Skip to content

SSCSI-259: Rebase openshift/main to upstream v1.5.6 for OCP 4.22 #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
chiragkyal wants to merge 26 commits into
base: main
Choose a base branch
from
Open

SSCSI-259: Rebase openshift/main to upstream v1.5.6 for OCP 4.22 #62

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
4a374c5
chore: update to go 1.24.9
aramase Nov 3, 2025
05e0bd9
Merge pull request #1950 from aramase/automated-cherry-pick-of-#1949-…
k8s-ci-robot Nov 6, 2025
3d55662
chore: update to go 1.24.11 and bump golang.org/x/crypto to v0.46.0
aramase Dec 11, 2025
98ee629
Merge pull request #1970 from aramase/aramase/c/go1.24.11_release_1.5
k8s-ci-robot Dec 15, 2025
4b3d15f
chore: bump version to v1.5.5 in release-1.5
aramase Dec 15, 2025
cf67581
Merge pull request #1971 from aramase/aramase/c/bump_release_1.5_v1.5.5
k8s-ci-robot Dec 15, 2025
c1b8120
release: update manifest and helm charts for v1.5.5
aramase Dec 15, 2025
32909fa
Merge pull request #1973 from aramase/automated-cherry-pick-of-#1972-…
k8s-ci-robot Dec 15, 2025
965c958
chore: update to go 1.24.12
aramase Feb 4, 2026
0dedb0e
chore: update to kubectl 1.34.2 in helm-crds image
aramase Feb 4, 2026
c92db61
Merge pull request #1981 from aramase/automated-cherry-pick-of-#1980-…
k8s-ci-robot Feb 4, 2026
ccc4c20
security: bump to go 1.24.13 to resolve CVE-2025-68121
aramase Feb 11, 2026
a6c4e58
Merge pull request #1991 from aramase/aramase/c/go1.24.13
k8s-ci-robot Feb 12, 2026
605661f
chore: bump version to v1.5.6 in release-1.5
aramase Feb 24, 2026
10cafd0
Merge pull request #1998 from aramase/aramase/c/bump_release_1.5_v1.5.6
k8s-ci-robot Feb 24, 2026
a503ce0
release: update manifest and helm charts for v1.5.6
aramase Feb 25, 2026
7ba4394
Merge pull request #2000 from aramase/automated-cherry-pick-of-#1999-…
k8s-ci-robot Feb 26, 2026
90ce1bb
Merge remote-tracking branch 'openshift/main' into rebase-1.5.6
chiragkyal Mar 5, 2026
95def38
UPSTREAM: <carry>: Remove .github directory from downstream
chiragkyal Mar 5, 2026
ccc9be3
UPSTREAM: <carry>: Add OpenShift files
chiragkyal Mar 4, 2025
16568cb
UPSTREAM: <carry>: Make upstream e2e tests compatible with downstream
chiragkyal Mar 4, 2025
2d315c8
UPSTREAM: <carry>: Updating ose-secrets-store-csi-driver-container im…
Dec 19, 2025
6fe83b5
UPSTREAM: <carry>: Update Dockerfile.{bats,e2eprovider} to 4.22
chiragkyal Mar 5, 2026
f602299
UPSTREAM: <drop>: go mod tidy && go mod vendor
chiragkyal Mar 5, 2026
c8559ad
UPSTREAM: <drop>: test/e2eprovide: go mod tidy && go mod vendor
chiragkyal Mar 5, 2026
4842731
UPSTREAM: <drop>: Update go.mod to 1.24.11
chiragkyal Mar 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Dockerfile.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.24-openshift-4.21 AS builder
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.24-openshift-4.22 AS builder
WORKDIR /go/src/github.com/openshift/secrets-store-csi-driver
COPY . .
ENV BATS_VERSION="1.12.0"
Expand Down
4 changes: 2 additions & 2 deletions Dockerfile.e2eprovider
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.24-openshift-4.21 AS builder
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.24-openshift-4.22 AS builder
WORKDIR /go/src/github.com/openshift/secrets-store-csi-driver
COPY . .
RUN make build-e2e-provider

FROM registry.ci.openshift.org/ocp/4.21:base-rhel9
FROM registry.ci.openshift.org/ocp/4.22:base-rhel9
COPY --from=builder /go/src/github.com/openshift/secrets-store-csi-driver/test/e2eprovider/e2e-provider /e2e-provider

LABEL description="Mock provider for Secrets Store CSI Driver"
Expand Down
4 changes: 2 additions & 2 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ E2E_PROVIDER_IMAGE_NAME ?= e2e-provider

# Release version is the current supported release for the driver
# Update this version when the helm chart is being updated for release
RELEASE_VERSION := v1.5.4
IMAGE_VERSION ?= v1.5.4
RELEASE_VERSION := v1.5.6
IMAGE_VERSION ?= v1.5.6

# Use a custom version for E2E tests if we are testing in CI
ifdef CI
Expand Down
4 changes: 2 additions & 2 deletions charts/secrets-store-csi-driver/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
name: secrets-store-csi-driver
version: 1.5.4
appVersion: 1.5.4
version: 1.5.6
appVersion: 1.5.6
kubeVersion: ">=1.16.0-0"
description: A Helm chart to install the SecretsStore CSI Driver inside a Kubernetes cluster.
icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
Expand Down
7 changes: 4 additions & 3 deletions charts/secrets-store-csi-driver/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,12 +33,12 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `fullnameOverride` | String to fully override secrets-store-csi-driver.fullname template with a string | `""` |
| `linux.image.repository` | Linux image repository | `registry.k8s.io/csi-secrets-store/driver` |
| `linux.image.pullPolicy` | Linux image pull policy | `IfNotPresent` |
| `linux.image.tag` | Linux image tag | `v1.5.4` |
| `linux.image.tag` | Linux image tag | `v1.5.6` |
| `linux.image.digest` | Linux image digest, image pull from digest instead of tag if specified | `""` |
| `linux.crds.enabled` | If the CRDs should be managed by the chart | `true` |
| `linux.crds.image.repository` | Linux crds image repository | `registry.k8s.io/csi-secrets-store/driver-crds` |
| `linux.crds.image.pullPolicy` | Linux crds image pull policy | `IfNotPresent` |
| `linux.crds.image.tag` | Linux crds image tag | `v1.5.4` |
| `linux.crds.image.tag` | Linux crds image tag | `v1.5.6` |
| `linux.crds.resources` | The resource request/limits for the linux crds container image | `{}` |
| `linux.crds.podLabels` | Linux *Pod* labels appended to CRD helm hook job pods | `{}` |
| `linux.affinity` | Linux affinity | `key: type; operator: NotIn; values: [virtual-kubelet]` |
Expand Down Expand Up @@ -72,7 +72,7 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `linux.updateStrategy` | Configure a custom update strategy for the daemonset on linux nodes | `RollingUpdate with 1 maxUnavailable` |
| `windows.image.repository` | Windows image repository | `registry.k8s.io/csi-secrets-store/driver` |
| `windows.image.pullPolicy` | Windows image pull policy | `IfNotPresent` |
| `windows.image.tag` | Windows image tag | `v1.5.4` |
| `windows.image.tag` | Windows image tag | `v1.5.6` |
| `windows.image.digest` | Windows image digest, image pull from digest instead of tag if specified | `""` |
| `windows.affinity` | Windows affinity | `key: type; operator: NotIn; values: [virtual-kubelet]` |
| `windows.driver.resources` | The resource request/limits for the windows secrets-store container image | `limits: 400m CPU, 400Mi; requests: 50m CPU, 100Mi` |
Expand Down Expand Up @@ -116,3 +116,4 @@ The following table lists the configurable parameters of the csi-secrets-store-p
| `providerHealthCheckInterval` | Provider healthcheck interval duration | `2m` |
| `imagePullSecrets` | One or more secrets to be used when pulling images | `""` |
| `tokenRequests` | Token requests configuration for the csi driver. Refer to [doc](https://kubernetes-csi.github.io/docs/token-requests.html) for more info. Supported only for Kubernetes v1.20+ | `""` |
| `automountServiceAccountToken` | Controls whether a service account token should be automatically mounted on the Pod spec | `true` |
1 change: 1 addition & 0 deletions charts/secrets-store-csi-driver/templates/secrets-store-csi-driver-windows.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ spec:
{{ toYaml .Values.windows.podAnnotations | indent 8 }}
{{- end }}
spec:
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
serviceAccountName: secrets-store-csi-driver
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
Expand Down
1 change: 1 addition & 0 deletions charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ spec:
{{ toYaml .Values.linux.podAnnotations | indent 8 }}
{{- end }}
spec:
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
serviceAccountName: secrets-store-csi-driver
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
Expand Down
10 changes: 7 additions & 3 deletions charts/secrets-store-csi-driver/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@ linux:
enabled: true
image:
repository: registry.k8s.io/csi-secrets-store/driver
tag: v1.5.4
tag: v1.5.6
#digest: sha256:
pullPolicy: IfNotPresent

crds:
enabled: true
image:
repository: registry.k8s.io/csi-secrets-store/driver-crds
tag: v1.5.4
tag: v1.5.6
pullPolicy: IfNotPresent
## Optionally override resource limits for crd hooks(jobs)
resources: {}
Expand Down Expand Up @@ -110,7 +110,7 @@ windows:
enabled: false
image:
repository: registry.k8s.io/csi-secrets-store/driver
tag: v1.5.4
tag: v1.5.6
#digest: sha256:
pullPolicy: IfNotPresent

Expand Down Expand Up @@ -239,6 +239,10 @@ tokenRequests: []
# - audience: aud1
# - audience: aud2

## automountServiceAccountToken controls whether a service account token
## should be automatically mounted on the Pod spec
automountServiceAccountToken: true

# -- Labels to apply to all resources
commonLabels: {}
# team_name: dev
2 changes: 1 addition & 1 deletion deploy/secrets-store-csi-driver-windows.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ spec:
cpu: 100m
memory: 100Mi
- name: secrets-store
image: registry.k8s.io/csi-secrets-store/driver:v1.5.4
image: registry.k8s.io/csi-secrets-store/driver:v1.5.6
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
Expand Down
2 changes: 1 addition & 1 deletion deploy/secrets-store-csi-driver.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ spec:
cpu: 10m
memory: 20Mi
- name: secrets-store
image: registry.k8s.io/csi-secrets-store/driver:v1.5.4
image: registry.k8s.io/csi-secrets-store/driver:v1.5.6
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
Expand Down
2 changes: 1 addition & 1 deletion docker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

ARG BASEIMAGE=registry.k8s.io/build-image/debian-base:bookworm-v1.0.6

FROM golang:1.24.7@sha256:87916acb3242b6259a26deaa7953bdc6a3a6762a28d340e4f1448e7b5c27c009 AS builder
FROM golang:1.24.13@sha256:d2d2bc1c84f7e60d7d2438a3836ae7d0c847f4888464e7ec9ba3a1339a1ee804 AS builder
WORKDIR /go/src/sigs.k8s.io/secrets-store-csi-driver
ADD . .
ARG TARGETARCH
Expand Down
2 changes: 1 addition & 1 deletion docker/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
REGISTRY?=docker.io/deislabs
IMAGE_NAME=driver
CRD_IMAGE_NAME=driver-crds
IMAGE_VERSION?=v1.5.4
IMAGE_VERSION?=v1.5.6
BUILD_TIMESTAMP := $(shell date +%Y-%m-%d-%H:%M)
BUILD_COMMIT := $(shell git rev-parse --short HEAD)
IMAGE_TAG=$(REGISTRY)/$(IMAGE_NAME):$(IMAGE_VERSION)
Expand Down
2 changes: 1 addition & 1 deletion docker/crd.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
# limitations under the License.

FROM alpine as builder
ARG KUBE_VERSION=v1.34.1
ARG KUBE_VERSION=v1.34.3
ARG TARGETARCH

RUN apk add --no-cache curl && \
Expand Down
2 changes: 1 addition & 1 deletion docker/windows.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ ARG BASEIMAGE_CORE=gcr.io/k8s-staging-e2e-test-images/windows-servercore-cache:1

FROM --platform=linux/amd64 ${BASEIMAGE_CORE} AS core

FROM --platform=$BUILDPLATFORM golang:1.24.7@sha256:87916acb3242b6259a26deaa7953bdc6a3a6762a28d340e4f1448e7b5c27c009 AS builder
FROM --platform=$BUILDPLATFORM golang:1.24.13@sha256:d2d2bc1c84f7e60d7d2438a3836ae7d0c847f4888464e7ec9ba3a1339a1ee804 AS builder
WORKDIR /go/src/sigs.k8s.io/secrets-store-csi-driver
ADD . .
ARG TARGETARCH
Expand Down
21 changes: 9 additions & 12 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module sigs.k8s.io/secrets-store-csi-driver

go 1.24.6
go 1.24.11

require (
github.com/container-storage-interface/spec v1.6.0
Expand All @@ -25,21 +25,17 @@ require (
sigs.k8s.io/controller-runtime v0.14.6
)

require (
github.com/blang/semver/v4 v4.0.0 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
)

require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/blang/semver/v4 v4.0.0 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/emicklei/go-restful/v3 v3.9.0 // indirect
github.com/evanphx/json-patch v4.12.0+incompatible // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/go-logr/logr v1.2.4 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-logr/zapr v1.2.3 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.1 // indirect
Expand Down Expand Up @@ -75,12 +71,12 @@ require (
go.uber.org/atomic v1.10.0 // indirect
go.uber.org/multierr v1.8.0 // indirect
go.uber.org/zap v1.24.0 // indirect
golang.org/x/crypto v0.36.0
golang.org/x/net v0.38.0 // indirect
golang.org/x/crypto v0.46.0
golang.org/x/net v0.47.0 // indirect
golang.org/x/oauth2 v0.27.0 // indirect
golang.org/x/sys v0.31.0 // indirect
golang.org/x/term v0.30.0 // indirect
golang.org/x/text v0.23.0 // indirect
golang.org/x/sys v0.39.0 // indirect
golang.org/x/term v0.38.0 // indirect
golang.org/x/text v0.32.0 // indirect
golang.org/x/time v0.3.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
Expand All @@ -90,6 +86,7 @@ require (
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiextensions-apiserver v0.26.4 // indirect
k8s.io/component-base v0.26.4 // indirect
k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
Expand Down
Loading