RHBA-2021:1232 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.6.26 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.6.26. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2021:1229

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html

This update fixes the following bugs among others:

• Previously, IPv6 addresses that began with leading zeros were not calculated, and those IP addresses were not assigned. With this release, the IPv6 calculation method is improved and IPv6 addresses with leading zeroes are calculated properly. (BZ#1931953)
• Previously, as part of minimizing the amount of data from the pod's `/run/secrets` that is copied into the build container, BZ#1916897 failed to include `/run/secrets/etc-pki-entitlements` if it was available. As a result, entitled builds with their entitlement certificates stored on the OpenShift Container Platform host or node did not work seamlessly. With this release, the OpenShift Container Platform build image and associated pod mounts all available entitlement-related files that are in `/run/secrets` into the build container, and entitled builds are unable to pick up the certificates stored on the OpenShift Container Platform host or node. When running OpenShift Container Platform builds on RHCOS nodes, error messages similar to `level=warning msg="Path \"/run/secrets/etc-pki-entitlement\" from \"/etc/containers/mounts.conf\" doesn't exist, skipping` can be ignored. (BZ#1946363)

You may download the oc tool and use it to inspect release image metadata
as follows:

(For x86_64 architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.26-x86_64

The image digest is sha256:e867135cd5a09192635b46ccab6ca7543e642378dc72fa22ea54961b05e322f2

(For s390x architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.26-s390x

The image digest is sha256:afeaf47fa0affd1dac83583e5cf57ae9824791e1bf23686733c6d5bbeb9ccc25

(For ppc64le architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.6.26-ppc64le

The image digest is sha256:6c4a7898ec1eb88bb8f4075c7a3d748978f8557f6fcc5ef9f952f0238e52a83c

All OpenShift Container Platform 4.6 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor

Solution

For OpenShift Container Platform 4.6 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html

Affected Products

• Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8 s390x

Fixes

• BZ - 1897526 - [Kuryr] Available port count not correctly calculated for alerts
• BZ - 1926662 - NodePort is not working when configuring an egress IP address
• BZ - 1931953 - Whereabouts IPv6 addresses not calculated when leading hextets equal 0
• BZ - 1935574 - (release-4.6) Extend OLM operator gatherer to include Operator/ClusterServiceVersion conditions
• BZ - 1937090 - cluster DNS experiencing disruptions during cluster upgrade in insights cluster
• BZ - 1939609 - FilterToolbar component does not handle 'null' value for 'rowFilters' prop
• BZ - 1942907 - [release-4.6] Gather datahubs.installers.datahub.sap.com resources from SAP clusters
• BZ - 1942940 - [release-4.6] must-gather improvements
• BZ - 1943973 - Bare-metal operator is firing for ClusterOperatorDown for 15m during 4.6 to 4.7 upgrade
• BZ - 1944145 - controller-manager-operator: Observed a panic: nil pointer dereference
• BZ - 1945308 - [4.6z] pods may fail to add logical port due to lr-nat-del/lr-nat-add error messages
• BZ - 1945602 - Optionally set KERNEL_VERSION and RT_KERNEL_VERSION
• BZ - 1945690 - [4.6z] Dockerfile needs updating to new container CI registry
• BZ - 1946363 - After fix for CVE-2021-3344, Builds do not mount node entitlement keys
• BZ - 1946597 - Unnecessary series churn when a new version of kube-state-metrics is rolled out
• BZ - 1947343 - Kuryr: NP tests failing when trying to create SG

CVEs

• CVE-2021-3449

References

(none)