From 750f953ed26b354cda8ba3c1c656d78d075c34ff Mon Sep 17 00:00:00 2001 From: Eddie Torres Date: Fri, 20 May 2022 12:44:06 +0000 Subject: [PATCH 1/3] Temporarily fix CI Signed-off-by: Eddie Torres --- hack/e2e/eksctl.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hack/e2e/eksctl.sh b/hack/e2e/eksctl.sh index 59b27c8ef5..5ca440a756 100644 --- a/hack/e2e/eksctl.sh +++ b/hack/e2e/eksctl.sh @@ -55,6 +55,9 @@ function eksctl_create_cluster() { fi loudecho "Cluster ${CLUSTER_NAME} kubecfg written to ${KUBECONFIG}" + # TODO: Workaround for https://github.com/weaveworks/eksctl/issues/5257 + # Remove when eksctl releases a fix + sed -i 's/v1alpha1/v1beta1/g' ${KUBECONFIG} loudecho "Getting cluster ${CLUSTER_NAME}" ${BIN} get cluster "${CLUSTER_NAME}" From 89fe2778716d3e381148d83c05f1f590b9f2e0c0 Mon Sep 17 00:00:00 2001 From: Gengtao Xu Date: Thu, 19 May 2022 15:03:30 -0400 Subject: [PATCH 2/3] Prepare release v1.6.2 Move depreated images to dropdown list Signed-off-by: Gengtao Xu --- CHANGELOG-0.x.md | 4 ++++ Makefile | 2 +- docs/README.md | 14 +++++++++++--- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/CHANGELOG-0.x.md b/CHANGELOG-0.x.md index 6ba36e6076..229a604dfe 100644 --- a/CHANGELOG-0.x.md +++ b/CHANGELOG-0.x.md @@ -1,3 +1,7 @@ +# v1.6.2 +## Notable changes +* Address CVE ALAS-2022-1792 + # v1.6.1 ## Notable changes * Address CVE ALAS2-2022-1782, ALAS2-2022-1788, ALAS2-2022-1784 diff --git a/Makefile b/Makefile index 1361a41d2d..bf204f78a0 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -VERSION=v1.6.1 +VERSION=v1.6.2 PKG=github.com/kubernetes-sigs/aws-ebs-csi-driver GIT_COMMIT?=$(shell git rev-parse HEAD) diff --git a/docs/README.md b/docs/README.md index 4517160564..9add31db3e 100644 --- a/docs/README.md +++ b/docs/README.md @@ -72,7 +72,7 @@ Following sections are Kubernetes specific. If you are Kubernetes user, use foll | AWS EBS CSI Driver \ Kubernetes Version| v1.12 | v1.13 | v1.14 | v1.15 | v1.16 | v1.17 | v1.18+| |----------------------------------------|-------|-------|-------|-------|-------|-------|-------| | master branch | no | no | no | no | no | yes | yes | -| v0.9.x-v1.5.x | no | no | no | no | no | yes | yes | +| v0.9.x-v1.6.x | no | no | no | no | no | yes | yes | | v0.5.0-v0.8.x | no | no | yes | yes | yes | yes | yes | | v0.4.0 | no | no | yes | yes | no | no | no | | v0.3.0 | no | no | yes | no | no | no | no | @@ -84,14 +84,21 @@ Following sections are Kubernetes specific. If you are Kubernetes user, use foll ## Container Images: |AWS EBS CSI Driver Version | GCR Image | ECR Image | |---------------------------|--------------------------------------------------|-----------------------------------------------------------------------------| +|v1.6.2 | | public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.6.2 | |v1.6.1 | | public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.6.1 | |v1.6.0 | | public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.6.0 | |v1.5.3 | | public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.5.3 | |v1.5.2 | | public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.5.2 | |v1.5.1 |k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v1.5.1 | public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.5.1 | |v1.5.0 |k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v1.5.0 | public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.5.0 | -|v1.4.0 |k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v1.4.0 | 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/aws-ebs-csi-driver:v1.4.0 | -|v1.3.1 |k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v1.3.1 | 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/aws-ebs-csi-driver:v1.3.1 | +|v1.4.0 |k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v1.4.0 | public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.4.0 | +|v1.3.1 |k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v1.3.1 | public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.3.1 | + +
+Deprecated Container Images + +|AWS EBS CSI Driver Version | GCR Image | ECR Image | +|---------------------------|--------------------------------------------------|-----------------------------------------------------------------------------| |v1.3.0 |k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v1.3.0 | 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/aws-ebs-csi-driver:v1.3.0 | |v1.2.1 |k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v1.2.1 | 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/aws-ebs-csi-driver:v1.2.1 | |v1.2.0 |k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v1.2.0 | 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/aws-ebs-csi-driver:v1.2.0 | @@ -115,6 +122,7 @@ Following sections are Kubernetes specific. If you are Kubernetes user, use foll |v0.1.0 | | amazon/aws-ebs-csi-driver:0.1.0-alpha | **Note**: If your cluster isn't in the `us-west-2` Region, please change `602401143452.dkr.ecr.us-west-2.amazonaws.com` to the [address](https://github.com/awsdocs/amazon-eks-user-guide/blob/master/doc_source/add-ons-images.md) that corresponds to your Region. +
## Features * **Static Provisioning** - create a new or migrating existing EBS volumes, then create persistence volume (PV) from the EBS volume and consume the PV from container using persistence volume claim (PVC). From fe1cede076225565d1f44073c6498e24941e7fa0 Mon Sep 17 00:00:00 2001 From: Gengtao Xu Date: Fri, 20 May 2022 15:58:48 -0400 Subject: [PATCH 3/3] Post-release v1.6.2 Signed-off-by: Gengtao Xu --- charts/aws-ebs-csi-driver/CHANGELOG.md | 5 +++++ charts/aws-ebs-csi-driver/Chart.yaml | 4 ++-- charts/aws-ebs-csi-driver/values.yaml | 4 ++-- deploy/kubernetes/base/clusterrole-snapshotter.yaml | 6 +++--- deploy/kubernetes/base/controller.yaml | 4 ++-- deploy/kubernetes/base/node.yaml | 4 ++-- docs/RELEASE.md | 4 ++-- examples/kubernetes/windows/README.md | 2 +- 8 files changed, 19 insertions(+), 14 deletions(-) diff --git a/charts/aws-ebs-csi-driver/CHANGELOG.md b/charts/aws-ebs-csi-driver/CHANGELOG.md index 3f8559a68b..a7372cdccf 100644 --- a/charts/aws-ebs-csi-driver/CHANGELOG.md +++ b/charts/aws-ebs-csi-driver/CHANGELOG.md @@ -1,5 +1,10 @@ # Helm chart +## v2.6.8 + +* Bump app/driver to version `v1.6.2` +* Bump sidecar version for nodeDriverRegistrar, provisioner to be consistent with EKS CSI Driver Add-on + ## v2.6.7 * Bump app/driver to version `v1.6.1` diff --git a/charts/aws-ebs-csi-driver/Chart.yaml b/charts/aws-ebs-csi-driver/Chart.yaml index 67c20099ea..41a62924d9 100644 --- a/charts/aws-ebs-csi-driver/Chart.yaml +++ b/charts/aws-ebs-csi-driver/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 1.6.1 +appVersion: 1.6.2 name: aws-ebs-csi-driver description: A Helm chart for AWS EBS CSI Driver -version: 2.6.7 +version: 2.6.8 kubeVersion: ">=1.17.0-0" home: https://github.com/kubernetes-sigs/aws-ebs-csi-driver sources: diff --git a/charts/aws-ebs-csi-driver/values.yaml b/charts/aws-ebs-csi-driver/values.yaml index 2a9d6344ed..2273d9fe3f 100644 --- a/charts/aws-ebs-csi-driver/values.yaml +++ b/charts/aws-ebs-csi-driver/values.yaml @@ -19,7 +19,7 @@ sidecars: image: pullPolicy: IfNotPresent repository: k8s.gcr.io/sig-storage/csi-provisioner - tag: "v2.1.1" + tag: "v2.2.2" logLevel: 2 resources: {} attacher: @@ -57,7 +57,7 @@ sidecars: image: pullPolicy: IfNotPresent repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar - tag: "v2.1.0" + tag: "v2.3.0" logLevel: 2 resources: {} diff --git a/deploy/kubernetes/base/clusterrole-snapshotter.yaml b/deploy/kubernetes/base/clusterrole-snapshotter.yaml index 633b9cb3a4..b14a3f839c 100644 --- a/deploy/kubernetes/base/clusterrole-snapshotter.yaml +++ b/deploy/kubernetes/base/clusterrole-snapshotter.yaml @@ -14,9 +14,9 @@ rules: # Enable it if your driver needs secret. # For example, `csi.storage.k8s.io/snapshotter-secret-name` is set in VolumeSnapshotClass. # See https://kubernetes-csi.github.io/docs/secrets-and-credentials.html for more details. - # - apiGroups: [""] - # resources: ["secrets"] - # verbs: ["get", "list"] + # - apiGroups: [ "" ] + # resources: [ "secrets" ] + # verbs: [ "get", "list" ] - apiGroups: [ "snapshot.storage.k8s.io" ] resources: [ "volumesnapshotclasses" ] verbs: [ "get", "list", "watch" ] diff --git a/deploy/kubernetes/base/controller.yaml b/deploy/kubernetes/base/controller.yaml index 03616b8320..bc2ae250e0 100644 --- a/deploy/kubernetes/base/controller.yaml +++ b/deploy/kubernetes/base/controller.yaml @@ -31,7 +31,7 @@ spec: tolerationSeconds: 300 containers: - name: ebs-plugin - image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.6.1 + image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.6.2 imagePullPolicy: IfNotPresent args: # - {all,controller,node} # specify the driver mode @@ -81,7 +81,7 @@ spec: periodSeconds: 10 failureThreshold: 5 - name: csi-provisioner - image: k8s.gcr.io/sig-storage/csi-provisioner:v2.1.1 + image: k8s.gcr.io/sig-storage/csi-provisioner:v2.2.2 imagePullPolicy: IfNotPresent args: - --csi-address=$(ADDRESS) diff --git a/deploy/kubernetes/base/node.yaml b/deploy/kubernetes/base/node.yaml index ba366bfad8..c92cc8540b 100644 --- a/deploy/kubernetes/base/node.yaml +++ b/deploy/kubernetes/base/node.yaml @@ -45,7 +45,7 @@ spec: - name: ebs-plugin securityContext: privileged: true - image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.6.1 + image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.6.2 imagePullPolicy: IfNotPresent args: - node @@ -80,7 +80,7 @@ spec: periodSeconds: 10 failureThreshold: 5 - name: node-driver-registrar - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.1.0 + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.3.0 imagePullPolicy: IfNotPresent args: - --csi-address=$(ADDRESS) diff --git a/docs/RELEASE.md b/docs/RELEASE.md index 980445d8d0..cd63620c9f 100644 --- a/docs/RELEASE.md +++ b/docs/RELEASE.md @@ -69,11 +69,11 @@ Follow the AWS-internal process. ## Verify the images are available In ECR Public: - - `docker pull public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.6.1` + - `docker pull public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:{release version}` In ECR: - `aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin 602401143452.dkr.ecr.us-west-2.amazonaws.com` - - `docker pull 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/aws-ebs-csi-driver:v1.6.1` + - `docker pull 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/aws-ebs-csi-driver:{release version}` ## Create the post-release commit in the release branch diff --git a/examples/kubernetes/windows/README.md b/examples/kubernetes/windows/README.md index 13d35efaa0..ae743ad4b8 100644 --- a/examples/kubernetes/windows/README.md +++ b/examples/kubernetes/windows/README.md @@ -6,7 +6,7 @@ This example shows how to create a EBS volume and consume it from a Windows cont 1. A 1.18+ Windows node. Windows support has only been tested on 1.18 EKS Windows nodes. https://docs.aws.amazon.com/eks/latest/userguide/windows-support.html 2. [csi-proxy](https://github.com/kubernetes-csi/csi-proxy) v1.0.0+ installed on the Windows node. -3. Driver v1.6.1 from ECR: `public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.6.1`. It can be built and pushed to another image registry with the command `TAG=$MY_TAG REGISTRY=$MY_REGISTRY make all-push` where `MY_TAG` refers to the image tag to push and `MY_REGISTRY` to the destination image registry like "XXXXXXXXXXXX.dkr.ecr.us-west-2.amazonaws.com" +3. Driver v1.6.0+ from ECR: `public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:{driver version}`. It can be built and pushed to another image registry with the command `TAG=$MY_TAG REGISTRY=$MY_REGISTRY make all-push` where `MY_TAG` refers to the image tag to push and `MY_REGISTRY` to the destination image registry like "XXXXXXXXXXXX.dkr.ecr.us-west-2.amazonaws.com" 4. The driver installed with the Node plugin on the Windows node and the Controller plugin on a Linux node: `helm upgrade --install aws-ebs-csi-driver --namespace kube-system ./charts/aws-ebs-csi-driver --set node.enableWindows=true --set image.repository=$MY_REGISTRY/aws-ebs-csi-driver --set image.tag=$MY_TAG` ## Usage