RHBA-2020:2256 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.3.23 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.3.23. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2020:2255

This update fixes the following bugs among others:

• Previously, the Samples Operator would send alerts about an invalid configuration or missing image pull secrets, even when it was bootstrapped as removed. However, a valid configuration or valid pull secrets are not required when the Operator is removed. This led to misleading alerts. Now the Samples Operator does not send alerts related to importing samples when it is bootstrapped as removed. (BZ#1814396)
• Previously, the Samples Operator was not copying the install pull secret when bootstrapped as removed, which resulted in missing imagestreams in the OpenShift namespace. This caused the Cluster Version Operator (CVO) to fail to import a set of imagestreams in the OpenShift namespace used to assist with customer problems. The Samples Operator has been updated to copy the install pull secret to the OpenShift namespace even when marked as removed. Now the CVO imagestreams in the OpenShift namespace import successfully. (BZ#1829083)

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html

You may download the oc tool and use it to inspect release image metadata
as follows:

(For x86_64 architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.3.23-x86_64

The image digest is
sha256:59d6586cf44b66dcefddb9500e5b90d1329d82cd0dd008b74d3da0c5c22907f3

(For s390x architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.3.23-s390x

The image digest is
sha256:fe8d02491eb2b044dffb09c86d582ed463da4459da92e56bee968cf93430735d

(For ppc64le architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.3.23-ppc64le

The image digest is
sha256:7e8265f6098dc6201c9a24c83dbc78514568c9df4d21c1c20a4003a1d39627af

All OpenShift Container Platform 4.3 users are advised to upgrade to these
updated packages and images.

Solution

For OpenShift Container Platform 4.3 see the following documentation, which
will be updated shortly for release 4.3.23, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.3/updating/updating-cluster-cli.html.

Affected Products

• Red Hat OpenShift Container Platform 4.3 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.3 for RHEL 7 x86_64
• Red Hat OpenShift Container Platform for Power 4.3 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for Power 4.3 for RHEL 7 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.3 for RHEL 8 s390x
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.3 for RHEL 7 s390x

Fixes

• BZ - 1782601 - CRI-O reporting container OOMKilled despite clean exit and no memory pressure
• BZ - 1788188 - kube-apiserver-operator metrics cannot be scraped in IPv6 cluster
• BZ - 1788522 - [library-go] Change default binding network to support dual stack
• BZ - 1814396 - Still alert for SamplesInvalidConfig and SamplesMissingSecret events when samples operator set to removed during bootstrap
• BZ - 1820222 - libvirt: Bootstrap node seeing OOMs during OCP installation process
• BZ - 1821500 - /readyz should start reporting failure on shutdown initiation
• BZ - 1823777 - [4.3] oauth-server is missing password metrics
• BZ - 1824167 - [oauth-server] Router and default exposed frontends (oauth and console) should gracefully terminate
• BZ - 1825221 - [DR] etcd-member-recover.sh fails to pull image with unauthorized: access to the requested resource is not authorized
• BZ - 1829083 - invalid must-gather istag imported for ppc64le setups
• BZ - 1830093 - test: [sig-api-machinery] CustomResourcePublishOpenAPI [Couldn't find resource for "crd-publish-openapi..."
• BZ - 1834247 - failed to create pods due to loopback coredump
• BZ - 1834877 - OCP 4.3.13 --- Error: the container name (...) is already in use by (...) But container does not exist
• BZ - 1836887 - Spurious TargetDown alerts for healthy pods
• BZ - 1836974 - User unable to login when ldap query times out even when htpasswd IDP credentials are used.
• BZ - 1837353 - 4.3: Encryption controllers degrade when daemonset is not created yet

CVEs

(none)

References

(none)