Back to index
4.9.0-0.okd-2021-11-28-035710 Download installer and client with:
oc adm release extract --tools quay.io/openshift/okd:4.9.0-0.okd-2021-11-28-035710 Team Approvals:
No tests for this release
Upgrades from:
Upgrades to:
Created: 2021-11-28 09:11:16 +0000 UTC
Image Digest: sha256:7d8356245fc3a75fe11d1832ce9fef17f3dd0f2ea6f38271319c95918416b9d9
Release 4.9.0-0.okd-2021-11-28-035710 was created from registry.ci.openshift.org/origin/release:4.9.0-0.okd-2021-11-28-035710
Components
Kubernetes upgraded from 1.21.5 to 1.22.3
Fedora CoreOS upgraded from 48.34.0 to 49.34.1
New images
Rebuilt images without code change
Bug 2004924 : Update dependencies to K8s 1.22 #11
Updating ose-aws-cloud-controller-manager images to be consistent with ART #4
Add component info to the OWNERS file #3
Full changelog
Bug 1988371 : Rebase to v1.2.0 for OCP 4.9 #190
Updating ose-aws-ebs-csi-driver images to be consistent with ART #189
Updating .ci-operator.yaml build_root_image
from openshift/release #188
Full changelog
Bug 1993931 : Storage operators use older kubernetes client #138
Bug 1990146 : some controllers missing livenessProbe #134
Use generic deployment controller with additional manifest hooks #128
Start using “embed” module for static assets #131
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #132
Updating .ci-operator.yaml build_root_image
from openshift/release #130
Full changelog
Bug 2015605 : do not requeue if the machine has been updated #425
Bug 1994480 : Update dependencies to K8s 1.22 #417
Updating ose-aws-machine-controllers images to be consistent with ART #412
Bug 1925276 : Fix eventual consistency logic to be consistent #406
Bug 1965080 : Reduce frequency of calls to register targets with load balancers #410
Updating .ci-operator.yaml build_root_image
from openshift/release #411
add in-container vendor #394
Full changelog
Updating ose-aws-pod-identity-webhook images to be consistent with ART #140
Updating .ci-operator.yaml build_root_image
from openshift/release #139
Full changelog
Bug 1987255 : UPSTREAM: <716>: Disable zones on azure stack cloud #10
Rebase 07 22 2021 #9
Updating ose-azure-cloud-controller-manager images to be consistent with ART #8
Updating ose-azure-cloud-node-manager images to be consistent with ART #7
UPSTREAM: <carry>: Add component info to the OWNERS file #4
Full changelog
Bug 1994642 : Rebase to v1.5.1 for OCP 4.9 #13
Bug 1988372 : UPSTREAM: 955: fix: Disable uuid checks on XFS #14
Bug 1990781 : UPSTREAM: 961: fix: Remove gen-skus-map #12
Rebase v1.5.0 #11
Updating ose-azure-disk-csi-driver images to be consistent with ART #9
Updating .ci-operator.yaml build_root_image
from openshift/release #8
Full changelog
Bug 1992875 : Use own cloud credentials #30
Bug 1993931 : Storage operators use older kubernetes client #32
Bug 1948603 : Re-enable expansion e2e tests #18
Bug 1992148 : mount azurestackcloud.json to /etc/azure #29
Bug 1990146 : some controllers missing livenessProbe #28
Bug 1948090 : Deploy multiple replicas of CSI Controller Service #27
Adding support for Azure Stack Hub (ASH) #26
Use embed for static assets #25
Remove generated API #24
Updating ose-azure-disk-csi-driver-operator images to be consistent with ART #23
Bug 1960732 : update manifest and readme #19
Updating .ci-operator.yaml build_root_image
from openshift/release #22
Full changelog
Bug 2017985 : Set AWS Bootstrap Type == Master #5337
Bug 2016267 : Add ingress rules to master SG for compact clusters #5320
Bug 2004052 : OpenStack: Fix links in SR-IOV workers doc #5212
Bug 2009787 : Fix RAM validation for openstack flavors #5262
Bug 2004569 : Fix router clean up upon cluster destroy #5220
Bug 2015811 : bump oVirt terraform provider version which fix “Disk is locked” bug #5315
Bug 2009653 : bump RHCOS 4.9 boot images #5279
Bug 2011701 : do not modify cvo ignores for bootstrap-in-place #5277
Bug 2009342 : force cvo to ignore installer-provided resources #5261
Bug 2008944 : Azure Stack: Add Internal Load Balancer #5256
Bug 2007086 : bump RHCOS boot images for x86_64 only #5240
Update OWNERS #5241
Bug 1981999 : bump RHCOS boot images for 4.9 #5231
Bug 1996501 : Remove worker disk types below 8GB #5166
Bug 2000352 : [CORS-1716] vsphere: set the imported ova hardware version #5163
Bug 1999421 : Fedora CoreOS: revert to 34.20210626.3.1 #5174
Bug 1998643 : Revert “bump RHCOS boot images for 4.9” #5180
Bug 1993207 : fix(ibmcloud): Set account ID for rg on destroy #5181
Bug 1999119 : bump to golang-1.16 #5120
Bug 1993207 : fix(ibmcloud): Set account ID for resource group look up #5177
Bug 1997790 : Azure Stack Hub UPI README & Templates #5135
Bug 1998311 : Azure Stack Hub Manual Credentials #5138
Bug 1969371 : Fix AWS destroy to not check us-east-1 #5170
Bug 1981999 : bump RHCOS boot images for 4.9 #5168
Bug 1972524 : baremetal: Ensure ipv6 bootstrap VM client-id is predictable #5110
Bug 1969371 : Stop searching other China regions for resources #5156
Bug 1996124 : version: display release architecture #5107
Bug 1976016 : Display proper error message on failure to delete #5157
Bug 1974640 : Write user credentials to specified env location #5155
Bug 1995655 : bump default channel to stable-4.9 #5159
Bug 1958154 : Restrict number of AWS user tags #5154
Bug 1978213 : openstack/quota: relax min ports #5153
Bug 1994103 : ibmcloud: Support Terraform stages #5116
Bug 1989973 : Fix Azure typo #5144
Bug 1992463 : libvirt: bump default memory and cpus #5069
Bug 1992876 : gather: Add OKD specific journal logs #5127
Bug 1987845 : openstack: relax port constrain by one #5145
Bug 1990206 : Fix invalid UPI AWS instance type #5139
Bug 1989917 : openstack: relax Security Group quotas #5140
Bug 1990617 : Update fedora-coreos stream to 34.20210725.2.0 #5117
Bug 1987845 : openstack: relax quotas with Kuryr #5133
Bug 1989604 : ibmcloud: GetVSIProfiles error handling #5129
Bug 1977129 : Remove runlevel label from openshift-kubevirt-infra #5106
Bug 1963132 : Fix us-east4 Ashburn description #5097
Bug 1978213 : openstack - relax value for minNetworkConstraint #5121
Bug 1987845 : openstack: relax quota checks in BYON #5113
Bug 1987279 : Delete AWS EFS AccessPoints with owner tags #5112
Bug 1987083 : Azure: cloud provider config excludeMastersFromStandardLB -> false #5111
Bug 1972776 : improve dual-stack install-config validation #5005
Bug 1986420 : GCP: make cluster_ip_address optional post-bootstrap #5108
Bug 1882490 : data/azure/master: Add dash to nic name #5082
Bug: 1947293 Baremetal: Validate provisioning network size #4950
Azure Stack IPI Support #5084
ibmcloud: Destroy cluster #5099
pkg/asset/manifests/dns: don’t create private zone in Azure Stack #5104
azurestack: Modify destroy code to handle public dns record deletion #5095
Destroy AWS EFS volumes #5092
Azure: Split terraform into stages #5032
Azure Stack cloud provider config #5042
Bug 1984576 : baremetal: reinstate provisioningInterface for provisioning CR #5100
ibmcloud: Update cloud provider config #5096
ibmcloud: Remove quota check placeholders #5072
Bug 1970179 : update boot images for RHCOS 4.9 #5049
vendor: update baremetal-operator v0.0.0-20210706141527-5240e42f012a #5061
baremetal: make provisioningNetworkInterface optional #5015
Delete storage policy ids when cluser is deleted #5075
Add documentation on setting cloud provider opts #5090
oVirt: must gather fix nil pointer panic #5080
Add OKD installer images #4453
baremetal: set default boot mode explicitly #4680
ibmcloud: Add Platform Provisioning Check #5063
ibmcloud: Update security groups and rules #5059
Fix build with multiple GOFLAGS #5062
verify-vendor: add go mod tidy #5076
vSphere: Add datastore and storagepod to category #5074
Bug 1969794 : Document how to use image registry with a custom PVC backend #4985
Bug 1969374 : document how to update domain for image registry in versions <4.8 #4979
Updated owner aliases because of GitHub account change #5058
OpenStack: explicitly disable octavia when using kuryr #5047
OpenStack: Open 0.0.0.0/0 on NodePorts #5052
bootstrap: add –infra-config-file to kube-api render #5057
Bug 1980029 : Pin openstacksdk #5066
Bug 1925203 : add auto pin and hugepages support #4873
Bug 1979038 : oVirt: include master IPs when running must gather #5039
Bug 1972582 : Installing with an oVirt network with 2 vnics on the same network causes the installer to not create tfvars and fail with terraform error #5002
azure: Updates cluster-api-provider-azure package #5044
baremetal: Update IPI docs for latest version #5054
Ibm cluster creation #5023
OpenStack: Remove FIPs of LBs created by cloud-provider #5050
openstack: Expose master server group policy #5003
Bug 1962414 : FIPS: validate ssh public key type compatibility #5029
aws: move elastic ip permissions to create networking category #5045
Bug 1978213 : Run kuryr-specific quota checks for kuryr envs #5048
baremetal: Always use image cache #5008
Fix sanity check image metadata arches match error #5033
baremetal: add PlatformProvisionCheck dependency for TerraformVariables asset #5041
OWNERS: update vSphere-approvers #5038
azure: changes the way we get credentials #4789
kubevirt: removes dependency on a deprecated package #4953
Updating ose-installer images to be consistent with ART #5006
azure: don’t require BaseDomainResourceGroupName on ARO #4879
Azure Stack: type, validation, & infrastructure manifest #5024
Bug 1975475 : aws: block creation of bootstrap instance until ignition config is uploaded #5028
.yamllint: ignore cluster-networkconfig-crd.yaml #5030
doc/gcp: remove no-longer-needed etcd records #4849
Updating ose-installer-artifacts images to be consistent with ART #5009
Updating ose-baremetal-installer images to be consistent with ART #5007
azure: removes dummy outbound service #4880
vSphere: Switch from sockets to cores by default #5001
split infrastructure creation into multiple terraform stages #5010
ibmcloud: fix struct field json #5020
Bug 1974598 : OpenStack: Optimize cluster deletion #5004
OpenStack: Add Unit Tests for validation of platform.openstack.machineSubnet #4937
Add arm64 support #4870
azure: don’t use managed identity on ARO #4843
azure: divide machine CIDR into 2 networks for subnets #4748
pkg/asset/installconfig/kubevirt: fix dropped error #4856
Add linux-amd64 binary to installer-artifacts #4891
Bug 1971518 : Try deleting associated trunk after port delete failure #5000
IBM Cloud Provider Scaffolding #4923
Bug 1929136 : OpenStack: document Manila share mounting #4803
Openstack IPI: Validate API and Ingress VIPs are not the same #4946
OWNERS: add more core team members as approvers #4997
Remove Fedosin from Owners #4996
Updating .ci-operator.yaml build_root_image
from openshift/release #4999
docs/user/aws/install: Update cloud install links #4934
fixing a link #4899
doc/openstack: add a note about image registry in AZ #4833
Full changelog
Bug 1994480 : Update dependencies to K8s 1.22 #158
Fix BMO reboot api broken link #150
remove dhellmann from owners file #154
Custom deploy procedure support #156
Updating .ci-operator.yaml build_root_image
from openshift/release #152
Full changelog
Bug 2009849 : Avoid logging BMC password when creds change #183
Bug 2009850 : Fix fallback for ironic drivers that don’t support soft power off #184
Bug 1986654 : Auto cleaning step in Prepare stage failed #166
Bug 1983190 : Add LIVE_ISO_FORCE_PERSISTENT_BOOT_DEVICE variable #173
Bug 1928816 : Explicitly set node bios_interface #172
Bug 1986656 : Fix missing case of BuildRAIDCleanSteps #170
Merge upstream 2021-07-22 #169
Merge upstream 2021-07-16 #168
Simplify build in Dockerfile.ocp #167
Merge upstream 2021-07-09 #164
Merge upstream 2021-07-02 #163
Vendor the apis submodule #162
Merge upstream 2021-06-25 #161
Merge upstream 2021-06-15 #156
Updating ose-baremetal-operator images to be consistent with ART #160
Bug 1972374 : Don’t deprovision provisioned host due to error #157
Updating .ci-operator.yaml build_root_image
from openshift/release #155
Full changelog
Bug 1995468 : CoreDNS Corefile hosts - add support for dual-stack #148
Revert “Merge pull request #141 from yboaron/get_endpoints” #146
Updating baremetal-runtimecfg images to be consistent with ART #144
Bug 1974350 : HAProxy-monitor: send reload only if cfg file changed #145
Updating .ci-operator.yaml build_root_image
from openshift/release #143
Full changelog
Bug 1992591 : ensure the same oc is used everywhere in cli-artifacts #904
Bug 1990014 : Use cmd for Windows pods #907
Bug 1996881 : adm catalog mirror: log deprecation message when sqlite-based catalog is in use #908
Bug 1994872 : Fix manifest path regression #906
Bug 1989504 : The code logic of channel clear is ambiguous, as well as the help info and output messages #891
Bug 1989505 : bump kubernetes-client-go library #909
Bug 1999159 : Update the catalog-related owner alias’ #910
Bug 1995291 : Remove docker adjective whenever possible. #767
Bug 1995573 : Replacing kubectl with oc adm in help for certificate ap… #905
Bug 1989391 : Revert to UnstructuredList to fix yaml output #895
Bug 1992680 : pkg/cli/admin/upgrade/upgrade: Copy edits, including “assists with cluster upgrades” #899
Bug 1786835 : Check for out of range condition #894
Bug 1903545 : Replace colons with dashes in Windows file paths #897
Bug 1986003 : Bump k8s.io to 1.22.0-rc.0 #890
Bug 1971332 : revert incorrect allowance of ssh:// prefix with scp styled URLs #875
Add support for declarative configs to “adm catalog mirror” #868
Support ibmcloud provider in release extract #852
Bug 1980118 : Keep workload annotations during the oc debug
call. #887
Bug 1978629 : Add oc describe output for build volumes #874
Bug 1955292 : show consistent unit format in cluster resource quota describe #882
contrib/completions/OWNERS: Delegate to all approver aliases #878
pkg/cli/admin/upgrade/channel: Add ‘oc adm upgrade channel …’ #576
Bug 1976112 : Fixed warnings about deprecated CronJob in image-pruner pods #876
release: extract Linux binaries for multiple architectures #816
BUILD-87 : bumping openshift/api with new fields for build volumes #843
Bug 1925534 : Add proxy to oc #751
Updating openshift-enterprise-cli-alt images to be consistent with ART #855
Updating openshift-enterprise-deployer images to be consistent with ART #856
Updating ose-cli-artifacts-alt images to be consistent with ART #858
Updating ose-tools images to be consistent with ART #857
fix typo in examples template #739
Bug 1973643 : make oc logs work with BuildConfig’s JenkinsPipeline strategy #863
Update ruby-hello-world images #860
Add json.Valid check before trying to read docker config #747
Full changelog
Bug 1992563 : update alerts with summary and descriptions #397
Bug 2024751 : pod-identity-webhook starts without tls #424
Bug 2015989 : Check for aws status in infra platform status field before client setup #405
Bug 1990975 : Enhance mechanism of reading ibm cloud apikey #365
Bug 1990970 : Remove debug test binary #366
ccoctl create-iam-roles should update policies for existing roles #364
Ignore ccoctl binary #363
Support gcp workload identity federation #359
Bump go.mod to 1.16 #362
Update build-machinery-go #361
Rename ibmcloud command to create-shared-secrets #360
Add permissions boundary support to ccoctl when creating AWS IAM Roles #346
Add code coverage script & make target #358
Documentation to add a new cloud provider #326
Updating ose-cloud-credential-operator images to be consistent with ART #357
Add IBMCloud manual mode #356
Remove checks inside conditional and use require.NotNil instead #348
Updating .ci-operator.yaml build_root_image
from openshift/release #355
Full changelog
Bug 1998031 : Deploy PDB to prevent more than one replica going unavailable #476
Bug 1996620 : manifests, bindata: explicitely set runAsUser for oauth-apiserver #474
Bug 1973005 : manifests, bindata: explicitely set runAsUser for operator and operand #472
Bug 1988576 : pkg/operator: Add deprecated stale status #470
Bug 1986829 : metrics: use client cert auth for metrics scraping #469
Bug 1978193 : csr request: use generate names to prevent getting stuck waiting for a cert #468
distribute oauth-server trust via a openshift-config-managed configmap #464
Bug 1977027 : Remove not needed Prometheus Rule #461
encryption condition controller doesn’t reset previously set condition #466
clear encryption conditions when there is no work to be done #462
Custom Certs for OAuth Route #430
add dynamic audit policy controller #460
Bug 1977054 : observe api-audiences for the oauth-apiserver #458
bump library-go to get context fixes #457
Updating .ci-operator.yaml build_root_image
from openshift/release #454
readme: update references to developer guide #448
Full changelog
Bug 1992823 : rebase on top of kubernetes/autoscaler 1.22 #209
Updating vertical-pod-autoscaler images to be consistent with ART #207
Updating atomic-openshift-cluster-autoscaler images to be consistent with ART #206
Updating .ci-operator.yaml build_root_image
from openshift/release #205
Full changelog
Bug 2025582 : Change ClusterAutoscalerUnschedulablePods severity to info #230
Bug 1994480 : Update dependencies to K8s 1.22 #218
Bug 1988032 : add cvo ha annotation to tombstones #216
Bug 1986090 : Do not recreate CA deployment when CA CR is being deleted #215
add alerts for memory and cpu core limits #213
add a tombstones manifest to the install directory #214
Bug 1973567 : add csistoragecapacities to cluster-autoscaler cluster role #212
Add related objects to ClusterOperator #211
Bug 1973567 : add csidrivers to the cluster-autoscaler cluster role #210
Updating ose-cluster-autoscaler-operator images to be consistent with ART #209
Updating .ci-operator.yaml build_root_image
from openshift/release #208
Full changelog
Bug 2012684 : add a new field “ProvisioningMacAddresses” to the provisioning CRD #207
Bug 1997993 : Set LIVE_ISO_FORCE_PERSISTENT_BOOT_DEVICE=Never #192
Bug 1986462 : Separate the names of machine os downloader when two copies are started #185
Bug 1986464 : Send pull secret data as base64 encoded string #184
Bug 1984576 : Rebase of pull/177 (Pass MACs to set-static-ip initContainer) + unit tests #182
Add support for live images and configuration of coreos IPA #174
Customize metal3 health endpoint to avoid port conflicts #180
Set external IP env var for ironic conductor too. #176
Pass IRONIC_EXTERNAL_IP to Ironic container #172
Add quick network info for boot iso image source option #167
Bug: 1947293 Add managed provisioning network size validation #164
Use ironic image for ironic-inspector #132
Bug 1973724 : reorder the initContainers, so that static-ip-set happens prior to the image download #169
remove dhellmann from owners #170
upgrade kustomize to 3.9.4 #168
Bug 1961226 : Configure an IPA sshkey in the metal3 pod #115
Update controller-runtime version to v0.8.3 #137
Add VirtualMediaViaExternalNetwork flag to the Provisioning CRD #150
Allow boot iso source configuration #144
Pass the node mac addresses to containers currently needing provisioningInterface #149
Bug 1972753 : Only start static ip set if provisioning net not disabled #165
Updating ose-cluster-baremetal-operator images to be consistent with ART #162
Use new registry registry.ci.openshift.org #159
Don’t set IP options on kernel command line twice #163
Updating .ci-operator.yaml build_root_image
from openshift/release #160
Full changelog
Bug 2004924 : Enforce the cloud-route controller disabled across platforms #128
Bug 1998466 : Fix deployment strategy typo #116
Bug 2000191 : Ensure CCCMO and CCMs adheres to OpenShift recommended leader election #114
Bug 1999018 : Ensure rollingUpdate strategy is cleared to allow upgrades #111
Bug 1998466 : Ensure CCM pods can be updated on SNO clusters #109
Bug 1997507 : Prevent host port clashing on SNO #108
Bug 1994480 : Update dependencies to K8s 1.22 #107
Bug 1993087 : cloud-config Azure credentials injector #106
Bug 1990075 : add maxUnavailable parameter to daemon set pods for azure #103
Bug 1985366 : Use registered ports and ensure that ports are defined in pod specs #101
Azure Stack separate assets #96
Bug 1986437 : Bump github.com/openshift/api #99
Substitution module cleanup #91
Use klog v2 only #98
Fix container names in azure manifests #95
spell correction of deployed #93
Allow CCMs to observe cluster wide proxy #89
Enable errcheck linter #69
Brief description for cloud-config-sync controller in dev docs #72
Azure CCM assets #62
Update the container init script to not use the legacy workaround #88
Revendor library-go and openshift/api for Azure Stack Hub and Azure support #77
Rename CCCMO deployment #87
Remove bootstrapping render implementation #85
Extract cloud config sync controller to separate binary #86
Prevent CCMs to be on the same node #83
Use just one CCM replica for Single Node deployments #84
Inline container args into command #82
Use /etc/openstack to mount the config and secrets #80
Allow CCMs to create serviceaccounts/token #81
Allow the operator to list deployments in config namespaces #79
Run CCCMO and CCM components before CNI #76
Junit report for CI runs #68
Use upstream openshift images from quay.io #74
Add .cache to .gitignore #78
Enable cloud-config-sync controller #70
Tolerate uninitialized taint in operator pods #49
Good ol’ cleanup #75
Move controllers under pkg folder #71
Ensure AWS CCM is using leader election in openshift-cloud-controller-manager namespace #63
Add cloud provider integration doc for CCCMO #67
Cloud conf sync controller #61
Add golangci-lint checks #66
Implement image substitution for Pod and generalise the approach for other objects #58
add object names to the substitution logs #64
Updating ose-cluster-cloud-controller-manager-operator images to be consistent with ART #60
Update component name in Owners #59
Full changelog
Bug 1993002 : Bump API to fix kubebuilder directives #214
Bug 1984635 : use new default leader election values to handle SNO environments #213
Bug 1984635 : use new default leader election values to handle apiserver rollout on SNO #211
Bug 1986148 : Bump API for Ingress RequiredHSTSPolicies #212
Add missing include annotation for ibm-cloud-managed #210
bump: get updated operator API content #209
bump(openshift/api): to get latest CRDs #208
Add AzureStack support #186
Full changelog
Bug 1993931 : Storage operators use older kubernetes client #100
Bug 1992255 : Fix leader election defaults in snapshot-controller #99
Bug 1986215 : Bump library-go #98
Add ibm-cloud-managed profile patch for operator deployment #96
Support External control plane topology #97
Use go:embed for static yaml files #95
Bug 1965263 : VolumeSnapshotContents listing should print also namespace of the VolumeSnapshot ref. #93
Updating ose-cluster-csi-snapshot-controller-operator images to be consistent with ART #94
readme: update references to developer guide #90
Updating .ci-operator.yaml build_root_image
from openshift/release #92
‘manages’ #76
Full changelog
Bug 2002621 : serviceChanged: Fix internalTrafficPolicy #295
Bug 1992555 : Comply with Openshift alerting guidelines #288
Allow dns operator to be disabled with managementState field #260
status: Watch clusteroperators #261
Bug 1973482 : status: Watch daemonsets #283
Bump for controller-runtime v0.9.0 #282
Updating ose-cluster-dns-operator images to be consistent with ART #281
Updating .ci-operator.yaml build_root_image
from openshift/release #280
Add alebedev87 to OWNERS #275
Full changelog
Bug 2008175 : pkg/operator/metriccontroller: Fix query #686
Bug 2009890 : pkg/operator/upgradebackupcontroller: fix backup dir name in status condition #683
Bug 2007454 : pkg/cmd/render: disallow placeholder IPs #667
Bug 2003540 : bump library-go #663
Bug 2009016 : Suppress noisy logs and improve client errors #679
OWNERS: add hasbro17 to reviewers #671
Bug 1997347 : pkg/cmd/verify: bug fixes and improvements #657
OWNERS: add lilic as approver. #655
Bug 1997347 : pkg/operator/upgradebackupcontroller: update cluster operator status #653
Bug 1997347 : ETCD-223: pkg/operator: add cluster backup upgrade controller #647
Bug 1956879 : pkg/operator/metriccontroller: read etcd-operator SA token rather than using prometheus #650
Bug 1994857 : Revert pkg/operator/targetconfigcontroller: wait for kcm-o to generate certs before rollout #651
Bug 1997207 : Pass context into clientv3.Config to use same context #645
Bug 1994986 : test/e2e/etcdctl_test.go: Skip check perf test as we disabled it #646
Bug 1994707 : pkg/etcdcli: provide clear error on status check for unstarted etcd member #644
Bug 1980465 : pkg/etcdenvvar: warn on apply duration over 200ms #639
Bug 1957498 : Clean up tech debt #631
Bug 1993757 : bindata/etcd: remove unix socket from advertised list #640
Bug 1991068 : Allow only supported cipher suites #638
Bug 1989335 : pkg/operator/targetconfigcontroller: block rollout and report on missing external resource #635
Revert “Bug 1701154: Enable etcdHighNumberOfFailedGRPCRequests alerts” #637
Bug 1701154 : Enable etcdHighNumberOfFailedGRPCRequests alerts #626
Bug 1986829 : metrics: use client cert auth for metrics scraping #634
Bug 1988491 : bindata/etcd/quorumguard-deployment: simplify health true matching #636
Adjust runbooks url to new path #632
pkg/operator/defragcontroller: reduce RPC calls after defragmentation #630
Inject runbook url into alerts #628
OWNERS: goodbye Suresh #629
ETCD-58 : add support for defrag controller #625
Replace message with description field #627
ETCD-204 : Add an observer for TLS Security Profile #616
bindata/etcd: Enable gRPC time histograms #566
Migrate alerting mixin from cluster-monitoring-operator #613
bump library-go to get context fixes #622
Bug 1969633 : pkg/operator/targetconfigcontroller: wait for kcm-o to generate certs before rollout #619
pkg/etcdenvvar: bump ETCD_QUOTA_BACKEND_BYTES to 8GB #597
Updating cluster-etcd-operator images to be consistent with ART #612
Rotate serving certs when duration less than minimum percent #606
Full changelog
Bug 2023219 : Wait until cluster operators recover before proceeding #731
Bug 2005049 : Avoid disruptions #719
Updating ose-cluster-image-registry-operator images to be consistent with ART #712
IR-207 : Get endpoints for Azure Stack Cloud #710
Bug 1981639 : Update rolling update parameters #709
Bug 1958376 : Disallow blob public access for Azure storage account and require TLS1.2+ #705
CCO-105 : Support gcp workload identity federation #702
Start using embed for assets #703
feat: Support IBMCloud and add IBM COS storage driver #698
Bug 1939842 : Get AWS STS endpoint from serviceEndpoints #699
Bug 1974651 : Remove :apiserver_v1_image_imports:sum #700
Bug 1973318 : Properly set custom tolerations #694
Updating .ci-operator.yaml build_root_image
from openshift/release #693
Full changelog
Bug 2014938 : Use fake dns provider with external cp topology only in IBM Cloud case #666
Bug 2014711 : Fix for Azure dns privateZone degrade e2e test #673
Bug 2015829 : Change default balancing algorithm to “leastconn” #667
Bug 1997407 : Configure router to use “source” for passthrough #650
Bug 1986575 : Add e2e test cases for haproxy timeout api fields, and reject negative timeout values #644
Bug 1989058 : Watch CRL configmaps #642
Bug 1989005 : Validate spec.clientTLS.allowedSubjectPatterns[*] #643
Bug 1972977 : cleanup condition metrics for deleted ingress controllers #640
Bug 1942657 : Ingress operator stays degraded after privateZone fixed in DNS #641
Bug 1986228 : NE-310 E2E test for HSTS #639
Add unsupported config override for maxconn #638
NE-412 : Add options for tuning connection timeouts in openshift ingress controller #635
Implement configuration for handling empty requests #452
Implement client certificate parameters #450
Add unsupported config override for reload interval #619
ensureRsyslogConfigMap: Remove ingressConfig param #573
Add unsupported config override for config manager #628
Add IBMCloud DNS support #630
go.mod: Bump openshift/api to latest for DNSRecord typo #629
NE-472 : Add tlsv1.3 support #617
Ability to Customize HAProxy 2.x Error Page #588
Bump for controller-runtime v0.9.0 #626
Updating ose-cluster-ingress-operator images to be consistent with ART #625
Updating .ci-operator.yaml build_root_image
from openshift/release #624
Add alebedev87 to OWNERS #618
Full changelog
Bug 2014615 : Exempt metrics scrapes from APF. #1244
Bug 2012346 : prometheus-k8s-0 cpu usage keeps increasing for the first 3 days #1242
Bug 2003540 : bump library-go #1232
Bug 1998552 : Enforce OpenShift’s defined kubelet version skew policies #1199
Bug 2000608 : static pod startup monitor should log to a log file in addition to stderr #1219
Bug 1985447 : Add namespace label to remaining apiserver alerts #1220
Bug 1969404 : remove override for fast cert rotation #1221
Bug 1994643 : remove startup-send-retry-after-until-ready option #1211
Bug 1994857 : Revert “Bug 1969633: pkg/operator/targetconfigcontroller: wait for kcm-o to generate certs before rollout” #1209
Bug 1997420 : revert wrong change on the api-usage rules #1204
Bug 1996032 : Bump kube libraries to 1.22.1 GA version #1210
Bug 1994643 : enable shutdown-send-retry-after and startup-send-retry-after-until-ready #1207
Bug 1994257 : Actually create prometheus rule for audit error alert #1206
Bug 1985447 : Add namespace labels to kube-apiserver-operator alerts #1185
Bug 1991357 : bump library.go #1203
Bug 1985073 : use 1m resolution for control plane cpu alerts #1201
Bug 1990610 : prevent panic in startup monitor enablement check #1202
Bug 1985997 : Enable static pod fallback logic for SNO, with disruptive e2e test #1198
Bug 1986829 : metrics: use client cert auth for metrics scraping #1190
Bug 1989633 : bump(library-go): staticpod/installer: skip backoff if lastAvailableRevision > targetRevision #1200
Bug 1989461 : kube-apiserver: make flock wait for release and remove port wait #1191
Bug 1985997 : readiness checks handle network errors better #1196
Bug 1985997 : scaffolding for e2e tests for the static pod monitor #1197
Bug 1985997 : staticpod/startupmonitor: shorten and unify reason strings #1194
Bug 1985997 : wires startup monitor related controllers #1189
Bug 1986003 : Bump k8s.io to 1.22.0-rc.0 #1181
Bug 1985997 : wires the startup monitor #1177
staticpod/installer: get rid of sleep in sync loop #1183
Drop kubelet-https removed in 1.22 #1184
introduces KubeAPIReadinessChecker used by startup monitor to assess Kube API server readiness/health condition #1180
encryption condition controller doesn’t reset previously set condition #1178
Create alert for API Server audit log errors #1166
Start using embed module for assets #1174
bump(library-go + api): get audit.customRules support #1173
clear encryption conditions when there is no work to be done #1172
Switch to auditpolicy controller #1155
bootstrap: add –infra-config-file to render with SNO settings #1171
alerts: give exact oc get apirequestcounts
command in APIRemovedInNextReleaseInUse alert #1167
remove observing token timeouts #1161
disable apiextensions.k8s.io/v1beta1 and admissionregistration.k8s.io/v1beta1 #1162
Set –cloud-provider=external for supported platforms #953
Bug 1969633 : pkg/operator/targetconfigcontroller: wait for kcm-o to generate certs before rollout #1169
graceful-termination-duration: reduce to 15s for SNO #1168
reduces shutdown-delay-duration to 0s for SNO #1164
bump library-go to get context fixes #1163
Bug 1964231 : Ensure kubelet client cert change does not require a restart #1151
Bug 1974716 : SA token issuer observer: fix observing api-audiences #1158
Updating ose-cluster-kube-apiserver-operator images to be consistent with ART #1150
Bug 1956081 : add sigterm handler to insecurereadyz #1149
kube-apiserver failed to load SNI cert and key #1145
Bug 1921139 : Revert “remove override for fast cert rotation for release” #1147
Full changelog
Updating ose-cluster-kube-controller-manager-operator images to be consistent with ART #537
Bug 2003540 : bump library-go #564
Bug 1986829 : metrics: use client cert auth for metrics scraping #556
Bug 1989073 : Exclude openshift only CloudProvider feature gate from KCM config #555
Bug 1986003 : Bump k8s.io to 1.22.0-rc.0 #550
Bug 1986437 : Bump github.com/openshift/api #551
Cloud Volume Observer: Extended arguments must be a slice #552
remove unused cluster-policy-controller configuration #553
Add ObserveCloudVolumePlugin config observer for KCM config #525
update cluster-policy-controller configuration #545
fix clusterroles for the CSR approver #548
allow upgraded clusters to use the vulnerable service-ca.crt #546
Start using embed module for assets #547
Bump openshift/api #542
Set –cloud-provider=external for supported platforms #450
Refactor remaining controllers to factory #541
Bug 1965562 : recycler-for-nfs-… does not set requests or priorityClassName #538
bump library-go to get context fixes #540
Update OWNERS #539
AUTH-26 : CSR Approver manifests #535
Full changelog
Bug 2003540 : bump library-go #370
Bug 1984608 : Set kube-scheduler leader election defaults #365
Bug 1986829 : metrics: use client cert auth for metrics scraping #364
Bug 1986003 : Bump k8s.io to 1.22.0-rc.0 #362
SchedulerLegacyPolicySet: add 60 min wait #363
Fire SchedulerLegacyPolicySet alert when the legacy scheduler policy API is set #361
Start using embed module for assets #360
Bump openshift/api #359
operator: move target config controller to factory #358
bump library-go to get context fixes #357
Updating ose-cluster-kube-scheduler-operator images to be consistent with ART #356
Full changelog
Bug 2022528 : Extensive number of requests from storage version operator in cluster #77
Bug 2016176 : kube-storage-version-migrator constantly reporting type “Upgradeable” status Unknown #72
Bug 1986418 : bump library-go dependency to use SNO leader election defaults #63
pkg/operator: fix typo starter clusteroperator #62
Updating .ci-operator.yaml build_root_image
from openshift/release #60
Full changelog
Bug 2024216 : Allow fallback to serving cert renewal accounting for egress IPs on SDN #141
Bug 2019754 : Ensure pending CSR count is valid post approval #139
Bug 1994480 : Update dependencies to K8s 1.22 #128
Ensure must-gather tracks related objects on failures #126
manifests/0000_90_cluster-machine-approver_04_alertrules: Drop ClusterMachineApproverDown #112
Updating ose-cluster-machine-approver images to be consistent with ART #125
Updating .ci-operator.yaml build_root_image
from openshift/release #124
fixing the link in the README.md of csr_check.go #109
Full changelog
Bug 2021097 : Set Upgradeable: false when HA workloads are incorrectly spread #1472
Bug 2018455 : Keep container_fs_usage_bytes metric #1461
Bug 2015571 : [4.9] add kube_persistentvolumeclaim_labels and kube_persistentvolume_labels #1457
Bug 2013617 : Update KubePodCrashLooping alert #1448
Bug 2013148 : jsonnet: Drop unnecessary kube-state-metrics alerts #1435
Bug 2011359 : Backport Application Services metric to 4.9 release #1420
Bug 2011798 : Prometheus when installed on the cluster shouldn’t have failing rules evaluation #1418
Bug 2008120 : Adjust dropped cAdvisor metrics #1404
Bug 2012029 : Allow namespace label in metric allow list #1422
Bug 2000490 : Add runbooks for all critical alerts #1356
Bug 1996785 : [MON-1536]Remove unused rules. #1316
Bug 1999397 : Bump prom 2.29.2 #1353
Bug 1991504 : changes for moving from sha1 to bcrypt #1336
Bug 1995614 : Fix beta.kubernetes.io/os deprecated warning #1348
MON-1688 : Expose remote write #1308
Bug 1995695 : Get insights on series churn during upgrades #1313
Bug 1997972 : pin dependencies for upcoming relase #1340
Bug 1997528 : remove use of etcd_object_counts metric #1345
Bug 1996941 : adding label check for node when creating daemon set #1339
Bug 1997475 : Makefile: increase timeout for e2e tests #1343
jsonnet: Add missing namespace labels to alerting rules #1319
Bug 1996718 : Fix ksm metric label allowlist flag #1337
jsonnet: Support exluding namespaces from user-workload monitoring #1312
Bug 1986981 : Alert Config update - Patch to PR#1310 #1317
Bug 1984365 : Dashboard Prometheus/Overview can’t filter instance by job #1324
Bug 1956830 : Update prometheus-adapter to v0.9.0 #1325
Bug 1992493 : jsonnet:rules: Adds missing summary and description to rules. #1327
Bug 1994222 : Add metrics for jaeger-operator #1306
Bug 1993055 : Fix node_exporter task error message #1321
Bug 1992567 : jsonnet: cleanup jsonnet codebase and align with kube-prometheus #1315
MON-1099 Improving error reporting to show all task failures #1238
Bug 1986981 : Update Alert Configs #1310
MON-1749 : Allow users to disable the local Alertmanager #1293
Bug 1990258 : cleaning up Makefile #1311
Bug 1987197 : hack,jsonnet: Better version checker #1298
Bug 1988291 : pkg/client/client.go: Add retry logic for daemonset create #1307
Bug 1973491 : jsonnet: update deps #1302
Bug 1987143 : Update prometheus resources label to 2.28.1 #1303
Bug 1986840 : track number of active alertmanager receivers via telemetry #1209
Bug 1986375 : adding check for node exporter daemon set #1279
Bug 1973576 : Bump thanos to v0.22.0 #1297
Remove context field from structs #1290
Bug 1978091 : fix node_exporter recording rules for cluster network dashboards #1296
Remove manual CRI-O metrics modification #1287
Allow configuring additional alertmanagers for UWM Prometheus and Thanos #1271
Documentation: fix a typo #1295
Add new label to show grafana dashboards in ODC #1294
generate client key and certificates #1282
No apiserver rules #1292
Send etcd telemetry rules #1281
jsonnet: Sync with kube-prometheus #1291
Bug 1978662 : Set a degraded message when persistent storage is not configured #1270
Remove use of deprecated APIs being removed in Kubernetes v1.22 #1286
Fix shellcheck errors #1284
Cleanup telemetry owners #1273
BUG 1980888: jsonnet: Favour http probes for thanos querier #1277
Remove context.TODO() and propagate real context #1254
pkg/manifests: Add EnforcedTargetLimit for user-workload monitoring #1278
Bug 1956308 : Fix deployment update with retry option #1257
client: Always set OperatorUpgradeable reason to AsExpected #1275
jsonnet: Enable federated targets in thanos-querier #1274
Bug 1947005 : changing alert manager access rules #1217
Bug 1974832 : Improve HighlyAvailableWorkloadIncorrectlySpread to detect single point of failure #1262
Bug 1949840 : Improve update and status reporting #1193
jsonnet: pull latest deps #1269
Bug 1978829 : alert: ClusterMonitoringOperatorReconciliationErrors: reduce range du… #1268
Remove logging from the mixins namespace selectors #1266
Bug 1977435 : jsonnet: bump prometheus-operator to v0.49.0 #1267
Bug 1974830 : Update KubeDeploymentReplicasMismatch alert #1261
operator: Allow disabling Grafana deployment #1241
Bug 1972076 : jsonnet: Disable cpufreq collector in node_exporter #1229
Bug 1974832 : Add HighlyAvailableWorkloadIncorrectlySpread alert #1242
Revert “Bug 1974830: Update KubeDeploymentReplicasMismatch alert” #1259
Improve monitoring telemetry rules #1227
Extend E2E tests to cover user facing config #1218
*: improve discovery of currently used component versions #1235
Bug 1974830 : Update KubeDeploymentReplicasMismatch alert #1253
Allow configuration of the log level for Alertmanager in the CMO configmap #1256
Bug 1974651 : Remove :apiserver_v1_image_imports:sum #1239
AggregatedAPIDown alert threshold set back to 85% #1237
Makefile: add check to verify runbook urls #1246
Remove context.TODO() from client_go method calls #1240
Revert “alert:KubeDeploymentReplicasMismatch: only fire if cluster is in ready state” #1249
hack: Remove python script that diffs jsonnet #1247
Makefile: update $(JSONNET_VENDOR) dependencies #1248
alert:KubeDeploymentReplicasMismatch: only fire if cluster is in read… #1245
jsonnet: pull latest deps #1244
jsonnet: remove unused remove-runbook script #1243
jsonnet/control-plane.libsonnet: Remove etcd rules #1233
Sync with kube-prometheus #1236
Add RHODS Usage and Availability metrics #1232
jsonnet: Generate CMO ClusterRole with jsonnet #1230
Bug 1970147 : jsonnet: disable insecure cypher suites for prometheus-adapter #1234
Makefile: drop test-rules from test-unit target #1137
Correct serverName json tag #1226
test/e2e: make tests more resilient to hiccups #1231
Updating cluster-monitoring-operator images to be consistent with ART #1225
jsonnet: unlock dependencies for 4.9 development cycle #1214
Update OWNERS file to reflect new maintainers #1215
pkg/client: Retry on API errors in polling methods #1194
jsonnet: Run jb rewrite to convert to absolute paths #1224
hack: do not use shellcheck container #1196
Updating .ci-operator.yaml build_root_image
from openshift/release #1216
hack,test: Use new ghcr.io images for prometheus-example-app #1188
More robust local CMO script #1181
Full changelog
Source code for this page located on github