oracle
diff --git a/‎.github/workflows/makefile.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/makefile.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion b/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Dockerfile_arm_all‎
Lines changed: 1 addition & 1 deletion b/‎Dockerfile_arm_all‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Makefile‎
Lines changed: 1 addition & 1 deletion b/‎Makefile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 8 additions & 6 deletions b/‎README.md‎
Lines changed: 8 additions & 6 deletions
diff --git a/‎ci-docker-images/Dockerfile‎
Lines changed: 4 additions & 4 deletions b/‎ci-docker-images/Dockerfile‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎container-storage-interface.md‎
Lines changed: 56 additions & 0 deletions b/‎container-storage-interface.md‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎go.mod‎
Lines changed: 4 additions & 8 deletions b/‎go.mod‎
Lines changed: 4 additions & 8 deletions
@@ -12,7 +12,7 @@ jobs:
       - name: Set up Go 1.x
         uses: actions/setup-go@v2
         with:
-          go-version: 1.15
+          go-version: 1.16
         id: go
 
       - name: Check out code into the Go module directory
 
@@ -14,7 +14,7 @@
 
 ARG CI_IMAGE_REGISTRY
 
-FROM ${CI_IMAGE_REGISTRY}/oci-kube-ci:1.0.5
+FROM ${CI_IMAGE_REGISTRY}/oci-kube-ci:1.0.6
 
 ARG COMPONENT
 
 
@@ -1,6 +1,6 @@
 ARG CI_IMAGE_REGISTRY
 
-FROM ${CI_IMAGE_REGISTRY}/oci-kube-ci:1.0.5 as builder
+FROM ${CI_IMAGE_REGISTRY}/oci-kube-ci:1.0.6 as builder
 
 ARG COMPONENT
 
 
@@ -38,7 +38,7 @@ else
     VERSION   ?= ${VERSION}
 endif
 
-RELEASE = v1.19.12
+RELEASE = v1.22.0
 
 GOOS ?= linux
 ARCH ?= amd64
 
@@ -22,12 +22,14 @@ cloud-provider specific code out of the Kubernetes codebase.
 
 ## Compatibility matrix
 
-|           | Min Kubernetes Version      | Max Kubernetes Version       |
-|-----------|-----------------------------|------------------------------|
-| \>=v 0.11 | v1.16                       | v1.18                        |
-| \>=v 0.12 | v1.18                       | v1.21                        |
-| \>=v 0.13 | v1.19                       | v1.21                        |
-| v1.19.12  | v1.19                       | v1.21                        |
+|           | Min Kubernetes Version | Max Kubernetes Version |
+|-----------|------------------------|------------------------|
+| \>=v 0.11 | v1.16                  | v1.18                  |
+| \>=v 0.12 | v1.18                  | v1.21                  |
+| \>=v 0.13 | v1.19                  | v1.21                  |
+| v1.19.12  | v1.19                  | v1.21                  |
+| v1.22.0   | v1.22                  | -                      |
+
 
 Note: 
 Versions older than v0.13.0 are no longer supported, new features / bug fixes will be available in v0.13.0 and later. 
 
@@ -32,18 +32,18 @@ RUN wget https://bootstrap.pypa.io/pip/3.6/get-pip.py
 RUN python3 get-pip.py
 
 # Install golang environment
-RUN curl https://storage.googleapis.com/golang/go1.15.12.linux-amd64.tar.gz -O && \
+RUN curl https://storage.googleapis.com/golang/go1.16.15.linux-amd64.tar.gz -O && \
     mkdir /tools && \
-    tar xzf go1.15.12.linux-amd64.tar.gz -C /tools && \
-    rm go1.15.12.linux-amd64.tar.gz && \
+    tar xzf go1.16.15.linux-amd64.tar.gz -C /tools && \
+    rm go1.16.15.linux-amd64.tar.gz && \
     mkdir -p /go/bin
 
 ENV PATH=/tools/go/bin:/go/bin:/tools/linux-amd64:$PATH \
     GOPATH=/go \
     GOROOT=/tools/go
 
 # Install the kubectl client
-RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl && \
+RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.22.5/bin/linux/amd64/kubectl && \
     chmod +x ./kubectl && \
     mv ./kubectl /usr/local/bin/kubectl
 
 
@@ -117,9 +117,65 @@ Check if PVC is now in bound state:
 $ kubectl describe pvc/oci-bv-claim
 ```
 
+# Troubleshoot
+
+### FsGroup policy not propagated from pod security context
+
+If your fsGroup is not being applied on the files in your volume.
+
+Read more about [fsGroup Policy][7].
+
+Ex. 
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: security-context-demo
+spec:
+  securityContext:
+    fsGroup: 2000
+  containers:
+  - name: sec-ctx-demo
+    image: busybox:1.28
+    command: [ "sh", "-c", "sleep 1h" ]
+    volumeMounts:
+    - name: sec-ctx-vol
+      mountPath: /data/demo
+```
+
+```bash
+kubectl exec -it security-context-demo -- sh -c "cd /data/demo && echo hello > testfile"
+kubectl exec -it security-context-demo -- sh -c "ls -l /data/demo/testfile"
+```
+
+The output you would expect is that the `/data/demo/testfile` file has group ID 2000, which is the value of fsGroup
+```bash
+-rw-r--r-- 1 root 2000 6 Jun  6 20:08 testfile
+```
+
+But the same does not reflect on your volume, i.e. the permissions on your files/folders are not what you would expect.
+Ex:
+```bash
+-rw-r--r-- 1 root root 6 Jun  6 20:08 testfile
+```
+
+### Solution:
+Create a CSI Driver object with spec: `fsGroupPolicy: File`.
+Ex:
+```yaml
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+name: blockvolume.csi.oraclecloud.com
+spec:
+  fsGroupPolicy: File
+```
+`File` - Indicates that the CSI volume driver supports volume ownership and permission change via fsGroup, and Kubernetes may use fsGroup to change permissions and ownership of the volume to match user requested fsGroup in the pod's SecurityPolicy regardless of fstype or access mode.
+
 [1]: https://docs.us-phoenix-1.oraclecloud.com/Content/Block/Concepts/overview.htm
 [2]: https://kubernetes.io/blog/2019/01/15/container-storage-interface-ga/
 [3]: https://kubernetes.io/docs/admin/authorization/rbac/
 [4]: https://kubernetes-csi.github.io/docs/external-provisioner.html
 [5]: https://kubernetes-csi.github.io/docs/external-attacher.html
 [6]: https://kubernetes-csi.github.io/docs/node-driver-registrar.html
+[7]: https://kubernetes-csi.github.io/docs/support-fsgroup.html#csi-volume-fsgroup-policy
@@ -35,9 +35,7 @@ replace (
 )
 
 require (
-	github.com/NYTimes/gziphandler v1.0.1 // indirect
 	github.com/container-storage-interface/spec v1.5.0
-	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
 	github.com/golang/protobuf v1.5.2
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/imdario/mergo v0.3.9 // indirect
@@ -47,28 +45,26 @@ require (
 	github.com/oracle/oci-go-sdk/v50 v50.1.0
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.11.0
-	github.com/spf13/cobra v1.1.3
+	github.com/spf13/cobra v1.1.3 // indirect
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.7.0
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.17.0
 	golang.org/x/net v0.0.0-20211209124913-491a49abca63
-	golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1 // indirect
-	google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 // indirect
 	google.golang.org/grpc v1.38.0
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.22.5
 	k8s.io/apimachinery v0.22.5
-	k8s.io/apiserver v0.22.5
+	k8s.io/apiserver v0.22.5 // indirect
 	k8s.io/client-go v0.22.5
 	k8s.io/cloud-provider v0.22.5
 	k8s.io/component-base v0.22.5
 	k8s.io/component-helpers v0.22.5
-	k8s.io/csi-translation-lib v0.22.5
+	k8s.io/csi-translation-lib v0.22.5 // indirect
 	k8s.io/klog v1.0.0
 	k8s.io/klog/v2 v2.9.0
-	k8s.io/kubelet v0.22.5
+	k8s.io/kubelet v0.22.5 // indirect
 	k8s.io/kubernetes v1.22.5
 	k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a
 	sigs.k8s.io/sig-storage-lib-external-provisioner/v6 v6.3.0