RHBA-2020:0528 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.3.3 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.3.3. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2020:0527

This update includes the following bug among others:

• The KnativeServing API group `serving.knative.dev` is deprecated and has changed to `operator.knative.dev` in Serverless Operator 1.4. This will cause `serving.knative.dev` to be obsolete in the next release of Serverless Operator. This bug fix updates the API group of KnativeServing resources to `operator.knative.dev`, allowing for continued Servless Operator support in OpenShift Container Platform 4.3. (BZ#1801607)

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html

You may download the oc tool and use it to inspect release image metadata
as follows:

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.3-x86_64

The image digest is sha256:9b8708b67dd9b7720cb7ab3ed6d12c394f689cc8927df0e727c76809ab383f44

All OpenShift Container Platform 4.3 users are advised to upgrade to these
updated packages and images.

Solution

Before applying this update, ensure all previously released errata relevant
to your system have been applied.

For OpenShift Container Platform 4.3 see the following documentation, which
will be updated shortly for release 4.3.3, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.3/updating/updating-cluster-cli.html.

Affected Products

• Red Hat OpenShift Container Platform 4.3 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.3 for RHEL 7 x86_64

Fixes

• BZ - 1757244 - Permission validation optional in OpenShift AWS installer incorrectly denies permission
• BZ - 1779353 - Verify outgoing manifests when uploading or creating new manifests
• BZ - 1779863 - GCP OVN 4.3 install jobs consistently timing out waiting for multus
• BZ - 1784756 - Can't set `--insecure-skip-tls-verify-backend=true` option when use `oc logs`
• BZ - 1785201 - Don't gather pod endpoints using tokens
• BZ - 1786062 - 'oc describe' causes panic when describe a DC with HPA
• BZ - 1788016 - When "oc status" run, "panic: runtime error: invalid memory address or nil pointer dereference" is shown
• BZ - 1788112 - Insights Operator pod cannot be scheduled on clusters with a cluster default node selector
• BZ - 1788526 - Authentication operator is degraded in IPv6 cluster
• BZ - 1788711 - [4.3] Ingress operator should publish the default IngressController's default certificate in a ConfigMap for other operators
• BZ - 1790434 - kube-controller-manager-operator metrics cannot be scraped in IPv6 cluster
• BZ - 1790442 - Operator metrics cannot be scraped in IPv6 cluster
• BZ - 1790537 - openshift-install version not updated at extraction-time
• BZ - 1791440 - Unable to specify OPENSHIFT_INSTALL_INVOKER when doing a UPI installation
• BZ - 1791457 - Add support for AWS me-south-1 Bahrain region.
• BZ - 1792004 - Cannot abort an upgrade from 4.2 to 4.3 and rollback to 4.2 - probe changes are not correctly applied (console-operator cannot be reverted)
• BZ - 1792493 - [ipi on baremetal] [4.3] DHCPv6 addresses break IP subnet check
• BZ - 1793093 - RHEL worker upgrade playbook leads to MCO being out of sync
• BZ - 1793587 - sccadmission plugin incorrectly reports "no SecurityContextConstraints found in xxx"
• BZ - 1794925 - Endpoints missing description and schema on Explore page [openshift-4.3.z]
• BZ - 1795693 - Change the next empty encryption key's name for encryption e2e test
• BZ - 1795701 - Change the next empty encryption key's name for encryption e2e test
• BZ - 1796716 - Verify upgrade preserves reachability of service load balancers and APIs from outside
• BZ - 1797035 - Etcd-snapshot-backup exec format error
• BZ - 1797086 - specDescriptor urn:alm:descriptor:com.tectonic.ui:booleanSwitch does not default to false [openshift-4.3]
• BZ - 1797730 - "oc adm catalog mirror" fails to parse the source image
• BZ - 1797804 - redhat-operators catalog mirror fails due to CNV Operator manifests
• BZ - 1798049 - CVO got panic when downgrading to 4.2.10
• BZ - 1798597 - Take into consideration all instance states when deleting a machine
• BZ - 1801607 - Update the api group of KnativeServing resources
• BZ - 1801802 - [4.3] [ovn] fix handing of IPv6 addresses to ovn-ctl
• BZ - 1802331 - UPI installs reporting as IPI in telemetry
• BZ - 1802710 - cluster-autoscaler metrics collection breaks after upgrade to 4.3
• BZ - 1803748 - Improve NodeControllerDegraded condition messages

CVEs

(none)

References

(none)