RHBA-2020:2786 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.4.11 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.4.11. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2020:2785

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-release-notes.html

This update fixes the following bugs among others:

• The OpenShift Pipelines URL referenced in the Pipelines build strategy deprecation note in the web console was giving a 404 error. The URL has been updated to point to the correct URL. (BZ#1822346)
• Previously, CRD YAML files were using a deprecated string version API, causing the instances tab of the CRD to load a version that wasn't the latest version. CRD YAML files have been updated to use the array version API, which allows the CRD to get the latest version instances. (BZ#1822437)
• Previously, a MachineSet could have a nil `replicas` field. Because of this, the Autoscaler could not determine the size of the MachineSet. The Autoscaler has been updated to read the replica count from the `status` replica field, allowing it to determine the current size of the MachineSet. (BZ#1835160)
• Previously, there were several cases where a `NotFound` error was ignored by the controller logic. This caused the controller to not be aware of missing Pods, forcing Operators to wait indefinitely for Pods that were expected to be present. Subsequently, upgrades failed because the underlying issue was never broadcasted to the cluster administrator. This bug fix updates the controller logic to properly handle `NotFound` events so missing Pods are recognized and can be resolved. (BZ#1843876)

You may download the oc tool and use it to inspect release image metadata
as follows:

(For x86_64 architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.4.11-x86_64

The image digest is
sha256:bf373a678979c1bf09069eb34f51e8c8180ef3488a8f6d915a99047320e81c24

(For s390x architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.4.11-s390x

The image digest is
sha256:059de27d828d681940331f3ef2dc60e7625dc4b9f4cea5e72c2911fba32cafec

(For ppc64le architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.4.11-ppc64le

The image digest is
sha256:4ef92ad59dcf9d291a424941a29090c7b8eaecae3b8ff541748a0ebb723745bf

All OpenShift Container Platform 4.4 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.4/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.

Solution

For OpenShift Container Platform 4.4 see the following documentation, which
will be updated shortly for release 4.4.11, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.4/updating/updating-cluster-cli.html.

Affected Products

• Red Hat OpenShift Container Platform 4.4 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.4 for RHEL 7 x86_64
• Red Hat OpenShift Container Platform for Power 4.4 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for Power 4.4 for RHEL 7 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.4 for RHEL 8 s390x
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.4 for RHEL 7 s390x

Fixes

• BZ - 1779163 - NetlinkError: (17, 'File exists') when kuryr-daemon gets restarted in a wrong moment
• BZ - 1822346 - External link in deprecation notes of pipeline build strategy does not exist
• BZ - 1822437 - Instances tab of a CRD will try to load with an API version that is not served
• BZ - 1829327 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled is forbidden: unable to validate against any security context constraint: []
• BZ - 1829894 - [OSP] Installer can't find VRRP protocol number if the plugin is not enabled in Neutron
• BZ - 1834313 - Clicking on monitoring graph in sidebar does not give query
• BZ - 1834533 - Machine Config operator parses kubelet.conf reducing usability.
• BZ - 1837784 - [4.4]label with long value is overlapping another one
• BZ - 1842629 - Add run-resourcewatch command to openshift-tests binary
• BZ - 1843876 - daemonset, deployment, and replicaset status can permafail
• BZ - 1845706 - Update openvswitch2.13 to -29 or later
• BZ - 1845921 - No way to check installed kuryr-k8s-controller package version within pod
• BZ - 1846305 - ServiceBindingRequest backingServiceSelectors breaks topology
• BZ - 1846357 - Machine Config Daemon Daemon Set does not set universal Toleration (and therefore gets booted if taints are set on a node)
• BZ - 1847675 - ovn-kube pods should mount /var/run/netns rslave
• BZ - 1847961 - error "label value was collected before with the same name and label values" in node-exporter pod's log
• BZ - 1849518 - marketplace-operator should show the source git commit
• BZ - 1849540 - Tests are failing due to constant etcd leader elections changes
• BZ - 1850168 - [CRI-O] CRI-O reports container as exited although the process is still running
• BZ - 1850632 - Operators won't install if the CSV dependency is already installed
• BZ - 1851066 - 4.4: A restarted kube-apiserver doesn't wait for the port to be available; crashloops
• BZ - 1851418 - remove use of upstream client plugin pipeline from openshift build e2e

CVEs

• CVE-2017-18077
• CVE-2017-18869
• CVE-2018-3737
• CVE-2018-3750
• CVE-2019-16775
• CVE-2019-16776
• CVE-2019-16777
• CVE-2020-10772
• CVE-2020-11080
• CVE-2020-12888
• CVE-2020-13777

References

(none)