RHBA-2020:1529 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.3.18 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.3.18. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2020:1528

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.18-x86_64

The image digest is sha256:1f0fd38ac0640646ab8e7fec6821c8928341ad93ac5ca3a48c513ab1fb63bc4b

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.18-s390x

The image digest is sha256:dd5263b63a86ca6ac68e185bf6102c6e9ae4be2d0a00a0fb768c32a788787ee7

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.18-ppc64le

The image digest is sha256:68940df07b3b090d12d14acb02fcbc8fbb51af0c9aabcebcbe531cdff9d11038

All OpenShift Container Platform 4.3 users are advised to upgrade to these
updated packages and images.

Solution

Before applying this update, ensure all previously released errata relevant
to your system have been applied.

For OpenShift Container Platform 4.3 see the following documentation, which
will be updated shortly for release 4.3.18, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.3/updating/updating-cluster-cli.html.

Affected Products

• Red Hat OpenShift Container Platform 4.3 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.3 for RHEL 7 x86_64
• Red Hat OpenShift Container Platform for Power 4.3 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for Power 4.3 for RHEL 7 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.3 for RHEL 8 s390x
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.3 for RHEL 7 s390x

Fixes

• BZ - 1761920 - Unnecessarily high API server usage of the Node Tuning Operator's operand (openshift-tuned)
• BZ - 1770051 - MongoDB Operator does not set OPS_MANAGER_IMAGE_REPOSITORY and OPS_MANAGER_IMAGE_PULL_POLICY env vars
• BZ - 1775530 - Add the AWS cli to the OSP CI image
• BZ - 1775838 - OVS-CNI does not work with OVN
• BZ - 1781502 - Local Storage Operator pulls the operator image by tag instead of by digest
• BZ - 1798130 - Invalid descriptor prevents operand details from displaying
• BZ - 1804708 - project.spec.projectRequestMessage not applied in all places
• BZ - 1804745 - [4.3] remove excessive logging
• BZ - 1813185 - Add stable-4.4, fast-4.4 and candidate-4.4 channel for 4.4 release
• BZ - 1813302 - Downloads Page: Some of the oc downloads should be marked "unsupported".
• BZ - 1813488 - The Upgradeable status of "service-catalog-apiserver" is "Unknown" before enable it
• BZ - 1813995 - Metrics exposed over insecure channel
• BZ - 1816122 - [Edge][ipv6] Workers nodes CSRs are not automatically approved
• BZ - 1816390 - [OCP][3.11][NetworkingPolicies] Pod to pod communication when using network policies
• BZ - 1816656 - [4.3] Cluster fails to upgrade if image-registry operator is Unmanaged
• BZ - 1817717 - Add Azure UPI support
• BZ - 1818067 - Wrong attempt to delete sg rules owned by Octavia tenant
• BZ - 1818980 - ts-loader can use wrong tsconfig.json during builds, causing various runtime errors in console
• BZ - 1819850 - [4.3.z] CI: "ResourceQuota should create a ResourceQuota and capture the life of a secret" with "expected 6, actual 9"
• BZ - 1820242 - [4.3] node-ca daemonset toleration conflicts with clusterlogging CR
• BZ - 1820542 - 4.3 UPI Vmware test runs fail with invalid internal LB hostname in certificates
• BZ - 1821166 - ovn-master ran out of space on system
• BZ - 1821852 - Broken links to "OpenShift Cluster Manager" in ARO v4
• BZ - 1822083 - deploying logging leads to Kibana error 500 "Application is not available"
• BZ - 1822152 - Kibana route inaccessible
• BZ - 1822955 - [4.3] HPA based on cpu utilization fails for pods which have init containers
• BZ - 1823378 - 4.3.11 was built for all architectures
• BZ - 1823726 - OBC Data is showing Base64 encoded value
• BZ - 1823921 - Revert DefaultSecurityContextConstraints_Mutated
• BZ - 1824127 - [OAS] fixes configmap "extension-apiserver-authentication" not found
• BZ - 1824921 - Incorrect Instructions for refreshing CA cert bundle
• BZ - 1827095 - The kibana is ContainerCreating and terminating on and on
• BZ - 1827337 - Remove stale condition DefaultSecurityContextConstraints_Mutated
• BZ - 1828104 - OCICNI methods should accept a context from CRI-O

CVEs

• CVE-2020-2099
• CVE-2020-2100
• CVE-2020-2101
• CVE-2020-2102
• CVE-2020-2103
• CVE-2020-2104
• CVE-2020-2105

References

(none)