RHBA-2023:3529 - Bug Fix Advisory

Topic

OpenShift sandboxed containers 1.4.0 is now available.

Description

OpenShift sandboxed containers support for OpenShift Container Platform
provides users with built-in support for running Kata containers as an
additional, optional runtime.

This advisory contains an update for OpenShift sandboxed containers with enhancements and bug fixes.

Space precludes documenting all of the updates to OpenShift sandboxed
containers in this advisory. See the Release Notes documentation,
which will be updated shortly for this release, for details about these
changes:

https://access.redhat.com/documentation/en-us/openshift_sandboxed_containers/1.4/html-single/openshift_sandboxed_containers_release_notes/

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat OpenShift Container Platform 4.12 for RHEL 9 x86_64

Fixes

• KATA-2079 - kata-oc MCP goes degraded because of invalid 'kata-containers' extension
• KATA-1860 - The node is assigned kata-oc role even though it was not selected to install kata runtime
• KATA-1928 - Updating node labels used for kataConfigPoolSelector doesn't trigger any node change
• KATA-1965 - change declaration of KataConfig.spec.kataConfigPoolSelector from metav1.LabelSelector to map[string]string AKA MatchLabels
• KATA-1966 - deduplicate code building other resources' (MachineConfigPool, RuntimeClass, DaemonSet) node selectors from kataConfigPoolSelector
• KATA-2069 - kata pods fail to start due to taints
• KATA-2070 - checkNodeEligibility and peerpods
• KATA-2077 - kataconfig install does not progress
• KATA-2095 - kata metrics not working: cannot monitor /run/vc/sbs, error="permission denied"
• KATA-2097 - kata monitor pods do not start: /usr/bin/kata-monitor: /lib64/libc.so.6: version `GLIBC_2.34' not found (required by /usr/bin/kata-monitor)
• KATA-2098 - controller-manager pod crashes: missing peerpodconfig
• KATA-1873 - add Node selector to peer pod config
• KATA-2165 - The controller-manager pod reboots often with divide by 0
• KATA-2168 - `make test` isn't tearing down the test environment when done
• KATA-2174 - podvm payload image is not using CCv0 branch for kata-agent build
• KATA-2159 - add cloud-api-adaptor as related image in CSV
• KATA-2038 - OSC 1.3.3 on OCP 4.10 disconnected install, the env KATA_MONITOR_IMAGE value requires changes from Tag to Digest
• KATA-1635 - Peer pods support in OSC (4.12 dev preview)
• KATA-1701 - Release OSC operator as single stream
• KATA-1821 - Onboard PeerPods into CPaaS for build/release
• KATA-1936 - deploy peer pod capable operator via OLM and run a simple peer pod
• KATA-1278 - Unable to use fuse-overlayfs storage driver with buildah on sandboxed containers
• KATA-1926 - Kataconfig deletion get stuck sporadically
• KATA-1969 - rearrange the cluster-modifying steps performed during kata installation
• KATA-2139 - rearrange the cluster-modifying steps performed during kata uninstallation
• KATA-2140 - kataconfigPoolSelector is not honoured when creating cloud-api-adaptor daemonset
• KATA-2141 - peerpodconfig CRD not getting deleted after KataConfig removal
• KATA-2147 - Kataconfig install not completing
• KATA-2172 - peer pods webhook is not running
• KATA-2116 - kata-monitor pod hits SELinux denials

CVEs

(none)

References

(none)