seaweedfs-csi-driver icon indicating copy to clipboard operation
seaweedfs-csi-driver copied to clipboard

Published 20 hours ago verified publisher icon seaweedfs

v0.2.2 hash change

Open plan9better opened this issue 5 months ago • 7 comments

Hello, when building our k8s cluster configuration we noticed that the hash of helm chart changed. Specifically: Repo: https://seaweedfs.github.io/seaweedfs-csi-driver/helm Chart: seaweedfs-csi-driver Version: 0.2.2 Previous hash: sha256-SSaQie9tg+F4onyMoO0AWdqkz7oC4+Gvk/NDeet7Jqk= Current hash: sha256-MsMXjNy0Fp4YE0FxIUaR9VXBbBfWGyYggiVtUQUYSVA=

This seems pretty suspicious and stops us from deploying anything until we get a confirmation that the change is intentional and not malicious, or the issue is resolved so I would love a quick reply.

Cheers

plan9better avatar Jun 19 '25 15:06 plan9better

Not sure how the hash is computed. There is a new release https://github.com/seaweedfs/seaweedfs-csi-driver/releases/tag/1.2.9

https://github.com/seaweedfs/seaweedfs-csi-driver/blob/master/deploy/helm/seaweedfs-csi-driver/values.yaml#L67 is using the latest version.

chrislusf avatar Jun 19 '25 21:06 chrislusf

Hash is computed from untared yaml manifests from the tgz file of the release. I realise this is not the latest version but are you aware of any changes that would modify the manifests of existing releases?

plan9better avatar Jun 20 '25 08:06 plan9better

Upon further inspection I found the line that's causing trouble:

diff -ruN /nix/store/ja9iqn9smh78541mfmv9jrbqw556b1m0-nixidy-app-seaweedfs-csi/StorageClass-seaweedfs-storage.yaml /nix/store/sipb5729ynhsmlkamw0ghabh9k0j4qy0-nixidy-app-seaweedfs-csi/StorageClass-seaweedfs-storage.yaml
--- /nix/store/ja9iqn9smh78541mfmv9jrbqw556b1m0-nixidy-app-seaweedfs-csi/StorageClass-seaweedfs-storage.yaml    1970-01-01 01:00:01.000000000 +0100
+++ /nix/store/sipb5729ynhsmlkamw0ghabh9k0j4qy0-nixidy-app-seaweedfs-csi/StorageClass-seaweedfs-storage.yaml    1970-01-01 01:00:01.000000000 +0100
@@ -4,4 +4,3 @@
 metadata:
   name: seaweedfs-storage
 provisioner: seaweedfs-csi-driver
-volumeBindingMode: Immediate

It seems volumeBindingMode is in the new rendered manifests while it wasn't being added just 2 days ago.

plan9better avatar Jun 20 '25 09:06 plan9better

I think it's pretty safe to say it's linked to #194 this PR.

plan9better avatar Jun 20 '25 09:06 plan9better

And also #195 , Somehow these 2 ended up being pushed to old releases. We confirmed that once the lines:

  1. storageClassVolumeBindingMode: Immediate
  2. volumeBindingMode: {{ .Values.storageClassVolumeBindingMode | default "Immediate" }}

Are removed, the hash matches.

plan9better avatar Jun 20 '25 09:06 plan9better

I see. Need to have a mechanism on adjusting https://github.com/seaweedfs/seaweedfs-csi-driver/blob/master/deploy/helm/seaweedfs-csi-driver/Chart.yaml#L5 if the chart changes. Any suggestions?

chrislusf avatar Jun 20 '25 17:06 chrislusf

Im not sure what you mean, could you clarify? Also do you think the issue was that the url in the index.yaml changed to a different chart or that the package the url pointed to changed?

plan9better avatar Jun 21 '25 13:06 plan9better