Skip to content

[DO NOT MERGE] STOR-2767: Rebase to upstream v2.3.0 for OCP 4.22#109

Open
dfajmon wants to merge 179 commits intoopenshift:masterfrom
dfajmon:rebase-v2.3.0
Open

[DO NOT MERGE] STOR-2767: Rebase to upstream v2.3.0 for OCP 4.22#109
dfajmon wants to merge 179 commits intoopenshift:masterfrom
dfajmon:rebase-v2.3.0

Conversation

@dfajmon
Copy link
Copy Markdown

@dfajmon dfajmon commented Feb 18, 2026

Issue link
https://issues.redhat.com/browse/STOR-2767

Diff to upstream v2.3.0
kubernetes-sigs/aws-efs-csi-driver@v2.3.0...dfajmon:rebase-v2.3.0

Notes for reviewers

Summary of changes

Major Features

  • Add cross-account EFS support with externalId (#1690)
  • Add filesystem ID resolution from ConfigMaps and Secrets (#1724)
  • Add force unmount after timeout option (#1710, #1751)
  • Add CSI topology support for One Zone EFS (#1761)
  • Add emptyDir configuration support for sizeLimit and medium (#1727)
  • Add whitespace support in tag keys and values (#1716)
  • Add revisionHistoryLimit support in Helm charts (#1760)
  • Add opt-in parameter to disable node mutation permissions (#1737)
  • Add concurrency control arguments (#1706)

Notable Bug Fixes

  • Fix startup taint removal verification to prevent false positives (#1774)
  • Fix PosixUser.Uid setting in ListAccessPoints (#1707)
  • Update EFS utils configuration for EU region DNS (#1742, #1737)
  • Update Dockerfile for new efs-utils dependencies (#1736)
  • Allow colon character in tags with escape character (#1693)

CVE Fixes

  • Upgrade Go to 1.25.0 (#1697)
  • Upgrade Go to 1.25.5 for high-severity CVE fixes (#1763)
  • Upgrade k8s.io/kubernetes from v1.33.4 to v1.33.6 (#1781)
  • Fix OpenSSL CVEs (#1775)
  • Fix sidecar CVEs (#1779, #1694, #1758)
  • Upgrade aws-sdk-go-v2 to latest version (#1729)

Upstream changelogs

https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/CHANGELOG-2.x.md

Full changelog

kubernetes-sigs/aws-efs-csi-driver@v2.1.11...v2.3.0

Last rebase

#106

@openshift/storage

thakurmi and others added 30 commits February 10, 2025 16:39
@thakurmi
Post Release 2.1.5
400f8d4
@k8s-ci-robot
Merge pull request kubernetes-sigs#1583 from thakurmi/master
9d460ca 
Post Release 2.1.5
@dankova22
Remove libwrap=no from stunnel config on startup for newer stunnel co…
912b94a 
…mpatibility
@k8s-ci-robot
Merge pull request kubernetes-sigs#1585 from dankova22/stunnel-watchdog
8928fad 
Remove libwrap=no from stunnel config on startup for newer stunnel co…
@dankova22
Pre release PR for 2.1.6
f4f59f5
@k8s-ci-robot
Merge pull request kubernetes-sigs#1587 from dankova22/pr-rel-2.1.6
e88bcd3 
Pre release PR for 2.1.6
@dankova22
Post release PR 2.1.6
3ba2710
@k8s-ci-robot
Merge pull request kubernetes-sigs#1589 from dankova22/post-rel-2.1.6
4a6fb91 
Post release PR 2.1.6
@mskanth972
Update K8s version to mitigate CVE-2025-0426
e4e9966
@dankova22
Add dankova22 to approvers
d49c127
@mskanth972
Merge pull request kubernetes-sigs#1595 from dankova22/danwkova-owner
8a2129b 
Add dankova22 to approvers
@dluthcke
Updating sidecar versions
41c4738
@k8s-ci-robot
Merge pull request kubernetes-sigs#1596 from dluthcke/updatesidecars
9c4adc3 
Updating sidecar versions
@mskanth972
Merge pull request kubernetes-sigs#1594 from mskanth972/K8supp
962a967 
Update K8s version to mitigate CVE-2025-0426
@dluthcke
Update README.md to include uninstall instructions
6ebde96
@k8s-ci-robot
Merge pull request kubernetes-sigs#1597 from dluthcke/patch-1
9931431 
Update README.md to include uninstall instructions
@dluthcke
Clarifying Note when uninstalling CSI driver
a5b3ca0
@k8s-ci-robot
Merge pull request kubernetes-sigs#1599 from dluthcke/readme-update
b4e100d 
Clarifying Note when uninstalling CSI driver
@dluthcke
Adding additional checks and multi threaded testing to ensure concurr…
76324ab 
…ent createVolume and deleteVolume calls are handled correctly
@k8s-ci-robot
Merge pull request kubernetes-sigs#1592 from dluthcke/volume-create-d…
6b2a4a5 
…elete-hardening

Volume create delete hardening
@dankova22
Pre release PR for 2.1.7
1cefe8e
@k8s-ci-robot
Merge pull request kubernetes-sigs#1604 from dankova22/pre-release-2.1.7
7628c19 
Pre release PR for 2.1.7
@dankova22
Post release PR 2.1.7
d6774e1
@k8s-ci-robot
Merge pull request kubernetes-sigs#1607 from dankova22/post-release-2…
68516b7 
….1.7

Post release PR 2.1.7
@kunalmemane
CVE-2025-22869: bump golang.org/x/crypto to v0.35.0
b0fab03
@k8s-ci-robot
Merge pull request kubernetes-sigs#1611 from kunalmemane/CVE-2025-22869
ee80ddd 
CVE-2025-22869: bump golang.org/x/crypto to v0.35.0
@thakurmi
fix centos image in pod config examples
f709956
@dankova22
Clean install openssl and standardize eks distro
a8ad541
@dankova22
Merge pull request kubernetes-sigs#1619 from dankova22/open-ssl-fix
251ada6 
Fix OpenSSL version mismatch
@jrakas-dev
Remove unused workflow that publishes images to dockerhub
d3b5b3c
YangjinanHu and others added 15 commits December 30, 2025 18:46
@YangjinanHu
Fix Sidecar CVEs
3b1a9bf
@k8s-ci-robot
Merge pull request kubernetes-sigs#1779 from YangjinanHu/fix_sidecar_cve
392aadf 
Fix Sidecar CVEs
@aliyajo
fix: Add CSI topology for One Zone EFS (kubernetes-sigs#1761)
17fd6a8 
Implements CSI topology specification to fix One Zone EFS scheduling in multi-AZ clusters.

When enableZoneConstraints=true, queries EFS availability zone and returns
AccessibleTopology constraints to ensure pods are scheduled in correct zone.

Ref: https://kubernetes-csi.github.io/docs/topology.html
@k8s-ci-robot
Merge pull request kubernetes-sigs#1774 from aliyajo/startup-taint
06628af 
fix: verify startup taint removal after patch to prevent false positives
@DavidXU12345
Upgrade k8s.io/kubernetes from v1.33.4 to v1.33.6 to fix CVE
707a043
@k8s-ci-robot
Merge pull request kubernetes-sigs#1771 from DavidXU12345/release-wor…
d09a5ff 
…kflow-improve

fix: github release workflow
@k8s-ci-robot
Merge pull request kubernetes-sigs#1772 from DavidXU12345/update-docs
4d89bf2 
Update docs: Follow semver and support deploy using version tags
@k8s-ci-robot
Merge pull request kubernetes-sigs#1781 from DavidXU12345/upgrade-go-…
95528d0 
…dependencies

Upgrade k8s.io/kubernetes from v1.33.4 to v1.33.6 to fix CVE
@samuhale
Pre-release v2.3.0
8b568c4
@k8s-ci-robot
Merge pull request kubernetes-sigs#1785 from samuhale/release-2.3
2b7fc01 
Pre-release v2.3.0
@DavidXU12345
Post release v2.3.0
e63536c
@k8s-ci-robot
Merge pull request kubernetes-sigs#1788 from DavidXU12345/release-2.3
a5cd66f 
[POST-RELEASE v2.3.0]
@dfajmon
Merge remote-tracking branch 'openshift/master' into rebase-v2.3.0
5a3b00d
@RomanBednar @dfajmon
UPSTREAM: <carry>: Add OpenShift files
5637632 
Additional changes:

- remove .github files
- do not overwrite GOARCH in makefile
- go mod tidy && go mod vendor
@dfajmon
UPSTREAM: 1735: Update go.mod for passing 'go list -mod=readonly -m all'
b1b4d61
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Feb 18, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Feb 18, 2026
edited by openshift-ci bot
Loading

@dfajmon: This pull request references STOR-2767 which is a valid jira issue.

Details

In response to this:

Issue link
https://issues.redhat.com/browse/STOR-2767

Diff to upstream v2.3.0
kubernetes-sigs/aws-efs-csi-driver@v2.3.0...dfajmon:rebase-v2.3.0

Notes for reviewers

Summary of changes

Major Features

  • Add cross-account EFS support with externalId (#1690)
  • Add filesystem ID resolution from ConfigMaps and Secrets (#1724)
  • Add force unmount after timeout option (#1710, #1751)
  • Add CSI topology support for One Zone EFS (#1761)
  • Add emptyDir configuration support for sizeLimit and medium (#1727)
  • Add whitespace support in tag keys and values (#1716)
  • Add revisionHistoryLimit support in Helm charts (#1760)
  • Add opt-in parameter to disable node mutation permissions (#1737)
  • Add concurrency control arguments (#1706)

Notable Bug Fixes

  • Fix startup taint removal verification to prevent false positives (#1774)
  • Fix PosixUser.Uid setting in ListAccessPoints (#1707)
  • Update EFS utils configuration for EU region DNS (#1742, #1737)
  • Update Dockerfile for new efs-utils dependencies (#1736)
  • Allow colon character in tags with escape character (#1693)

CVE Fixes

  • Upgrade Go to 1.25.0 (#1697)
  • Upgrade Go to 1.25.5 for high-severity CVE fixes (#1763)
  • Upgrade k8s.io/kubernetes from v1.33.4 to v1.33.6 (#1781)
  • Fix OpenSSL CVEs (#1775)
  • Fix sidecar CVEs (#1779, #1694, #1758)
  • Upgrade aws-sdk-go-v2 to latest version (#1729)

Upstream changelogs

https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/CHANGELOG-2.x.md

Full changelog

kubernetes-sigs/aws-efs-csi-driver@v2.1.11...v2.3.0

Last rebase

#106

@openshift/storage

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Feb 18, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dfajmon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 18, 2026
@dfajmon
Copy link
Copy Markdown
Author

dfajmon commented Feb 18, 2026

/hold
waiting for go 1.25

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Feb 18, 2026
@dfajmon
Copy link
Copy Markdown
Author

dfajmon commented Feb 24, 2026

/test verify

@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Feb 24, 2026
edited
Loading

@dfajmon: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/security b1b4d61 link false /test security

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@Phaow
Copy link
Copy Markdown

Phaow commented Mar 6, 2026

/retest-required

@dobsonj
Copy link
Copy Markdown
Member

dobsonj commented Mar 6, 2026
edited by openshift-ci bot
Loading

/retitle DO NOT MERGE: STOR-2767: Rebase to upstream v2.3.0 for OCP 4.22

@openshift-ci openshift-ci bot changed the title STOR-2767: Rebase to upstream v2.3.0 for OCP 4.22 DO NOT MERGE: STOR-2767: Rebase to upstream v2.3.0 for OCP 4.22 Mar 6, 2026
@dobsonj
Copy link
Copy Markdown
Member

dobsonj commented Mar 6, 2026
edited by openshift-ci bot
Loading

/retitle [DO NOT MERGE] STOR-2767: Rebase to upstream v2.3.0 for OCP 4.22

@openshift-ci openshift-ci bot changed the title DO NOT MERGE: STOR-2767: Rebase to upstream v2.3.0 for OCP 4.22 [DO NOT MERGE] STOR-2767: Rebase to upstream v2.3.0 for OCP 4.22 Mar 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dobsonj dobsonj Awaiting requested review from dobsonj

@RomanBednar RomanBednar Awaiting requested review from RomanBednar

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.