Red Hat Product Errata RHBA-2021:4712 - Bug Fix Advisory
Issued:
2021-11-22
Updated:
2021-11-22

RHBA-2021:4712 - Bug Fix Advisory

Synopsis

OpenShift Container Platform 4.9.8 bug fix update

Type/Severity

Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.9.8 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.9.8. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHBA-2021:4711

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

You may download the oc tool and use it to inspect release image metadata
as follows:

(For x86_64 architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.9.8-x86_64

The image digest is sha256:c91c0faf7ae3c480724a935b3dab7e5f49aae19d195b12f3a4ae38f8440ea96b

(For s390x architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.9.8-s390x

The image digest is sha256:fce68c9f5ea686ba7c83eefbef412b661f882f33fe52ecfcc3deeb98dbf3d8c9

(For ppc64le architecture)

$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.9.8-ppc64le

The image digest is sha256:1b0e5463fb8a35283edb37c50fccbd6d52f46eb7cec32906fffe46b6d48647c9

All OpenShift Container Platform 4.9 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor

Solution

For OpenShift Container Platform 4.9 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.9 aarch64

Fixes

  • BZ - 1985847 - Storage CO is not available after enabling the vSphere CSI Driver featuregate due to "Failed to create \"cnsvspherevolumemigrations.cns.vmware.com\" CRD
  • BZ - 1988154 - Scaling up machineset fails when using virtualmedia via external network
  • BZ - 1995467 - Storagesystem "ibm-flashsystem-storage" got created without clicking on Create button
  • BZ - 2002508 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable
  • BZ - 2002811 - KCM does not use web identity credentials
  • BZ - 2002870 - SSH authorized key not injected into guest when using a user defined template
  • BZ - 2003870 - Error on creating local volume set after selection of the volume mode
  • BZ - 2006290 - sdn emits events with garbage messages
  • BZ - 2008175 - fsync controller will show false positive if gaps in metrics are observed.
  • BZ - 2009722 - samples should not go degraded when image allowedRegistries blocks imagestream creation
  • BZ - 2012025 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace
  • BZ - 2014938 - Ingress operator not creating wildcard route for hypershift clusters
  • BZ - 2015134 - The switch status of the button "Show default project" is not revealed correctly in code
  • BZ - 2017717 - state of ODF StorageSystem is misreported during installation or uninstallation
  • BZ - 2017722 - Creation of BackingStore, BucketClass, NamespaceStore fails
  • BZ - 2017773 - (release-4.9) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource
  • BZ - 2018398 - [4.9z] OVN idle service cannot be accessed after upgrade from 4.8
  • BZ - 2018557 - Cannot install to openshift-nmstate namespace
  • BZ - 2019754 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8
  • BZ - 2020000 - Metrics view in Deployment reports "Forbidden" when not cluster-admin
  • BZ - 2020546 - get-resources.sh doesn't honor the no_proxy settings even with no_proxy var
  • BZ - 2021097 - CMO should report `Upgradeable: false` when HA workload is incorrectly spread
  • BZ - 2021512 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references
  • BZ - 2021527 - ClusterOperators link in console returns blank page during upgrades
  • BZ - 2022488 - SRO in operator hub points to wrong repo for README
  • BZ - 2022528 - Extensive number of requests from storage version operator in cluster
  • BZ - 2022596 - ServiceAccount in manifests conflicts with OLM
  • BZ - 2022813 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled
  • BZ - 2022889 - Incorrect URL in operator description
  • BZ - 2023285 - cloudinit is malformatted if a user sets a password during VM creation flow
  • BZ - 2023866 - Fix Patch 104847 in 4.9

References

(none)

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.