RHBA-2020:2580 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.4.9 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.4.9. See the following advisories for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2020:2579 https://access.redhat.com/errata/RHEA-2020:2623

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-release-notes.html

You may download the oc tool and use it to inspect release image metadata
as follows:

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.4.9-x86_64

The image digest is sha256:15280aba8f1c82fe39180a617e3b4886401f6c2aef63c7962203aa10530d1db8

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.4.9-s390x

The image digest is sha256:9d1b7de8570d675d2dea73f21aed046a88804bbb8eb071a6605a044373dd99f7

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.4.9-ppc64le

The image digest is sha256:ae48474c6fcd0666a672ce2a449736a2549693c04186ea588e37477635c976a6

All OpenShift Container Platform 4.4 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.4/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.

Solution

For OpenShift Container Platform 4.4 see the following documentation, which
will be updated shortly for release 4.4.9, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.4/updating/updating-cluster-cli.html.

Affected Products

• Red Hat OpenShift Container Platform 4.4 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.4 for RHEL 7 x86_64
• Red Hat OpenShift Container Platform for Power 4.4 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for Power 4.4 for RHEL 7 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.4 for RHEL 8 s390x
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.4 for RHEL 7 s390x

Fixes

• BZ - 1817394 - Added CD ROMs in UI other than Windows Guest Disk use VirtIO instead of sata
• BZ - 1818714 - Vm Wizard always shows warning for CD ROM devices
• BZ - 1823305 - Kibana Logout Function Does not log off user
• BZ - 1824255 - OperatorHub: Installed Operators provided APIs view more link should go to operator details tab
• BZ - 1826174 - Jenkins oAuth template fails when the ingress custom certificate is signed by an intermediate CA
• BZ - 1828939 - jenkins oauth integration is broken on JDK 11
• BZ - 1829319 - Provide cluster's related object immediately during CVO creation for must-gather
• BZ - 1831808 - Operand's list view - "Status" column doesn't display the latest 'status.conditions''
• BZ - 1831821 - NetworkAttachmentDefinition wizard creates invalid spec for cnv-bridge CNI
• BZ - 1832872 - [openstack] api loadbalancer shows operating_status of DEGRADED after kuryr IPI install
• BZ - 1833122 - kube-sceduler-operator targetconfig controller uses legacy router configmap
• BZ - 1833128 - Resource Graph is Built Using Legacy Router CA ConfigMap
• BZ - 1833427 - [4.4] Upgrading from 4.3.18 to 4.4.3 , causing Prometheus creating new PVC
• BZ - 1833508 - Inspector: Allows users to configure any non-link-local IPV6 address for the provisioning interface
• BZ - 1834474 - [4.4] ovnkube: set NB/SB database inactivity probes to 60 seconds
• BZ - 1836343 - Available queries on dashboards and metrics tabs don't match
• BZ - 1836807 - Update API group for eventSources
• BZ - 1836914 - unable to recognize no matches for kind "servicemonitor.monitoring.coreos.com" in version "monitoring.coreos.com/v1"
• BZ - 1838245 - InstallPlan is dropping "nullable: true" from CRD's openAPIV3Schema
• BZ - 1838259 - Under condition of heavy pod creation: "failed to set annotation on pod ... not found"
• BZ - 1838420 - PV-pool yaml is missing requested storage when created from UI
• BZ - 1839023 - [Kuryr] LB sg update not skipped when no endpoint is found
• BZ - 1839115 - Environment Variables can not be added to knative service through Add flow
• BZ - 1840611 - [Kuryr] LB resources not deleted when are transitioned to ERROR
• BZ - 1840812 - When user names contain a '#' in their name, the console cannot display the user resource
• BZ - 1841029 - DNS LB not allowing UDP traffic after Octavia upgrade
• BZ - 1841149 - OLM: Console is not creating role binding when enabling monitoring for an operator
• BZ - 1841162 - Fix openshift_etcd_operator_build_info metric
• BZ - 1841171 - custom display name did not change after updating on console
• BZ - 1841478 - [release-4.4] Nodes in Azure are getting into longUnregistered state
• BZ - 1843284 - Prometheus is not reporting router metrics
• BZ - 1843928 - gcp-routes mechanism leads to EOF and/or i/o timeout on switch-over on GCP
• BZ - 1843945 - Jenkins service account permission error after upgraded kubernetes plugin to 1.19.2 in jenkins
• BZ - 1844091 - Find_loadbalancer method should also use provider information
• BZ - 1844093 - LBaaSLoadBalancer object has wrong default value for security_groups
• BZ - 1844102 - [oVirt] add oVirt as a provide to openshift tests
• BZ - 1844136 - kube-proxy deployment does not include any memory/cpu requests
• BZ - 1844302 - upgradePhase: nodeRestarting always reports True in elasticsearch CR
• BZ - 1845819 - Azure-file mount fail on RHEL worker due to missing cifs-utils package
• BZ - 1845830 - [azure-file] "Permission denied" when read/write to mounted directory on RHEL node.
• BZ - 1845993 - Elasticsearch operator sets shard allocation to "none" during restart for certs
• BZ - 1847087 - [4.4] Pods consuming azuredisk volume are stuck in ContainerCreating status on RHEL78 node
• BZ - 1847457 - Dockerfile.rhel7 fails ART builds

CVEs

• CVE-2020-8616
• CVE-2020-8617
• CVE-2020-12662
• CVE-2020-12663

References

(none)