff09 chore: bump actions/checkout from 3.5.2 to 3.5.3
- d2ac05d chore: bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0
- 49f966f chore: bump github/codeql-action from 2.3.3 to 2.3.6
- 6938b86 chore: bump github.com/golangci/golangci-lint in /hack/tools
- c8b330c chore: bump k8s.io/code-generator from 0.26.4 to 0.27.2 in /hack/tools
- 6551fe2 chore: bump k8s deps to
v1.26.4
(#1254) - 7b9e0f9 chore: bump codecov/codecov-action from 3.1.3 to 3.1.4
- ceb7ec6 chore: bump actions/setup-go from 4.0.0 to 4.0.1
- 7e5b5dc chore: bump golang from
79ffe35
to31a8f92
in /test/e2eprovider - 73fd4cc chore: bump golang from
eaf1267
to31a8f92
in /docker - 26c8cd5 chore: bump github/codeql-action from 2.3.2 to 2.3.3
- bc0fbbb chore: bump step-security/harden-runner from 2.3.1 to 2.4.0
- 086c6b6 chore: update node-driver-registrar:v2.8.0, livenessprobe:v2.10.0
- ace8c5a chore: bump google.golang.org/grpc in /test/e2eprovider
- cb49b72 chore: bump k8s.io/klog/v2 from 2.80.1 to 2.100.1 in /test/e2eprovider
- beb650e chore: bump golang from
403f486
to79ffe35
in /docker - 7b4879f chore: bump monis.app/mlog from 0.0.2 to 0.0.4 in /test/e2eprovider
- ca9178e chore: bump golang from
403f486
to79ffe35
in /test/e2eprovider - b855553 chore: bump codecov/codecov-action from 3.1.2 to 3.1.3
- 4f2eae2 chore: bump github/codeql-action from 2.3.0 to 2.3.2
- 5743ab3 chore: bump sigs.k8s.io/controller-tools in /hack/tools
- 0b457df chore: bump github/codeql-action from 2.2.12 to 2.3.0
- 0e85ac0 chore: enable gocritic linter and fix errors
- 1ef0c67 chore: cleanup WritePayloads to be easier to use
- 23b30d1 chore: allow retries on pre-upgrade hook jobs
- 7c7b3e5 chore: bump actions/checkout from 3.5.0 to 3.5.2
- b8069f4 chore: bump github/codeql-action from 2.2.11 to 2.2.12
- dc4bf06 chore: update to go 1.20
- 8048905 chore: bump trivy version to v0.39.1
- 379a4a4 chore: bump kind version to v0.18.0
- e582845 chore: bump github/codeql-action from 2.2.9 to 2.2.11
- 7cce3bb chore: updates error message
- cab63b3 chore: remove unused node name in rotation reconciler
- 957817e chore: remove unused providerVolumePath code paths
- 34afcef chore: bump actions/checkout from 3.4.0 to 3.5.0
- 76f266a chore: bump github.com/golangci/golangci-lint in /hack/tools
- 8b508b2 chore: bump github/codeql-action from 2.2.7 to 2.2.9
- adba078 chore: bump k8s.io/code-generator from 0.26.2 to 0.26.3 in /hack/tools
- a556236 chore: bump google.golang.org/protobuf in /hack/tools
- fa40c79 chore: update golangci-lint to v1.52.1
- ead9b01 chore: bump github/codeql-action from 2.2.6 to 2.2.7
- b4e4c6a chore: bump actions/checkout from 3.3.0 to 3.4.0
- f62667c chore: bump google.golang.org/protobuf in /hack/tools
- ba9625b chore: bump google.golang.org/protobuf in /hack/tools
- 8d15bd1 chore: bump github/codeql-action from 2.2.5 to 2.2.6
- 1367ef6 chore: bump k8s.io/code-generator from 0.26.1 to 0.26.2 in /hack/tools
- 9d23ab4 chore: bump google.golang.org/grpc/cmd/protoc-gen-go-grpc in /hack/tools
- 686b1dc chore: bump gaurav-nelson/github-action-markdown-link-check
- c9e9052 chore: bump github/codeql-action from 2.2.4 to 2.2.5
- 8da23b0 chore: bump golang.org/x/net from 0.4.0 to 0.7.0
- f62048e chore: bump golang.org/x/net from 0.4.0 to 0.7.0 in /hack/tools
- 8bf3cea chore: bump golang.org/x/net from 0.4.0 to 0.7.0 in /test/e2eprovider
- 37b523c chore: bump github/codeql-action from 2.2.2 to 2.2.4
- 7951913 chore: use base and test image from
registry.k8s.io
- bd9efb6 chore: bump sigs.k8s.io/controller-tools in /hack/tools
- 06130f8 chore: bump github/codeql-action from 2.2.1 to 2.2.2
- bd549ea chore: bump sigs.k8s.io/controller-tools in /hack/tools
- 3042513 chore: bump github/codeql-action from 2.1.39 to 2.2.1
- ebce4e4 chore: bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0
- 0a3fee2 chore: bump k8s.io/code-generator from 0.26.0 to 0.26.1 in /hack/tools
- 98ec718 chore: bump github/codeql-action from 2.1.38 to 2.1.39
- 143dc71 chore: pin buildx to
v0.10.6
- fe84ebc chore: bump github/codeql-action from 2.1.37 to 2.1.38
- 8979367 chore: bump actions/checkout from 3.2.0 to 3.3.0
- c4229cb chore: update livenessprobe to v2.9.0
- 94fc545 chore: update node-driver-registrar to v2.7.0
- 42e786e chore: bump sigs.k8s.io/controller-tools in /hack/tools
- 1b6d197 chore: remove windows version 1903, 1909 and 2004 (EOL)
- 93d0e05 chore: bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0
- 68c4a7a chore: bump github/codeql-action from 2.1.36 to 2.1.37
- d2398b1 chore: bump actions/checkout from 3.1.0 to 3.2.0
- df7c1a5 chore: bump k8s.io/code-generator from 0.25.4 to 0.26.0 in /hack/tools
- d772515 chore: bump github/codeql-action from 2.1.35 to 2.1.36
- 7513988 chore: reenable trivy scan for binary
- 4c1a8f5 chore: use kubectl v1.26.0 in driver-crds
- da5a280 chore: switch to
registry.k8s.io
- 215e5c2 chore: update node-driver-registrar to v2.6.2
- 4e6cc57 chore: bump github/codeql-action from 2.1.32 to 2.1.35
- c60d93f chore: bump stefanprodan/helm-gh-pages from 1.6.0 to 1.7.0
- 6a64a91 chore: bump k8s.io/code-generator from 0.25.3 to 0.25.4 in /hack/tools
- c9ec363 chore: bump github/codeql-action from 2.1.31 to 2.1.32
- 1111a97 chore: use kubectl 1.25.4 in driver-crds
- ca89feb chore: remove k8s.io/kubernetes dep
- 59473a2 chore: bump github/codeql-action from 2.1.29 to 2.1.31
- 8778a4c chore: update livenessprobe to v2.8.0
- b12d68a chore: bump github/codeql-action from 2.1.28 to 2.1.29
- 2beee6f chore: bump sigs.k8s.io/controller-tools in /hack/tools
- 4776c62 chore: bump k8s.io/code-generator from 0.25.0 to 0.25.3 in /hack/tools
- 603bb66 chore: bump github.com/golangci/golangci-lint in /hack/tools
- 358b8a3 chore: bump google.golang.org/protobuf in /hack/tools
- 75b1134 chore: bump actions/checkout from 2 to 3
- 6841c6d chore: bump sigs.k8s.io/kustomize/kustomize/v4 in /hack/tools
- f6021d8 chore: bump goreleaser/goreleaser-action from 2.8.1 to 3.2.0
- d3e4260 chore: adds
ok-to-test
label on dependabot prs - 8a52d33 chore: bump github.com/golangci/golangci-lint in /hack/tools
- c8fc68f chore: bump stefanprodan/helm-gh-pages from 1.4.1 to 1.6.0
- 57a5cb9 chore: bump gaurav-nelson/github-action-markdown-link-check
- 762f81f chore: add dependabot.yml
- e3ed2f2 chore: use kubectl 1.25.x in driver-crds
- f938672 chore: update golangci-lint to v1.49.0
- 6fda350 chore: run apt update && apt upgrade -y in dockerfile
- 0dc8c0f chore: support kubernetes v1.25.0
- 980a539 chore: remove psp
- f020bdf chore: update debian-base to bullseye-v1.4.2
- 5680241 chore: update k8s deps to v0.24.4
- 4be2208 chore: update to go 1.19
- e272dc9 chore: update debian-base to bullseye-v1.4.1
- efb3274 chore: update debian-base to bullseye-v1.4.0
- 27032f6 chore: update boilerplate for the generated proto files
- fe049c3 chore: use
google.golang.org/protobuf
and regenerate proto - a95f0e5 chore: update kustomize to v4
- 1d264d2 chore: update tools dependencies and generate manifests
- e0f1850 chore: update kubernetes deps to v1.24.1
- 5ddc969 chore: add
crds.podLabels
for helm hook jobs (#962) - d70d198 chore: update debian-base to bullseye-v1.3.0
- a48fdde chore: bump
node-driver-registrar:v2.5.1
andlivenessprobe:v2.7.0
- 68ef471 chore: bump kind version to v0.13.0 to support kubernetes v1.24
- 75d28a4 chore: update pull request template
- 1faac89 chore: change default to
/var/run
for providers path - e6cc3d5 chore: upgrade makefile test binary versions
- 4b09e85 chore: upgrade to go 1.18
- 1ec0f8b chore: remove deprecated minimumProviderVersions in helm chart
- b46dfcb chore: make token requests conditional for v1.20+
- 37f55b2 chore: bump
node-driver-registrar:v2.5.0
andlivenessprobe:v2.6.0
- ca257a8 chore: mark
v1alpha1
api version as deprecated - ae87243 chore: remove old helm packages and index
- ccb9fa4 chore: updates trivy command
- a596624 chore: log invalid key in error
- dac5381 chore: update debian-base to bullseye-v1.1.0
- f694be2 chore: bump node-driver-reegistrar image to v2.4.0
- 9750771 chore: remove deprecated
--filtered-watch-secret
flag - c78559e chore: bump livenessprobe image to v2.5.0
- 2b27e0c chore: upgrade kubernetes deps
- 6069215 chore: use TARGETARCH for image build and makefile update
- e1f143c chore: use
corev1
as import alias instead ofv1
Security Fix 🛡️
- d3a4a98 security: bump kubernetes version to v1.27.0 in driver-crds
- 369ab7b security: fix CVE-2022-41717
- fe26e98 security: fix CVE-2022-27664
- 586ff3f security: fix CVE-2022-27664
- e24efb7 security: fix multiple CVEs
- 0dde850 security: fix CVE-2022-37434
- 2d85ba6 security: fix CVE-2022-1996
- 94077a6 security: fix multiple CVEs
- 3bfd4f2 security: fix CVE-2022-29526
- ce8133d security: fix CVE-2021-4209
- 9357134 security: fix CVE-2022-1996
- 0c70232 security: fix CVE-2022-34903
- 6152bf1 security: fix CVE-2022-2068
- 84f8b21 security: fix CVE-2022-1664
- 860c83e security: fix CVE-2022-1292
- 28a14d2 security: fix CVE-2022-1271
- f4b9d0f security: fix CVE-2018-25032 and update to debian-base:bullseye-v1.2.0
- 5a34967 security: fix CVEs
- b558858 security: fix CVE-2022-0778, CVE-2021-4160
- e6d1c8f security: fix CVE-2021-3995, CVE-2021-3996
- 6462375 security: fix CVE-2021-43618
Testing 💚
- 4a54858 test: improve nodeserver testing
- ca6a736 test: more usage of t.TempDir()
- cc6f126 test: replace tmpdir with t.TempDir()
- df67b53 test: cleanup provider tests (part 1)
- 725b77d test: use helm upgrade --install for azure e2e
- 86d368e test: use helm charts for azure provider
- 0ec6250 test: conditionally check token requests role and binding
- 899d3ed test: add test for view and admin cluster role (#845)