Origin Versions Save

Conformance test suite for OpenShift

v3.11.0

5 years ago

This is the 3.11 release of OpenShift Origin.

Backwards Compatibility

auth: The auth reconcile command is now deprecated as its functionality is part of the server #20177
- The CLI command is now identical to the upstream auth reconcile and no longer updates roles
auth: The cluster-reader RBAC role is now an aggregated role to simplify adding new permissions #20279
cli: oc patch is now consistent with the kubectl patch command #20665
cli: oc types is now deprecated - use oc api-resources instead #21000
security: If the scheduler.alpha.kubernetes.io/node-selector annotion is set on a namespace, openshift.io/node-selector is now ignored #21058
server: The openshift start node functionality and openshift start have been removed - the Kubelet must now be started directly #20344, #20717
- By using the Kubelet directly we make nodes easier to manage and more consistent with the upstream.
- Future releases will remove other parts of openshift start master.

Changes

Roadmap for the v3.11 release

v3.11.0 (2018-10-10) Full Changelog

API

build: Allow dashes to be used in the environment variable names in builds #20738
image: Return information about image layers that are associated with an image stream to improve registry performance #19969, #20643
security: Promote sysctl annotations to fields in SecurityContextConstraints #20151

Component updates

Updated to Kubernetes v1.11.0-62-gd4cacc0 + patches
- 62943: set updated replicas in statefulsets #20347
- 64378: Don't reset global timeout on each for loop iteration #20452
- 64426: Clean up fake mounters. #20117
- 64447: Add block volume support to internal provisioners #20058
- 64541: Add more kubectl auth reconcile flags #20281
- 64860:checkLimitsForResolvConf for the pod create and update events instead of checking period #20070
- 64879: Add block volume support to Cinder volume plugin #20270
- 64896: kubectl: wait for all errors and successes on podEviction #20452
- 65189: fix paths w shortcuts when copying from pods #20034
- 65189: revert: fix paths w shortcuts when copying from pods" #20075
- 65226: Put all the node address cloud provider retrival complex logic into cloudResourceSyncManager #20615
- 65238: fix scheduler port boundary to match detection #20033
- 65326: fix printer check to tolerate vendoring #20033
- 65329: make builder tolerant of restmapper failures when it doesn't need the answer #20033
- 65367: make sure delete waiting doesn't re-evaluate the resource lists #20033
- 65368: legacy api endpoints only support v1 ever #20033
- 65370: delete should tolerate a failed wait because of missing verbs #20033
- 65377: special-case templates get.go #20033
- 65447: Resolve potential devicePath symlink when MapVolume #20117
- 65480: allow enabling kubelet serving certificate rotation via flag #20033
- 65486: show type differences in reflect diff #20033
- 65488: flatten nested lists for flatten in visitor #20033
- 65489: kubectl convert should not double wrap output in nested lists #20033
- 65547: Honor custom transport dialer #20033
- 65549: Fix flexvolume in containerized kubelets #20358
- 65587: Revert "certs: only append locally discovered addresses when we got none from the cloudprovider" #20033
- 65686: fix kubectl create priorityclass failure bug #20624
- 65700: Update output format so that it matches actual accepted values #20139
- 65705: Block volumes should have empty FSType #20327
- 65711: make template printers a recommended printer #20257
- 65715: fail on rbac resources of non-v1 versions in reconcile #20177
- 65786: update --template printer defaulting #20257
- 65856: only need to ignore resources that match discovery conditions #20242
- 65899: use self-signed cert fixtures in integration test servers #20309
- 65904: track schemes by name for error reporting #20242
- 65906: Improve multi-authorizer errors #20379
- 65908: switch delete strategy to background deletion #20274
- 65987: Add region label to dynamic provisioned cinder PVs #20418
- 66008: Convert TestServerRunWithSNI to subtests to isolate flake #20302
- 66085: fix updateJob scheduling of resync #20763
- 66136: make delete waits match on UID #20305
- 66172: Reverting commit #56600 as GCE PD is allocated in chunks of GiB inste... #20418
- 66225: add support for "success" output for edit command #20589
- 66225: update testcase for edit #20589
- 66249: fill in normal restmapping info with the legacy guess #20392
- 66324: Fixing E2E tests for disk resizing #20418
- 66350: Start cloudResourceSyncsManager before getNodeAnyWay (initializeModules) to avoid kubelet getting stuck in retrieving node addresses from a cloudprovider #20615
- 66352: update logs cmd to deal w external versions #20343
- 66397: Fix upper limit on m5/c5 instance typesn #20439
- 66398: fix logs command to be generic for all resources again #20514
- 66403: indicate which scheme has conflicting data #20372
- 66406: Send correct headers for pod printing #20437
- 66406: tolerate missing column headers in server-side print output #20437
- 66464: Avoid overflowing int64 in RoundUpSize and return error if overflow int #20418
- 66519: switch attach to use external objs #20514
- 66725: update exit code to 0 if patch not needed #20456
- 66779: add methods to apimachinery to easy unit testing #20471
- 66835: cloudprovider: aws: return true on existence check for stopped instances #20663
- 66837: fix panic fake SAR client expansion #20491
- 66929: add logging to find offending transports #20554
- 66931: Use the passed-in streams in kubectl top #20529
- 66932: Include unavailable apiservices in discovery response #20635
- 67024: add CancelRequest to discovery round-tripper #20554
- 67033: expose default LogsForObject consumeRequest func #20550
- 67093: improve config file modification time #20566
- 67094:Fix incorrect reporting of total request including current pod in the resource allocation priority function. #20603
- 67094:Ouput volumes (total capacity and requests) too along with cpu and memory when the feature BalanceAttachedNodeVolumes is used. #20603
- 67097: Ignore EIO error in unmount path #20866
- 67236: fix azure disk create failure due to sdk upgrade #20662
- 67316: Adds tests for --all-containers=true #20684
- 67399: update patch to work with --local and avoid extra requests #20642
- 67399: update patch to work with --local and avoid extra requests #20665
- 67433: allow failed discovery on initial quota controller start #20635
- 67433: allow failed discovery on initial quota controller start #20693
- 67493: Tolerate nil input in GetValueFromIntOrPercent #20532
- 67615: attach: Move the AttachFunc default function to the initializer #20697
- 67698: Fix NameFromCommandArgs when passing command after -- #20730
- 67822: Remove provisioner config from log message. #20756
- 67835: Tests that use CheckTestingNSDeletedExcept must be serial #18816
- 67896: expose generic storage factory primitives #20777
- 67957: Size http2 buffers to allow concurrent streams #20783
- 68007: Orphan DaemonSet when deleting with --cascade option set #20793
- 68008: apiserver: forward panic in WithTimeout filter #20979
- 68563: fix scheduler crash when Prioritize Map function failed #21194
- 68678: tighten maximum retry loop for aggregate api availability #21012
- 68680: Fix chown on distributed flex volumes (like gluster) #21070
- : Node selector aware DS controller should not process openshift-io/node-selector if scheduler.alpha.kubernetes.io/node-selector is set. #21058
- : Coerce string->int, empty object -> slice for backwards compatibility #20164
- : Ensure perFSGroup quanity is positive #20564
- : Expose ns lifecyle admission list of allowed resources #20242
- : Gracefully handle empty volume-config file #20154
- : oc patches on kubectl #20721
- : patch in a non-standard location for apiservices #20578
- : rewrite unstructured objects on the CLI to avoid oapi #20033
- : simplify kube-controller-manager patches #20954
- : switch back to use ugorji/go - decode to signed integers #20033
- : tidy up oc patches and ensure we never print a non-groupified object #20385
- : GCE load balancer unit test is flaky #20230
- : Remove influxdb dependency until the next rebase #18816
- : carry old printers until we update #20033
- : carry old printers until we update #20257
- : Fix cloud provider vsphere data race #20033
- : Increase loglevel for health check #20616
- : Make auth reconcile work with backlevel versions until ansible updates #20033
- : vSphere test has race conditions, disable #20231

Features

build: Support ConfigMaps as sources in build definitions - allows you to have config from the build #19655, #20064
cli: Add oc image append which can add a new layer or change metadata on a Docker image against a remote registry #20027
cli: Add oc image extract to extract all or part of an image to disk from any platform #20466
cli: Support SSPI (Kerberos authentication) on Windows for the command line #11371
cli: Include the kubectl binary in release output #20932, #20958, #20900
network: Support automatic and highly available egress IPs for applications #19578, #20485, #21085, #20258, #20500
router: Support for mutual TLS authentication between the router and service backends. #19891, #20476
router: Allow HAProxy to dynamically change backends without requiring a reload #19073, #20559, #20557, #20630, #20646

Bugs

auth: Add namespaced servicebrokers, serviceclasses and serviceplans to admin/edit/view ClusterRoles #20852
auth: Update GitLab IDP to support OIDC #19997
auth: Use the upstream RBAC roles for reconciliation #20638
build: Ensure OOMKilled reason from pods are reported on build status #20297
build: Move deployer and build binaries into oc #20011 #20008
build: Remove false alarm warning for repo binary input on oc start-build #20100
cli: Allow patching configapi using oc patch #20642
cli: Honor 'oc edit' output format #20589
cli: accept --kubeconfig like kubectl #20721
cluster: Cluster quota controller tolerate inaccessible api resources #20693
deploy: Be tolerant on deployment decode and strict on encode to prevent incorrect fields #20185
deploy: Fix printing DC replicas #21017
dns: Restore graceful shutdown of DNS server #21021
image: Deprecate oc import-image legacy path using annotations #19673
image: Image stream imports longer than 30s should not fail #20419
image: Log image changes on verify-image-signature without --save #19976
image: Prune images in parallel #19468
image: Reuse existing imagestreams with new-app #20052
migrate: Ignore resources that cannot be listed and updated #21075
network: Bug 1614660 - Network diagnostic will auto detect runtime #20647
network: Show EgressCIDRs in "oc get hostsubnets" #20486
network: Update egress IPs when node changes IP #20393
node: Set FileCheckFrequency default properly #20158
route: Fix issue where routes are not cleaned up when a namespace label is deleted or updated. #20579
router: Bug 1618563 - Use the TCP balance scheme if configured before falling back to the default router load balancing algo #20702
router: Fix weight logic for A/B testing #19893
router: HAProxy ip whitelist exceeding max config arguments that haproxy allows. #20357
router: Router metrics sometimes fails to detect HTTP/1 connections #21043
service-catalog: use K8s NamespaceLifecycle admission controller #20673
test: Enable a large chunk of upstream e2e tests that were accidentally not being run #18816

Release SHA256 Checksums

The latest artifacts are always located at https://artifacts-openshift-release-3-11.svc.ci.openshift.org/zips/

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  CHECKSUM
4b0f07428ba854174c58d2e38287e5402964c9a9355f6c359d1242efd0990da3  openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz
9bfcd70df56d902b2cd39dea06e73f4c5451ef9e2ad0e8d6d5b27a92af8503fc  openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz
75d58500aec1a2cee9473dfa826c81199669dbc0f49806e31a13626b5e4cfcf0  openshift-origin-client-tools-v3.11.0-0cbc58b-mac.zip
cdb84cc0000d0f0983120f903b2cad7114527ce2a9c4eb1988986eda7b877bfa  openshift-origin-client-tools-v3.11.0-0cbc58b-windows.zip

v3.10.0

5 years ago

This is the official release of OpenShift Origin v3.10.

Changes

Roadmap for the v3.10 release

v3.10.0 (2018-08-02) Full Changelog

Component updates

Updates to Kubernetes
- 62085: Fix incorrect atomic counter usage #20206
- 62943: Set updated replicas on stateful set status #20350
- 64658: Avoid leading gRPC connections in CSI #20111
- 64882: Prevent deleted pods from sometimes leaving mounts #20111
- 64971: Ensure mutating admission webhooks correctly remove fields #20509
- 65223: Correctly detect inaccessible AWS encryption key #20072
- 65226: Store the latest cloud provider node addresses on the node #20369
- 65339: Prevent leak of a cached pod definition in the scheduler #20071
- 66350: Prevent kubelet from becoming stuck retrieving node addresses from a cloud provider #20369

Bugs

router: [release-3.10] Allow egress-router to connect to cluster service network for DNS, etc. #20102
diagnostics: Fix default image paths used in network diagnostics #20116
volumes: Bind mount /etc/origin/kubelet-plugins for flex volumes #20153
node: Honor --kubelet-preferred-address-types #20183
apiserver: Use in-process loopback client config from Kube #20207
image: Install ceph-common in control plane so RBD provisioner can find disks #20222
build: Fix an issue where COPY --from would not work on multi-stage image builds #20256
console: Change logo, favicon, name on login page #20528

Artifacts

Images are published to the Docker Hub as openshift/origin-*:v3.10.0.
RPMs are available via the provided origin.repo file

Release SHA256 Checksums

0f54235127884309d19b23e8e64e347f783efd6b5a94b49bfc4d0bf472efb5b8  ./openshift-origin-client-tools-v3.10.0-dd10d17-linux-64bit.tar.gz
6973aebb7b553866f8971c8ca324dd5b79204e2a59c5234cde6fb1b5deb4c7a9  ./openshift-origin-server-v3.10.0-dd10d17-linux-64bit.tar.gz
ae847e3ae278b9420342e651305d34f1ed806b55a23874fc47595a57874e30c6  ./openshift-origin-client-tools-v3.10.0-dd10d17-mac.zip
c1b33aa535b88898d0622e0af2aa673bb814c354fb438c21c18155afc51acf87  ./openshift-origin-client-tools-v3.10.0-dd10d17-windows.zip
23083baadc7b82b6a3998016b795497d9c33327e1985a3b37181cf0e6200d29a  ./CHECKSUM

v3.10.0-rc.0

5 years ago

This is the first release candidate of OpenShift Origin 3.10.

Backwards Compatibility

Moving from legacy API resources (/oapi) to group resources
- The server process endpoint now creates resources in the new group APIs (*.openshift.io) #19458
- The RBAC bootstrap policy file is now saved as rbac.authorization.k8s.io/v1 resources #19756
Configuration changes
- The disabledFeatures configuration item has been removed from master config #19070
- Master configuration no longer requires the deprecated clusterNetworkCIDR/hostSubnetLength fields to be set in networkConfig #18669
- Some node default values have changed #19190
  - Remove the default pods-per-core setting of 10, which makes nodes default to 250 pods total.
  - The certificate signing controller defaults to creating certs with a 1 year expiration (a7bd9d6f5f)
rbac: Project editors can no longer create or update daemonsets, which prevents tenants from impacting cluster stability #18971
Metrics for the template instance broker have changed #19133
Moved or deleted content #19262
- The examples/ directory has been cleaned up
- The v1 federation implementation has been removed as it did not graduate to beta.
- The node.service systemd file has been removed from hte RPMS, along with the master services (2113900746)
Changes to OpenShift images #19509
- As we prepare to split the OpenShift API server into multiple binaries, several new images have been created:
  - openshift/origin-hypershift - A new hypershift binary that launches OpenShift specific components
  - openshift/origin-hyperkube - The Kubernetes hyperkube binary
  - openshift/origin-cli - The OpenShift CLI oc
  - openshift/origin-tests - The extended test suite for OpenShift
- Some existing images have been renamed
  - openshift/origin is now openshift/origin-control-plane
  - openshift/node is now openshift/origin-node
- The openshift/openvswitch image has been folded into openshift/origin-node
- A new binary openshift-node-config takes a node-config.yaml file and converts it to kubelet arguments in the openshift/origin-node image
CLI changes
- Some client-side deletion support has been removed in favor of the controller-driven deletion mechanisms #19616
- oc export is deprecated and oc get --export should be used instead.
The router has separate liveness and readiness probes for use with upstream load balancers #19009
XFS quota for emptyDir volumes is now configured via a config file in the volume directory #19533
Changes to oc cluster up
- The cluster launched by oc cluster up is now launched as a set of individual processes running in images, instead of the previous single large container. This more closely mimics real production environments.
- Docker machine support in oc cluster up has been removed
- oc cluster up now only supports launching a cluster of the same version as the oc binary.

Changes

Roadmap for the v3.10 release

v3.10.0-rc.0 (2018-06-19) Full Changelog

API

Ingress support

In order to better adapt ingress objects to routes, a new controller has been added to OpenShift that maps Kubernetes Ingress objects (in their v1beta1 form) to OpenShift Routes automatically. This allows the HAProxy router to report status, perform host overrides, support multi-tenant protection on hostnames, and securely manage Ingress secrets.

The controller converts each Ingress rule into its own route, as long as the rule has a hostname or TLS hostname. Any referenced secrets are copied into the final Route and kept up to date. If a generated route is deleted it will be recreated by the controller. Once a route is created, any annotations or route specific fields will not be altered unless the route is deleted (such as weighted service backends). A route with a TLS endpoint will be set to Reencrypt termination, but that may be changed after creation.

The router process itself no longer needs to watch Ingress or Secret resources.

router: Replace router support for ingress with an ingress-to-route controller #18658

Other changes

Image signature annotations are ignored #19037
Explicitly prohibit spec updates to imagestreamtag resources which are not a spec tag. #18532

Component updates

Updated to Kubernetes v1.10.0-47-gb81c8f8 + patches
- 42873: add kubectl api-resources command #19884
- 54530: api: validate container phase transitions #18791
- 57202: Fix format string in describers #18810
- 58972: Fix job's backoff limit for restart policy OnFailure #19672
- 59170: Fix kubelet PVC stale metrics #18637
- 59301: dockershim: don't check pod IP in StopPodSandbox #18425
- 59316: Exit if no client cert is available for 5m #18430
- 59365: Fix StatefulSet set-based selector bug #18797
- 59931: do not delete node in openstack, if those still exist in cloudprovider #19038
- 60289: fix freespace for image GC #18767
- 60342: Fix nested volume mounts for read-only API data volumes #18766
- 60455: removes custom scalers from kubectl #19275
- 60490: Volume deletion should be idempotent #18856
- 60632: Add volumemetrics for ISCSI Plugin #19842
- 60654: notify systemd on kubelet start #18886
- 60978: Fix use of "-w" flag to iptables-restore #18919
- 61287: provide easy methods for direct kubeconfig loading from bytes #18956
- 61294: Fix cpu cfs quota flag with pod cgroups #19028
- 61378: --force only takes effect when --grace-period=0 #19213
- 61459: etcd client add dial timeout #19953
- 61480: Allow sockets to be mounted in subpath #19329
- 61790: make reapers tolerate 404s on scaling down #19275
- 61808: Ensure -o yaml populates kind/apiVersion #19137
- 61949: Tolerate 406 mime-type errors attempting to load new openapi schema #19137
- 61962: Avoid data races in unit tests #19137
- 61985: Restore show-kind function when printing multiple kinds #19137
- 62074: Narrow interface consumed by scale client #19137
- 62114: removes job scaler, continued #19275
- 62146: Fix daemon-set-controller bootstrap RBAC policy #19517
- 62152: Keep node.kubeconfig correct during rotation #19857
- 62196: Remove need for server connections for dry-run create #19137
- 62199: Make priority rest mapper handle partial discovery results #19137
- 62234: Handle partial group and resource responses consistently #19137
- 62254: Add name output and verb filtering to api-resources #19884
- 62336: add statefulset scaling permission to admins, editors, and viewers #19275
- 62394: Revert "git: Use VolumeHost.GetExec() to execute stuff in volume plugins" #19359
- 62416: kuberuntime: logs: reduce logging level on waitLogs msg #19334
- 62461: allow higher burst for discovery #19327
- 62462: Private mount propagation #19364
- 62469: stop defaulting kubeconfig to http://localhost:8080 #19335
- 62543: Timeout on instances.NodeAddresses cloud provider request #19733
- 62572: Prevent virtual infinite loop in volume controller #19371
- 62584: Make x-kubernetes-print-column print handling opt-in #19352
- 62668: add metrics to cinder volume #19444
- 62733: Set a default request timeout for discovery client #19471
- 62744: Fix kubectl describe cronjob #19391
- 62827: fix csi data race in csi_attacher_test.go #19508
- 62874: dockershim/sandbox: clean up pod network even if SetUpPod() failed #19576
- 62913: make a simple dynamic client that is easy to use #19515
- 62914: kubelet: fix flake in TestUpdateExistingNodeStatusTimeout #19453
- 63086: Fix discovery default timeout test #19471
- 63160: kubelet: logs: do not wait when following terminated container #19545
- 63169: Remove unnecessary dependencies on api/core/v1 #19509
- 63177: kubectl takes a dependency on the controllers #19509
- 63295: Fixed CSI volume detach when the volume is already detached #19816
- 63303: Return attach error to A/D controller #19816
- 63321: kubelet: force filterContainerID to empty string when removeAll is true #19580
- 63339: kubelet: volume: do not create event on mount success #19625
- 63349: Decorate function not called on Create #19602
- 63403: don't block creation on lack of delete powers #19404
- 63416: Retry certificate approval on conflict errors #19770
- 63417: Panic when map string bool flag has no value #19620
- 63421: Cache preferred resources, use in kubectl resource name autocomplete (single commit) #19884
- 63490: default the ignorenotfound for delete when selecting objects #19616
- 63650: Never clean backoff in job controller #19672
- 63716: Add InstallPathHandler which allows for more then one path to be associated with health checking. #19009
- 63831: Always track kubelet -> API connections #19638
- 63831: Close all kubelet->API connections on heartbeat failure #19638
- 63848: Deflake discovery timeout test #19714
- 63875: make TestGetServerGroupsWithTimeout more reliable #19723
- 63903: Revert "Openstack: register metadata.hostname as node name" #19730
- 63903: Revert "Specify DHCP domain for hostname" #19730
- 63903: Revert "Split out the hostname when default dhcp_domain is used in nova.conf" #19730
- 63926: Avoid unnecessary calls to the cloud provider #19742
- 63966: kubectl: fix Flatten() when used without Latest() #19747
- 63977: pkg: kubelet: remote: increase grpc client default size #19774
- 64026: Enable SELinux relabeling in CSI volumes #19816
- 64028: Tolarate negative values when calculating job scale progress #19765
- 64443: services must listen on port 443 for aggregation #19866
- 64516: Fix error message to be consistent with others #19884
- 64573: remove extra "../" when copying from pod to local #19898
- 64797: Handle deleted DaemonSet properly #19927
- 64855: Fix setup of ephemeral storage #19939
- 64883: Fix up legacy printer table adapter #19934
- 64916: improve memory footprint of daemonset simulate #19956
- 64946: log healthz check #19952
- 64969: volume: decrease memory allocations for debugging messages #19960
- 65001: Quiet verbose apiserver logs #19970
- 65009: daemon: add custom node indexer #19980
- 65027: Use actual etcd client for /healthz/etcd checks #19992
- 65063: Re-use private key after failed CSR #20000
- : Add PSP review to /oapi Resources #19542
- : Remove write permissions on daemonsets from Kubernetes bootstrap policy #18971
- : XFS quota for emptyDir volumes #19533
- : add RawConfig to factory for commands modifying raw kubeconfig files #19343
- : aggregator to proxy oapi to apps.openshift.io server #18652
- : allow injecting printers #19137
- : allow oc kubeconfig loading to have our flags and errors #19335
- : change config file location and restore perFSGroup to quantity #19773
- : controller-manager patches for recycler #18887
- : disable local storage isolation feature gate #19323
- : enable critical pod support by default #19104
- : filter daemonset nodes by namespace node selectors #18989
- : inject new parameter for image resolution into kubectl set image #19348
- : pods in openshift-* namespace can be marked critical #19104
- : rewrite unstructured objects on the CLI to avoid oapi #19327
- : avoid contacting server for restmappings in local mode #19996
- : make RootFsInfo error non-fatal on start #19137
- : stop wrapping --sort-by value in {} #19777
Other patches
- docker/distribution#2382: Don't double add scopes
- docker/docker#36517: ensure hijackedConn implements CloseWrite function
- google/cadvisor#1903: fix #1902 bug with retryDockerStatus
- opencontainers/runc#1754: Add timeout while waiting for StartTransinetUnit completion signal
- opencontainers/runc#1805: fix systemd cpu quota for -1

Features

Multi-stage Docker image build support

Builds using the Dockerfile build strategy can now build multi-stage Docker images. The from field continues to target the last image stage in the Dockerfile, but the new as attribute on imageSources allows other stages to be replaced with triggered images.

Support multi-stage dockerbuilds via imagebuilder #18741, #19494

Support external OAuth token authenticators

OpenShift can now be configured to delegate login flows to a remote OAuth capable endpoint like Keycloak. This allows a central Keycloak server to authenticate multiple clusters. See the documentation for more details about configuring this option.

auth: Add option to configure an external OAuth server #18969
auth: Support WebhookTokenAuthenticators for using external servers as token authenticators #18868

Other Features

auth: Add oc adm prune role command to clean up rolebindings that are not bound to valid roles #19619
cli: Add server-side column printer support for openshift objects #19934
clusterup: Add --enable=automation-service-broker #19409
image: Parallelize image mirroring and reuse mounted layers #19017
migrate: Allow storage migration to be performed in parallel #19691
registry: Both internal and external hostnames for the registry should be in docker pull secrets #19838
router: Make updating status on the router optional #17420
router: Prometheus should scrape the router by default #18254
router: Support for DNS names in egress routes #15409
router: Perform real backoff when contending for writes from the router #18686
router: Make router conflict detection work even during initial informer sync #19706
router: Allow only a subset of routes from specific domains to be overriden by the hostname-template #19418
router: Allow egress-router to connect to its own node IP for DNS #19885
server: Expose api-versions and api-resources in oc #19884
template: Allow TemplateInstances to create arbitrary resources, including CRDs #19396

Bugs

build: Retry retrieving build logs in some cases #19695
cert: Order x509 certificate subjects to prevent a Golang / GNUTLS incompatibility #18837
cli: Support quay.io pushing in oc image mirror #19016
cli: Correct oc scale error handling #19275
cli: Improve validation for oc set volume #19169
cli: Fix incorrect oc run default option #19712
cli: Dots should be allowed in environment variable names passed to oc new-app #19688
diagnostic: Replace usage of brctl with /sbin/ip #19929
jenkins: Adjust jenkins template setting to account for effects of constrained default max heap #18832
network: Fix handleDeleteSubnet() to release network from subnet allocator #18801
network: Fix egressip handling when a NetNamespac is updated #18808
network: The NetworkCheck diagnostic did not use the correct config file #18709
network: Allow configurable CNI bin dir in openshift SDN #18464
network: Correctly report initial NodeNetworkUnavailable condition #18758
network: Allow subnet allocator to handle changes to the subnet values #18999
network: Prevent incorrect deletion of HostSubnet OVS flows #19080
network: Make changing egress network policy rules more efficient #19346
network: Print out errors that occur when using macvlan and a namespace cannot be retrieved #19491
network: Remove openvswitch check from UnitStatus diagnostic #19572
network: Use a real OVS transaction when changing network configuration on the host #19393
network: Use a go-native DNS library instead of dig command for dns resolution in egress network policy #19805
network: Do not throw spurious error when minTTL=0 for the domain in egress network policy #19950
network: Remove the node from dnsmasq config when shutting down #19987
network: Get lowest TTL from the DNS resolution chain for egress DNS #19982
node: Fix to pass quoted unsafe strings (with characters like *,<,%) correctly to kubelet #19951
registry: Update docker config secret to support the future location of the registry service #19514
registry: Make docker registry service controller check all secrets #19788
router: When a router is reloaded after a batch of route/ingress changes are committed, haproxy sometimes fail to reload #18587
router: Some route status updates were being lost #19018
router: Combine backend map files to fix path based routing #18840
router: Wildcard routes should not take precedence over sub-routes #19076
router: Some routes were being rejected incorrectly when NAMESPACE_LABELS was set #19330
router: The router can forget routes when routes are created and deleted in rapid succession #19175
router: Unidle in router should ignore headless services #19416
router: Allow Prometheus to get metrics from the router #19318
security: Correctly handle legacy PodSecurityPolicyReview resources #19542
server: Improve performance of the SDN controller by using shared caches #18911
server: Move range allocation to an internal API as rangeallocations.security.openshift.io #19277
server: Set etcd DialTimeout, fix etcd start order in all-in-one #19953
server: When etcd is down, avoid pathological healthz behaviors #19992
service-catalog: Start API and controller pods with log verbosity = 3 #19135

Release SHA256 Checksums

f876258c9a6221637a84e35ff68e9af96c2f2013eb9ae41ea33abd9286aa045c  ./openshift-origin-client-tools-v3.10.0-rc.0-c20e215-linux-64bit.tar.gz
dcb414712e8ae08146634d0c18720476e7afd024aa100bd2246d064de6658664  ./openshift-origin-server-v3.10.0-rc.0-c20e215-linux-64bit.tar.gz
872e0b58684af5d17b41a0585c50b41d09fbefa449d80927ba91252ac998deb3  ./openshift-origin-client-tools-v3.10.0-rc.0-c20e215-mac.zip
25eef2fc0401209e3b5d40239827c023f463cdafeb06f81f1a6a0af9deaa1d25  ./openshift-origin-client-tools-v3.10.0-rc.0-c20e215-windows.zip
1c21ba58ee0f7fc8b55e9d84099632ec970051adc3744a294a10bcd3aefcfe21  ./CHECKSUM

v3.9.0

6 years ago

This is the official feature release of OpenShift Origin.

Changes

Roadmap for the v3.9 release

v3.9.0 (2018-03-30) Full Changelog

Component updates

Updates to Kubernetes
- 51042: Allow passing request-timeout from NewRequest all the way down #13701
- 52324: Fix bug on kubelet failure to umount mount points. #18225
- 54530: api: validate container phase transitions #18792
- 56164: Split out a KUBE-EXTERNAL-SERVICES chain so we don't have to run KUBE-SERVICES from INPUT #18754
- 56288: Add list of pods that use a volume to multiattach events #18290
- 56315: Record volumeID in GlusterFS PV spec UPSTREAM: 56823: Add volID based delete() and resize() if volID is available in pv spec UPSTREAM: 57516: Add custom volume name based on SC parameter UPSTREAM: 58513: Add Namespace to glusterfs custom volume names UPSTREAM: 58626: Use correct pv annotation to fetch volume ID #18326
- 56432: e2e: test containers projected volume updates should not exit #18387
- 56846: Fix Cinder detach problems #18140
- 56872: Fix event generation #18442
- 57202: Fix format string in describers #18853
- 57336: Abstract some duplicated code in the iptables proxier #18754
- 57461: Don't create no-op iptables rules for services with no endpoints #18754
- 57480: Fix build and test errors from etcd 3.2.13 upgrade #18731
- 57854: fix bug of swallowing missing merge key error #18331
- 57967: Fixed TearDown of NFS with root squash. #18154
- 58177: Redesign and implement volume reconstruction work #18554
- 58316: set fsGroup by securityContext.fsGroup in azure file #18526
- 58375: Recheck if transformed data is stale when doing live lookup during update #18530
- 58415: Improve messaging on resize #18509
- 58439: Fix loading structured admission plugin config #18529
- 58439: Surface error loading admission plugin config #18529
- 58522: Clean up error messages for pre-bound PVCs #18284
- 58533: add suggestion to describe pod for container names #18178
- 58574: fixing array out of bound by checking initContainers instead of containers #18403
- 58617: Make ExpandVolumeDevice() idempotent if existing volume capacity meets the requested size #18432
- 58685: Fill size attribute for the OpenStack V3 API volumes #18237
- 58720: Ensure that the runtime mounts RO volumes read-only #18255
- 58739: Don't bind PVs and PVCs with different access modes #18284
- 58753: Fix kubectl explain for cronjobs #18268
- 58794: Resize mounted volumes #18421
- 58930: Don't wait for certificate rotation on Kubelet start #18322
- 58955: pkg: kubelet: do not assume anything about images names #18340
- 58977: Fix pod sandbox privilege. #18820
- 58991: restore original object on apply err #18337
- 58994: Race condition between listener and client in remote_runtime_test #18409
- 59170: Fix kubelet PVC stale metrics #18787
- 59279: nodelifecycle: set OutOfDisk unknown on node timeout #18417
- 59297: Improve error returned when fetching container logs during pod termination #18515
- 59350: Do not recycle volumes that are used by pods #18552
- 59365: Fix StatefulSet set-based selector bug #18824
- 59386: Scheduler - not able to read from config file if configmap is not found #18475
- 59449: Fix to register priority function ResourceLimitsPriority correctly. #18503
- 59506: fix --watch on multiple requests #18514
- 59569: Do not ignore errors from EC2::DescribeVolume in DetachDisk #18544
- 59767: kubelet: check for illegal phase transition #18585
- 59873: Fix DownwardAPI refresh race #18636
- 59923: Rework volume manager log levels #18636
- 60299: apiserver: fix testing etcd config for etcd 3.2.16 #18731
- 60301: Fix Deployment with Recreate strategy not to wait on Pods in terminal phase #18760
- 60306: Only run connection-rejecting rules on new connections #18754
- 60342: Fix nested volume mounts for read-only API data volumes #18789
- 60430: don't use storage cache during apiserver unit test #18731
- 60457: tests: e2e: empty msg from channel other than stdout should be non-fatal #18755
- 60490: Volume deletion should be idempotent #18878
- 61045: subpath fixes #18957
- 61107: Add atomic writer subpath e2e tests #18957
- 61107: Detect backsteps correctly in base path detection #18957
- 61193: bugfix(mount): lstat with abs path of parent instead of '/..' #18985
- : Remove write permissions on daemonsets from Kubernetes bootstrap policy #18977
- : Short-circuit HPA oapi/v1.DC #18380
- : hack in working autoscale reference for oc autoscale #18376
- : hack out the oapi for restmapping resources when more than one is present #18377
- : patch the upstream SA token controller and use it #18508
Updates to docker/distribution
- UPSTREAM: docker/docker#36517: ensure hijackedConn implements CloseWrite function

Features

FEATURE DESCRIPTION

PARAGRAPH

DESCRIPTION #PR

Other Features

build: Issue 17941: Add oc new-build --push-secret option #18477
deploy: Add support for deployments in oc status #18439, #18579

Bugs

auth: Change Header used for impersonation scopes to match upstream #18378
auth: Deprecate some policy commands #18102
build: Adjust newapp/newbuild error messages (arg classification vs. actual … #18272
build: Fix BuildConfigInstantiateFailed warning when lastVersion == 0 #17146
cli: Add infos count to oc status #18422
cli: Suppress project list on login if you have access to greater than 50 projects #18706
diagnostic: Add an AppCreate diagnostic #16658
diagnostic: AggregatedLogging ClusterRoleBindings false negative fix #18888
diagnostic: Fix AnalyzeLogs to provide more clear debug message #18654
image: Fix annotation trigger to reconcile on container image change #18513
image: Preserve namespace on imagestreams server-side export #18487
image: Prevent scheduled importer of images from advancing too quickly #18604
image: Retry import without authentication if we get 401 error for public images #18012
migrate: Add migrate command for legacy HPAs #18854
network: Fix reassignment of egress IP after removal #18720
network: Deal with auto-egress-ip mark conflicting with kube-proxy's masqueradeBit #18121
network: Do not allow 'default' project to be isolated using 'oc adm pod-network' #18687
network: Don't try to delete (nonexistent) OVS flows for headless/external services #18890
network: Fix CNI IPAM data dir #18863
network: Fix handleDeleteSubnet() to release network from subnet allocator #18819
newapp: --source-image should count as a source input for new-app #18631
node: Move pod-namespace calls out of process to prevent races between Go threads #18355
node: Restart console container when config changes #18411
node: Support --write-flags on openshift start node to support moving directly to kubelet #18322
oauth: Enable osin internal error logging #18505
router: Make oadm router and registry resiliant to missing client for use in scripts #18546
router: Updating route TLS configuration will be possible with 'create' permissions on custom-host #18312
security: ClusterResourceOverride plugin should not set CPU or memory minimums below the namespace quota minimum #18553
server: Bug 1538389 - Allow node IP change to update Host IP in HostSubnet resource #18281
server: Correctly handle newlines in serial files #18405
server: Wait for lease acquisition that indicates the controllers and scheduler have successfully started #18338
template: Make sure we can unbind a deleted templateinstance #18452

Release SHA256 Checksums

6ed2fb1579b14b4557e4450a807c97cd1b68a6c727cd1e12deedc5512907222e  ./openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz
a616d50c0974d4b3d1f12f227883afa7e70028fe78c874fc233eb3466ee12fdf  ./openshift-origin-server-v3.9.0-191fece-linux-64bit.tar.gz
32bdd9464866c8e93d8cf4a3a7718b0bc9fa0f2881f045b97997fa014b52a40b  ./openshift-origin-client-tools-v3.9.0-191fece-mac.zip
705eb110587fdbd244fbb0f93146a643b24295cfe2410ff9fe67a0e880912663  ./openshift-origin-client-tools-v3.9.0-191fece-windows.zip

v3.7.2

6 years ago

This is a patch release of OpenShift Origin.

Changes

v3.7.2 (2018-03-16) Full Changelog

Component updates

Updates to Kubernetes
- 49624: Add daemonset to all categories #18478
- 53690: Fix hpa scaling above max replicas w/ scaleUpLimit #18216
- 54701: Refactor reconcileAutoscaler method in hpa #18216
- 55631: Parse and return the last line in the log even if it is partial #17546
- 57422: Rework method of updating atomic-updated data volumes #18167
- 57967: Fixed TearDown of NFS with root squash. #18954
- 58301: Limit all category to apps group for ds/deployment/replicaset #18478
- 58572: Automated cherry pick of #58547: Send correct resource version for delete events from watch #18246
- 58720: Ensure that the runtime mounts RO volumes read-only #18954
- 60342: Fix nested volume mounts for read-only API data volumes #18954
- 61047: Lock subPath volumes #18954
- 61109: Detect backsteps correctly in base path detection #18954
- 61196: bugfix(mount): lstat with abs path of parent instead of '/..' #18954
- Revert "UPSTREAM: 53916: update .dockercfg data to config.json format" #18062

Bugs

auth: Fix issues with oc adm migrate authorization #18221
migrate: handle NotFound via resource matching and during conflicts #18287
server: Include proto swagger document in discovery #18309
server: Don't expose oapi types as 'all' #18478
deployments: Correctly trigger DC trigger reconciliation on image change release #18524
build: Correctly set selinux labels for build containers #17546

Release SHA256 Checksums

abc89f025524eb205e433622e59843b09d2304cc913534c4ed8af627da238624  ./openshift-origin-client-tools-v3.7.2-282e43f-linux-64bit.tar.gz
74933671b886f790dbf83edfba25a522851244c37a586dc491a39ebf30ece893  ./openshift-origin-server-v3.7.2-282e43f-linux-64bit.tar.gz
8ae2f51cdde5c76a33add98c64efc30f11f5c0fbd1dacc5ae5d0f147b96f7d18  ./openshift-origin-client-tools-v3.7.2-282e43f-mac.zip
45e525b751d7659e05adfbd005851cdeb769df511cfe38f5e45c0dfed854e784  ./openshift-origin-client-tools-v3.7.2-282e43f-windows.zip

v3.9.0-alpha.3

6 years ago

This is a feature release of OpenShift Origin.

Backwards Compatibility

TODO

Changes

Roadmap for the v3.9 release

v3.9.0-alpha.3 (2018-01-23) Full Changelog

API

TODO

Component updates

Updated to Kubernetes v1.9.1-57-ga0ce1bc657 + patches
- 49312: allow the /version endpoint to pass through #17576
- 49885: Ignore UDP metrics in kubelet #17106
- 50390: Admit sysctls for other runtime. #17274
- 50673: Azure - Use cloud environment to instantiate storage client #17052
- 52260: fix azure disk mounter issue #17052
- 53135: Fixed counting of unbound PVCs towards limit of attached volumes #17442
- 53576: Revert "Validate if service has duplicate targetPort" #17115
- 53989: Remove repeated random string generations in scheduler volume predicate #17442
- 54410: Cpu manager reconcile loop - restore state #18055
- 54459: fix azure storage account num exhausting issue #17052
- 54597: kubelet: check for illegal container state transition #17514
- 54607: fix azure pv crash due to volumeSource.ReadOnly value nil #17052
- 55248: increase iptables max wait from 2 seconds to 5 (fix) #17115
- 55316: Make StatefulSet report an event when recreating failed pod #18060
- 55631: Parse and return the last line in the log even if it is partial #17198
- 55641: dockershim: remove corrupt checkpoints immediately upon detection #17299
- 55703: use full gopath for externalTypes #17115
- 55704: Return original error instead of negotiation one #17115
- 55772: Only attempt to construct GC informers for watchable resources #17115
- 55796: Correct ConstructVolumeSpec() #17423
- 55974: Allow constructing spdy executor from existing transports #17115
- 55974: Allow constructing spdy executor from existing transports #17391
- 56045: Fix getting logs from daemonset #17405
- 56191: CPU Manager panics on state initialization error #18055
- 56356: Wait for controllerrevision informer to sync on statefulset controller startup #17513
- 56408: admission: do not leak admission plugin config types outside of the plugin #18111
- 56503: MustRunAsNonRoot should reject a pod if it has non-numeric USER #17512
- 56506: kubelet: include runtime error in event on CreatePodSandbox failure #18002
- 56687: kube-apiserver: enable admissionregistration v1beta1 api by default #17576
- 56864: pick pod-selector changes from #56864 #17616
- 56971: LimitRange ignores objects previously marked for deletion #17978
- 57099: increase the podLogTimeout for downward volume test #17627
- 57107: Check ns setup error during e2e #17576
- 57148: expose special storage locations #17576
- 57149: make quota reusable #17576
- 57150: allow convert to default on a per object basis #17576
- 57211: Process cluster-scoped owners correctly #17820
- 57214: Remove mutation from pvc validation #17876
- 57247: cpumanager: Propagate error up instead panic #18051
- 57276: Fix vsphere cloudprovider naming #17961
- 57349: add watch to requirements for quota-able resources #17863
- 57993: Add volumemetrics for glusterfs plugin #18091
- 58018: make controller port exposure optional #18003
- 58107: Fix quota controller worker deadlock #18080
- 58302: uniquify resource lock identities #18100
- : add flag for running bare kube-controller-manager #18100
- : add our immortal namespaces directly to admission plugin #17914
- : allow controller context injection to share informers #17115
- : allow injection of controller context function #18003
- : allow injection of controller context function #18097
- : allow multiple containers to union for swagger #17115
- : disable failing etcd test for old level #17391
- : exclude some origin resources from quota #17576
- : keep set working on internal types #17576
- : make wiring in kubeproxy easy until we sort out config #17576
- : patch scheduler to apply defaults. drop once we run separate scheduler #17576
- : switch apply to use the legacyscheme so our types can be handled #17576
- : switch back to use encode/json to avoid serialization errors #17115
- : switch back to use ugorji/go to avoid deserialization errors #17768
- : add back PrintSuccess. remove when printing is fixed #17576
- : disable flaky InitFederation unit test #17115
- : enable beta APIs by default. fixed by several pulls upstream #17576
- : etcd testing #17115
- : remove usage of bad transport since only GKE routes #17576
- : run hack/copy-kube-artifacts.sh #17115
- : skip controller metric error, drop once we run in a separate process #17576
- : skip scheduler configz error, drop once we run in a separate process #17576
- : stop adding federation to hyperkube one release early #17663
- revert: 9176245: : allow controller context injection to share informers #17861
- revert: cf235c2: UPSTREAM: : switch apply to use the legacyscheme so our types can be handled #17885
Updated to Docker distribution v2.6.0-rc.1-210-g00b6b84 + patches
- docker/distribution: 2382: Don't double add scopes #17115
- docker/distribution: 2384: Fallback to GET for manifest #17115
- docker/distribution: 2402: Allow manifest specification #17115
- docker/distribution: 2402: Allow manifest specification #18078

Features

TODO

Bugs

build: Fixed the wrong name of building image. According to the implementati… #17050
- Fixed the wrong name of building image. According to the implementation and running behavior. the building image is openshift/origin-release (215b3d8503)
auth: Allow registry-admin to manage RBAC roles and bindings #17247
- Allow registry-admin to manage RBAC roles/bindings (6fe994484c) force-merge: Fix push-release e6b20e1089
cli: Improve the documentation for oc rollout #17081
- Since the 'oc deploy' is deprecated. It is better for providing usage 'oc set trigger'. Forgetting the 'oc deploy'. (cdfe840ed8)
cli: oc set probe err message improvements #17107
- move error cause to top of err message (1acd699f4b)
image: don't create output imagestrem if already exists with newapp #16843
- don't create output imagestrem if already exists with newapp; better circular tag detection (697ee8ec31)
auth: Improve the oc auth subcommands CLI example #17270
- Improve the oc auth subcommands CLI example usage: Replaced the kubectl to oc (d379c0971a)
Fix parse error for multiple OPTIONS to run node #17212
- Remove double quotations from docker env to run node (335053ad5f)
- Handle OPTIONS as additional argments (549f5404ba)
make assetconfig a top level type #17310
- make assetconfig a top level type (15baffae01)
- generated (72eaf22331)
Trivial fix to do fewer allocations in OVS healthcheck #17313
- Avoid parsing the whole dump-flows output in the OVS health check (67a57a380f)
image: Add python 3.6 S2I image to examples #17281
- Add python 3.6 S2I image (d4a8e611dc)
image: Imagestream tag exclude from pruning #16580
- Add new option to exclude imagestream tag from pruning by regular expression (b70983dc1a)
cluster: clusterup add .skip_pv marker #16631
- add skip_pv marker to skip PV creation (7f448c0609)
router: Router: Changed default resource resync interval from 10mins to 30mins #17012
- Router: Changed default resource resync interval from 10mins to 30mins (172349c590)
- Fix project sync interval in router (5e20571814)
build: remove kubectl from openshift (but not oc) #17305
- remove kubectl from openshift (but not oc) (41f361a843)
- try to modify the build scripts and not turn purple (163e2e7286)
- generated (08de059118)
cluster: Limit fail-on-swap override to cluster-up #17385
- Revert "interesting: restore ability to start with swap on by default" (97ab350878)
- set fail-swap-on to false for cluster up (d8265d0fed)
server: Remove overwrite_bootstrappolicy and pkg/cmd/server/admin/legacyetcd #17336
- remove pkg/cmd/server/admin/overwrite_bootstrappolicy.go and pkg/cmd/server/admin/legacyetcd (a9ea2dd103)
- update generated docs (011b1ca0e7)
switch to hyperkube and remove renames #17369
- switch to hyperkube (1116e0579e)
- generated (57a5bef52e)
security: admission_test.go(TestAdmit): compare SecurityContexts instead of particular members #17296
- admission_test.go(testSCCAdmission): print test case name when test fails. (df809c46da)
- admission_test.go(TestAdmit): eliminate duplicated code by using existing method. (c634e11e4b)
- admission_test.go(TestAdmit): split to TestAdmitSuccess and TestAdmitFailure. (d935b126bf)
- admission_test.go(TestAdmitFailure): reduce code by (enchancing and) using existing function. (f51843c57d)
- admission_test.go(setupClientSet): extract function. (072358ba21)
- admission_test.go(createSCCLister): extract function. (d1895e0b4b)
- admission_test.go: rename variable to better describe its type. (0cdb8b10f9)
- admission_test.go(createSCCListerAndIndexer): introduce and use function. (ae97160820)
- admission_test.go(saExactSCC): extract function. (e8a9047b9b)
- admission_test.go(saSCC): extract function. (4eaeda2bf0)
- admission_test.go(TestAdmitSuccess): compare SecurityContexts instead of particular members. (0ea1b367dc)
- admission_test.go(testSCCAdmission): modify to signalize about errors. (0016cebb7a)
- admission_test.go(TestAdmitSuccess): remove hardcoded SELinux level. (268aea6fb5)
switch the easy admission plugins to external types #17288
- switch easy admission plugins to external clients (b4427a01af)
- switch to external user client (faf4959d36)
pkg/security/OWNERS: add simo5 to the list of approvers #17406
- pkg/security/OWNERS: add simo5 to the list of approvers. (2c0ee8396f)
image: remove openshift cli and friends #17396
- remove openshift cli and friends (3018938ae1)
- generated (a29bc3a6e0)
- update dind image (d6b88e28f6)
cluster: Gate fail-swap-on flag with a version check #17410
- Revert "set fail-swap-on to false for cluster up" (5bb0613cf5)
- Make "openshift start node --write-config" tolerate swap on (2b69c32325)
server: switch to glide #17391
- glide.yaml (9e214041e9)
- use script to link to staging folder for patches (e373c53cd2)
- update openapi generation script to exclude dir (7a98e50587)
- minor completion changes (50b62dca86)
- prevent k8s.io/kubernetes/cmd since we didn't run them before (9fa7abdbbd)
fix multiarch import tests #17437
- disable multiarch import tests (2dbe4f4a07)
template: Add provisioner template for local storage #16538
- Rename "local storage" to "HostPath storage" example (263877632b)
- Add template for local storage (276079c743)
image: Change imagestreamtag sorting #17430
- Sort istags alphabetically during schema conversion (0f6440d25f)
- Version prefix matters when sorting tags names (691009b518)
server: Switch to use .DeepCopy() instead of kapi.Scheme.DeepCopy() #17444
- replace usage of kapi.Scheme.DeepCopy() with .DeepCopy() (4f70f5dbea)
- interesting: switch image change reactor to use runtime.Object (d4859926e1)
- replace usage of kapi.Scheme.Copy() with .DeepCopy() (0b49deb753)
test: Extend the e2e suite to a broader range of tests #17417
- Extend the e2e suite to a broader range of tests (67cf6cff92)
- Networking tests should be better at picking targets (e02c56bf8f)
- Reduce the required timing on build tests to account for overlay (a9bab2d8ea)
cli: Begin moving pkgs w/ deps on pkg/oc #17332
- break dep on pkg/oc - generator/generator.go (9fd5519808)
Update prometheus to 2.0.0 GA #17039
- Update prometheus to rc2 (b5918211e2)
server: Switch to openshift/api #17477
- add openshift api dependency (5aaa00b76e)
- move-package script (b50591130a)
- generated move results (9d41cbeead)
- manual prep for move (e491d07b86)
- update register files (d4db27aeba)
- update generation script (662468e1a6)
- update manual conversion references (4023e66bcc)
- move helper to single point of use (e825c5fda8)
- adjust to new client (95cac057d0)
- react to gopkg.in/ldap.v2 bump (8f5944f7cc)
- something happened to the openshift proto definitions (0d7864facc)
- generated (6b0e2c4339)
remove openshift infra command #17482
- remove openshift infra command (28f86851a6)
- generated (0a63dd8565)
node: Add test to guard unset fields in deployer pod #17471
- add test to guard for new pod fields in deployer controller (9084edff0f)
node, syscontainer: drop /var/lib/docker mount point #15115
- node, syscontainer: replace /var/lib/docker mount point (20ffe24610)
- node, syscontainer: umount everything under /var/lib/docker/containers (d14bce040b)
build: set selinux labels on build docker containers when running pods in crio #17094
- setup selinux labels for build containers (bce732a137) force-merge: Adding OS_GIT_PATCH to rpm env 354df72d3e
hack: hack/lib/init.sh: minor shell and readme improvement #17501
- hack/lib/init.sh: minor shell and readme improvement (644ad02f77)
image: install ceph luminous package in centos7 based image #17350
- install ceph luminous package in centos7 based image (9f08ce61ac)
- use centos SIG storage repo (b7fde7b439)
deploy: apps: extend extended tests to better check for deployer invariants and enable back the old check #16998
- Fixup variable names in DC controller (086cc82723)
- Make deployment test reproducible when randomness is involved (705e69b39b)
- Add asynchronous deployer pod invariant checker for every test (020235fbab)
- Enable back the old check for multiple deployer pods temporarily disabled in https://github.com/openshift/origin/pull/16956 (62b1cbc65a)
- Add some test to stress test deployer pod invariants (ba495e5dcb)
cli: move "openshift ex" -> "oc ex" #17486
- move "openshift ex" -> "oc ex" (4bdb0bd467)
- update tests (28887fac79)
- update completions/docs (7c3a54e85b)
server: pick pull 17473: stop adding beta admission config to default master configs #17516
- stop adding beta admission config to default master configs (d2ee0d319d)
- patch master option tweaks (93ddeaed5c)
template: break dep on clientcmd in pkgs outside pkg oc #17357
- break dependencies on pkg/cmd/util/clientcmd (6bb3e85e6d)
- move admin template cmds -> pkg/oc/admin (41e9a84142)
- move main client configuration to pkg/client/config (14a5503225)
- break remaining deps on pkg/oc (213f9a83fc)
deploy: Fix DC reaper to deal with invalid resource name. #17492
- Fix DC reaper to deal with invalid resource name. (It was deleting all RCs because apimachinery .AsSelector() ignores errors and returns MatchAll selector in that case.) (b75bee47df)
- Fix TestWaitForRunningDeploymentSuccess race (f6f37ad8c4)
Exclude myself from most of the OWNERS files #17557
- Exclude myself from most of the OWNERS files. (086bd45d54)
- Exclude legionus and tiran from OWNERS as well. (29d91f0ebb)
prevent references from origin to oc #17536
prevent references from origin to oc (c1c963681a)
auth: Infrastructure changes for token timeouts #17614
- Remove duplicate Origin authenticator interfaces (b638188e44)
- Add OAuth token and user validator interface (10d7f6a124)
- Wire up OAuth shared informer (5b379e3550)
- Allow authenticator to return post start hooks (f27d9470a7)
cluster: cluster up support for N-1 clusters #17338
- switch to template-service-broker binary (9776370136)
- cluster up support for N-1 clusters (758e387f3e)
deploy: Remove journald limits #17597
- Drop changing journald limits, now that ansible owns that piece (3906907192)
- Bring back deployment e2e commented out due to journald limitting problem (e13aa42744)
auth: Fail fast when request to /.well-known/oauth-authorization-server fails #17606
- Fail fast when request to /.well-known/oauth-authorization-server fails. (51e0dafa85)
Introduce custom Grafana for openshift prometheus. #17037
- Introduce custome Grafana for openshift prometheus. (ca061f2eb7)
deploy: Fix deploymentconfig scale #17587
- Fix scale subresource type for apps.openshift.io/deploymentconfigs/scale (cc424f5f74)
- Fix deployment config UpdateScale (b948af9dd3)
build: adjust bld prometheus ext test for concurrent tests, cross namespace … #17635
- adjust bld prometheus ext test for concurrent tests, cross namespace builds (bc923a241d)
node: sdn: make pod operation metrics more useful and collectable #17250
- sdn: make pod operation metrics more useful and collectable (d61ffa1787)
- sdn: handle error from JSON marshal at pod setup (caf5f73f59)
fix prometheus readme: bld phase/reason conversion to all lower case … #17809
- fix prometheus readme: bld phase/reason conversion to all lower case was reverted (f1194fd93e)
deploy: re-enable deployment test #17751
- Revert "increase DC hook timeouts. indicates pod start latency problem and flakes end-to-end" (0ac41089e6)
- re-enable deployment test (56ac0bfb78)
cluster: diagnostics: minor fixes #17772
- diagnostics: correctly use cluster-context if specified (428abd8cd5)
- diagnostics README: correct package and command (8c714166ee)
- diagnostics: in-pod command now openshift-diagnostics (357071f892)
auth: NetworkPolicy RBAC fixes #17549
- Update OpenShift roles for networking.k8s.io (98b52bf70a)
sync prometheus ext tests running in parallel #17717
- account for already exist race with prometheus ext tests (9b9f68d47c)
router: re-enable router metrics test #17753
- re-enable router metrics test (f6b0568c3d)
Workaround for broken quota admission test #17830
- Fix quota admission test (93e0508eb1)
Restore ugorji json decoding with type coercion #17768
- Add compatibility test for (shudder) string->int and {}->[] coercion (a8b819ca8e)
Allow the configuration of individual controllers #17572
- allow configuring enabled and disabled openshift controllerS (a5743a7c56)
- generated (171d733825)
test: tweak failing-dc e2e test with sleep so docker have time to get the hook container logs #17746
- add sleep to failing-dc fixture so docker have time to gather logs from hook container (6ace95d132)
build: Update gitignore for vendored build output files #17848
- Add the output directories for incubators to .gitignore (70400f6e5b)
hack: UPSTREAM: 57214: Remove mutation from pvc validation #17876
- fake godeps.json to make hack/cherry-pick.sh work (adc532606f)
server: Add origin types kubectl scheme #17885
- Add origin types to the kubectl scheme (e65306cbd0)
- centralize legacy installation into core api group (ec8902bb2d)
hack: hack/update-dep.sh proof #17810
- move crio to point of use in builders (bd0d189cc7)
- glide (8a012cf097)
cluster: Remove hardcoded fields for parameter substitution configuration in Cluster Loader #17072
- Remove hardcoded fields for Cluster Loader parameters (3bef3a2c3b)
cli: Add --selector, --pod-selector flags oc adm drain #17616
- update completions (9f492834de)
Update swagger spec generation #17688
- Update swagger spec generation (804b77911c)
- Generated changes (b60a6d0b7c)
deploy: Fix race in extended deployments test #17889
- Fix race in extended deployments test "should deal with cancellation after deployer pod succeeded" (84cdf4083f)
Fix SDN exponential backoff timeouts #17739
Fix SDN exponential backoff timeouts (ac0793cf07)
Moved getLocalSubnet() from node/sdn_controller.go to node/subnets.go (2603e1f1f2)
run openshift and kube controllers on different leases #17861
run openshift and kube controllers on different leases (766a973a53)
image: Add labels column to oc get images --show-labels output #17846
- print labels for images (340502b371)
- add tests for image labels (aea4040bce)
server: Changing API flow description #17960
- Add make update-deps target to be compatible with other openshfit repos (b3c019e406)
- Add an API change section (e7260c51e9)
Update glide again #17962
- glide.yaml (c8f77db97c)
- minimal roundtripping change (a95f6dc9a1)
- generated (4503dca05a)
Rebase service catalog to v0.1.3 #17378
- Squashed 'cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/' changes from 3064247d05..d969acde90 (cedd00ca00)
build: move builder images to use external apis #17699
- clean up import verifier error (b27d4b4860)
- move builder image code to v1 apis (66c9d91d68)
security: SCC admission plugin: extract name to a constant #17856
- PSP admission plugin: extract name to a constant and a couple minor improvements. (710951221c)
security: Improve the process of pod updates by preferring non-mutating SCCs and reducing pod mutations #16934
- SecurityContextConstraints: do not mutate nil privileged field to false. (5b2b98f300)
- SecurityContextConstraints: only set runAsNonRoot when runAsUser is nil. (014f66d83c)
- SecurityContextConstraints: avoid unnecessary mutation of container capabilities. (2e79df04d2)
- SecurityContextConstraints: avoid unnecessary mutation of supplemental groups. (1b41ef74d6)
- SecurityContextConstraints: pass effective capabilities to validation interface. (098d16090e)
- SecurityContextConstraints: limit validation to provided groups. (abd601c5da)
- SecurityContextConstraints: pass effective selinux options to validate. (b5a84975d8)
- SecurityContextConstraints: pass effective runAsNonRoot and runAsUser to user validation interface. (3d4c343700)
- Add unit tests for RunAsUser.MustRunAsRange strategy. (d07223bfa8)
- SecurityContextConstraints: avoid unnecessary securitycontext mutation. (f4d81e2d4a)
- Security Context Constraints: prefer non-mutating SCC on update. (de94214c7e)
node: skip docker ping check when using fake docker #17979
- node: use a warning instead of fatal when docker ping fails (ca5ca9c1d5)
router: Fix indentation in egress-router.sh #18001
- fix indentation (8622953665)
Split prometheus alerting rules, add new automated recording rules #17553
- Split prometheus alerting rules, add new automated recording rules (db29c1cdff)
- Limit some high cardinality metrics by default (3287329878)
- Add a standalone prometheus example (ba373cab38)
Add proper error message to OVS health check #17890
- Add proper error message to alreadySetup (ca87845a2a)
- Fix error message (fd3af25001)
- Fix error messages (179cef67dd)
build: run jenkins java builds in memory constrained pods #17832
- run jenkins maven build in memory constrained pod (e986a9e5b9)
- run jenkings gradle build in memory constrained pod (447f326c13)
server: re-enable openapi aggregation #17899
- re-enable openapi aggregation (e0476c3279)
- generated (9b4169977f)
test: Implement a way to time out tokens based on (in)activity #17640
- Introduce inactivity timeout tracking for access tokens (59a803b6e1)
- Generated files (aa34658d96)
- Add integration test to check token timeouts (0ed56a99ef)
- Fix timeout validator unit test flakes (83811da294)
cluster: Adding synchronization and other features to extended test cluster loader. #17894
- Adding synchronization and other features to extended test's cluster loader. (dd2366b840)
node: Fix passing container to pod logs from dc #18017
- cli: pass container name to log options for dc (97a6d827ec)
- apps: pass container and previous correctly for pod logs (502be6417e)
cluster: Support web console image for cluster up #17575
- Support web console image for cluster up (caba0dcc70)
- Tag origin-web-console image for e2e tests (27041dd3f3)
network: Remove numerous "Provided subnet doesn't belong to network" when configured with multiple subnets #17973
- fix github issue 17475 (659a4ae95f)
Rebase to 1.9.1 #18003
- update glide.yaml (0a67e968d8)
- update to handle audit changes (2dd2187690)
- generated (729452083a)
stop special casing creation for ns lifecycle admission #17914
- stop special casing creation for ns lifecycle admission (de77da5af0)
add proxy for the webconsole #17862
- add proxy for the webconsole (7e44f156eb)
- remove webconsole from openshift (c1c520d343)
cli: Fix segv error for usage error of oc set env command #17932
- Fix segv error for usage error of set env (95e7a0a54b)
ex: dockergc: various fixes #17479
- ex: docekrgc: remove BindForOutput flags (bcb8d75866)
- ex: dockergc: fix typo in error message (cffdd1ef44)
- ex: dockergc: use glog (329b4d0465)
- ex: dockergc: add dry-run mode (45c72bde19)
- ex: dockergc: fix use of contexts (6a1ddee68f)
- ex: dockergc: make gc pass failure non-fatal (3547f938b8)
router: Bump router to haprox18 #18053
- Bump the haproxy version to 1.8 (d0aa7769df)
- router- Temporarily add centos paas sig 3.8 (53762de42e)
auth: Revert back to the "normal" apiserver authentication #15739
- Revert "disable TSB client cert and front proxy auth until aggregation is on by default" (7b09621490)
dind-ovn: use golang binaries instead of python ones #17541
- With upstream PR: https://github.com/openvswitch/ovn-kubernetes/pull/173, this PR will obsolete the python binaries (except gateway helper) (7697cb9020)
- reflect the new install procedure as in https://github.com/openvswitch/ovn-kubernetes/pull/192 (96d39c4388)
auth: apps: Fix dc triggers reconciliation on image change and do not deploy DCs with empty image #17539
- Add test to verify we don't deploy unspecified images in DC (d9dcac54dd)
- Never deploy unspecified images in DC (f0913b262a)
- Fix DC image reactor to reconcile on DC dc.Spec.Template.Spec.Containers changes (cda584a510)
cli: bug 1470374 - oc new-app behaviour #17457
- Add "no git installed" logic for oc new-app syntax (4113dc567e)
router: Pull haproxy from the right place #18066
- Allow haproxy from CentOs (90a1310cc9)
auth: remove oauth server dependency from most integration tests #18067
- remove dead code (6232b9b361)
- remove oauth server dependency from most integration tests (5371880316)
cluster: Cluster capacity rebase to kubernetes 1.9 #18088
- Cluster capacity vendor update for kube 1.9. (64c9fe2a1d)
- Cluster-capacity code update for kube 1.9. (408fb77748)
server: Use webconsole.config.openshift.io/v1 API group #18056
- Use WebConsoleConfiguration API group (0ac3f9d73e)
template: Improve ISSUE_TEMPLATE.md #18027
- .github/ISSUE_TEMPLATE.md: improve. (232751e4d6)
cli: fix -o panic oc rollback #18040
- fix -o panic oc rollback (6a9c123ae2)
- update completions (5428dd7173)
patch controllers for storage #18097
- inject an informer factory override for kube controllers to minimize impact (33febceaf3)
Resolve admission plugin config files #12321
- Move server config test data to fixtures (ec516d277a)
- Apply defaults to server config testdata (516aea9f08)
- Make admission plugin config a pointer (73c3201eef)
- Resolve relative admission plugin config file locations (bdfc2e1a0d)
Clean Prometheus example #17992
- Clean prometheus example. Add proxy for alertmanager (45eb81afd0)
tolerate discovery and errors better #17195
- allow error and partial result for legacy discovery (8233cb6b34)
cli: Deprecate oc secrets subcomands #18093
- Deprecate oc secrets subcomands (5046e19f71)
- Generated files (2a562fca2b)
image: Add image-streams and update db-templates #17922
- Add image-streams and update db-templates. (9d12ad6efd)
add wiring for running bare kube-controller-manager #18100
- make use of the patched kubecontroller manager in openshift (bd48fc8441)
image: oc image mirror was accidentally broken during dependency updating #18078
- Fix oc image mirror post rebase changes (4ec0e5e1fa)
- Update glide.yaml to point to docker distribution branch (729d5f58c9)
web: from 721cde05fe8c386935adc209638700b2476dd228^..721cde05fe8c386935adc209638700b2476dd228
- registry: Rebase 1.8.1 #17115
- server: Switch to openshift/api #17477
- network: rebase 1.9.0 beta.1 #17576
- Update swagger spec generation #17688
- Update glide again #17962
- server: re-enable openapi aggregation #17899
- Rebase to 1.9.1 #18003

Release SHA256 Checksums

aaf1b7115b83105e9acd8687ff5cb43c698a9a7fcd8e6515860303e1e8bd10a0  ./openshift-origin-client-tools-v3.9.0-alpha.3-78ddc10-linux-64bit.tar.gz
619ca9350fa70116e7c4544c2be30c544346d054e2f457e3fdd0cab4f7c01996  ./openshift-origin-server-v3.9.0-alpha.3-78ddc10-linux-64bit.tar.gz
b03bcc33ede03632d97158555157800aabbc11bf005a5c88633eb252ad71ef8f  ./openshift-origin-client-tools-v3.9.0-alpha.3-78ddc10-mac.zip
cc8744074ea4ac0cb746b4f1289c1d88b7cc56ec1239d0411dfed780e1d14e93  ./openshift-origin-client-tools-v3.9.0-alpha.3-78ddc10-windows.zip

v3.7.1

6 years ago

This is a patch release of OpenShift Origin.

Changes

v3.7.1 (2018-01-16) Full Changelog

Component updates

Updates to Kubernetes
- 51634: Revert to using isolated PID namespaces in Docker #17722
- 55641: dockershim: remove corrupt checkpoints immediately upon detection #17302
- 56356: Wait for controllerrevision informer to sync on statefulset controller startup #17620
- 56503: MustRunAsNonRoot should reject a pod if it has non-numeric USER #17686
- 57211: Process cluster-scoped owners correctly #17818
- Allow controller context injection to share informers #17855
Updates to Docker distribution
- docker/distribution: 2140: Add 'ca-central-1' region for registry S3 storage driver #17585

Bugs

deploy: Fix deployment config scale subresource #17517 #17599
oauth: Make client authorizations tolerant of UID changes (4800340563)
router: Fix example certificates used in router tests #17959
server: Fix panic on controllers start #17855

Release SHA256 Checksums

56e9dbff7e5e4ade1e92cc10ff1bd1ae2789ec400be0d8a5b2177fd6c465af21  ./openshift-origin-client-tools-v3.7.1-ab0f056-linux-64bit.tar.gz
bd783fe128fac2f2dd117a23a4c1d9d1b0a8313e2bdb433f640c3b23df7eb8f8  ./openshift-origin-server-v3.7.1-ab0f056-linux-64bit.tar.gz
e2cdad103485580166e4aef14e111551439c2c18a1ed77376b16808755b363ea  ./openshift-origin-client-tools-v3.7.1-ab0f056-mac.zip
dc228416bc07bf96ea6ecca431004bfc1182af0c0b0be7834fceda5e8a663b3e  ./openshift-origin-client-tools-v3.7.1-ab0f056-windows.zip

v3.7.0

6 years ago

This is the official 3.7 release of OpenShift Origin.

Changes

Roadmap for the v3.7 release

v3.7.0 (2017-11-29) Full Changelog

API

SecurityContextConstraints can't be patched because an empty array is returned by the server #17185
- OpenShift now always returns an empty array for the users, groups, and subjects fields on SecurityContextConstraints
Merge imagestreamtag list on strategy merge patch correctly #17091
- Image stream spec tags were not correctly merged when strategic merge patches were used. This is now fixed.
DeploymentConfig replicas field is now correctly marked as optional in the API spec #17035

Component updates

Updates to Kubernetes
- 48813: maxinflight handler should let panicrecovery handler call NewLogged #17048
- 49128: add svc and netpol to discovery #17454
- 49885: Ignore UDP metrics in kubelet #17303
- 54597: kubelet: check for illegal container state transition #17051
- 54763: make iptables wait flag generic; increase the max wait time from 2 seconds to 5 seconds #17062
- 54812: Allow override of cluster level (default, whitelist) tolerations by namespace level empty (default, whitelist) tolerations. #17116
- 54828: trigger endpoint update on pod deletion #17120
- 54921: rename metric reflector_xx_last_resource_version #17173
- 54979: Certificate store handles rel path incorrectly #17135
- 55028: kubelet: dockershim: remove orphaned checkpoint files #17175
- 55248: increase iptables max wait from 2 seconds to 5 (fix) #17222
- 56221: log errors while trying to GC resources #17426
- 56223: ensure that network policy can be GC'd #17426
- drop: fix for bz1507257 hacked from upstream PR47850, drop these changes in favour of that PR because this one does not carry the entire dependent chain. Conflicts were removed manually. #17097

Bugs

build: Adding sample Jenkins Pipeline #16880
build: Allow image trigger controller to create custom builds #17108
cli: Return error when long-form service account name is used with oc policy #17061
image: Correctly dereference ImageStreamTags #16821
image: Signature import now correctly falls back to (in)secure transport #17202
login: Preserve errors correctly when certain errors happen in login #17138
migrate: Correctly handle NotFound errors during migration #17080
network: Validate node IP is local during sdn node initialization #17043
network: fix a segfault with cidr addresses and correct the creation of cluster network object #17076
network: Fix up destination MAC of auto-egress-ip packets #17099
network: Network component should refresh certificates if they expire #17135
network: Avoid parsing the whole dump-flows output in the OVS health check #17333
network: Allow assign-macvlan annotation to specify an interface #17383
router: Change the router reload suppression so that it doesn't block updates #17049
router: Fix the suppress health checks when only one backing service logic #17077, #17155
rpm: Move master config ghosts to /etc/origin/master/ #15163
server: Fix panic during openshift controller options initialization #17127
template: Fix duplicate timeout directive #17030
template: Add template.openshift.io/bindable annotation, default is true #17215
template: Add app label to example templates #17224
web: Rework nav to remove :hover selectors to address bugs, inconsistencies #2388
web: Fix bug where secondary nav items truncate in IE11 #2390
web: Adjust h1 margins so page header border aligns with left nav item #2389
web: Allow EnvFrom Prefix #2377
web: Reveal and hide secrets #2378
web: Bump container terminal to v2.1.1 to fix refresh when disconnect / re-connect #2398
web: Add resourceVersion as a secondary sort for events #2395
web: Update membership filter to use MEMBERSHIP_WHITELIST in Constants.js #2402
web: Preserve newlines in broker status messages #2401
web: Bug 1507753 - Make config page and environment tab actions consistent #2404
web: Check 'auth' field when displaying .dockercfg config #2392
web: Inform the user when no projects to select templates from #2399
web: Fix bugzilla 15077030 where deleting a rolebinding for a serviceaccount can delete additional rolebindings for serviceaccounts from another namespace #2406
web: Update plan info on service instance update #2409
web: Fix adding role to service account where namespace is sometimes missed #2411
web: Show ProvisionCallFailed in notification drawer #2413
web: Correctly merge env edits after background upates #2407
web: Follow-on updates from @jennyhaines https://github.com/openshift/origin-web-console/issues/2362#issuecomment-339710253 #2400
web: Fix missing RolloutCancelled event in notification drawer #2412
web: Fix for adding non-builder templates to a project #2424
web: Use label-editor for PVC labels #2423
web: Fix vertical alignment of "View Details" link #2425
web: Bug 1505281 - Improve import YAML results message #2426
web: Fix bug where wrong next steps message can be displayed #2429
web: Remove breadcrumbs from catalog, create, and next-steps pages #2431
web: Fix bug where custom img icons don't appear in catalog cards #2432
web: Fix bugs with headings #2437
web: Fix for create project dialog in projects list for mobile. #2444
web: Fix broken route links #2445
web: Update help text on CA inputs #2443
web: Don't wrap "Clear Filter" text #2439
web: Should not display the 'Reveal Secret' link when secrets without 'data' field #2448
web: Wizard fixes for iPhone #2451
web: Fix problems with env valueFrom for DC hooks #2461
web: Check for 'auths' field for both dockerconfig secrets types #2463
web: Allow editing service instances again if previous update failed #2466
web: Update catalog subcategory styles #2467
web: Handle null secret values #2465
web: Correctly disable Deploy button #2471
web: Bug 1510346 - Don't let users copy empty secret value #2478
web: Correct ProjectNameTaken error handling in deployImage, processTemplate, and fromFile wizards #2473
web: Add ProvisionedSuccessfully even to notification drawer #2480
web: Fix envFrom validation regex #2486
web: Show idled state in collapsed overview rows #2487

Release Binaries

Binary artifacts are located here: https://gcsweb-ci.svc.ci.openshift.org/gcs/origin-ci-test/branch-logs/origin/v3.7.0/builds/test_branch_origin_cross/1032/artifacts/zips/

573e39965633671aac08d68f57d66ff182fb646649523914f0a60debb6515eba  ./openshift-origin-client-tools-v3.7.0-7ed6862-linux-64bit.tar.gz
cfbd89b0bc5068e940daa9eff2af84be2458a4dd38b4c8ed363b04f204f06a54  ./openshift-origin-server-v3.7.0-7ed6862-linux-64bit.tar.gz
7b00cf3535e9b5a33c30a143bdb5621fe49f73aee63c77ff4a7f8d0212be4f0a  ./openshift-origin-client-tools-v3.7.0-7ed6862-mac.zip
3b61b29940844d5744bea1a8c0d34fb47c0817e94b1ef154f2fe33014962742b  ./openshift-origin-client-tools-v3.7.0-7ed6862-windows.zip
c0bfff74ed1db6d67887b5bd7883c600151d62608a2360b695ce21394874362f  ./openshift-origin-image-v3.7.0-7ed6862-linux-64bit.tar.gz
c813a073e0a10e55b02ac9aaf02f2647d761180a327691765a58a25676a3d4c8  ./CHECKSUM

RPMs are published here: https://gcsweb-ci.svc.ci.openshift.org/gcs/origin-ci-test/branch-logs/origin/v3.7.0/builds/test_branch_origin_extended_conformance_gce/2001/artifacts/rpms/

v3.7.0-rc.0

6 years ago

v3.6.1

6 years ago

This is a patch release of OpenShift Origin.

Changes

v3.6.1 (2017-10-25) Full Changelog

Component updates

Updates to Kubernetes
- 45352: Pod (Anti)affinity shouldn't be respected across namespaces. #16016
- 45743: partial pick of 45743 to fix config groupversion defaults #16976
- 46236: Support sandbox images from private registries #15880
- 47731: Use endpoints informer for the endpoint controller. #16575
- 47788: Get rid of 30s ResyncPeriod in endpoint controller. #16575
- 49724: skip WaitForAttachAndMount for terminated pods in syncPod #15534
- 49992: Correctly handle empty watch event cache #15616
- 50258: Add token cache component #15662
- 50258: Add token group adder component #15662
- 50258: Add union token authenticator #15662
- 50258: Simplify bearer token auth chain, cache successful authentications #15662
- 50583: Make endpoints controller update based on semantic equality #16890
- 50934: Skip non-update endpoint updates #15889
- 51144: Fix unready endpoints bug introduced in #50934 #15889
- 53753: Reduce log spam in qos container manager #16841

Bugs

Skip goversioninfo when it is not installed #15550
Add back origin-sdn-ovs #15542
print typed podlist for correct serialization #15519
make the router integration tests run as part of test-end-to-end #15778
Properly handle errors in policy listing #15762
Image policy is resolving images on replica sets by default #15867
Mark subjectaccessreview/resourceaccessreview as root-scoped #15714
Disable RBAC create commands #15618
extended: Skip test instead of failing #16126
Add short ttl cache to token authenticator on success #15662
make oc adm create-bootstrap-project-template compatible w 1.5 cluster #16207
Disable TestImageStreamImportDockerHub integration test to unblock the queue #16336
Retry image stream updates when pruning images #16138
Updating docker --build-arg test due to docker code change #16541

Release SHA256 Checksums

922afb7a5642040ea7a6b780cd68eb1d15533b6376b503351a4c38a452338d11  ./openshift-origin-client-tools-v3.6.1-008f2d5-linux-64bit.tar.gz
47d0167e0b496b3a64249e40a91513af998fba7d4ba725454e74a8203024ebd8  ./openshift-origin-server-v3.6.1-008f2d5-linux-64bit.tar.gz
b7ecd27a0e3821868255898ef0ab47dfe0e5e371da6a58b0cbadd687e8dccca0  ./openshift-origin-client-tools-v3.6.1-008f2d5-mac.zip
2a970aec5709f572faa02e877ea33d68e23407e2ec6e39ddc3683077814f6031  ./openshift-origin-client-tools-v3.6.1-008f2d5-windows.zip
62a71b1d94abbf34936a021e56881db981634dcfed83bd8ab4052d19a31fd0d4  ./CHECKSUM