Issued:: 2021-10-18
Updated:: 2021-10-18

RHSA-2021:3759 - Security Advisory

Overview

Synopsis

Moderate: OpenShift Container Platform 4.9.0 bug fix and security update

Type/Severity

Security Advisory: Moderate

Topic

Red Hat OpenShift Container Platform release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.0. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2021:3758

Security Fix(es):

gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation (CVE-2021-26539)
sanitize-html: improper validation of hostnames set by the "allowedIframeHostnames" option can lead to bypass hostname whitelist for iframe element (CVE-2021-26540)
nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)
nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string (CVE-2021-29059)
golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
helm: information disclosure vulnerability (CVE-2021-32690)
golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)
golang: net: lookup functions may return invalid host names (CVE-2021-33195)
golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-x86_64

The image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-s390x

The image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-ppc64le

The image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61

All OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available
at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor

Solution

For OpenShift Container Platform 4.9 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

Affected Products

Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
Red Hat OpenShift Container Platform for ARM 64 4.9 aarch64

Fixes

BZ - 1786835 - oc is crashing while mirroring registry
BZ - 1856355 - Scrolling of pf4 tables is far less performant than the previous version
BZ - 1862429 - LocalVolumeSet object can be deleted with in-use PVs. May result in data leak
BZ - 1868221 - Missing /etc/mtab symlink in CRI-O containers
BZ - 1882490 - Azure installer misses hyphen in master NIC names
BZ - 1883378 - Openapi spec is missing for prometheus-adapter aggregated api-resources
BZ - 1890676 - Cypress: Fix 'aria-hidden-focus' accesibility violations
BZ - 1898877 - keepalived consumes 100% of cpu
BZ - 1903519 - Wrong Ingress to Route conversion for wildcard hostnames
BZ - 1903632 - After upgrading a customer openshift cluster to 4.6.4 the openshift marketplace pods are in ImagePullBackOff state
BZ - 1904155 - Graphs on utilization tab don't respect timespan selection
BZ - 1905326 - kube-apiserver initContainer setup is not requesting required resources: cpu, memory
BZ - 1905851 - [REF] Create volumesnapshotclass for Manila csi driver by default Storage/Manila CSI Driver
BZ - 1906315 - "cannot populate chunk **" error in prometheus container logs
BZ - 1908677 - Reenable [sig-network] SCTP [Feature:SCTP] [LinuxOnly] should create a Pod with SCTP HostPort [Suite:openshift/conformance/parallel] [Suite:k8s]
BZ - 1908772 - A11y Violation: Dev Console Nav Menu UL contains non-LI elements
BZ - 1909058 - [cinder-csi-driver operator] always report fake event continuously in openstack-cinder-csi-driver-operator log
BZ - 1913618 - Completed pods skew the Quota metrics
BZ - 1914398 - multus admission controller and metrics daemon running as root
BZ - 1914414 - SRIOV enablement for Emulex Corporation OneConnect NIC (10df:0720) is not working anymore
BZ - 1914837 - Machine API Termination Handlers should be tested
BZ - 1918562 - [cinder-csi-driver-operator] does not detect csi driver work status
BZ - 1921139 - revert "force cert rotation every couple days for development" in 4.8
BZ - 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
BZ - 1923111 - Install plans permanently fail due to CRD resource modified or similar transient errors
BZ - 1924695 - Non-ascii passwords are accepted but don't work
BZ - 1925180 - Deployment creates a huge number of ReplicaSets - image-lookup bits
BZ - 1925203 - [RFE] [OCPonRHV] - High Performance Mode in OCP on RHV - huge pages, CPU and Numa pinning configuration
BZ - 1925276 - Double instance create AWS
BZ - 1925524 - openshift-jenkins-sync plugin does not scale on OCP 4
BZ - 1928668 - Prometheus is collecting metrics for completed pods
BZ - 1928816 - When using idrac-virtualmedia, the bios_interface gets set to idrac-wsman
BZ - 1928856 - OCP Conformance test fails if MachineSet resource type is not present
BZ - 1928942 - [Assisted-4.7] [Minimal-ISO] [Started image download] "Started image download" event missing important info: Content-Length: and Content-Disposition filename in both API and UI events
BZ - 1932139 - The downstream darwin/amd64 `opm` binary fails to output the version info
BZ - 1932323 - CVE-2021-26540 sanitize-html: improper validation of hostnames set by the "allowedIframeHostnames" option can lead to bypass hostname whitelist for iframe element
BZ - 1932362 - CVE-2021-26539 sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation
BZ - 1934443 - Installation of OCP 4.6.13 fails when teaming interface is used with OVNKubernetes
BZ - 1936408 - [VMware-LSO] pod re-attach time took more then 60 sec.
BZ - 1936919 - AlertmanagerMembersInconsistent fires too quickly, causing serial-test noise
BZ - 1937696 - [Assisted-4.7]node/hostnames vs bmh names inconsistency, skipped cluster index in name
BZ - 1938282 - [4.9] Kuryr won't remove LB members on Endpoints object removal
BZ - 1939045 - [OCPv4.6] pod to pod communication broken on PFCP procotol over UDP
BZ - 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string
BZ - 1940059 - [GSS][RFE] Integrate ceph dashboard with OCS
BZ - 1941224 - Serial e2e should not complain about the authentication operator going Progressing=True during the "test RequestHeaders IdP" test-case
BZ - 1942122 - Egress IP iptables rules not added due to iptables: Resource temporarily unavailable
BZ - 1942164 - [sig-cluster-lifecycle] cluster upgrade should be fast
BZ - 1942657 - ingress operator stays degraded after privateZone fixed in DNS
BZ - 1943265 - Negative Memory Utilization for Cluster Compute Resources Dashboard
BZ - 1943284 - opm index prune will fail if the working directory does not have write permissions
BZ - 1943334 - [ovnkube] node pod should taint NoSchedule on termination; clear on startup
BZ - 1943378 - OpenStack machine_controller does not remove boot volumes when reconciler errors
BZ - 1946178 - [Assisted-4.7] [Staging][OCS] Cluster validation messages improvements
BZ - 1947005 - cluster-monitoring-view role allows to create alert silences
BZ - 1947740 - [single-node] "Failed to watch" errors in openshift-state-metrics container
BZ - 1948089 - openshift-apiserver should not set Available=False APIServicesAvailable on update
BZ - 1948090 - Storage should not set Available=False APIServices_Error AWSEBSCSIDriverOperatorCRAvailable on update
BZ - 1948603 - Azure CSI driver does not pass e2e-azure-csi tests
BZ - 1948607 - vSphere CSI driver does not pass e2e-vsphere-csi tests
BZ - 1948720 - Spacing issues in Chinese translations
BZ - 1949497 - apiversion is still policy/v1betal when user creates pdb via oc create command
BZ - 1949840 - CMO reports unavailable during upgrades
BZ - 1950173 - Non-fatal: prometheus.env.yaml: no such file or directory
BZ - 1950534 - OPM fails to deprecate bundles
BZ - 1951812 - [master] [assisted operator] Assisted Service Postgres crashes msg: "mkdir: cannot create directory '/var/lib/pgsql/data/userdata': Permission denied"
BZ - 1952101 - Can't re-build index if any bundles have been truncated
BZ - 1952224 - Some quickly deleted pods are never cleaned up by kubelet after 20m
BZ - 1952457 - In k8s 1.21 bump '[sig-node] crictl should be able to run crictl on the node' test is disabled
BZ - 1952737 - [RFE]Users had difficulty distinguishing between “ Supported” and “Provided”
BZ - 1953063 - Update default AWS instance type in machine-api-operator
BZ - 1953113 - HAProxy template doesn't allow HSTS header to be case insensitive or include spaces
BZ - 1953127 - NetworkPolicy tests were mistakenly marked skipped
BZ - 1953182 - [Azure disk csi driver] volume expansion failed on filesystem resizing
BZ - 1953185 - [Azure disk csi dirver operator] doesn't use the credential created by CCO
BZ - 1953674 - [RFE] Add resize to ovirt CSI driver
BZ - 1954869 - Add necessary priority class to marketplace components
BZ - 1955192 - ExternalIP feature do not work on ovn-kuberenetes
BZ - 1955292 - Describe quota output should show units
BZ - 1955435 - "requestURI":"/apis/user.openshift.io/v1/users/kube:admin" from system:apiserver got code 422
BZ - 1955586 - ThanosSidecarUnhealthy will never fire if the sidecar is never healthy.
BZ - 1956081 - kube-apiserver setup fail while installing SNO due to port being used
BZ - 1956830 - "oc adm top nodes" output give negative numbers
BZ - 1956836 - AVC denial when setting hostname on GCP using "set-valid-hostname.sh" script
BZ - 1956879 - authentication errors with "square/go-jose: error in cryptographic primitive" are observed in the CI
BZ - 1956955 - Services sync causes too many ovn load balancer deletes
BZ - 1956989 - In k8s 1.21 bump some sig-network tests are disabled due to being permanently broken on e2e-metal-ipi-ovn-ipv6
BZ - 1957498 - cluster-etcd-operator: policy/v1beta1 PodDisruptionBudget is deprecated in v1.21
BZ - 1957609 - [aws]Machine tags should have precedence over Infrastructure
BZ - 1957634 - prometheus-adapter panics on GetNodeMetrics
BZ - 1957761 - SR-IOV daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent
BZ - 1957886 - In k8s 1.21 bump TTLAfterFinished is disabled
BZ - 1958107 - SR-IOV network operator pods should not run in best-effort QoS
BZ - 1958154 - Custom AWS user tags limit not supported (openshift/api says max=25), install fails when >=10
BZ - 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header
BZ - 1958375 - Return IPv6 traffic from the application pod is getting dropped when f5 pod is scaled to more than one.
BZ - 1958376 - [IPI on Azure] unable to install IPI PRIVATE OpenShift cluster in Azure due to organization policies
BZ - 1958390 - API Services unavailable after upgrade from 4.5.38 to 4.6.27
BZ - 1958888 - 4.7.6 -> 4.7.9 upgrade: leader election stuck
BZ - 1959200 - failed to configure pod interface: error while waiting on OVS.Interface.external-ids:ovn-installed for pod: timed out while waiting for OVS port binding
BZ - 1959290 - openshift-kube-apiserver-operator should not rely on external networking for health check
BZ - 1959586 - [master] All resources not being cleaned up after clusterdeployment deletion
BZ - 1959798 - DNAT rules for external IP services wrong in ovn-kubernetes
BZ - 1959906 - External gateway fails to add duplicate OVN ECMP route
BZ - 1959957 - After a channel head is deprecated, the channel still exists in the index, but with no installable content = BAD UX
BZ - 1960101 - CNO: exportNetworkFlows accepts invalid TCP/UDP port numbers
BZ - 1960152 - Manilacsi becomes degraded even though it is not available with the underlying Openstack
BZ - 1960455 - Performance Addon Operator fails to install after catalog source becomes ready
BZ - 1960485 - Cannot use DASD at virtio block device when installing RHCOS on KVM
BZ - 1960559 - Remove v1beta1 handling code
BZ - 1960574 - Managed cluster should ensure SR-IOV pods components have system-* priority class associated
BZ - 1960680 - [SCC] openshift-apiserver degraded when a SCC with high priority is created
BZ - 1961226 - Can't ssh too IPA on worker nodes
BZ - 1961757 - ovn-kubernetes: Enable ovn-controller lflow-cache limits (memory and/or size)
BZ - 1961811 - Creating a configmap for a CA without a trailing newline in source file results in non-working CA verification
BZ - 1962344 - [SCALE] ovn-controller running up to 30 second poll intervals due to full recompute
BZ - 1962387 - Upgrade from Openshift 4.5 -> 4.6 Results in Orphaned Address sets
BZ - 1962414 - ed25519 keys do not work when FIPS is enabled
BZ - 1962951 - Can't enable column diffs in 4.9
BZ - 1962957 - [master] Assisted service reports a malformed iso when we fail to download the base iso
BZ - 1963027 - Upload qcow2 to PVC too small : "Error Uploading Data Request fail with status code 400"
BZ - 1963132 - Installer: Remove the word 'Northern' from us-east4 (Ashburn, Northern Virginia, USA) to make it consistent
BZ - 1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment
BZ - 1963943 - For baremetal clusters, the node->terminal is not available
BZ - 1964231 - Client certificate used to contact kubelet is not loaded dynamically
BZ - 1964266 - [RFE] add external-resizer side car container
BZ - 1964471 - [master] Confusing behavior when multi-node spoke workers present when only controlPlaneAgents specified
BZ - 1964482 - Ipv6 IP addresses are not accepted for whitelisting
BZ - 1964540 - CAPO: It's impossible to make port a trunk when it's defined in `ports` field
BZ - 1964591 - [master] ACM/ZTP with Wan emulation fails to start the agent service
BZ - 1964623 - [master] File system usage not being logged appropriately
BZ - 1964786 - Serial console does not load
BZ - 1964902 - NetworkPolicy Ingress rules table shows confusing text in From column
BZ - 1964941 - If loading dynamic plugin times out, the UI throws a syntax error
BZ - 1965074 - [OVN Kubernetes] ovnkube errors observed on 100 node clusters during uperf testing Fatal error: ofport of patch-br-ex_ip-<node_ip>.us-east-2.compute.internal-to-br-int has changed from [] to 2
BZ - 1965080 - machine-api-operator constantly makes unauthorized AWS calls to DescribeInternetGateways
BZ - 1965117 - [master] Post making changes to AgentServiceConfig assisted-service operator is not detecting the change and redeploying assisted-service pod
BZ - 1965263 - [volume snapshot] "oc get volumesnapshotcontent" should display the volumesnapshot namespace info
BZ - 1965365 - Accessibility - Resource and Events filter select options do not move cursor focus into search input on click, inhibits keyboard navigation
BZ - 1965562 - recycler-for-nfs-... does not set requests or priorityClassName
BZ - 1965930 - NetworkPolicy is not translated in Korean or Chinese
BZ - 1965984 - Console Dashboard performance leads to empty visualizations
BZ - 1965992 - Gracefully shutdown taking around 6-7 mins (libvirt provider)
BZ - 1966129 - [4.9] Openshift Installer| UEFI mode | BM hosts have BIOS halted
BZ - 1966480 - Console-operator's controllers are passed resourceSyncer which is not used (refactoring)
BZ - 1966485 - [master] Operator-managed assisted Service doesn't wait for CVO to finish before reporting back
BZ - 1966499 - portworx-operator causes APIRemovedInNextReleaseInUse alert
BZ - 1966586 - [Assisted-4.7] [Staging] 200 OK returned when setting invalid Base DNS domain using API
BZ - 1967047 - Console overview section shows operators are upgrading even though it is not actually upgrading.
BZ - 1967108 - AsyncComponent loader comparison may result in false positive
BZ - 1967228 - 503 Error page contains license for a vulnerable release of Bootstrap
BZ - 1967316 - Sweep frontend/public folder for i18n
BZ - 1967483 - coreos-installer fails to download Ignition (DNS error, failed to lookup address)
BZ - 1967516 - Incorrect warning message on network type selection
BZ - 1967527 - CPU spikes not captured in Grafana causing issue to understand HPA behavior
BZ - 1967621 - Operator fails to install and OLM tries to delete nonexistent catalog pods under openshift-marketplace/redhat-marketplace
BZ - 1967658 - OLM: Failure alert message for copied CSV not helpful
BZ - 1967695 - managedFields is missing in provisioning-configuration json object
BZ - 1967808 - Readiness "exec" probes causes zombie process on certain container images
BZ - 1967885 - Creating a VM from the UI on OKD 4.7 fails with "the API version in the data (kubevirt/v1) does not match the expected API version (kubevirt/v1alpha3)"
BZ - 1967934 - Hide input box of add capacity modal for attached devices mode
BZ - 1967956 - [master] Assisted-service deployed on an IPv6 cluster installed with proxy: agentclusterinstall shows error pulling an image from quay.
BZ - 1967979 - Masthead dropdowns options are not accessible via the keyboard
BZ - 1968043 - [master] backend events generated with wrong namespace for agent
BZ - 1968124 - [master] [doc] "Mirror Registry Configuration" doc section needs clarification of functionality and limitations
BZ - 1968125 - [master] [DOCS] AgentServiceConfig examples in operator.md doc should each contain databaseStorage + filesystemStorage
BZ - 1968324 - [master] Unclear message in case of missing clusterImageSet
BZ - 1968336 - [master] missing role in agent CRD
BZ - 1968404 - [master] Wrong Install-config override documentation
BZ - 1968406 - [master] Misleading error in case of install-config override bad input
BZ - 1968423 - [master] CR finalizers block resource deletions if the assisted-service POD is not available
BZ - 1968425 - [master] AgentLabelSelector is required yet not supported
BZ - 1968448 - [master] KubeAPI CVO progress is not available on CR/conditions only in events.
BZ - 1968525 - Warning: Encountered two children with the same key in Operator Details page
BZ - 1968552 - [master] BMAC should wait for an ISO to exist for 1 minute before using it
BZ - 1968569 - Creating a network policy in OVN-Kubernetes can be very inefficient.
BZ - 1968570 - [master] Misleading error when ClusterImageSet specifies OpenShift version lower than 4.8
BZ - 1968572 - Assisted Service does not escape backslash characters on public SSH keys
BZ - 1969324 - [master] Remove Agent CRD Status fields not needed
BZ - 1969371 - [AWS] destroyer tried to search resources in other china region.
BZ - 1969374 - [OSP] Document how to update domain for image registry in version <4.8
BZ - 1969391 - [master] infra-env condition message isn't informative in case of missing pull secret
BZ - 1969404 - revert "force cert rotation every couple days for development" in 4.9
BZ - 1969471 - HAProxy tests in sdn-network-stress job are flaky
BZ - 1969477 - [master] Assisted service times out on GetNextSteps due to `oc adm release info` taking too long
BZ - 1969494 - [master] no indication for missing debugInfo in AgentClusterInstall
BZ - 1969546 - OLM: Scroll shadow in wrong position in operator details modal
BZ - 1969547 - [master] SNO with AI/operator - kubeconfig secret is not created until the spoke is deployed
BZ - 1969719 - vsphere-problem-detector cannot connect to vCenter API over https
BZ - 1969761 - sriov webhook not worked when upgrade from 4.7 to 4.8
BZ - 1969766 - [master] Empty cluster name on handleEnsureISOErrors log after applying InfraEnv.yaml
BZ - 1969796 - [master] Updating configmap within AgentServiceConfig is not logged properly
BZ - 1969902 - OLM fails with 'ResolutionFailed' found more than one head for channel
BZ - 1969989 - KMS connection details for new storageclass can not be changed in StorageClass creation form after 9 connection details are stored in csi-kms-connection-details configmap
BZ - 1969998 - [OCP 4.9 tracker] kubelet service fail to load EnvironmentFile due to SELinux denial
BZ - 1970011 - “managed by” link goes to the incorrect URL (unlike the correct ownerRef link)
BZ - 1970063 - [master] AgentServiceConfig mirror registry requires both ca-bundle.crt and registries.conf
BZ - 1970129 - OVS logging in must gather is missing previous logging levels
BZ - 1970147 - Weak Cipher in openshift-monitoring
BZ - 1970179 - [4.9] Bootimage bump tracker
BZ - 1970261 - [master] Add State and StateInfo to DebugInfo in ACI and Agent CRDs
BZ - 1970270 - [master] Add ProgressInfo to Agent and AgentClusterInstalll CRDs
BZ - 1970315 - 4.7 -> 4.8 upgrades fail on "[sig-network] pods should successfully create sandboxes by other" for pods which eventually start
BZ - 1970332 - Page disappears while creating Storage Class for rbd provisioner via UI
BZ - 1970421 - CVO does not provide a good enough reason to why an upgrade payload pull failed
BZ - 1970437 - [oVirt] Add guaranteed memory field to oVirt Machine Object
BZ - 1970466 - Console's OperatorHub leads users to unrelated install plan, if subscription does not have its own
BZ - 1970604 - Add IDP menu items are not translated
BZ - 1970910 - Uninstalling kube-descheduler clusterkubedescheduleroperator.4.6.0-202106010807.p0.git.5db84c5 removes some clusterrolebindings
BZ - 1970962 - Exception inside the Jenkins Master pod
BZ - 1970980 - Remove usage of i18nKey
BZ - 1970985 - periodic ci-4.8-upgrade-from-stable-4.7-e2e-*-ovn-upgrade are permafailing on service/ingress disruption
BZ - 1971032 - Add Sprint 202 Round 2 translations
BZ - 1971046 - apiserver stops responding during an e2e run (non-graceful shutdown) on GCP
BZ - 1971162 - Installation failed by enabling OCS from AI because of Virtual_Floppy as HDD listed in UI
BZ - 1971207 - installer only created one worker node and the install failed
BZ - 1971332 - oc new-build command does not pick automatic source clone secret in OpenShift 4.7
BZ - 1971499 - Should not show getting started links when add page customization disabled these entries
BZ - 1971518 - Cluster deletion misses trunk ports and loop over until timeout
BZ - 1971532 - Admin project list should not use internal ids as link titles
BZ - 1971537 - Support cgroups v2 (Podman on Fedora 31+)
BZ - 1971544 - Event sources in Developer console lists also action and sink kamelets
BZ - 1971602 - e2e-metal-ipi-upgrade for 4.7 to 4.8 is permafailing
BZ - 1971624 - [release-4.9] kube-apiserver failed to load SNI cert and key
BZ - 1971640 - [master] InfraEnv controller should always requeue for backend response HTTP StatusConflict (code 409)
BZ - 1971690 - Remove "unsupported" tag from ARM 64 oc binary in console
BZ - 1971715 - [OCP 4.7] "configure-ovs.sh" leaves static ip in old interface
BZ - 1971738 - Keep /boot RW when kdump is enabled
BZ - 1971808 - New `local-with-fallback` service annotation does not preserve source IP
BZ - 1971899 - The ciphers in theTLS profiles for the kubelet, the `oc explain` output don't match the kubelet.conf file
BZ - 1972003 - Get invalid date when edit custom time range on monitoring dashboards
BZ - 1972009 - [REF]Image registry pullthough should support pull image from the mirror registry with auth via imagecontentsourcepolicy
BZ - 1972011 - Dashboards display different time range when drag&drop on the first dashboard
BZ - 1972016 - Set a specific time range, but Dashboards display data with a different time range
BZ - 1972028 - Upgrade is failed when upgrade SNO cluster on gcp platform
BZ - 1972060 - typo in operators available
BZ - 1972096 - [master] Domain dummy.com (not belonging to Red Hat) is being used in a default configuration
BZ - 1972131 - ironic-static-ip-manager container still uses 4.7 base image
BZ - 1972272 - [master] "baremetalhost.metal3.io/detached" uses boolean value where string is expected
BZ - 1972287 - [mlx5] traffic from Node port is not offloaded
BZ - 1972351 - Bump jenkins version to 2.289.1
BZ - 1972374 - Adopt failure can trigger deprovisioning
BZ - 1972383 - Using bound SA tokens causes causes failures to /apis/authorization.openshift.io/v1/clusterrolebindings
BZ - 1972393 - PDB PUT /status is 1/6th of total write load on busy cluster continuously (should be 1/100 or so)
BZ - 1972514 - add check for accessing traffic from status in ksvc
BZ - 1972524 - bootstrap vm does not get right configuration for dhcp6
BZ - 1972525 - [master] clusterDeployments controller should send an event to InfraEnv for backend cluster registration
BZ - 1972572 - Ironic rhcos downloader re-downloads same image in upgrade process from 4.7 to 4.8
BZ - 1972582 - [oVirt] Installing with an oVirt network with 2 vnics on the same network causes the installer to not create tfvars and fail with terraform error
BZ - 1972598 - [master] Install retry per recreating ACI, BMH error status is not cleared
BZ - 1972678 - Requirements for authenticating kernel modules with X.509
BZ - 1972682 - DPDK KNI modules need some additional tools
BZ - 1972684 - [Feature:IPv6DualStack] tests are failing in dualstack
BZ - 1972747 - Allow Cluster-api-provider-ovirt using auto pinning new namings
BZ - 1972753 - ironic hardware inspection failed due to NewConnectionError causes bm nodes stuck
BZ - 1972776 - improve dual-stack install-config validation
BZ - 1972777 - Unable to edit the default Health check probe values
BZ - 1972829 - Upgrade tests should fail when ingress is disrupted
BZ - 1972966 - Virtualization is not available in Home Overview
BZ - 1972968 - "Add Disk" button should be disabled in common template disks tab
BZ - 1972977 - The removed ingresscontrollers should not be counted in ingress_controller_conditions metrics
BZ - 1973005 - authentication operator degraded during 4.7.16 update
BZ - 1973065 - Editing a Deployment drops annotations
BZ - 1973076 - [oVirt] CSI driver is not waiting for disk to be OK on creation
BZ - 1973147 - KubePersistentVolumeFillingUp - False Alert firing for PVCs with volumeMode as block.
BZ - 1973154 - RHCOS-shipped stalld systemd units do not use SCHED_FIFO to run stalld.
BZ - 1973160 - Monitoring UI disappear when we query a string
BZ - 1973200 - remove kubevirt images and references
BZ - 1973215 - [OVN] EgressIP no longer worked after a cluster upgrade
BZ - 1973314 - [4.9] Openshift Installer| UEFI mode | BM hosts have BIOS halted
BZ - 1973315 - [master] Updating ISO URL does not create a correct log entry
BZ - 1973318 - Image pruner does not use custom tolerations
BZ - 1973333 - Investigate why strings removed in English files are showing up in langauge files
BZ - 1973336 - Verify "Only {volumeMode} volume mode is available for {storageClass} with {accessMode} access mode" displays correctly
BZ - 1973338 - Fix punctuation in string
BZ - 1973340 - Add Sprint 203 translations
BZ - 1973423 - Several operators degraded because Failed to create pod sandbox when installing an sts cluster
BZ - 1973482 - 4.8.0.rc0 upgrade hung, stuck on DNS clusteroperator progressing
BZ - 1973491 - Node exporter veth optimizations do not work if the network type is OVN
BZ - 1973525 - machine-config-operator: remove runlevel from kni-infra namespace
BZ - 1973565 - Dynamic plugin routes should be evaluated before static plugin routes
BZ - 1973567 - Autoscaler log report error “Failed to watch *v1.CSIDriver”
BZ - 1973576 - only show annotations.summary field on thanos-ruler Alerts page
BZ - 1973582 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc certified-operators is not correct
BZ - 1973643 - oc logs doesn't work with piepeline builds
BZ - 1973679 - fix ovn-kubernetes NetworkPolicy 4.7->4.8 upgrade issue
BZ - 1973724 - metal3 Pod cannot download RHCOS images using the provisioning network anymore
BZ - 1973813 - NodePorts do not work on RHEL 7.9 workers (was "4.7 -> 4.8 upgrade is stuck at Ingress operator Degraded with rhel 7.9 workers")
BZ - 1974077 - [Assisted-4.8] [Staging][Network Latency] Improve validation message: host with IP not found in inventory
BZ - 1974083 - [RFE] When branding is not redhat, no need to explicitly mark community support.
BZ - 1974085 - [Assisted-4.8] [Staging][Network Latency] Worker host IP appear in master validation message
BZ - 1974237 - 4.7 -> 4.8 upgrades on AWS take longer than expected
BZ - 1974277 - Tuned net plugin fails to handle net devices with n/a value for a channel
BZ - 1974312 - linuxptp-daemon: remove not needed run-level 1 label
BZ - 1974338 - [OCP4.7] maven image doesn't use JAVA_HOME env variable
BZ - 1974350 - LB endpoint for API becomes unavailable briefly during openshift test suite
BZ - 1974364 - [must-gather] ovs/ovn database should be exported or dumped, not compacted and copied
BZ - 1974403 - OVN-Kube Node race occasionally leads to invalid pod IP
BZ - 1974411 - Installation with multipath parameters in parmfile fails (DNS resolution missing)
BZ - 1974429 - Requirements for nvidia GPU driver container for driver toolkit
BZ - 1974453 - coreos-installer failing Execshield
BZ - 1974501 - [master] Assisted Service Operator should be Infrastructure Operator for Red Hat OpenShift
BZ - 1974520 - [release-4.9] CI update from 4.7 to 4.8 sticks on: EncryptionMigrationController_Error: EncryptionMigrationControllerDegraded: etcdserver: request timed out
BZ - 1974567 - vertical-pod-autoscaler-operator: remove runlevel from namespace manual install
BZ - 1974598 - Sub-optimal cluster destroy strategy
BZ - 1974603 - clusteroperators table output does omit condition messages
BZ - 1974611 - In template list, the boot source provider column should be named boot source
BZ - 1974640 - When installing on AWS, AWS_SHARED_CREDENTIALS_FILE is only obeyed for reading and not for writing credentials
BZ - 1974651 - dockerv1client tests fail due to unavailability of v1 API on registry-1.docker.io
BZ - 1974689 - In customize create vm wizard, a warning "no registred model"
BZ - 1974716 - Using bound SA tokens causes fail to query cluster resource especially in a sts cluster
BZ - 1974755 - Status defaults were not internationalized
BZ - 1974758 - aws-serial jobs are failing with false-positive MachineWithNoRunningPhase firing or pending
BZ - 1974830 - KubeDeploymentReplicasMismatch alert will never fire
BZ - 1974832 - The monitoring stack should alert when 2 Prometheus pods are scheduled on the same node
BZ - 1974839 - CVE-2021-29059 nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string
BZ - 1974967 - Prometheus Memory Usage 50-100% higher on 4.8+ OVN when under load
BZ - 1974973 - ci-operator cannot import an s390x or a non-amd64 OCP release image
BZ - 1975016 - OpenStack credentials for Kuryr Controller should be stored in a secret
BZ - 1975038 - Cannot delete user created vm template
BZ - 1975042 - Cannot customize windows template boot source
BZ - 1975133 - Sync ironic containers with latest ironic code
BZ - 1975157 - (release-4.9) records data size is incorrectly growing when obfuscation is enabled or when there are duplicated records
BZ - 1975218 - [master] KubeAPI Move conditions consts to CRD types
BZ - 1975232 - VM Create YAML page 404 error
BZ - 1975283 - gcp-realtime: e2e test failing [sig-storage] Multi-AZ Cluster Volumes should only be allowed to provision PDs in zones where nodes exist [Suite:openshift/conformance/parallel] [Suite:k8s]
BZ - 1975296 - machinehealthcheck controller does not consider nodes that still have the external remediation annotation
BZ - 1975359 - [master] timeout on kubeAPI subsystem test: SNO full install and validate MetaData
BZ - 1975379 - Console pods are scheduled on single master node
BZ - 1975383 - No NTP sources defined in a cluster after assisted installation
BZ - 1975391 - Install Operator description iframe shows double scrollbars when the browser sized is narrowed.
BZ - 1975392 - Console and downloads pods should have more specific anti-affinity label selectors
BZ - 1975475 - [aws] terraform may fail when the bootstrap instance profile is not ready
BZ - 1975478 - CRD extensions.ConsoleNotification CRD.displays YAML editor for modifying the location of ConsoleNotification instance
BZ - 1975491 - [Assisted-4.8] [Staging][Network latency] host_requirements api should contain network thresholds
BZ - 1975529 - Production logs are spammed on "Validate Requirements status All host roles must be assigned to enable CNV."
BZ - 1975539 - [ImageStreams] Remove stale cruft installed by CVO in earlier releases
BZ - 1975542 - [Insights] Remove stale cruft installed by CVO in earlier releases
BZ - 1975683 - baremetal-operator fails to build
BZ - 1975696 - compareOwnerReference should not accept a reference
BZ - 1975714 - Missing policy-group label on the openshift-console namespace manifest
BZ - 1975715 - Monitoring dashboard 'Logging/Elasticsearch' isn't accessible on OCP 4.8.
BZ - 1975779 - image pull keeps failing on upgrade
BZ - 1975805 - [4.8.0] Install retry per recreating ACI, BMH error status is not cleared
BZ - 1975820 - There are plugins remained after uninstall operator with multiple plugins enabled
BZ - 1975824 - Alert InstallPlanStepAppliedWithWarnings does not resolve
BZ - 1975825 - [v4.8] The `oc compliance fetch-raw` is unable to process results from suite: unexpected EOF
BZ - 1975831 - Crio is using large amounts of node resources
BZ - 1975913 - Unable to uncheck the optional workspace checkbox in pipeline builder
BZ - 1975947 - Add egress ips to anonymizer
BZ - 1976016 - Azure: Destroy cluster eventually fails when trying to delete a cluster while other resources (not related to the cluster) are present in the resource group
BZ - 1976072 - Operand details page doesn't render correct format when x-descriptor path has None value
BZ - 1976112 - batch/v1beta1 CronJob warning appears in image pruner pod when image registry is removed
BZ - 1976125 - [BM][IPI] redfish inspect fails on nodes with nics where mac="": Expected a MAC address but received .
BZ - 1976215 - Removed egressIP still shows as EXTERNAL_IP in the NorthBound DB.
BZ - 1976217 - Chart empty state card different height than other cards on Metrics tab
BZ - 1976243 - OLM operator index pod for Performance Addon Operator is missing Workload Partitioning Annotation
BZ - 1976307 - CVO missing ImageStreams manifest delete annotation logic
BZ - 1976326 - CI failing on firing CertifiedOperatorsCatalogError due to slow livenessProbe responses
BZ - 1976373 - disable jenkins client plugin test whose Jenkinsfile references master branch openshift/origin artifacts
BZ - 1976379 - CVO pod skipped by workload partitioning with incorrect error stating cluster is not SNO
BZ - 1976753 - [sig-devex][Feature:Jenkins][Slow] Jenkins repos e2e openshift using slow openshift pipeline build Sync plugin tests using the ephemeral template expand_more
BZ - 1976775 - Problematic Deployment creates infinite number Replicasets causing etcd to reach quota limit
BZ - 1976776 - [master] Change agent's ReadyForInstallation condition into RequirementsMet
BZ - 1976939 - Interacting with CatalogSource page.Interacting with CatalogSource page renders details about the redhat-operators catalog source
BZ - 1976983 - [master] [assisted operator][docs] Setting automatedCleaningMode: metadata in BMH is overridden to disabled
BZ - 1977027 - [oauth-apiserver] Remove stale cruft installed by CVO in earlier releases
BZ - 1977037 - VNC console stays in Connecting state.
BZ - 1977054 - [4.9] Unable to authenticate against IDP after upgrade to 4.8-rc.1
BZ - 1977097 - build cleanup test failing on release-openshift-origin-installer-old-rhcos-e2e-aws-4.7
BZ - 1977129 - openshift-installer: remove runlevel from openshift-kubevirt-infra namespace
BZ - 1977279 - When applying the gateway annotation to a gateway pod or to a namespace, the per pod SNAT is not removed
BZ - 1977330 - Single stack external gateway makes the pod not starting with dual stack clusters
BZ - 1977346 - Fix obfuscation translation table secret 4.9
BZ - 1977354 - [master] KUBE-API: Support move agent to different cluster in the same namespace
BZ - 1977369 - vSphere Machines stuck in deleting phase if associated Node object is deleted
BZ - 1977377 - [master] Add columns to the Agent CRD list
BZ - 1977389 - Manila CSI driver is not in must-gather
BZ - 1977435 - SNO - monitoring operator is not available cause failed: waiting for Alertmanager openshift-monitoring/main
BZ - 1977444 - KubeAPI docs: Add a getting started guide
BZ - 1977449 - [master] Fix flaky test: invalid NMState config YAML
BZ - 1977454 - builds: e2e-proxy tests fail due to Redis security protections
BZ - 1977595 - pseudo translation missing on OperatorHub page
BZ - 1977655 - localization issue for volume mode tooltip message
BZ - 1977753 - (release-4.9] Gather all MachineConfig definitions
BZ - 1977807 - Prometheus PV is corrupted during CSI migration tests
BZ - 1977884 - Upgrade from 4.8.0-rc.0 to 4.9.0-0.nightly-2021-06-24-073147 failing with multiple errors
BZ - 1977920 - Pod fails to run when a custom SCC with a specific set of volumes is used
BZ - 1977936 - OCS deployment using Multus: UI allows StorageCluster creation with empty public and cluster network in "Internal - Attached Devices" mode
BZ - 1977972 - Kernel version in /etc/driver-toolkit-release.json not including architecture
BZ - 1977981 - [External Mode] OpenShift Container Storage Overview does not display any dashboard by default unless specific tab is clicked
BZ - 1978091 - Cluster Utilization item Network transfer shows 'No datapoints found'
BZ - 1978137 - ovnkube-trace requires iproute to be installed in the pod
BZ - 1978144 - CVE-2021-32690 helm: information disclosure vulnerability
BZ - 1978193 - htpasswd provider for auth is not working as expected and give 401 error when user try to login
BZ - 1978200 - RHEL 6 template should not be starred by default
BZ - 1978202 - RHEL 6 template is tagged as "community"
BZ - 1978213 - OpenStack quota checks inexact when using Kuryr
BZ - 1978222 - User Management / Users: seeing "Add IdP" button although IdP exists
BZ - 1978225 - User Management / Users: no progress visible suggesting that IdPs are not instant after configuration
BZ - 1978268 - Exec probes fail clusterwide after upgrade to cri-o-1.19.2-4.rhaos4.6.git4f7cb5e.el7.x86_64
BZ - 1978310 - OLM dependencies not fixing version
BZ - 1978338 - "Prometheus metrics should be available after an upgrade" is panicking
BZ - 1978340 - packageserver isn't following the OpenShift HA conventions
BZ - 1978352 - [master] Add machine network cidr to cluster status
BZ - 1978376 - Should not allow upgrades to 4.9 without admin acknowledgement that apis are being removed
BZ - 1978403 - Add Sprint 203 Round 2 translations
BZ - 1978416 - Convert TFunction to Trans component
BZ - 1978421 - String updates (typos, etc.)
BZ - 1978425 - Consolidate namespaces in console-app and console-shared plugins
BZ - 1978429 - Typos in Pipelines Plugin strings
BZ - 1978435 - SR-IOV doesn't show up in operatorhub for ppc64le
BZ - 1978627 - When mount source with a long unexist name, the build keeps pending with unclear message
BZ - 1978629 - [RFE]'oc describe build|buildconfig' should show mount souce info when add Secret Volume Mounts to buildconfig
BZ - 1978649 - Object Service tab should not be part of OCP Console for ODF Managed Services
BZ - 1978662 - monitoring operator needs to indicate non-durable data
BZ - 1978691 - [4.9.0] OPENSHIFT_VERSIONS env var overrides AgentServiceConfig osImages: values
BZ - 1978724 - Binary secret data isn't properly uploaded by ui
BZ - 1978739 - [master] Provisioning SNOs bmh is stuck in ready state
BZ - 1978749 - CVO doesn't honor noProxy while contacting Cincinnati endpoint
BZ - 1978774 - Cluster-version operator loads proxy config from spec, not status
BZ - 1978797 - external gateway pod deletes may not clean up ECMP routes
BZ - 1978829 - ClusterMonitoringOperatorReconciliationErrors is firing during upgrades and should not be
BZ - 1979009 - Change log message about EFI not being supported in assisted-installer
BZ - 1979038 - Installation logs are not gathered from OCP Control planes nodes
BZ - 1979114 - Cannot create vm from 'With YAML' on CNV 2.6.5 + OCP 4.8
BZ - 1979116 - Cannot create vm from customize wizard on CNV 2.6.5 + OCP 4.8
BZ - 1979169 - [docs] Unclear docs in automatedCleaningMode
BZ - 1979190 - Cannot get guest information on CNV 2.6.5 + OCP 4.8
BZ - 1979297 - SystemExceedsMemoryReservation prometheusRule manages wrongly hugepage reservation
BZ - 1979300 - Upgrading from 4.7.11 to 4.8.0: Saw HybridOverlay logical router policies getting created without any existing hybridoverlay configuration
BZ - 1979352 - Tuned affining containers to house keeping cpus
BZ - 1979506 - The earlier version bundles that generated by pkgman-to-bundle won't be installed success
BZ - 1979544 - olm Operator is in CrashLoopBackOff state with error "couldn't cleanup cross-namespace ownerreferences"
BZ - 1979571 - Process is not terminated in pod terminal in UI.
BZ - 1979620 - Applying an OLM descriptor to a deeply nested child property then doing the same for a parent property will cause the descriptor for the child to be removed.
BZ - 1979738 - driver-toolkit gcc install unable to download extract-vmlinux script in ART builds
BZ - 1979822 - mdns-publisher pods are crashing and restarting often.
BZ - 1979996 - Dashboards do not support automatic unit transformation for time
BZ - 1980029 - CI: openstacksdk 0.53 breaks UPI jobs
BZ - 1980118 - Cannot launch debug container for pods in management workload partition
BZ - 1980135 - On an IPv6 single stack cluster traffic between master nodes is sent via default gw instead of local subnet
BZ - 1980187 - [sig-operator] an end user can use OLM can subscribe to the operator failing frequently
BZ - 1980235 - OAuth proxy version is displayed should be removed.
BZ - 1980257 - 'You are logged in as a temporary administrative user.' banner is shown for kubeadmin user with crc
BZ - 1980357 - Getting the alert "V4SubnetAllocationThresholdExceeded" in newly installed cluster, Where subnet allocation is not more then 80%
BZ - 1980364 - CI not working because Dockerfile references an ImageStream resource which isn't compatible with OLM
BZ - 1980465 - etcd warning logs misleading
BZ - 1980531 - additionalHelpActions 'HelpMenu' ConsoleLinks not translated
BZ - 1980548 - Not all plugins' locales folders are listed in webpack.config.ts
BZ - 1980658 - metal-ipi jobs are failing because of api server connection errors
BZ - 1980679 - On a Azure IPI installation MCO fails to create new nodes
BZ - 1980704 - Web console doesn't list all the registries credentials in a secret
BZ - 1980753 - 4.7 minimal iso fails to boot
BZ - 1980781 - NTO-shipped stalld can segfault
BZ - 1980844 - The SystemMemoryExceedsReserved alert released in 4.6 seems to trigger on many clusters under load (default increase if possible?)
BZ - 1980888 - Thanos querier probes are timing out
BZ - 1980930 - Machine-api-operator is going through leader election even when API rollout takes ~60 sec in SNO
BZ - 1981055 - ovn-kubernetes-master need to handle 60 seconds downtime of API server gracefully in SNO
BZ - 1981090 - [IPI baremetal] 'Failed to get the sockets from the old process' error is reported in haproxy logs following haproxy reload
BZ - 1981272 - When deleting PVC inside PVC page the status in the heading doesn't match the status field
BZ - 1981399 - protractor tests are not able to run on release-4.8 and master
BZ - 1981417 - Change OCM links from cloud. to console.redhat.com
BZ - 1981425 - Update jenkins to 2.289.2
BZ - 1981465 - Assisted installer wait for ready nodes on bootstrap kube-apiserver though it moved to one of the other masters
BZ - 1981477 - Unable to attach Vsphere volume shows the error "failed to get canonical path"
BZ - 1981498 - enhance service-ca injection
BZ - 1981550 - AWS Elastic IP permissions are incorrectly required
BZ - 1981639 - Imageregistry bumps out N+1 pods when set replicas to N(N>2) and Y(=workers number) pods are scheduled to different workers, the left pods will keep pending
BZ - 1981832 - OLM fails with 'ResolutionFailed' found multiple channel heads
BZ - 1981936 - openshift/builder base images inconsistent with ART
BZ - 1981957 - Sync plugin v1.0.47 takes a very long time to pick up new builds
BZ - 1981975 - Master Machine Config Pool degraded at install time
BZ - 1981999 - [4.9] Bootimage bump tracker
BZ - 1982046 - CVO gets stuck on resource deletion progress after re-creating the deleted resource
BZ - 1982052 - [vsphere][upi] OVN vmxnet3 allmulti workaround doesn't apply when vmxnet3 is bonded
BZ - 1982079 - Resource usage measurement data display the concatenation of English and translation sentence fragments in Cluster utilization of Home->Ovewview when moving the mouse over each resource usage chart
BZ - 1982090 - Top consumers filter dropdown list is inconsistent with the translation of left menu when click usage data in each Cluster utilization row
BZ - 1982150 - Add a TechPreviewBadge for Multus
BZ - 1982153 - Accessibility (and cypress test) issue with empty category on Operator Hub page
BZ - 1982170 - (release-4.9] Operator operation is not set when updating status
BZ - 1982274 - OLM should block the OCP 4.8 upgrade to 4.9 when the operator installed with `olm.openShiftMaxVersion` annotation
BZ - 1982300 - vsphere-problem-detector not showing wrong credentials event/alert on OCP Console
BZ - 1982376 - Remove PatternFly override fixes now that upstream version include the fix
BZ - 1982653 - Observe - Alerting - Create silence : time period values are in English
BZ - 1982659 - Workloads - Jobs : 'Type' column's Value 'Non-parallel' is in English
BZ - 1982680 - Abort signal is ignored when using safe-k8s-hook.tsx
BZ - 1982682 - Namespace is not properly passed to k8sCreate
BZ - 1982692 - Serverless - Eventing - Event Sources - Move sink: incomprehensible japanese sentence
BZ - 1982727 - Serverless - Eventing - Brokers - Add Trigger : i18n misses
BZ - 1982736 - Serverless - Eventing - Channels - Add Subscription : appearing Partial translation for fully translated text
BZ - 1982751 - Serverless - Eventing - Subscriptions - Move Subscription : appearing partial translation
BZ - 1982765 - Networking - Services - Edit Pod Selector : An incomprehensible Japanese sentence
BZ - 1982766 - [on-prem] Make ingress keepalived check more tolerant to failures
BZ - 1982776 - Namespaces - RoleBindings - Edit ClusterRoleBinding subject : An incomprehensible Japanese translation
BZ - 1982781 - "opm index rm" doesn't remove deprecated bundles
BZ - 1982868 - 4.8 ManagementCPUsOverride admission plugin blocks 4.7 deployments on empty topology
BZ - 1982997 - Page header tools - Import YAML : i18n misses
BZ - 1983032 - User Management - Users - Impersonate User : i18n misses
BZ - 1983091 - Logic for getting default pull secret incorrect on project page
BZ - 1983190 - SNO deployment on HPE e910 blades fails because the node always boots from virtualmedia
BZ - 1983205 - StatefulSet fails to deploy with error Readiness Probe exec failed open /dev/tty failure no such address when .spec.tty is set to true [OCP 4.6.34]
BZ - 1983220 - A second scroll bar appears on the Node/Pod terminal page when resizing vertically
BZ - 1983412 - [Assisted-4.8] [Integration][Network validations] "unable to unmarshall host" and "unexpected end of JSON input" errors when booting nodes
BZ - 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic
BZ - 1983612 - When using boot-from-volume "image", InstanceCreate leaks volumes in case machine-controller is rebooted
BZ - 1983673 - opm may prune bundles from the input
BZ - 1983693 - Import from YAML shows warning when just pressing enter
BZ - 1983707 - Import from YAML breaks console when three dash separator at the end
BZ - 1983788 - Kubelet may start running before CRI-O
BZ - 1983933 - [oVirt] CSI expansion should work in offline mode
BZ - 1983975 - BMO fails to start with port conflict
BZ - 1984030 - Reduce CPU overhead for ignore-listed NICs
BZ - 1984031 - Create Silence form's "Created by" field is not populated after refreshing the page
BZ - 1984047 - insight-operator logs a panic when shutdown, triggering panic detections in CI jobs
BZ - 1984049 - Slow OVN Recovery on SNO
BZ - 1984156 - Add sprint 204 translations
BZ - 1984297 - There are spaces before VM description
BZ - 1984365 - Dashboard Prometheus/Overview can't filter instance by job
BZ - 1984414 - Excessive resource diff logging during updates
BZ - 1984449 - [4.9] drop-icmp pod blocks direct SSH access to cluster nodes
BZ - 1984481 - machine-api couldn't reconcile VMs with OVNKubernetes network type
BZ - 1984538 - The openshift-operators namespace should not contain the openshift.io/cluster-monitoring namespace label
BZ - 1984576 - PROVISIONING_INTERFACE missing from metal3 pod
BZ - 1984582 - Metal IPI jobs are failing a high percentage of the time
BZ - 1984608 - kube-scheduler needs to handle 60 seconds downtime of API server gracefully in SNO
BZ - 1984635 - openshift-config-operator needs to handle 60 seconds downtime of API server gracefully in SNO
BZ - 1984644 - openshift-service-ca-operator needs to handle 60 seconds downtime of API server gracefully in SNO
BZ - 1984683 - sdn-controller needs to handle 60 seconds downtime of API server gracefully in SNO
BZ - 1984736 - [master] ClusterDeployment controller watches all Secrets from all namespaces
BZ - 1984807 - Move tooltip 'Restore is only enabled for offline virtual machine' to the button when it's disabled
BZ - 1984942 - ApplyClusterRoleBinding triggers boundsError when adding new subject
BZ - 1984954 - Normal user cannot create VM because it cannot access v2v-vmware configmap
BZ - 1985033 - [OVN] [cluster network operator] Provide the option to configure probe intervals
BZ - 1985080 - Downloaded log file (All task logs) contains logs of all taskrun in a single line
BZ - 1985082 - namespace of monitoring rbac rules should not be hardcoded
BZ - 1985125 - OperatorGroup status is not updated when it has cardinality conflits when targetNamespace is used
BZ - 1985161 - Some localization issues
BZ - 1985164 - Regular user cannot restore VM snapshot
BZ - 1985197 - production builds doesn't load some locales successfully
BZ - 1985336 - OpenShift SDN doesn't add NOTRACK rule to raw iptables table to prevent vxlan from reaching conntrack
BZ - 1985366 - CCCMO using unregistered host ports
BZ - 1985391 - Cluster Proxy not used during installation on OSP
BZ - 1985447 - KubeAPIErrorBudgetBurn Missing namespace label
BZ - 1985449 - [Assisted-4.8 ][SaaS] error raised "unable to unmarshal connectivity report for host ID xxxx:unexpected end of JSON input" in Assisted Service Pod log
BZ - 1985483 - Cleaning a BMH deployed using live ISO results in a TLS failure
BZ - 1985512 - allow-from-router feature doesn't work on v6 only single stack cluster
BZ - 1985697 - package-server-manager needs to handle 60 seconds downtime of API server gracefully in SNO
BZ - 1985711 - Registry image input isn't trimming at the start of input
BZ - 1985721 - Pencil button is missing at Scheduling and resources requirements fields
BZ - 1985737 - VM Details page , boot order is missing pencil edit button
BZ - 1985773 - ptp4l crash when BC is configured
BZ - 1985795 - OCPonRHV: pvc stuck on pending status when using preallocated storage domain
BZ - 1985802 - cluster-version-operator needs to handle 60 seconds downtime of API server gracefully in SNO
BZ - 1985846 - Adding ebs type "gp3" when create storage class from web console
BZ - 1985850 - Update default value of volumeBindingMode from Immediate to WaitForFirstConsumer when create storageclass from web console
BZ - 1985852 - The vmware-vsphere-csi-driver-webhook pod runs as “BestEffort” qosClass
BZ - 1985895 - Order by 'Latest version' doesn't work on CustomResourceDefinitions list page
BZ - 1985948 - [e2e]sysprep, ssh, tests fail from time to time
BZ - 1985960 - oVirt 4.8 tests are failing on resize
BZ - 1985997 - kube-apiserver in SNO must not brick the cluster when a config observer outputs invalid data that would eventually converge towards a running system in HA setup
BZ - 1985998 - Re-enable 50 tests related to CSI failures
BZ - 1986001 - Enable back `ResourceQuota should create a ResourceQuota and capture the life of a service`
BZ - 1986003 - Bump to latest available 1.22.x k8s
BZ - 1986061 - cluster network operator deploys a service monitor which is never picked up by cluster monitoring operator
BZ - 1986090 - Cannot delete ClusterAutoscaler CR with foreground deletion
BZ - 1986127 - UI crash when installing helm chart or right click installed chart in topology
BZ - 1986129 - OpenShift web console not deployed after installing OCP 4.8.2 using single-node-developer profile
BZ - 1986139 - The marketplace operator default catalogs need to use the v4.9 tags
BZ - 1986148 - Bump API for Ingress RequiredHSTSPolicies field
BZ - 1986174 - SRO should be able to read a complete chart form a ConfigMap.
BZ - 1986215 - cluster-storage-operator needs to handle API server downtime gracefully in SNO
BZ - 1986225 - [e2e][automation] add tests for vm snapshot feature
BZ - 1986228 - Create e2e test for HSTS Feature
BZ - 1986238 - Supermicro X12 fails to provision using Redfish BM HW Provisioning
BZ - 1986243 - delete user-workload-monitoring-config configmap, can not find user metrics although no setting for enforcedTargetLimit
BZ - 1986253 - Automation of Application groupings in topology
BZ - 1986297 - Windows guest tool is always mounted even it's unchecked
BZ - 1986306 - Enable back `[sig-cli] Kubectl client kubectl wait should ignore not found error with --for=delete`
BZ - 1986307 - Enable back Feature:UDPConnectivity and NetworkPolicy tests
BZ - 1986309 - Update ironic-agent container with latest bugfix code
BZ - 1986311 - SRO crash when a incorrect chart is applied
BZ - 1986322 - Update ironic container with latest bugfix code
BZ - 1986324 - Update ironic-ipa-downloader container with latest bugfix code
BZ - 1986375 - Avoid CMO being degraded when some nodes aren't available
BZ - 1986389 - Textarea inside modal can be resized to larger width than modal
BZ - 1986392 - Kubelet can't find Node after upgrade to external CCM on AWS/OpenStack
BZ - 1986408 - Add NE-310 HSTS to 4.9
BZ - 1986418 - kube-storage-version-migrator-operator needs to handle API server downtime gracefully in SNO
BZ - 1986419 - aws-efs-csi-driver-operator CSV has upstream image references
BZ - 1986420 - IPI of private cluster on GCP failed due to variable "cluster_public_ip" is not set
BZ - 1986426 - Fix failing request on creating an ibm flash system via odf wizard
BZ - 1986427 - rebase d/s metallb-operator to pickup AddressPool update fix and CI enhancements
BZ - 1986437 - Bump openshift/api to support ExternalCloudProvider featuregate
BZ - 1986440 - Bump OVN to ovn21.09-21.09.0-9.el8fdp
BZ - 1986443 - OVN-kube master may report errors for "transaction failed" when creating logical ports
BZ - 1986452 - Increase in RSS memory in CRI-O
BZ - 1986453 - EUS Control loop to check for API server and node versions skew
BZ - 1986462 - Bug in cluster-baremetal-operator when PreProvisioningOSDownloadURLs are specified in addition to ProvisioningOSDownloadURL
BZ - 1986464 - Registry pull secret should be sent as base64 string
BZ - 1986474 - vsphere-syncer build is failing
BZ - 1986477 - cluster-node-tuning-operator needs to handle API server downtime gracefully in SNO
BZ - 1986493 - Upload jar files: Java commands are JAVA_ARGS not the purported container command
BZ - 1986495 - Missing translation in the Edit deployment form
BZ - 1986501 - Fix bundle image for efs operator
BZ - 1986540 - Cluster Proxy not used during installation on OSP
BZ - 1986560 - etcd-operator needs to handle API server downtime gracefully in SNO
BZ - 1986562 - lastTriggeredImageId is populated in BuildConfig spec
BZ - 1986565 - [OCP48][WebUI] "How to seal boot source for template usage" link points to /foo
BZ - 1986575 - Add e2e tests for haproxy timeout variables
BZ - 1986631 - BuildConfig Environment tab: different errors when the form is not filled completely
BZ - 1986632 - App Name & Name Values are not getting auto-populated for Deploy Image page in internal image registry
BZ - 1986650 - Cypress: Globally installs Service Binding Operator operator fails at "Create Operand" step
BZ - 1986654 - [OCP4.9 Bug] Auto cleaning step in Prepare stage failed
BZ - 1986656 - [OCP4.9 Bug] Ironic node enters the clean failed state when the target node doesn't have a RAID controller.
BZ - 1986676 - React Unique key warnings in pipelines and pipeline run details page
BZ - 1986680 - [knative][flake] Fail to set traffic distribution due to "object has been modified" error
BZ - 1986685 - panic when opm alpha diff
BZ - 1986699 - we should take catalogsource into considering when showing Installed tile in OperatorHub catalog
BZ - 1986704 - missing translation for Kafka Connections nav option
BZ - 1986707 - CVO log "resource has already been removed" is confusing in a fresh install
BZ - 1986729 - Event source Sink is not marked as required in create form
BZ - 1986735 - Monitoring chart range selection does not work on Firefox
BZ - 1986754 - In Home->Events Dashboard, 'more' and 'Show Less' are hardcodes when the browser set to Chinese language
BZ - 1986757 - Keepalived fails with Liveness probe failed: command timed out
BZ - 1986790 - Add disk modal gives error when not selecting storageClass
BZ - 1986803 - Details page doesn't catch errors which happen on a tab
BZ - 1986810 - [AUTH-13] oauth-proxy in default OpenShift components might fail to log users in if custom route certificate is configured
BZ - 1986829 - [AUTH-20] Make prometheus authenticate with a certificate while scraping the cluster's core components metrics
BZ - 1986833 - Gather Openshift Logging Stack Data
BZ - 1986936 - Grafana shows wrong label on y-axis of network graphs
BZ - 1986946 - High ICNI2 application pod creation times
BZ - 1986971 - [RFE]Password of template is fixed, instead of a parameter
BZ - 1986981 - Revise Alert Severity in OCP 4.9
BZ - 1986988 - Pipeline builder workspace info popover is not accessible via keyboard
BZ - 1986990 - Webhook tests should not use admission registration v1beta1
BZ - 1987047 - VM console doesn't open to current console type when opened in a new window
BZ - 1987083 - excludeMastersFromLB in Azure Cloud Config prevents service controller from adding masters
BZ - 1987108 - Networking issue with vSphere clusters running HW14 and later
BZ - 1987143 - update resources label for prometheus to 2.28.1
BZ - 1987152 - [e2e][automation]deploy specific hpp version for tests
BZ - 1987160 - opm alpha diff fails at headsonly mode
BZ - 1987169 - Cannot create network attachment definition while operator is installed.
BZ - 1987171 - When customizing boot source, password is shown in default font
BZ - 1987192 - Disabled state/condition is not consistent
BZ - 1987197 - Improve version checking in repository tooling
BZ - 1987198 - The chart version dropdown says `Select the chart version` even when the dropdown is disabled
BZ - 1987199 - NO-OP Helm Chart Rollback
BZ - 1987230 - Operators should not create watch channels very often: bump apirequests upperbounds in 4.9
BZ - 1987238 - A negative value applied for the "tlsInspectDelay" option caused the router pod to go into crashloop
BZ - 1987250 - Remove diskEligible check from OCS
BZ - 1987255 - Azure stack hub does not support zones, azure-cloud-provider crashes horribly on startup
BZ - 1987279 - installer fails to destroy a cluster with a tagged access-point
BZ - 1987289 - Epic ODC-5030 - Gherkin Scripts Design
BZ - 1987344 - Links in help of the Edit Disk point to old documentation
BZ - 1987845 - OpenStack IPI on provider network enforces unnecessary quotas
BZ - 1987948 - Add high memory alert to Openshift
BZ - 1988032 - cluster-autoscaler-operator and machine-api-operator tombstone manifests should contain CVO high-availability annotations
BZ - 1988092 - Cypress: disable OLM globall install test, duplicate Operand tabs
BZ - 1988123 - Driver Toolkit ART / OSBS builds are failing because of extract-vmlinux
BZ - 1988133 - Cypress: enable OLM globall install test, handle multiple csv's crd versions
BZ - 1988291 - 4.7 -> 4.8 upgrade, node-exporter can't rollout
BZ - 1988349 - Insights report controller - set the corresponding clusteroperator condition correctly
BZ - 1988351 - Add new OCM controller pulling periodically SCA certs
BZ - 1988371 - AWS EBS: Mounting XFS volume clone or restored snapshot to same node failed
BZ - 1988372 - Azure Disk: Mounting XFS volume clone or restored snapshot to same node failed
BZ - 1988373 - GCE PD: Mounting XFS volume clone or restored snapshot to same node failed
BZ - 1988374 - OpenStack Cinder: Mounting XFS volume clone or restored snapshot to same node failed
BZ - 1988379 - Avoid connection pool full logs
BZ - 1988424 - Only assign priority class in OCP environment for LSO
BZ - 1988476 - remove dhclient binary from RHCOS
BZ - 1988491 - quorum-guard health checks fail to report accurate health reporting
BZ - 1988576 - Authentication operator fails to become available during upgrade to 4.8.2
BZ - 1988801 - Router HAProxy backend balance option is blank missing random argument in haproxy.config
BZ - 1988812 - [e2e][flaky] smoke tests may fail if vm already exist before vmi tests start
BZ - 1988828 - oc adm must-gather runs successfully for audit logs 2e2 is failing
BZ - 1988903 - Kms details empty in only MCG deployment
BZ - 1988904 - Arbiter details not present in ODF wizard
BZ - 1988905 - External mode deployments fails on parsing json in ODF wizard
BZ - 1988976 - pkgman-to-bundle will exit with flag "--build-cmd"
BZ - 1988992 - Worker machine object updated too many times [Azure]
BZ - 1989005 - router pod is CrashLoopBackOff if configure spec.clientTLS.allowedSubjectPatterns to "*.openshift.com"
BZ - 1989044 - [ART] Error reconciling Dockerfile for openshift/ose-sriov-network-operator in OCP v4.9
BZ - 1989051 - Machine API Spot tests should set valid value for maxPrice
BZ - 1989055 - logins to the web console fail when custom certificate is in use for the OpenShift oauth-server
BZ - 1989058 - router pod stuck in ContainerCreatin if removed configmap/router-client-ca-crl-default and update spec.clientTLS.clientCertificatePolicy
BZ - 1989073 - KCM logs an error on startup when using external cloud providers
BZ - 1989077 - vSphere CSI StorageClass events are repeated pathologically
BZ - 1989101 - [ovirt] Update owners - csi-driver
BZ - 1989102 - [ovirt] Update owners - csi-driver-operator
BZ - 1989122 - rebase openshift/sdn to kube 1.22
BZ - 1989143 - [e2e][automation] missing file for testing release-4.8
BZ - 1989158 - re-enable disabled unidling e2e tests
BZ - 1989215 - [openstack-cinder-csi-driver-operator] csi-liveness-probe is not deployed
BZ - 1989246 - openshift-network-operator needs to handle API server downtime gracefully in SNO
BZ - 1989335 - Etcd is degraded after upgrading to 4.9 with message "configmap openshift-config-managed/csr-controller-ca field manager is not valid"
BZ - 1989342 - containernetworking-plugins: Add dpdk support to host-device plugin
BZ - 1989391 - `oc adm groups sync` will generate useless data
BZ - 1989417 - Enable back [sig-cli] oc adm storage-admin
BZ - 1989423 - Enable back `[sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should be able to connect to a service that is idled because a GET on the route will unidle it`
BZ - 1989431 - fail to "opm alpha diff" bundle image with heads-only mode.
BZ - 1989440 - OCS Storage Cluster creation Multus network configuration not applied when only Cluster Network is selected
BZ - 1989454 - Butane 0.13.0 generate MachineConfig object with ignition version 3.3.0 which is not supported in ocp4.9
BZ - 1989456 - sriov operator cannot be upgraded to 4.9 from 4.8
BZ - 1989460 - non-head bundle of the channel is included in output of opm alpha diff for heads-only mode
BZ - 1989461 - kube-apiserver does not use the SO_REUSEPORT properly
BZ - 1989462 - [v2v] MTV modal string changes
BZ - 1989496 - typo in ClusterOperatorDegraded alert description part
BZ - 1989504 - The code logic of channel clear is ambiguous, as well as the help info and output messages
BZ - 1989505 - Enable back single oc observe test
BZ - 1989507 - replace configmap with storageprofile
BZ - 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names
BZ - 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty
BZ - 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
BZ - 1989600 - Registry server RSS and CPU utilization too high during normal operation
BZ - 1989604 - IBMCLOUD: panic: runtime error: invalid memory address or nil pointer dereference
BZ - 1989615 - HBO: Every node update triggers "lsp-add" for HBO ports unnecessarily
BZ - 1989632 - Create EFS filesystem for dynamic provisioning
BZ - 1989633 - staticpod/installer: backoff should not apply if latestAvailableRevision > targetRevision
BZ - 1989688 - [SNO] Egress router pod not created in SNO ipv6 single stack cluster
BZ - 1989694 - Bump OVN to ovn21.09-21.09.0-10.el8fdp
BZ - 1989704 - Invalid olm.maxOpenShiftVersion properties have unclear/undefined behavior in OLM
BZ - 1989707 - [Dev Only] Add HPA page shows error screen when you try to create HPA with default values
BZ - 1989710 - Catalog operator wastes memory by caching complete copied CSVs
BZ - 1989720 - Descheduler operator should allow configuration of PodLifetime seconds
BZ - 1989722 - Descheduler operator should allow eviction based on soft topology constraints
BZ - 1989724 - Descheduler operator should expose options for pods with PVCs and Local Storage
BZ - 1989728 - Descheduler operator should verify config does not conflict with scheduler
BZ - 1989734 - Whereabouts fails in 4.9 due to missing RBAC for leases
BZ - 1989772 - openshift-controller-manager and operator needs to handle API server downtime gracefully in SNO
BZ - 1989796 - the same bundle is in output of opm alpha diff
BZ - 1989837 - [Migration] SDN migration rollback failed, stuck in MCO
BZ - 1989839 - docs packages should not be installed in the ironic containers
BZ - 1989842 - Console Observe > Metrics / Dashboards: Missing series appear in tooltip with value "0"
BZ - 1989876 - Dashboards for OCS Storage System not available
BZ - 1989887 - Metrics not shown in storage system list page under ODF
BZ - 1989889 - UI crashes when accessing create new operand page
BZ - 1989896 - CVE-2019-19794 : mdns-publisher uses miekg Go DNS package version < 1.1.25
BZ - 1989914 - [e2e][flaky] increase timeouts
BZ - 1989917 - OpenStack inconsistency reports on limits numbers for network quota check
BZ - 1989961 - CI apiserver downtime calculation isn't quite right
BZ - 1989973 - openshift-install explain text contains typo: cluster components will assume assume ownership of all resources
BZ - 1989980 - Worker machine object updated too many times [vsphere]
BZ - 1990012 - ControllerConfig Infrastructure does not match cluster Infrastructure resource
BZ - 1990018 - Add Sprint 204 round 2 translations
BZ - 1990024 - Eligible is misspelled in console-app
BZ - 1990060 - [Assisted-4.8] Host returns no routes when routing table contains multipart
BZ - 1990075 - azure-cloud-node-manager DaemonSet should use maxUnavailable: 10%
BZ - 1990089 - Bundle validation does not fail for a bundle having multiple service account declaration with same name
BZ - 1990115 - Multus whereabouts assigns duplicate IP addresses to pods when have large number of replicas
BZ - 1990137 - Fix creation of EFS filesystem
BZ - 1990140 - Samples operator management Removed failed to contact registry.redhat.io
BZ - 1990146 - some controllers missing livenessProbe
BZ - 1990205 - Console: Observe > Dashboards: "Cannot update during an existing state transition (such as within render)..." in browser developer console
BZ - 1990206 - Incorrect AWS Supported instance type
BZ - 1990316 - Deployment with virtualmedia fails on HP setup (real bm) - port missing in iso http path
BZ - 1990432 - Volumes are accidentally deleted along with the machine [vsphere]
BZ - 1990447 - Worker machine object updated too many times [gcp]
BZ - 1990493 - [e2e][automation] test for storageProfile settings
BZ - 1990496 - Cleaning can fail with SSLError "timed out"
BZ - 1990541 - etcd: golang version should align with product
BZ - 1990577 - Upgrade Ingress API version
BZ - 1990601 - AzureDisk CSI driver is not installed by default on Azure Stack Hub
BZ - 1990603 - [Descheduler] descheduler operator throws an error which reads "key failed with : scheduler.config.openshift.io "cluster" not found"
BZ - 1990610 - Panic in the cluster-kube-apiserver-operator startup monitor enablement check
BZ - 1990617 - Update Fedora CoreOS images to latest testing for OKD
BZ - 1990631 - FailedToDeleteOVNLoadBalancer Error trying to delete the idling OVN LoadBalancer
BZ - 1990725 - [Kuryr][4.9] KuryrSDNPodNotReady alert is missing the node name in the message
BZ - 1990732 - Test failures caused by "volumeBindingMode" defaulting to "WaitForFirstConsumer"
BZ - 1990781 - Large binary pkg/tool/gen-skus-map in Azure Disk repo
BZ - 1990826 - New non-secure and secure routes without hsts annotation fail to get created in globally enforced hsts domain resources
BZ - 1990850 - Registry databases that do not store properties as TEXT are not served
BZ - 1990899 - PrivateIPAddressVersionCannotBeModified errors in CNO tests
BZ - 1990970 - The development of ccoctl support for IBM left unused debug test binary in the source code
BZ - 1990975 - ccoctl for IBM does not support not all possible environment variables to pass APIKEY
BZ - 1990988 - Samples library sync fails container test on php 7.2
BZ - 1991068 - cluster-etcd-operator: tls ciphers should be checked for validity
BZ - 1991095 - [External Mode] Dashboard shows incorrect deployment mode
BZ - 1991316 - namespace should be with openshift as prefix
BZ - 1991338 - "Network Attachment Definitions" is not able to load by a regular user
BZ - 1991357 - Fresh installation shows kube-apiserver error NodeInstallerDegraded: 1 nodes are failing on revision 4
BZ - 1991439 - Some hardcodes are detected at the code level in OpenShift console components
BZ - 1991507 - [sig-cli] Kubectl client Simple pod should return command exit codes [Suite:openshift/conformance/parallel] [Suite:k8s]
BZ - 1991508 - ppc64le and s390x CI jobs are failing with exec format errors
BZ - 1991519 - [e2e][flaky] fix kubevirt hco creation
BZ - 1991548 - [e2e][automation] add tests for disk preallocation
BZ - 1991551 - Idle service cannot be waked up
BZ - 1991566 - [e2e][automation] Disable protractor test in prow
BZ - 1991662 - OLM Catalog Templating
BZ - 1991730 - e2e-aws-proxy is failing with "Invalid value: []string{"us-west-2d", "us-west-2b"}: No subnets provided for zones"
BZ - 1991793 - ECMP routes with invalid next hops still result in OF groups getting programmed
BZ - 1991814 - "oc adm inspect co storage" returns an error message when there is no openshift-manila-csi-driver ns.
BZ - 1991860 - Insights Operator panics with invalid memory address or nil pointer dereference" (runtime error: invalid memory address or nil pointer dereference)
BZ - 1991977 - Kamelet sources shown in openshift-operators in eventsources but in other namespace shows up only if user created IP CR
BZ - 1992004 - ci/prow/e2e-gcp-console flake "Create Application from git form"
BZ - 1992013 - ci/prow/e2e-gcp-console flake "Create Application from Devfile.Create Application"
BZ - 1992016 - Expose kubelet configuration parameters
BZ - 1992148 - [Azure CSI] cannot deploy Azure Disk on ASH because /etc/kubernetes is read-only fs
BZ - 1992193 - Race condition in cluster-storage-operator
BZ - 1992255 - csi-snapshot-controller needs to handle API server downtime gracefully in SNO
BZ - 1992405 - Sync upstream 1.10.1 downstream
BZ - 1992463 - OKD: Installation to Libvirt fails due to no space left in /run
BZ - 1992493 - 3 alerts have no annotations summary and description
BZ - 1992502 - select storage class dropdown fail when using CNV2.6.5
BZ - 1992507 - all the alert rules' annotations "summary" and "description" should comply with the OpenShift alerting guidelines
BZ - 1992508 - documentationBaseURL should be updated to 4.9
BZ - 1992555 - all the alert rules' annotations "summary" and "description" should comply with the OpenShift alerting guidelines
BZ - 1992557 - failed to start cri-o service due to /usr/libexec/crio/conmon is missing
BZ - 1992560 - all the alert rules' annotations "summary" and "description" should comply with the OpenShift alerting guidelines
BZ - 1992591 - 2 different oc binaries are used in the `cli-artifacts` image
BZ - 1992673 - Failed OCP build of openshift/ose-etcd:v4.9.0
BZ - 1992677 - OLM upgradeable condition message unclear with MaxOpenShiftVersion set
BZ - 1992714 - use existing pvc hotplug crashes
BZ - 1992730 - Dynamic Plugins: localization does not work for plugin
BZ - 1992820 - [Knative] Event Sources should be under Serverless group together with Channel
BZ - 1992823 - Cluster autoscaler should use Kubernetes 1.22 dependencies
BZ - 1992857 - [Azure CSI] Not enough permissions to list config maps in openshift-config ns
BZ - 1992875 - [Azure CSI] Driver Node controller can't get config from the secret of Azure Stack Hub
BZ - 1992876 - Gather OKD specific journal logs
BZ - 1992900 - openshift/kubernetes fails to build on ARM
BZ - 1992950 - [e2e][automation] create template from wizard
BZ - 1992974 - Revision/Route list table doesn't have proper alignment/styles in admin perspective
BZ - 1993002 - The "largestMaxAge" and "smallestMaxAge" in "maxAge" option for HSTS headers accepts negative values
BZ - 1993007 - e2e tests fail because operator does not delete SriovNetworks
BZ - 1993055 - node_exporter task, log message wrong
BZ - 1993078 - Enable Auth config for ironic-api
BZ - 1993087 - Azure StackHub: cluster-cloud-controller-manager-operator / azure-cloud-controller-manager / azure-cloud-node-manager does not support OCP azure credentials secret format
BZ - 1993147 - Add aria-label to different OCS dashboard components
BZ - 1993148 - Monitoring UI doesn't make use of React's memoization features
BZ - 1993159 - [Azure] Instead of updating the spec actuator updates status twice
BZ - 1993195 - Testing performance of sync plugin
BZ - 1993207 - failed to list resource groups: Can not get resource groups without account id in parameter by service id token
BZ - 1993260 - SRO RBAC error when deploying ping-pong CR
BZ - 1993286 - Minor OpenShift upgrades blocked when olm.maxOpenShiftVersion = current Y-stream+1 and current Z-stream > 0
BZ - 1993306 - Flaky e2e test: Event Sources on default Developer Catalog
BZ - 1993444 - NFD - cstate detection enabled on s390x
BZ - 1993757 - OCP 4.8 etcd unhealthy
BZ - 1993788 - VM creation (customize flow): storage class mismatch between actual SC and "Edit Disk" screen
BZ - 1993793 - Move CSIDriver from v1beta to v1
BZ - 1993840 - openshift-samples should not change condition Degraded/Available (upgrades)
BZ - 1993851 - EFS CSI driver operator does not have an icon
BZ - 1993886 - operand creation form doesn't render correct format
BZ - 1993920 - Improve Sysprep helper text
BZ - 1993922 - The kubeletconfig controller has wrong assumption regarding the number of kubelet configs
BZ - 1993931 - Storage operators use older kubernetes client
BZ - 1993934 - Update CSI sidecars
BZ - 1993955 - [External Mode] Fix margin issue with Details card on Block and File Page
BZ - 1993975 - [not user facing][infrastructure] remove kubevirt dependants for dynamic plugin
BZ - 1993977 - kube-rbac-proxy panic
BZ - 1993980 - Kubelet regularly freeze control groups causing issues further down
BZ - 1993999 - Some hardcodes are detected at the code level in OpenShift console components
BZ - 1994035 - SNO: LSO diskmaker pod using excessive cpu
BZ - 1994060 - API response for host routes includes misleading family number when IPv6 is enabled
BZ - 1994069 - [4.9] bump OVN to ovn21.09-21.09.0-13.el8fdp
BZ - 1994103 - [IBMCLOUD] Needs to have Terraform code converted to steps.
BZ - 1994113 - local volume tests create lot of events churn
BZ - 1994139 - k8s 1.22 bump for operator-lifecycle-manager
BZ - 1994155 - thanos fails to build with latest imagebuilder
BZ - 1994172 - rhel node does not join cluster conmon validation: invalid conmon path
BZ - 1994253 - On OKD templates provided by kubevirt provider and supported by red-hat are marked as community templates
BZ - 1994257 - Audit errors alert not created
BZ - 1994277 - Changing the memory manager policy via the kubelet config will drop the node to NotReady state
BZ - 1994410 - When machine creation failed due to validations, error contains "failed to create connection to oVirt API"
BZ - 1994434 - service account sriov-network-config-daemon disappeared when sriov operator upgrade from 4.8 to 4.9 version
BZ - 1994439 - Review page of ODF wizard does not follow console guidelines
BZ - 1994443 - openshift-console operator incorrectly reports Available=false
BZ - 1994454 - upgrade from 4.6 to 4.7 to 4.8 with mcp worker "paused=true", crio report "panic: close of closed channel" which lead to a master Node go into Restart loop
BZ - 1994480 - Cluster Infrastructure owned components should use 1.22 dependencies
BZ - 1994586 - Create local volume set step says "An error has occurred"
BZ - 1994613 - disable all CI tests that require IPv6 internet connectivity
BZ - 1994642 - Update CSI drivers
BZ - 1994643 - kube-apiserver must not return 404 to garbage collection controller before being ready
BZ - 1994647 - [ipv6] ovn-nbctl calls to find with nexthop= need quotes for IPv6
BZ - 1994648 - Resolution failed error condition in Subscription not being removed after resolution error is resolved.
BZ - 1994707 - cluster-etcd-operator: handle unstarted member condition in status request.
BZ - 1994857 - [UPGRADE] kube-apiserver is degraded after upgrading to 4.9 with error "configmap openshift-config-managed/csr-controller-ca field manager is not valid"
BZ - 1994872 - [4.9] oc fail to mirror release payload to local disk
BZ - 1994891 - NTO: use the latest k8s 1.22 and openshift vendor dependencies
BZ - 1994927 - Enable back [sig-network] Networking should provide Internet connection for containers using DNS
BZ - 1994973 - Fix bundle config
BZ - 1994975 - Next button is enabled when the flash system endpoint is invalid
BZ - 1994979 - Fix skipRange
BZ - 1994981 - Local Storage Operator does not have an icon
BZ - 1994986 - etcd check perf causes issues on clusters if run
BZ - 1994991 - olm.skipRange replacement is noop
BZ - 1994997 - olm.skipRange substitution is noop in ART builds
BZ - 1995043 - Two storage systems got created while creating one from UI
BZ - 1995049 - tech / dev preview badge in search resource dropdown missing styles
BZ - 1995110 - olm.skipRange is not set
BZ - 1995116 - Pod logs shows incorrect lines number in the log window top banner
BZ - 1995148 - Secret key for mangement address is incorrect for flash system
BZ - 1995198 - OLM tests are failing on aws arm64
BZ - 1995291 - oc new-app/new-build commands should not mention docker
BZ - 1995300 - opm validate does not detect cycles in channels
BZ - 1995325 - Projects page fails to render due to calling more hooks than previous render
BZ - 1995330 - ovn-kubernetes load-balancer operations are very expensive
BZ - 1995386 - bz 1990140 fix broke retry on tbr connection test
BZ - 1995387 - OpenStack 4.8 -> 4.9 upgrade is permafailing periodic-ci-openshift-release-master-ci-4.9-upgrade-from-stable-4.8-e2e-openstack-upgrade
BZ - 1995468 - Nodes can't resolved IPv4 address in dual stack configuration
BZ - 1995523 - Pipeline Builder form throws an error when clicked on `Add Task`
BZ - 1995525 - All storage systems are listed in the details page of a particular storagesystem
BZ - 1995573 - oc adm certificate approve|deny help shows kubectl in the examples
BZ - 1995612 - Block pool details page breadcrumb link is not pointing storage system details page
BZ - 1995614 - "beta.kubernetes.io/os" is deprecated since v1.14
BZ - 1995653 - upgrade rbac rules to use v1 APIS for LSO
BZ - 1995655 - 4.9 installer should default ClusterVersion channel to stable-4.9
BZ - 1995695 - Get insights on series churn during upgrades
BZ - 1995727 - sync plugin no longer catches build deletes that occur between restarts
BZ - 1995785 - long living clusters may fail to upgrade because of an invalid conmon path
BZ - 1995804 - Rewrite carry "UPSTREAM: <carry>: create termination events" to lifecycleEvents
BZ - 1995816 - Reduce cardinality of ovn-kubernetes event handler metrics
BZ - 1995898 - [Descheduler] - The minKubeVersion should be 1.22
BZ - 1995901 - Warnings are shown in the browser for Monitoring types
BZ - 1996031 - cloud-provider-openstack: Merge upstream 1.22 tag
BZ - 1996032 - cluster-kube-apiserver-operator should not run with pre-release libraries
BZ - 1996081 - csi-driver-nfs: Merge upstream
BZ - 1996094 - Missing key errors on containers page
BZ - 1996097 - [Feature:IPv6DualStack] tests are failing in dualstack after renamed
BZ - 1996116 - Block pool list page and detail page menu action is not disabled for default pool
BZ - 1996124 - Add release architecture to openshift-install version
BZ - 1996139 - make verify target always fails for upstream staging commits
BZ - 1996156 - UI breaks for topology nodes which doesn't have a SideBar
BZ - 1996158 - Dynamic Plugins: Unable to add nav sections to admin perspective
BZ - 1996159 - Dynamic Plugins: Visiting a plugin route directly causes a 404 page to flash briefly
BZ - 1996212 - Cluster Resource Override Admission needs to be migrated from v1beta1 to v1
BZ - 1996306 - Build root container image fails to download the kubebuilder 2.3.1 executable successfully in CI
BZ - 1996501 - Instance types with less than 8GB memory are listed in AWS UPI templates, but they do not meet memory minimum requirement for cluster
BZ - 1996506 - Fix crd version for SriovNetworkPoolConfig
BZ - 1996531 - [Assisted-4.8] [Integration] No 80 minutes timeout when SNO cluster is hang on rebooting
BZ - 1996535 - Project selector flickers on the creation of namespace between current and newly created one
BZ - 1996539 - error when selecting knative service in topology
BZ - 1996566 - Manually created invalid Kamelets should be skipped in the eventsources list
BZ - 1996620 - [SCC] openshift-oauth-apiserver degraded when a SCC with high priority is created
BZ - 1996622 - The Authorized SSH Key input box fail to fill the SSH key on Advanced page
BZ - 1996644 - ODF Internal Dashboard Not showing up
BZ - 1996646 - Ties between competing SCCs may have wrong reasoning in audit logs
BZ - 1996689 - RestrictedEndpointsAdmission controller needs to restrict EndpointSlices as well
BZ - 1996718 - KSM flag --node should be --nodes in CMO assets
BZ - 1996779 - fix racy disk check for vsphere cloud provider
BZ - 1996783 - cloud-provider-openstack: Bump to Go v1.16 and OCP v4.9
BZ - 1996785 - Unused rules in CMO
BZ - 1996792 - Quick search modal missing icons and have unnecessary scrollbar
BZ - 1996878 - opm does not print sqlite deprecation warnings
BZ - 1996881 - oc adm catalog mirror does not print sqlite deprecation warnings
BZ - 1996914 - Failed to get ImpersonateHeaders TypeError: i.a is undefined
BZ - 1996941 - Monitoring operator is degraded because expected 8 ready pods for "node-exporter" daemonset but got 6 when upgrading windows cluster to 4.9
BZ - 1997029 - OCS Dashboard should not show when ODF is present
BZ - 1997034 - Drop high cardinality cAdvisor metrics
BZ - 1997048 - User can create same domain mapping multiple times
BZ - 1997050 - CNO panic: runtime error: invalid memory address or nil pointer dereference
BZ - 1997062 - crio-o: "no space left on device" issue is seen on latest 4.9 builds
BZ - 1997079 - Custom time range not working
BZ - 1997102 - Gherkin for observe tab in workload sidebar is not aligned with latest UI
BZ - 1997108 - react warning loading dev perspective /topology
BZ - 1997114 - EgressFirewall may fail to be applied due to address_set missing
BZ - 1997122 - [LocalVolume] provisioning fails silently if device is already claimed
BZ - 1997131 - Update the pipeline quicksearch with latest desgin
BZ - 1997135 - Unable to start export if deleted export CR from different window
BZ - 1997168 - Remove unused variable in parser config file
BZ - 1997179 - Serverless installation is failing on CI jobs for e2e tests
BZ - 1997183 - Update Kube dependencies in MCO to 1.22
BZ - 1997187 - Update analyze script vendor size to 3.5MiB
BZ - 1997207 - newETCD3Client does not use existing context
BZ - 1997267 - Add translations from Sprint 205 part 2
BZ - 1997270 - bump OVN to ovn21.09-21.09.0-15.el8fdp
BZ - 1997347 - Take etcd backups before minor-version OpenShift updates
BZ - 1997379 - [e2e][automation] add tests for showing multiple IP address on UI
BZ - 1997407 - power-of-two balancing feature set "Random" as default balancing for passthrough routes
BZ - 1997420 - Revert wrong change on api-usage rules
BZ - 1997422 - Hardcode happens when create VolumeSnapshots
BZ - 1997438 - Syntax error appears to breaks the ovn egressFirewall policy during the cluster upgrade
BZ - 1997461 - [UI][LSO] "Local Storage Operator not installed" message statement is not appropriate
BZ - 1997465 - Fix panic in the LRU cache
BZ - 1997475 - e2e-agnostic-operator tests fail occasionally after 30 minutes because of timeout
BZ - 1997482 - Remove mask from behind modal in Pipeline Builder Tekton Hub Integration
BZ - 1997486 - Node Tuning Operator(NTO) - Missing [sysfs] section in openshift profile
BZ - 1997507 - Cluster cloud controller manager operator fails to upgrade on a single node cluster
BZ - 1997528 - instance:etcd_object_counts:sum and cluster:usage:resources:sum use the etcd_object_counts metric which is deprecated
BZ - 1997596 - UpdateAvailable alert is re-triggered on pod and other label changes
BZ - 1997655 - React warning when open pipeline list page (with at least one pipeline)
BZ - 1997657 - Kubelet rejects pods that use resources that should be freed by completed pods
BZ - 1997787 - Descheduler default for evict pods with PVCs is incorrect
BZ - 1997790 - Add Azure Stack UPI Templates
BZ - 1997811 - Marketplace Operator should use k8s 1.21+ dependencies
BZ - 1997929 - MachineSets list and details page headings should follow same format with other resources
BZ - 1997972 - CMO dependencies must be pinned for release
BZ - 1997993 - SNO deployment on HPE e910 blades fails because the node always boots from virtualmedia
BZ - 1998015 - Observe > Metrics / Dashboards performance: Graph tooltips process all points even if they won't be displayed
BZ - 1998031 - [bz-openshift-apiserver] clusteroperator/openshift-apiserver should not change condition/Degraded: master nodes drained too quickly
BZ - 1998047 - Missing UI flags after install creation
BZ - 1998146 - service VIP did not be removed after remove one node
BZ - 1998168 - Final Toast has download which is a button and should be an anchor tag
BZ - 1998207 - Helm upgrade on OpenShift 4.9 failing with schema errors
BZ - 1998240 - Helm side panel should be consistent with operatorhub and show support URL
BZ - 1998247 - Tuned configuration fails and does not recover when profile references a not yet existing performance profile configuration
BZ - 1998311 - Enable Manual Credentials Mode on Azure Stack Hub
BZ - 1998319 - Dynamic Plugins: dynamic route chunks are not lazy loading
BZ - 1998347 - Language preference does not reflect on console load
BZ - 1998364 - Inconsistent react-i18next mocks in unit tests
BZ - 1998388 - User preference screen shows "Create Namespace" instead of "Create Project"
BZ - 1998394 - [e2e][automation] add tests for RHEL9 template
BZ - 1998408 - Git import flow: Dockerfile is detected but file name is not used
BZ - 1998411 - Name is not autofilled when git URL contains trailing slash
BZ - 1998413 - Expanding portions of Helm Form overlay section title and include an area which is disconnected
BZ - 1998423 - upgrade from 4.8.6 to 4.9.0-0.nightly-2021-08-26-164418, blocked by dns upgrade due to FailedCreatePodSandBox for pods
BZ - 1998431 - AppName & Name are not auto-updated when modifying the Internal registry details in container image page
BZ - 1998466 - Cloud controller manager fails to upgrade on a single node cluster
BZ - 1998508 - CNO reports incorrect status during slow/failed install
BZ - 1998528 - Sync latest upstream bugfixes to OCP ironic container image
BZ - 1998552 - Enforce OpenShift's defined kubelet version skew policies
BZ - 1998563 - Column headers don't match content in pod and machine list
BZ - 1998575 - Insert sample YAML do nothing on BuildConfig and was mistakenly shown when editing a resource
BZ - 1998587 - BuildConfig form doesn't update app.openshift.io/vcs-uri annotation
BZ - 1998598 - ptp operator can not enable event publisher sidecar
BZ - 1998614 - Pod creation failed with CNI request timeout due to stale data in cache.
BZ - 1998616 - Show fully qualified domain name (FQDN) a Service's page
BZ - 1998637 - Update ironic-ipa-downloader container with latest tested code & RHEL updates
BZ - 1998643 - e2e-metal-ipi-virtualmedia and e2e-metal-ipi-ovn-ipv6 are failing to install
BZ - 1999018 - [ASH] upgrade stuck due to Cluster cloud controller manager deployment strategy error
BZ - 1999026 - Detect ODF managed services when OCS operator is installed
BZ - 1999039 - [UI] OpenShift Data Foundation Overview page is showing wrong status of storage system
BZ - 1999075 - Move the selected workload to the full view in topology canvas
BZ - 1999093 - Pods list appears to unmount / remount on some updates
BZ - 1999119 - bump golang version of installer to 1.16
BZ - 1999131 - [e2e][automation] adjust layout by cypress conventions
BZ - 1999138 - [CNO] [OVN-K] The network-unavailable taint needs to be from upstream k8s and not ovn-k specific
BZ - 1999159 - Remove evan from owners
BZ - 1999168 - Busted VPA graphic in OperatorHub
BZ - 1999179 - Import from git as Serverless Service creates an incomplete BuildConfig (Secret is missing)
BZ - 1999185 - ptp config with summary_interval 0 throws parsing error in the log
BZ - 1999187 - VPA E2E test aws-operator is failing due to use of removed v1beta1 RBAC API
BZ - 1999210 - [e2e][automation] add tests for VM wizard Cloudinit editor fields
BZ - 1999225 - Descheduler operator needs new profiles for 4.9
BZ - 1999266 - Click issue in topology page context menu
BZ - 1999292 - "System projects" does not align with the docs terminology, which uses "default projects"
BZ - 1999297 - [Assisted-4.8 ][SaaS] vip-dhcp-allocation mode broken cannot set networking for cluster
BZ - 1999326 - Automated day-2 configuration deployment for ZTP
BZ - 1999393 - Form / YAML switch makes unnecessary network calls to save latest editor type
BZ - 1999397 - Prometheus: data race in the loadWAL function
BZ - 1999404 - [e2e][automation] add tests for rootdisk validations
BZ - 1999421 - OKD: revert initial FCOS to 20210626.3.1
BZ - 1999422 - Missing feature flags for new features
BZ - 1999577 - RHCOS live ISO can fail to boot in UEFI mode; drops to grub shell
BZ - 1999593 - SNO: Add e2e test for RT kernel switch
BZ - 1999614 - Edit D/DC forms should display D/DC name being edited to provide context
BZ - 1999615 - UI crashes when clicked on the grey background of the topology view if projects dropdown is open
BZ - 1999627 - Import from git flow doesn't recommend build image when a Dockerfile exists
BZ - 1999631 - Show advanced Git options is not clickable (again) in new Git import flow
BZ - 1999648 - Remove remaining Storage Class in console-app
BZ - 1999656 - pipeline run count chart discrepancies with other chart values
BZ - 1999658 - E2E test failures due to github rate limiting
BZ - 1999669 - BackingStore Details Page is breaking
BZ - 1999674 - Warn users about using deprecated vSphere version
BZ - 1999719 - last selected tab in topology side panel is not persisted
BZ - 1999723 - Cannot Select Text with Cursor in QuickSearchModal bar
BZ - 1999729 - Dynamic Plugin SDK component has wrong spelling
BZ - 1999823 - Admin web-console should linkify ClusterVersion and ClusterOperator condition messages
BZ - 1999852 - Bump OVN to ovn21.09-21.09.0-18.el8fdp
BZ - 1999853 - cluster-storage-operator not honoring the control plane topology setting for the csi driver operator deployment
BZ - 1999862 - ZTP example 'tuned-performance-patch' policy refers to the wrong tuned profile name
BZ - 1999879 - Update ansible collections; follow on to 1.10 update.
BZ - 1999951 - VPA won't operate on pods created by custom controllers
BZ - 2000108 - Inspecting a chart takes to empty metrics
BZ - 2000126 - high load on Prometheus using the ptp operator
BZ - 2000144 - GetBundleForChannel registry endpoint performs significant needless work
BZ - 2000146 - opm render includes channel metadata in properties when rendering bundles
BZ - 2000186 - NetworkPolicy: allow from hostnetwork policy and allow from router (policy-group.network.openshift.io/ingress: "") does not work for network plugin openshiftSDN
BZ - 2000191 - Make durations for CCCMO leader election operations compatible with the OpenShift standards
BZ - 2000226 - Unable to have multiple charts in one configmap
BZ - 2000253 - oc edit ptpconfig causes cloudevent sidecar to crash and restart
BZ - 2000259 - Add Sprint 206 translations
BZ - 2000294 - report apiversion of esxi host and vcenter server
BZ - 2000321 - README file on github refers to '{product-title} but should be 'OpenShift'
BZ - 2000352 - Default OVA import to HW15
BZ - 2000391 - [e2e][automation] review skipped tests
BZ - 2000440 - OCS Quick Start should not be shown unless you have proper privileges
BZ - 2000473 - Observe > Dashboards: Dashboards are sometimes blank (no data loading)
BZ - 2000491 - Remove TechPreview Badge from Red Hat integration camel K operator
BZ - 2000492 - Conditional data gathering validation & refactoring
BZ - 2000499 - If export app toast is not cleared by the user and a new one is triggered then old toast download gives 404
BZ - 2000576 - Creating a StorageSystem with MCG only deployment is failing
BZ - 2000584 - `[sig-storage] EmptyDir volumes pod should support memory backed volumes of specified size` is permafailing on OKD 4.9
BZ - 2000589 - [sig-node] crictl should be able to run crictl on the node
BZ - 2000590 - Warning on topology context menu right click
BZ - 2000596 - (release-4.9) Update K8s & OpenShift API dependencies versions
BZ - 2000607 - Domain mapping movement from one service to another is not intutive
BZ - 2000608 - static pod startup monitor should log to a log file in addition to stderr
BZ - 2000633 - Issue with the UI of observer page when screen size is reduced
BZ - 2000636 - Edit Deployment form drops strategy data when switching type
BZ - 2000689 - [block-pool-dashbaord] Expandable section in mirroring card is empty when no image for mirroring
BZ - 2000721 - Bump OVS userland to openvswitch2.16-2.16.0-6.el8fdp
BZ - 2000726 - ZTP PolicyGen failed to create CRs during synchronization of 1 site
BZ - 2000768 - Quick Starts provide incorrect guidance when Che/CRW is installed
BZ - 2000820 - (release-4.9) Gather PodSecurityPolicies names installed in a cluster
BZ - 2000833 - Wepack warnings about missing types when running dev build
BZ - 2000873 - Toast shows list style on uploadJar toast and export app toast
BZ - 2000935 - add volume mode selection in storage creation (external IBM FlashSystem)
BZ - 2000965 - [e2e][automation] remove login prompt check until it's clearly needed
BZ - 2001263 - [e2e][automation] create vm from template list and action dropdown
BZ - 2001288 - Virtualization is not available in Home Overview when CNV version is 2.6.z
BZ - 2001292 - import vm action is not hidden
BZ - 2001958 - Cluster becomes degraded if it can't talk to Manila
BZ - 2001983 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster
BZ - 2002196 - Pass down proxy env to operands failed for ansible type operator
BZ - 2002197 - Pass down proxy env to operands failed for helm type operator
BZ - 2002200 - Operator-lib proxy block the "ReadProxyVarsFromEnv" for go type operator
BZ - 2002288 - [4.9] kube-proxy's userspace implementation consumes excessive CPU
BZ - 2002338 - Bump descheduler to k8s 1.22
BZ - 2002361 - Missing the ability to set networkType in SiteConfig during ZTP flow
BZ - 2002374 - Inexplicably slow kubelet on bootstrap makes installation fail
BZ - 2002502 - []corev1.EnvVar{} can't be appended to container.env
BZ - 2002543 - Test: oc adm must-gather runs successfully for audit logs - fail due to startup log
BZ - 2002561 - Failing tests: "volumeMode should fail in binding dynamic provisioned PV to PVC"
BZ - 2003161 - [SCALE] ovnkube CNI: remove ovs flows check
BZ - 2003197 - CRI-O leaks some children PIDs
BZ - 2003245 - [4.9] Revert libovsdb client code
BZ - 2003306 - Rejected pods should be filtered from admission regression
BZ - 2003545 - Remove openshift:kubevirt-machine-controllers decleration from machine-api
BZ - 2004137 - ptp/worker custom threshold doesn't change ptp events threshold
BZ - 2004146 - Need Device plugin configuration for the NIC "needVhostNet" & "isRdma"
BZ - 2004337 - [4.9] OVN CNI should ensure host veths are removed
BZ - 2004340 - [4.9] Pod creation failed due to mismatched pod IP address in CNI and OVN
BZ - 2004568 - Cluster-version operator does not remove unrecognized volume mounts
BZ - 2004676 - [4.9] Boot option recovery menu prevents image boot
BZ - 2004712 - TuneD issues with the recent ConfigParser changes.
BZ - 2004924 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start
BZ - 2004961 - output of "crictl inspectp" is not complete
BZ - 2005108 - removing and recreating static pod manifest leaves pod in error state
BZ - 2005462 - [4.9] ovn-kube may never attempt to retry a pod creation
BZ - 2005476 - [4.9] [ICNI2] 'ErrorAddingLogicalPort' failed to handle external GW check: timeout waiting for namespace event
BZ - 2006145 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
BZ - 2006432 - [4.9] Remove workaround keeping /boot RW for kdump support
BZ - 2006782 - Missing ZTP ArgoCD Container Image
BZ - 2006962 - [4.9] OS boot failure "x64 Exception Type 06 - Invalid Opcode Exception"
BZ - 2007086 - [4.9] Bootimage bump tracker
BZ - 2007089 - [4.9] Intermittent failure mounting /run/media/iso when booting live ISO from USB stick
BZ - 2007324 - race condition can cause in cluster-bootstrap can cause crashlooping bootstrap kube-apiserver
BZ - 2007458 - crio's selinux module has performance improvements when compiled with golang 1.16
BZ - 2007684 - [4.9.z] PVs remain in Released state for a long time after the claim is deleted
BZ - 2008619 - ImageStream with RHCOS version tag needed for RHODS GPU support
BZ - 2008944 - Azure Stack UPI does not have Internal Load Balancer
BZ - 2009059 - Placeholder bug for OCP 4.9.0 metadata release
BZ - 2009342 - The serviceAccountIssuer field on Authentication CR is reseted to “” when installation process
BZ - 2009467 - [4.9] container-selinux should come from rhel8-appstream
BZ - 2009530 - Deployment upgrade is failing availability check
BZ - 2009652 - [4.9] Multipath day1 not working on s390x
BZ - 2009653 - [4.9] Bootimage bump tracker
BZ - 2009738 - [IPI-on-GCP] 'Install a cluster with nested virtualization enabled' failed due to unable to launch compute instances
BZ - 2009842 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo
BZ - 2010066 - [Assisted-4.9][Integration] Unable to generate ISO with error: Failed to fetch base ISO information: NotFound
BZ - 2010074 - [e2e][automation] CI tests fail because of wrong test cnv version installed
BZ - 2010372 - Reverts PIE build mode for K8S components
BZ - 2010486 - SRO package name collision between official and community version
BZ - 2010529 - [backport 4.9] openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions
BZ - 2010861 - Failure building EFS operator
BZ - 2010954 - SRO CSV uses non default category "Drivers and plugins"
BZ - 2011050 - Storage operator is not available after reboot cluster instances
BZ - 2011087 - Backport audit log silence change
BZ - 2011350 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24
BZ - 2011701 - Bootkube tries to use oc after cluster bootstrap is done and there is no API
BZ - 2011815 - Kubelet rejects pods that use resources that should be freed by completed pods
BZ - 2011951 - [4.9] ClusterVersion Upgradeable=False MultipleReasons should include all messages
BZ - 2011958 - [4.9] [tracker] Kubelet rejects pods that use resources that should be freed by completed pods
BZ - 2011961 - [4.9] [tracker] Storage operator is not available after reboot cluster instances
BZ - 2011985 - SRO bundle references non-existent image
BZ - 2012008 - APIRemovedInNextReleaseInUse: give exact command in description

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

RHSA-2021:3759 - Security Advisory

Synopsis

Type/Severity

Topic

Description

Solution

Affected Products

Fixes

CVEs

References

Quick Links

Help

Site Info

Related Sites

Red Hat legal and privacy links

Red Hat legal and privacy links