RHBA-2020:2913 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.4.13 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.4.13. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2020:2912

This update fixes the following bugs among others:

• Operator Lifecycle Manager (OLM) allows users to specify volumes and volumeMounts using the `subscriptionConfig` field of a Subscription. Using this feature updates the Deployment defined in the ClusterServiceVersion (CSV). Occasionally, OLM would not have the Subscription created for a CSV in its cache, and the CSV would be placed in the *installing phase* without creating the Deployment with the volumes or volumeMounts defined in the Subscription. OLM would then be unable to move the CSV into the *Succeeded phase* because the calculated Deployment hash would not equal the actual Deployment hash on the Deployment. This error would not be resolved because OLM does not update or recreate the Deployment in the *installing phase*, and the issue would persist until five minutes passed, when OLM would resync CSVs. As a result, OLM would occasionally be delayed while installing CSVs. This bug fix ensures that, if OLM encounters a Deployment hash error when installing a CSV, OLM now recreates the Deployment. As a result, OLM is no longer delayed by an incorrect Deployment hash. (BZ#1827000)
• Previously, the etcd target member matching mechanism was not strict. This sometimes caused the wrong member to be returned if IP addresses overlapped. The etcd target member matching mechanism is now strict, allowing for exact matches only. (BZ#1837152)
• Previously, the AlertmanagerConfigInconsistent alert could fire during an upgrade because some of the Alertmanager Pods were temporarily not running due to a rolling update of the StatefulSet. The alert resolved itself once all Alertmanager Pods had been updated. The alert, however, caused confusion if the configuration was otherwise correct. The alert has been fixed so it ignores the number of running Alertmanager Pods. Now the AlertmanagerConfigInconsistent alert no longer fires during upgrades when some of the Alertmanager Pods are in a non-running transient state. (BZ#1850615)

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-release-notes.html

ou may download the oc tool and use it to inspect release image metadata
as follows:

(For x86_64 architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.4.13-x86_64

The image digest is
sha256:1b15aef0cf352b49be0b22f273663719dfdc111737e58a9080595623e47d7dd8

(For s390x architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.4.13-s390x

The image digest is
sha256:e2574fd9a0d7c5a0a26caf8a6b0b4345a2fe37074267323411917485ba658142

(For ppc64le architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.4.13-ppc64le

The image digest is
sha256:9c80e036bd1ddffb554e2c543ce4eec12f436697e8f58a3c158668a5a952a16a

All OpenShift Container Platform 4.4 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.4/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.

Solution

For OpenShift Container Platform 4.4 see the following documentation, which
will be updated shortly for release 4.4.13, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.4/updating/updating-cluster-cli.html.

Affected Products

• Red Hat OpenShift Container Platform 4.4 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.4 for RHEL 7 x86_64
• Red Hat OpenShift Container Platform for Power 4.4 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for Power 4.4 for RHEL 7 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.4 for RHEL 8 s390x
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.4 for RHEL 7 s390x

Fixes

• BZ - 1792102 - Install imagestreams and templates on Power and Z [4.4]
• BZ - 1813221 - Default openshift install requests too many CPU resources to install all components, requests of components on cluster are wrong
• BZ - 1815637 - etcd: mvcc/backend: Fix corruption bug in defrag
• BZ - 1816806 - system:serviceaccount:kube-system:cloud-provider cannot create resource events
• BZ - 1825339 - [4.4.z] Kuryr-cni restarts during conformance tests due to namespace not found
• BZ - 1827000 - CSV stuck in installing phase
• BZ - 1835396 - Cannot access logs in kibana with the managed deployment orchestrated by the cluster logging operator
• BZ - 1837152 - Bootstrap stuck on waiting on condition EtcdRunningInCluster in etcd CR /cluster to be True
• BZ - 1840012 - Insights tarball files don't have extension set
• BZ - 1840588 - Status errors, if present, are not shown on submit of edit application forms
• BZ - 1845492 - File restoration doesn't work as expected when it is not owned by an rpm but available in /usr/etc/
• BZ - 1847111 - Metering is missing the OLM CSV upgrade annotation
• BZ - 1848687 - haproxy current sessions data in Prometheus keep increasing
• BZ - 1849217 - [baremetal] Master nodes should be tagged as NoSchedule
• BZ - 1850090 - the skipVersion should exactly match regex in art.yaml
• BZ - 1850112 - OLM Not Respecting Default Channel in OCP 4.5
• BZ - 1850615 - [4.4 upgrade][alert] AlertmanagerConfigInconsistent
• BZ - 1851903 - kuryr cannot access namespaces in /var/run/netns properly
• BZ - 1852565 - Change the etcd health check timeout in kube-apiserver to 10s
• BZ - 1854814 - HTTP/2 backend support breaks websocket
• BZ - 1856821 - [4.4.z] unable to boot RHCOS 4.5 with SecureBoot enabled

CVEs

(none)

References

(none)