RHBA-2021:3247 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.8.9 is now available with
updates to packages and images that fix several bugs and add enhancements.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.9. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2021:3248

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.9-x86_64

The image digest is sha256:d7a39773aec3cb5e3599be828ac101e062c0b587c9e922ed1f3a8cc71b01a93f

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.9-s390x

The image digest is sha256:d9d9498e59dd513ba9851aa1dfd8d2244de8b77aec2b5ccef33cd3bfa2cb0e94

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.9-ppc64le

The image digest is sha256:06f6a699f6edc070a2e4025d7032e563fdcd28cce0154ef24c3139a0f0ca7f84

All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available
at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor

Solution

For OpenShift Container Platform 4.8 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html

Affected Products

• Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x

Fixes

• BZ - 1947439 - day2 cluster says: "This cluster should have been deleted 2020 years ago. Please contact OCM support at ocm-feedback@redhat.com to let us know about this issue."
• BZ - 1952549 - [assisted operator] Seeing error="record not found" after spoke cluster installation
• BZ - 1966623 - [master] Cluster install failed due to timeout while "Waiting for control plane"
• BZ - 1969651 - [4.8] Bootimage bump tracker
• BZ - 1970180 - Cannot use DASD at virtio block device when installing RHCOS on KVM [4.8.z]
• BZ - 1970576 - [Assisted-4.8 ][cloud] Red alert: Vulnerable Container Images on Staging
• BZ - 1972987 - Add Sprint 202 Round 2 translations
• BZ - 1974680 - Double instance create AWS
• BZ - 1975078 - Gracefully shutdown taking around 6-7 mins (libvirt provider)
• BZ - 1976241 - [4.8.z backport] Upgrade from Openshift 4.5 -> 4.6 Results in Orphaned Address sets
• BZ - 1977634 - vSphere Machines stuck in deleting phase if associated Node object is deleted
• BZ - 1977659 - Incorrect warning message on network type selection
• BZ - 1979575 - SNO - monitoring operator is not available cause failed: waiting for Alertmanager openshift-monitoring/main
• BZ - 1980367 - CI not working because Dockerfile references an ImageStream resource which isn't compatible with OLM
• BZ - 1982458 - 'You are logged in as a temporary administrative user.' banner is shown for kubeadmin user with crc
• BZ - 1985015 - OpenStack machine_controller does not remove boot volumes when reconciler errors
• BZ - 1985081 - Downloaded log file (All task logs) contains logs of all taskrun in a single line
• BZ - 1985193 - Dynamic plugin routes should be evaluated before static plugin routes
• BZ - 1985957 - Backport ovnkube-trace requires iproute to be installed in the pod to 4.8.z
• BZ - 1987020 - Manilacsi becomes degraded even though it is not available with the underlying Openstack
• BZ - 1988425 - drop-icmp pod blocks direct SSH access to cluster nodes
• BZ - 1988487 - [4.8] DNAT rules for external IP services wrong in ovn-kubernetes
• BZ - 1989676 - machine-api couldn't reconcile VMs with OVNKubernetes network type
• BZ - 1991501 - [release-4.8] Cannot delete ClusterAutoscaler CR with foreground deletion
• BZ - 1992639 - oc new-build command does not pick automatic source clone secret in OpenShift 4.7
• BZ - 1993385 - failed to start cri-o service due to /usr/libexec/crio/conmon is missing
• BZ - 1994110 - Minor OpenShift upgrades blocked when olm.maxOpenShiftVersion = current Y-stream+1 and current Z-stream > 0
• BZ - 1994156 - thanos fails to build with latest imagebuilder
• BZ - 1994728 - upgrade from 4.6 to 4.7 to 4.8 with mcp worker "paused=true", crio report "panic: close of closed channel" which lead to a master Node go into Restart loop
• BZ - 1995809 - long living clusters may fail to upgrade because of an invalid conmon path
• BZ - 1998106 - Networking issue with vSphere clusters running HW14 and later

CVEs

• CVE-2021-3609
• CVE-2021-22543
• CVE-2021-22555
• CVE-2021-27218
• CVE-2021-31525
• CVE-2021-33195
• CVE-2021-33197
• CVE-2021-33198
• CVE-2021-34558

References

(none)