RHBA-2020:5115 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.6.6 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.6.6. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2020:5116

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html

You may download the oc tool and use it to inspect release image metadata
as follows:

(For x86_64 architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.6-x86_64

The image digest is sha256:b8154e802c17dae57d1cfb0580e6a79544712cea0f77e01ae6171854f75975ea

(For s390x architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.6-s390x

The image digest is sha256:075f9903ef5ef0e0d66a6001ab3057dca241d35b8eb5434e7351794ea7cc49ad

(For ppc64le architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.6-ppc64le

The image digest is sha256:8d35a674c0726a85106872736525972aa21baebf9ff2fff263287bfade9f1f93

All OpenShift Container Platform 4.6 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.

Solution

For OpenShift Container Platform 4.6 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.

Affected Products

• Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8 s390x

Fixes

• BZ - 1749620 - [operator-sdk] Evicted pod do not release controller ConfigMap lock
• BZ - 1867169 - Updated catalog source serves stale bundles
• BZ - 1884647 - [4.6z] ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment
• BZ - 1885188 - Failed to inspect hardware. Reason: unable to start inspection: 'idrac'
• BZ - 1885309 - incorrect display consistently on any upgrade that starts/end in the hour of 12pm
• BZ - 1885675 - [4.6z] Replacing masters doesn't work for ovn-kubernetes 4.4
• BZ - 1886213 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case
• BZ - 1886448 - CSV with only Webhook conversion can't be installed
• BZ - 1887462 - CNO: Replacing masters doesn't work for ovn-kubernetes 4.4
• BZ - 1888032 - prevent extra cycle in aggregated oauth and openshift apiservers
• BZ - 1888853 - MCO extension kernel-headers is invalid
• BZ - 1889711 - Prometheus metrics on disk take more space compared to OCP 4.5
• BZ - 1890297 - [backport-4.6] in multitenant mode, openshift-etcd-operator can't reach etcd
• BZ - 1890465 - unable to edit an application without a service
• BZ - 1891064 - opm index add semver-skippatch mode does not respect prerelease versions
• BZ - 1891626 - [Release 4.6] Mutable LoadBalancer Scope
• BZ - 1891711 - Application behind service load balancer with PDB is not disrupted
• BZ - 1892302 - Setting Supermicro node to PXE boot via Redfish doesn't take affect
• BZ - 1892320 - cluster-etcd-operator flooding the logs in steady state
• BZ - 1892360 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode
• BZ - 1892391 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky
• BZ - 1892395 - TestListPackages is flaky
• BZ - 1893015 - Storage efficiency card showing wrong compression ratio
• BZ - 1893620 - unable to specify target port manually resulting in application not reachable
• BZ - 1894195 - Mounting additionalTrustBundle in the operator
• BZ - 1894227 - Console shows wrong value for maxUnavailable and maxSurge when set to 0
• BZ - 1894235 - unable to edit application group for KSVC via gestures (shift+Drag)
• BZ - 1894310 - CI runs of baremetal IPI are failing due to newer libvirt libraries
• BZ - 1894483 - bash syntax error in nodeip-configuration.service
• BZ - 1894868 - 'backend' CI job passing despite failing tests
• BZ - 1895532 - HPA monitoring cpu utilization fails for deployments which have init containers
• BZ - 1895952 - catalogSource named "redhat-operators" deleted in a disconnected cluster
• BZ - 1896009 - Placeholder bug for OCP 4.6.0 rpm release
• BZ - 1896051 - Package Server is in 'Cannot update' status despite properly working
• BZ - 1896230 - [4.5 upgrade][alert]CloudCredentialOperatorDown
• BZ - 1896329 - Revert KUBELET_LOG_LEVEL back to level 3 (
• BZ - 1896381 - NTO fails to load kernel modules
• BZ - 1896584 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine)
• BZ - 1896600 - Web console going blank after selecting any operator to install from OperatorHub
• BZ - 1896705 - Machine API components should honour cluster wide proxy settings
• BZ - 1896894 - Provide an ability to turn off rollbackcopier
• BZ - 1896905 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller
• BZ - 1897542 - Backup taken on one master cannot be restored on other masters
• BZ - 1898152 - image-pruner job is panicking: klog stack
• BZ - 1898950 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly
• BZ - 1899289 - [4.6.z] Need to set GODEBUG=x509ignoreCN=0 in initrd
• BZ - 1899368 - The MCO GCP-OP tests fail consistently on containerruntime tests with "connection refused"

CVEs

• CVE-2020-15999

References

(none)