Merge branch 'kubernetes-sigs:master' into master

Ashley-wenyizha · May 17, 2023 · aa5f54a · aa5f54a
2 parents 2914f3d + 7ff5e79
commit aa5f54a
Show file tree

Hide file tree

Showing 74 changed files with 4,301 additions and 565 deletions.
diff --git a/CHANGELOG-1.x.md b/CHANGELOG-1.x.md
@@ -1,3 +1,7 @@
+# V1.5.5
+* Updated the K8s packages to 1.22.16 to mitigate the CVE-2022-3294 ([#984](https://github.com/kubernetes-sigs/aws-efs-csi-driver/pull/984), [@mskanth972](https://github.com/mskanth972)) 
+* Upgrade k8s and eksctl version for Test cluster failure fix ([#987](https://github.com/kubernetes-sigs/aws-efs-csi-driver/pull/987), [@Ashley-wenyizha](https://github.com/Ashley-wenyizha)) 
+* Bumped the side-cars version to the latest ([#993](https://github.com/kubernetes-sigs/aws-efs-csi-driver/pull/993), [@mskanth972](https://github.com/mskanth972)) 
 # V1.5.4
 * Mitigated golang CVE-2022-41723 ([#961](https://github.com/kubernetes-sigs/aws-efs-csi-driver/pull/961), [@RyanStan](https://github.com/RyanStan))
 * Updated the example IAM policy by adding `elasticfilesystem:TagResource` permission for tagging EFS resources. ([#964](https://github.com/kubernetes-sigs/aws-efs-csi-driver/pull/964), [@mskanth972](https://github.com/mskanth972))

diff --git a/Dockerfile b/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM public.ecr.aws/eks-distro-build-tooling/golang:1.17 as go-builder
+FROM public.ecr.aws/eks-distro-build-tooling/golang:1.20 as go-builder
 WORKDIR /go/src/github.com/kubernetes-sigs/aws-efs-csi-driver
 
 ARG TARGETOS
@@ -93,4 +93,4 @@ COPY --from=rpm-provider /root/.local/lib/python3.9/site-packages/ /usr/lib/pyth
 COPY --from=go-builder /go/src/github.com/kubernetes-sigs/aws-efs-csi-driver/bin/aws-efs-csi-driver /bin/aws-efs-csi-driver
 COPY THIRD-PARTY /
 
-ENTRYPOINT ["/bin/aws-efs-csi-driver"]
+ENTRYPOINT ["/bin/aws-efs-csi-driver"]
diff --git a/Makefile b/Makefile
@@ -13,7 +13,7 @@
 # limitations under the License.
 #
 
-VERSION=v1.5.4
+VERSION=v1.5.5
 
 PKG=github.com/kubernetes-sigs/aws-efs-csi-driver
 GIT_COMMIT?=$(shell git rev-parse HEAD)
@@ -128,7 +128,7 @@ test-e2e:
 .PHONY: test-e2e-external-eks
 test-e2e-external-eks:
 	CLUSTER_TYPE=eksctl \
-	K8S_VERSION="1.20" \
+	K8S_VERSION="1.22" \
 	DRIVER_NAME=aws-efs-csi-driver \
 	HELM_VALUES_FILE="./hack/values_eksctl.yaml" \
 	CONTAINER_NAME=efs-plugin \

diff --git a/charts/aws-efs-csi-driver/CHANGELOG.md b/charts/aws-efs-csi-driver/CHANGELOG.md
@@ -1,4 +1,8 @@
 # Helm chart
+# v2.4.3
+* Add ability to configure daemonset affinity
+# v2.4.2
+* Bump app/driver version to `v1.5.5` 
 # v2.4.1
 * Bump app/driver version to `v1.5.4`
 # v2.4.0

diff --git a/charts/aws-efs-csi-driver/Chart.yaml b/charts/aws-efs-csi-driver/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: aws-efs-csi-driver
-version: 2.4.1
-appVersion: 1.5.4
+version: 2.4.3
+appVersion: 1.5.5
 kubeVersion: ">=1.17.0-0"
 description: "A Helm chart for AWS EFS CSI Driver"
 home: https://github.com/kubernetes-sigs/aws-efs-csi-driver

diff --git a/charts/aws-efs-csi-driver/templates/controller-deployment.yaml b/charts/aws-efs-csi-driver/templates/controller-deployment.yaml
@@ -27,6 +27,7 @@ spec:
       annotations: {{- toYaml . | nindent 8 }}
       {{- end }}
     spec:
+      hostNetwork: true
       {{- if .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- range .Values.imagePullSecrets }}

diff --git a/charts/aws-efs-csi-driver/templates/node-daemonset.yaml b/charts/aws-efs-csi-driver/templates/node-daemonset.yaml
@@ -44,15 +44,9 @@ spec:
         {{- with .Values.node.nodeSelector }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-            - matchExpressions:
-              - key: eks.amazonaws.com/compute-type
-                operator: NotIn
-                values:
-                - fargate
+      {{- with .Values.node.affinity }}
+      affinity: {{- toYaml . | nindent 8 }}
+      {{- end }}
       hostNetwork: true
       dnsPolicy: {{ .Values.node.dnsPolicy }}
       {{- with .Values.node.dnsConfig }}

diff --git a/charts/aws-efs-csi-driver/values.yaml b/charts/aws-efs-csi-driver/values.yaml
@@ -11,26 +11,26 @@ useFIPS: false
 
 image:
   repository: amazon/aws-efs-csi-driver
-  tag: "v1.5.4"
+  tag: "v1.5.5"
   pullPolicy: IfNotPresent
 
 sidecars:
   livenessProbe:
     image:
       repository: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe
-      tag: v2.8.0-eks-1-25-latest
+      tag: v2.9.0-eks-1-27-latest
       pullPolicy: IfNotPresent
     resources: {}
   nodeDriverRegistrar:
     image:
       repository: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar
-      tag: v2.6.2-eks-1-25-latest
+      tag: v2.7.0-eks-1-27-latest
       pullPolicy: IfNotPresent
     resources: {}
   csiProvisioner:
     image:
       repository: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner
-      tag: v3.3.0-eks-1-25-latest
+      tag: v3.4.0-eks-1-27-latest
       pullPolicy: IfNotPresent
     resources: {}
 
@@ -119,6 +119,15 @@ node:
     # type: OnDelete
   tolerations:
     - operator: Exists
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: eks.amazonaws.com/compute-type
+                operator: NotIn
+                values:
+                  - fargate
   # Specifies whether a service account should be created
   serviceAccount:
     create: true

diff --git a/deploy/kubernetes/base/controller-deployment.yaml b/deploy/kubernetes/base/controller-deployment.yaml
@@ -21,6 +21,7 @@ spec:
         app.kubernetes.io/name: aws-efs-csi-driver
         app.kubernetes.io/instance: kustomize
     spec:
+      hostNetwork: true
       nodeSelector:
         kubernetes.io/os: linux
       serviceAccountName: efs-csi-controller-sa
@@ -29,7 +30,7 @@ spec:
         - name: efs-plugin
           securityContext:
             privileged: true
-          image: amazon/aws-efs-csi-driver:v1.5.4
+          image: amazon/aws-efs-csi-driver:v1.5.5
           imagePullPolicy: IfNotPresent
           args:
             - --endpoint=$(CSI_ENDPOINT)
@@ -59,7 +60,7 @@ spec:
             periodSeconds: 10
             failureThreshold: 5
         - name: csi-provisioner
-          image: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v3.3.0-eks-1-25-latest
+          image: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v3.4.0-eks-1-27-latest
           imagePullPolicy: IfNotPresent
           args:
             - --csi-address=$(ADDRESS)
@@ -74,7 +75,7 @@ spec:
             - name: socket-dir
               mountPath: /var/lib/csi/sockets/pluginproxy/
         - name: liveness-probe
-          image: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.8.0-eks-1-25-latest
+          image: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.9.0-eks-1-27-latest
           imagePullPolicy: IfNotPresent
           args:
             - --csi-address=/csi/csi.sock

diff --git a/deploy/kubernetes/base/node-daemonset.yaml b/deploy/kubernetes/base/node-daemonset.yaml
@@ -41,7 +41,7 @@ spec:
         - name: efs-plugin
           securityContext:
             privileged: true
-          image: amazon/aws-efs-csi-driver:v1.5.4
+          image: amazon/aws-efs-csi-driver:v1.5.5
           imagePullPolicy: IfNotPresent
           args:
             - --endpoint=$(CSI_ENDPOINT)
@@ -78,7 +78,7 @@ spec:
             periodSeconds: 2
             failureThreshold: 5
         - name: csi-driver-registrar
-          image: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.6.2-eks-1-25-latest
+          image: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.7.0-eks-1-27-latest
           imagePullPolicy: IfNotPresent
           args:
             - --csi-address=$(ADDRESS)
@@ -99,7 +99,7 @@ spec:
             - name: registration-dir
               mountPath: /registration
         - name: liveness-probe
-          image: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.8.0-eks-1-25-latest
+          image: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.9.0-eks-1-27-latest
           imagePullPolicy: IfNotPresent
           args:
             - --csi-address=/csi/csi.sock

diff --git a/deploy/kubernetes/overlays/stable/ecr/kustomization.yaml b/deploy/kubernetes/overlays/stable/ecr/kustomization.yaml
@@ -5,13 +5,13 @@ bases:
 images:
   - name: amazon/aws-efs-csi-driver
     newName: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/aws-efs-csi-driver
-    newTag: v1.5.4
+    newTag: v1.5.5
   - name: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe
     newName: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/livenessprobe
-    newTag: v2.8.0-eks-1-25-latest
+    newTag: v2.9.0-eks-1-27-latest
   - name: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar
     newName: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/csi-node-driver-registrar
-    newTag: v2.6.2-eks-1-25-latest
+    newTag: v2.7.0-eks-1-27-latest
   - name: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner
     newName: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/csi-provisioner
-    newTag: v3.3.0-eks-1-25-latest
+    newTag: v3.4.0-eks-1-27-latest
diff --git a/deploy/kubernetes/overlays/stable/kustomization.yaml b/deploy/kubernetes/overlays/stable/kustomization.yaml
@@ -4,10 +4,10 @@ bases:
   - ../../base
 images:
   - name: amazon/aws-efs-csi-driver
-    newTag: v1.5.4
+    newTag: v1.5.5
   - name: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe
-    newTag: v2.8.0-eks-1-25-latest
+    newTag: v2.9.0-eks-1-27-latest
   - name: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar
-    newTag: v2.6.2-eks-1-25-latest
+    newTag: v2.7.0-eks-1-27-latest
   - name: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner
-    newTag: v3.3.0-eks-1-25-latest
+    newTag: v3.4.0-eks-1-27-latest
diff --git a/docs/README.md b/docs/README.md
@@ -75,6 +75,7 @@ The following sections are Kubernetes specific. If you are a Kubernetes user, us
 | EFS CSI Driver Version | Image                            |
 |------------------------|----------------------------------|
 | master branch          | amazon/aws-efs-csi-driver:master |
+| v1.5.5                 | amazon/aws-efs-csi-driver:v1.5.5 |
 | v1.5.4                 | amazon/aws-efs-csi-driver:v1.5.4 |                                  
 | v1.5.3                 | amazon/aws-efs-csi-driver:v1.5.3 |
 | v1.5.2                 | amazon/aws-efs-csi-driver:v1.5.2 |

diff --git a/go.mod b/go.mod
@@ -9,16 +9,17 @@ require (
 	github.com/onsi/ginkgo v1.14.0
 	github.com/onsi/gomega v1.10.1
 	google.golang.org/grpc v1.47.0
-	k8s.io/api v0.22.3
+	k8s.io/api v0.22.16
 	k8s.io/apimachinery v0.24.3
 	k8s.io/client-go v1.5.2
 	k8s.io/klog v1.0.0
-	k8s.io/kubernetes v1.22.3
-	k8s.io/mount-utils v0.22.3
+	k8s.io/kubernetes v1.22.16
+	k8s.io/mount-utils v0.22.16
 )
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bits-and-blooms/bitset v1.2.0 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/cespare/xxhash/v2 v2.1.1 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.2 // indirect
@@ -47,6 +48,7 @@ require (
 	github.com/nxadm/tail v1.4.4 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/runc v1.0.2 // indirect
+	github.com/opencontainers/selinux v1.8.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_golang v1.11.1 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
@@ -79,51 +81,51 @@ require (
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.22.3 // indirect
-	k8s.io/cloud-provider v0.22.3 // indirect
-	k8s.io/component-base v0.22.3 // indirect
-	k8s.io/component-helpers v0.22.3 // indirect
-	k8s.io/csi-translation-lib v0.22.3 // indirect
+	k8s.io/apiserver v0.22.16 // indirect
+	k8s.io/cloud-provider v0.22.16 // indirect
+	k8s.io/component-base v0.22.16 // indirect
+	k8s.io/component-helpers v0.22.16 // indirect
+	k8s.io/csi-translation-lib v0.22.16 // indirect
 	k8s.io/klog/v2 v2.70.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e // indirect
+	k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c // indirect
 	k8s.io/kubectl v0.0.0 // indirect
 	k8s.io/kubelet v0.0.0 // indirect
 	k8s.io/utils v0.0.0-20220713171938-56c0de1e6f5e // indirect
-	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22 // indirect
+	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
 
 replace (
-	k8s.io/api => k8s.io/api v0.22.3
-	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.22.3
+	k8s.io/api => k8s.io/api v0.22.16
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.22.16
 	k8s.io/apimachinery => k8s.io/apimachinery v0.22.4-rc.0
-	k8s.io/apiserver => k8s.io/apiserver v0.22.3
-	k8s.io/cli-runtime => k8s.io/cli-runtime v0.22.3
-	k8s.io/client-go => k8s.io/client-go v0.22.3
-	k8s.io/cloud-provider => k8s.io/cloud-provider v0.22.3
-	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.22.3
+	k8s.io/apiserver => k8s.io/apiserver v0.22.16
+	k8s.io/cli-runtime => k8s.io/cli-runtime v0.22.16
+	k8s.io/client-go => k8s.io/client-go v0.22.16
+	k8s.io/cloud-provider => k8s.io/cloud-provider v0.22.16
+	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.22.16
 	k8s.io/code-generator => k8s.io/code-generator v0.22.4-rc.0
-	k8s.io/component-base => k8s.io/component-base v0.22.3
-	k8s.io/component-helpers => k8s.io/component-helpers v0.22.3
-	k8s.io/controller-manager => k8s.io/controller-manager v0.22.3
+	k8s.io/component-base => k8s.io/component-base v0.22.16
+	k8s.io/component-helpers => k8s.io/component-helpers v0.22.16
+	k8s.io/controller-manager => k8s.io/controller-manager v0.22.16
 	k8s.io/cri-api => k8s.io/cri-api v0.23.0-alpha.0
-	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.22.3
-	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.22.3
-	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.22.3
-	k8s.io/kube-proxy => k8s.io/kube-proxy v0.22.3
-	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.22.3
-	k8s.io/kubectl => k8s.io/kubectl v0.22.3
-	k8s.io/kubelet => k8s.io/kubelet v0.22.3
-	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.22.3
-	k8s.io/metrics => k8s.io/metrics v0.22.3
+	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.22.16
+	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.22.16
+	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.22.16
+	k8s.io/kube-proxy => k8s.io/kube-proxy v0.22.16
+	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.22.16
+	k8s.io/kubectl => k8s.io/kubectl v0.22.16
+	k8s.io/kubelet => k8s.io/kubelet v0.22.16
+	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.22.16
+	k8s.io/metrics => k8s.io/metrics v0.22.16
 	k8s.io/mount-utils => k8s.io/mount-utils v0.22.4-rc.0
 	k8s.io/node-api => k8s.io/node-api v0.18.10
-	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.22.3
-	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.22.3
-	k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.22.3
-	k8s.io/sample-controller => k8s.io/sample-controller v0.22.3
+	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.22.16
+	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.22.16
+	k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.22.16
+	k8s.io/sample-controller => k8s.io/sample-controller v0.22.16
 	vbom.ml/util => github.com/fvbommel/util v0.0.0-20180919145318-efcd4e0f9787
 )
 
-go 1.17
+go 1.20