IBM Cloud File Storage for VPC cluster add-on change log

The File Storage for VPC cluster add-on is available in Beta.

View information for patch updates to the IBM Cloud File Storage for VPC cluster add-on in your IBM Cloud Kubernetes Service clusters.

Patch updates: Patch updates are delivered automatically by IBM and don't contain any feature updates or changes in the supported add-on and cluster versions.
Release updates: Release updates contain new features for the IBM Cloud File Storage for VPC or changes in the supported add-on or cluster versions. You must manually apply release updates to your IBM Cloud File Storage for VPC cluster add-on. To update your IBM Cloud File Storage for VPC cluster add-on, see Updating the IBM Cloud File Storage for VPC cluster add-on.

To view a list of add-ons and the supported cluster versions in the CLI, run the following command.

ibmcloud ks cluster addon versions

To view a list of add-ons and the supported cluster versions, see the Supported cluster add-ons table.

Version 2.0

Change log for version 2.0.9_322, released 11 December 2024

region support is now deprecated in the storage class settings. Continuining to provide a region in your storage classes does not cause any issues with either existing PVC or new PVC. The default behavior is now to get the region detail from worker node labels only.
Fixes a bug where setting default storage class was not working in version 4.15 clusters.
Fixes CVE-2024-51744.
Updates the storage-secret-sidecar image to v1.2.52.

Change log for version 2.0.8_311, released 3 October 2024

Updates the golang base image to 1.22.7.
Updates to Kubernetes 1.30 client libraries.
Updates the CSI specification to version 1.9.0.
Fixes a security issue for the CSI sidecar liveness probe. The sidecar now runs as non-root in the Node Server pod.
Adds the ability to set a default storage class. For more information, see Setting the default storage class.
Updates the following sidecar images: csi-provisioner:v5.0.2, csi-resizer:v1.11.2, livenessprobe:v2.13.1, and csi-node-driver-registrar:v2.11.1.
Resolves CVE-2024-2398, CVE-2024-37370, CVE-2024-37371.

Change log for version 2.0.6_259, released 26 August 2024

Updates the golang image to 1.21.13-community.

Change log for version 2.0.5_253, released 15 July 2024

Updates the golang image to 1.21.12-community.
Updates the armada-storage-secret to v1.2.40.
Resolves CVE-2024-28182 and CVE-2023-2953.

Change log for version 2.0.4_232, released 3 July 2024

Version 2.0 and later is managed via the storage-operator add-on which is installed by default on new 1.30 and later clusters. To update your add-on, see Updating the IBM Cloud File Storage for VPC cluster add-on.
Adds support for encryption in-transit (EIT). EIT is disabled by default. For more information, see Setting up encryption in-transit.
Adds support for tagging. File shares can now be cleaned up when deleting clusters by using the --force-delete-storage option on the ibmcloud ks cluster rm command.
Adds new pre-defined storage classes. The previous storage classes are deprecated. Update your apps to use the new storage classes. For more information, see the Migrating to a new storage class.
Adds functionality to track CSI driver major events. You can the add-on status by reviewing the file-csi-driver-status configmap in the kube-system namespace.
Adds more attributes to persistent volume objects (PV) FileShareID, FileShareTargetID, ENISubnetID, ENISecurityGroupIDs.
Adds retries for fileShare target creation in case of partial failure during PVC creation.
Updates RBAC policies to use minimal privileges required.
Updates golang to 1.21.11-community.
Known issues: StorageClassSecres are not supported.

Version 1.2

Change log for version 1.2.13_326, released 11 December 2024

Fixes CVE-2024-51744.
Updates the storage-secret-sidecar image to v1.2.52.

Change log for version 1.2.12_312, released 3 October 2024

Updates the golang base image to 1.22.7.
Updates to Kubernetes 1.30 client libraries.
Updates the CSI specification to version 1.9.0.
Fixes a security issue for the CSI sidecar liveness probe. The sidecar now runs as non-root in the Node Server pod.
Updates the following sidecar images: csi-provisioner:v5.0.2, csi-resizer:v1.11.2, livenessprobe:v2.13.1, and csi-node-driver-registrar:v2.11.1.
Resolves CVE-2024-2398, CVE-2024-37370, CVE-2024-37371.

Change log for version 1.2.10_254, released 15 July 2024

Updates the golang image to 1.21.12-community.
Updates the armada-storage-secret to v1.2.40.
Resolves CVE-2024-28182 and CVE-2023-2953.

Change log for version 1.2.9_245, released 21 June 2024

Updates golang to 1.21.11-community.
Updates the armada-storage-secret to v1.3.8.
Resolves: CVE-2024-26458, CVE-2024-26461, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-2961, and CVE-2024-33599.

Change log for 1.2.8_174, released 10 May 2024

Updates golang to 1.21.9-community.
Removes curl package from base image.
Updates the armada-storage-secret to v1.2.35.
Sets handle-volume-inuse-error flag to false in the csi-resizer to reduce costs associated with watching all pods in the cluster which can cause OOM Killed errors for the csi-resizer.
Resolves CVE-2023-46218, CVE-2023-28322, and CVE-2023-38546.

Change log for 1.2.7_154, released 08 March 2024

Base image migrated from UBI to golang.

Change log for version 1.2.6_130, released 08 February 2024

Fixes hanging issue related to mounting and unmounting after node server restart.
Introduces granular locking mounting and unmounting at the targetPath level.
Disables the CSI NodeExpansion method as it is not required for the file share. The PVC can still be expanded.
Changes how the IAM endpoint is determined for VPC Gen2 clusters.
Upgrades Kubernetes client library to 1.28.
Upgrades CSI spec to 1.8.0.
Resolves the following CVEs: CVE-2022-48560, CVE-2022-48564, CVE-2023-39615, CVE-2023-43804, CVE-2023-45803, and CVE-2023-5981.
Updates the following sidecar images:
- armada-storage-secret to v1.2.31.
- csi-node-driver-registrar to v2.9.3.
- csi-provisioner to v3.6.3.
- csi-resizer to v1.9.3.
- livenessprobe to v2.11.0.

Change log for version 1.2.5_107, released 10 January 2024

Resolves CVE-2023-3446, CVE-2023-3817, and CVE-2023-5678.
Applies a security fix to use the correct socket path following SElinux policy module changes and CSI recommendations to use /var/lib/kubelet/plugins/.

Change log for version 1.2.3_97, released 27 November 2023

Updates Golang to 1.20.11.
Updates UBI image to 8.9.1029.
Updates the armada-storage-secret to v1.2.29.
Resolves the following CVEs: CVE-2023-22745, CVE-2007-4559, CVE-2023-40217, and CVE-2023-4641.

Change log for version version 1.2.0, released 31 October 2023

Tiered and custom profile storage classes are no longer supported. Update your PVCs to use a dp2 storage classes.
Adds support for granular authorization via the Virtual Network Interface VNI (Elastic Network Interface ENI).
Adds support for cross zone mounting by default. Pods can now mount storage volumes across zones.
Allows you to bring your own security group to control granular authorization at the worker node, zone, or worker pool level.
Adds bring your own subnet support to control which subnet the virtual network interface (VNI) IP for storage is assigned and created in.
Adds bring your own IP support existing PrimaryIP which the VNI will assign.
Allows you to set a custom PrimaryIPAddress within the subnet range where the VNI IP is assigned and created.

Version 1.1

Change log for version 1.1.10_93, released 27 November 2023

Updates Golang to 1.20.11.
Updates UBI image to 8.9.1029.
Updates the armada-storage-secret to v1.2.29.
Resolves the following CVEs: CVE-2023-22745, CVE-2007-4559, CVE-2023-40217, and CVE-2023-4641.

Change log for version 1.1.9_87, released 13 November 2023

Updates the storage-secret-sidecar image to 1.2.27.
Updates Golang to 1.20.10.
Resolves CVE-2023-44487, CVE-2023-4911, CVE-2023-4527, CVE-2023-4806, CVE-2023-4813.

Change log for version 1.1.7_49, released 14 September 2023

Updates UBI image to 8.8-1037.
Updates Golang to 1.19.12.
Resolves the following CVEs:
- CVE-2023-34969, CVE-2023-28321, CVE-2023-2602, CVE-2023-2603, CVE-2023-28484, CVE-2023-29469, CVE-2023-27536, CVE-2023-3899, and CVE-2023-32681.

Change log for version 1.1.6_41, release 28 July 2023

Tiered storage classes are deprecated and will be unsupported soon. To migrate, create new PVCs and that use a dp2 storage class and redeploy your apps.
Updates for the VPC API compatibility changes. For more information, see the VPC REST API change log
Adds support for dp2 profiles.
Updates the UBI to version 8.8-1014 to resolve the following CVEs: CVE-2023-1667, CVE-2023-2283, CVE-2023-26604, and CVE-2020-24736.
Updates Golang to version 1.19.11 to resolve CVE-2023-29406.

Change log for version 1.1, released 3 July 2023

Updates the following sidecar images:
- storage-secret-sidecar to v1.2.24.
- csi-node-driver-registrar to v2.7.0.
- livenessprobe to v2.9.0.
- csi-provisioner to v3.4.1.
- csi-resizer to v1.7.0.
Updates the UBI image 8.8-860.
Updates Golang to 1.19.10.
Resolves the following CVEs:

Change log for version 1.1-beta, released 15 May 2023

Kubernetes dependencies upgraded to 1.26.4.
Controller pods are now deployed as Deployment, in previous releases pods were deployed as Satefulsets.
Adds the priorityClass in the deployment file for controller and node pods.

Version 1.0

Change log for version 1.0, released 16 May 2023

Updates the UBI image to 8.7-1107.
Updates Golang to 1.19.8.
Resolves the following CVEs: CVE-2023-2453, CVE-2023-24537, CVE-2023-24538.