Notable changes to the BeeGFS CSI driver will be documented in this file.
- Support for BeeGFS v7.4.2 and Kubernetes v1.28.
- Support for arm64 and official multi-arch container images for all supported platforms (linux/amd64 and linux/arm64).
- Kubernetes v1.25 and v1.26 support will be dropped in the next driver release according to our support policy.
- Support/testing for Kubernetes v1.23 and v1.24.
- Support for Kubernetes 1.26 and 1.27.
- Support for BeeGFS v7.3.4 and v7.4.0.
- Support for binary connAuthFile secrets utilizing base64 encoding.
- Migrated project to the ThinkParQ GitHub organization.
- Updated deployment manifests to accommodate new container registries. See the
upgrade instructions if you were
previously overriding image names or tags with a Kustomize overlay.
- BeeGFS CSI driver container images have been migrated from DockerHub to
GitHub Container Registry. This changes the default driver container name from
docker.io/netapp/beegfs-csi-drivertoghcr.io/thinkparq/beegfs-csi-driver:v1.5.0. - Kubernetes CSI sidecar
containers
have been migrated from
k8s.gcr.iotoregistry.k8s.iosince the former has been deprecated.
- BeeGFS CSI driver container images have been migrated from DockerHub to
GitHub Container Registry. This changes the default driver container name from
- Kubernetes v1.23 and v1.24 support will be dropped in the next driver release according to our support policy.
- Testing/support for RedHat OpenShift.
- See the compatibility documentation for more information about this change.
- Testing/support for Kubernetes v1.22 and BeeGFS v7.2.x.
- Support for RedHat OpenShift v4.11.
- Support for BeeGFS v7.3.2 and BeeGFS v7.2.8.
- Support for Kubernetes v1.25.
- Added default container resource requests and limits along with documentation for how to modify the resource specifications.
- Container images will now be signed with Cosign. Documentation on how to verify the signatures has been added to the deployment guide and the operator README.
- Added documentation for read-only volumes.
- Updated the project to adhere to v1.7.0 of the CSI specification.
- Updated the operator-sdk used to v1.25.0
- Changed the default driver container name from
netapp/beegfs-csi-drivertodocker.io/netapp/beegfs-csi-driver. See the upgrade instructions if you were previously overriding this name with a Kustomize overlay. - Improved testing for Nomad deployments.
- Updated Nomad documentation to reflect Alpha maturity level.
- Kubernetes v1.22 support will be dropped in the next driver release according to our support policy.
- Implemented verification of user provided stripePattern values.
- Default container logs will now be from the driver instead of csi-provisioner when executing "kubectl log" commands.
- Support for Kubernetes v1.21.
- Support for RedHat OpenShift v4.10.
- Mitigated CVE-2022-28948 by upgrading go-yaml to v3.0.1.
- Mitigated CVE-2022-27664 by upgrading Go to v1.18.7.
- Support for Kubernetes v1.24.
- Support for BeeGFS v7.3.1 and BeeGFS v7.2.7. See the new Notable BeeGFS Client Parameters and BeeGFS Helperd Configuration sections in the deployment guide for important notes when upgrading BeeGFS to these versions.
- The Readme now includes links to demo videos for a quick start guide, the dynamic provisioning workflow, and the static provisioning workflow.
- Generalized Nomad deployment and example manifests that work on Nomad v1.3.3 and greater.
- Updated the project to adhere to v1.6.0 of the CSI specification.
- Updated the operator-sdk used to v1.22.2
- Changed the default BeeGFS mount options
to include the
nosuidmount option. - Refactor validation of parameters for CreateVolume and ValidateVolumeCapabilities.
- We are now checking for the BeeGFS client kernel module earlier in the driver initialization process in order to better identify potential driver initialization failures.
- Replaced usage of k8s.io/utils/mount to use k8s.io/mount-utils instead.
- Kubernetes v1.21 support will be dropped in the next driver release according to our support policy.
- Removed duplicate messages that were occurring in the driver logs for certain errors.
- Support for BeeGFS v7.1.x.
- Support for Kubernetes v1.20.
- Single node Nomad deployment and example manifests that worked before Nomad v1.3.0.
- Mitigated CVE-2022-1996 by upgrading go-restful to v2.16.0
- Mitigated CVE-2022-29526, CVE-2022-30629, and CVE-2022-32189 by upgrading to Go v1.17.13
- Support for BeeGFS v7.2.6, BeeGFS v7.3.0, Kubernetes v1.23, and RedHat OpenShift v4.10.
- Basic support for SELinux-enabled nodes.
- Experimental support for deploying the BeeGFS client to OpenShift RHCOS nodes. The driver is still only officially supported in OpenShift on RHEL nodes.
- The driver now fails in initialization if it does not detect a running BeeGFS client kernel module. Previously it would not fail until it served the first request.
- If the
client-conf-template-pathcommand line parameter is not specified, the driver now looks for a beegfs-client.conf file in multiple expected locations. It still looks in the previous default location/etc/beegfs/beegfs-client.conffirst.
- Support (testing) for BeeGFS v7.1.5 (to be removed in the next release).
- Slow but successful CreateVolume operations may never return an OK status within the time frame that the client is listening. This typically only occurs in environments with misconfigured BeeGFS networking.
- ValidateVolumeCapabilities returns an INTERNAL error code when an invalid volume ID is included in a request instead of a NOT_FOUND error code (as required by the CSI spec).
- DeleteVolume returns an INTERNAL error code when an invalid volume ID is included in a request instead of OK (as required by the CSI spec).
- Minor issues related to end-to-end testing.
- Support (testing) for BeeGFS v7.2.5, Kubernetes v1.19, and RedHat OpenShift v4.9.
- Mitigated CVE-2022-23772 by upgrading to Go v1.17.9.
- Completed a threat model of the controller service and made minor documentation improvements in response.
- Support for BeeGFS v7.2.5, Kubernetes v1.22, and RedHat OpenShift v4.9.
- The ability to persist state in BeeGFS using a .csi/ directory structure that
exists alongside dynamically provisioned volumes in their
volDirBasePath. This is automatically enabled by default but can be optionally disabled.
- Common causes of orphaned BeeGFS
mounts being left on Kubernetes nodes
(listed as a known issue in v1.2.0) by maintaining a record of nodes with
active BeeGFS mounts for each volume in the new .csi/ directory and falling
back on a newly added timeout (
--node-unstage-timeout) when needed.
Note: The BeeGFS CSI driver is written in Golang and does not import or implement any functionality that makes it susceptible to the recent Log4j vulnerability threat. For more details please refer to NetApp's official response.
- A new BeeGFS CSI Driver Operator as an option to deploy and manage the lifecycle of the driver. This allows for a more seamless discovery and installation experience from clusters running Operator Lifecycle Manager (OLM).
- Documentation and job specifications showing how to
deploy the driver to HashiCorp Nomad.
- Note: At this time the BeeGFS CSI driver does not officially support Nomad. These are being provided as an example for others who might want to experiment with using BeeGFS and Nomad, in particular anyone interested in contributing to any future efforts around Nomad.
- Documentation on how to deploy the driver to Kubernetes clusters where some nodes can access BeeGFS volumes, and some cannot.
- Support for BeeGFS v7.2.4, Kubernetes v1.21, and RedHat OpenShift v4.8.
- Support for specifying BeeGFS mount options on a persistent volume or storage class.
- Information on how to contribute to the project.
- Greatly improved performance of end-to-end testing by parallelizing many tests and being more selective about when certain tests run.
- Updated the project to adhere to v1.5.0 of the CSI specification.
- Automated tests failing in a confusing manner when
csi-beegfs-config.yamlis empty.
- In some instances Kubernetes has been observed to call
DeleteVolumeprior toNodeUnpublishVolumeandNodeUnstageVolume. This has the effect of leaving behind BeeGFS mount points on Kubernetes nodes for volumes that no longer exist in the Kubernetes API or BeeGFS. Over time if enough "orphaned" mounts accrue, the Kubernetes node may become unstable. To date this has only been observed as part of end-to-end testing, and is suspected to be either a side effect of how the E2E test framework interacts with Kubernetes, or a bug within Kubernetes itself.
- Automated end-to-end (E2E) testing leveraging the Kubernetes E2E framework.
- Support for BeeGFS Connection Based Authentication.
- Support for BeeGFS v7.2.1 and Kubernetes v1.18 and v1.20.
- The ability to specify permissions in BeeGFS from Storage Classes in Kubernetes. This simplifies integration with BeeGFS quotas.
- Explicitly set the CSI driver's
fsGroupPolicytoNonedisabling fsGroup support to prevent time consuming and/or unintended permissions and ownership changes on Kubernetes clusters that support this parameter. - Improved logging, in particular simplifying identification of logs associated with a particular request.
- Updated the project to use Golang 1.16.
- A race condition when creating volumes where slow running beegfs-ctl commands could prevent volume creation.
- The error returned on NodeStageVolume to align with the CSI spec when we fail to stage a volume because the driver can't find it.
NOTE: The BeeGFS CSI Driver undergoes extensive security scanning before each release, and third party components with identified security issues will be updated before each release regardless if they are exploitable in the driver. Going forward only security issues deemed to be exploitable will be noted in the changelog.
- Updated default deployment manifests to account for environments where the SYS_ADMIN capability is insufficient for the controller pod to mount BeeGFS when cleaning up deleted volumes (for example when AppArmor is in use).
- Updated Dockerfile to use Alpine 3.13.2 which mitigates an OpenSSL vulnerability (CVE-2021-23840).
- Initial Release