Changelog History
Page 1
-
v4.1.0
May 01, 2019 -
v4.0.0
September 13, 2018 -
v4.0.0-alpha.0
September 13, 2018 -
v3.11.0 Changes
October 11, 2018🚀 This is the 3.11 release of OpenShift Origin.
Backwards Compatibility
- 🗄 auth: The
auth reconcile
command is now deprecated as its functionality is part of the server #20177- The CLI command is now identical to the upstream auth reconcile and no longer updates roles
- auth: The
cluster-reader
RBAC role is now an aggregated role to simplify adding new permissions #20279 - cli:
oc patch
is now consistent with thekubectl patch command
#20665 - 🗄 cli:
oc types
is now deprecated - useoc api-resources
instead #21000 - 🔒 security: If the
scheduler.alpha.kubernetes.io/node-selector
annotion is set on a namespace,openshift.io/node-selector
is now ignored #21058 - 🚚 server: The
openshift start node
functionality andopenshift start
have been removed - the Kubelet must now be started directly #20344, #20717- By using the Kubelet directly we make nodes easier to manage and more consistent with the upstream.
- Future releases will remove other parts of
openshift start master
.
🔄 Changes
🚀 Roadmap for the v3.11 release
v3.11.0 (2018-10-10) Full Changelog
API
- 🏗 build: Allow dashes to be used in the environment variable names in builds #20738
- 🐎 image: Return information about image layers that are associated with an image stream to improve registry performance #19969, #20643
- 🔒 security: Promote sysctl annotations to fields in SecurityContextConstraints #20151
⚡️ Component updates
- ⚡️ Updated to Kubernetes v1.11.0-62-gd4cacc0 + patches
- 62943: set updated replicas in statefulsets #20347
- 64378: Don't reset global timeout on each for loop iteration #20452
- 64426: Clean up fake mounters. #20117
- 64447: Add block volume support to internal provisioners #20058
- 64541: Add more kubectl auth reconcile flags #20281
- 64860:checkLimitsForResolvConf for the pod create and update events instead of checking period #20070
- 64879: Add block volume support to Cinder volume plugin #20270
- 64896: kubectl: wait for all errors and successes on podEviction #20452
- 65189: fix paths w shortcuts when copying from pods #20034
- 65189: revert: fix paths w shortcuts when copying from pods" #20075
- 65226: Put all the node address cloud provider retrival complex logic into cloudResourceSyncManager #20615
- 65238: fix scheduler port boundary to match detection #20033
- 65326: fix printer check to tolerate vendoring #20033
- 65329: make builder tolerant of restmapper failures when it doesn't need the answer #20033
- 65367: make sure delete waiting doesn't re-evaluate the resource lists #20033
- 65368: legacy api endpoints only support v1 ever #20033
- 65370: delete should tolerate a failed wait because of missing verbs #20033
- 65377: special-case templates get.go #20033
- 65447: Resolve potential devicePath symlink when MapVolume #20117
- 65480: allow enabling kubelet serving certificate rotation via flag #20033
- 65486: show type differences in reflect diff #20033
- 65488: flatten nested lists for flatten in visitor #20033
- 65489: kubectl convert should not double wrap output in nested lists #20033
- 65547: Honor custom transport dialer #20033
- 65549: Fix flexvolume in containerized kubelets #20358
- 65587: Revert "certs: only append locally discovered addresses when we got none from the cloudprovider" #20033
- 65686: fix
kubectl create priorityclass
failure bug #20624 - 65700: Update output format so that it matches actual accepted values #20139
- 65705: Block volumes should have empty FSType #20327
- 65711: make template printers a recommended printer #20257
- 65715: fail on rbac resources of non-v1 versions in reconcile #20177
- 65786: update --template printer defaulting #20257
- 65856: only need to ignore resources that match discovery conditions #20242
- 65899: use self-signed cert fixtures in integration test servers #20309
- 65904: track schemes by name for error reporting #20242
- 65906: Improve multi-authorizer errors #20379
- 65908: switch delete strategy to background deletion #20274
- 65987: Add region label to dynamic provisioned cinder PVs #20418
- 66008: Convert TestServerRunWithSNI to subtests to isolate flake #20302
- 66085: fix updateJob scheduling of resync #20763
- 66136: make delete waits match on UID #20305
- 66172: Reverting commit #56600 as GCE PD is allocated in chunks of GiB inste... #20418
- 66225: add support for "success" output for edit command #20589
- 66225: update testcase for edit #20589
- 66249: fill in normal restmapping info with the legacy guess #20392
- 66324: Fixing E2E tests for disk resizing #20418
- 66350: Start cloudResourceSyncsManager before getNodeAnyWay (initializeModules) to avoid kubelet getting stuck in retrieving node addresses from a cloudprovider #20615
- 66352: update logs cmd to deal w external versions #20343
- 66397: Fix upper limit on m5/c5 instance typesn #20439
- 66398: fix logs command to be generic for all resources again #20514
- 66403: indicate which scheme has conflicting data #20372
- 66406: Send correct headers for pod printing #20437
- 66406: tolerate missing column headers in server-side print output #20437
- 66464: Avoid overflowing int64 in RoundUpSize and return error if overflow int #20418
- 66519: switch attach to use external objs #20514
- 66725: update exit code to 0 if patch not needed #20456
- 66779: add methods to apimachinery to easy unit testing #20471
- 66835: cloudprovider: aws: return true on existence check for stopped instances #20663
- 66837: fix panic fake SAR client expansion #20491
- 66929: add logging to find offending transports #20554
- 66931: Use the passed-in streams in kubectl top #20529
- 66932: Include unavailable apiservices in discovery response #20635
- 67024: add CancelRequest to discovery round-tripper #20554
- 67033: expose default LogsForObject consumeRequest func #20550
- 67093: improve config file modification time #20566
- 67094:Fix incorrect reporting of total request including current pod in the resource allocation priority function. #20603
- 67094:Ouput volumes (total capacity and requests) too along with cpu and memory when the feature BalanceAttachedNodeVolumes is used. #20603
- 67097: Ignore EIO error in unmount path #20866
- 67236: fix azure disk create failure due to sdk upgrade #20662
- 67316: Adds tests for --all-containers=true #20684
- 67399: update patch to work with --local and avoid extra requests #20642
- 67399: update patch to work with --local and avoid extra requests #20665
- 67433: allow failed discovery on initial quota controller start #20635
- 67433: allow failed discovery on initial quota controller start #20693
- 67493: Tolerate nil input in GetValueFromIntOrPercent #20532
- 67615: attach: Move the AttachFunc default function to the initializer #20697
- 67698: Fix NameFromCommandArgs when passing command after -- #20730
- 67822: Remove provisioner config from log message. #20756
- 67835: Tests that use CheckTestingNSDeletedExcept must be serial #18816
- 67896: expose generic storage factory primitives #20777
- 67957: Size http2 buffers to allow concurrent streams #20783
- 68007: Orphan DaemonSet when deleting with --cascade option set #20793
- 68008: apiserver: forward panic in WithTimeout filter #20979
- 68563: fix scheduler crash when Prioritize Map function failed #21194
- 68678: tighten maximum retry loop for aggregate api availability #21012
- 68680: Fix chown on distributed flex volumes (like gluster) #21070
- : Node selector aware DS controller should not process openshift-io/node-selector if scheduler.alpha.kubernetes.io/node-selector is set. #21058
- : Coerce string->int, empty object -> slice for backwards compatibility #20164
- : Ensure perFSGroup quanity is positive #20564
- : Expose ns lifecyle admission list of allowed resources #20242
- : Gracefully handle empty volume-config file #20154
- : oc patches on kubectl #20721
- : patch in a non-standard location for apiservices #20578
- : rewrite unstructured objects on the CLI to avoid oapi #20033
- : simplify kube-controller-manager patches #20954
- : switch back to use ugorji/go - decode to signed integers #20033
- : tidy up oc patches and ensure we never print a non-groupified object #20385
- : GCE load balancer unit test is flaky #20230
- : Remove influxdb dependency until the next rebase #18816
- : carry old printers until we update #20033
- : carry old printers until we update #20257
- : Fix cloud provider vsphere data race #20033
- : Increase loglevel for health check #20616
- : Make auth reconcile work with backlevel versions until ansible updates #20033
- : vSphere test has race conditions, disable #20231
🔋 Features
- 🏗 build: Support ConfigMaps as sources in build definitions - allows you to have config from the build #19655, #20064
- 📇 cli: Add
oc image append
which can add a new layer or change metadata on a Docker image against a remote registry #20027 - cli: Add
oc image extract
to extract all or part of an image to disk from any platform #20466 - 🏁 cli: Support SSPI (Kerberos authentication) on Windows for the command line #11371
- 🚀 cli: Include the
kubectl
binary in release output #20932, #20958, #20900 - 👍 network: Support automatic and highly available egress IPs for applications #19578, #20485, #21085, #20258, #20500
- 👍 router: Support for mutual TLS authentication between the router and service backends. #19891, #20476
- router: Allow HAProxy to dynamically change backends without requiring a reload #19073, #20559, #20557, #20630, #20646
🐛 Bugs
- auth: Add namespaced servicebrokers, serviceclasses and serviceplans to admin/edit/view ClusterRoles #20852
- ⚡️ auth: Update GitLab IDP to support OIDC #19997
- auth: Use the upstream RBAC roles for reconciliation #20638
- 🏗 build: Ensure OOMKilled reason from pods are reported on build status #20297
- 🚀 build: Move deployer and build binaries into oc #20011 #20008
- 🏗 build: Remove false alarm warning for repo binary input on
oc start-build
#20100 - cli: Allow patching configapi using oc patch #20642
- cli: Honor 'oc edit' output format #20589
- cli: accept --kubeconfig like kubectl #20721
- cluster: Cluster quota controller tolerate inaccessible api resources #20693
- 🚀 deploy: Be tolerant on deployment decode and strict on encode to prevent incorrect fields #20185
- 🚀 deploy: Fix printing DC replicas #21017
- ⏪ dns: Restore graceful shutdown of DNS server #21021
- 🗄 image: Deprecate
oc import-image
legacy path using annotations #19673 - image: Image stream imports longer than 30s should not fail #20419
- 🌲 image: Log image changes on verify-image-signature without --save #19976
- image: Prune images in parallel #19468
- image: Reuse existing imagestreams with new-app #20052
- ⚡️ migrate: Ignore resources that cannot be listed and updated #21075
- network: Bug 1614660 - Network diagnostic will auto detect runtime #20647
- network: Show EgressCIDRs in "oc get hostsubnets" #20486
- ⚡️ network: Update egress IPs when node changes IP #20393
- 0️⃣ node: Set FileCheckFrequency default properly #20158
- ⚡️ route: Fix issue where routes are not cleaned up when a namespace label is deleted or updated. #20579
- 🔧 router: Bug 1618563 - Use the TCP balance scheme if configured before falling back to the default router load balancing algo #20702
- ✅ router: Fix weight logic for A/B testing #19893
- router: HAProxy ip whitelist exceeding max config arguments that haproxy allows. #20357
- router: Router metrics sometimes fails to detect HTTP/1 connections #21043
- service-catalog: use K8s NamespaceLifecycle admission controller #20673
- ✅ test: Enable a large chunk of upstream e2e tests that were accidentally not being run #18816
🚀 Release SHA256 Checksums
🚀 The latest artifacts are always located at https://artifacts-openshift-release-3-11.svc.ci.openshift.org/zips/
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 CHECKSUM 4b0f07428ba854174c58d2e38287e5402964c9a9355f6c359d1242efd0990da3 openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz 9bfcd70df56d902b2cd39dea06e73f4c5451ef9e2ad0e8d6d5b27a92af8503fc openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz 75d58500aec1a2cee9473dfa826c81199669dbc0f49806e31a13626b5e4cfcf0 openshift-origin-client-tools-v3.11.0-0cbc58b-mac.zip cdb84cc0000d0f0983120f903b2cad7114527ce2a9c4eb1988986eda7b877bfa openshift-origin-client-tools-v3.11.0-0cbc58b-windows.zip
- 🗄 auth: The
-
v3.11.0-alpha.0
June 15, 2018 -
v3.10.0 Changes
August 03, 2018🚀 This is the official release of OpenShift Origin v3.10.
🔄 Changes
🚀 Roadmap for the v3.10 release
v3.10.0 (2018-08-02) Full Changelog
⚡️ Component updates
- ⚡️ Updates to Kubernetes
- 62085: Fix incorrect atomic counter usage #20206
- 62943: Set updated replicas on stateful set status #20350
- 64658: Avoid leading gRPC connections in CSI #20111
- 64882: Prevent deleted pods from sometimes leaving mounts #20111
- 64971: Ensure mutating admission webhooks correctly remove fields #20509
- 65223: Correctly detect inaccessible AWS encryption key #20072
- 65226: Store the latest cloud provider node addresses on the node #20369
- 65339: Prevent leak of a cached pod definition in the scheduler #20071
- 66350: Prevent kubelet from becoming stuck retrieving node addresses from a cloud provider #20369
🐛 Bugs
- 🚀 router: [release-3.10] Allow egress-router to connect to cluster service network for DNS, etc. #20102
- 0️⃣ diagnostics: Fix default image paths used in network diagnostics #20116
- 🔌 volumes: Bind mount /etc/origin/kubelet-plugins for flex volumes #20153
- node: Honor --kubelet-preferred-address-types #20183
- apiserver: Use in-process loopback client config from Kube #20207
- image: Install ceph-common in control plane so RBD provisioner can find disks #20222
- 🏗 build: Fix an issue where COPY --from would not work on multi-stage image builds #20256
- console: Change logo, favicon, name on login page #20528
Artifacts
- 🐳 Images are published to the Docker Hub as
openshift/origin-*:v3.10.0
. - RPMs are available via the provided
origin.repo
file
🚀 Release SHA256 Checksums
0f54235127884309d19b23e8e64e347f783efd6b5a94b49bfc4d0bf472efb5b8 ./openshift-origin-client-tools-v3.10.0-dd10d17-linux-64bit.tar.gz 6973aebb7b553866f8971c8ca324dd5b79204e2a59c5234cde6fb1b5deb4c7a9 ./openshift-origin-server-v3.10.0-dd10d17-linux-64bit.tar.gz ae847e3ae278b9420342e651305d34f1ed806b55a23874fc47595a57874e30c6 ./openshift-origin-client-tools-v3.10.0-dd10d17-mac.zip c1b33aa535b88898d0622e0af2aa673bb814c354fb438c21c18155afc51acf87 ./openshift-origin-client-tools-v3.10.0-dd10d17-windows.zip 23083baadc7b82b6a3998016b795497d9c33327e1985a3b37181cf0e6200d29a ./CHECKSUM
- ⚡️ Updates to Kubernetes
-
v3.10.0-rc.0 Changes
June 20, 2018🚀 This is the first release candidate of OpenShift Origin 3.10.
Backwards Compatibility
- Moving from legacy API resources (
/oapi
) to group resources - 🔧 Configuration changes
- The
disabledFeatures
configuration item has been removed from master config #19070 - Master configuration no longer requires the deprecated clusterNetworkCIDR/hostSubnetLength fields to be set in
networkConfig
#18669 - Some node default values have changed #19190
- Remove the default pods-per-core setting of 10, which makes nodes default to 250 pods total.
- The certificate signing controller defaults to creating certs with a 1 year expiration (a7bd9d6)
- The
- ⚡️ rbac: Project editors can no longer create or update daemonsets, which prevents tenants from impacting cluster stability #18971
- Metrics for the template instance broker have changed #19133
- 🚚 Moved or deleted content #19262
- The examples/ directory has been cleaned up
- The v1 federation implementation has been removed as it did not graduate to beta.
- The node.service systemd file has been removed from hte RPMS, along with the master services (2113900)
- 🔄 Changes to OpenShift images #19509
- As we prepare to split the OpenShift API server into multiple binaries, several new images have been created:
- openshift/origin-hypershift - A new
hypershift
binary that launches OpenShift specific components - openshift/origin-hyperkube - The Kubernetes
hyperkube
binary - openshift/origin-cli - The OpenShift CLI
oc
- openshift/origin-tests - The extended test suite for OpenShift
- Some existing images have been renamed
- openshift/origin is now openshift/origin-control-plane
- openshift/node is now openshift/origin-node
- The openshift/openvswitch image has been folded into openshift/origin-node
- A new binary
openshift-node-config
takes anode-config.yaml
file and converts it tokubelet
arguments in the openshift/origin-node image
- CLI changes
- Some client-side deletion support has been removed in favor of the controller-driven deletion mechanisms #19616
oc export
is deprecated andoc get --export
should be used instead.
- The router has separate liveness and readiness probes for use with upstream load balancers #19009
- 🔧 XFS quota for emptyDir volumes is now configured via a config file in the volume directory #19533
- 🔄 Changes to
oc cluster up
- The cluster launched by
oc cluster up
is now launched as a set of individual processes running in images, instead
of the previous single large container. This more closely mimics real production environments. - Docker machine support in
oc cluster up
has been removed oc cluster up
now only supports launching a cluster of the same version as theoc
binary.
- The cluster launched by
🔄 Changes
🚀 Roadmap for the v3.10 release
v3.10.0-rc.0 (2018-06-19) Full Changelog
API
👍 Ingress support
👍 In order to better adapt ingress objects to routes, a new controller has been added to OpenShift that
maps KubernetesIngress
objects (in theirv1beta1
form) to OpenShiftRoutes
automatically. This
👍 allows the HAProxy router to report status, perform host overrides, support multi-tenant protection on
hostnames, and securely manage Ingress secrets.The controller converts each Ingress rule into its own route, as long as the rule has a hostname or TLS
hostname. Any referenced secrets are copied into the final Route and kept up to date. If a generated route
is deleted it will be recreated by the controller. Once a route is created, any annotations or route
specific fields will not be altered unless the route is deleted (such as weighted service backends). A
route with a TLS endpoint will be set toReencrypt
termination, but that may be changed after creation.The router process itself no longer needs to watch
Ingress
orSecret
resources.- 👍 router: Replace router support for ingress with an ingress-to-route controller #18658
Other changes
- Image signature annotations are ignored #19037
- ⚡️ Explicitly prohibit spec updates to imagestreamtag resources which are not a spec tag. #18532
⚡️ Component updates
- ⚡️ Updated to Kubernetes v1.10.0-47-gb81c8f8 + patches
- 42873: add kubectl api-resources command #19884
- 54530: api: validate container phase transitions #18791
- 57202: Fix format string in describers #18810
- 58972: Fix job's backoff limit for restart policy OnFailure #19672
- 59170: Fix kubelet PVC stale metrics #18637
- 59301: dockershim: don't check pod IP in StopPodSandbox #18425
- 59316: Exit if no client cert is available for 5m #18430
- 59365: Fix StatefulSet set-based selector bug #18797
- 59931: do not delete node in openstack, if those still exist in cloudprovider #19038
- 60289: fix freespace for image GC #18767
- 60342: Fix nested volume mounts for read-only API data volumes #18766
- 60455: removes custom scalers from kubectl #19275
- 60490: Volume deletion should be idempotent #18856
- 60632: Add volumemetrics for ISCSI Plugin #19842
- 60654: notify systemd on kubelet start #18886
- 60978: Fix use of "-w" flag to iptables-restore #18919
- 61287: provide easy methods for direct kubeconfig loading from bytes #18956
- 61294: Fix cpu cfs quota flag with pod cgroups #19028
- 61378:
--force
only takes effect when--grace-period=0
#19213 - 61459: etcd client add dial timeout #19953
- 61480: Allow sockets to be mounted in subpath #19329
- 61790: make reapers tolerate 404s on scaling down #19275
- 61808: Ensure -o yaml populates kind/apiVersion #19137
- 61949: Tolerate 406 mime-type errors attempting to load new openapi schema #19137
- 61962: Avoid data races in unit tests #19137
- 61985: Restore show-kind function when printing multiple kinds #19137
- 62074: Narrow interface consumed by scale client #19137
- 62114: removes job scaler, continued #19275
- 62146: Fix daemon-set-controller bootstrap RBAC policy #19517
- 62152: Keep node.kubeconfig correct during rotation #19857
- 62196: Remove need for server connections for dry-run create #19137
- 62199: Make priority rest mapper handle partial discovery results #19137
- 62234: Handle partial group and resource responses consistently #19137
- 62254: Add name output and verb filtering to api-resources #19884
- 62336: add statefulset scaling permission to admins, editors, and viewers #19275
- 62394: Revert "git: Use VolumeHost.GetExec() to execute stuff in volume plugins" #19359
- 62416: kuberuntime: logs: reduce logging level on waitLogs msg #19334
- 62461: allow higher burst for discovery #19327
- 62462: Private mount propagation #19364
- 62469: stop defaulting kubeconfig to http://localhost:8080 #19335
- 62543: Timeout on instances.NodeAddresses cloud provider request #19733
- 62572: Prevent virtual infinite loop in volume controller #19371
- 62584: Make x-kubernetes-print-column print handling opt-in #19352
- 62668: add metrics to cinder volume #19444
- 62733: Set a default request timeout for discovery client #19471
- 62744: Fix kubectl describe cronjob #19391
- 62827: fix csi data race in csi_attacher_test.go #19508
- 62874: dockershim/sandbox: clean up pod network even if SetUpPod() failed #19576
- 62913: make a simple dynamic client that is easy to use #19515
- 62914: kubelet: fix flake in TestUpdateExistingNodeStatusTimeout #19453
- 63086: Fix discovery default timeout test #19471
- 63160: kubelet: logs: do not wait when following terminated container #19545
- 63169: Remove unnecessary dependencies on api/core/v1 #19509
- 63177: kubectl takes a dependency on the controllers #19509
- 63295: Fixed CSI volume detach when the volume is already detached #19816
- 63303: Return attach error to A/D controller #19816
- 63321: kubelet: force filterContainerID to empty string when removeAll is true #19580
- 63339: kubelet: volume: do not create event on mount success #19625
- 63349: Decorate function not called on Create #19602
- 63403: don't block creation on lack of delete powers #19404
- 63416: Retry certificate approval on conflict errors #19770
- 63417: Panic when map string bool flag has no value #19620
- 63421: Cache preferred resources, use in kubectl resource name autocomplete (single commit) #19884
- 63490: default the ignorenotfound for delete when selecting objects #19616
- 63650: Never clean backoff in job controller #19672
- 63716: Add InstallPathHandler which allows for more then one path to be associated with health checking. #19009
- 63831: Always track kubelet -> API connections #19638
- 63831: Close all kubelet->API connections on heartbeat failure #19638
- 63848: Deflake discovery timeout test #19714
- 63875: make TestGetServerGroupsWithTimeout more reliable #19723
- 63903: Revert "Openstack: register metadata.hostname as node name" #19730
- 63903: Revert "Specify DHCP domain for hostname" #19730
- 63903: Revert "Split out the hostname when default dhcp_domain is used in nova.conf" #19730
- 63926: Avoid unnecessary calls to the cloud provider #19742
- 63966: kubectl: fix Flatten() when used without Latest() #19747
- 63977: pkg: kubelet: remote: increase grpc client default size #19774
- 64026: Enable SELinux relabeling in CSI volumes #19816
- 64028: Tolarate negative values when calculating job scale progress #19765
- 64443: services must listen on port 443 for aggregation #19866
- 64516: Fix error message to be consistent with others #19884
- 64573: remove extra "../" when copying from pod to local #19898
- 64797: Handle deleted DaemonSet properly #19927
- 64855: Fix setup of ephemeral storage #19939
- 64883: Fix up legacy printer table adapter #19934
- 64916: improve memory footprint of daemonset simulate #19956
- 64946: log healthz check #19952
- 64969: volume: decrease memory allocations for debugging messages #19960
- 65001: Quiet verbose apiserver logs #19970
- 65009: daemon: add custom node indexer #19980
- 65027: Use actual etcd client for /healthz/etcd checks #19992
- 65063: Re-use private key after failed CSR #20000
- : Add PSP review to /oapi Resources #19542
- : Remove write permissions on daemonsets from Kubernetes bootstrap policy #18971
- : XFS quota for emptyDir volumes #19533
- : add RawConfig to factory for commands modifying raw kubeconfig files #19343
- : aggregator to proxy oapi to apps.openshift.io server #18652
- : allow injecting printers #19137
- : allow oc kubeconfig loading to have our flags and errors #19335
- : change config file location and restore perFSGroup to quantity #19773
- : controller-manager patches for recycler #18887
- : disable local storage isolation feature gate #19323
- : enable critical pod support by default #19104
- : filter daemonset nodes by namespace node selectors #18989
- : inject new parameter for image resolution into kubectl set image #19348
- : pods in openshift-* namespace can be marked critical #19104
- : rewrite unstructured objects on the CLI to avoid oapi #19327
- : avoid contacting server for restmappings in local mode #19996
- : make RootFsInfo error non-fatal on start #19137
- : stop wrapping --sort-by value in {} #19777
- Other patches
- docker/distribution#2382: Don't double add scopes
- docker/docker#36517: ensure hijackedConn implements CloseWrite function
- google/cadvisor#1903: fix #1902 bug with retryDockerStatus
- opencontainers/runc#1754: Add timeout while waiting for StartTransinetUnit completion signal
- opencontainers/runc#1805: fix systemd cpu quota for -1
🔋 Features
🏗 Multi-stage Docker image build support
🏗 Builds using the Dockerfile build strategy can now build multi-stage Docker images. The
from
field continues to target
🐳 the last image stage in the Dockerfile, but the newas
attribute onimageSources
allows other stages to be replaced
with triggered images.👌 Support external OAuth token authenticators
🔧 OpenShift can now be configured to delegate login flows to a remote OAuth capable endpoint like Keycloak. This allows
📚 a central Keycloak server to authenticate multiple clusters. See the documentation for more details about configuring
this option.- 🔧 auth: Add option to configure an external OAuth server #18969
- 👍 auth: Support WebhookTokenAuthenticators for using external servers as token authenticators #18868
Other Features
- auth: Add
oc adm prune role
command to clean up rolebindings that are not bound to valid roles #19619 - 🖨 cli: Add server-side column printer support for openshift objects #19934
- clusterup: Add --enable=automation-service-broker #19409
- image: Parallelize image mirroring and reuse mounted layers #19017
- migrate: Allow storage migration to be performed in parallel #19691
- 🐳 registry: Both internal and external hostnames for the registry should be in docker pull secrets #19838
- ⚡️ router: Make updating status on the router optional #17420
- 0️⃣ router: Prometheus should scrape the router by default #18254
- 👍 router: Support for DNS names in egress routes #15409
- router: Perform real backoff when contending for writes from the router #18686
- 🔀 router: Make router conflict detection work even during initial informer sync #19706
- router: Allow only a subset of routes from specific domains to be overriden by the hostname-template #19418
- router: Allow egress-router to connect to its own node IP for DNS #19885
- server: Expose api-versions and api-resources in oc #19884
- template: Allow TemplateInstances to create arbitrary resources, including CRDs #19396
🐛 Bugs
- 🏗 build: Retry retrieving build logs in some cases #19695
- cert: Order x509 certificate subjects to prevent a Golang / GNUTLS incompatibility #18837
- 👍 cli: Support quay.io pushing in
oc image mirror
#19016 - cli: Correct
oc scale
error handling #19275 - cli: Improve validation for
oc set volume
#19169 - 0️⃣ cli: Fix incorrect
oc run
default option #19712 - cli: Dots should be allowed in environment variable names passed to
oc new-app
#19688 - diagnostic: Replace usage of brctl with /sbin/ip #19929
- 0️⃣ jenkins: Adjust jenkins template setting to account for effects of constrained default max heap #18832
- 🚀 network: Fix handleDeleteSubnet() to release network from subnet allocator #18801
- ⚡️ network: Fix egressip handling when a NetNamespac is updated #18808
- network: The NetworkCheck diagnostic did not use the correct config file #18709
- 🔧 network: Allow configurable CNI bin dir in openshift SDN #18464
- network: Correctly report initial NodeNetworkUnavailable condition #18758
- network: Allow subnet allocator to handle changes to the subnet values #18999
- network: Prevent incorrect deletion of HostSubnet OVS flows #19080
- network: Make changing egress network policy rules more efficient #19346
- 🖨 network: Print out errors that occur when using macvlan and a namespace cannot be retrieved #19491
- 🚚 network: Remove openvswitch check from UnitStatus diagnostic #19572
- 🔧 network: Use a real OVS transaction when changing network configuration on the host #19393
- network: Use a go-native DNS library instead of dig command for dns resolution in egress network policy #19805
- network: Do not throw spurious error when minTTL=0 for the domain in egress network policy #19950
- 🚚 network: Remove the node from dnsmasq config when shutting down #19987
- network: Get lowest TTL from the DNS resolution chain for egress DNS #19982
- node: Fix to pass quoted unsafe strings (with characters like *,<,%) correctly to kubelet #19951
- ⚡️ registry: Update docker config secret to support the future location of the registry service #19514
- 🐳 registry: Make docker registry service controller check all secrets #19788
- router: When a router is reloaded after a batch of route/ingress changes are committed, haproxy sometimes fail to reload #18587
- ⚡️ router: Some route status updates were being lost #19018
- router: Combine backend map files to fix path based routing #18840
- router: Wildcard routes should not take precedence over sub-routes #19076
- router: Some routes were being rejected incorrectly when NAMESPACE_LABELS was set #19330
- router: The router can forget routes when routes are created and deleted in rapid succession #19175
- router: Unidle in router should ignore headless services #19416
- router: Allow Prometheus to get metrics from the router #19318
- 🔒 security: Correctly handle legacy PodSecurityPolicyReview resources #19542
- 🐎 server: Improve performance of the SDN controller by using shared caches #18911
- 🔒 server: Move range allocation to an internal API as rangeallocations.security.openshift.io #19277
- server: Set etcd DialTimeout, fix etcd start order in all-in-one #19953
- server: When etcd is down, avoid pathological healthz behaviors #19992
- 🌲 service-catalog: Start API and controller pods with log verbosity = 3 #19135
🚀 Release SHA256 Checksums
f876258c9a6221637a84e35ff68e9af96c2f2013eb9ae41ea33abd9286aa045c ./openshift-origin-client-tools-v3.10.0-rc.0-c20e215-linux-64bit.tar.gz dcb414712e8ae08146634d0c18720476e7afd024aa100bd2246d064de6658664 ./openshift-origin-server-v3.10.0-rc.0-c20e215-linux-64bit.tar.gz 872e0b58684af5d17b41a0585c50b41d09fbefa449d80927ba91252ac998deb3 ./openshift-origin-client-tools-v3.10.0-rc.0-c20e215-mac.zip 25eef2fc0401209e3b5d40239827c023f463cdafeb06f81f1a6a0af9deaa1d25 ./openshift-origin-client-tools-v3.10.0-rc.0-c20e215-windows.zip 1c21ba58ee0f7fc8b55e9d84099632ec970051adc3744a294a10bcd3aefcfe21 ./CHECKSUM
- Moving from legacy API resources (
-
v3.10.0-alpha.0
February 27, 2018 -
v3.9.0 Changes
March 30, 2018🚀 This is the official feature release of OpenShift Origin.
🔄 Changes
🚀 Roadmap for the v3.9 release
v3.9.0 (2018-03-30) Full Changelog
⚡️ Component updates
- ⚡️ Updates to Kubernetes
- 51042: Allow passing request-timeout from NewRequest all the way down #13701
- 52324: Fix bug on kubelet failure to umount mount points. #18225
- 54530: api: validate container phase transitions #18792
- 56164: Split out a KUBE-EXTERNAL-SERVICES chain so we don't have to run KUBE-SERVICES from INPUT #18754
- 56288: Add list of pods that use a volume to multiattach events #18290
- 56315: Record volumeID in GlusterFS PV spec UPSTREAM: 56823: Add volID based delete() and resize() if volID is available in pv spec UPSTREAM: 57516: Add custom volume name based on SC parameter UPSTREAM: 58513: Add Namespace to glusterfs custom volume names UPSTREAM: 58626: Use correct pv annotation to fetch volume ID #18326
- 56432: e2e: test containers projected volume updates should not exit #18387
- 56846: Fix Cinder detach problems #18140
- 56872: Fix event generation #18442
- 57202: Fix format string in describers #18853
- 57336: Abstract some duplicated code in the iptables proxier #18754
- 57461: Don't create no-op iptables rules for services with no endpoints #18754
- 57480: Fix build and test errors from etcd 3.2.13 upgrade #18731
- 57854: fix bug of swallowing missing merge key error #18331
- 57967: Fixed TearDown of NFS with root squash. #18154
- 58177: Redesign and implement volume reconstruction work #18554
- 58316: set fsGroup by securityContext.fsGroup in azure file #18526
- 58375: Recheck if transformed data is stale when doing live lookup during update #18530
- 58415: Improve messaging on resize #18509
- 58439: Fix loading structured admission plugin config #18529
- 58439: Surface error loading admission plugin config #18529
- 58522: Clean up error messages for pre-bound PVCs #18284
- 58533: add suggestion to describe pod for container names #18178
- 58574: fixing array out of bound by checking initContainers instead of containers #18403
- 58617: Make ExpandVolumeDevice() idempotent if existing volume capacity meets the requested size #18432
- 58685: Fill size attribute for the OpenStack V3 API volumes #18237
- 58720: Ensure that the runtime mounts RO volumes read-only #18255
- 58739: Don't bind PVs and PVCs with different access modes #18284
- 58753: Fix kubectl explain for cronjobs #18268
- 58794: Resize mounted volumes #18421
- 58930: Don't wait for certificate rotation on Kubelet start #18322
- 58955: pkg: kubelet: do not assume anything about images names #18340
- 58977: Fix pod sandbox privilege. #18820
- 58991: restore original object on apply err #18337
- 58994: Race condition between listener and client in remote_runtime_test #18409
- 59170: Fix kubelet PVC stale metrics #18787
- 59279: nodelifecycle: set OutOfDisk unknown on node timeout #18417
- 59297: Improve error returned when fetching container logs during pod termination #18515
- 59350: Do not recycle volumes that are used by pods #18552
- 59365: Fix StatefulSet set-based selector bug #18824
- 59386: Scheduler - not able to read from config file if configmap is not found #18475
- 59449: Fix to register priority function ResourceLimitsPriority correctly. #18503
- 59506: fix --watch on multiple requests #18514
- 59569: Do not ignore errors from EC2::DescribeVolume in DetachDisk #18544
- 59767: kubelet: check for illegal phase transition #18585
- 59873: Fix DownwardAPI refresh race #18636
- 59923: Rework volume manager log levels #18636
- 60299: apiserver: fix testing etcd config for etcd 3.2.16 #18731
- 60301: Fix Deployment with Recreate strategy not to wait on Pods in terminal phase #18760
- 60306: Only run connection-rejecting rules on new connections #18754
- 60342: Fix nested volume mounts for read-only API data volumes #18789
- 60430: don't use storage cache during apiserver unit test #18731
- 60457: tests: e2e: empty msg from channel other than stdout should be non-fatal #18755
- 60490: Volume deletion should be idempotent #18878
- 61045: subpath fixes #18957
- 61107: Add atomic writer subpath e2e tests #18957
- 61107: Detect backsteps correctly in base path detection #18957
- 61193: bugfix(mount): lstat with abs path of parent instead of '/..' #18985
- : Remove write permissions on daemonsets from Kubernetes bootstrap policy #18977
- : Short-circuit HPA oapi/v1.DC #18380
- : hack in working autoscale reference for oc autoscale #18376
- : hack out the oapi for restmapping resources when more than one is present #18377
- : patch the upstream SA token controller and use it #18508
- ⚡️ Updates to docker/distribution
- UPSTREAM: docker/docker#36517: ensure hijackedConn implements CloseWrite function
🔋 Features
🔋 FEATURE DESCRIPTION
PARAGRAPH
- DESCRIPTION #PR
Other Features
- 🏗 build: Issue 17941: Add
oc new-build --push-secret
option #18477 - 🚀 deploy: Add support for deployments in oc status #18439, #18579
🐛 Bugs
- auth: Change Header used for impersonation scopes to match upstream #18378
- 🗄 auth: Deprecate some policy commands #18102
- 🏗 build: Adjust newapp/newbuild error messages (arg classification vs. actual … #18272
- 🏗 build: Fix BuildConfigInstantiateFailed warning when lastVersion == 0 #17146
- cli: Add infos count to
oc status
#18422 - cli: Suppress project list on login if you have access to greater than 50 projects #18706
- diagnostic: Add an AppCreate diagnostic #16658
- diagnostic: AggregatedLogging ClusterRoleBindings false negative fix #18888
- 🔊 diagnostic: Fix AnalyzeLogs to provide more clear debug message #18654
- image: Fix annotation trigger to reconcile on container image change #18513
- image: Preserve namespace on imagestreams server-side export #18487
- ⏱ image: Prevent scheduled importer of images from advancing too quickly #18604
- image: Retry import without authentication if we get 401 error for public images #18012
- migrate: Add migrate command for legacy HPAs #18854
- network: Fix reassignment of egress IP after removal #18720
- network: Deal with auto-egress-ip mark conflicting with kube-proxy's masqueradeBit #18121
- 0️⃣ network: Do not allow 'default' project to be isolated using 'oc adm pod-network' #18687
- network: Don't try to delete (nonexistent) OVS flows for headless/external services #18890
- network: Fix CNI IPAM data dir #18863
- 🚀 network: Fix handleDeleteSubnet() to release network from subnet allocator #18819
- 🆕 newapp:
--source-image
should count as a source input for new-app #18631 - 🚚 node: Move pod-namespace calls out of process to prevent races between Go threads #18355
- node: Restart console container when config changes #18411
- 👍 node: Support
--write-flags
onopenshift start node
to support moving directly to kubelet #18322 - 🌲 oauth: Enable osin internal error logging #18505
- router: Make oadm router and registry resiliant to missing client for use in scripts #18546
- ⚡️ router: Updating route TLS configuration will be possible with 'create' permissions on custom-host #18312
- 🔒 security: ClusterResourceOverride plugin should not set CPU or memory minimums below the namespace quota minimum #18553
- ⚡️ server: Bug 1538389 - Allow node IP change to update Host IP in HostSubnet resource #18281
- server: Correctly handle newlines in serial files #18405
- ⏱ server: Wait for lease acquisition that indicates the controllers and scheduler have successfully started #18338
- template: Make sure we can unbind a deleted templateinstance #18452
🚀 Release SHA256 Checksums
6ed2fb1579b14b4557e4450a807c97cd1b68a6c727cd1e12deedc5512907222e ./openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz a616d50c0974d4b3d1f12f227883afa7e70028fe78c874fc233eb3466ee12fdf ./openshift-origin-server-v3.9.0-191fece-linux-64bit.tar.gz 32bdd9464866c8e93d8cf4a3a7718b0bc9fa0f2881f045b97997fa014b52a40b ./openshift-origin-client-tools-v3.9.0-191fece-mac.zip 705eb110587fdbd244fbb0f93146a643b24295cfe2410ff9fe67a0e880912663 ./openshift-origin-client-tools-v3.9.0-191fece-windows.zip
- ⚡️ Updates to Kubernetes
-
v3.8.0
March 13, 2018