vmware-tanzu
/
velero
mirror of https://github.com/vmware-tanzu/velero.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
5,173 Commits
33 Branches
161 Tags
104 MiB
Commit Graph

98 Commits (e68dca0112724c4b8af924f55be704831d4dae44)

Author SHA1 Message Date
Tiger Kaovilai 8cb04bba33
CVE-2024-45337 CVE-2024-45338 
Replaces #8514

Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>
 2024-12-21 00:59:48 +07:00
Lyndon-Li 3cd85f5b43 ping kopia to 0.18.2 
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
 2024-12-03 13:06:26 +08:00
Wenkai Yin(尹文开) 8320df44fd
Merge pull request #8275 from ywk253100/241008_discovery 
Bump up version of client-go and controller-runtime
 2024-10-28 13:51:17 +08:00
Lyndon-Li 9d5bb455a6 bump up kopia for 1.15 
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
 2024-10-16 15:45:05 +08:00
Wenkai Yin(尹文开) 0a4e417aab Bump up version of client-go and controller-runtime 
Bump up version of client-go to v0.30.5
Bump up version of controller-runtime to v0.18.5

Fixes #8274

Signed-off-by: Wenkai Yin(尹文开) <yinw@vmware.com>
 2024-10-08 18:53:12 +08:00
Xun Jiang/Bruce Jiang bf6215c894
Merge pull request #7793 from kaovilai/upgrade_robfig/cron/v3 
Upgrade to robfig/cron/v3 to support time zone specification
 2024-09-11 14:02:58 +08:00
Lyndon-Li a80c9359bf bump up kopia 
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
 2024-08-29 13:10:08 +08:00
Xun Jiang 7a3b947961 Bump Ginkgo to v2. 
Signed-off-by: Xun Jiang <blackpigletbruce@gmail.com>
 2024-07-17 15:31:23 +08:00
Tiger Kaovilai 6c8d051269
Upgrade to robfig/cron/v3 to support time zone specification 
Breaking change (can be mitigated if needed in the future):  v1 branch accepted an optional seconds field at the beginning of the cron spec. This is non-standard and has led to a lot of confusion. The new default parser conforms to the standard as described by [the Cron wikipedia page.](https://en.wikipedia.org/wiki/Cron). It is unlikely that this affects us per https://github.com/vmware-tanzu/velero/pull/31

Other notes:
> CRON_TZ is now the recommended way to specify the timezone of a single schedule, which is sanctioned by the specification. The legacy "TZ=" prefix will continue to be supported since it is unambiguous and easy to do so.

References: https://pkg.go.dev/github.com/robfig/cron/v3#readme-upgrading-to-v3-june-2019
Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>
 2024-07-12 00:08:42 -04:00
dependabot[bot] 04f52beee0
Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity 
Bumps [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) from 1.5.2 to 1.6.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/internal/v1.5.2...sdk/azcore/v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-06-11 20:21:24 +00:00
Matthieu MOREL 14e98b89ad Migrate from github.com/Azure/azure-storage-blob-go to github.com/Azure/azure-sdk-for-go/sdk/storage/azblob 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2024-05-10 09:24:35 +00:00
Lyndon-Li 45b1b87055 pin kopia to 0.17.0 
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
 2024-04-17 13:15:38 +08:00
Matthieu MOREL facfb9552f
migrating to sdk/resourcemanager/**/arm** from services/**/mgmt/** (#7596) 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2024-04-15 09:55:52 -04:00
Lyndon-Li 0392e31c3d pin kopia to the latest commit 
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
 2024-04-03 11:01:52 +08:00
Lyndon-Li 18976c0a62 kopia: index compaction during maintenance 
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
 2024-03-29 15:24:47 +08:00
Lyndon-Li 5d48e36b55 open kopia with no index change 
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
 2024-03-25 18:14:43 +08:00
dependabot[bot] b3a53ee8df
Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#7518) 
Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-14 11:10:39 -04:00
Wenkai Yin(尹文开) 8752c3a820 Bump up the versions of severel Kubernetes-related libs 
Bump up the versions of severel Kubernetes-related libs

Signed-off-by: Wenkai Yin(尹文开) <yinw@vmware.com>
 2024-03-05 13:09:38 +08:00
Wenkai Yin(尹文开) b509df5172
Upgrade the version of go plugin related libs/tools (#7373) 
Upgrade the version of go plugin related libs/tools

Signed-off-by: Wenkai Yin(尹文开) <yinw@vmware.com>
 2024-02-01 13:02:42 -05:00
Guillaume Delacour 373b24e2c1 Upgrade AWS SDK 
Signed-off-by: Guillaume Delacour <delacoug@amazon.com>
 2024-01-16 23:35:33 +01:00
dependabot[bot] ddb4889301
Bump golang.org/x/crypto from 0.14.0 to 0.17.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-18 23:36:41 +00:00
Wenkai Yin(尹文开) 73c948d6bd
Merge pull request #6917 from 27149chen/rm-improvement 
support JSON Merge Patch and Strategic Merge Patch in Resource Modifiers
 2023-11-02 10:36:40 +08:00
dependabot[bot] 8be1f4beff
Bump google.golang.org/grpc from 1.58.2 to 1.58.3 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.2 to 1.58.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.58.2...v1.58.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-25 21:43:35 +00:00
Daniel Jiang b71d2b3898 Bump up aws sdk to aws-sdk-go-v2 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2023-10-24 17:01:26 +08:00
Lyndon-Li d3a1a83c6d bump to kopia 0.15.0 
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
 2023-10-23 12:03:21 +08:00
Xun Jiang a726329e82 Bump golang version. 
Bump golang version to v1.21.
Bump golang.org/x/net version to v0.17.0 in Velero and Restic.

Signed-off-by: Xun Jiang <jxun@vmware.com>
 2023-10-13 16:30:23 +08:00
lou e880c0d01b update after review 
Signed-off-by: lou <alex1988@outlook.com>
 2023-10-07 16:33:33 +08:00
Wenkai Yin(尹文开) 3a291e368a Make Kopia support Azure AD 
This commit introduces our own Azure storage provider by wrapping Kopia's implementation rather than contributing to upstream based on the following considerations:
1. Velero needs the capability to interact with the repository concurrently while Kopia doesn't, this will increase the complexity of Kopia if we contribute to upstream
2. The configuration items provided by Velero and Kopia are conflict, e.g. Velero supports customizing storage account URI which is a full path while Kopia supports customizing storage account domain which is part of the URI. We need to consider the backward compatibility and upgrade case if we contribute to upstream which needs extra efforts
3. Contribute to upstream is a longer cycle when we need to introduce new changes. With this commit, we no longer depends on upstream for the Azure storage provider part and is easy for us to maintain

Signed-off-by: Wenkai Yin(尹文开) <yinw@vmware.com>
 2023-09-19 11:28:04 +08:00
lyndon 5af664d361
bump kopia to v0.14 (#6833) 
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
 2023-09-18 21:05:21 +08:00
Daniel Jiang b7bc9a31cb Switch the kopia repo to new org 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2023-09-14 11:18:11 +08:00
lyndon 831be07dd3
fix issue 6391 (#6702) 
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
 2023-08-25 16:36:41 +08:00
Ming Qiu 3b45830012 Add performance E2E test 
Signed-off-by: Ming Qiu <mqiu@vmware.com>
 2023-08-15 01:46:36 +00:00
Lyndon-Li 307b82a2ec bump up kopia v0.13.0 
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
 2023-05-15 07:23:38 +08:00
Tiger Kaovilai 6163df5da2 `go get k8s.io/client-go@v0.25.6 && go mod tidy` 
Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>
 2023-02-23 16:41:29 -05:00
Xun Jiang 0a2aed8967 Fix Dependabot alerts. Update Dockerfile. Modify Trivy daily scan. 
Signed-off-by: Xun Jiang <blackpiglet@gmail.com>
 2023-02-23 14:04:59 +08:00
Lyndon-Li 2b043f7bdf bump up golang net 
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
 2023-02-01 15:33:53 +08:00
dependabot[bot] 95fcd8f63c
Bump github.com/Azure/azure-sdk-for-go (#5709) 
Bumps [github.com/Azure/azure-sdk-for-go](https://github.com/Azure/azure-sdk-for-go) from 61.4.0+incompatible to 67.2.0+incompatible.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/v61.4.0...v67.2.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-05 11:00:05 +08:00
Ming 2f3732fa44 Fix CVEs scanned by trivy 
Signed-off-by: Ming <mqiu@vmware.com>
 2022-12-02 06:57:49 +00:00
Ming bf1122b633 Fix controller problematic log output 
Signed-off-by: Ming <mqiu@vmware.com>
 2022-11-09 06:46:45 +00:00
Lyndon-Li b06cb9ec60 remove gofrs uuid 
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
 2022-11-07 16:28:33 +08:00
Kira Boyle b146a880c6 update k8s.io dependencies to 0.24.0 
* This also required an update to use github.com/bombsimon/logrusr/v3
* 'WithClusterName' removed as per the k8s doc reasoning:
* https://github.com/kubernetes/apimachinery/blob/release-1.24/pkg/apis/meta/v1/types.go\#L257-L259
* ('ClusterName was a legacy field that was always cleared by the system and never used')
* Test was updated accordingly

Signed-off-by: Kira Boyle <kira@replicated.com>
 2022-10-21 11:16:21 +08:00
danfengliu 11a7c796eb
Fix label naming issue for restore helper (#5469) 
Signed-off-by: danfengl <danfengl@vmware.com>
 2022-10-20 17:49:51 +08:00
Daniel Jiang ae3ebf7451
Merge pull request #5344 from kaovilai/CVE-2022-28948 
Upgrade gopkg.in/yaml.v3 to v3.0.1
 2022-10-19 16:25:24 +08:00
Daniel Jiang d0a6ff29ac
Merge pull request #5428 from weshayutin/CVE-2022-27191 
Fix CVE-2022-27191
 2022-10-19 16:12:58 +08:00
lyndon 30b1ca87eb
Merge pull request #5313 from gliptak/go8 
Bump Go to 1.18
 2022-10-18 12:17:37 +08:00
Wesley Hayutin 1f6785275f Fix CVE-2022-27191 
https://nvd.nist.gov/vuln/detail/CVE-2022-27191
updates to:
  * golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
adds:
  * golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2

Signed-off-by: Wesley Hayutin <weshayutin@gmail.com>
 2022-10-11 07:47:48 -06:00
Xun Jiang/Bruce Jiang a80c96c8f8
update velero using klog to version v2.9.0 (#5396) 
Signed-off-by: Xun Jiang <blackpiglet@gmail.com>

Signed-off-by: Xun Jiang <blackpiglet@gmail.com>
Co-authored-by: Xun Jiang <blackpiglet@gmail.com>
 2022-09-30 14:08:43 +08:00
Gábor Lipták 648d56e541 Bump Go to 1.18 
Signed-off-by: Gábor Lipták <gliptak@gmail.com>
 2022-09-17 13:11:09 -04:00
Tiger Kaovilai 876238e33d Resolve gopkg.in/yaml.v3 vulnerabilities 
as shown from https://security.snyk.io/package/golang/gopkg.in%2Fyaml.v3

Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>
 2022-09-14 10:48:52 -04:00
Xun Jiang b49e39c021 Remove github.com/apex/log logger. 
Signed-off-by: Xun Jiang <blackpiglet@gmail.com>
 2022-09-07 08:52:16 +08:00