RHBA-2021:0674 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.6.20 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.6.20. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2020:0673

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html

This update fixes the following bugs among others:

• Previously, when importing a private image container with secrets, the image download would fail and return `ErrImagePull` and `ImagePullBackOff` errors. Consequently, the pod could not start and `DeploymentConfig` was stuck until `ServiceAccount` or `DeploymentConfig` was updated manually. With this update, new deployments use the internal container registry to start. As a result, importing a container image from an external private container registry now works as intended. (BZ#1926340)
• This update supports backporting the `SAPConfig` gathering enhancement, since many SAP clusters are running OpenShift Container Platform 4.6. (BZ#1922855)
• Previously, the pruner was trying detect the registry name using image streams. When there were no image streams, the pruner failed to detect the registry name. With this update, the Image Registry Operator provides the pruner with the registry name, which results in the pruner no longer depending on the existence of image streams. (BZ#1923993)
• Previously, if the hostname from the vSphere metadata was not set before the `NetworkManager` started, the vSphere metadata would be ignored. This update now sets the hostname as `vsphere-hostname.service` before the `NetworkManager` starts, so long as this information is available within the vSphere metadata. (BZ#1904825)
• Previously, the `httpClient()` chart repository did not consider any proxy environment variable, and thus no helm charts were displayed in the Developer Catalog. This update ensures that proxy environment variables are considered by providing a `http.ProxyFromEnvironment` function to the `Transport` struct's initialization. (BZ#1919138)
• Previously, if the `lib-bucket-provisioner` service account was missing, then the creation of `lib-bucket-provisioner` InstallPlan overloaded the etcd and impacted the performance of the OCP Cluster. This update implements the `Service Account Gatherer` to the Insights Operator to collect `field managementState` of OpenShift Operators, which is anonymized and stored at the Insights Operator archive report. (BZ#1885941)

You may download the oc tool and use it to inspect release image metadata
as follows:

(For x86_64 architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.20-x86_64

The image digest is
sha256:ac5bbe391f9f5db07b8a710cfda1aee80f6eb3bf37a3c44a5b89763957d8d5ad

(For s390x architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.20-s390x

The image digest is
sha256:d6477b7ff61bfe948cf0806611437ebbca07e8466ae89053ae9bca39b1cccd99

(For ppc64le architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.20-ppc64le

The image digest is
sha256:6e66ce5710f01e65427beb811059fa7920000f4a04fa1d7fd506eaef83794b16

All OpenShift Container Platform 4.6 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.

Solution

For OpenShift Container Platform 4.6 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.

Affected Products

• Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8 s390x

Fixes

• BZ - 1885941 - [release 4.6] Collect ServiceAccount statistics
• BZ - 1906298 - MCDDrainError "Drain failed on , updates may be blocked" missing rendered node name
• BZ - 1910199 - [GSS] The "External" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6.
• BZ - 1913543 - backport: cadvisor machine metrics are missing in k8s 1.19
• BZ - 1917481 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group
• BZ - 1919138 - helmchartrepo is not http(s)_proxy-aware
• BZ - 1920552 - error when destroying a vSphere installation that failed early
• BZ - 1922207 - (release-4.6) Gather netnamespaces networking info & remove hostsubnet IP anonymization
• BZ - 1922855 - Gather SAP configuration (SCC & ClusterRoleBinding)
• BZ - 1923993 - Imagepruner met error "Job has reached the specified backoff limit" which causes image registry degraded
• BZ - 1924194 - Panic when task-graph is canceled with a TaskNode with no tasks
• BZ - 1924437 - Missing User RoleBindings in the Project Access Web UI
• BZ - 1925199 - 4.7 to 4.6 downgrade fails due to 4.7 Cluster Profile Support manifest changes
• BZ - 1926121 - "installed" operator status in operatorhub page does not reflect the real status of operator
• BZ - 1926340 - Images from Private external registry not working in deploy Image
• BZ - 1926371 - Pod Scale-up requires extra privileges in OpenShift web-console
• BZ - 1927800 - `Active alerts` section throwing forbidden error for users.
• BZ - 1928108 - (release-4.6) Gather PersistentVolume definition (if any) used in image registry config
• BZ - 1929335 - [release-4.6] Operator objects are re-created after all other associated resources have been deleted
• BZ - 1929872 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest

CVEs

(none)

References

(none)