RHBA-2019:1635 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.1.4 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat
OpenShift Container Platform 4.1.4. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-201:1634

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-release-notes.html

You may download the oc tool and use it to inspect release image metadata
as follows:

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.1.4

The image digest is sha256:a6c177eb007d20bb00bfd8f829e99bd40137167480112bd5ae1c25e40a4a163a

All OpenShift Container Platform 4.1 users are advised to upgrade to these
updated packages and images.

Solution

Before applying this update, ensure all previously released errata
relevant to your system have been applied.

For OpenShift Container Platform 4.1 see the following documentation, which
will be updated shortly for release 4.1.4, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.1/updating/updating-cluster-cli.html.

Affected Products

• Red Hat OpenShift Container Platform 4.1 for RHEL 7 x86_64

Fixes

• BZ - 1556963 - "oc login --help" formatting issue
• BZ - 1688802 - openshift-apiserver clusteroperator unavailable on clean install
• BZ - 1705492 - oc adm must-gather command stuck indefinitely
• BZ - 1706082 - [upgrade] Cluster upgrade should maintain a functioning cluster: replicaset "rs" never became ready
• BZ - 1709454 - Cluster Logging Operator is unable to create Fluentd due to missing RBAC for metadata-reader cluster role
• BZ - 1710561 - [4.1.z] Image pruning on api.ci is wedged due to too many images
• BZ - 1711334 - [4.1.z] Kubernetes Pod Template is randomly removed
• BZ - 1712240 - [OSO][STG]Unable to oauth authenticate with github/keycloak to openshift jenkins instance
• BZ - 1712507 - etcdquorumguard should handle TERM correctly and shut down gracefully
• BZ - 1712637 - imagestreams.image.openshift.io "must-gather" not found when installer timeout during cluster initialisation
• BZ - 1712960 - vSphere OVA is of an old virtual HW revision and a generic OS type
• BZ - 1713262 - "oc adm upgrade --to-latest=true" did not update cluster to latest available version
• BZ - 1717619 - Telemetry should include the condition reason on degraded operators
• BZ - 1717634 - clusteroperator/monitoring does not define any related resources
• BZ - 1717739 - clusteroperator/node-tuning does not define enough related resources
• BZ - 1717994 - must-gather does not include logs from pods in openshift-cluster-version namespace
• BZ - 1718265 - AWS provider removes stopped instances when reconciling machines
• BZ - 1718541 - [4.1] Random outages with egressIP
• BZ - 1718842 - Need to clean up extraneous secrets in node tuning operator namespace
• BZ - 1719037 - samples operator upgrade while unmanaged/removed needs to still update clusteroperator version, set available = true
• BZ - 1719044 - TemplateInstance object not taking into account values passed in through secret
• BZ - 1719795 - clean up protocol specified in pom.xml for various jenkins plugin builds
• BZ - 1719967 - During upgrade, node-tuning operator status rapidly alternates between new and old version
• BZ - 1720068 - The "completed" cluster_version metric should only be included when at least one version has been successfully deployed
• BZ - 1720308 - Unable to join cluster version upgrade info in promql for monitoring dashboards of upgrades
• BZ - 1720656 - Curl command in Elasticsearch readiness probe bloats dentry cache
• BZ - 1721161 - Art should update values in CSV and package files for OLM
• BZ - 1721290 - Update the method used to create manifest for source first build
• BZ - 1721619 - AWS Installer chooses incorrect availability zones
• BZ - 1721919 - pin kube-prometheus and telemeter to release branches to improve supportability
• BZ - 1722183 - openshift-cluster-samples-operator state is degraded
• BZ - 1722221 - Wrong error message when no API Version is provided in InstallConfig
• BZ - 1722526 - must-gather loses metrics data collection
• BZ - 1722548 - openshift-etcd namespace isn't collected in must-gather
• BZ - 1722887 - MCO is reporting a full text value for Reason - Reason must be a short constant
• BZ - 1722898 - Logging data from all projects are stored to .orphaned indexes with Elasticsearch
• BZ - 1722984 - Update fluentd to 1.5.1 and update components
• BZ - 1723327 - Upgrade failure with "Marking Degraded due to: during bootstrap: unexpected on-disk state validating" error.
• BZ - 1723892 - CCO repeatedly OOMKilled in cluster with 2350 projects
• BZ - 1723936 - [4.1] no termination message provided by failing dns-operator pods
• BZ - 1723939 - Sort the release changelog by newest pull request first
• BZ - 1723941 - Allow `oc adm release info` to output digest, name, or pull spec
• BZ - 1724341 - Access to the ES root url / from a project's pod on Openshift

CVEs

• CVE-2019-10160
• CVE-2019-10161
• CVE-2019-10166
• CVE-2019-10167
• CVE-2019-10168
• CVE-2019-10320
• CVE-2019-10328
• CVE-2019-10337
• CVE-2019-11477
• CVE-2019-11478
• CVE-2019-11479

References

(none)