Back to index
4.9.0-0.okd-2021-11-28-035710 Download installer and client with:
oc adm release extract --tools quay.io/openshift/okd:4.9.0-0.okd-2021-11-28-035710 Team Approvals:
No tests for this release
Upgrades from:
Upgrades to:
Created: 2021-11-28 09:11:16 +0000 UTC
Image Digest: sha256:7d8356245fc3a75fe11d1832ce9fef17f3dd0f2ea6f38271319c95918416b9d9
Release 4.9.0-0.okd-2021-11-28-035710 was created from registry.ci.openshift.org/origin/release:4.9.0-0.okd-2021-11-28-035710
Components
Kubernetes upgraded from 1.21.5 to 1.22.3
Fedora CoreOS upgraded from 48.34.0 to 49.34.1
New images
Rebuilt images without code change
Bug 2004924 : Update dependencies to K8s 1.22 #11 Updating ose-aws-cloud-controller-manager images to be consistent with ART #4
Add component info to the OWNERS file #3
Full changelog
Bug 1988371 : Rebase to v1.2.0 for OCP 4.9 #190 Updating ose-aws-ebs-csi-driver images to be consistent with ART #189
Updating .ci-operator.yaml build_root_image from openshift/release #188
Full changelog
Bug 1993931 : Storage operators use older kubernetes client #138 Bug 1990146 : some controllers missing livenessProbe #134 Use generic deployment controller with additional manifest hooks #128
Start using “embed” module for static assets #131
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #132
Updating .ci-operator.yaml build_root_image from openshift/release #130
Full changelog
Bug 2015605 : do not requeue if the machine has been updated #425 Bug 1994480 : Update dependencies to K8s 1.22 #417 Updating ose-aws-machine-controllers images to be consistent with ART #412
Bug 1925276 : Fix eventual consistency logic to be consistent #406 Bug 1965080 : Reduce frequency of calls to register targets with load balancers #410 Updating .ci-operator.yaml build_root_image from openshift/release #411
add in-container vendor #394
Full changelog
Updating ose-aws-pod-identity-webhook images to be consistent with ART #140
Updating .ci-operator.yaml build_root_image from openshift/release #139
Full changelog
Bug 1987255 : UPSTREAM: <716>: Disable zones on azure stack cloud #10 Rebase 07 22 2021 #9
Updating ose-azure-cloud-controller-manager images to be consistent with ART #8
Updating ose-azure-cloud-node-manager images to be consistent with ART #7
UPSTREAM: <carry>: Add component info to the OWNERS file #4
Full changelog
Bug 1994642 : Rebase to v1.5.1 for OCP 4.9 #13 Bug 1988372 : UPSTREAM: 955: fix: Disable uuid checks on XFS #14 Bug 1990781 : UPSTREAM: 961: fix: Remove gen-skus-map #12 Rebase v1.5.0 #11
Updating ose-azure-disk-csi-driver images to be consistent with ART #9
Updating .ci-operator.yaml build_root_image from openshift/release #8
Full changelog
Bug 1992875 : Use own cloud credentials #30 Bug 1993931 : Storage operators use older kubernetes client #32 Bug 1948603 : Re-enable expansion e2e tests #18 Bug 1992148 : mount azurestackcloud.json to /etc/azure #29 Bug 1990146 : some controllers missing livenessProbe #28 Bug 1948090 : Deploy multiple replicas of CSI Controller Service #27 Adding support for Azure Stack Hub (ASH) #26
Use embed for static assets #25
Remove generated API #24
Updating ose-azure-disk-csi-driver-operator images to be consistent with ART #23
Bug 1960732 : update manifest and readme #19 Updating .ci-operator.yaml build_root_image from openshift/release #22
Full changelog
Bug 2017985 : Set AWS Bootstrap Type == Master #5337 Bug 2016267 : Add ingress rules to master SG for compact clusters #5320 Bug 2004052 : OpenStack: Fix links in SR-IOV workers doc #5212 Bug 2009787 : Fix RAM validation for openstack flavors #5262 Bug 2004569 : Fix router clean up upon cluster destroy #5220 Bug 2015811 : bump oVirt terraform provider version which fix “Disk is locked” bug #5315 Bug 2009653 : bump RHCOS 4.9 boot images #5279 Bug 2011701 : do not modify cvo ignores for bootstrap-in-place #5277 Bug 2009342 : force cvo to ignore installer-provided resources #5261 Bug 2008944 : Azure Stack: Add Internal Load Balancer #5256 Bug 2007086 : bump RHCOS boot images for x86_64 only #5240 Update OWNERS #5241
Bug 1981999 : bump RHCOS boot images for 4.9 #5231 Bug 1996501 : Remove worker disk types below 8GB #5166 Bug 2000352 : [CORS-1716] vsphere: set the imported ova hardware version #5163 Bug 1999421 : Fedora CoreOS: revert to 34.20210626.3.1 #5174 Bug 1998643 : Revert “bump RHCOS boot images for 4.9” #5180 Bug 1993207 : fix(ibmcloud): Set account ID for rg on destroy #5181 Bug 1999119 : bump to golang-1.16 #5120 Bug 1993207 : fix(ibmcloud): Set account ID for resource group look up #5177 Bug 1997790 : Azure Stack Hub UPI README & Templates #5135 Bug 1998311 : Azure Stack Hub Manual Credentials #5138 Bug 1969371 : Fix AWS destroy to not check us-east-1 #5170 Bug 1981999 : bump RHCOS boot images for 4.9 #5168 Bug 1972524 : baremetal: Ensure ipv6 bootstrap VM client-id is predictable #5110 Bug 1969371 : Stop searching other China regions for resources #5156 Bug 1996124 : version: display release architecture #5107 Bug 1976016 : Display proper error message on failure to delete #5157 Bug 1974640 : Write user credentials to specified env location #5155 Bug 1995655 : bump default channel to stable-4.9 #5159 Bug 1958154 : Restrict number of AWS user tags #5154 Bug 1978213 : openstack/quota: relax min ports #5153 Bug 1994103 : ibmcloud: Support Terraform stages #5116 Bug 1989973 : Fix Azure typo #5144 Bug 1992463 : libvirt: bump default memory and cpus #5069 Bug 1992876 : gather: Add OKD specific journal logs #5127 Bug 1987845 : openstack: relax port constrain by one #5145 Bug 1990206 : Fix invalid UPI AWS instance type #5139 Bug 1989917 : openstack: relax Security Group quotas #5140 Bug 1990617 : Update fedora-coreos stream to 34.20210725.2.0 #5117 Bug 1987845 : openstack: relax quotas with Kuryr #5133 Bug 1989604 : ibmcloud: GetVSIProfiles error handling #5129 Bug 1977129 : Remove runlevel label from openshift-kubevirt-infra #5106 Bug 1963132 : Fix us-east4 Ashburn description #5097 Bug 1978213 : openstack - relax value for minNetworkConstraint #5121 Bug 1987845 : openstack: relax quota checks in BYON #5113 Bug 1987279 : Delete AWS EFS AccessPoints with owner tags #5112 Bug 1987083 : Azure: cloud provider config excludeMastersFromStandardLB -> false #5111 Bug 1972776 : improve dual-stack install-config validation #5005 Bug 1986420 : GCP: make cluster_ip_address optional post-bootstrap #5108 Bug 1882490 : data/azure/master: Add dash to nic name #5082 Bug: 1947293 Baremetal: Validate provisioning network size #4950
Azure Stack IPI Support #5084
ibmcloud: Destroy cluster #5099
pkg/asset/manifests/dns: don’t create private zone in Azure Stack #5104
azurestack: Modify destroy code to handle public dns record deletion #5095
Destroy AWS EFS volumes #5092
Azure: Split terraform into stages #5032
Azure Stack cloud provider config #5042
Bug 1984576 : baremetal: reinstate provisioningInterface for provisioning CR #5100 ibmcloud: Update cloud provider config #5096
ibmcloud: Remove quota check placeholders #5072
Bug 1970179 : update boot images for RHCOS 4.9 #5049 vendor: update baremetal-operator v0.0.0-20210706141527-5240e42f012a #5061
baremetal: make provisioningNetworkInterface optional #5015
Delete storage policy ids when cluser is deleted #5075
Add documentation on setting cloud provider opts #5090
oVirt: must gather fix nil pointer panic #5080
Add OKD installer images #4453
baremetal: set default boot mode explicitly #4680
ibmcloud: Add Platform Provisioning Check #5063
ibmcloud: Update security groups and rules #5059
Fix build with multiple GOFLAGS #5062
verify-vendor: add go mod tidy #5076
vSphere: Add datastore and storagepod to category #5074
Bug 1969794 : Document how to use image registry with a custom PVC backend #4985 Bug 1969374 : document how to update domain for image registry in versions <4.8 #4979 Updated owner aliases because of GitHub account change #5058
OpenStack: explicitly disable octavia when using kuryr #5047
OpenStack: Open 0.0.0.0/0 on NodePorts #5052
bootstrap: add –infra-config-file to kube-api render #5057
Bug 1980029 : Pin openstacksdk #5066 Bug 1925203 : add auto pin and hugepages support #4873 Bug 1979038 : oVirt: include master IPs when running must gather #5039 Bug 1972582 : Installing with an oVirt network with 2 vnics on the same network causes the installer to not create tfvars and fail with terraform error #5002 azure: Updates cluster-api-provider-azure package #5044
baremetal: Update IPI docs for latest version #5054
Ibm cluster creation #5023
OpenStack: Remove FIPs of LBs created by cloud-provider #5050
openstack: Expose master server group policy #5003
Bug 1962414 : FIPS: validate ssh public key type compatibility #5029 aws: move elastic ip permissions to create networking category #5045
Bug 1978213 : Run kuryr-specific quota checks for kuryr envs #5048 baremetal: Always use image cache #5008
Fix sanity check image metadata arches match error #5033
baremetal: add PlatformProvisionCheck dependency for TerraformVariables asset #5041
OWNERS: update vSphere-approvers #5038
azure: changes the way we get credentials #4789
kubevirt: removes dependency on a deprecated package #4953
Updating ose-installer images to be consistent with ART #5006
azure: don’t require BaseDomainResourceGroupName on ARO #4879
Azure Stack: type, validation, & infrastructure manifest #5024
Bug 1975475 : aws: block creation of bootstrap instance until ignition config is uploaded #5028 .yamllint: ignore cluster-networkconfig-crd.yaml #5030
doc/gcp: remove no-longer-needed etcd records #4849
Updating ose-installer-artifacts images to be consistent with ART #5009
Updating ose-baremetal-installer images to be consistent with ART #5007
azure: removes dummy outbound service #4880
vSphere: Switch from sockets to cores by default #5001
split infrastructure creation into multiple terraform stages #5010
ibmcloud: fix struct field json #5020
Bug 1974598 : OpenStack: Optimize cluster deletion #5004 OpenStack: Add Unit Tests for validation of platform.openstack.machineSubnet #4937
Add arm64 support #4870
azure: don’t use managed identity on ARO #4843
azure: divide machine CIDR into 2 networks for subnets #4748
pkg/asset/installconfig/kubevirt: fix dropped error #4856
Add linux-amd64 binary to installer-artifacts #4891
Bug 1971518 : Try deleting associated trunk after port delete failure #5000 IBM Cloud Provider Scaffolding #4923
Bug 1929136 : OpenStack: document Manila share mounting #4803 Openstack IPI: Validate API and Ingress VIPs are not the same #4946
OWNERS: add more core team members as approvers #4997
Remove Fedosin from Owners #4996
Updating .ci-operator.yaml build_root_image from openshift/release #4999
docs/user/aws/install: Update cloud install links #4934
fixing a link #4899
doc/openstack: add a note about image registry in AZ #4833
Full changelog
Bug 1994480 : Update dependencies to K8s 1.22 #158 Fix BMO reboot api broken link #150
remove dhellmann from owners file #154
Custom deploy procedure support #156
Updating .ci-operator.yaml build_root_image from openshift/release #152
Full changelog
Bug 2009849 : Avoid logging BMC password when creds change #183 Bug 2009850 : Fix fallback for ironic drivers that don’t support soft power off #184 Bug 1986654 : Auto cleaning step in Prepare stage failed #166 Bug 1983190 : Add LIVE_ISO_FORCE_PERSISTENT_BOOT_DEVICE variable #173 Bug 1928816 : Explicitly set node bios_interface #172 Bug 1986656 : Fix missing case of BuildRAIDCleanSteps #170 Merge upstream 2021-07-22 #169
Merge upstream 2021-07-16 #168
Simplify build in Dockerfile.ocp #167
Merge upstream 2021-07-09 #164
Merge upstream 2021-07-02 #163
Vendor the apis submodule #162
Merge upstream 2021-06-25 #161
Merge upstream 2021-06-15 #156
Updating ose-baremetal-operator images to be consistent with ART #160
Bug 1972374 : Don’t deprovision provisioned host due to error #157 Updating .ci-operator.yaml build_root_image from openshift/release #155
Full changelog
Bug 1995468 : CoreDNS Corefile hosts - add support for dual-stack #148 Revert “Merge pull request #141 from yboaron/get_endpoints” #146
Updating baremetal-runtimecfg images to be consistent with ART #144
Bug 1974350 : HAProxy-monitor: send reload only if cfg file changed #145 Updating .ci-operator.yaml build_root_image from openshift/release #143
Full changelog
Bug 1992591 : ensure the same oc is used everywhere in cli-artifacts #904 Bug 1990014 : Use cmd for Windows pods #907 Bug 1996881 : adm catalog mirror: log deprecation message when sqlite-based catalog is in use #908 Bug 1994872 : Fix manifest path regression #906 Bug 1989504 : The code logic of channel clear is ambiguous, as well as the help info and output messages #891 Bug 1989505 : bump kubernetes-client-go library #909 Bug 1999159 : Update the catalog-related owner alias’ #910 Bug 1995291 : Remove docker adjective whenever possible. #767 Bug 1995573 : Replacing kubectl with oc adm in help for certificate ap… #905 Bug 1989391 : Revert to UnstructuredList to fix yaml output #895 Bug 1992680 : pkg/cli/admin/upgrade/upgrade: Copy edits, including “assists with cluster upgrades” #899 Bug 1786835 : Check for out of range condition #894 Bug 1903545 : Replace colons with dashes in Windows file paths #897 Bug 1986003 : Bump k8s.io to 1.22.0-rc.0 #890 Bug 1971332 : revert incorrect allowance of ssh:// prefix with scp styled URLs #875 Add support for declarative configs to “adm catalog mirror” #868
Support ibmcloud provider in release extract #852
Bug 1980118 : Keep workload annotations during the oc debug call. #887 Bug 1978629 : Add oc describe output for build volumes #874 Bug 1955292 : show consistent unit format in cluster resource quota describe #882 contrib/completions/OWNERS: Delegate to all approver aliases #878
pkg/cli/admin/upgrade/channel: Add ‘oc adm upgrade channel …’ #576
Bug 1976112 : Fixed warnings about deprecated CronJob in image-pruner pods #876 release: extract Linux binaries for multiple architectures #816
BUILD-87 : bumping openshift/api with new fields for build volumes #843 Bug 1925534 : Add proxy to oc #751 Updating openshift-enterprise-cli-alt images to be consistent with ART #855
Updating openshift-enterprise-deployer images to be consistent with ART #856
Updating ose-cli-artifacts-alt images to be consistent with ART #858
Updating ose-tools images to be consistent with ART #857
fix typo in examples template #739
Bug 1973643 : make oc logs work with BuildConfig’s JenkinsPipeline strategy #863 Update ruby-hello-world images #860
Add json.Valid check before trying to read docker config #747
Full changelog
Bug 1992563 : update alerts with summary and descriptions #397 Bug 2024751 : pod-identity-webhook starts without tls #424 Bug 2015989 : Check for aws status in infra platform status field before client setup #405 Bug 1990975 : Enhance mechanism of reading ibm cloud apikey #365 Bug 1990970 : Remove debug test binary #366 ccoctl create-iam-roles should update policies for existing roles #364
Ignore ccoctl binary #363
Support gcp workload identity federation #359
Bump go.mod to 1.16 #362
Update build-machinery-go #361
Rename ibmcloud command to create-shared-secrets #360
Add permissions boundary support to ccoctl when creating AWS IAM Roles #346
Add code coverage script & make target #358
Documentation to add a new cloud provider #326
Updating ose-cloud-credential-operator images to be consistent with ART #357
Add IBMCloud manual mode #356
Remove checks inside conditional and use require.NotNil instead #348
Updating .ci-operator.yaml build_root_image from openshift/release #355
Full changelog
Bug 1998031 : Deploy PDB to prevent more than one replica going unavailable #476 Bug 1996620 : manifests, bindata: explicitely set runAsUser for oauth-apiserver #474 Bug 1973005 : manifests, bindata: explicitely set runAsUser for operator and operand #472 Bug 1988576 : pkg/operator: Add deprecated stale status #470 Bug 1986829 : metrics: use client cert auth for metrics scraping #469 Bug 1978193 : csr request: use generate names to prevent getting stuck waiting for a cert #468 distribute oauth-server trust via a openshift-config-managed configmap #464
Bug 1977027 : Remove not needed Prometheus Rule #461 encryption condition controller doesn’t reset previously set condition #466
clear encryption conditions when there is no work to be done #462
Custom Certs for OAuth Route #430
add dynamic audit policy controller #460
Bug 1977054 : observe api-audiences for the oauth-apiserver #458 bump library-go to get context fixes #457
Updating .ci-operator.yaml build_root_image from openshift/release #454
readme: update references to developer guide #448
Full changelog
Bug 1992823 : rebase on top of kubernetes/autoscaler 1.22 #209 Updating vertical-pod-autoscaler images to be consistent with ART #207
Updating atomic-openshift-cluster-autoscaler images to be consistent with ART #206
Updating .ci-operator.yaml build_root_image from openshift/release #205
Full changelog
Bug 2025582 : Change ClusterAutoscalerUnschedulablePods severity to info #230 Bug 1994480 : Update dependencies to K8s 1.22 #218 Bug 1988032 : add cvo ha annotation to tombstones #216 Bug 1986090 : Do not recreate CA deployment when CA CR is being deleted #215 add alerts for memory and cpu core limits #213
add a tombstones manifest to the install directory #214
Bug 1973567 : add csistoragecapacities to cluster-autoscaler cluster role #212 Add related objects to ClusterOperator #211
Bug 1973567 : add csidrivers to the cluster-autoscaler cluster role #210 Updating ose-cluster-autoscaler-operator images to be consistent with ART #209
Updating .ci-operator.yaml build_root_image from openshift/release #208
Full changelog
Bug 2012684 : add a new field “ProvisioningMacAddresses” to the provisioning CRD #207 Bug 1997993 : Set LIVE_ISO_FORCE_PERSISTENT_BOOT_DEVICE=Never #192 Bug 1986462 : Separate the names of machine os downloader when two copies are started #185 Bug 1986464 : Send pull secret data as base64 encoded string #184 Bug 1984576 : Rebase of pull/177 (Pass MACs to set-static-ip initContainer) + unit tests #182 Add support for live images and configuration of coreos IPA #174
Customize metal3 health endpoint to avoid port conflicts #180
Set external IP env var for ironic conductor too. #176
Pass IRONIC_EXTERNAL_IP to Ironic container #172
Add quick network info for boot iso image source option #167
Bug: 1947293 Add managed provisioning network size validation #164
Use ironic image for ironic-inspector #132
Bug 1973724 : reorder the initContainers, so that static-ip-set happens prior to the image download #169 remove dhellmann from owners #170
upgrade kustomize to 3.9.4 #168
Bug 1961226 : Configure an IPA sshkey in the metal3 pod #115 Update controller-runtime version to v0.8.3 #137
Add VirtualMediaViaExternalNetwork flag to the Provisioning CRD #150
Allow boot iso source configuration #144
Pass the node mac addresses to containers currently needing provisioningInterface #149
Bug 1972753 : Only start static ip set if provisioning net not disabled #165 Updating ose-cluster-baremetal-operator images to be consistent with ART #162
Use new registry registry.ci.openshift.org #159
Don’t set IP options on kernel command line twice #163
Updating .ci-operator.yaml build_root_image from openshift/release #160
Full changelog
Bug 2004924 : Enforce the cloud-route controller disabled across platforms #128 Bug 1998466 : Fix deployment strategy typo #116 Bug 2000191 : Ensure CCCMO and CCMs adheres to OpenShift recommended leader election #114 Bug 1999018 : Ensure rollingUpdate strategy is cleared to allow upgrades #111 Bug 1998466 : Ensure CCM pods can be updated on SNO clusters #109 Bug 1997507 : Prevent host port clashing on SNO #108 Bug 1994480 : Update dependencies to K8s 1.22 #107 Bug 1993087 : cloud-config Azure credentials injector #106 Bug 1990075 : add maxUnavailable parameter to daemon set pods for azure #103 Bug 1985366 : Use registered ports and ensure that ports are defined in pod specs #101 Azure Stack separate assets #96
Bug 1986437 : Bump github.com/openshift/api #99 Substitution module cleanup #91
Use klog v2 only #98
Fix container names in azure manifests #95
spell correction of deployed #93
Allow CCMs to observe cluster wide proxy #89
Enable errcheck linter #69
Brief description for cloud-config-sync controller in dev docs #72
Azure CCM assets #62
Update the container init script to not use the legacy workaround #88
Revendor library-go and openshift/api for Azure Stack Hub and Azure support #77
Rename CCCMO deployment #87
Remove bootstrapping render implementation #85
Extract cloud config sync controller to separate binary #86
Prevent CCMs to be on the same node #83
Use just one CCM replica for Single Node deployments #84
Inline container args into command #82
Use /etc/openstack to mount the config and secrets #80
Allow CCMs to create serviceaccounts/token #81
Allow the operator to list deployments in config namespaces #79
Run CCCMO and CCM components before CNI #76
Junit report for CI runs #68
Use upstream openshift images from quay.io #74
Add .cache to .gitignore #78
Enable cloud-config-sync controller #70
Tolerate uninitialized taint in operator pods #49
Good ol’ cleanup #75
Move controllers under pkg folder #71
Ensure AWS CCM is using leader election in openshift-cloud-controller-manager namespace #63
Add cloud provider integration doc for CCCMO #67
Cloud conf sync controller #61
Add golangci-lint checks #66
Implement image substitution for Pod and generalise the approach for other objects #58
add object names to the substitution logs #64
Updating ose-cluster-cloud-controller-manager-operator images to be consistent with ART #60
Update component name in Owners #59
Full changelog
Bug 1993002 : Bump API to fix kubebuilder directives #214 Bug 1984635 : use new default leader election values to handle SNO environments #213 Bug 1984635 : use new default leader election values to handle apiserver rollout on SNO #211 Bug 1986148 : Bump API for Ingress RequiredHSTSPolicies #212 Add missing include annotation for ibm-cloud-managed #210
bump: get updated operator API content #209
bump(openshift/api): to get latest CRDs #208
Add AzureStack support #186
Full changelog
Bug 1993931 : Storage operators use older kubernetes client #100 Bug 1992255 : Fix leader election defaults in snapshot-controller #99 Bug 1986215 : Bump library-go #98 Add ibm-cloud-managed profile patch for operator deployment #96
Support External control plane topology #97
Use go:embed for static yaml files #95
Bug 1965263 : VolumeSnapshotContents listing should print also namespace of the VolumeSnapshot ref. #93 Updating ose-cluster-csi-snapshot-controller-operator images to be consistent with ART #94
readme: update references to developer guide #90
Updating .ci-operator.yaml build_root_image from openshift/release #92
‘manages’ #76
Full changelog
Bug 2002621 : serviceChanged: Fix internalTrafficPolicy #295 Bug 1992555 : Comply with Openshift alerting guidelines #288 Allow dns operator to be disabled with managementState field #260
status: Watch clusteroperators #261
Bug 1973482 : status: Watch daemonsets #283 Bump for controller-runtime v0.9.0 #282
Updating ose-cluster-dns-operator images to be consistent with ART #281
Updating .ci-operator.yaml build_root_image from openshift/release #280
Add alebedev87 to OWNERS #275
Full changelog
Bug 2008175 : pkg/operator/metriccontroller: Fix query #686 Bug 2009890 : pkg/operator/upgradebackupcontroller: fix backup dir name in status condition #683 Bug 2007454 : pkg/cmd/render: disallow placeholder IPs #667 Bug 2003540 : bump library-go #663 Bug 2009016 : Suppress noisy logs and improve client errors #679 OWNERS: add hasbro17 to reviewers #671
Bug 1997347 : pkg/cmd/verify: bug fixes and improvements #657 OWNERS: add lilic as approver. #655
Bug 1997347 : pkg/operator/upgradebackupcontroller: update cluster operator status #653 Bug 1997347 : ETCD-223: pkg/operator: add cluster backup upgrade controller #647 Bug 1956879 : pkg/operator/metriccontroller: read etcd-operator SA token rather than using prometheus #650 Bug 1994857 : Revert pkg/operator/targetconfigcontroller: wait for kcm-o to generate certs before rollout #651 Bug 1997207 : Pass context into clientv3.Config to use same context #645 Bug 1994986 : test/e2e/etcdctl_test.go: Skip check perf test as we disabled it #646 Bug 1994707 : pkg/etcdcli: provide clear error on status check for unstarted etcd member #644 Bug 1980465 : pkg/etcdenvvar: warn on apply duration over 200ms #639 Bug 1957498 : Clean up tech debt #631 Bug 1993757 : bindata/etcd: remove unix socket from advertised list #640 Bug 1991068 : Allow only supported cipher suites #638 Bug 1989335 : pkg/operator/targetconfigcontroller: block rollout and report on missing external resource #635 Revert “Bug 1701154: Enable etcdHighNumberOfFailedGRPCRequests alerts” #637
Bug 1701154 : Enable etcdHighNumberOfFailedGRPCRequests alerts #626 Bug 1986829 : metrics: use client cert auth for metrics scraping #634 Bug 1988491 : bindata/etcd/quorumguard-deployment: simplify health true matching #636 Adjust runbooks url to new path #632
pkg/operator/defragcontroller: reduce RPC calls after defragmentation #630
Inject runbook url into alerts #628
OWNERS: goodbye Suresh #629
ETCD-58 : add support for defrag controller #625 Replace message with description field #627
ETCD-204 : Add an observer for TLS Security Profile #616 bindata/etcd: Enable gRPC time histograms #566
Migrate alerting mixin from cluster-monitoring-operator #613
bump library-go to get context fixes #622
Bug 1969633 : pkg/operator/targetconfigcontroller: wait for kcm-o to generate certs before rollout #619 pkg/etcdenvvar: bump ETCD_QUOTA_BACKEND_BYTES to 8GB #597
Updating cluster-etcd-operator images to be consistent with ART #612
Rotate serving certs when duration less than minimum percent #606
Full changelog
Bug 2023219 : Wait until cluster operators recover before proceeding #731 Bug 2005049 : Avoid disruptions #719 Updating ose-cluster-image-registry-operator images to be consistent with ART #712
IR-207 : Get endpoints for Azure Stack Cloud #710 Bug 1981639 : Update rolling update parameters #709 Bug 1958376 : Disallow blob public access for Azure storage account and require TLS1.2+ #705 CCO-105 : Support gcp workload identity federation #702 Start using embed for assets #703
feat: Support IBMCloud and add IBM COS storage driver #698
Bug 1939842 : Get AWS STS endpoint from serviceEndpoints #699 Bug 1974651 : Remove :apiserver_v1_image_imports:sum #700 Bug 1973318 : Properly set custom tolerations #694 Updating .ci-operator.yaml build_root_image from openshift/release #693
Full changelog
Bug 2014938 : Use fake dns provider with external cp topology only in IBM Cloud case #666 Bug 2014711 : Fix for Azure dns privateZone degrade e2e test #673 Bug 2015829 : Change default balancing algorithm to “leastconn” #667 Bug 1997407 : Configure router to use “source” for passthrough #650 Bug 1986575 : Add e2e test cases for haproxy timeout api fields, and reject negative timeout values #644 Bug 1989058 : Watch CRL configmaps #642 Bug 1989005 : Validate spec.clientTLS.allowedSubjectPatterns[*] #643 Bug 1972977 : cleanup condition metrics for deleted ingress controllers #640 Bug 1942657 : Ingress operator stays degraded after privateZone fixed in DNS #641 Bug 1986228 : NE-310 E2E test for HSTS #639 Add unsupported config override for maxconn #638
NE-412 : Add options for tuning connection timeouts in openshift ingress controller #635 Implement configuration for handling empty requests #452
Implement client certificate parameters #450
Add unsupported config override for reload interval #619
ensureRsyslogConfigMap: Remove ingressConfig param #573
Add unsupported config override for config manager #628
Add IBMCloud DNS support #630
go.mod: Bump openshift/api to latest for DNSRecord typo #629
NE-472 : Add tlsv1.3 support #617 Ability to Customize HAProxy 2.x Error Page #588
Bump for controller-runtime v0.9.0 #626
Updating ose-cluster-ingress-operator images to be consistent with ART #625
Updating .ci-operator.yaml build_root_image from openshift/release #624
Add alebedev87 to OWNERS #618
Full changelog
Bug 2014615 : Exempt metrics scrapes from APF. #1244 Bug 2012346 : prometheus-k8s-0 cpu usage keeps increasing for the first 3 days #1242 Bug 2003540 : bump library-go #1232 Bug 1998552 : Enforce OpenShift’s defined kubelet version skew policies #1199 Bug 2000608 : static pod startup monitor should log to a log file in addition to stderr #1219 Bug 1985447 : Add namespace label to remaining apiserver alerts #1220 Bug 1969404 : remove override for fast cert rotation #1221 Bug 1994643 : remove startup-send-retry-after-until-ready option #1211 Bug 1994857 : Revert “Bug 1969633: pkg/operator/targetconfigcontroller: wait for kcm-o to generate certs before rollout” #1209 Bug 1997420 : revert wrong change on the api-usage rules #1204 Bug 1996032 : Bump kube libraries to 1.22.1 GA version #1210 Bug 1994643 : enable shutdown-send-retry-after and startup-send-retry-after-until-ready #1207 Bug 1994257 : Actually create prometheus rule for audit error alert #1206 Bug 1985447 : Add namespace labels to kube-apiserver-operator alerts #1185 Bug 1991357 : bump library.go #1203 Bug 1985073 : use 1m resolution for control plane cpu alerts #1201 Bug 1990610 : prevent panic in startup monitor enablement check #1202 Bug 1985997 : Enable static pod fallback logic for SNO, with disruptive e2e test #1198 Bug 1986829 : metrics: use client cert auth for metrics scraping #1190 Bug 1989633 : bump(library-go): staticpod/installer: skip backoff if lastAvailableRevision > targetRevision #1200 Bug 1989461 : kube-apiserver: make flock wait for release and remove port wait #1191 Bug 1985997 : readiness checks handle network errors better #1196 Bug 1985997 : scaffolding for e2e tests for the static pod monitor #1197 Bug 1985997 : staticpod/startupmonitor: shorten and unify reason strings #1194 Bug 1985997 : wires startup monitor related controllers #1189 Bug 1986003 : Bump k8s.io to 1.22.0-rc.0 #1181 Bug 1985997 : wires the startup monitor #1177 staticpod/installer: get rid of sleep in sync loop #1183
Drop kubelet-https removed in 1.22 #1184
introduces KubeAPIReadinessChecker used by startup monitor to assess Kube API server readiness/health condition #1180
encryption condition controller doesn’t reset previously set condition #1178
Create alert for API Server audit log errors #1166
Start using embed module for assets #1174
bump(library-go + api): get audit.customRules support #1173
clear encryption conditions when there is no work to be done #1172
Switch to auditpolicy controller #1155
bootstrap: add –infra-config-file to render with SNO settings #1171
alerts: give exact oc get apirequestcounts command in APIRemovedInNextReleaseInUse alert #1167
remove observing token timeouts #1161
disable apiextensions.k8s.io/v1beta1 and admissionregistration.k8s.io/v1beta1 #1162
Set –cloud-provider=external for supported platforms #953
Bug 1969633 : pkg/operator/targetconfigcontroller: wait for kcm-o to generate certs before rollout #1169 graceful-termination-duration: reduce to 15s for SNO #1168
reduces shutdown-delay-duration to 0s for SNO #1164
bump library-go to get context fixes #1163
Bug 1964231 : Ensure kubelet client cert change does not require a restart #1151 Bug 1974716 : SA token issuer observer: fix observing api-audiences #1158 Updating ose-cluster-kube-apiserver-operator images to be consistent with ART #1150
Bug 1956081 : add sigterm handler to insecurereadyz #1149 kube-apiserver failed to load SNI cert and key #1145
Bug 1921139 : Revert “remove override for fast cert rotation for release” #1147 Full changelog
Updating ose-cluster-kube-controller-manager-operator images to be consistent with ART #537
Bug 2003540 : bump library-go #564 Bug 1986829 : metrics: use client cert auth for metrics scraping #556 Bug 1989073 : Exclude openshift only CloudProvider feature gate from KCM config #555 Bug 1986003 : Bump k8s.io to 1.22.0-rc.0 #550 Bug 1986437 : Bump github.com/openshift/api #551 Cloud Volume Observer: Extended arguments must be a slice #552
remove unused cluster-policy-controller configuration #553
Add ObserveCloudVolumePlugin config observer for KCM config #525
update cluster-policy-controller configuration #545
fix clusterroles for the CSR approver #548
allow upgraded clusters to use the vulnerable service-ca.crt #546
Start using embed module for assets #547
Bump openshift/api #542
Set –cloud-provider=external for supported platforms #450
Refactor remaining controllers to factory #541
Bug 1965562 : recycler-for-nfs-… does not set requests or priorityClassName #538 bump library-go to get context fixes #540
Update OWNERS #539
AUTH-26 : CSR Approver manifests #535 Full changelog
Bug 2003540 : bump library-go #370 Bug 1984608 : Set kube-scheduler leader election defaults #365 Bug 1986829 : metrics: use client cert auth for metrics scraping #364 Bug 1986003 : Bump k8s.io to 1.22.0-rc.0 #362 SchedulerLegacyPolicySet: add 60 min wait #363
Fire SchedulerLegacyPolicySet alert when the legacy scheduler policy API is set #361
Start using embed module for assets #360
Bump openshift/api #359
operator: move target config controller to factory #358
bump library-go to get context fixes #357
Updating ose-cluster-kube-scheduler-operator images to be consistent with ART #356
Full changelog
Bug 2022528 : Extensive number of requests from storage version operator in cluster #77 Bug 2016176 : kube-storage-version-migrator constantly reporting type “Upgradeable” status Unknown #72 Bug 1986418 : bump library-go dependency to use SNO leader election defaults #63 pkg/operator: fix typo starter clusteroperator #62
Updating .ci-operator.yaml build_root_image from openshift/release #60
Full changelog
Bug 2024216 : Allow fallback to serving cert renewal accounting for egress IPs on SDN #141 Bug 2019754 : Ensure pending CSR count is valid post approval #139 Bug 1994480 : Update dependencies to K8s 1.22 #128 Ensure must-gather tracks related objects on failures #126
manifests/0000_90_cluster-machine-approver_04_alertrules: Drop ClusterMachineApproverDown #112
Updating ose-cluster-machine-approver images to be consistent with ART #125
Updating .ci-operator.yaml build_root_image from openshift/release #124
fixing the link in the README.md of csr_check.go #109
Full changelog
Bug 2021097 : Set Upgradeable: false when HA workloads are incorrectly spread #1472 Bug 2018455 : Keep container_fs_usage_bytes metric #1461 Bug 2015571 : [4.9] add kube_persistentvolumeclaim_labels and kube_persistentvolume_labels #1457 Bug 2013617 : Update KubePodCrashLooping alert #1448 Bug 2013148 : jsonnet: Drop unnecessary kube-state-metrics alerts #1435 Bug 2011359 : Backport Application Services metric to 4.9 release #1420 Bug 2011798 : Prometheus when installed on the cluster shouldn’t have failing rules evaluation #1418 Bug 2008120 : Adjust dropped cAdvisor metrics #1404 Bug 2012029 : Allow namespace label in metric allow list #1422 Bug 2000490 : Add runbooks for all critical alerts #1356 Bug 1996785 : [MON-1536]Remove unused rules. #1316 Bug 1999397 : Bump prom 2.29.2 #1353 Bug 1991504 : changes for moving from sha1 to bcrypt #1336 Bug 1995614 : Fix beta.kubernetes.io/os deprecated warning #1348 MON-1688 : Expose remote write #1308 Bug 1995695 : Get insights on series churn during upgrades #1313 Bug 1997972 : pin dependencies for upcoming relase #1340 Bug 1997528 : remove use of etcd_object_counts metric #1345 Bug 1996941 : adding label check for node when creating daemon set #1339 Bug 1997475 : Makefile: increase timeout for e2e tests #1343 jsonnet: Add missing namespace labels to alerting rules #1319
Bug 1996718 : Fix ksm metric label allowlist flag #1337 jsonnet: Support exluding namespaces from user-workload monitoring #1312
Bug 1986981 : Alert Config update - Patch to PR#1310 #1317 Bug 1984365 : Dashboard Prometheus/Overview can’t filter instance by job #1324 Bug 1956830 : Update prometheus-adapter to v0.9.0 #1325 Bug 1992493 : jsonnet:rules: Adds missing summary and description to rules. #1327 Bug 1994222 : Add metrics for jaeger-operator #1306 Bug 1993055 : Fix node_exporter task error message #1321 Bug 1992567 : jsonnet: cleanup jsonnet codebase and align with kube-prometheus #1315 MON-1099 Improving error reporting to show all task failures #1238
Bug 1986981 : Update Alert Configs #1310 MON-1749 : Allow users to disable the local Alertmanager #1293 Bug 1990258 : cleaning up Makefile #1311 Bug 1987197 : hack,jsonnet: Better version checker #1298 Bug 1988291 : pkg/client/client.go: Add retry logic for daemonset create #1307 Bug 1973491 : jsonnet: update deps #1302 Bug 1987143 : Update prometheus resources label to 2.28.1 #1303 Bug 1986840 : track number of active alertmanager receivers via telemetry #1209 Bug 1986375 : adding check for node exporter daemon set #1279 Bug 1973576 : Bump thanos to v0.22.0 #1297 Remove context field from structs #1290
Bug 1978091 : fix node_exporter recording rules for cluster network dashboards #1296 Remove manual CRI-O metrics modification #1287
Allow configuring additional alertmanagers for UWM Prometheus and Thanos #1271
Documentation: fix a typo #1295
Add new label to show grafana dashboards in ODC #1294
generate client key and certificates #1282
No apiserver rules #1292
Send etcd telemetry rules #1281
jsonnet: Sync with kube-prometheus #1291
Bug 1978662 : Set a degraded message when persistent storage is not configured #1270 Remove use of deprecated APIs being removed in Kubernetes v1.22 #1286
Fix shellcheck errors #1284
Cleanup telemetry owners #1273
BUG 1980888: jsonnet: Favour http probes for thanos querier #1277
Remove context.TODO() and propagate real context #1254
pkg/manifests: Add EnforcedTargetLimit for user-workload monitoring #1278
Bug 1956308 : Fix deployment update with retry option #1257 client: Always set OperatorUpgradeable reason to AsExpected #1275
jsonnet: Enable federated targets in thanos-querier #1274
Bug 1947005 : changing alert manager access rules #1217 Bug 1974832 : Improve HighlyAvailableWorkloadIncorrectlySpread to detect single point of failure #1262 Bug 1949840 : Improve update and status reporting #1193 jsonnet: pull latest deps #1269
Bug 1978829 : alert: ClusterMonitoringOperatorReconciliationErrors: reduce range du… #1268 Remove logging from the mixins namespace selectors #1266
Bug 1977435 : jsonnet: bump prometheus-operator to v0.49.0 #1267 Bug 1974830 : Update KubeDeploymentReplicasMismatch alert #1261 operator: Allow disabling Grafana deployment #1241
Bug 1972076 : jsonnet: Disable cpufreq collector in node_exporter #1229 Bug 1974832 : Add HighlyAvailableWorkloadIncorrectlySpread alert #1242 Revert “Bug 1974830: Update KubeDeploymentReplicasMismatch alert” #1259
Improve monitoring telemetry rules #1227
Extend E2E tests to cover user facing config #1218
*: improve discovery of currently used component versions #1235
Bug 1974830 : Update KubeDeploymentReplicasMismatch alert #1253 Allow configuration of the log level for Alertmanager in the CMO configmap #1256
Bug 1974651 : Remove :apiserver_v1_image_imports:sum #1239 AggregatedAPIDown alert threshold set back to 85% #1237
Makefile: add check to verify runbook urls #1246
Remove context.TODO() from client_go method calls #1240
Revert “alert:KubeDeploymentReplicasMismatch: only fire if cluster is in ready state” #1249
hack: Remove python script that diffs jsonnet #1247
Makefile: update $(JSONNET_VENDOR) dependencies #1248
alert:KubeDeploymentReplicasMismatch: only fire if cluster is in read… #1245
jsonnet: pull latest deps #1244
jsonnet: remove unused remove-runbook script #1243
jsonnet/control-plane.libsonnet: Remove etcd rules #1233
Sync with kube-prometheus #1236
Add RHODS Usage and Availability metrics #1232
jsonnet: Generate CMO ClusterRole with jsonnet #1230
Bug 1970147 : jsonnet: disable insecure cypher suites for prometheus-adapter #1234 Makefile: drop test-rules from test-unit target #1137
Correct serverName json tag #1226
test/e2e: make tests more resilient to hiccups #1231
Updating cluster-monitoring-operator images to be consistent with ART #1225
jsonnet: unlock dependencies for 4.9 development cycle #1214
Update OWNERS file to reflect new maintainers #1215
pkg/client: Retry on API errors in polling methods #1194
jsonnet: Run jb rewrite to convert to absolute paths #1224
hack: do not use shellcheck container #1196
Updating .ci-operator.yaml build_root_image from openshift/release #1216
hack,test: Use new ghcr.io images for prometheus-example-app #1188
More robust local CMO script #1181
Full changelog
Source code for this page located on github