This is a feature development release leading up to v1.5.0. It is immediately prior to rebasing onto Kubernetes 1.5.

Changes

v1.5.0-alpha.1 (2017-01-24) Full Changelog

API

• image: Report creationTimestamp from the image in ImageStreamImage #12052
• build: Report failure reasons with the build #10817
• deployments: Respect the imagePullPolicy of the deployment when running lifecycle hooks #12080
• routes: Make insecureEdgeTerminationPolicy work with all types of secure routes #11953

Features

• cli: Support HTTP URLs in oc start-build --from-file #11811
• cli: Support go template and jsonpath output for oc process #12230
• cli: Support reading environment variables and parameters from files for new-app, new-build, and process #12164
• ipfailover: The failover daemon check and notify scripts can now be customized #11644
• newapp: Set env vars on oc new-app of template #12048
• router: Add option to use PROXY protocol #12271
• router: Allow route balancing algorithm to be configured and backend cookies to be disabled #11984
• security: Allow administrator to limit which users can invite others to join their projects to prevent abuse #11743
• web: Show environment variables coming from the builder image in the Environment tab #889
• web: Improve descriptions for quota scopes #887
• web: Show duration for completed pods #909
• web: Add link to check server connection to error page for api discovery #907
• web: Add ability to copy commands in CLI tools page #871
• web: Let users remove volumes #891
• web: Add volume name validation when attaching PVCs #920
• web: Display keys and paths when set for secret volumes #927
• web: Add in-context Jenkinsfile help #947
• web: Create new config maps and secrets when adding config files #950
• web: Show a "Start Pipeline" button on overview #958
• web: Improve display of secrets #963
• web: Let users define labels when creating routes #985
• web: Show build status message when it exists #989
• web: Support "Run on OpenShift" links #884
• web: Add build failure reasons to monitoring and overview pages #996
• web: Let users save logs #1040
• web: Improve the route form #1068

Bugs

• auth: Redirect to server root if login flow is started with no destination #11961
• builds: Fail new builds that can't start a build pod because it already exists #12057
• builds: Wait for first build to start before showing builds to reduce timeouts #12163
• cli: Add namespace selector field to cluster resource quota describe output #12292
• cli: Deleted secrets should be able to be unlinked from a service account #11868
• cli: Deprecate process -v/--value in favor of -p/--param #12001
• cli: Don't error on login if the user can't list projects #12008
• cli: Don't include display name when showing the "short" project name #12274
• cli: Ensure login, project, and discovery work against an RBAC-enabled Kubernetes cluster #11340
• cli: Ensure newer builds show up first in oc status #12179
• cli: Show ready pods next to deployments in oc status #11291
• cli: Suggest oadm drain instead of oadm manage-node drain #12226
• cluster: Ensure /sys/devices/virtual/net r/w for kubelet under oc cluster up #12138
• cluster: Tolerate docker attach races when starting a cluster #12223
• cluster: Use default cert dir for oc cluster up client if DOCKER_TLS_VERIFY is set #12035
• clusterquota: Reconcile deleted namespaces out of cluster quota status #12123
• deployments: Increase default Recreate deployment timeout to ten minutes #12259
• deployments: Reduce the number of times deployments are processed unnecessarily to improve performance #11805
• deployments: Wait for old pods to terminate before proceeding to Recreate #11917
• diagnostics: add shell prompt to commands in msgs #11295
• examples: Add advanced pipeline examples #12177
• images: Fix tag sorting according to semantic versioning rules #9600
• jenkins: Give Jenkins a longer livenessProbe delay to prevent it being killed prematurely #12134
• ldap: Compare object DN to structured baseDN #12105
• newapp: Appropriately warn/error on circular build dependencies #12104
• newapp: Don't print internal error when a docker registry is unreachable #12269
• newapp: Fix a bug with hidden image stream tags when no tag is specified #12185
• newapp: Hide image stream tags that have the "hidden" annotation #12100
• newapp: Support csproj files for identifying .NET Core projects #11896
• newapp: fix priority of Jenkinsfile, Dockerfile, source when strategy unspecified #11982
• registry: Ensure all download references are valid before allowing an image blob to be accessed #12182
• router: Allow router to bind ports only when ready #11768
• router: Minimize reloads performed during startup and filtering #12199
• sdn: Ensure that the correct node IP is reported, even if the order of NICs reported for the host changes #12107
• sdn: Fix a multiple-pointers-to-single-loop-variable bug in EgressNetworkPolicy #12045
• sdn: Validate if the openshift master is running with mutitenant network plugin #11880
• sdn: garbage-collect dead containers to recover IPAM leases #11964
• server: Provide a better initial seed for math/rand on server start #12200
• servicecerts: Regenerate service serving certs when configuration changes #12050
• web: Prevent filters from appearing twice on config maps page #913
• web: Add warning that BC has been deleted #916
• web: Don't show image name multiple times when reused in a template #921
• web: Link to image stream tags in the same namespace from the build config #922
• web: Don't show Start Build if build config no longer exists #923
• web: Better handling of metrics errors #930
• web: Show "Start Pipeline" instead of "Start Build" for pipeline strategy #938
• web: Change "View History" to "View Pipeline Runs" #940
• web: Show Jenkinsfile as the last field on the build config page #951
• web: Improve guidance when there are no pipelines to show #953
• web: Check permissions before showing editor pages #956
• web: Point to Jenkinsfile when no pipeline builds have run #957
• web: Disable the Create button when Configuration File field didn't pass the validation check #974
• web: Don't show hidden image stream tags in the catalog #975
• web: Show correct image stream name on deploy image #976
• web: Warn when Git URL is not an absolute URL #977
• web: Make console development mode build/run on an openshift cluster #961
• web: Fix URL validation in build config editor #980
• web: Adjust metrics display for pods #983
• web: Display Lifecycle hooks on the deployment config browse page #966
• web: If there is only 1 pod, navigate directly to it from the donut #999
• web: Adding learn more links to primary and secondary pages #998
• web: Show the container command and args in the detailed pod template #1000
• web: Creating from some template files was broken #1007
• web: Make "Show system roles" checkbox label clickable #965
• web: Label value validation was broken #1019
• web: Remove nesting limitation from json to yaml parsing #1020
• web: Preserve line breaks in project descriptions #1017
• web: Show CPU usage as cores rather than millicores #1022
• web: Show build reason consistently when the build is in any phase except Cancelled #1028
• web: Show large memory values in GiB on the overview #1025
• web: Fix next steps always redirecting to the overview #1033
• web: Don't show negative durations, they are always due to client clock skew #1034
• web: Fixes "wobble" or "jitter" of spinning .status-icons #1016
• web: Add learn more link to create storage page #1036
• web: Make deployment and build config pages more consistent #1032
• web: Show help about compute units #1027
• web: Prompt error message when create secret with invalid email #1030
• web: Improving display of s #1035
• web: Add link to deployment and dc from pod page #1041
• web: Don't show debug pod link for image pull errors #1047
• web: Improve service traffic table on mobile #1042
• web: Make tabs work with one tap on iOS #1050
• web: Show a slider to select service weights #1053
• web: Fix for overlapping tiles with long image names that aren't truncating #1058
• web: Improve Git URL error messages #1059
• web: Improve accessibility -> move ng-repeat to tr tags #1045
• web: Fix builds not showing up in builds table #1067
• web: Fix deployment spelling #1072

SHA256 Checksums

9ba0b123fe9792cdde76b0ed7f65cfc631f8db54942afb5eb6408c1d9935cc83  openshift-origin-client-tools-v1.5.0-alpha.1+71d3fa9-linux-32bit.tar.gz
a8ea8a13bfdfa113cd18d32ccc08d4cd9bc7b583d39921c8202570e4dba1f712  openshift-origin-client-tools-v1.5.0-alpha.1+71d3fa9-linux-64bit.tar.gz
1a4244cc8ebd28d17b55534baf96ed74a3f9d4bcbaf92dcb83f2513aa93f0e8a  openshift-origin-client-tools-v1.5.0-alpha.1+71d3fa9-mac.zip
b167afefa2adc7d8d2269bb70ba8b0be06e29f9d2607f617b0d7b82c2dd83405  openshift-origin-client-tools-v1.5.0-alpha.1+71d3fa9-windows.zip
ec05350dc06889dca456d70252e3cb969aa6ce7ac8b873c02fac453ffd5f815f  openshift-origin-server-v1.5.0-alpha.1+71d3fa9-linux-64bit.tar.gz

This is a patch release of OpenShift Origin.

Backwards Compatibility

• As a result of fixing #12606, any users who have logged in since upgrading to v1.4.0 will need to log in again and recreate their login information. Old user identity information from before the v1.4.0 upgrade will still exist in etcd and can be overwritten if necessary.

Changes

v1.4.1 (2017-01-24) Full Changelog

Bugs

• storage: Restore correct etcd pathsfor user identities and network egress policies #12606
• cluster: Ensure Windows systems can properly upload config files for oc cluster up #12634

Release SHA256 Checksums

51d57a891ec7f7ef8c5fca9eef99971a1caaa4e82892e1675f402724e1a9f6c6  openshift-origin-client-tools-v1.4.1-3f9807a-linux-32bit.tar.gz
c2ac117e85a968c4d16d5657a31dce0715dcbfa4ab4a7bc49e5c6fd7caffb7da  openshift-origin-client-tools-v1.4.1-3f9807a-linux-64bit.tar.gz
97668ef7d4312a1a7a45e447b735873766cb1d66342d3c3f6e9f7e613f89fae7  openshift-origin-client-tools-v1.4.1-3f9807a-mac.zip
922bc2318685c4ea3518e17099c17ad609529a744fc48231c226f4e1e76d3288  openshift-origin-client-tools-v1.4.1-3f9807a-windows.zip
8d60866685d1a692aea5037b7d4be0d26a1de4ad3baea5693eeee10a1dbc474b  openshift-origin-server-v1.4.1-3f9807a-linux-64bit.tar.gz

PLEASE UPGRADE to v1.4.1 instead of v1.4.0

A critical problem with v1.4.0 has been identified where user identity information is read from a different location in etcd compared to v1.3.x. Upgraded clusters will not correlated logged in users correctly. No data is lost, however any new users created on 1.4 will not be accessible after the fix is delivered in v1.4.1.

https://github.com/openshift/origin/pull/12606

---

This is the official release of OpenShift v1.4.0.

Changes

Features included in the 1.4 release

v1.4.0 (2017-01-18) Full Changelog

Component Updates

• Kubernetes
  • 35013: Extend list of known regions for AWS to include us-east-2 #12256
  • 36812: Some ScheduledJobs and Jobs were not created with unique enough names #12432
  • 39493: Prevent a panic from the kubelet when performing some volume type checks #12411
• Docker registry
  • 2140: Add 'ca-central-1' region for registry S3 storage driver #12470

Bugs

• Prevent a race condition where image pulls fail from the registry when a registry also has pull through enabled #12396
• Prevent the SDN from needlessly updating the node IP address if the order of IPs reported by the node changes #12388
• Ensure the volume attach/detach controller will not panic if it needs to report an error #12263

SHA256 Checksums

a9ec430c6a315a3adae6841d2e9e56fed6a6ffcc89708d8bbc469d4d56e5f070  openshift-origin-client-tools-v1.4.0-208f053-linux-32bit.tar.gz
99404b7b0bc4f6ee2f6af617872060343bd17b5b58bb44567afae5b93e20b000  openshift-origin-client-tools-v1.4.0-208f053-linux-64bit.tar.gz
8a9582410a5e24b6e317c34a6584a642f5bdaca36bba8bf9ef5ca61f1f1f27a7  openshift-origin-client-tools-v1.4.0-208f053-mac.zip
bc8b48bec09fd83397f76f27672af6fd9d02430193d7ef25267305b1d2ddcdb4  openshift-origin-client-tools-v1.4.0-208f053-windows.zip
8fc0813eeb789fd599005d30b9a36e671cefbe25c14cfb49ec524a8ef078db15  openshift-origin-server-v1.4.0-208f053-linux-64bit.tar.gz

This is the second alpha release of OpenShift Origin v1.5.0.

API Changes

• Images
  • dockerImageConfig and dockerImageManifest are no longer available via the ImageStreamTag and ImageStreamImage resources - they must be retrieved via the registry API #12004
• Policy
  • Label selectors were not honored when LISTing clusterroles #12461

Component updates

• Updated to Kubernetes 1.5.2 + patches
  • 32000: Update node status instead of node in kubelet #10790
• Docker registry
  • 2140: Add 'ca-central-1' region for registry S3 storage driver #12451

Features

Roadmap for the v1.5 release

v1.5.0-alpha.2 (2017-01-18) Full Changelog

Improvements to oc cluster up

oc cluster up now allows HTTP proxies to be configured on the started cluster for environments which require them, and will now also create a set of persistent volumes by default for use with applications to make it easier to test those that have stateful storage.

• cluster: Support HTTP and HTTPS proxies via environment variables when running oc cluster up #12483
• cluster: Add persistent volumes on startup #12456

Web console improvements

All web console changes

• Improve suggested Jenkinsfile examples for readability and clarity #1074
• Making placement of actions menu consistent across pages #1130
• Display custom metrics for pods if they are available. #1109
• Create storage form improvements #1133
• Allow editing of build hooks on build configuration page #680
• Add StatefulSets browse page #1088
• Show post commit hooks for builds and build configs #1139

Bugs

• admin: The manage-node command should avoid unnecessary conflicts by using PATCH to mark nodes unschedulable #12486
• cli: Only set the TERM variable if oc rsh is running /bin/sh #12386
• cli: Policy commands should print information about what was changed #12324
• console: Truncate long event messages to 1000 characters #1082
• console: Use metadata.name as secondary sort for projects #1081
• console: Let users specify HTTPS when editing health checks #1087
• console: Fix editing existing commands #1089
• console: Fix duplicate build messages on overview #1092
• console: Fix bug displaying read-only build config env vars #1107
• console: Respect limit ranges on create storage page #1134
• console: Prevent mobile table td collapsing issue Fixes https://github.com/openshift/origin-web-console/issues/1128 #1131
• console: Collapse pending pipelines on overview #1126
• egress: The egress router should not set a route if the gateway and destination addresses are the same #12460
• ipfailover: User check script should override default check script #12509
• newapp: Add golang source detector for new-app #12485
• newapp: Support passing environment variables to the build via oc new-app #12455
• performance: Switch image quota to shared informers #12088
• router: Add more information to the HAProxy 503 page to assist new users #12409
• servingcerts: Add service UID as x509 extension to service server certs #12413

Release SHA256 Checksums

3f37994961214dfb2750014439dc43049e1a84d6c94c182ea0e8417d79921cd5  openshift-origin-client-tools-v1.5.0-alpha.2-e4b43ee-linux-32bit.tar.gz
d87d37da3be54035f5ca88a0529e830884922f2b9629f677b249cb5dd92d9dba  openshift-origin-client-tools-v1.5.0-alpha.2-e4b43ee-linux-64bit.tar.gz
875a73563d4a9332a2ae4767c5840e73d3ec3145daf668a01c7e8f245058ddef  openshift-origin-client-tools-v1.5.0-alpha.2-e4b43ee-mac.zip
c825916e8277693b2c4fc3bfd7d238e2993fb1879160a2a7172b2e9ada52ecda  openshift-origin-client-tools-v1.5.0-alpha.2-e4b43ee-windows.zip
2cc31e72c662efa310b13d19febe9ac1a159280b584d24105af2abd5d419f5f6  openshift-origin-server-v1.5.0-alpha.2-e4b43ee-linux-64bit.tar.gz

This is a security patch release to OpenShift Origin v1.3.x.

Bugs

v1.3.3 (2017-01-18) Full Changelog

• registry: Verify permissions for linked layers correctly on images that are accessed via pull through #12307

Release SHA256 Checksums

8a4cc493e25ad201803c8da9dcc2d616ab8c26ab9b9db283911a65d74619d86f  openshift-origin-client-tools-v1.3.3-bc17c1527938fa03b719e1a117d584442e3727b8-linux-32bit.tar.gz
fba51a21b8894ba0cf00c99e3ab71be06ff4b48094e38429614e332c8a7c70c6  openshift-origin-client-tools-v1.3.3-bc17c1527938fa03b719e1a117d584442e3727b8-linux-64bit.tar.gz
5c0004b328ae647bf0108f5d3dcdc69b29c515f54af845ea71cefb4a1aa60c7a  openshift-origin-client-tools-v1.3.3-bc17c1527938fa03b719e1a117d584442e3727b8-mac.zip
3ec3f82344807c0e6d6a24c048367d205d1d3629345322045451eb2b28b4eda8  openshift-origin-client-tools-v1.3.3-bc17c1527938fa03b719e1a117d584442e3727b8-windows.zip
b17162f9b6014b526b905575cea02ae8816013ace46b094bf4cee581b51dfd31  openshift-origin-server-v1.3.3-bc17c1527938fa03b719e1a117d584442e3727b8-linux-64bit.tar.gz

This is a patch release to Origin v1.3.x containing stability and security fixes.

Bugs

v1.3.2 (2016-12-12) Full Changelog

• Fix AWS attach / detach logic for volumes #12024
• Cluster resource quotas were not properly recording their status, leading to inaccurate quota info #12067

Release SHA256 Checksums

321789dca301a45aef8643ff62a9622601946af5ee2504986314da8373368d0c  openshift-origin-client-tools-v1.3.2-ac1d579-mac.zip
ed6c77bd870bb70a474a435b74475090e0b1d17f837e4156b442a1176d634e6d  openshift-origin-client-tools-v1.3.2-ac1d579-linux-32bit.tar.gz
73f175a5aba04aaca3f873ca24631f246931dc5d9904d50bc4a7153988d121b1  openshift-origin-client-tools-v1.3.2-ac1d579-linux-64bit.tar.gz
d80e290db8e17a2e319bdf2aa4717d5fc3d57d8ebf0959dd17025de6b9c78261  openshift-origin-client-tools-v1.3.2-ac1d579-windows.zip
a1049820c3cca7ffaf7fe1e8b7913eddea09ae705b4e8e8f42072abeb46085de  openshift-origin-image-v1.3.2-ac1d579-linux-64bit.tar.gz
d84852af7cc8c2de21b566286667c7850415d23f1d007e612c73c04f276c8bc4  openshift-origin-server-v1.3.2-ac1d579-linux-64bit.tar.gz

This is the first release candidate for OpenShift Origin v1.4.0.

Features

Release roadmap v1.4.0-rc1 (2016-11-19) Full Changelog

Release SHA256 Checksums

71b854fdc5e80f97afa8e20c4f138eff3dc8c3acb4a8dae6c6bac14fa93270ef  openshift-origin-client-tools-v1.4.0-rc1.b4e0954-linux-32bit.tar.gz
8b51c0c3db20101740590075a63540fefe7a4f797fdb832974c6f61bac8bd901  openshift-origin-client-tools-v1.4.0-rc1.b4e0954-linux-64bit.tar.gz
f59ffa513316e050746afdc79b59ebffcdf6d95996b44269f64e2e6cad3f352c  openshift-origin-client-tools-v1.4.0-rc1.b4e0954-mac.zip
4c0f109a2229a5927d9333cc0bf523dc11c5848d51aa799f5934822193bbc690  openshift-origin-client-tools-v1.4.0-rc1.b4e0954-windows.zip
574185a6a19bb0ef02dd15d6c6aac1e08d89106725bcd39d8fa85297fe7c8528  openshift-origin-server-v1.4.0-rc1.b4e0954-linux-64bit.tar.gz

This is the first alpha release for OpenShift v1.5.0.

Features

Release roadmap v1.5.0-alpha.0 (2016-11-19) Full Changelog

Release SHA256 Checksum

8d1559c5f1b6b33a45d2c0e81e7d0d4389a2a4f6ebf825c029d5c1c434ceb6f3  openshift-origin-client-tools-v1.5.0-alpha.0+3b2bbe5-linux-32bit.tar.gz
1c45409e742e67466fca0b66eed98f4e5672acbcdb11817b5014f1f7830ed463  openshift-origin-client-tools-v1.5.0-alpha.0+3b2bbe5-linux-64bit.tar.gz
de65010e78e11f43ca422dc25dbe9e2f9613ef4ccdaaaefc6572262635f4146c  openshift-origin-client-tools-v1.5.0-alpha.0+3b2bbe5-mac.zip
bd100144ec2ef6c6fa46544ada421b2ee89a6363f494b32525a9b8eecfecc278  openshift-origin-client-tools-v1.5.0-alpha.0+3b2bbe5-windows.zip
0585066a9fe5a9240b119d83b6585558a7de02a59bee81db5ece581a78abf833  openshift-origin-server-v1.5.0-alpha.0+3b2bbe5-linux-64bit.tar.gz

This is the final alpha for Origin 1.4.

Backwards Compatibility

Features

Release roadmap v1.4.0-alpha.1 (2016-11-03) Full Changelog

API Changes and backwards compatibility notes

• PATCH is allowed in CORS requests #11700
• Authorization checks like SubjectAccessReview may now be performed on non-existent namespaces #11321
• Webhooks that are in error now return a JSON status body with their response with extended information about the failure #11077
• The permissions required to proxy a node have changed #11228
• Deployment behavior with automatic=false has changed in 1.4 #11223
• Remove updatePercent from deployments #11090
• The CLI has removed support for passing comma-separated template parameters through --param/--value - the flag must be specified multiple times to pass multiple parameters #11539

Upstream

Update Kubernetes to v1.4.0 + patches

• 1.4.x Cherry picks #11709
• 35285: Remove stale volumes if endpoint/svc creation fails. #11722
• 35082: Wait for all pods to be running before checking PDB status #11714
• 33014: Report the image digest in pod status when available #11674
• 34434: Print valid json/yaml output in kubectl set image #11664
• 34298: Fix potential panic in namespace controller #11632
• 30836: Fix dynamic provisioning for vSphere #11598
• 35608: Update PodAntiAffinity to ignore calls to subresources #11578
• 34997: Fix kube vsphere.kerneltime #11574
• 35420: Remove Job also from .status.active for Replace strategy #11523
• 32593: Audit test fails to take into account timezone #11505
• 31607: Add kubectl describe storageclass #11481
• 30145: Add PVC storage to Limit Range #11396
• 32084: Do not allow creation of GCE PDs in unmanaged zones #11369
• 32077: Do not report warning event when an unknown provisioner is requested #11368
• 32662: Change the default volume type of GlusterFS provisioner #11367
• 35206: Update default run func for cmds containing sub-commands #11362
• 27714: Send recycle events from pod to pv. #11259
• 34763: Log warning on invalid --output-version #11239
• 34028: Add --dry-run option to kubectl create sub-commands #11238
• 33958: Add global timeout flag #11104
• 34010: Match GroupVersionKind against specific version #11286
• 34020: Allow empty annotation values #11210
• 33464: Fix cache expiration check #11088
• 33319: Add nodeport option when creating NodePort service #11059

Features

• sysctl support in runtime and via SecurityConstraintContexts #11195
• Rules review endpoint for other users #11172
• SCC check API: REST #11075
• Support non-string template parameter substitution #11421
• Enable jenkins autoprovisioning #11065
• Fix OAuth redirect ref in Jenkins service account #11681
• F5 should be able to integrate into the openshift-sdn directly #11181
• Provide vxlan integration options to the router cmd line #11677
• Fix a problem with F5 node watches #11742
• Verify all certificates used by the router #11218
• Change router to use a certificate list/map file for stronger validation of user certificates #11217
• Allow wildcards to be supported in routers #11550
• Allow compression to optionally be enabled for all routes #11469
• Convert openshift-sdn to a CNI plugin #11082
• network: Fix join/isolate project network under CNI #11679
• sdn: miscellaneous fixes after the CNI merge #11613
• network: fix single-tenant pod setup and leave docker0 around #11588
• Make rollout and rollback more in line with upstream Kubernetes in the CLI #11655
• oc: add -o revision in rollout latest #11357
• oc: deprecate 'deploy --latest' in favor of 'rollout latest --again' #11287
• Convey conditions about deployments, replication controllers, deployment configs, and replica sets on the API objects for better user comprehension of problems #11214
• deploy: Set condition reason correctly for new RCs #11609
• deploy: add conditions when creating replication controllers #11412
• Add Ceph RBD and Gluster provisioners #11460
• Support specifying StorageClass while creating volumes with oc set volume #11451
• Add 'oc set resources' #11384
• Admins can now default build pod annotations and node selectors #11380
• Add option to install logging components to oc cluster up #11343
• Add oc cluster status for helpful info about a recent cluster #11171
• Add option to oc whoami to print the server url #11180
• Switch nodes to enable pods-per-core as the primary constraint, and increase max pods #11174

Console Features

Managing project membership

An important feature for people that want to collaborate within the same projects, the new membership management interface lets you add and remove roles to users, groups, and service accounts within your project.

Project administrators have access to view and modify the project’s membership. Membership management is the only difference between an admin and an editor in the default OpenShift roles. Cluster administrators can add a description to any role to provide extra information for end users about what that role actually allows.

Creating and Adding Secrets for Build and Deployment Configurations

Prior to 1.4 it was very difficult to set up a build against a private git repository from the web console. Previously you had to Import YAML/JSON to create your secret and then edit your build’s YAML to make it use that secret.

Now you can expand the advanced build options, create a user/password or SSH key based secret and tell the build to use that when cloning your source. Already have your secret created in that project? You can pick any of your existing ones too.

While we were making private git repository connections easier to set up, we figured we should improve setting up push and pull against private image registries as well. The build configuration editor lets you set up a push or pull secret in case the image you are building from or the image stream you are pushing to is on a secure registry. Similarly the new deployment configuration editor allows you to specify a pull secret.

Editor for deployment configuration strategy, hooks, and secrets

We’ve had a GUI editor for build configurations for a few releases now, but now we’ve added one for deployment configurations too. From the new editor you can:

• Switch your deployment strategy
• Tweak advanced deployment settings like the maximum number of pods that can be unavailable during - the deployment
• Add, edit, or remove deployment lifecycle hooks
• Change the image being deployed
• Set a pull secret for the registry your image is being pulled from
• Add, edit, or remove environment variables for the pods that will be deployed

Many of the existing editing actions we supported still exist as separate actions, such as editing health checks, or configuring different resource limits. If you want to make a number of changes without triggering a deployment for each change, you can now Pause your deployment, make all the changes you want, and then Resume it. Pausing will prevent any deployment from happening no matter whether it was automatically or manually triggered.

Organization of Add to Project Catalog / Customizable Categories

Our existing “Add to Project” catalog could become quite cluttered when dealing with builder images with many versions, or lots of templates with slight differences. In the past we had focused on minimizing the number of clicks to getting you to something running, but now we’ve focused on helping you find what you are actually looking for. The main catalog page now only contains high level categories “Languages” and “Technologies” and underneath those are sub-categories, such as “Java” or “Data Stores”. Diving into one of those you’ll find re-designed tiles for builder images and templates. Different versions of the same builder image now all roll-up to the same tile with the semantically latest version automatically selected. We have also taken a hard look at all of our out of the box images and templates and focused on providing better display names, descriptions, and categorization.

Don’t like our categories? Now you can customize the categories and subcategories as much as you want.

Filtering and Sorting the Project List

We have a class of users for OpenShift that manage many projects on behalf of a larger set of developers. To make things easier for people with a large number of projects, the project list now has a text filter on name, display name, description, and project creator. It also allows sorting on several of these attributes.

Quota Warnings

User working within quota constraints had a hard time before knowing when they had run out of quota unless they went to check the Quota page. We wanted to add some checks for the most common scenarios where we people have problems with quota. You’ll now get quota warnings:

• On the overview - this is a generic warning if anything in your quota is at its limit
• On the overview pod count visualizations - when we think you are unable to reach your scale target due to quota
• If you try to create something and we know you are out of quota for that resource
• If you try to create something and we think it will cause you to exceed quota for a resource

Bookmarkable Page States

Sometimes the little things can make all the difference. Have you been annoyed that you couldn’t send someone straight to the log tab for a pod? Now you can! Tab selection, label filters, and several other options that change page state are now persisted to the URL throughout the console. You can bookmark and share with others.

Support for new and beta Kubernetes features

Create storage using storage classes

• If your cluster admin sets up storage classes, then they will be available for you to pick from in the “Create Storage” page.

Deployments and ReplicaSets

• Will fit in seamlessly on the overview alongside your existing Deployment Configurations
• Will appear on the Applications -> Deployments page
• Support many of the actions we already supported for Deployment Configurations (excluding the new editor)

Roll-up of PetSet pods on the Overview

• A PetSet’s pods will roll up into a single card with a pod count visualization like the other controllers
• You’ll be able to see metrics on the overview for the pods in the petset

Bugs

• admin: Allow oadm prune * to work against a single namespace #11249
• admin: Make node evacuate command aware of replica set and daemon set #11284
• audit: Switch to use upstream audit handler #11192
• auth: Use custom transport for GitLab OAuth communication #11693
• bootstrap: Add additional warning for oc cluster up not being able to access port 8443 #11597
• bootstrap: Bind socat to 127.0.0.1 when using it on OS X #11139
• bootstrap: Display warning instead of error if ports 80/443 in use #11600
• bootstrap: Do not re-initialize a cluster that already has been initialized #11146
• bootstrap: Lack of IPv6 should not prevent oc cluster up from starting a container #11219
• bootstrap: Remove temporary files when creating a new cluster #11157
• builds: Allow labels to be set when building images #11209
• builds: Delete temporary secret data as soon as possible in builds #11116
• builds: If the input image cannot be found, immediately fail the build #11398
• cli: Add bash completion for pod name to oc exec #11329
• cli: Clean up command descriptions (1/2) #11608
• cli: Clean up command descriptions (2/2) #11684
• cli: Ensure volumes worked correctly when used with oc apply and strategic merge patches #11062
• cli: Improve oc start-build --follow to behave more predictably #11119
• cli: Improve exec and attach error messages #11549
• cli: Improve export for deployment configs #11529
• cli: Improve oc help global options hint #11703
• cli: Set the BASIC or SSH secret type with oc secrets new-* #11222
• cli: Support for the --local flag in set deployment-hooks #11395
• cli: Update short description for rollout #11657
• cli: Validate inputs to 'oc run' for better user feedback #11635
• cli: oadm manage-node --list-pods should return a single list of pods for scripting #11216
• cli: oc env should be able to return a list of items post-mutation #11379
• cli: oc login must ignore some SSL cert errors when --insecure #11145
• cli: oc project should work against a Kubernetes server directly #11120
• cli: fix oc whoami --show-server output #11697
• cloud: Initialize cloud provider in node #11620
• cloud: Make service controller startup failure non-fatal on unsupported platforms #11648
• deploy: Correct updating lastTransitionTime in deployment conditions #11665
• deploy: Default maxSurge/maxUnavailable separately #11678
• deploy: Make deployment triggers more performant with lower latency by avoiding unnecessary work #11501
• deploy: When instantiating a deployment, ensure it doesn't error if no changes occurred #11500
• diagnostics: Test more pod to pod connectivity test combinations #11717
• doc: Improved API docs for role bindings API #11344
• doc: oc cluster up doc update #11624
• extended: deployment with multiple containers using a single ICT #11221
• extended: move deployment fixtures in separate directory #11212
• images: Add the Jenkins v2 imagestreams to the default list #11360
• images: Adds display name to image streams, updates PostgreSQL link #11619
• images: Ensure multi-segment image names are properly handled on image import and tagging #11173
• images: Improve out-of-the-box template and image stream metadata #11540
• ipfailover: Allow the iptables chain that will accept multicast connections to be configured #11327
• jenkins: Autoprovisioning is re-enabled #11543
• network: Ensure that veth TX queue length is always set to non-zero to enable QoS #11126
• network: Fix EgressNetworkPolicy match-all-IPs special case #11673
• network: Fix creation of macvlan interfaces #11663
• network: Release subnet leases upon hostsubnet delete #11628
• newapp: Improve oc new-app output for better readability #11220
• newapp: Validate non-numeric EXPOSE directive when strategy wasn't specified #11687
• newapp: oc new-app --search should not require docker hub access #11436
• perf: Improve reliability dockercfg secret creation by using shared caches #11394
• perf: Use a cache of layer sizes to reduce stats calls in the registry #11558
• perf: Use service account informer in podsecuritypolicyreview #11612
• projects: Log project request failures #11226
• projects: Only pay attention to origin types in project lifecycle admission #11627
• quota: ClusterResourceQuota was reporting incorrect values #11595
• reliability: Enable PodDistruptionBudget #11187
• router: Allow http for edge teminated routes with wildcard policy. #11760
• security: Control who can set the owner ref field on objects #11397
• security: Restrict who can use custom builds by default #11411
• security: Test x509 intermediates correctly #11307
• server: Require TLS 1.2 by default for clients #11495
• server: Warn if no login IDPs have been configured #11235
• volumes: Allow pv controller to recycle pvs, watch recycler pod events #11731
• volumes: Ensure meta info is loaded before removing a PV #11737

Release SHA256 Checksums

3001b9b00861567c9fbef99766e5a9af729477fae93c392818ad3fab6d4713dd  openshift-origin-client-tools-v1.4.0-alpha.1+f189ede-linux-32bit.tar.gz
59a59c21cf7631cf4f32a38eb96d661e73b0fa08c4d996735f5e339911731d8f  openshift-origin-client-tools-v1.4.0-alpha.1.f189ede-linux-64bit.tar.gz
00741baa06b62b40153472b25992a4f9a12b5f2a97ad72430bcab36177898145  openshift-origin-client-tools-v1.4.0-alpha.1.f189ede-mac.zip
92a7da5bcd7f9f095bd053a6e28a140f84f0301b452ec62b568cd5c0e8ddb254  openshift-origin-client-tools-v1.4.0-alpha.1.f189ede-windows.zip
229bd998bcb22871a0c2b0cc6ae5688324d79ed998cff922df5f73c35ca06861  openshift-origin-server-v1.4.0-alpha.1.f189ede-linux-64bit.tar.gz

This is a patch release to Origin v1.2.x containing a security related fix. All users are recommended to upgrade to v1.2.2 who are on v1.2.x.

Bugs

v1.2.2 (2016-08-18) Full Changelog

• Intermediate CA certificates were being improperly checked for authorization (CVE-2016-7075) #11413

Release SHA256 Checksums

4b2321ffe2dc2ca74651532b77fa1ebca9865de173790aedcdd0ecad2831d4a1  openshift-origin-client-tools-v1.2.2-565691c-linux-32bit.tar.gz
d957b439a9194ccf01c48973449b84495649fadecc00c34a49ca6fd38b6c96a0  openshift-origin-client-tools-v1.2.2-565691c-linux-64bit.tar.gz
f06415c6ca879a500441225c8c353cabe2f2d668fc71588263e2b1673f4447fc  openshift-origin-client-tools-v1.2.2-565691c-mac.zip
feb64928d83ab542b3d5b164f3d5784bfdaf570ea5093721a8489b1575bc0d87  openshift-origin-client-tools-v1.2.2-565691c-windows.zip
f431fcf03a6ae9aa9a6800f00050e571481ee71fe0821dea1ca405d1e5b4f76a  openshift-origin-server-v1.2.2-565691c-linux-64bit.tar.gz