OpenShift Enterprise changelog

Changelog History

Page 1

• v4.1.0

  May 01, 2019

• v4.0.0

  September 13, 2018

• v4.0.0-alpha.0

  September 13, 2018

• v3.11.0 Changes

  October 11, 2018

  🚀 This is the 3.11 release of OpenShift Origin.

  Backwards Compatibility

  • 🗄 auth: The auth reconcile command is now deprecated as its functionality is part of the server #20177
    • The CLI command is now identical to the upstream auth reconcile and no longer updates roles
  • auth: The cluster-reader RBAC role is now an aggregated role to simplify adding new permissions #20279
  • cli: oc patch is now consistent with the kubectl patch command #20665
  • 🗄 cli: oc types is now deprecated - use oc api-resources instead #21000
  • 🔒 security: If the scheduler.alpha.kubernetes.io/node-selector annotion is set on a namespace, openshift.io/node-selector is now ignored #21058
  • 🚚 server: The openshift start node functionality and openshift start have been removed - the Kubelet must now be started directly #20344, #20717
    • By using the Kubelet directly we make nodes easier to manage and more consistent with the upstream.
    • Future releases will remove other parts of openshift start master.

  🔄 Changes

  🚀 Roadmap for the v3.11 release

  v3.11.0 (2018-10-10) Full Changelog

  API

  • 🏗 build: Allow dashes to be used in the environment variable names in builds #20738
  • 🐎 image: Return information about image layers that are associated with an image stream to improve registry performance #19969, #20643
  • 🔒 security: Promote sysctl annotations to fields in SecurityContextConstraints #20151

  ⚡️ Component updates

  • ⚡️ Updated to Kubernetes v1.11.0-62-gd4cacc0 + patches
    • 62943: set updated replicas in statefulsets #20347
    • 64378: Don't reset global timeout on each for loop iteration #20452
    • 64426: Clean up fake mounters. #20117
    • 64447: Add block volume support to internal provisioners #20058
    • 64541: Add more kubectl auth reconcile flags #20281
    • 64860:checkLimitsForResolvConf for the pod create and update events instead of checking period #20070
    • 64879: Add block volume support to Cinder volume plugin #20270
    • 64896: kubectl: wait for all errors and successes on podEviction #20452
    • 65189: fix paths w shortcuts when copying from pods #20034
    • 65189: revert: fix paths w shortcuts when copying from pods" #20075
    • 65226: Put all the node address cloud provider retrival complex logic into cloudResourceSyncManager #20615
    • 65238: fix scheduler port boundary to match detection #20033
    • 65326: fix printer check to tolerate vendoring #20033
    • 65329: make builder tolerant of restmapper failures when it doesn't need the answer #20033
    • 65367: make sure delete waiting doesn't re-evaluate the resource lists #20033
    • 65368: legacy api endpoints only support v1 ever #20033
    • 65370: delete should tolerate a failed wait because of missing verbs #20033
    • 65377: special-case templates get.go #20033
    • 65447: Resolve potential devicePath symlink when MapVolume #20117
    • 65480: allow enabling kubelet serving certificate rotation via flag #20033
    • 65486: show type differences in reflect diff #20033
    • 65488: flatten nested lists for flatten in visitor #20033
    • 65489: kubectl convert should not double wrap output in nested lists #20033
    • 65547: Honor custom transport dialer #20033
    • 65549: Fix flexvolume in containerized kubelets #20358
    • 65587: Revert "certs: only append locally discovered addresses when we got none from the cloudprovider" #20033
    • 65686: fix kubectl create priorityclass failure bug #20624
    • 65700: Update output format so that it matches actual accepted values #20139
    • 65705: Block volumes should have empty FSType #20327
    • 65711: make template printers a recommended printer #20257
    • 65715: fail on rbac resources of non-v1 versions in reconcile #20177
    • 65786: update --template printer defaulting #20257
    • 65856: only need to ignore resources that match discovery conditions #20242
    • 65899: use self-signed cert fixtures in integration test servers #20309
    • 65904: track schemes by name for error reporting #20242
    • 65906: Improve multi-authorizer errors #20379
    • 65908: switch delete strategy to background deletion #20274
    • 65987: Add region label to dynamic provisioned cinder PVs #20418
    • 66008: Convert TestServerRunWithSNI to subtests to isolate flake #20302
    • 66085: fix updateJob scheduling of resync #20763
    • 66136: make delete waits match on UID #20305
    • 66172: Reverting commit #56600 as GCE PD is allocated in chunks of GiB inste... #20418
    • 66225: add support for "success" output for edit command #20589
    • 66225: update testcase for edit #20589
    • 66249: fill in normal restmapping info with the legacy guess #20392
    • 66324: Fixing E2E tests for disk resizing #20418
    • 66350: Start cloudResourceSyncsManager before getNodeAnyWay (initializeModules) to avoid kubelet getting stuck in retrieving node addresses from a cloudprovider #20615
    • 66352: update logs cmd to deal w external versions #20343
    • 66397: Fix upper limit on m5/c5 instance typesn #20439
    • 66398: fix logs command to be generic for all resources again #20514
    • 66403: indicate which scheme has conflicting data #20372
    • 66406: Send correct headers for pod printing #20437
    • 66406: tolerate missing column headers in server-side print output #20437
    • 66464: Avoid overflowing int64 in RoundUpSize and return error if overflow int #20418
    • 66519: switch attach to use external objs #20514
    • 66725: update exit code to 0 if patch not needed #20456
    • 66779: add methods to apimachinery to easy unit testing #20471
    • 66835: cloudprovider: aws: return true on existence check for stopped instances #20663
    • 66837: fix panic fake SAR client expansion #20491
    • 66929: add logging to find offending transports #20554
    • 66931: Use the passed-in streams in kubectl top #20529
    • 66932: Include unavailable apiservices in discovery response #20635
    • 67024: add CancelRequest to discovery round-tripper #20554
    • 67033: expose default LogsForObject consumeRequest func #20550
    • 67093: improve config file modification time #20566
    • 67094:Fix incorrect reporting of total request including current pod in the resource allocation priority function. #20603
    • 67094:Ouput volumes (total capacity and requests) too along with cpu and memory when the feature BalanceAttachedNodeVolumes is used. #20603
    • 67097: Ignore EIO error in unmount path #20866
    • 67236: fix azure disk create failure due to sdk upgrade #20662
    • 67316: Adds tests for --all-containers=true #20684
    • 67399: update patch to work with --local and avoid extra requests #20642
    • 67399: update patch to work with --local and avoid extra requests #20665
    • 67433: allow failed discovery on initial quota controller start #20635
    • 67433: allow failed discovery on initial quota controller start #20693
    • 67493: Tolerate nil input in GetValueFromIntOrPercent #20532
    • 67615: attach: Move the AttachFunc default function to the initializer #20697
    • 67698: Fix NameFromCommandArgs when passing command after -- #20730
    • 67822: Remove provisioner config from log message. #20756
    • 67835: Tests that use CheckTestingNSDeletedExcept must be serial #18816
    • 67896: expose generic storage factory primitives #20777
    • 67957: Size http2 buffers to allow concurrent streams #20783
    • 68007: Orphan DaemonSet when deleting with --cascade option set #20793
    • 68008: apiserver: forward panic in WithTimeout filter #20979
    • 68563: fix scheduler crash when Prioritize Map function failed #21194
    • 68678: tighten maximum retry loop for aggregate api availability #21012
    • 68680: Fix chown on distributed flex volumes (like gluster) #21070
    • : Node selector aware DS controller should not process openshift-io/node-selector if scheduler.alpha.kubernetes.io/node-selector is set. #21058
    • : Coerce string->int, empty object -> slice for backwards compatibility #20164
    • : Ensure perFSGroup quanity is positive #20564
    • : Expose ns lifecyle admission list of allowed resources #20242
    • : Gracefully handle empty volume-config file #20154
    • : oc patches on kubectl #20721
    • : patch in a non-standard location for apiservices #20578
    • : rewrite unstructured objects on the CLI to avoid oapi #20033
    • : simplify kube-controller-manager patches #20954
    • : switch back to use ugorji/go - decode to signed integers #20033
    • : tidy up oc patches and ensure we never print a non-groupified object #20385
    • : GCE load balancer unit test is flaky #20230
    • : Remove influxdb dependency until the next rebase #18816
    • : carry old printers until we update #20033
    • : carry old printers until we update #20257
    • : Fix cloud provider vsphere data race #20033
    • : Increase loglevel for health check #20616
    • : Make auth reconcile work with backlevel versions until ansible updates #20033
    • : vSphere test has race conditions, disable #20231

  🔋 Features

  • 🏗 build: Support ConfigMaps as sources in build definitions - allows you to have config from the build #19655, #20064
  • 📇 cli: Add oc image append which can add a new layer or change metadata on a Docker image against a remote registry #20027
  • cli: Add oc image extract to extract all or part of an image to disk from any platform #20466
  • 🏁 cli: Support SSPI (Kerberos authentication) on Windows for the command line #11371
  • 🚀 cli: Include the kubectl binary in release output #20932, #20958, #20900
  • 👍 network: Support automatic and highly available egress IPs for applications #19578, #20485, #21085, #20258, #20500
  • 👍 router: Support for mutual TLS authentication between the router and service backends. #19891, #20476
  • router: Allow HAProxy to dynamically change backends without requiring a reload #19073, #20559, #20557, #20630, #20646

  🐛 Bugs

  • auth: Add namespaced servicebrokers, serviceclasses and serviceplans to admin/edit/view ClusterRoles #20852
  • ⚡️ auth: Update GitLab IDP to support OIDC #19997
  • auth: Use the upstream RBAC roles for reconciliation #20638
  • 🏗 build: Ensure OOMKilled reason from pods are reported on build status #20297
  • 🚀 build: Move deployer and build binaries into oc #20011 #20008
  • 🏗 build: Remove false alarm warning for repo binary input on oc start-build #20100
  • cli: Allow patching configapi using oc patch #20642
  • cli: Honor 'oc edit' output format #20589
  • cli: accept --kubeconfig like kubectl #20721
  • cluster: Cluster quota controller tolerate inaccessible api resources #20693
  • 🚀 deploy: Be tolerant on deployment decode and strict on encode to prevent incorrect fields #20185
  • 🚀 deploy: Fix printing DC replicas #21017
  • ⏪ dns: Restore graceful shutdown of DNS server #21021
  • 🗄 image: Deprecate oc import-image legacy path using annotations #19673
  • image: Image stream imports longer than 30s should not fail #20419
  • 🌲 image: Log image changes on verify-image-signature without --save #19976
  • image: Prune images in parallel #19468
  • image: Reuse existing imagestreams with new-app #20052
  • ⚡️ migrate: Ignore resources that cannot be listed and updated #21075
  • network: Bug 1614660 - Network diagnostic will auto detect runtime #20647
  • network: Show EgressCIDRs in "oc get hostsubnets" #20486
  • ⚡️ network: Update egress IPs when node changes IP #20393
  • 0️⃣ node: Set FileCheckFrequency default properly #20158
  • ⚡️ route: Fix issue where routes are not cleaned up when a namespace label is deleted or updated. #20579
  • 🔧 router: Bug 1618563 - Use the TCP balance scheme if configured before falling back to the default router load balancing algo #20702
  • ✅ router: Fix weight logic for A/B testing #19893
  • router: HAProxy ip whitelist exceeding max config arguments that haproxy allows. #20357
  • router: Router metrics sometimes fails to detect HTTP/1 connections #21043
  • service-catalog: use K8s NamespaceLifecycle admission controller #20673
  • ✅ test: Enable a large chunk of upstream e2e tests that were accidentally not being run #18816

  🚀 Release SHA256 Checksums

  🚀 The latest artifacts are always located at https://artifacts-openshift-release-3-11.svc.ci.openshift.org/zips/

  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 CHECKSUM
  4b0f07428ba854174c58d2e38287e5402964c9a9355f6c359d1242efd0990da3 openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz
  9bfcd70df56d902b2cd39dea06e73f4c5451ef9e2ad0e8d6d5b27a92af8503fc openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz
  75d58500aec1a2cee9473dfa826c81199669dbc0f49806e31a13626b5e4cfcf0 openshift-origin-client-tools-v3.11.0-0cbc58b-mac.zip
  cdb84cc0000d0f0983120f903b2cad7114527ce2a9c4eb1988986eda7b877bfa openshift-origin-client-tools-v3.11.0-0cbc58b-windows.zip
  

• v3.11.0-alpha.0

  June 15, 2018

• v3.10.0 Changes

  August 03, 2018

  🚀 This is the official release of OpenShift Origin v3.10.

  🔄 Changes

  🚀 Roadmap for the v3.10 release

  v3.10.0 (2018-08-02) Full Changelog

  ⚡️ Component updates

  • ⚡️ Updates to Kubernetes
    • 62085: Fix incorrect atomic counter usage #20206
    • 62943: Set updated replicas on stateful set status #20350
    • 64658: Avoid leading gRPC connections in CSI #20111
    • 64882: Prevent deleted pods from sometimes leaving mounts #20111
    • 64971: Ensure mutating admission webhooks correctly remove fields #20509
    • 65223: Correctly detect inaccessible AWS encryption key #20072
    • 65226: Store the latest cloud provider node addresses on the node #20369
    • 65339: Prevent leak of a cached pod definition in the scheduler #20071
    • 66350: Prevent kubelet from becoming stuck retrieving node addresses from a cloud provider #20369

  🐛 Bugs

  • 🚀 router: [release-3.10] Allow egress-router to connect to cluster service network for DNS, etc. #20102
  • 0️⃣ diagnostics: Fix default image paths used in network diagnostics #20116
  • 🔌 volumes: Bind mount /etc/origin/kubelet-plugins for flex volumes #20153
  • node: Honor --kubelet-preferred-address-types #20183
  • apiserver: Use in-process loopback client config from Kube #20207
  • image: Install ceph-common in control plane so RBD provisioner can find disks #20222
  • 🏗 build: Fix an issue where COPY --from would not work on multi-stage image builds #20256
  • console: Change logo, favicon, name on login page #20528

  Artifacts

  • 🐳 Images are published to the Docker Hub as openshift/origin-*:v3.10.0.
  • RPMs are available via the provided origin.repo file

  🚀 Release SHA256 Checksums

  0f54235127884309d19b23e8e64e347f783efd6b5a94b49bfc4d0bf472efb5b8 ./openshift-origin-client-tools-v3.10.0-dd10d17-linux-64bit.tar.gz
  6973aebb7b553866f8971c8ca324dd5b79204e2a59c5234cde6fb1b5deb4c7a9 ./openshift-origin-server-v3.10.0-dd10d17-linux-64bit.tar.gz
  ae847e3ae278b9420342e651305d34f1ed806b55a23874fc47595a57874e30c6 ./openshift-origin-client-tools-v3.10.0-dd10d17-mac.zip
  c1b33aa535b88898d0622e0af2aa673bb814c354fb438c21c18155afc51acf87 ./openshift-origin-client-tools-v3.10.0-dd10d17-windows.zip
  23083baadc7b82b6a3998016b795497d9c33327e1985a3b37181cf0e6200d29a ./CHECKSUM
  

• v3.10.0-rc.0 Changes

  June 20, 2018

  🚀 This is the first release candidate of OpenShift Origin 3.10.

  Backwards Compatibility

  • Moving from legacy API resources (/oapi) to group resources
    • The server process endpoint now creates resources in the new group APIs (*.openshift.io) #19458
    • The RBAC bootstrap policy file is now saved as rbac.authorization.k8s.io/v1 resources #19756
  • 🔧 Configuration changes
    • The disabledFeatures configuration item has been removed from master config #19070
    • Master configuration no longer requires the deprecated clusterNetworkCIDR/hostSubnetLength fields to be set in networkConfig #18669
    • Some node default values have changed #19190
    • Remove the default pods-per-core setting of 10, which makes nodes default to 250 pods total.
    • The certificate signing controller defaults to creating certs with a 1 year expiration (a7bd9d6)
  • ⚡️ rbac: Project editors can no longer create or update daemonsets, which prevents tenants from impacting cluster stability #18971
  • Metrics for the template instance broker have changed #19133
  • 🚚 Moved or deleted content #19262
    • The examples/ directory has been cleaned up
    • The v1 federation implementation has been removed as it did not graduate to beta.
    • The node.service systemd file has been removed from hte RPMS, along with the master services (2113900)
  • 🔄 Changes to OpenShift images #19509
    • As we prepare to split the OpenShift API server into multiple binaries, several new images have been created:
    • openshift/origin-hypershift - A new hypershift binary that launches OpenShift specific components
    • openshift/origin-hyperkube - The Kubernetes hyperkube binary
    • openshift/origin-cli - The OpenShift CLI oc
    • openshift/origin-tests - The extended test suite for OpenShift
    • Some existing images have been renamed
    • openshift/origin is now openshift/origin-control-plane
    • openshift/node is now openshift/origin-node
    • The openshift/openvswitch image has been folded into openshift/origin-node
    • A new binary openshift-node-config takes a node-config.yaml file and converts it to kubelet arguments in the openshift/origin-node image
  • CLI changes
    • Some client-side deletion support has been removed in favor of the controller-driven deletion mechanisms #19616
    • oc export is deprecated and oc get --export should be used instead.
  • The router has separate liveness and readiness probes for use with upstream load balancers #19009
  • 🔧 XFS quota for emptyDir volumes is now configured via a config file in the volume directory #19533
  • 🔄 Changes to oc cluster up
    • The cluster launched by oc cluster up is now launched as a set of individual processes running in images, instead
      of the previous single large container. This more closely mimics real production environments.
    • Docker machine support in oc cluster up has been removed
    • oc cluster up now only supports launching a cluster of the same version as the oc binary.

  🔄 Changes

  🚀 Roadmap for the v3.10 release

  v3.10.0-rc.0 (2018-06-19) Full Changelog

  API

  👍 Ingress support

  👍 In order to better adapt ingress objects to routes, a new controller has been added to OpenShift that
  maps Kubernetes Ingress objects (in their v1beta1 form) to OpenShift Routes automatically. This
  👍 allows the HAProxy router to report status, perform host overrides, support multi-tenant protection on
  hostnames, and securely manage Ingress secrets.

  The controller converts each Ingress rule into its own route, as long as the rule has a hostname or TLS
  hostname. Any referenced secrets are copied into the final Route and kept up to date. If a generated route
  is deleted it will be recreated by the controller. Once a route is created, any annotations or route
  specific fields will not be altered unless the route is deleted (such as weighted service backends). A
  route with a TLS endpoint will be set to Reencrypt termination, but that may be changed after creation.

  The router process itself no longer needs to watch Ingress or Secret resources.

  • 👍 router: Replace router support for ingress with an ingress-to-route controller #18658

  Other changes

  • Image signature annotations are ignored #19037
  • ⚡️ Explicitly prohibit spec updates to imagestreamtag resources which are not a spec tag. #18532

  ⚡️ Component updates

  • ⚡️ Updated to Kubernetes v1.10.0-47-gb81c8f8 + patches
    • 42873: add kubectl api-resources command #19884
    • 54530: api: validate container phase transitions #18791
    • 57202: Fix format string in describers #18810
    • 58972: Fix job's backoff limit for restart policy OnFailure #19672
    • 59170: Fix kubelet PVC stale metrics #18637
    • 59301: dockershim: don't check pod IP in StopPodSandbox #18425
    • 59316: Exit if no client cert is available for 5m #18430
    • 59365: Fix StatefulSet set-based selector bug #18797
    • 59931: do not delete node in openstack, if those still exist in cloudprovider #19038
    • 60289: fix freespace for image GC #18767
    • 60342: Fix nested volume mounts for read-only API data volumes #18766
    • 60455: removes custom scalers from kubectl #19275
    • 60490: Volume deletion should be idempotent #18856
    • 60632: Add volumemetrics for ISCSI Plugin #19842
    • 60654: notify systemd on kubelet start #18886
    • 60978: Fix use of "-w" flag to iptables-restore #18919
    • 61287: provide easy methods for direct kubeconfig loading from bytes #18956
    • 61294: Fix cpu cfs quota flag with pod cgroups #19028
    • 61378: --force only takes effect when --grace-period=0 #19213
    • 61459: etcd client add dial timeout #19953
    • 61480: Allow sockets to be mounted in subpath #19329
    • 61790: make reapers tolerate 404s on scaling down #19275
    • 61808: Ensure -o yaml populates kind/apiVersion #19137
    • 61949: Tolerate 406 mime-type errors attempting to load new openapi schema #19137
    • 61962: Avoid data races in unit tests #19137
    • 61985: Restore show-kind function when printing multiple kinds #19137
    • 62074: Narrow interface consumed by scale client #19137
    • 62114: removes job scaler, continued #19275
    • 62146: Fix daemon-set-controller bootstrap RBAC policy #19517
    • 62152: Keep node.kubeconfig correct during rotation #19857
    • 62196: Remove need for server connections for dry-run create #19137
    • 62199: Make priority rest mapper handle partial discovery results #19137
    • 62234: Handle partial group and resource responses consistently #19137
    • 62254: Add name output and verb filtering to api-resources #19884
    • 62336: add statefulset scaling permission to admins, editors, and viewers #19275
    • 62394: Revert "git: Use VolumeHost.GetExec() to execute stuff in volume plugins" #19359
    • 62416: kuberuntime: logs: reduce logging level on waitLogs msg #19334
    • 62461: allow higher burst for discovery #19327
    • 62462: Private mount propagation #19364
    • 62469: stop defaulting kubeconfig to http://localhost:8080 #19335
    • 62543: Timeout on instances.NodeAddresses cloud provider request #19733
    • 62572: Prevent virtual infinite loop in volume controller #19371
    • 62584: Make x-kubernetes-print-column print handling opt-in #19352
    • 62668: add metrics to cinder volume #19444
    • 62733: Set a default request timeout for discovery client #19471
    • 62744: Fix kubectl describe cronjob #19391
    • 62827: fix csi data race in csi_attacher_test.go #19508
    • 62874: dockershim/sandbox: clean up pod network even if SetUpPod() failed #19576
    • 62913: make a simple dynamic client that is easy to use #19515
    • 62914: kubelet: fix flake in TestUpdateExistingNodeStatusTimeout #19453
    • 63086: Fix discovery default timeout test #19471
    • 63160: kubelet: logs: do not wait when following terminated container #19545
    • 63169: Remove unnecessary dependencies on api/core/v1 #19509
    • 63177: kubectl takes a dependency on the controllers #19509
    • 63295: Fixed CSI volume detach when the volume is already detached #19816
    • 63303: Return attach error to A/D controller #19816
    • 63321: kubelet: force filterContainerID to empty string when removeAll is true #19580
    • 63339: kubelet: volume: do not create event on mount success #19625
    • 63349: Decorate function not called on Create #19602
    • 63403: don't block creation on lack of delete powers #19404
    • 63416: Retry certificate approval on conflict errors #19770
    • 63417: Panic when map string bool flag has no value #19620
    • 63421: Cache preferred resources, use in kubectl resource name autocomplete (single commit) #19884
    • 63490: default the ignorenotfound for delete when selecting objects #19616
    • 63650: Never clean backoff in job controller #19672
    • 63716: Add InstallPathHandler which allows for more then one path to be associated with health checking. #19009
    • 63831: Always track kubelet -> API connections #19638
    • 63831: Close all kubelet->API connections on heartbeat failure #19638
    • 63848: Deflake discovery timeout test #19714
    • 63875: make TestGetServerGroupsWithTimeout more reliable #19723
    • 63903: Revert "Openstack: register metadata.hostname as node name" #19730
    • 63903: Revert "Specify DHCP domain for hostname" #19730
    • 63903: Revert "Split out the hostname when default dhcp_domain is used in nova.conf" #19730
    • 63926: Avoid unnecessary calls to the cloud provider #19742
    • 63966: kubectl: fix Flatten() when used without Latest() #19747
    • 63977: pkg: kubelet: remote: increase grpc client default size #19774
    • 64026: Enable SELinux relabeling in CSI volumes #19816
    • 64028: Tolarate negative values when calculating job scale progress #19765
    • 64443: services must listen on port 443 for aggregation #19866
    • 64516: Fix error message to be consistent with others #19884
    • 64573: remove extra "../" when copying from pod to local #19898
    • 64797: Handle deleted DaemonSet properly #19927
    • 64855: Fix setup of ephemeral storage #19939
    • 64883: Fix up legacy printer table adapter #19934
    • 64916: improve memory footprint of daemonset simulate #19956
    • 64946: log healthz check #19952
    • 64969: volume: decrease memory allocations for debugging messages #19960
    • 65001: Quiet verbose apiserver logs #19970
    • 65009: daemon: add custom node indexer #19980
    • 65027: Use actual etcd client for /healthz/etcd checks #19992
    • 65063: Re-use private key after failed CSR #20000
    • : Add PSP review to /oapi Resources #19542
    • : Remove write permissions on daemonsets from Kubernetes bootstrap policy #18971
    • : XFS quota for emptyDir volumes #19533
    • : add RawConfig to factory for commands modifying raw kubeconfig files #19343
    • : aggregator to proxy oapi to apps.openshift.io server #18652
    • : allow injecting printers #19137
    • : allow oc kubeconfig loading to have our flags and errors #19335
    • : change config file location and restore perFSGroup to quantity #19773
    • : controller-manager patches for recycler #18887
    • : disable local storage isolation feature gate #19323
    • : enable critical pod support by default #19104
    • : filter daemonset nodes by namespace node selectors #18989
    • : inject new parameter for image resolution into kubectl set image #19348
    • : pods in openshift-* namespace can be marked critical #19104
    • : rewrite unstructured objects on the CLI to avoid oapi #19327
    • : avoid contacting server for restmappings in local mode #19996
    • : make RootFsInfo error non-fatal on start #19137
    • : stop wrapping --sort-by value in {} #19777
  • Other patches
    • docker/distribution#2382: Don't double add scopes
    • docker/docker#36517: ensure hijackedConn implements CloseWrite function
    • google/cadvisor#1903: fix #1902 bug with retryDockerStatus
    • opencontainers/runc#1754: Add timeout while waiting for StartTransinetUnit completion signal
    • opencontainers/runc#1805: fix systemd cpu quota for -1

  🔋 Features

  🏗 Multi-stage Docker image build support

  🏗 Builds using the Dockerfile build strategy can now build multi-stage Docker images. The from field continues to target
  🐳 the last image stage in the Dockerfile, but the new as attribute on imageSources allows other stages to be replaced
  with triggered images.

  • 👌 Support multi-stage dockerbuilds via imagebuilder #18741, #19494

  👌 Support external OAuth token authenticators

  🔧 OpenShift can now be configured to delegate login flows to a remote OAuth capable endpoint like Keycloak. This allows
  📚 a central Keycloak server to authenticate multiple clusters. See the documentation for more details about configuring
  this option.

  • 🔧 auth: Add option to configure an external OAuth server #18969
  • 👍 auth: Support WebhookTokenAuthenticators for using external servers as token authenticators #18868

  Other Features

  • auth: Add oc adm prune role command to clean up rolebindings that are not bound to valid roles #19619
  • 🖨 cli: Add server-side column printer support for openshift objects #19934
  • clusterup: Add --enable=automation-service-broker #19409
  • image: Parallelize image mirroring and reuse mounted layers #19017
  • migrate: Allow storage migration to be performed in parallel #19691
  • 🐳 registry: Both internal and external hostnames for the registry should be in docker pull secrets #19838
  • ⚡️ router: Make updating status on the router optional #17420
  • 0️⃣ router: Prometheus should scrape the router by default #18254
  • 👍 router: Support for DNS names in egress routes #15409
  • router: Perform real backoff when contending for writes from the router #18686
  • 🔀 router: Make router conflict detection work even during initial informer sync #19706
  • router: Allow only a subset of routes from specific domains to be overriden by the hostname-template #19418
  • router: Allow egress-router to connect to its own node IP for DNS #19885
  • server: Expose api-versions and api-resources in oc #19884
  • template: Allow TemplateInstances to create arbitrary resources, including CRDs #19396

  🐛 Bugs

  • 🏗 build: Retry retrieving build logs in some cases #19695
  • cert: Order x509 certificate subjects to prevent a Golang / GNUTLS incompatibility #18837
  • 👍 cli: Support quay.io pushing in oc image mirror #19016
  • cli: Correct oc scale error handling #19275
  • cli: Improve validation for oc set volume #19169
  • 0️⃣ cli: Fix incorrect oc run default option #19712
  • cli: Dots should be allowed in environment variable names passed to oc new-app #19688
  • diagnostic: Replace usage of brctl with /sbin/ip #19929
  • 0️⃣ jenkins: Adjust jenkins template setting to account for effects of constrained default max heap #18832
  • 🚀 network: Fix handleDeleteSubnet() to release network from subnet allocator #18801
  • ⚡️ network: Fix egressip handling when a NetNamespac is updated #18808
  • network: The NetworkCheck diagnostic did not use the correct config file #18709
  • 🔧 network: Allow configurable CNI bin dir in openshift SDN #18464
  • network: Correctly report initial NodeNetworkUnavailable condition #18758
  • network: Allow subnet allocator to handle changes to the subnet values #18999
  • network: Prevent incorrect deletion of HostSubnet OVS flows #19080
  • network: Make changing egress network policy rules more efficient #19346
  • 🖨 network: Print out errors that occur when using macvlan and a namespace cannot be retrieved #19491
  • 🚚 network: Remove openvswitch check from UnitStatus diagnostic #19572
  • 🔧 network: Use a real OVS transaction when changing network configuration on the host #19393
  • network: Use a go-native DNS library instead of dig command for dns resolution in egress network policy #19805
  • network: Do not throw spurious error when minTTL=0 for the domain in egress network policy #19950
  • 🚚 network: Remove the node from dnsmasq config when shutting down #19987
  • network: Get lowest TTL from the DNS resolution chain for egress DNS #19982
  • node: Fix to pass quoted unsafe strings (with characters like *,<,%) correctly to kubelet #19951
  • ⚡️ registry: Update docker config secret to support the future location of the registry service #19514
  • 🐳 registry: Make docker registry service controller check all secrets #19788
  • router: When a router is reloaded after a batch of route/ingress changes are committed, haproxy sometimes fail to reload #18587
  • ⚡️ router: Some route status updates were being lost #19018
  • router: Combine backend map files to fix path based routing #18840
  • router: Wildcard routes should not take precedence over sub-routes #19076
  • router: Some routes were being rejected incorrectly when NAMESPACE_LABELS was set #19330
  • router: The router can forget routes when routes are created and deleted in rapid succession #19175
  • router: Unidle in router should ignore headless services #19416
  • router: Allow Prometheus to get metrics from the router #19318
  • 🔒 security: Correctly handle legacy PodSecurityPolicyReview resources #19542
  • 🐎 server: Improve performance of the SDN controller by using shared caches #18911
  • 🔒 server: Move range allocation to an internal API as rangeallocations.security.openshift.io #19277
  • server: Set etcd DialTimeout, fix etcd start order in all-in-one #19953
  • server: When etcd is down, avoid pathological healthz behaviors #19992
  • 🌲 service-catalog: Start API and controller pods with log verbosity = 3 #19135

  🚀 Release SHA256 Checksums

  f876258c9a6221637a84e35ff68e9af96c2f2013eb9ae41ea33abd9286aa045c ./openshift-origin-client-tools-v3.10.0-rc.0-c20e215-linux-64bit.tar.gz
  dcb414712e8ae08146634d0c18720476e7afd024aa100bd2246d064de6658664 ./openshift-origin-server-v3.10.0-rc.0-c20e215-linux-64bit.tar.gz
  872e0b58684af5d17b41a0585c50b41d09fbefa449d80927ba91252ac998deb3 ./openshift-origin-client-tools-v3.10.0-rc.0-c20e215-mac.zip
  25eef2fc0401209e3b5d40239827c023f463cdafeb06f81f1a6a0af9deaa1d25 ./openshift-origin-client-tools-v3.10.0-rc.0-c20e215-windows.zip
  1c21ba58ee0f7fc8b55e9d84099632ec970051adc3744a294a10bcd3aefcfe21 ./CHECKSUM
  

• v3.10.0-alpha.0

  February 27, 2018

• v3.9.0 Changes

  March 30, 2018

  🚀 This is the official feature release of OpenShift Origin.

  🔄 Changes

  🚀 Roadmap for the v3.9 release

  v3.9.0 (2018-03-30) Full Changelog

  ⚡️ Component updates

  • ⚡️ Updates to Kubernetes
    • 51042: Allow passing request-timeout from NewRequest all the way down #13701
    • 52324: Fix bug on kubelet failure to umount mount points. #18225
    • 54530: api: validate container phase transitions #18792
    • 56164: Split out a KUBE-EXTERNAL-SERVICES chain so we don't have to run KUBE-SERVICES from INPUT #18754
    • 56288: Add list of pods that use a volume to multiattach events #18290
    • 56315: Record volumeID in GlusterFS PV spec UPSTREAM: 56823: Add volID based delete() and resize() if volID is available in pv spec UPSTREAM: 57516: Add custom volume name based on SC parameter UPSTREAM: 58513: Add Namespace to glusterfs custom volume names UPSTREAM: 58626: Use correct pv annotation to fetch volume ID #18326
    • 56432: e2e: test containers projected volume updates should not exit #18387
    • 56846: Fix Cinder detach problems #18140
    • 56872: Fix event generation #18442
    • 57202: Fix format string in describers #18853
    • 57336: Abstract some duplicated code in the iptables proxier #18754
    • 57461: Don't create no-op iptables rules for services with no endpoints #18754
    • 57480: Fix build and test errors from etcd 3.2.13 upgrade #18731
    • 57854: fix bug of swallowing missing merge key error #18331
    • 57967: Fixed TearDown of NFS with root squash. #18154
    • 58177: Redesign and implement volume reconstruction work #18554
    • 58316: set fsGroup by securityContext.fsGroup in azure file #18526
    • 58375: Recheck if transformed data is stale when doing live lookup during update #18530
    • 58415: Improve messaging on resize #18509
    • 58439: Fix loading structured admission plugin config #18529
    • 58439: Surface error loading admission plugin config #18529
    • 58522: Clean up error messages for pre-bound PVCs #18284
    • 58533: add suggestion to describe pod for container names #18178
    • 58574: fixing array out of bound by checking initContainers instead of containers #18403
    • 58617: Make ExpandVolumeDevice() idempotent if existing volume capacity meets the requested size #18432
    • 58685: Fill size attribute for the OpenStack V3 API volumes #18237
    • 58720: Ensure that the runtime mounts RO volumes read-only #18255
    • 58739: Don't bind PVs and PVCs with different access modes #18284
    • 58753: Fix kubectl explain for cronjobs #18268
    • 58794: Resize mounted volumes #18421
    • 58930: Don't wait for certificate rotation on Kubelet start #18322
    • 58955: pkg: kubelet: do not assume anything about images names #18340
    • 58977: Fix pod sandbox privilege. #18820
    • 58991: restore original object on apply err #18337
    • 58994: Race condition between listener and client in remote_runtime_test #18409
    • 59170: Fix kubelet PVC stale metrics #18787
    • 59279: nodelifecycle: set OutOfDisk unknown on node timeout #18417
    • 59297: Improve error returned when fetching container logs during pod termination #18515
    • 59350: Do not recycle volumes that are used by pods #18552
    • 59365: Fix StatefulSet set-based selector bug #18824
    • 59386: Scheduler - not able to read from config file if configmap is not found #18475
    • 59449: Fix to register priority function ResourceLimitsPriority correctly. #18503
    • 59506: fix --watch on multiple requests #18514
    • 59569: Do not ignore errors from EC2::DescribeVolume in DetachDisk #18544
    • 59767: kubelet: check for illegal phase transition #18585
    • 59873: Fix DownwardAPI refresh race #18636
    • 59923: Rework volume manager log levels #18636
    • 60299: apiserver: fix testing etcd config for etcd 3.2.16 #18731
    • 60301: Fix Deployment with Recreate strategy not to wait on Pods in terminal phase #18760
    • 60306: Only run connection-rejecting rules on new connections #18754
    • 60342: Fix nested volume mounts for read-only API data volumes #18789
    • 60430: don't use storage cache during apiserver unit test #18731
    • 60457: tests: e2e: empty msg from channel other than stdout should be non-fatal #18755
    • 60490: Volume deletion should be idempotent #18878
    • 61045: subpath fixes #18957
    • 61107: Add atomic writer subpath e2e tests #18957
    • 61107: Detect backsteps correctly in base path detection #18957
    • 61193: bugfix(mount): lstat with abs path of parent instead of '/..' #18985
    • : Remove write permissions on daemonsets from Kubernetes bootstrap policy #18977
    • : Short-circuit HPA oapi/v1.DC #18380
    • : hack in working autoscale reference for oc autoscale #18376
    • : hack out the oapi for restmapping resources when more than one is present #18377
    • : patch the upstream SA token controller and use it #18508
  • ⚡️ Updates to docker/distribution
    • UPSTREAM: docker/docker#36517: ensure hijackedConn implements CloseWrite function

  🔋 Features

  🔋 FEATURE DESCRIPTION

  PARAGRAPH

  • DESCRIPTION #PR

  Other Features

  • 🏗 build: Issue 17941: Add oc new-build --push-secret option #18477
  • 🚀 deploy: Add support for deployments in oc status #18439, #18579

  🐛 Bugs

  • auth: Change Header used for impersonation scopes to match upstream #18378
  • 🗄 auth: Deprecate some policy commands #18102
  • 🏗 build: Adjust newapp/newbuild error messages (arg classification vs. actual … #18272
  • 🏗 build: Fix BuildConfigInstantiateFailed warning when lastVersion == 0 #17146
  • cli: Add infos count to oc status #18422
  • cli: Suppress project list on login if you have access to greater than 50 projects #18706
  • diagnostic: Add an AppCreate diagnostic #16658
  • diagnostic: AggregatedLogging ClusterRoleBindings false negative fix #18888
  • 🔊 diagnostic: Fix AnalyzeLogs to provide more clear debug message #18654
  • image: Fix annotation trigger to reconcile on container image change #18513
  • image: Preserve namespace on imagestreams server-side export #18487
  • ⏱ image: Prevent scheduled importer of images from advancing too quickly #18604
  • image: Retry import without authentication if we get 401 error for public images #18012
  • migrate: Add migrate command for legacy HPAs #18854
  • network: Fix reassignment of egress IP after removal #18720
  • network: Deal with auto-egress-ip mark conflicting with kube-proxy's masqueradeBit #18121
  • 0️⃣ network: Do not allow 'default' project to be isolated using 'oc adm pod-network' #18687
  • network: Don't try to delete (nonexistent) OVS flows for headless/external services #18890
  • network: Fix CNI IPAM data dir #18863
  • 🚀 network: Fix handleDeleteSubnet() to release network from subnet allocator #18819
  • 🆕 newapp: --source-image should count as a source input for new-app #18631
  • 🚚 node: Move pod-namespace calls out of process to prevent races between Go threads #18355
  • node: Restart console container when config changes #18411
  • 👍 node: Support --write-flags on openshift start node to support moving directly to kubelet #18322
  • 🌲 oauth: Enable osin internal error logging #18505
  • router: Make oadm router and registry resiliant to missing client for use in scripts #18546
  • ⚡️ router: Updating route TLS configuration will be possible with 'create' permissions on custom-host #18312
  • 🔒 security: ClusterResourceOverride plugin should not set CPU or memory minimums below the namespace quota minimum #18553
  • ⚡️ server: Bug 1538389 - Allow node IP change to update Host IP in HostSubnet resource #18281
  • server: Correctly handle newlines in serial files #18405
  • ⏱ server: Wait for lease acquisition that indicates the controllers and scheduler have successfully started #18338
  • template: Make sure we can unbind a deleted templateinstance #18452

  🚀 Release SHA256 Checksums

  6ed2fb1579b14b4557e4450a807c97cd1b68a6c727cd1e12deedc5512907222e ./openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz
  a616d50c0974d4b3d1f12f227883afa7e70028fe78c874fc233eb3466ee12fdf ./openshift-origin-server-v3.9.0-191fece-linux-64bit.tar.gz
  32bdd9464866c8e93d8cf4a3a7718b0bc9fa0f2881f045b97997fa014b52a40b ./openshift-origin-client-tools-v3.9.0-191fece-mac.zip
  705eb110587fdbd244fbb0f93146a643b24295cfe2410ff9fe67a0e880912663 ./openshift-origin-client-tools-v3.9.0-191fece-windows.zip
  

• v3.8.0

  March 13, 2018

• 1
• 2
• Next ›
• Last »