RHBA-2021:0749 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.7.2 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.7.2. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2020:0746

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html

This update fixes the following bugs among others:

• Previously, an API server could fail to create a resource, which would return a 409 status code when there was a conflict updating a `resource quota` resource. Consequently, the resource would fail to create, and you might have had to retry the API request. With this update, the `OpenShift Console` web application attempts to retry the request 3 times when receiving a 409 status code, which is often sufficient for completing the request. In the event that a 409 status code continues to occur, an error will be displayed in the console. (BZ#1928228)
• Previously, the fix for BZ#1871996 to properly create RoleBinding links consistently resulted in the inability to select the binding type when a namespace was selected. Consequently, users with an active namespace could not create a cluster RoleBinding without changing the active namespace to `All namespaces`. This update reverts part of the changes for BZ#1871996 so that users can create a cluster role binding regardless of an active namespace. (BZ#1929198)
• Previously, when upgrading a cluster from a prior version with an idled workload, the idled workload would not wake on HTTP request once upgraded to OpenShift Container Platform 4.6/4.7. This error was due to `oc idle` updates and reworks. With this update, idling changes are mirrored from endpoints to services on Ingress Operator startup. As a result, idled routes are now awoken and made accessible with `curl`. (BZ#1927080)
• Previously, failing to adopt an externally provisioned host (i.e., hosts from `OpenShift-installer's` deployment of the control plane) did not automatically retry. Consequently, control plane hosts were often shown in `oc bmh` as `failed`. With this update, failed adoption of the control plane hosts automatically retry to ensure they are always adopted. (BZ#1932452)

You may download the oc tool and use it to inspect release image metadata
as follows:

(For x86_64 architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.20-x86_64

The image digest is
sha256:83fca12e93240b503f88ec192be5ff0d6dfe750f81e8b5ef71af991337d7c584

(For s390x architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.20-s390x

The image digest is
sha256:e32040d23234e21f1b4ecc500533934996708c91587497a17ded2b89b36f72b4

(For ppc64le architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.20-ppc64le

The image digest is
sha256:7ade98079920be8823cf69bae41aa48fb8dac3ce22e01cf5afb0d42237ad83ed

All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.

Solution

For OpenShift Container Platform 4.7 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html.

Affected Products

• Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform for Power 4.7 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.7 for RHEL 8 s390x

Fixes

• BZ - 1890513 - [azure] Deployment stuck while continuing to show message "failed to list dns zone" and "ResourceGroupNotFound"
• BZ - 1896170 - registry.redhat.io/openshift4/ose-pod image dose not work
• BZ - 1923956 - [aws-c2s] Storage can not be used in the cluster
• BZ - 1927080 - oc idle: Clusters upgrading with an idled workload do not have annotations on the workload's service
• BZ - 1927407 - Tables don't render properly at smaller screen widths
• BZ - 1927644 - bootstrap kube-apiserver does not have --advertise-address set – was: [BM][IPI][DualStack] Installation fails cause Kubernetes service doesn't have IPv6 endpoints
• BZ - 1928023 - pipeline with finally tasks status is improper
• BZ - 1928228 - Operation cannot be fulfilled on clusterresourcequotas.quota.openshift.io error when creating different OpenShift resources
• BZ - 1929168 - UPI installation with Kuryr timing out on bootstrap stage
• BZ - 1929198 - Can't create cluster role binding from UI when a project is selected
• BZ - 1929777 - oVirt CSI driver operator is constantly restarting
• BZ - 1931903 - operator registry has high memory usage in 4.7... cleanup row closes
• BZ - 1932002 - Only one of multiple subscriptions to the same package is honored
• BZ - 1932151 - Restore snapshot as a new PVC: RWO/RWX access modes are not click-able if parent PVC is deleted
• BZ - 1932452 - Control plane machines not adopted when provisioning network is disabled
• BZ - 1932488 - [OKD] origin-branding manifest is missing cluster profile annotations
• BZ - 1932968 - Edit Application action overwrites Deployment envFrom values on save
• BZ - 1934798 - machineset-controller stuck in CrashLoopBackOff after upgrade to 4.7.0
• BZ - 1935585 - prometheus liveness probes cause issues while replaying WAL

CVEs

• CVE-2020-8625

References

(none)