RHBA-2021:3511 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.8.12 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.8.12. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2021:3512

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

You may download the oc tool and use it to inspect release image metadata
as follows:

(For x86_64 architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.8.12-x86_64

The image digest is sha256:c3af995af7ee85e88c43c943e0a64c7066d90e77fafdabc7b22a095e4ea3c25a

(For s390x architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.8.12-s390x

The image digest is sha256:f9a194aa5b3955fd6679ba5ac08af88ecd20793ac25d2904aee84b931cfeeac1

(For ppc64le architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.8.12-ppc64le

The image digest is sha256:cf1c13038fba56986aa2602cc4e3d6263be66e77fdd3aab663c20b08ea5985fe

All OpenShift Container Platform 4.8 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor

Solution

For OpenShift Container Platform 4.8 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html

Affected Products

• Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x

Fixes

• BZ - 1874106 - "oc image mirror" fails to mirror multiple images to quay.io
• BZ - 1973421 - [4.8] improve dual-stack install-config validation
• BZ - 1979251 - [4.8.0] OPENSHIFT_VERSIONS env var overrides AgentServiceConfig osImages: values
• BZ - 1980411 - [4.8.z] Cluster-version operator loads proxy config from spec, not status
• BZ - 1985308 - Creating a configmap for a CA without a trailing newline in source file results in non-working CA verification
• BZ - 1985735 - [IPI baremetal] 'Failed to get the sockets from the old process' error is reported in haproxy logs following haproxy reload
• BZ - 1986476 - OLM fails with 'ResolutionFailed' found more than one head for channel
• BZ - 1987239 - Egress IP iptables rules not added due to iptables: Resource temporarily unavailable
• BZ - 1987315 - OpenShift web console not deployed after installing OCP 4.8.2 using single-node-developer profile
• BZ - 1990113 - Multus whereabouts assigns duplicate IP addresses to pods when have large number of replicas
• BZ - 1990141 - Console overview section shows operators are upgrading even though it is not actually upgrading.
• BZ - 1990928 - Whereabouts fails in 4.9 due to missing RBAC for leases
• BZ - 1991979 - [BM][IPI] redfish inspect fails on nodes with nics where mac="": Expected a MAC address but received .
• BZ - 1993117 - [release-4.8] Volumes are accidentally deleted along with the machine [vsphere]
• BZ - 1993236 - BuildConfig Environment tab: different errors when the form is not filled completely
• BZ - 1993800 - 4.8: Static pod installer backoff broken WAS: [arbiter] OCP Console fail goes into endless look during authentication after set of temporary network disruptions which separatates cluster zones
• BZ - 1994483 - OCP 4.8 etcd unhealthy
• BZ - 1995118 - Virtualization is not available in Home Overview
• BZ - 1995595 - Autoscaler log report error “Failed to watch *v1.CSIDriver”
• BZ - 1996201 - [4.8z] failed to configure pod interface: error while waiting on OVS.Interface.external-ids:ovn-installed for pod: timed out while waiting for OVS port binding
• BZ - 1996672 - Cluster Proxy not used during installation on OSP
• BZ - 1996758 - tech / dev preview badge in search resource dropdown missing styles
• BZ - 1997497 - Send telemetry metrics
• BZ - 1998391 - Kubelet regularly freeze control groups causing issues further down
• BZ - 1998650 - Backport ZTP provisioning to 4.8
• BZ - 1998938 - 4.7.6 -> 4.7.9 upgrade: leader election stuck
• BZ - 1999608 - Tuned configuration fails and does not recover when profile references a not yet existing performance profile configuration
• BZ - 1999777 - Take etcd backups before minor-version OpenShift updates
• BZ - 2000038 - machinehealthcheck controller does not consider nodes that still have the external remediation annotation
• BZ - 2000414 - power-of-two balancing feature set "Random" as default balancing for passthrough routes
• BZ - 2000442 - SNO deployment on HPE e910 blades fails because the node always boots from virtualmedia
• BZ - 2000474 - Import from git as Serverless Service creates an incomplete BuildConfig (Secret is missing)
• BZ - 2001268 - openshift-console operator incorrectly reports Available=false
• BZ - 2001363 - [4.8z] Pod creation failed with CNI request timeout due to stale data in cache.
• BZ - 2001457 - (release-4.8) Gather PodSecurityPolicies names installed in a cluster
• BZ - 2001542 - [OVN] EgressIP no longer worked after a cluster upgrade
• BZ - 2001641 - Syntax error appears to breaks the ovn egressFirewall policy during the cluster upgrade
• BZ - 2001724 - Placeholder bug for OCP 4.8.0 rpm release
• BZ - 2001974 - [ImageStreams] Remove stale cruft installed by CVO in earlier releases
• BZ - 2002281 - "oc adm top nodes" output give negative numbers
• BZ - 2002805 - Increase in RSS memory in CRI-O and Kubelet

CVEs

• CVE-2021-3653

References

(none)