Red Hat Product Errata RHBA-2019:1866 - Bug Fix Advisory

Issued:: 2019-07-31
Updated:: 2019-07-31

RHBA-2019:1866 - Bug Fix Advisory

Overview
Updated Packages

Synopsis

OpenShift Container Platform 4.1.8 bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.1.8 is now available with
updates to packages and images that fix several bugs and add enhancements.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.1.8. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2019:1865

This update fixes the following bugs:

The Marketplace Operator did not properly define related resources. The must-gather tool requires a `RelatedObjects` field in the `ClusterOperator` CR to be populated with `ObjectReferences` of the resources associated with the operator. As a result, the must-gather tool was not able to gather enough information about the Marketplace Operator. Now, the `RelatedObjects` field is populated with the Operator's namespace and the `OperatorSource/CatalogSourceConfig/Catalogsource` resources. The must-gather tool is now able to gather adequate information about the Marketplace Operator. (BZ#1717509)
The `openshift.io/image-signature-import` controller was previously limited to importing three signatures. This limit has been increased and signatures are imported correctly. (BZ#1722569)
In AWS environments, the order of the list of internal IP addresses was not preserved when a secondary IP address was added. As a result, the node would not be able to communicate to the API server. Now, the merge algorithm for IP addresses has been corrected to not re-order the IP addresses and adding a secondary IP address does not interfere with node communication. (BZ#1729276)
Prometheus metrics for ElasticSearch were unavailable after an update to the Prometheus plugin was performed. As a result, users were denied access to metrics. SAR configuration has now been added to the authentication change, and now the multi-tenant plugin executes SAR and allows access to the ElasticSearch metrics. (BZ#1731006)

This update includes the following enhancements:

A resource request was added to the node-ca pod. The pod now requires minimal guarantees about the amount of CPU and memory it will receive. (BZ#1721685)

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel
ease-notes.html

You may download the oc tool and use it to inspect release image metadata
as follows:

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.1.8

The image digest is sha256:3ea2648231035c1a65e8d91fa818bb225a2815bc0d6abfc35063a11eaba8659f

All OpenShift Container Platform 4.1 users are advised to upgrade to these
updated packages and images.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For OpenShift Container Platform 4.1 see the following documentation, which
will be updated shortly for release 4.1.8, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.1/updating/updating-cluster-cli.html.

Affected Products

Red Hat OpenShift Container Platform 4.1 for RHEL 7 x86_64

Fixes

BZ - 1677398 - Grafana dashboard unreachable
BZ - 1717509 - Marketplace operator does not properly define related resources
BZ - 1719454 - must-gather does not collect all non-core CRs in the given namespace
BZ - 1721685 - node-ca pod is missing resource requests
BZ - 1722569 - [4.1] Increase the limit on the number of signatures in openshift.io/image-signature-import controller
BZ - 1726828 - Update tox test environment vars
BZ - 1729100 - [backport 4.1.z] relatedObjects in clusteroperator authentication references non-existent authentication-operator namespace
BZ - 1729243 - machine-controller does not wait for nodes to drain
BZ - 1729276 - Using AWS when a secondary IP address is added the order of the list of InternalIPs is not preserved.
BZ - 1730407 - [4.1] Write tests for TLS Keys in Registry Routes
BZ - 1731006 - Prometheus metrics for ES are unavailable after plugin update to 5.6.13.6
BZ - 1731068 - Update the OWNER file on the 4.1 branch to allow Vibhav and Akram to be approvers
BZ - 1732199 - Placeholder bug for OCP 4.1.0 image release

CVEs

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 4.1 for RHEL 7

SRPM
x86_64

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Mobile

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories