RHBA-2020:3760 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.5.13 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.5.13. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2020:3761

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html

This update fixes the following bugs among others:

• Previously, whiteout files appeared in unpacked content when using `podman` or `docker` tooling options. With this release, whiteout files are no longer present after unpacking with `podman` and `docker` tooling options. (BZ#1845588)
• With this release, the Import VM function is removed from the Developer perspective of the web console. (BZ#1876461)
• Previously, the cluster upgrade interface in the web console was visible on OpenShift Dedicated, even though OpenShift Dedicated users cannot perform cluster upgrades. The cluster upgrade interface is now hidden for OpenShift Dedicated. (BZ#1877012)
• Previously, the HAProxy router 503 page was not compliant with the standards used by some web application firewalls. The 503 page has been updated to resolve this issue. (BZ#1879120)

You may download the oc tool and use it to inspect release image metadata
as follows:

(For x86_64 architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.5.13-x86_64

The image digest is sha256:8d104847fc2371a983f7cb01c7c0a3ab35b7381d6bf7ce355d9b32a08c0031f0

(For s390x architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.5.13-s390x

The image digest is sha256:e06797b8b622021b4753ce7aa3d8af46c33f72cead8b31efcf0fd582c9f38589

(For ppc64le architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.5.13-ppc64le

The image digest is sha256:eed294e41d25be1dd07e19b4a4fe85a395555591327daf3d7ed54752e483b4a1

All OpenShift Container Platform 4.5 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.5/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.

Solution

For OpenShift Container Platform 4.5 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.

Affected Products

• Red Hat OpenShift Container Platform 4.5 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.5 for RHEL 7 x86_64
• Red Hat OpenShift Container Platform for Power 4.5 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for Power 4.5 for RHEL 7 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 8 s390x
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 7 s390x

Fixes

• BZ - 1845588 - opm does not respect whiteout files when unpacking images with docker and podman
• BZ - 1854978 - CRDs still exist after upgraded to the 4.5.rc.7 from 4.4.11
• BZ - 1859684 - Extra endpoint in etcd [4.4.3]
• BZ - 1859791 - alert is firing KubeJobCompletion and KubeJobFailed at the same time
• BZ - 1868444 - [4.5] enabling hybrid-overlay at cluster deployment time is broken
• BZ - 1868772 - Error message for whereabouts IPAM CNI is not descriptive when kubeconfig is specified and path is wrong
• BZ - 1873546 - CrashLoopBackoff occurrence in community-operators
• BZ - 1874009 - [UPI Kuryr] Wrong tagging of compute node ports breaks kuryr ports pool functionality
• BZ - 1874597 - Static pod installer controller deadlocks with non-existing installer pod, WAS: kube-apisrever of clsuter operator always with incorrect status due to pleg error
• BZ - 1874737 - [ovn][upgrade][4.5]Failed to upgrade for ovn network plugin
• BZ - 1874798 - [release-4.5] EgressIP don't fail over between nodes
• BZ - 1876461 - Remove the "import VM" from dev perspective
• BZ - 1877012 - Hide cluster upgrade UI on OpenShift Dedicated and Amazon Red Hat OpenShift
• BZ - 1877960 - [release-4.5] Empty router-certs secret results in log spam
• BZ - 1878359 - Red Hat Operators Production Index-Image is not getting refreshed when new content is available
• BZ - 1878369 - The CI container base image for OpenShift on OpenStack is outdated
• BZ - 1878713 - Add fallback to builder image detection in console 4.5
• BZ - 1878788 - fix flaky unit test
• BZ - 1879120 - Default 503 error page not conforming to RFCs 2616 and 7230 - CRLF
• BZ - 1879224 - Console turns blank while editing a secret which does not have key and value
• BZ - 1879650 - anonymous browsers should get a 403 from /
• BZ - 1879991 - [release 4.5] cluster-authentication-operator: Fix bug in reflector not recovering from "Too large resource version"
• BZ - 1880134 - GCP destroy leaves members in project IAM policy
• BZ - 1880654 - Placeholder bug for OCP 4.5.z rpm release
• BZ - 1880655 - Placeholder bug for OCP 4.5.z extras release
• BZ - 1880656 - Placeholder bug for OCP 4.5.z metadata release
• BZ - 1882092 - [ovn][upgrade][4.5 PIN]Failed to upgrade for ovn network plugin

CVEs

(none)

References

(none)