Block Storage for VPC cluster add-on change log
View information for patch updates to the Block Storage for VPC cluster add-on in your IBM Cloud Kubernetes Service clusters.
- Patch updates
- Patch updates are delivered automatically by IBM and don't contain any feature updates or changes in the supported add-on and cluster versions.
- Release updates
- Release updates contain new features for the Block Storage for VPC or changes in the supported add-on or cluster versions. You must manually apply release updates to your Block Storage for VPC cluster add-on. To update your Block Storage for VPC cluster add-on, see Updating the Block Storage for VPC cluster add-on.
To view a list of add-ons and the supported cluster versions in the CLI, run the following command.
ibmcloud ks cluster addon versions --addon vpc-block-csi-driver
To view a list of add-ons and the supported cluster versions, see the Supported cluster add-ons table.
Before you migrate to a 5.x
release from a previous release, you must not have any volume snapshots in failure
state. For more information, see Why can't I delete my Block Storage for VPC volume snapshot resources?.
Version 5.2
Change log for version 5.2.24_641, released 20 November 2024
- Updates the golang base image to
1.22.9
. - Introduces an
init
container to clean up any leftover controller pods from the 5.1 release.
Change log for version 5.2.21_602, released 3 October 2024
- Adds support for cross-account snapshot restoration.
- Updates the golang base image to
1.22.7
. - Updates to Kubernetes 1.30 client libraries.
- Updates the CSI specification to version
1.9.0
. - Fixes a security issue for the CSI sidecar liveness probe. The sidecar now runs as non-root in the Node Server pod.
- Adds the ability to set a default storage class. For more information, see Setting the default storage class.
- Updates the following sidecar images:
csi-provisioner:v5.0.2
,csi-resizer:v1.11.2
,csi-snapshotter:v8.0.1
,csi-attacher:v4.6.1
,livenessprobe:v2.13.1
, andcsi-node-driver-registrar:v2.11.1
- Resolves CVE-2024-2398, CVE-2024-37370, CVE-2024-37371.
Change log for version 5.2.20_579, released 15 July 2024
- Updates the golang image to
1.21.12-community
. - Updates the
armada-storage-secret
tov1.3.10
. - Resolves CVE-2024-28182 and CVE-2023-2953.
Change log for version 5.2.19_570, released 21 June 2024
- Updates
golang
to1.21.11-community
. - Updates the
armada-storage-secret
tov1.3.9
. - Resolves: CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602.
Change log for version 5.2.18_539, released 10 May 2024
- Updates
golang
to1.21.9-community
. - Removes
curl
package from base image. - Updates the
armada-storage-secret
tov1.3.7
. - Resolves CVE-2023-46218, CVE-2023-28322, and CVE-2023-38546.
Change log for 5.2.17_535, released 08 March 2024
- Base image migrated from UBI to golang.
Change log for version 5.2.15_501, released 08 February 2024
- Changes how the IAM endpoint is determined for VPC Gen2 clusters.
- Upgrades Kubernetes client library to 1.28.
- Upgrades CSI spec to 1.8.0.
- Resolves the following CVEs: CVE-2022-48560, CVE-2022-48564, CVE-2023-39615, CVE-2023-43804, CVE-2023-45803, and CVE-2023-5981.
- Updates the following sidecar images:
armada-storage-secret
tov1.3.5
.csi-attacher
tov4.4.3
.csi-node-driver-registrar
tov2.9.3
.csi-provisioner
tov3.6.3
.csi-resizer
tov1.9.3
.csi-snapshotter
tov6.3.3
.livenessprobe
tov2.11.0
.
Change log for version 5.2.14_485, released 10 January 2024
- Resolves CVE-2023-3446, CVE-2023-3817, and CVE-2023-5678.
- Applies a security fix to use the correct socket path following SElinux policy module changes and CSI recommendations to use
/var/lib/kubelet/plugins/
.
Change log for version 5.2.11_447, released 27 November 2023
- Updates Golang to
1.20.11
. - Updates the UBI image to
8.9.1029
. - Updates
armada-storage-secret
tov1.3.3
. - Resolves the following CVEs: CVE-2023-22745, CVE-2007-4559, CVE-2023-40217, and CVE-2023-4641.
Change log for version 5.2.10_428, released 13 November 2023
- Updates Golang
1.20.10
. - Updates the
storage-secret-sidecar
image to1.3.2
. - The add-on tries to reach the IAM endpoint/token exchange URL for 5 minutes, in case of timeout.
- Resolves the following CVEs: CVE-2023-44487, CVE-2023-4911, CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, and CVE-2023-39325.
Change log for version 5.2, released 25 September 2023
- Adds support for Z system. Multi-architecture images are supported on both
s390x
andamd64
based clusters. - Adds a new configurable flag
VolumeAttachmentLimit
inaddon-vpc-block-csi-driver-configmap
configMap that allows users to edit the maximum number of volumes that can be attached per node. The default value is set to12
. - Deploys controller pods as
Deployments
. Previous releases were deployed asSatefulsets
. - Resolves an issue where logs showed incorrect completion duration of some CSI operations.
- Pulls sidecars from
registry.k8s.io
. - Adds support for 2 volume snapshot classes with delete and retain policies.
- Updates
k8s
package from1.26.1
to1.26.6
.
Version 5.1
Change log for version 5.1.29_642, released 20 November 2024
- Updates the golang base image to
1.22.9
. - Introduces an
init
container to clean up any leftover controller pods from 5.2 release.
Change log for version 5.1.26_601, released 3 October 2024
- Updates the golang base image to
1.22.7
. - Updates to Kubernetes 1.30 client libraries.
- Updates the CSI specification to version
1.9.0
. - Fixes a security issue for the CSI sidecar liveness probe. The sidecar now runs as non-root in the Node Server pod.
- Adds the ability to set a default storage class. For more information, see Setting the default storage class.
- Updates the following sidecar images:
csi-provisioner:v5.0.2
,csi-resizer:v1.11.2
,csi-snapshotter:v8.0.1
,csi-attacher:v4.6.1
,livenessprobe:v2.13.1
, andcsi-node-driver-registrar:v2.11.1
- Resolves CVE-2024-2398, CVE-2024-37370, CVE-2024-37371.
Change log for version 5.1.25_574, released 15 July 2024
- Updates the golang image to
1.21.12-community
. - Updates the
armada-storage-secret
tov1.2.40
. - Resolves CVE-2024-28182 and CVE-2023-2953.
Change log for version 5.1.24_567, released 21 June 2024
- Updates
golang
to1.21.11-community
. - Updates the
armada-storage-secret
tov1.3.8
. - Resolves: CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602.
Change log for version 5.1.23_543, released 10 May 2024
- Updates
golang
to1.21.9-community
. - Removes
curl
package from base image. - Updates the
armada-storage-secret
tov1.2.35
. - Resolves CVE-2023-46218, CVE-2023-28322, and CVE-2023-38546.
Change log for 5.1.22_522, released 08 March 2024
- Base image migrated from UBI to golang.
Change log for version 5.1.21_506, released 08 February 2024
- Changes how the IAM endpoint is determined for VPC Gen2 clusters.
- Upgrades Kubernetes client library to 1.28.
- Upgrades CSI spec to 1.8.0.
- Resolves the following CVEs: CVE-2022-48560, CVE-2022-48564, CVE-2023-39615, CVE-2023-43804, CVE-2023-45803, and CVE-2023-5981.
- Updates the following sidecar images:
armada-storage-secret
tov1.2.31
.csi-attacher
tov4.4.3
.csi-node-driver-registrar
tov2.9.3
.csi-provisioner
tov3.6.3
.csi-resizer
tov1.9.3
.csi-snapshotter
tov6.3.3
.livenessprobe
tov2.11.0
.
Change log for version 5.1.19_486, released 10 January 2024
- Resolves CVE-2023-3446, CVE-2023-3817, and CVE-2023-5678.
- Applies a security fix to use the correct socket path following SElinux policy module changes and CSI recommendations to use
/var/lib/kubelet/plugins/
.
Change log for version 5.1.16_446, released 27 November 2023
- Updates Golang to
1.20.11
. - Updates the UBI image to
8.9.1029
. - Updates
armada-storage-secret
tov1.2.29
. - Resolves the following CVEs: CVE-2023-22745, CVE-2007-4559, CVE-2023-40217, and CVE-2023-4641.
Change log for version 5.1.15_419 released 13 November 2023
- Updates Golang
1.20.10
. - Updates the
storage-secret-sidecar
image to1.2.28
. - The add-on tries reaching the IAM endpoint/token exchange URL for 5 minutes, in case of timeout.
- Resolves the following CVEs: CVE-2023-44487, CVE-2023-4911, CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, and CVE-2023-39325.
Change log for version 5.1.13_345, released 14 September 2023
- Updated the UBI image to
8.8-860
. - Updated the Golang updated to
1.19.12
. - Resolves the following CVEs: CVE-2023-34969, CVE-2023-28321, CVE-2023-2602, CVE-2023-2603, CVE-2023-28484, CVE-2023-29469, CVE-2023-27536, CVE-2023-3899, and CVE-2023-32681.
Change log for version 5.1.12_285, released 01 August 2023
- Node affinity added for controller server and node server, so that pods do not crash on Z system (s390x) based clusters.
- Resolves the following CVEs: CVE-2023-26604, CVE-2020-24736, CVE-2023-1667, and CVE-2023-2283.
Change log for version 5.1.11_126, released 21 June 2023
- Updates the following sidecar images:
storage-secret-sidecar
tov1.2.24
.csi-node-driver-registrar
tov2.7.0
.livenessprobe
tov2.9.0
.csi-provisioner
tov3.4.1
.csi-attacher
tov4.2.0
.csi-resizer
tov1.7.0
.csi-snapshotter
tov6.2.1
.
- Updates the UBI image
8.8-860
. - Updates Golang to
1.19.10
. - Resolves the following CVEs:
- Introduced two new configurable flags in
addon-vpc-block-csi-driver-configmap
configMap to enable/disable and edit the retry interval for Snapshot Creation.IsSnapshotEnabled
allows users to disable or enable snapshot functionality. By default, this parameter is set totrue
CustomSnapshotCreateDelay
allows users to edit the maximum delay (in seconds) for snapshot calls in case the source volume is not found and the volume is not attached. The maximum delay allowed is 15 minutes and the default is 5 minutes.
Change log for version 5.1.8_1970, released 15 May 2023
- Updates UBI image to
8.7-1107
- Updates Golang to
1.19.8
- Users must determine token exchange URL based on cluster provider. For Satellite clusters, always use the provided token exchange URL. If the URL is not provided, use public IAM endpoint.
- Resolves the following CVEs:
Change log for version 5.1.6_1872, released 05 April 2023
- Updates the storage-secret-sidecar image to
v1.2.20
. - Updates Golang to
v1.19.7
. - Updates the UBI image to
8.7-1085.1679482090
- Resolves the following CVEs:
Change log for version 5.1.5_1857, released 29 March 2023
- Updates the storage-secret-sidecar image to
v1.2.19
. - Resolves CVE-2023-23916
Change log for version 5.1.4_1852, released 07 March 2023
- Upgrades Kubernetes packages to version
1.26
. - Updates the storage-secret-sidecar image to
v1.2.18
. - Resolves the following CVEs: CVE-2020-10735, CVE-2021-28861, CVE-2022-45061, CVE-2022-4415, CVE-2022-40897.
Change log for version 5.1.2_1828, released 21 February 2023
- Resolves CVE-2022-47629.
Change log for version 5.1, released 9 February 2023
- Updates the snapshot size to reflect actual source volume size.
- Improves the resize method when creating a volume from a snapshot.
- Updates the Kubernetes dependency to
1.25
. - Adds support for configuring the log level for sidecars from the configmap.
- Makes the
ibmc-vpcblock-snapshot
class the defaultVolumesnapshotclass
. - Adds the
priorityClass
in the deployment file for controller and node pods. - Updates the driver to read the node instance ID from the node spec provider ID instead of node labels.
- Fixes a bug in volume expansion for raw block volumes.
- Removes the
preStop
hook for thecsi-driver-registrar
.
Version 5.0
Change log for version 5.0.23_437, released 27 November 2023
- Updates Golang to
1.20.11
. - Updates the UBI image to
8.9.1029
. - Updates
armada-storage-secret
tov1.2.29
. - Resolves the following CVEs: CVE-2023-22745, CVE-2007-4559, CVE-2023-40217, and CVE-2023-4641.
Change log for version 5.0.21_401, released 13 November 2023
- Updates Golang to
1.20.10
. - Updates the
storage-secret-sidecar
image to1.2.28
. - Resolves the following CVEs: CVE-2023-44487, CVE-2023-4911, CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, and CVE-2023-39325.
Change log for version 5.0.19_358, released 14 September 2023
- Updated the UBI image to
8.8-860
. - Updated the Golang updated to
1.19.12
. - Resolves the following CVEs: CVE-2023-34969, CVE-2023-28321, CVE-2023-2602, CVE-2023-2603, CVE-2023-28484, CVE-2023-29469, CVE-2023-27536, CVE-2023-3899, and CVE-2023-32681.
Change log for version 5.0.17_266, released 01 August 2023
- Node affinity added for controller server and node server, so that pods do not crash on Z system (s390x) based clusters.
- Resolves the following CVEs: CVE-2023-26604, CVE-2020-24736, CVE-2023-1667, and CVE-2023-2283.
Change log for version 5.0.16_127, released 21 June 2023
- Updates the following sidecar images:
storage-secret-sidecar
tov1.2.24
.csi-node-driver-registrar
tov2.7.0
.livenessprobe
tov2.9.0
.csi-provisioner
tov3.4.1
.csi-attacher
tov4.2.0
.csi-resizer
tov1.7.0
.csi-snapshotter
tov6.2.1
.
- Updates the UBI image
8.8-860
. - Updates Golang to
1.19.10
. - Resolves the following CVEs: CVE-2022-43552, CVE-2022-3204, CVE-2023-27535,[CVE-2022-36227], CVE-2022-35252, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-29402, CVE-2023-29400, CVE-2023-24540, CVE-2023-24539.
- Introduced two new configurable flags in
addon-vpc-block-csi-driver-configmap
configMap to enable/disable and edit the retry interval for Snapshot Creation.IsSnapshotEnabled
allows users to disable or enable snapshot functionality. By default, this parameter is set totrue
CustomSnapshotCreateDelay
allows users to edit the maximum delay (in seconds) for snapshot calls in case the source volume is not found and the volume is not attached. The maximum delay allowed is 15 minutes and the default is 5 minutes.
Change log for version 5.0.12_1963, released 15 May 2023
- Updates UBI image to
8.7-1107
- Updates Golang to
1.19.8
- Users must determine token exchange URL based on cluster provider. For Satellite clusters, always use the provided token exchange URL. If the URL is not provided, use public IAM endpoint.
- Resolves the following CVEs: CVE-2023-0361, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538.
Change log for version 5.0.10_1869, released 05 April 2023
- Updates the storage-secret-sidecar image to
v1.2.20
. - Updates Golang to
v1.19.7
. - Updates the UBI image to
8.7-1085.1679482090
- Resolves the following CVEs: CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, and CVE-2023-0286.
Change log for version 5.0.9_1862, released 29 March 2023
- Updates the storage-secret-sidecar image to
v1.2.19
. - Resolves CVE-2023-23916
Change log for version 5.0.8_1841, released 07 March 2023
- Updates the storage-secret-sidecar image to
v1.2.18
. - Resolves the following CVEs: CVE-2020-10735, CVE-2021-28861, CVE-2022-45061, CVE-2022-4415, CVE-2022-40897.
Change log for version 5.0.7_1836, released 21 February 2023
- Added
priorityClass
in the deployment file for controller and node pods. - Removed
preStop hook
for thecsi-driver-registrar
. - Resolves CVE-2022-47629.
Change log for version 5.0.5_1784, released 24 January 2023
- Updates the storage-secret-sidecar image to
v1.2.15
. - Resolves CVE-2022-43680, CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, CVE-2022-3821, CVE-2022-35737, and CVE-2021-46848.
Change log for version 5.0.4_1773, released 10 January 2023
- Updates Golang to
1.18.9
. - Updates the
storage-secret-sidecar
image tov1.2.14
. - Fixed volume tagging issue related to multiple tags.
- Added Block storage volume health state in driver logs. Volume health gives a detailed description as mentioned in the Managing block storage doc.
- Resolves the following CVEs:
Change log for version 5.0.2_1713, released 17 November 2022
- Updates the
storage-secret-sidecar
image tov1.2.12
- Resolves the following CVEs:
Change log for version 5.0.1_1695, released 9 November 2022
- Updates the
storage-secret-sidecar
image tov1.2.10
- Updates the
csi-node-driver-registrar
tov2.5.0
- Updates the
livenessprobe
tov2.6.0
- Updates the
csi-provisioner
tov3.2.1
- Updates the
csi-attacher
tov3.5.0
- Updates the
csi-resizer
tov1.5.0
- Resolves the following CVEs:
Change log for version 5.0, released 11 October 2022
- Adds snapshot support for cluster versions 1.25 and later.
- Makes the resource requests and limits of the
vpc-block-csi-driver
containers configurable. To view the config runkubectl get cm -n kube-system addon-vpc-block-csi-driver-configmap -o yaml
- Adds the following parameters for customizing the driver.
AttachDetachMinRetryGAP: "3"
: The initial retry interval for checking Attach/Detach Status. The default is 3 seconds.AttachDetachMinRetryAttempt: "3"
: The number of attempts for AttachDetachMinRetryGAP. The default is 3 retries for 3 seconds retry gap.AttachDetachMaxRetryAttempt: "46"
: Total number of retries for checking Attach/Detach Status. Default is 46 times. For example, ~7 minutes (3 secs * 3 times + 6 secs * 6 times + 10 secs * 10 times).AttacherWorkerThreads: "15"
: The number ofgoroutines
for processing VolumeAttachments.AttacherKubeAPIBurst: "10"
: The number of requests to the Kubernetes API server, exceeding the QPS, that can be sent at any given timeAttacherKubeAPIQPS: "5.0"
: The number of requests per second sent by a Kubernetes client to the Kubernetes API server.
- Disables the
handle-volume-inuse-error
option as this is applies to CSI drivers that support offline expansion only.
Change log for version 5.0.4-beta_1566, released 14 July 2022
- Updates the storage-secret-sidecar image to
v1.1.12
. - Updates Golang to version
1.18.3
. - Updates UBI image to version
8.6-854
. - Pushes community images to
icr.io
. - Fixes a bug for
user_tags
andservice_tags
data types. - Changes the
volumesnapshotclass
name. - Fixes for format errors and mount failures.
- Resolves the following CVEs:
Change log for version 5.0.1-beta_1411, released 15 June 2022
Fixes a bug where the resource group wasn't included in the snapshot creation request payload.
Change log for version 5.0.0-beta_1125, released 10 June 2022
Adds snapshot support.
Version 4.4
Change log for version 4.4.17_1829, released 21 February 2023
- Resolves CVE-2022-47629.
Change log for version 4.4.16_1779, released 24 January 2023
- Updates the storage-secret-sidecar image to
v1.2.15
. - Resolves CVE-2022-43680, CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, CVE-2022-3821, CVE-2022-35737, and CVE-2021-46848.
Change log for version 4.4.15_1764, released 10 January 2023
- Updates Golang to
1.18.9
. - Updates the
storage-secret-sidecar
image tov1.2.14
. - Fixed volume tagging issue related to multiple tags.
- Resolves the following CVEs:
Change log for version 4.4.13_1712, released 17 November 2022
- Updates the
storage-secret-sidecar
image tov1.2.12
- Resolves the following CVEs:
Change log for version 4.4.12_1700, released 9 November 2022
- Updates the
storage-secret-sidecar
image tov1.2.10
, - Updates the
csi-node-driver-registrar
tov2.5.0
- Updates the
livenessprobe
tov2.6.0
- Updates the
csi-provisioner
tov3.2.1
- Updates the
csi-attacher
tov3.5.0
- Updates the
csi-resizer
tov1.5.0
- Resolves the following CVEs: CVE-2022-37434, CVE-2022-2509, CVE-2022-40674, CVE-2020-35525, CVE-2020-35527, CVE-2022-3515.
Change log for version 4.4.11_1614, released 23 September 2022
- Updates the
storage-secret-sidecar
image tov1.2.8
. - Updates the golang version to
1.18.6
. - Resolves the following CVEs: CVE-2022-27664, CVE-2022-32190.
Change log for version 4.4.10_1578, released 13 September 2022
- Updates the
storage-secret-sidecar
image tov1.2.7
- Resolves the following CVEs: CVE-2022-32206, CVE-2022-32208, CVE-2022-2526.
Change log for version 4.4.9_1566, released 25 August 2022
- Updates Golang to version
1.18.5
- Updates the
storage-secret-sidecar
image tov1.2.6
- Resolves the following CVEs: CVE-2022-1586, CVE-2022-2068, CVE-2022-1292, CVE-2022-2097.
Change log for version 4.4.8_1550, released 18 July 2022
- Updates the
storage-secret-sidecar
image tov1.2.5
- Updates Golang to version
1.18.3
- Updates UBI image to version
8.6-854
- Fixes an issue where volume mounting on node fails with already mounted error.
- Resolves the following CVEs: CVE-2022-29824, CVE-2021-40528, CVE-2022-22576, CVE-2022-27774, CVE-2022-27776, CVE-2022-27782, CVE-2022-25313, CVE-2022-25314.
Change log for version 4.4.6_1446, released 24 June 2022
- Includes an update where volume creation or expansion isn't retried if the provided volume capacity is not supported by volume profile.
- Updates the
storage-secret-sidecar
image tov1.2.4
- Resolves CVE-2022-1271
- Adds a security fix related with image signing.
Change log for version 4.4.5_1371, released 13 June 2022
- Adds support for IAM trusted profiles.
- Adds IAM token caching in memory for up to 40 minutes which reduces the number of calls to IAM and improves driver performance.
- Updates the
storage-secret-sidecar
image tov1.2.3
. - Fixes a volume expansion error handling issue.
Version 4.3
Change log for version 4.3.8_1705 released 11 November 2022
- Updates the
storage-secret-sidecar
image tov1.2.10
- Updates the
csi-node-driver-registrar
tov2.5.0
- Updates the
livenessprobe
tov2.6.0
- Updates the
csi-provisioner
tov3.2.1
- Updates the
csi-attacher
tov3.5.0
- Updates the
csi-resizer
tov1.5.0
- Resolves the following CVEs: CVE-2022-37434, CVE-2022-2509, CVE-2022-40674, CVE-2020-35525, CVE-2020-35527, CVE-2022-3515
Change log for version 4.3.7_1613, released 22 September 2022
- Updates the
storage-secret-sidecar
image tov1.1.15
. - Updates the golang version to
1.18.6
. - Resolves the following CVEs: CVE-2022-27664 and CVE-2022-32190.
Change log for version 4.3.6_1579, released 12 September 2022
- Updates the
storage-secret-sidecar
image tov1.1.14
- Resolves the following CVEs: CVE-2022-32206, CVE-2022-32208, CVE-2022-2526.
Change log for version 4.3.5_1563, released 24 August 2022
- Updates Golang to version
1.18.5
- Updates the
storage-secret-sidecar
image tov1.1.13
- Resolves the following CVEs: CVE-2022-1586, CVE-2022-2068, CVE-2022-1292, CVE-2022-2097.
Change log for version 4.3.4_1551, released 18 July 2022
- Updates the
storage-secret-sidecar
image tov1.1.12
- Updates Golang to version
1.18.3
- Updates UBI image to version
8.6-854
- Improves secret watcher in case of secret update.
- Fixes an issue where volume mounting on node fails with already mounted error.
- Resolves the following CVEs: CVE-2022-29824, CVE-2021-40528, CVE-2022-22576, CVE-2022-27774, CVE-2022-27776, CVE-2022-27782, CVE-2022-25313, CVE-2022-25314.
Change log for version 4.3.2_1441, released 17 June 2022
- Added security fix related to image signing
- Updates the
storage-secret-sidecar
image tov1.1.11
- Resolves CVE-2022-1271
Change log for version 4.3.0_1163, released 25 May 2022
- Resolves the following CVEs: CVE-2021-3634, CVE-2021-3737, [CVE-2021-4189]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189){: external}.
- Updates the
storage-secret-sidecar
image tov1.1.10
- Fixes Volume provisioning failure when in StorageClass Region is provided without zone info
- Fixes an issue where volume creation fails if only
failure-domain.beta.kubernetes.io/zone
is given inallowedTopologies
Region
support is now DEPRECATED in the storage class. Providing "region" detail in storage classes is deprecated in this release, this will not cause any issues with either existing PVC or new PVC. For now the default behavior is to get the region detail from the node label only which is now mandatory for all cases.
Version 4.2
Change log for version 4.2.6_1161, released 12 May 2022
- Updates armada-storage-secret to
v1.1.10
- Resolves the following CVEs: CVE-2021-3634, CVE-2021-3737, CVE-2021-4189.
Change log for version 4.2.5_1106, released 12 May 2022
- Updates armada-storage-secret to
v1.1.9
- Updates the UBI version to
8.5-243.1651231653
- Resolves CVE-2022-1271.
Change log for version 4.2.3_983, released 11 April 2022
- Updates armada-storage-secret to
v1.1.8
- Resolves CVE-2022-0778.
Change log for version 4.2.2_900, released 24 March 2022
- Updates armada-storage-secret to
v1.1.7
- Resolves CVE-2022-24921.
- Update Golang to
1.16.15
Change log for version 4.2.1_895, released 17 March 2022
- Resolves CVE-2022-24407.
- Updates the
armada-storage-secret
to v1.1.6.
Change log for version 4.2.0_890, released 28 February 2022
Updates in this version:
- Volume expansion support is now generally available.
- Removes unused variables
sizeRange
andsizeIOPSRange
from storage classes. - Makes
ibmc-vpc-block-10iops-tier
the default storage class via the newaddon-vpc-block-csi-driver-configmap
in thekube-system
namespace. - Resolves the following CVEs: CVE-2021-3712 and CVE-2021-3521, CVE-2022-23772, CVE-2022-23773, and CVE-2022-23806.
- Updates Golang to version 1.16.14.
- All the storage classes that are installed with the add-on now have
allowVolumeExpansion=true
.
After updating to version 4.2, you must complete the following steps.
- Delete and re-create any of your own storage classes that use the
sizeRange
oriopsRange
parameters. - If you use a default storage class other than
ibmc-vpc-block-10iops-tier
, you must change theisStorageClassDefault
setting tofalse
in theaddon-vpc-block-csi-driver-configmap
configmap in thekube-system
namespace. For more information, see Changing the default storage class.
Version 4.1
Review the changes in version 4.1
of the Block Storage for VPC cluster add-on.
Change log for version 4.1.3_846, released 14 February 2022
Review the changes in version 4.1.3_846
of the Block Storage for VPC cluster add-on.
- Resolves the following CVEs.
Change log for version 4.1.2_834, released 27 January 2022
- Fixes an issue where the persistent volume watcher was unable to handle non-IBM Cloud VPC CSI driver PV updates which caused the controller pod to crash.
Change log for version 4.1.1_827, released 20 January 2022
Review the changes in version 4.1.1_827
of the Block Storage for VPC cluster add-on.
- Resolves the following CVEs.
- Updates Golang to version
1.16.13
. - Updates the UBI image to version
8.5-218
.
Change log for version 4.1.0_807, released 06 January 2022
Review the changes in version 4.1.0_807
of the Block Storage for VPC cluster add-on.
- Image tags: v4.1
- Resolves CVE-2021-3712.
- Updates the storage-secret-sidecar image to version 1.1.4.
- Upgrades Kubernetes packages to version 1.21.
- Updates how api-key rotation is handled so that restarting the driver is no longer required.
Version 4.0
Review the changes in version 4.0
of the Block Storage for VPC cluster add-on.
Change log for version 4.0.3_793, released 22 November 2021
Review the changes in version 4.0.3_793
of the Block Storage for VPC cluster add-on.
- Image tags: v4.0.3
- Image tags: v4.0.2
- Resolves the following CVEs.
- Updates the
storage-secret-sidecar
image tov1.1.3
. - Updates the default class policy from
Reconcile
toEnsureExists
for theibmc-vpc-block-10iops-tier
storage class. - Updates Golang to version
1.16.10
. - Updates the UBI image to version
8.4-205
. - Increases the timeout interval for receiving API keys.
Change log for version 4.0.1_780, released 06 October 2021
Review the changes in version 4.0.1_780
of the Block Storage for VPC cluster add-on.
- Image tags:
v4.0.1
- Resolves the following CVEs.
- Updates the
storage-secret-sidecar
image tov1.1.2
. - Improves error messaging if
iks_token_exchange_endpoint_private_url
is invalid or unreachable. - Adds new storage classes for OpenShift Data Foundation.
- Updates to improve the volume attach/detach performance by avoiding unnecessary retries.
- Fixes an issue where mounting failed with
already mounted
error. - Improves logging when the device path for a volume is not present on worker node.
- Adds the image label
compliance.owner="ibm-armada-storage"
.
Change log for version 4.0.0_769, released 16 September 2021
Review the changes in version 4.0.0_769
of the Block Storage for VPC cluster add-on.
- Image tags:
v4.0.0
- Resolves the following CVEs:
- Updates the
storage-secret-sidecar
image tov1.1.0
.
Change log for version 4.0, released 1 September 2021
Review the changes in version 4.0.0_764
of the Block Storage for VPC cluster add-on.
- Image tags:
v4.0.0
- Resolves CVE-2021-27218.
- Updates CSI sidecar images to fix DLA-2542-1, DLA-2509-1, and DLA-2424-1.
- Updates the sidecar images to the following versions.
csi-provisioner
:icr.io/ext/sig-storage/csi-provisioner:v2.2.2
csi-resizer
:icr.io/ext/sig-storage/csi-resizer:v1.2.0
csi-attacher
:icr.io/ext/sig-storage/csi-attacher:v3.2.1
liveness-probe
:icr.io/ext/sig-storage/livenessprobe:v2.3.0
csi-node-driver-registrar
:icr.io/ext/sig-storage/csi-node-driver-registrar:v2.2.0
- Updates the Golang version from
1.15.12
to1.16.7
- Increases the resources to the
csi-attacher
,csi-resizer
,csi-provisioner
,ibm-vpc-block-csi-controller
, andibm-vpc-block-csi-node
plug-ins to fix containers crashing due to OOM issues. - Improves volume attach/detach performance by increasing the worker thread count for the
csi-attacher
sidecar. - Improves error messaging
- Fixes a bug related to unexpected IAM behavior.
- Changes the version numbering system to
X.X.Y_YYY
whereX.X
is the major version number and.Y_YYY
is the patch version number.
Version 3.0.1
Review the changes in version 3.0.1
of the Block Storage for VPC cluster add-on.
Change log for version 3.0.1, released 15 July 2021
Review the change log for version 3.0.1
of the Block Storage for VPC cluster add-on.
Volume expansion in version 3.0.1
is available in beta for allowlisted accounts. Don't use this feature for production workloads.
- Image tags:
v3.0.7
- Includes beta support for volume expansion on allowlisted accounts.
- Fixes vulnerability CVE-2021-27219.
- Includes the
storage-secret-sidecar
container in the Block Storage for VPC driver pods.
Version 3.0.0
Review the changes in version 3.0.0 of the Block Storage for VPC cluster add-on.
Change log for patch update 3.0.0_521, released 01 April 2021
Review the changes in version 3.0.0_521 of the Block Storage for VPC cluster add-on.
- Image tags:
v3.0.7
- Updates the Golang version from
1.15.5
to1.15.9
.
Change log for version 3.0.0, released 26 February 2021
Review the changes in version 3.0.0_521 of the Block Storage for VPC cluster add-on.
- Image tags:
v.3.0.0
- The
vpc-block-csi-driver
is now available for both managed clusters and unmanaged clusters. - No functional changes in this release.
Archive
Find an overview of Block Storage for VPC cluster add-ons that are unsupported in IBM Cloud Kubernetes Service.
Version 2.0.3
Review the changes in version 2.0.3 of the Block Storage for VPC cluster add-on.
Version 2.0.3 is unsupported.
Change log for patch update 2.0.3_471, released 26 January 2021
Review the changes in version 2.0.3_471 of the Block Storage for VPC cluster add-on.
- Image tags:
v.2.0.9
- Supported cluster versions: 1.15 - 1.20
- Updated he
openssl
,openssl-libs
,gnutls
packages to fix CVE-2020-1971 and CVE-2020-24659.
Change log for patch update 2.0.3_464, released 10 December 2020
Review the changes in version 2.0.3_464 of the Block Storage for VPC cluster add-on.
- Image tags:
v2.0.8
- New!: Metro storage classes with the
volumeBindingMode:WaitForFirstConsumer
specification. - Resources that are deployed by the add-on now contain a label which links the source code URL and the build URL.
- The
v2.0.8
image is signed. - Updates the Go version from
1.15.2
to1.15.5
.
Change log for patch update 2.0.3_404, released 25 November 2020
Review the changes in version 2.0.3_404 of the Block Storage for VPC cluster add-on.
- Image tags:
v2.0.7
- Fixes vulnerability scan issues.
- Updates the base image from
alpine
toUBI
. - Pods and containers now run as
non-root
except for thenode-server
pod's containers.
Change log for patch update 2.0.3_375, released 17 September 2020
Review the changes in version 2.0.3_375 of the Block Storage for VPC cluster add-on.
- Image tags:
v2.0.6
- Fixes an issue with volume attachment when replacing workers.
Change log for patch update 2.0.3_374+, released 29 August 2020
Review the changes in version 2.0.3_374+ of the Block Storage for VPC cluster add-on.
- Image tags:
v2.0.5
- Adds the
/var/lib/kubelet
path for CSI driver calls on OCP 4.4.
Change log for patch update 2.0.3_365, released 05 August 2020
Review the changes in version 2.0.3_365 of the Block Storage for VPC cluster add-on.
- Image tags:
v2.0.4
- Updates sidecar container images.
- Adds liveness probe.
- Enables parallel attachment and detachment of volumes to worker nodes. Previously, worker nodes were attached and detached sequentially.