IBM Cloud Docs
Block Storage for VPC cluster add-on change log

Block Storage for VPC cluster add-on change log

View information for patch updates to the Block Storage for VPC cluster add-on in your Red Hat OpenShift on IBM Cloud clusters.

Patch updates
Patch updates are delivered automatically by IBM and don't contain any feature updates or changes in the supported add-on and cluster versions.
Release updates
Release updates contain new features for the Block Storage for VPC or changes in the supported add-on or cluster versions. You must manually apply release updates to your Block Storage for VPC cluster add-on. To update your Block Storage for VPC cluster add-on, see Updating the Block Storage for VPC cluster add-on.

To view a list of add-ons and the supported cluster versions in the CLI, run the following command.

ibmcloud oc cluster addon versions --addon vpc-block-csi-driver

To view a list of add-ons and the supported cluster versions, see the Supported cluster add-ons table.

Before you migrate to a 5.x release from a previous release, you must not have any volume snapshots in failure state. For more information, see Why can't I delete my Block Storage for VPC volume snapshot resources?.

Version 5.2

Change log for version 5.2.21_602, released 3 October 2024

  • Adds support for cross-account snapshot restoration.
  • Updates the golang base image to 1.22.7.
  • Updates to Kubernetes 1.30 client libraries.
  • Updates the CSI specification to version 1.9.0.
  • Fixes a security issue for the CSI sidecar liveness probe. The sidecar now runs as non-root in the Node Server pod.
  • Adds the ability to set a default storage class. For more information, see Setting the default storage class.
  • Updates the following sidecar images: csi-provisioner:v5.0.2, csi-resizer:v1.11.2, csi-snapshotter:v8.0.1, csi-attacher:v4.6.1, livenessprobe:v2.13.1, and csi-node-driver-registrar:v2.11.1
  • Resolves CVE-2024-2398, CVE-2024-37370, CVE-2024-37371.

Change log for version 5.2.20_579, released 15 July 2024

  • Updates the golang image to 1.21.12-community.
  • Updates the armada-storage-secret to v1.3.10.
  • Resolves CVE-2024-28182 and CVE-2023-2953.

Change log for version 5.2.19_570, released 21 June 2024

Change log for version 5.2.18_539, released 10 May 2024

Change log for 5.2.17_535, released 08 March 2024

  • Base image migrated from UBI to golang.

Change log for version 5.2.15_501, released 08 February 2024

  • Changes how the IAM endpoint is determined for VPC Gen2 clusters.
  • Upgrades Kubernetes client library to 1.28.
  • Upgrades CSI spec to 1.8.0.
  • Resolves the following CVEs: CVE-2022-48560, CVE-2022-48564, CVE-2023-39615, CVE-2023-43804, CVE-2023-45803, and CVE-2023-5981.
  • Updates the following sidecar images:
    • armada-storage-secret to v1.3.5.
    • csi-attacher to v4.4.3.
    • csi-node-driver-registrar to v2.9.3.
    • csi-provisioner to v3.6.3.
    • csi-resizer to v1.9.3.
    • csi-snapshotter to v6.3.3.
    • livenessprobe to v2.11.0.

Change log for version 5.2.14_485, released 10 January 2024

  • Resolves CVE-2023-3446, CVE-2023-3817, and CVE-2023-5678.
  • Applies a security fix to use the correct socket path following SElinux policy module changes and CSI recommendations to use /var/lib/kubelet/plugins/.

Change log for version 5.2.11_447, released 27 November 2023

Change log for version 5.2.10_428, released 13 November 2023

Change log for version 5.2, released 25 September 2023

  • Adds support for Z system. Multi-architecture images are supported on both s390x and amd64 based clusters.
  • Adds a new configurable flag VolumeAttachmentLimit in addon-vpc-block-csi-driver-configmap configMap that allows users to edit the maximum number of volumes that can be attached per node. The default value is set to 12.
  • Deploys controller pods as Deployments. Previous releases were deployed as Satefulsets.
  • Resolves an issue where logs showed incorrect completion duration of some CSI operations.
  • Pulls sidecars from registry.k8s.io.
  • Adds support for 2 volume snapshot classes with delete and retain policies.
  • Updates k8s package from 1.26.1 to 1.26.6.

Version 5.1

Change log for version 5.1.26_601, released 3 October 2024

  • Updates the golang base image to 1.22.7.
  • Updates to Kubernetes 1.30 client libraries.
  • Updates the CSI specification to version 1.9.0.
  • Fixes a security issue for the CSI sidecar liveness probe. The sidecar now runs as non-root in the Node Server pod.
  • Adds the ability to set a default storage class. For more information, see Setting the default storage class.
  • Updates the following sidecar images: csi-provisioner:v5.0.2, csi-resizer:v1.11.2, csi-snapshotter:v8.0.1, csi-attacher:v4.6.1, livenessprobe:v2.13.1, and csi-node-driver-registrar:v2.11.1
  • Resolves CVE-2024-2398, CVE-2024-37370, CVE-2024-37371.

Change log for version 5.1.25_574, released 15 July 2024

  • Updates the golang image to 1.21.12-community.
  • Updates the armada-storage-secret to v1.2.40.
  • Resolves CVE-2024-28182 and CVE-2023-2953.

Change log for version 5.1.24_567, released 21 June 2024

Change log for version 5.1.23_543, released 10 May 2024

Change log for 5.1.22_522, released 08 March 2024

  • Base image migrated from UBI to golang.

Change log for version 5.1.21_506, released 08 February 2024

  • Changes how the IAM endpoint is determined for VPC Gen2 clusters.
  • Upgrades Kubernetes client library to 1.28.
  • Upgrades CSI spec to 1.8.0.
  • Resolves the following CVEs: CVE-2022-48560, CVE-2022-48564, CVE-2023-39615, CVE-2023-43804, CVE-2023-45803, and CVE-2023-5981.
  • Updates the following sidecar images:
    • armada-storage-secret to v1.2.31.
    • csi-attacher to v4.4.3.
    • csi-node-driver-registrar to v2.9.3.
    • csi-provisioner to v3.6.3.
    • csi-resizer to v1.9.3.
    • csi-snapshotter to v6.3.3.
    • livenessprobe to v2.11.0.

Change log for version 5.1.19_486, released 10 January 2024

  • Resolves CVE-2023-3446, CVE-2023-3817, and CVE-2023-5678.
  • Applies a security fix to use the correct socket path following SElinux policy module changes and CSI recommendations to use /var/lib/kubelet/plugins/.

Change log for version 5.1.16_446, released 27 November 2023

Change log for version 5.1.15_419 released 13 November 2023

Change log for version 5.1.13_345, released 14 September 2023

Change log for version 5.1.12_285, released 01 August 2023

Change log for version 5.1.11_126, released 21 June 2023

  • Updates the following sidecar images:
    • storage-secret-sidecar to v1.2.24.
    • csi-node-driver-registrar to v2.7.0.
    • livenessprobe to v2.9.0.
    • csi-provisioner to v3.4.1.
    • csi-attacher to v4.2.0.
    • csi-resizer to v1.7.0.
    • csi-snapshotter to v6.2.1.
  • Updates the UBI image 8.8-860.
  • Updates Golang to 1.19.10.
  • Resolves the following CVEs:
  • Introduced two new configurable flags in addon-vpc-block-csi-driver-configmap configMap to enable/disable and edit the retry interval for Snapshot Creation.
    • IsSnapshotEnabled allows users to disable or enable snapshot functionality. By default, this parameter is set to true
    • CustomSnapshotCreateDelay allows users to edit the maximum delay (in seconds) for snapshot calls in case the source volume is not found and the volume is not attached. The maximum delay allowed is 15 minutes and the default is 5 minutes.

Change log for version 5.1.8_1970, released 15 May 2023

  • Updates UBI image to 8.7-1107
  • Updates Golang to 1.19.8
  • Users must determine token exchange URL based on cluster provider. For Satellite clusters, always use the provided token exchange URL. If the URL is not provided, use public IAM endpoint.
  • Resolves the following CVEs:

Change log for version 5.1.6_1872, released 05 April 2023

Change log for version 5.1.5_1857, released 29 March 2023

  • Updates the storage-secret-sidecar image to v1.2.19.
  • Resolves CVE-2023-23916

Change log for version 5.1.4_1852, released 07 March 2023

Change log for version 5.1.2_1828, released 21 February 2023

Change log for version 5.1, released 9 February 2023

  • Updates the snapshot size to reflect actual source volume size.
  • Improves the resize method when creating a volume from a snapshot.
  • Updates the Kubernetes dependency to 1.25.
  • Adds support for configuring the log level for sidecars from the configmap.
  • Makes the ibmc-vpcblock-snapshot class the default Volumesnapshotclass.
  • Adds the priorityClass in the deployment file for controller and node pods.
  • Updates the driver to read the node instance ID from the node spec provider ID instead of node labels.
  • Fixes a bug in volume expansion for raw block volumes.
  • Removes the preStop hook for the csi-driver-registrar.

Version 5.0

Change log for version 5.0.23_437, released 27 November 2023

Change log for version 5.0.21_401, released 13 November 2023

Change log for version 5.0.19_358, released 14 September 2023

Change log for version 5.0.17_266, released 01 August 2023

Change log for version 5.0.16_127, released 21 June 2023

  • Updates the following sidecar images:
    • storage-secret-sidecar to v1.2.24.
    • csi-node-driver-registrar to v2.7.0.
    • livenessprobe to v2.9.0.
    • csi-provisioner to v3.4.1.
    • csi-attacher to v4.2.0.
    • csi-resizer to v1.7.0.
    • csi-snapshotter to v6.2.1.
  • Updates the UBI image 8.8-860.
  • Updates Golang to 1.19.10.
  • Resolves the following CVEs: CVE-2022-43552, CVE-2022-3204, CVE-2023-27535,[CVE-2022-36227], CVE-2022-35252, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-29402, CVE-2023-29400, CVE-2023-24540, CVE-2023-24539.
  • Introduced two new configurable flags in addon-vpc-block-csi-driver-configmap configMap to enable/disable and edit the retry interval for Snapshot Creation.
    • IsSnapshotEnabled allows users to disable or enable snapshot functionality. By default, this parameter is set to true
    • CustomSnapshotCreateDelay allows users to edit the maximum delay (in seconds) for snapshot calls in case the source volume is not found and the volume is not attached. The maximum delay allowed is 15 minutes and the default is 5 minutes.

Change log for version 5.0.12_1963, released 15 May 2023

  • Updates UBI image to 8.7-1107
  • Updates Golang to 1.19.8
  • Users must determine token exchange URL based on cluster provider. For Satellite clusters, always use the provided token exchange URL. If the URL is not provided, use public IAM endpoint.
  • Resolves the following CVEs: CVE-2023-0361, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538.

Change log for version 5.0.10_1869, released 05 April 2023

Change log for version 5.0.9_1862, released 29 March 2023

  • Updates the storage-secret-sidecar image to v1.2.19.
  • Resolves CVE-2023-23916

Change log for version 5.0.8_1841, released 07 March 2023

Change log for version 5.0.7_1836, released 21 February 2023

  • Added priorityClass in the deployment file for controller and node pods.
  • Removed preStop hook for the csi-driver-registrar.
  • Resolves CVE-2022-47629.

Change log for version 5.0.5_1784, released 24 January 2023

Change log for version 5.0.4_1773, released 10 January 2023

  • Updates Golang to 1.18.9.
  • Updates the storage-secret-sidecar image to v1.2.14.
  • Fixed volume tagging issue related to multiple tags.
  • Added Block storage volume health state in driver logs. Volume health gives a detailed description as mentioned in the Managing block storage doc.
  • Resolves the following CVEs:

Change log for version 5.0.2_1713, released 17 November 2022

Change log for version 5.0.1_1695, released 9 November 2022

Change log for version 5.0, released 11 October 2022

  • Adds snapshot support for cluster versions 4.9 and later.
  • Makes the resource requests and limits of the vpc-block-csi-driver containers configurable. To view the config run kubectl get cm -n kube-system addon-vpc-block-csi-driver-configmap -o yaml
  • Adds the following parameters for customizing the driver.
    • AttachDetachMinRetryGAP: "3": The initial retry interval for checking Attach/Detach Status. The default is 3 seconds.
    • AttachDetachMinRetryAttempt: "3": The number of attempts for AttachDetachMinRetryGAP. The default is 3 retries for 3 seconds retry gap.
    • AttachDetachMaxRetryAttempt: "46": Total number of retries for checking Attach/Detach Status. Default is 46 times. For example, ~7 minutes (3 secs * 3 times + 6 secs * 6 times + 10 secs * 10 times).
    • AttacherWorkerThreads: "15": The number of goroutines for processing VolumeAttachments.
    • AttacherKubeAPIBurst: "10": The number of requests to the Kubernetes API server, exceeding the QPS, that can be sent at any given time
    • AttacherKubeAPIQPS: "5.0": The number of requests per second sent by a Kubernetes client to the Kubernetes API server.
  • Disables the handle-volume-inuse-error option as this is applies to CSI drivers that support offline expansion only.

Change log for version 5.0.4-beta_1566, released 14 July 2022

Change log for version 5.0.1-beta_1411, released 15 June 2022

Fixes a bug where the resource group wasn't included in the snapshot creation request payload.

Change log for version 5.0.0-beta_1125, released 10 June 2022

Adds snapshot support.

Version 4.4

Change log for version 4.4.17_1829, released 21 February 2023

Change log for version 4.4.16_1779, released 24 January 2023

Change log for version 4.4.15_1764, released 10 January 2023

Change log for version 4.4.13_1712, released 17 November 2022

Change log for version 4.4.12_1700, released 9 November 2022

Change log for version 4.4.11_1614, released 23 September 2022

  • Updates the storage-secret-sidecar image to v1.2.8.
  • Updates the golang version to 1.18.6.
  • Resolves the following CVEs: CVE-2022-27664, CVE-2022-32190.

Change log for version 4.4.10_1578, released 13 September 2022

Change log for version 4.4.9_1566, released 25 August 2022

Change log for version 4.4.8_1550, released 18 July 2022

Change log for version 4.4.6_1446, released 24 June 2022

  • Includes an update where volume creation or expansion isn't retried if the provided volume capacity is not supported by volume profile.
  • Updates the storage-secret-sidecar image to v1.2.4
  • Resolves CVE-2022-1271
  • Adds a security fix related with image signing.

Change log for version 4.4.5_1371, released 13 June 2022

  • Adds support for IAM trusted profiles.
  • Adds IAM token caching in memory for up to 40 minutes which reduces the number of calls to IAM and improves driver performance.
  • Updates the storage-secret-sidecar image to v1.2.3.
  • Fixes a volume expansion error handling issue.

Version 4.3

Change log for version 4.3.8_1705 released 11 November 2022

Change log for version 4.3.7_1613, released 22 September 2022

  • Updates the storage-secret-sidecar image to v1.1.15.
  • Updates the golang version to 1.18.6.
  • Resolves the following CVEs: CVE-2022-27664 and CVE-2022-32190.

Change log for version 4.3.6_1579, released 12 September 2022

Change log for version 4.3.5_1563, released 24 August 2022

Change log for version 4.3.4_1551, released 18 July 2022

Change log for version 4.3.2_1441, released 17 June 2022

  • Added security fix related to image signing
  • Updates the storage-secret-sidecar image to v1.1.11
  • Resolves CVE-2022-1271

Change log for version 4.3.0_1163, released 25 May 2022

  • Resolves the following CVEs: CVE-2021-3634, CVE-2021-3737, [CVE-2021-4189]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189){: external}.
  • Updates the storage-secret-sidecar image to v1.1.10
  • Fixes Volume provisioning failure when in StorageClass Region is provided without zone info
  • Fixes an issue where volume creation fails if only failure-domain.beta.kubernetes.io/zone is given in allowedTopologies
  • Region support is now DEPRECATED in the storage class. Providing "region" detail in storage classes is deprecated in this release, this will not cause any issues with either existing PVC or new PVC. For now the default behavior is to get the region detail from the node label only which is now mandatory for all cases.

Version 4.2

Change log for version 4.2.6_1161, released 12 May 2022

Change log for version 4.2.5_1106, released 12 May 2022

  • Updates armada-storage-secret to v1.1.9
  • Updates the UBI version to 8.5-243.1651231653
  • Resolves CVE-2022-1271.

Change log for version 4.2.3_983, released 11 April 2022

  • Updates armada-storage-secret to v1.1.8
  • Resolves CVE-2022-0778.

Change log for version 4.2.2_900, released 24 March 2022

  • Updates armada-storage-secret to v1.1.7
  • Resolves CVE-2022-24921.
  • Update Golang to 1.16.15

Change log for version 4.2.1_895, released 17 March 2022

  • Resolves CVE-2022-24407.
  • Updates the armada-storage-secret to v1.1.6.

Change log for version 4.2.0_890, released 28 February 2022

Updates in this version:

  • Volume expansion support is now generally available.
  • Removes unused variables sizeRange and sizeIOPSRange from storage classes.
  • Makes ibmc-vpc-block-10iops-tier the default storage class via the new addon-vpc-block-csi-driver-configmap in the kube-system namespace.
  • Resolves the following CVEs: CVE-2021-3712 and CVE-2021-3521, CVE-2022-23772, CVE-2022-23773, and CVE-2022-23806.
  • Updates Golang to version 1.16.14.
  • All the storage classes that are installed with the add-on now have allowVolumeExpansion=true.

After updating to version 4.2, you must complete the following steps.

  • Delete and re-create any of your own storage classes that use the sizeRange or iopsRange parameters.
  • If you use a default storage class other than ibmc-vpc-block-10iops-tier, you must change the isStorageClassDefault setting to false in the addon-vpc-block-csi-driver-configmap configmap in the kube-system namespace. For more information, see Changing the default storage class.

Version 4.1

Review the changes in version 4.1 of the Block Storage for VPC cluster add-on.

Change log for version 4.1.3_846, released 14 February 2022

Review the changes in version 4.1.3_846 of the Block Storage for VPC cluster add-on.

Change log for version 4.1.2_834, released 27 January 2022

  • Fixes an issue where the persistent volume watcher was unable to handle non-IBM Cloud VPC CSI driver PV updates which caused the controller pod to crash.

Change log for version 4.1.1_827, released 20 January 2022

Review the changes in version 4.1.1_827 of the Block Storage for VPC cluster add-on.

Change log for version 4.1.0_807, released 06 January 2022

Review the changes in version 4.1.0_807 of the Block Storage for VPC cluster add-on.

  • Image tags: v4.1
  • Resolves CVE-2021-3712.
  • Updates the storage-secret-sidecar image to version 1.1.4.
  • Upgrades Kubernetes packages to version 1.21.
  • Updates how api-key rotation is handled so that restarting the driver is no longer required.

Version 4.0

Review the changes in version 4.0 of the Block Storage for VPC cluster add-on.

Change log for version 4.0.3_793, released 22 November 2021

Review the changes in version 4.0.3_793 of the Block Storage for VPC cluster add-on.

Change log for version 4.0.1_780, released 06 October 2021

Review the changes in version 4.0.1_780 of the Block Storage for VPC cluster add-on.

  • Image tags: v4.0.1
  • Resolves the following CVEs.
  • Updates the storage-secret-sidecar image to v1.1.2.
  • Improves error messaging if iks_token_exchange_endpoint_private_url is invalid or unreachable.
  • Adds new storage classes for OpenShift Data Foundation.
  • Updates to improve the volume attach/detach performance by avoiding unnecessary retries.
  • Fixes an issue where mounting failed with already mounted error.
  • Improves logging when the device path for a volume is not present on worker node.
  • Adds the image label compliance.owner="ibm-armada-storage".

Change log for version 4.0.0_769, released 16 September 2021

Review the changes in version 4.0.0_769 of the Block Storage for VPC cluster add-on.

Change log for version 4.0, released 1 September 2021

Review the changes in version 4.0.0_764 of the Block Storage for VPC cluster add-on.

  • Image tags: v4.0.0
  • Resolves CVE-2021-27218.
  • Updates CSI sidecar images to fix DLA-2542-1, DLA-2509-1, and DLA-2424-1.
  • Updates the sidecar images to the following versions.
    • csi-provisioner: icr.io/ext/sig-storage/csi-provisioner:v2.2.2
    • csi-resizer: icr.io/ext/sig-storage/csi-resizer:v1.2.0
    • csi-attacher: icr.io/ext/sig-storage/csi-attacher:v3.2.1
    • liveness-probe: icr.io/ext/sig-storage/livenessprobe:v2.3.0
    • csi-node-driver-registrar: icr.io/ext/sig-storage/csi-node-driver-registrar:v2.2.0
  • Updates the Golang version from 1.15.12 to 1.16.7
  • Increases the resources to the csi-attacher, csi-resizer, csi-provisioner, ibm-vpc-block-csi-controller, and ibm-vpc-block-csi-node plug-ins to fix containers crashing due to OOM issues.
  • Improves volume attach/detach performance by increasing the worker thread count for the csi-attacher sidecar.
  • Improves error messaging
  • Fixes a bug related to unexpected IAM behavior.
  • Changes the version numbering system to X.X.Y_YYY where X.X is the major version number and .Y_YYY is the patch version number.

Version 3.0.1

Review the changes in version 3.0.1 of the Block Storage for VPC cluster add-on.

Change log for version 3.0.1, released 15 July 2021

Review the change log for version 3.0.1 of the Block Storage for VPC cluster add-on.

Volume expansion in version 3.0.1 is available in beta for allowlisted accounts. Don't use this feature for production workloads.

  • Image tags: v3.0.7
  • Includes beta support for volume expansion on allowlisted accounts.
  • Fixes vulnerability CVE-2021-27219.
  • Includes the storage-secret-sidecar container in the Block Storage for VPC driver pods.

Version 3.0.0

Review the changes in version 3.0.0 of the Block Storage for VPC cluster add-on.

Change log for patch update 3.0.0_521, released 01 April 2021

Review the changes in version 3.0.0_521 of the Block Storage for VPC cluster add-on.

  • Image tags: v3.0.7
  • Updates the Golang version from 1.15.5 to 1.15.9.

Change log for version 3.0.0, released 26 February 2021

Review the changes in version 3.0.0_521 of the Block Storage for VPC cluster add-on.

  • Image tags: v.3.0.0
  • The vpc-block-csi-driver is now available for both managed clusters and unmanaged clusters.
  • No functional changes in this release.

Archive

Find an overview of Block Storage for VPC cluster add-ons that are unsupported in IBM Cloud Kubernetes Service.

Version 2.0.3

Review the changes in version 2.0.3 of the Block Storage for VPC cluster add-on.

Version 2.0.3 is unsupported.

Change log for patch update 2.0.3_471, released 26 January 2021

Review the changes in version 2.0.3_471 of the Block Storage for VPC cluster add-on.

  • Image tags: v.2.0.9
  • Supported cluster versions: 4.3 - 4.6
  • Updated he openssl, openssl-libs, gnutls packages to fix CVE-2020-1971 and CVE-2020-24659.

Change log for patch update 2.0.3_464, released 10 December 2020

Review the changes in version 2.0.3_464 of the Block Storage for VPC cluster add-on.

  • Image tags: v2.0.8
  • New!: Metro storage classes with the volumeBindingMode:WaitForFirstConsumer specification.
  • Resources that are deployed by the add-on now contain a label which links the source code URL and the build URL.
  • The v2.0.8 image is signed.
  • Updates the Go version from 1.15.2 to 1.15.5.

Change log for patch update 2.0.3_404, released 25 November 2020

Review the changes in version 2.0.3_404 of the Block Storage for VPC cluster add-on.

  • Image tags: v2.0.7
  • Fixes vulnerability scan issues.
  • Updates the base image from alpine to UBI.
  • Pods and containers now run as non-root except for the node-server pod's containers.

Change log for patch update 2.0.3_375, released 17 September 2020

Review the changes in version 2.0.3_375 of the Block Storage for VPC cluster add-on.

  • Image tags: v2.0.6
  • Fixes an issue with volume attachment when replacing workers.

Change log for patch update 2.0.3_374+, released 29 August 2020

Review the changes in version 2.0.3_374+ of the Block Storage for VPC cluster add-on.

  • Image tags: v2.0.5
  • Adds the /var/lib/kubelet path for CSI driver calls on OCP 4.4.

Change log for patch update 2.0.3_365, released 05 August 2020

Review the changes in version 2.0.3_365 of the Block Storage for VPC cluster add-on.

  • Image tags: v2.0.4
  • Updates sidecar container images.
  • Adds liveness probe.
  • Enables parallel attachment and detachment of volumes to worker nodes. Previously, worker nodes were attached and detached sequentially.