RHBA-2020:2436 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.3.25 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.3.25. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2020:2435

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html

You may download the oc tool and use it to inspect release image metadata
as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.25-x86_64

The image digest is sha256:ed4cf5ef4ea21151515343ff7326de457cc4543dd6cccbe6986fa8be972968d3

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.25-s390x

The image digest is sha256:504c710c475f404bd7d372533fe4e6013982f463b0e8db0b4e0f4a8265056182

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.25-ppc64le

The image digest is sha256:1c0379b4c2bf5f06eaeb7868a464f86b07f862f4f0b4f3918e4909e7b1135908

All OpenShift Container Platform 4.3 users are advised to upgrade to these
updated packages and images.

Solution

For OpenShift Container Platform 4.3 see the following documentation, which
will be updated shortly for release 4.3.25, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.3/updating/updating-cluster-cli.html.

Affected Products

• Red Hat OpenShift Container Platform 4.3 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.3 for RHEL 7 x86_64
• Red Hat OpenShift Container Platform for Power 4.3 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for Power 4.3 for RHEL 7 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.3 for RHEL 8 s390x
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.3 for RHEL 7 s390x

Fixes

• BZ - 1776133 - template-service-broker-operator doesn't notify users and admins via alerts in prometheus
• BZ - 1779545 - [4.3] local-storage-operator CSV is not upgraded
• BZ - 1786218 - [OSP][Kuryr] Could not install iscsi-target image
• BZ - 1789421 - [4.3] ipv6 single stack config for kube-apiserver
• BZ - 1800647 - Disk IO Utilisation and Disk IO Saturation data is not collected for Minidisks and dasds
• BZ - 1802744 - OCP 4.3.2 UPI stage - Node Feature Discovery (NFD) nfd-operator fails to deploy from OperatorHub on OpenShift Console
• BZ - 1804067 - etcd-member-add.sh should check whether the host hasn't been added to etcd cluster already at the beginning itself.
• BZ - 1805271 - Readiness probe errored message consistently popping up in CI jobs
• BZ - 1807670 - Minimize disruption of new and existing connections while OVS is being upgraded
• BZ - 1808426 - [4.3] Idle OpenShift Image registry queries Azure storage keys about 40 times per minute
• BZ - 1811206 - upgrades where entire sample imagestreams were removed in the new version can get stuck in progressing
• BZ - 1816185 - disconnected community catalog always restart because healthcheck failed
• BZ - 1816898 - Failed to verify the 'Eng Product ID(s)' for 2 OCP skus - MCT3819,MCT3821
• BZ - 1825758 - Gather ConfigMaps from openshift-config namespace (backport to 4.3)
• BZ - 1827540 - Port 22623 will negotiate down to TLS1.1 on master and bootstrap nodes.
• BZ - 1829046 - TechPreview Badge needs to be removed from Serverless
• BZ - 1829276 - Rerunning a cancelled pipeline run shows cancelled pipeline only
• BZ - 1835094 - Collect Anonymized CSR (release-4.3)
• BZ - 1835996 - s390x/ppc64le: Failed to upgrade Cluster from 4.2.29 to 4.3.18: unable to sync: open /opt/openshift/operator/ocp-s390x: no such file or directory
• BZ - 1836753 - Cluster operator image-registry can't create when launch a IPI on Azure
• BZ - 1836939 - Wrong serverName for certificate on /metrics endpoint
• BZ - 1837124 - OpenShift Cluster fails to initialize on 4.3.z install due to a node with a hostname of localhost
• BZ - 1838984 - 4.4 MachineSet with 4.2 or earlier bootimages fails to scale up because old CRI-O chokes on new CRI-O config
• BZ - 1839036 - [openshift-4.3] Handle embedded pipelineSpec in pipelineRun details page.
• BZ - 1839109 - openshift-sdn node can permanently NetNamespaces when LIST times out
• BZ - 1840230 - Azure IPI: Both Internal and External load balancers for kube-apiserver should use /readyz
• BZ - 1840300 - Refactor the kubelet log level so it can be preserved across reboots
• BZ - 1840460 - Applying "ctrcfg" causes cri-o to fail to upgrade a cluster
• BZ - 1840765 - Legends swapped in data consumption card for providers->logical vs physical usage
• BZ - 1840939 - failed: couldn't find queue operatorname for event: {update }
• BZ - 1841996 - After upgrade, openshift-samples is moving between ready and "Progressing" status
• BZ - 1842531 - libvirt: add yq to the libvirt ci image

CVEs

• CVE-2020-8616
• CVE-2020-8617
• CVE-2020-10722
• CVE-2020-10723
• CVE-2020-10724
• CVE-2020-11008
• CVE-2020-11619
• CVE-2020-11620
• CVE-2020-12662
• CVE-2020-12663

References

(none)