RHBA-2021:0753 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.6.21 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.6.21. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2020:0750

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html

This update fixes the following bugs among others:

• Previously, a user could be denied access to pull images from other projects due to insufficient user permissions. This update removes all user interface checks for RoleBindings and shows the `oc` command alert to help users use the command line when pulling images from other projects. As a result, the user is shown how to enable image pulling from a different namespace and is no longer blocked from creating images from different namespaces; they can now also deploy images from their other projects. (BZ#1933727)
• Previously, for all on-premise platforms, when discovering the node IP, `baremetal-runtimecfg` wrongly assumed the nodes were always attached to a subnet that included the VIP and looked for an address within this IP range. Consequently, nodes failed to generate configuration files with `baremetal-runtimecfg`. This update automatically falls back to the IP address associated with the default route, so that new compute nodes can join the cluster when deployed on separate subnets. (BZ#1932967)

You may download the oc tool and use it to inspect release image metadata
as follows:

You may download the oc tool and use it to inspect release image metadata
as follows:

(For x86_64 architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.20-x86_64

The image digest is
sha256:6ae80e777c206b7314732aff542be105db892bf0e114a6757cb9e34662b8f891

(For s390x architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.20-s390x

The image digest is
sha256:d62eaf00e7abcd825012e5432b53001ed59b981e6e9f46da078dd524ef3c82a8

(For ppc64le architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.20-ppc64le

The image digest is
sha256:d3462440defca7652d8cc50cc4b62b9336a6207270b2d3eec39d58f50491625c

All OpenShift Container Platform 4.6 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.

Solution

For OpenShift Container Platform 4.6 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.

Affected Products

• Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8 s390x

Fixes

• BZ - 1912531 - kubectl dep bump for drain busy loop
• BZ - 1916860 - Display incompatible helm charts for installation (kubeVersion of cluster doesn't meet requirements of chart)
• BZ - 1921743 - (release-4.6) collect logs from openshift-sdn-controller pod
• BZ - 1923939 - [release-4.6] Event listener with triggerRef crashes the console
• BZ - 1924069 - re-running the pipelinerun with pipelinespec crashes the UI
• BZ - 1924623 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections
• BZ - 1928773 - hostname lookup delays when master node down
• BZ - 1932775 - [4.6] Backport first steps of refactoring
• BZ - 1932967 - [on-prem] Unable to deploy additional machinesets on separate subnets
• BZ - 1933075 - machine-config-operator fails when writing zero-length systemd dropins
• BZ - 1933676 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment
• BZ - 1933727 - User with edit users cannot deploy images from their own namespace from the developer perspective - 4.6
• BZ - 1934342 - cluster-etcd-operator is leaking transports
• BZ - 1934656 - [4.6] CRI-O failing with: error reserving ctr name

CVEs

(none)

References

(none)