STOR-2758: Rebase to upstream v6.2.0 for OCP 4.22#121
Merged
openshift-merge-bot[bot] merged 42 commits intoopenshift:masterfrom Mar 11, 2026
Merged
STOR-2758: Rebase to upstream v6.2.0 for OCP 4.22#121openshift-merge-bot[bot] merged 42 commits intoopenshift:masterfrom
openshift-merge-bot[bot] merged 42 commits intoopenshift:masterfrom
Conversation
Bumps [github.com/mailru/easyjson](https://github.com/mailru/easyjson) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/mailru/easyjson/releases) - [Commits](mailru/easyjson@v0.9...v0.9.1) --- updated-dependencies: - dependency-name: github.com/mailru/easyjson dependency-version: 0.9.1 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Add Urgent Upgrade Notes for 6.0.0
Update Urgent Upgrade Notes
GenerateAccessibilityRequirements tries to get the Node and CSINode objects but if they are missing (because they were deleted), then the provisioning will fail with ProvisioningNoChange which means that it will potentially be retried forever if the node never comes back because nothing is removing the selected-node annotation anymore. This commit makes it so that Not Found api errors are properly caught and when it's the case, ProvisioningReschedule is returned to tell the scheduler to try a new node. This matches the previous implementation in the external-provisioner lib (https://github.com/kubernetes-sigs/sig-storage-lib-external-provisioner/pull/194/files#diff-3c5bb5f48211873c58fcba055dcae2ac7b1958969219e06e1508d76d485dace7L1496-L1498) Signed-off-by: Baptiste Girard-Carrabin <baptiste.girardcarrabin@datadoghq.com>
The ControllerModifyVolume CSI procedure should be able to receive credentials if the storage provider requires them. The values of the following keys in the StorageClass are copied into annotations of the PersistentVolume: - csi.storage.k8s.io/controller-modify-secret-name > volume.kubernetes.io/controller-modify-secret-name - csi.storage.k8s.io/controller-modify-secret-namespace > volume.kubernetes.io/controller-modify-secret-namespace The external-resizer can use these annotations to resolve the secret that needs to be passed in ControllerModifyVolume.
…ule-node-not-exist [controller] Reschedule provisioning if node is missing
Add CHANGELOG-6.1
Check for finalizers on VolumeSnapshot to differentiate between provisioning that has already started vs new provisioning attempts. When a VolumeSnapshot has DeletionTimestamp set: - If it has finalizers: provisioning was started before deletion, continue to prevent resource leaks. The external-snapshotter adds finalizers when a snapshot is used as a data source. - If it has no finalizers: this is a new provisioning attempt, reject with an error. This ensures the CSI driver can complete in-flight provisioning operations and properly clean up resources, while preventing new provisioning from snapshots that are being deleted.
Allow provisioning to proceed to prevent leaking resources
…tools/k8s-1.34 Update to latest release-tools to address Docker and Kind deployment failures.
b12e407cc Merge pull request kubernetes-csi#289 from nixpanic/k8s-v1.34 bbe5e547e Use Kubernetes v1.34 and Kind v0.30 by default 4e9eb2c9e Merge pull request kubernetes-csi#288 from gnufied/add-gnufied-for-csi-approver 064e260d9 Add myself as csi approver c852fa797 Merge pull request kubernetes-csi#287 from andyzhangx/patch-7 bce16c103 fix: upgrade to go1.24.11 to fix CVE-2025-61727 8d1258cce Merge pull request kubernetes-csi#286 from kubernetes-csi/dependabot/github_actions/actions/checkout-6 91e35981a Bump actions/checkout from 5 to 6 294138155 Merge pull request kubernetes-csi#285 from andyzhangx/patch-6 fa8b339e9 fix: upgrade to go1.24.9 to fix CVEs git-subtree-dir: release-tools git-subtree-split: b12e407cc9556acf6702ed8745d3f8a29c9169bb
…s-1.34 Rebase release-tools to use Kubernetes v1.34 by default
Add secret reference in PV annotations for ControllerModifyVolume
…lake Fix provisioner flake in topology tests
…tion finalizer on VolumeSnapshot as Source
Add a finalizer on VolumeSnapshot as Source
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v5.0.0...v6.0.2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Eddie Torres <torredil@amazon.com>
…/github_actions/actions/checkout-6.0.2 build(deps): bump actions/checkout from 5.0.0 to 6.0.2
…/go_modules/github.com/mailru/easyjson-0.9.1 build(deps): bump github.com/mailru/easyjson from 0.9.0 to 0.9.1
Fix topology cache corruption on retry
1e81e752e Merge pull request kubernetes-csi#293 from andyzhangx/patch-9 4dc185057 fix: upgrade to go1.25.7 to fix CVE-2025-61727 b60b9a507 Merge pull request kubernetes-csi#292 from andyzhangx/patch-8 0e4e2ed0d Update Go version from 1.25.5 to 1.25.6 to fix CVE 707a99eca Merge pull request kubernetes-csi#291 from dfajmon/logcheck a9d2b0fb3 Bump logcheck to v0.10.0 d6846630b Merge pull request kubernetes-csi#290 from dfajmon/go-1.25.5 55e527c49 Bump golang to 1.25.5 git-subtree-dir: release-tools git-subtree-split: 1e81e752e87e027311be882279eac9e292705aa5
refactor: use common sidecar flags functionality
remove general availability feature gate HonorPVReclaimPolicy
Bump k8s dependencies to v1.35.0
Add changelog for 6.2
And remove .github Additional changes: update .ci-operator.yaml and Dockerfile.openshift.rhel7
openshift-ci-robot
added
the
jira/valid-reference
|
@dfajmon: This pull request references STOR-2758 which is a valid jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dfajmon The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
Bot
added
the
approved
Author
|
/retest |
|
@dfajmon: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
jsafrane
reviewed
Mar 10, 2026
|
/lgtm |
|
CI results look good, which should be sufficient for merging from QE side. |
openshift-ci-robot
added
the
verified
|
@duanwei33: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
18 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue link
https://issues.redhat.com/browse/STOR-2758
Diff to upstream v6.2.0
kubernetes-csi/external-provisioner@v6.2.0...dfajmon:rebase-v6.2.0
Notes for reviewers
Summary of changes
Major Features
csi.storage.k8s.io/controller-modify-secret-nameandcsi.storage.k8s.io/controller-modify-secret-namespaceto reference the credentials that should be used to modify a volume according to the parameters of a VolumeAttributeClass (#1440)Notable Bug Fixes
CVE Fixes
CVE-2025-68121
Upstream changelogs
Full changelog
kubernetes-csi/external-provisioner@v6.0.0...v6.2.0
Last rebase
#117
@openshift/storage