# 4.12.0-0.okd-2023-02-18-033438

Created: 2023-02-18 09:44:44 +0000 UTC

Image Digest: `sha256:fd08a1dae13a434729451cdb6edd969714a4329904e8d27eb45d94e96021dff4`

Promoted from registry.ci.openshift.org/origin/release:4.12.0-0.okd-2023-02-18-033438


## Changes from 4.12.0-0.okd-2023-02-04-212953

### Components

* Kubernetes 1.25.4
* Fedora CoreOS upgraded from 37.20230110.3 to 37.20230122.3


### [baremetal-installer, installer, installer-artifacts, ovirt-installer](https://github.com/openshift/installer/tree/b8d83ea70540362ec041b21bc150ed984c1d7467)

* [OCPBUGS-6991](https://issues.redhat.com/browse/OCPBUGS-6991): Don't require vSphere details for agent installer [#6826](https://github.com/openshift/installer/pull/6826)
* [OCPBUGS-6807](https://issues.redhat.com/browse/OCPBUGS-6807): Check platform baremetal settings against default values [#6815](https://github.com/openshift/installer/pull/6815)
* [OCPBUGS-7103](https://issues.redhat.com/browse/OCPBUGS-7103): Set the configured proxy settings for agent installer [#6830](https://github.com/openshift/installer/pull/6830)
* [OCPBUGS-7131](https://issues.redhat.com/browse/OCPBUGS-7131): bootstrap: set 0644 mode for registries.conf [#6804](https://github.com/openshift/installer/pull/6804)
* [Full changelog](https://github.com/openshift/installer/compare/3ba140f2142ec633dcf7e3894fadc652e1fd4fa4...b8d83ea70540362ec041b21bc150ed984c1d7467)


### [cluster-capi-controllers](https://github.com/openshift/cluster-api/tree/)

* [OCPCLOUD-3291](https://issues.redhat.com/browse/OCPCLOUD-3291): Merge https://github.com/kubernetes-sigs/cluster-api:v1.12.4 (8c01d2f5) into master [#255](https://github.com/openshift/cluster-api/pull/255)
* [OCPCLOUD-3320](https://issues.redhat.com/browse/OCPCLOUD-3320): Fix continuous reconciliation of cluster-api manifests [#269](https://github.com/openshift/cluster-api/pull/269)
* [OCPBUGS-73976](https://issues.redhat.com/browse/OCPBUGS-73976): Updating ose-cluster-api-container image to be consistent with ART for 4.22 [#262](https://github.com/openshift/cluster-api/pull/262)
* [OCPCLOUD-3320](https://issues.redhat.com/browse/OCPCLOUD-3320): Use new manifests-gen [#259](https://github.com/openshift/cluster-api/pull/259)
* [OCPBUGS-74426](https://issues.redhat.com/browse/OCPBUGS-74426): CAPI IPAM CRDs override storage version to v1beta1 [#263](https://github.com/openshift/cluster-api/pull/263)
* NO-JIRA: UPSTREAM: <carry>: Add manifests verify target [#261](https://github.com/openshift/cluster-api/pull/261)
* [OCPBUGS-69810](https://issues.redhat.com/browse/OCPBUGS-69810): Updating ose-cluster-api-container image to be consistent with ART for 4.22 [#258](https://github.com/openshift/cluster-api/pull/258)
* [OCPBUGS-69434](https://issues.redhat.com/browse/OCPBUGS-69434): openshift: CAPI IPAM TechPreviewNoUpgrade: set webhooks failurepolicy: Ignore [#256](https://github.com/openshift/cluster-api/pull/256)
* [OCPBUGS-66948](https://issues.redhat.com/browse/OCPBUGS-66948): Pin IPAM CRDs to release-4.20 [#253](https://github.com/openshift/cluster-api/pull/253)
* [OCPCLOUD-3104](https://issues.redhat.com/browse/OCPCLOUD-3104): Merge https://github.com/kubernetes-sigs/cluster-api:v1.11.3 (7b1cf36) into master [#243](https://github.com/openshift/cluster-api/pull/243)
* NO-JIRA: openshift: rename manager binary [#252](https://github.com/openshift/cluster-api/pull/252)
* [OCPBUGS-62579](https://issues.redhat.com/browse/OCPBUGS-62579): Updating ose-cluster-api-container image to be consistent with ART for 4.21 [#249](https://github.com/openshift/cluster-api/pull/249)
* NO-JIRA: Update OWNERS [#246](https://github.com/openshift/cluster-api/pull/246)
* [OCPBUGS-57605](https://issues.redhat.com/browse/OCPBUGS-57605): Updating ose-cluster-api-container image to be consistent with ART for 4.20 [#242](https://github.com/openshift/cluster-api/pull/242)
* NO-JIRA: Update OWNERS [#244](https://github.com/openshift/cluster-api/pull/244)
* NO-JIRA: Merge https://github.com/kubernetes-sigs/cluster-api:v1.10.2 (5255664) into master [#240](https://github.com/openshift/cluster-api/pull/240)
* [OCPCLOUD-2917](https://issues.redhat.com/browse/OCPCLOUD-2917): Merge https://github.com/kubernetes-sigs/cluster-api:v1.10.1 (647a1b7) into master [#238](https://github.com/openshift/cluster-api/pull/238)
* [OCPBUGS-55947](https://issues.redhat.com/browse/OCPBUGS-55947): Regenerate manifests to drop v1beta1 admissionregistration usage [#236](https://github.com/openshift/cluster-api/pull/236)
* [OCPCLOUD-2860](https://issues.redhat.com/browse/OCPCLOUD-2860): Enable propagation of Machine annotations to Nodes [#233](https://github.com/openshift/cluster-api/pull/233)
* [OCPCLOUD-2680](https://issues.redhat.com/browse/OCPCLOUD-2680): Enable machine to node propagation [#229](https://github.com/openshift/cluster-api/pull/229)
* NO-JIRA: Update manifests generator tooling [#232](https://github.com/openshift/cluster-api/pull/232)
* [OCPCLOUD-2680](https://issues.redhat.com/browse/OCPCLOUD-2680): Merge https://github.com/kubernetes-sigs/cluster-api:v1.9.5 (068c0f3) into master [#231](https://github.com/openshift/cluster-api/pull/231)
* [OCPCLOUD-2857](https://issues.redhat.com/browse/OCPCLOUD-2857): Merge https://github.com/kubernetes-sigs/cluster-api:v1.9.4 (79e6731) into master [#230](https://github.com/openshift/cluster-api/pull/230)
* [OCPBUGS-45428](https://issues.redhat.com/browse/OCPBUGS-45428): Updating ose-cluster-api-container image to be consistent with ART for 4.19 [#228](https://github.com/openshift/cluster-api/pull/228)
* [OCPCLOUD-2742](https://issues.redhat.com/browse/OCPCLOUD-2742): Merge https://github.com/kubernetes-sigs/cluster-api:v1.8.4 into master [#225](https://github.com/openshift/cluster-api/pull/225)
* [OCPCLOUD-2703](https://issues.redhat.com/browse/OCPCLOUD-2703): OWNERS: update subcomponent [#223](https://github.com/openshift/cluster-api/pull/223)
* [OCPBUGS-39516](https://issues.redhat.com/browse/OCPBUGS-39516): Updating ose-cluster-api-container image to be consistent with ART for 4.18 [#222](https://github.com/openshift/cluster-api/pull/222)
* NO-JIRA: Update OWNERS [#211](https://github.com/openshift/cluster-api/pull/211)
* [OCPCLOUD-2625](https://issues.redhat.com/browse/OCPCLOUD-2625): Merge https://github.com/kubernetes-sigs/cluster-api:v1.7.2 (a5898a2) into master [#210](https://github.com/openshift/cluster-api/pull/210)
* [OCPBUGS-34133](https://issues.redhat.com/browse/OCPBUGS-34133): Updating ose-cluster-api-container image to be consistent with ART for 4.17 [#208](https://github.com/openshift/cluster-api/pull/208)
* [OCPBUGS-33170](https://issues.redhat.com/browse/OCPBUGS-33170): All containers must fallback to logs on error [#207](https://github.com/openshift/cluster-api/pull/207)
* [OCPBUGS-30480](https://issues.redhat.com/browse/OCPBUGS-30480): Merge https://github.com/kubernetes-sigs/cluster-api:v1.6.4 (36c0e55) into master [#203](https://github.com/openshift/cluster-api/pull/203)
* NO-JIRA: Merge https://github.com/kubernetes-sigs/cluster-api:v1.6.2 (da795db) into master [#199](https://github.com/openshift/cluster-api/pull/199)
* [OCPBUGS-30586](https://issues.redhat.com/browse/OCPBUGS-30586): fix e2e tests on release branches [#200](https://github.com/openshift/cluster-api/pull/200)
* [OCPCLOUD-2517](https://issues.redhat.com/browse/OCPCLOUD-2517): openshift: promote core CAPI IPAM CRDs to GA [#197](https://github.com/openshift/cluster-api/pull/197)
* [OCPBUGS-29519](https://issues.redhat.com/browse/OCPBUGS-29519): openshift: add CustomNoUpgrade annotation value to feature-set [#196](https://github.com/openshift/cluster-api/pull/196)
* [OCPBUGS-29476](https://issues.redhat.com/browse/OCPBUGS-29476): openshift: generate separate manifest for core CAPI CRDs [#195](https://github.com/openshift/cluster-api/pull/195)
* [OCPBUGS-26111](https://issues.redhat.com/browse/OCPBUGS-26111): add snyk file [#194](https://github.com/openshift/cluster-api/pull/194)
* [OCPCLOUD-2449](https://issues.redhat.com/browse/OCPCLOUD-2449): Merge https://github.com/kubernetes-sigs/cluster-api:v1.6.0 (14efefe) into master [#192](https://github.com/openshift/cluster-api/pull/192)
* NO-JIRA: e2e: add openstack testing script [#193](https://github.com/openshift/cluster-api/pull/193)
* [OCPBUGS-25586](https://issues.redhat.com/browse/OCPBUGS-25586): Updating ose-cluster-api-container image to be consistent with ART [#191](https://github.com/openshift/cluster-api/pull/191)
* [OCPBUGS-25000](https://issues.redhat.com/browse/OCPBUGS-25000): Updating ose-cluster-api-container image to be consistent with ART [#190](https://github.com/openshift/cluster-api/pull/190)
* [OCPCLOUD-2255](https://issues.redhat.com/browse/OCPCLOUD-2255): Update manifests-gen tool [#189](https://github.com/openshift/cluster-api/pull/189)
* [OCPCLOUD-2257](https://issues.redhat.com/browse/OCPCLOUD-2257): Use manifests generation tool from provider repo [#179](https://github.com/openshift/cluster-api/pull/179)
* Update OWNERS [#183](https://github.com/openshift/cluster-api/pull/183)
* [OCPBUGS-21645](https://issues.redhat.com/browse/OCPBUGS-21645): Bump golang.org/x/net to v0.17.0 [#182](https://github.com/openshift/cluster-api/pull/182)
* [OCPBUGS-17286](https://issues.redhat.com/browse/OCPBUGS-17286), [OCPCLOUD-2222](https://issues.redhat.com/browse/OCPCLOUD-2222): Merge https://github.com/kubernetes-sigs/cluster-api:v1.5.2 (3290c5a) into master [#181](https://github.com/openshift/cluster-api/pull/181)
* [OCPBUGS-19109](https://issues.redhat.com/browse/OCPBUGS-19109): Updating ose-cluster-api images to be consistent with ART [#180](https://github.com/openshift/cluster-api/pull/180)
* [OCPBUGS-6354](https://issues.redhat.com/browse/OCPBUGS-6354), [OCPBUGS-6372](https://issues.redhat.com/browse/OCPBUGS-6372): Merge https://github.com/kubernetes-sigs/cluster-api:v1.4.2 (7b92ce4) into master [#175](https://github.com/openshift/cluster-api/pull/175)
* Make openshift/e2e-tests.sh executable [#178](https://github.com/openshift/cluster-api/pull/178)
* [OCPCLOUD-2121](https://issues.redhat.com/browse/OCPCLOUD-2121): Add openshift/e2e-tests for CAPI E2E testing [#177](https://github.com/openshift/cluster-api/pull/177)
* Updating ose-cluster-api images to be consistent with ART [#174](https://github.com/openshift/cluster-api/pull/174)
* Updating ose-cluster-api images to be consistent with ART [#170](https://github.com/openshift/cluster-api/pull/170)
* Add enxebre approvers [#171](https://github.com/openshift/cluster-api/pull/171)
* Merge https://github.com/kubernetes-sigs/cluster-api:release-1.3 (eb18352) into master [#167](https://github.com/openshift/cluster-api/pull/167)
* Sync OWNERS file [#168](https://github.com/openshift/cluster-api/pull/168)
* Updating ose-cluster-api images to be consistent with ART [#165](https://github.com/openshift/cluster-api/pull/165)
* Merge https://github.com/kubernetes-sigs/cluster-api:main into master [#163](https://github.com/openshift/cluster-api/pull/163)
* UPSTREAM: <carry>: bump build root image to golang-1.19 [#164](https://github.com/openshift/cluster-api/pull/164)
* [Full changelog](https://github.com/openshift/cluster-api/compare/f9c215c4f298710ccf76676395465685b5d15268...)


### [cluster-dns-operator](https://github.com/openshift/cluster-dns-operator/tree/)

* [OCPBUGS-78085](https://issues.redhat.com/browse/OCPBUGS-78085): Fix dual-stack service update by preserving IP families [#467](https://github.com/openshift/cluster-dns-operator/pull/467)
* [NE-2500](https://issues.redhat.com/browse/NE-2500): Added network policies for DNS [#468](https://github.com/openshift/cluster-dns-operator/pull/468)
* [OCPBUGS-62178](https://issues.redhat.com/browse/OCPBUGS-62178): Dynamically set kube-rbac-proxy TLS args [#466](https://github.com/openshift/cluster-dns-operator/pull/466)
* [OCPBUGS-14346](https://issues.redhat.com/browse/OCPBUGS-14346): Fix when DNS operator reports Degraded [#373](https://github.com/openshift/cluster-dns-operator/pull/373)
* [NE-2469](https://issues.redhat.com/browse/NE-2469): Migrate away from deprecated ioutil [#454](https://github.com/openshift/cluster-dns-operator/pull/454)
* [NE-2482](https://issues.redhat.com/browse/NE-2482): bump k8s libraries to v0.35.0 and cr to v0.23.1 [#459](https://github.com/openshift/cluster-dns-operator/pull/459)
* [CNTRLPLANE-1544](https://issues.redhat.com/browse/CNTRLPLANE-1544): manifests: Enable user namespaces [#451](https://github.com/openshift/cluster-dns-operator/pull/451)
* [OCPBUGS-69912](https://issues.redhat.com/browse/OCPBUGS-69912): Updating ose-cluster-dns-operator-container image to be consistent with ART for 4.22 [#463](https://github.com/openshift/cluster-dns-operator/pull/463)
* [OCPBUGS-65498](https://issues.redhat.com/browse/OCPBUGS-65498): Add openshift-dns-operator ClusterRole to ClusterOpera… [#455](https://github.com/openshift/cluster-dns-operator/pull/455)
* NO-JIRA: Add NI&D team members to OWNERS [#465](https://github.com/openshift/cluster-dns-operator/pull/465)
* [NE-2414](https://issues.redhat.com/browse/NE-2414): Use `trafficDistribution: PreferSameNode` for openshift-dns Service [#457](https://github.com/openshift/cluster-dns-operator/pull/457)
* [NE-2245](https://issues.redhat.com/browse/NE-2245): Bump cluster-dns-operator to Kubernetes 1.34 for 4.21 [#453](https://github.com/openshift/cluster-dns-operator/pull/453)
* [NE-2138](https://issues.redhat.com/browse/NE-2138): Bump cluster-dns-operator to Kubernetes 1.33 for 4.21 [#448](https://github.com/openshift/cluster-dns-operator/pull/448)
* NO-JIRA: Add bentito (btofel@redhat.com) to OWNERS [#449](https://github.com/openshift/cluster-dns-operator/pull/449)
* NO-JIRA: Add davidesalerno to OWNERS [#447](https://github.com/openshift/cluster-dns-operator/pull/447)
* [OCPBUGS-59781](https://issues.redhat.com/browse/OCPBUGS-59781): Read only root filesystem [#445](https://github.com/openshift/cluster-dns-operator/pull/445)
* [OCPBUGS-59781](https://issues.redhat.com/browse/OCPBUGS-59781): Read only root filesystem [#439](https://github.com/openshift/cluster-dns-operator/pull/439)
* NO-JIRA: Add rikatz to OWNERS [#442](https://github.com/openshift/cluster-dns-operator/pull/442)
* [OCPBUGS-57704](https://issues.redhat.com/browse/OCPBUGS-57704): Updating ose-cluster-dns-operator-container image to be consistent with ART for 4.20 [#438](https://github.com/openshift/cluster-dns-operator/pull/438)
* [OCPBUGS-51193](https://issues.redhat.com/browse/OCPBUGS-51193): Add runbook_url for CoreDNSErrorsHigh [#426](https://github.com/openshift/cluster-dns-operator/pull/426)
* [OCPBUGS-45558](https://issues.redhat.com/browse/OCPBUGS-45558): Updating ose-cluster-dns-operator-container image to be consistent with ART for 4.19 [#425](https://github.com/openshift/cluster-dns-operator/pull/425)
* [OCPBUGS-40849](https://issues.redhat.com/browse/OCPBUGS-40849): Updating ose-cluster-dns-operator-container image to be consistent with ART for 4.18 [#421](https://github.com/openshift/cluster-dns-operator/pull/421)
* [OCPBUGS-38102](https://issues.redhat.com/browse/OCPBUGS-38102): Bump to k8s.io/* v0.30.3 and controller-runtime v0.18.4 [#420](https://github.com/openshift/cluster-dns-operator/pull/420)
* [OCPBUGS-33750](https://issues.redhat.com/browse/OCPBUGS-33750): Bump version of DNSNameResolver controller [#415](https://github.com/openshift/cluster-dns-operator/pull/415)
* [OCPBUGS-34229](https://issues.redhat.com/browse/OCPBUGS-34229): Updating ose-cluster-dns-operator-container image to be consistent with ART for 4.17 [#414](https://github.com/openshift/cluster-dns-operator/pull/414)
* [OCPBUGS-34229](https://issues.redhat.com/browse/OCPBUGS-34229): Updating ose-cluster-dns-operator-container image to be consistent with ART for 4.17 [#413](https://github.com/openshift/cluster-dns-operator/pull/413)
* [CFE-964](https://issues.redhat.com/browse/CFE-964): Add DNSNameResolver controller [#394](https://github.com/openshift/cluster-dns-operator/pull/394)
* [OCPBUGS-32941](https://issues.redhat.com/browse/OCPBUGS-32941): Bump to Kubernetes 1.29 and controller-runtime 0.17.3 [#408](https://github.com/openshift/cluster-dns-operator/pull/408)
* [OCPBUGS-27924](https://issues.redhat.com/browse/OCPBUGS-27924): Updating ose-cluster-dns-operator-container image to be consistent with ART for 4.16 [#402](https://github.com/openshift/cluster-dns-operator/pull/402)
* [CFE-852](https://issues.redhat.com/browse/CFE-852): Enable ocp_dnsnameresolver CoreDNS plugin [#393](https://github.com/openshift/cluster-dns-operator/pull/393)
* [OCPBUGS-28230](https://issues.redhat.com/browse/OCPBUGS-28230): add FallbackToLogsOnError for easier debugging [#403](https://github.com/openshift/cluster-dns-operator/pull/403)
* [OCPBUGS-24884](https://issues.redhat.com/browse/OCPBUGS-24884): Updating ose-cluster-dns-operator-container image to be consistent with ART [#397](https://github.com/openshift/cluster-dns-operator/pull/397)
* [OCPBUGS-24602](https://issues.redhat.com/browse/OCPBUGS-24602): Enable topology-aware hints iff nodes in >=2 zones [#398](https://github.com/openshift/cluster-dns-operator/pull/398)
* [OCPBUGS-23741](https://issues.redhat.com/browse/OCPBUGS-23741): Bump to k8s.io v0.28.3, controller-runtime v0.16.3 [#395](https://github.com/openshift/cluster-dns-operator/pull/395)
* [OCPBUGS-20024](https://issues.redhat.com/browse/OCPBUGS-20024): Ignore max unavailable for status [#386](https://github.com/openshift/cluster-dns-operator/pull/386)
* [OCPBUGS-22018](https://issues.redhat.com/browse/OCPBUGS-22018): Bump golang.org/x/net/http2 to v0.17.0 for CVE-2023-39325 in cluster-dns-operator [#387](https://github.com/openshift/cluster-dns-operator/pull/387)
* [OCPBUGS-20024](https://issues.redhat.com/browse/OCPBUGS-20024): Revert "Revert "Set DNS DaemonSet's maxSurge value to 10%"" [#384](https://github.com/openshift/cluster-dns-operator/pull/384)
* [OCPBUGS-19510](https://issues.redhat.com/browse/OCPBUGS-19510): test/e2e: Set controller-runtime logger [#381](https://github.com/openshift/cluster-dns-operator/pull/381)
* [OCPBUGS-19126](https://issues.redhat.com/browse/OCPBUGS-19126): Updating ose-cluster-dns-operator images to be consistent with ART [#380](https://github.com/openshift/cluster-dns-operator/pull/380)
* [OCPBUGS-18034](https://issues.redhat.com/browse/OCPBUGS-18034): Only bump lastTransitionTime on 'status' changes [#375](https://github.com/openshift/cluster-dns-operator/pull/375)
* [OCPBUGS-15605](https://issues.redhat.com/browse/OCPBUGS-15605): Update bufsize to 1232 bytes [#370](https://github.com/openshift/cluster-dns-operator/pull/370)
* [OCPBUGS-13209](https://issues.redhat.com/browse/OCPBUGS-13209): Revert "Set DNS DaemonSet's maxSurge value to 10%" [#379](https://github.com/openshift/cluster-dns-operator/pull/379)
* [NE-1268](https://issues.redhat.com/browse/NE-1268): Replace bindata using embed [#361](https://github.com/openshift/cluster-dns-operator/pull/361)
* [OCPBUGS-12863](https://issues.redhat.com/browse/OCPBUGS-12863): Replace Bugzilla link with Red Hat Issue Tracker [#374](https://github.com/openshift/cluster-dns-operator/pull/374)
* [OCPBUGS-14395](https://issues.redhat.com/browse/OCPBUGS-14395): Set controller-runtime logger to a null logger [#369](https://github.com/openshift/cluster-dns-operator/pull/369)
* [OCPBUGS-6829](https://issues.redhat.com/browse/OCPBUGS-6829): Add support for protocolStrategy API field to enable force_tcp configuration [#359](https://github.com/openshift/cluster-dns-operator/pull/359)
* [OCPBUGS-13965](https://issues.redhat.com/browse/OCPBUGS-13965): Bump vendors k8s libraries to 0.27.2 [#368](https://github.com/openshift/cluster-dns-operator/pull/368)
* [OCPBUGS-13099](https://issues.redhat.com/browse/OCPBUGS-13099): Updating ose-cluster-dns-operator images to be consistent with ART [#363](https://github.com/openshift/cluster-dns-operator/pull/363)
* [OCPBUGS-12859](https://issues.redhat.com/browse/OCPBUGS-12859): deflake TestDNSLogging [#365](https://github.com/openshift/cluster-dns-operator/pull/365)
* [OCPBUGS-5943](https://issues.redhat.com/browse/OCPBUGS-5943): Enable topology-aware hints if, and only if, nodes have zones [#364](https://github.com/openshift/cluster-dns-operator/pull/364)
* [OCPBUGS-5943](https://issues.redhat.com/browse/OCPBUGS-5943): Set DNS DaemonSet's maxSurge value to 10% [#358](https://github.com/openshift/cluster-dns-operator/pull/358)
* [OCPBUGS-10080](https://issues.redhat.com/browse/OCPBUGS-10080): Updating ose-cluster-dns-operator images to be consistent with ART [#357](https://github.com/openshift/cluster-dns-operator/pull/357)
* [OCPBUGS-4359](https://issues.redhat.com/browse/OCPBUGS-4359): update-node-resolver.sh: Check for errors from >> [#355](https://github.com/openshift/cluster-dns-operator/pull/355)
* [OCPBUGS-6382](https://issues.redhat.com/browse/OCPBUGS-6382): Address CVE-2022-41717 [#353](https://github.com/openshift/cluster-dns-operator/pull/353)
* [OCPBUGS-7648](https://issues.redhat.com/browse/OCPBUGS-7648): Bump vendored k8s libraries to 0.26.1 and controller-runtime to 0.14.4 [#356](https://github.com/openshift/cluster-dns-operator/pull/356)
* [OCPBUGS-4359](https://issues.redhat.com/browse/OCPBUGS-4359): ensure original hosts file contents are preserved [#352](https://github.com/openshift/cluster-dns-operator/pull/352)
* Updating ose-cluster-dns-operator images to be consistent with ART [#351](https://github.com/openshift/cluster-dns-operator/pull/351)
* [Full changelog](https://github.com/openshift/cluster-dns-operator/compare/1c136fe38b8cd5c0de99577d23157f884728d20b...)


### [cluster-etcd-operator](https://github.com/openshift/cluster-etcd-operator/tree/1f6d40d4a8e7601ab12dcd075b87476e9a2244c4)

* [OCPBUGS-7409](https://issues.redhat.com/browse/OCPBUGS-7409): set default timeouts in etcdcli [#1005](https://github.com/openshift/cluster-etcd-operator/pull/1005)
* [OCPBUGS-6935](https://issues.redhat.com/browse/OCPBUGS-6935): add dedicated success status for bootstrap removal [#999](https://github.com/openshift/cluster-etcd-operator/pull/999)
* [OCPBUGS-7373](https://issues.redhat.com/browse/OCPBUGS-7373): [release-4.12] fail early on missing node status envs [#1004](https://github.com/openshift/cluster-etcd-operator/pull/1004)
* [OCPBUGS-6898](https://issues.redhat.com/browse/OCPBUGS-6898): updating library-go for CVE-2022-41717 [#998](https://github.com/openshift/cluster-etcd-operator/pull/998)
* [Full changelog](https://github.com/openshift/cluster-etcd-operator/compare/a9aaf7d163b9f118347aca4080ce8cab746b241e...1f6d40d4a8e7601ab12dcd075b87476e9a2244c4)


### [cluster-image-registry-operator](https://github.com/openshift/cluster-image-registry-operator/tree/)

* [OCPBUGS-66225](https://issues.redhat.com/browse/OCPBUGS-66225): fix degraded blip on stale config caches [#1304](https://github.com/openshift/cluster-image-registry-operator/pull/1304)
* [OCPBUGS-66225](https://issues.redhat.com/browse/OCPBUGS-66225): migrate to go 1.25 [#1305](https://github.com/openshift/cluster-image-registry-operator/pull/1305)
* [IR-350](https://issues.redhat.com/browse/IR-350): make metrics server tls configuration file-based [#1297](https://github.com/openshift/cluster-image-registry-operator/pull/1297)
* [OCPBUGS-74495](https://issues.redhat.com/browse/OCPBUGS-74495): Fix Azure Stack Hub compatibility with dual SDK approach [#1287](https://github.com/openshift/cluster-image-registry-operator/pull/1287)
* [OCPBUGS-62626](https://issues.redhat.com/browse/OCPBUGS-62626): only report Progressing=True when progressing towards new configuration [#1293](https://github.com/openshift/cluster-image-registry-operator/pull/1293)
* [OCPBUGS-66225](https://issues.redhat.com/browse/OCPBUGS-66225): bump deployment ProgressDeadlineSeconds to 120s [#1298](https://github.com/openshift/cluster-image-registry-operator/pull/1298)
* [CNTRLPLANE-2651](https://issues.redhat.com/browse/CNTRLPLANE-2651): Fix OTE suite qualifiers to use proper CEL expressions [#1300](https://github.com/openshift/cluster-image-registry-operator/pull/1300)
* [CNTRLPLANE-2651](https://issues.redhat.com/browse/CNTRLPLANE-2651): OTE infrastructure [#1283](https://github.com/openshift/cluster-image-registry-operator/pull/1283)
* [IR-350](https://issues.redhat.com/browse/IR-350): keeps registry tls config in sync with cluster [#1278](https://github.com/openshift/cluster-image-registry-operator/pull/1278)
* [OCPBUGS-62626](https://issues.redhat.com/browse/OCPBUGS-62626): only report Progressing=True when progressing towards new configuration [#1286](https://github.com/openshift/cluster-image-registry-operator/pull/1286)
* NO-JIRA: fix TestImageRegistryRemovedWithImages flake [#1288](https://github.com/openshift/cluster-image-registry-operator/pull/1288)
* [OCPBUGS-74495](https://issues.redhat.com/browse/OCPBUGS-74495): Migrate Azure storage management to new ARM SDK [#1281](https://github.com/openshift/cluster-image-registry-operator/pull/1281)
* [IR-350](https://issues.redhat.com/browse/IR-350): bump library-go to the latest version [#1276](https://github.com/openshift/cluster-image-registry-operator/pull/1276)
* [OCPBUGS-69751](https://issues.redhat.com/browse/OCPBUGS-69751): Updating ose-cluster-image-registry-operator-container image to be consistent with ART for 4.22 [#1275](https://github.com/openshift/cluster-image-registry-operator/pull/1275)
* [OCPBUGS-66203](https://issues.redhat.com/browse/OCPBUGS-66203): clear affinities on an individual API call [#1273](https://github.com/openshift/cluster-image-registry-operator/pull/1273)
* [CNTRLPLANE-1683](https://issues.redhat.com/browse/CNTRLPLANE-1683): set up openshift-tests-extension for cluster-image-registry-operator: refactor: simplified single-module OTE infrastructure [#1269](https://github.com/openshift/cluster-image-registry-operator/pull/1269)
* [OCPBUGS-66153](https://issues.redhat.com/browse/OCPBUGS-66153): use unambiguous path for minio image [#1270](https://github.com/openshift/cluster-image-registry-operator/pull/1270)
* [OCPBUGS-62573](https://issues.redhat.com/browse/OCPBUGS-62573): Updating ose-cluster-image-registry-operator-container image to be consistent with ART for 4.21 [#1256](https://github.com/openshift/cluster-image-registry-operator/pull/1256)
* [OCPBUGS-59734](https://issues.redhat.com/browse/OCPBUGS-59734): fix(azure): resolve credential caching issues around UAMI support [#1238](https://github.com/openshift/cluster-image-registry-operator/pull/1238)
* [OSASINFRA-3756](https://issues.redhat.com/browse/OSASINFRA-3756): Add support for token-based authentication in clouds.yaml configuration file [#1221](https://github.com/openshift/cluster-image-registry-operator/pull/1221)
* [OCPBUGS-58424](https://issues.redhat.com/browse/OCPBUGS-58424): mount /etc/pki/ca-trust/extracted/pem/ as empty dir [#1239](https://github.com/openshift/cluster-image-registry-operator/pull/1239)
* NO-JIRA: Set ownership annotation for image-registry-ca CA bundle [#1225](https://github.com/openshift/cluster-image-registry-operator/pull/1225)
* [OCPBUGS-57577](https://issues.redhat.com/browse/OCPBUGS-57577): Updating ose-cluster-image-registry-operator-container image to be consistent with ART for 4.20 [#1226](https://github.com/openshift/cluster-image-registry-operator/pull/1226)
* [OCPSTRAT-1076](https://issues.redhat.com/browse/OCPSTRAT-1076): Add readonlyRootFilesystem [#1215](https://github.com/openshift/cluster-image-registry-operator/pull/1215)
* [OCPBUGS-56606](https://issues.redhat.com/browse/OCPBUGS-56606): bump github.com/golang-jwt/jwt [#1212](https://github.com/openshift/cluster-image-registry-operator/pull/1212)
* [OCPBUGS-56361](https://issues.redhat.com/browse/OCPBUGS-56361): bump golang.org/x/oauth2 to the latest version [#1206](https://github.com/openshift/cluster-image-registry-operator/pull/1206)
* [OSASINFRA-3747](https://issues.redhat.com/browse/OSASINFRA-3747): Prefer CA cert from credentials secret [#1190](https://github.com/openshift/cluster-image-registry-operator/pull/1190)
* [OCPBUGS-45409](https://issues.redhat.com/browse/OCPBUGS-45409): Updating ose-cluster-image-registry-operator-container image to be consistent with ART for 4.19 [#1196](https://github.com/openshift/cluster-image-registry-operator/pull/1196)
* [CNTRLPLANE-112](https://issues.redhat.com/browse/CNTRLPLANE-112): Authenticate to Azure only once in CPO [#1194](https://github.com/openshift/cluster-image-registry-operator/pull/1194)
* [CNTRLPLANE-112](https://issues.redhat.com/browse/CNTRLPLANE-112): Bump msi-dataplane dependency [#1187](https://github.com/openshift/cluster-image-registry-operator/pull/1187)
* [CNTRLPLANE-112](https://issues.redhat.com/browse/CNTRLPLANE-112): Remove ARO HCP MIv2 Authentication [#1186](https://github.com/openshift/cluster-image-registry-operator/pull/1186)
* [CNTRLPLANE-112](https://issues.redhat.com/browse/CNTRLPLANE-112): Add new Azure authentication type for managed Azure HCP for cluster-image-registry [#1174](https://github.com/openshift/cluster-image-registry-operator/pull/1174)
* NO-JIRA: update owners [#1178](https://github.com/openshift/cluster-image-registry-operator/pull/1178)
* [OCPBUGS-50950](https://issues.redhat.com/browse/OCPBUGS-50950): ensure that storage names don't end in dashes [#1177](https://github.com/openshift/cluster-image-registry-operator/pull/1177)
* [OCPBUGS-47503](https://issues.redhat.com/browse/OCPBUGS-47503): Power VS: Revert #1076 to match new API validation [#1168](https://github.com/openshift/cluster-image-registry-operator/pull/1168)
* [MULTIARCH-4971](https://issues.redhat.com/browse/MULTIARCH-4971): Set import mode in image config based on ClusterVersion desired Architecture [#1164](https://github.com/openshift/cluster-image-registry-operator/pull/1164)
* [OCPBUGS-44491](https://issues.redhat.com/browse/OCPBUGS-44491): add runbook url on prometheus alert rules [#1159](https://github.com/openshift/cluster-image-registry-operator/pull/1159)
* [OCPBUGS-41903](https://issues.redhat.com/browse/OCPBUGS-41903): operator/status: clear azure path fix job conditions on operator removal [#1142](https://github.com/openshift/cluster-image-registry-operator/pull/1142)
* [MULTIARCH-5164](https://issues.redhat.com/browse/MULTIARCH-5164): Update powervs-utils regions to include us-south and tor [#1157](https://github.com/openshift/cluster-image-registry-operator/pull/1157)
* [IR-490](https://issues.redhat.com/browse/IR-490): manifests: add pvc related alerts to prometheus rules [#1147](https://github.com/openshift/cluster-image-registry-operator/pull/1147)
* [HOSTEDCP-1994](https://issues.redhat.com/browse/HOSTEDCP-1994): Add filewatcher for Azure client certificate authentication [#1155](https://github.com/openshift/cluster-image-registry-operator/pull/1155)
* [HOSTEDCP-2019](https://issues.redhat.com/browse/HOSTEDCP-2019): Use Client Cert Auth for ARO HCP deployments [#1131](https://github.com/openshift/cluster-image-registry-operator/pull/1131)
* [OCPBUGS-43508](https://issues.redhat.com/browse/OCPBUGS-43508): fix proxy config and leader election test flakes [#1140](https://github.com/openshift/cluster-image-registry-operator/pull/1140)
* [OCPBUGS-38667](https://issues.redhat.com/browse/OCPBUGS-38667): pkg/operator: wait for image registry config object cache sync [#1138](https://github.com/openshift/cluster-image-registry-operator/pull/1138)
* [OCPBUGS-42732](https://issues.redhat.com/browse/OCPBUGS-42732): pkg/storage/azure: also check for auth failure error code on deletion [#1129](https://github.com/openshift/cluster-image-registry-operator/pull/1129)
* [CFE-1129](https://issues.redhat.com/browse/CFE-1129): Added AWS TAGS reconciliation [#1121](https://github.com/openshift/cluster-image-registry-operator/pull/1121)
* [OCPBUGS-42514](https://issues.redhat.com/browse/OCPBUGS-42514): azureclient: stop validating credentials when creating the client [#1127](https://github.com/openshift/cluster-image-registry-operator/pull/1127)
* [OCPBUGS-42196](https://issues.redhat.com/browse/OCPBUGS-42196): pkg/storage/azure: use cluster-api tag key to discover vnet [#1120](https://github.com/openshift/cluster-image-registry-operator/pull/1120)
* [OCPBUGS-42106](https://issues.redhat.com/browse/OCPBUGS-42106): Continuous pull-secret updates / slow initialization on build01 (test platform infrastructure) [#1122](https://github.com/openshift/cluster-image-registry-operator/pull/1122)
* [OCPBUGS-42004](https://issues.redhat.com/browse/OCPBUGS-42004): Set the Managed Identity client ID [#1116](https://github.com/openshift/cluster-image-registry-operator/pull/1116)
* [OCPBUGS-39485](https://issues.redhat.com/browse/OCPBUGS-39485): Updating ose-cluster-image-registry-operator-container image to be consistent with ART for 4.18 [#1113](https://github.com/openshift/cluster-image-registry-operator/pull/1113)
* [OCPBUGS-37543](https://issues.redhat.com/browse/OCPBUGS-37543): Avoid Shared Access Key usage for Azure Storage Account when using Managed Identity based auth [#1095](https://github.com/openshift/cluster-image-registry-operator/pull/1095)
* [MULTIARCH-4971](https://issues.redhat.com/browse/MULTIARCH-4971): Sync ImageStreamImportMode setting in the image config status [#1090](https://github.com/openshift/cluster-image-registry-operator/pull/1090)
* [OCPBUGS-38842](https://issues.redhat.com/browse/OCPBUGS-38842): pkg/resource: invoke update-ca-trust extract with --output [#1096](https://github.com/openshift/cluster-image-registry-operator/pull/1096)
* [OCPBUGS-37543](https://issues.redhat.com/browse/OCPBUGS-37543): Revert "Merge pull request #1087 from rajdeepc2792/rajdeepc2792/ARO-9391" [#1093](https://github.com/openshift/cluster-image-registry-operator/pull/1093)
* [ARO-9391](https://issues.redhat.com/browse/ARO-9391), [OCPBUGS-37543](https://issues.redhat.com/browse/OCPBUGS-37543): Avoid Shared Access Key usage for Azure Storage Account when using Managed Identity based auth [#1087](https://github.com/openshift/cluster-image-registry-operator/pull/1087)
* [OCPBUGS-38287](https://issues.redhat.com/browse/OCPBUGS-38287): bump gophercloud to latest v2 [#1086](https://github.com/openshift/cluster-image-registry-operator/pull/1086)
* [IR-467](https://issues.redhat.com/browse/IR-467): Enable MSI override for ARO HCP [#1082](https://github.com/openshift/cluster-image-registry-operator/pull/1082)
* [SPLAT-1721](https://issues.redhat.com/browse/SPLAT-1721): Remove alibaba [#1077](https://github.com/openshift/cluster-image-registry-operator/pull/1077)
* [IR-471](https://issues.redhat.com/browse/IR-471): Removing featuregate for chunkSizeMiB config [#1073](https://github.com/openshift/cluster-image-registry-operator/pull/1073)
* Revert "IR-467: Enable Azure MSI authentication" [#1079](https://github.com/openshift/cluster-image-registry-operator/pull/1079)
* [IR-467](https://issues.redhat.com/browse/IR-467): Enable Azure MSI authentication [#1020](https://github.com/openshift/cluster-image-registry-operator/pull/1020)
* [OCPBUGS-37207](https://issues.redhat.com/browse/OCPBUGS-37207): Power VS: Check endpoints against lower case strings [#1076](https://github.com/openshift/cluster-image-registry-operator/pull/1076)
* [IR-471](https://issues.redhat.com/browse/IR-471): Adding additional validation [#1074](https://github.com/openshift/cluster-image-registry-operator/pull/1074)
* [OCPBUGS-36038](https://issues.redhat.com/browse/OCPBUGS-36038): go.*,vendor: bump go-retryablehttp [#1063](https://github.com/openshift/cluster-image-registry-operator/pull/1063)
* [IR-477](https://issues.redhat.com/browse/IR-477): pkg/operator: deactivate azure path fix job [#1061](https://github.com/openshift/cluster-image-registry-operator/pull/1061)
* [IR-471](https://issues.redhat.com/browse/IR-471): Exposing chunksize variable to utilize docker registry config [#1060](https://github.com/openshift/cluster-image-registry-operator/pull/1060)
* [OCPBUGS-34107](https://issues.redhat.com/browse/OCPBUGS-34107): Updating ose-cluster-image-registry-operator-container image to be consistent with ART for 4.17 [#1045](https://github.com/openshift/cluster-image-registry-operator/pull/1045)
* [OCPBUGS-34399](https://issues.redhat.com/browse/OCPBUGS-34399): Update rbac for featuregate [#1056](https://github.com/openshift/cluster-image-registry-operator/pull/1056)
* [OCPBUGS-33453](https://issues.redhat.com/browse/OCPBUGS-33453): add SAR capability to image-registry [#1046](https://github.com/openshift/cluster-image-registry-operator/pull/1046)
* [CFE-962](https://issues.redhat.com/browse/CFE-962): Refactor code to mock GCP tag service for UTs [#1027](https://github.com/openshift/cluster-image-registry-operator/pull/1027)
* [OCPBUGS-34399](https://issues.redhat.com/browse/OCPBUGS-34399): Revert "Merge pull request #1026 from deepsm007/expose-chunksize" [#1052](https://github.com/openshift/cluster-image-registry-operator/pull/1052)
* [OCPBUGS-34399](https://issues.redhat.com/browse/OCPBUGS-34399): Exposing chunksize variable to utilize docker registry config [#1026](https://github.com/openshift/cluster-image-registry-operator/pull/1026)
* [OCPBUGS-34107](https://issues.redhat.com/browse/OCPBUGS-34107): Updating ose-cluster-image-registry-operator-container image to be consistent with ART for 4.17 [#1040](https://github.com/openshift/cluster-image-registry-operator/pull/1040)
* [OCPBUGS-32710](https://issues.redhat.com/browse/OCPBUGS-32710): pkg/storage/s3: use force path style in favour of virtual hosted style config [#1028](https://github.com/openshift/cluster-image-registry-operator/pull/1028)
* [OCPBUGS-33149](https://issues.redhat.com/browse/OCPBUGS-33149): azure-path-fix: get client secret from k8s secret [#1029](https://github.com/openshift/cluster-image-registry-operator/pull/1029)
* [OCPBUGS-33868](https://issues.redhat.com/browse/OCPBUGS-33868): Bump openshift api, client-go & library-go [#1036](https://github.com/openshift/cluster-image-registry-operator/pull/1036)
* [OCPBUGS-33172](https://issues.redhat.com/browse/OCPBUGS-33172): azurepathfix: check if platform status is nil before accessing it [#1030](https://github.com/openshift/cluster-image-registry-operator/pull/1030)
* [OCPBUGS-32491](https://issues.redhat.com/browse/OCPBUGS-32491): Power VS: Add support for Power VS endpoint overrides [#1024](https://github.com/openshift/cluster-image-registry-operator/pull/1024)
* [OCPBUGS-29559](https://issues.redhat.com/browse/OCPBUGS-29559): Apply hypershift cluster-profile for ibm-cloud-managed [#999](https://github.com/openshift/cluster-image-registry-operator/pull/999)
* [OCPBUGS-32328](https://issues.redhat.com/browse/OCPBUGS-32328): azure-path-fix: support auth via account key (without clientID) [#1021](https://github.com/openshift/cluster-image-registry-operator/pull/1021)
* [OCPBUGS-30484](https://issues.redhat.com/browse/OCPBUGS-30484): bump indirect google protobuf dependency [#1015](https://github.com/openshift/cluster-image-registry-operator/pull/1015)
* NO-JIRA: remove bparees from owners [#1019](https://github.com/openshift/cluster-image-registry-operator/pull/1019)
* [OCPBUGS-29233](https://issues.redhat.com/browse/OCPBUGS-29233): bump aws-sdk-go from v1.44 to v1.50 [#1012](https://github.com/openshift/cluster-image-registry-operator/pull/1012)
* [AUTH-482](https://issues.redhat.com/browse/AUTH-482): set required-scc for openshift workloads [#1008](https://github.com/openshift/cluster-image-registry-operator/pull/1008)
* NO-JIRA: bump golangci-lint to v1.56.2 [#1013](https://github.com/openshift/cluster-image-registry-operator/pull/1013)
* [OCPBUGS-29932](https://issues.redhat.com/browse/OCPBUGS-29932): cmd/move-blobs: log and exit 1 on error instead of panic [#1006](https://github.com/openshift/cluster-image-registry-operator/pull/1006)
* [OCPBUGS-29637](https://issues.redhat.com/browse/OCPBUGS-29637): azurepathfix: fix stack hub, government and workload identity setup [#1003](https://github.com/openshift/cluster-image-registry-operator/pull/1003)
* [OCPBUGS-29003](https://issues.redhat.com/browse/OCPBUGS-29003): move azure storage blobs from `docker` back into `/docker` [#998](https://github.com/openshift/cluster-image-registry-operator/pull/998)
* NO-JIRA: Add hack/local-dev.sh [#996](https://github.com/openshift/cluster-image-registry-operator/pull/996)
* [OCPBUGS-28225](https://issues.redhat.com/browse/OCPBUGS-28225): pkg/storage/s3: enable bucket key on encryption settings [#993](https://github.com/openshift/cluster-image-registry-operator/pull/993)
* [OCPBUGS-28230](https://issues.redhat.com/browse/OCPBUGS-28230): add FallbackToLogsOnError for easier debugging [#992](https://github.com/openshift/cluster-image-registry-operator/pull/992)
* NO-JIRA: build(deps): bump golang.org/x/oauth2 from 0.8.0 to 0.16.0 [#989](https://github.com/openshift/cluster-image-registry-operator/pull/989)
* [OCPBUGS-26767](https://issues.redhat.com/browse/OCPBUGS-26767): MULTIARCH-4074: PowerVS: update supported regions [#987](https://github.com/openshift/cluster-image-registry-operator/pull/987)
* [IR-409](https://issues.redhat.com/browse/IR-409): build(deps): bump github.com/IBM/platform-services-go-sdk from 0.18.15 to 0.55.0 [#974](https://github.com/openshift/cluster-image-registry-operator/pull/974)
* [OCPBUGS-24997](https://issues.redhat.com/browse/OCPBUGS-24997): Updating ose-cluster-image-registry-operator-container image to be consistent with ART [#979](https://github.com/openshift/cluster-image-registry-operator/pull/979)
* [IR-410](https://issues.redhat.com/browse/IR-410): build(deps): bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1263 to 1.62.637 [#980](https://github.com/openshift/cluster-image-registry-operator/pull/980)
* [OCPBUGS-11624](https://issues.redhat.com/browse/OCPBUGS-11624): manifests/02-rbac.yaml: stop using wild cards [#964](https://github.com/openshift/cluster-image-registry-operator/pull/964)
* [OCPBUGS-24649](https://issues.redhat.com/browse/OCPBUGS-24649): add private endpoint permissions to Azure credentials request [#971](https://github.com/openshift/cluster-image-registry-operator/pull/971)
* [OCPBUGS-24997](https://issues.redhat.com/browse/OCPBUGS-24997): Updating ose-cluster-image-registry-operator-container image to be consistent with ART [#975](https://github.com/openshift/cluster-image-registry-operator/pull/975)
* [IR-412](https://issues.redhat.com/browse/IR-412): IBMCloud: Add support for endpoint overrides [#955](https://github.com/openshift/cluster-image-registry-operator/pull/955)
* [CCO-248](https://issues.redhat.com/browse/CCO-248): Revert "Merge pull request #965 from jstuever/TRT-1368" [#967](https://github.com/openshift/cluster-image-registry-operator/pull/967)
* [OCPVE-790](https://issues.redhat.com/browse/OCPVE-790): annotate credentials request manifests [#959](https://github.com/openshift/cluster-image-registry-operator/pull/959)
* [OCPBUGS-24161](https://issues.redhat.com/browse/OCPBUGS-24161): Updating ose-cluster-image-registry-operator-container image to be consistent with ART [#966](https://github.com/openshift/cluster-image-registry-operator/pull/966)
* [TRT-1368](https://issues.redhat.com/browse/TRT-1368): Revert "Merge pull request #935 from flavianmissi/CCO-248" [#965](https://github.com/openshift/cluster-image-registry-operator/pull/965)
* [IR-366](https://issues.redhat.com/browse/IR-366), [IR-367](https://issues.redhat.com/browse/IR-367), [IR-411](https://issues.redhat.com/browse/IR-411): allow users to configure private storage accounts in Azure [#930](https://github.com/openshift/cluster-image-registry-operator/pull/930)
* [IR-408](https://issues.redhat.com/browse/IR-408): request individual permissions for gcs [#935](https://github.com/openshift/cluster-image-registry-operator/pull/935)
* [OCPBUGS-2889](https://issues.redhat.com/browse/OCPBUGS-2889): accept user/pass OR application credentials on Swift UPI secret [#924](https://github.com/openshift/cluster-image-registry-operator/pull/924)
* [IR-406](https://issues.redhat.com/browse/IR-406), [OCPBUGS-21853](https://issues.redhat.com/browse/OCPBUGS-21853): bump k8s and openshift packages [#936](https://github.com/openshift/cluster-image-registry-operator/pull/936)
* [OCPBUGS-21853](https://issues.redhat.com/browse/OCPBUGS-21853): disable http2 for metrics endpoint [#938](https://github.com/openshift/cluster-image-registry-operator/pull/938)
* [OCPBUGS-18969](https://issues.redhat.com/browse/OCPBUGS-18969): move pruner role creation from openshift-apiserver [#925](https://github.com/openshift/cluster-image-registry-operator/pull/925)
* [OCPBUGS-19262](https://issues.redhat.com/browse/OCPBUGS-19262): Updating ose-cluster-image-registry-operator images to be consistent with ART [#918](https://github.com/openshift/cluster-image-registry-operator/pull/918)
* [OCPBUGS-18469](https://issues.redhat.com/browse/OCPBUGS-18469): increase storage account key cache expiration [#912](https://github.com/openshift/cluster-image-registry-operator/pull/912)
* [OCPBUGS-17060](https://issues.redhat.com/browse/OCPBUGS-17060): use Recreate on operator deployment [#908](https://github.com/openshift/cluster-image-registry-operator/pull/908)
* [OCPBUGS-18103](https://issues.redhat.com/browse/OCPBUGS-18103): check if response is nil before using it [#909](https://github.com/openshift/cluster-image-registry-operator/pull/909)
* [OCPVE-632](https://issues.redhat.com/browse/OCPVE-632): add capability annotations to manifests [#856](https://github.com/openshift/cluster-image-registry-operator/pull/856)
* [OCPBUGS-17882](https://issues.redhat.com/browse/OCPBUGS-17882): Add rbac permission IDMS, ITMS [#891](https://github.com/openshift/cluster-image-registry-operator/pull/891)
* [TRT-1193](https://issues.redhat.com/browse/TRT-1193): Revert "IR-373: remove node-ca daemon" [#899](https://github.com/openshift/cluster-image-registry-operator/pull/899)
* [CFE-846](https://issues.redhat.com/browse/CFE-846): Add user defined tags to the GCP buckets created [#873](https://github.com/openshift/cluster-image-registry-operator/pull/873)
* [IR-373](https://issues.redhat.com/browse/IR-373): remove node-ca daemon [#867](https://github.com/openshift/cluster-image-registry-operator/pull/867)
* build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.4 [#877](https://github.com/openshift/cluster-image-registry-operator/pull/877)
* build(deps): bump the k8s-dependencies group with 1 update [#895](https://github.com/openshift/cluster-image-registry-operator/pull/895)
* [IR-363](https://issues.redhat.com/browse/IR-363): Update Azure Credentials Request manifest of the Cluster Image Registry Operator to use new API field for requesting permissions [#890](https://github.com/openshift/cluster-image-registry-operator/pull/890)
* build(deps): bump github.com/prometheus/common from 0.37.0 to 0.44.0 [#878](https://github.com/openshift/cluster-image-registry-operator/pull/878)
* [CFE-682](https://issues.redhat.com/browse/CFE-682): Add user defined labels to the GCP buckets created [#872](https://github.com/openshift/cluster-image-registry-operator/pull/872)
* [CFE-682](https://issues.redhat.com/browse/CFE-682): Update openshift/api package to latest version [#887](https://github.com/openshift/cluster-image-registry-operator/pull/887)
* [IR-390](https://issues.redhat.com/browse/IR-390): Make a configmap for MCO to consume CAs [#880](https://github.com/openshift/cluster-image-registry-operator/pull/880)
* build(deps): bump github.com/aws/aws-sdk-go from 1.44.291 to 1.44.298 [#879](https://github.com/openshift/cluster-image-registry-operator/pull/879)
* build(deps): bump golang.org/x/net from 0.8.0 to 0.11.0 [#871](https://github.com/openshift/cluster-image-registry-operator/pull/871)
* build(deps): bump github.com/aliyun/aliyun-oss-go-sdk from 2.1.10+incompatible to 2.2.7+incompatible [#869](https://github.com/openshift/cluster-image-registry-operator/pull/869)
* .github/dependabot.yml: group certain dependencies [#865](https://github.com/openshift/cluster-image-registry-operator/pull/865)
* [IR-389](https://issues.redhat.com/browse/IR-389): bump aws-sdk-go [#860](https://github.com/openshift/cluster-image-registry-operator/pull/860)
* .github: configure dependabot [#861](https://github.com/openshift/cluster-image-registry-operator/pull/861)
* [IR-369](https://issues.redhat.com/browse/IR-369), [IR-370](https://issues.redhat.com/browse/IR-370): support Azure workload identity [#857](https://github.com/openshift/cluster-image-registry-operator/pull/857)
* [OCPBUGS-12132](https://issues.redhat.com/browse/OCPBUGS-12132): Updating ose-cluster-image-registry-operator images to be consistent with ART [#854](https://github.com/openshift/cluster-image-registry-operator/pull/854)
* Updating ose-cluster-image-registry-operator images to be consistent with ART [#849](https://github.com/openshift/cluster-image-registry-operator/pull/849)
* [OCPBUGS-8224](https://issues.redhat.com/browse/OCPBUGS-8224): fix storage selection on IBM cloud [#847](https://github.com/openshift/cluster-image-registry-operator/pull/847)
* [OCPBUGS-6797](https://issues.redhat.com/browse/OCPBUGS-6797): Add nil validation for IBM Cloud and Power VS infrastructure status in ibmcos [#845](https://github.com/openshift/cluster-image-registry-operator/pull/845)
* [MULTIARCH-3212](https://issues.redhat.com/browse/MULTIARCH-3212): Use IBM COS as storage backend for PowerVS [#843](https://github.com/openshift/cluster-image-registry-operator/pull/843)
* [OCPBUGS-6621](https://issues.redhat.com/browse/OCPBUGS-6621): bump aws-sdk-go [#844](https://github.com/openshift/cluster-image-registry-operator/pull/844)
* Add UserTags while creating Azure Storage Account [#829](https://github.com/openshift/cluster-image-registry-operator/pull/829)
* [IR-341](https://issues.redhat.com/browse/IR-341): bump openshift/api [#828](https://github.com/openshift/cluster-image-registry-operator/pull/828)
* [IR-270](https://issues.redhat.com/browse/IR-270): allow registry to create image objects [#823](https://github.com/openshift/cluster-image-registry-operator/pull/823)
* [OCPBUGS-6175](https://issues.redhat.com/browse/OCPBUGS-6175): OpenStack: Add support for Proxy [#833](https://github.com/openshift/cluster-image-registry-operator/pull/833)
* [IR-308](https://issues.redhat.com/browse/IR-308): Add support for External platform [#825](https://github.com/openshift/cluster-image-registry-operator/pull/825)
* [OCPBUGS-4090](https://issues.redhat.com/browse/OCPBUGS-4090): swift: Retry connecting to OpenStack [#819](https://github.com/openshift/cluster-image-registry-operator/pull/819)
* [IR-311](https://issues.redhat.com/browse/IR-311): storage: azure: use azidentity with an adapter [#807](https://github.com/openshift/cluster-image-registry-operator/pull/807)
* [Bug 2065166](https://bugzilla.redhat.com/show_bug.cgi?id=2065166): Remove roles/iam.serviceAccountUser role [#824](https://github.com/openshift/cluster-image-registry-operator/pull/824)
* Updating ose-cluster-image-registry-operator images to be consistent with ART [#821](https://github.com/openshift/cluster-image-registry-operator/pull/821)
* [IR-314](https://issues.redhat.com/browse/IR-314): Bump dependencies [#816](https://github.com/openshift/cluster-image-registry-operator/pull/816)
* Add config for golangci-lint and fix errors [#820](https://github.com/openshift/cluster-image-registry-operator/pull/820)
* hack/test-go.sh: generate coverage reports [#818](https://github.com/openshift/cluster-image-registry-operator/pull/818)
* [OCPBUGS-3974](https://issues.redhat.com/browse/OCPBUGS-3974): check for nil pointer before dereferencing [#814](https://github.com/openshift/cluster-image-registry-operator/pull/814)
* [Bug 2066388](https://bugzilla.redhat.com/show_bug.cgi?id=2066388): Add example for s3.regionEndpoint [#815](https://github.com/openshift/cluster-image-registry-operator/pull/815)
* [OCPBUGS-2941](https://issues.redhat.com/browse/OCPBUGS-2941): Bump gophercloud [#808](https://github.com/openshift/cluster-image-registry-operator/pull/808)
* add myself to OWNERS [#809](https://github.com/openshift/cluster-image-registry-operator/pull/809)
* [Full changelog](https://github.com/openshift/cluster-image-registry-operator/compare/62a3aa8ff1ffcc5b52a762847ecf1391730fff92...)


### [cluster-ingress-operator](https://github.com/openshift/cluster-ingress-operator/tree/)

* [NE-2523](https://issues.redhat.com/browse/NE-2523): Implement configurationManagement API [#1385](https://github.com/openshift/cluster-ingress-operator/pull/1385)
* [OCPBUGS-79667](https://issues.redhat.com/browse/OCPBUGS-79667): Use feature-gate annotation for Sail Library RBAC [#1393](https://github.com/openshift/cluster-ingress-operator/pull/1393)
* [NE-2396](https://issues.redhat.com/browse/NE-2396): gatewayclass: Enable Horizontal Pod Autoscaling [#1326](https://github.com/openshift/cluster-ingress-operator/pull/1326)
* [CORS-4335](https://issues.redhat.com/browse/CORS-4335): Add support for AWS European Sovereign Cloud [#1360](https://github.com/openshift/cluster-ingress-operator/pull/1360)
* [NE-2421](https://issues.redhat.com/browse/NE-2421): Support dual-stack IngressController on AWS [#1376](https://github.com/openshift/cluster-ingress-operator/pull/1376)
* [OCPBUGS-62237](https://issues.redhat.com/browse/OCPBUGS-62237): Apply APIServer TLS security profile to canary daemonset [#1386](https://github.com/openshift/cluster-ingress-operator/pull/1386)
* [OCPBUGS-78523](https://issues.redhat.com/browse/OCPBUGS-78523): gatewayapi_controller: Replace sync.Once with retry for GatewayClass field indexer setup [#1382](https://github.com/openshift/cluster-ingress-operator/pull/1382)
* [OCPBUGS-62627](https://issues.redhat.com/browse/OCPBUGS-62627): cluster operator ingress reported Progressing=True wit… [#1299](https://github.com/openshift/cluster-ingress-operator/pull/1299)
* [OCPBUGS-62238](https://issues.redhat.com/browse/OCPBUGS-62238): configure tls profile for router metrics [#1378](https://github.com/openshift/cluster-ingress-operator/pull/1378)
* [NE-2285](https://issues.redhat.com/browse/NE-2285): Bump to OSSM 3.3.0 and Istio v1.28.4 [#1396](https://github.com/openshift/cluster-ingress-operator/pull/1396)
* [OCPBUGS-77457](https://issues.redhat.com/browse/OCPBUGS-77457): Respect proxy configuration on gwapi provisioning [#1383](https://github.com/openshift/cluster-ingress-operator/pull/1383)
* [NE-2471](https://issues.redhat.com/browse/NE-2471): Replace OLM-based Istio install with Sail Library [#1354](https://github.com/openshift/cluster-ingress-operator/pull/1354)
* [NE-2501](https://issues.redhat.com/browse/NE-2501): Add RBAC to allow operator to manage network policies [#1389](https://github.com/openshift/cluster-ingress-operator/pull/1389)
* [OCPBUGS-78555](https://issues.redhat.com/browse/OCPBUGS-78555): Increase Gateway E2E timeout to 5 minutes [#1390](https://github.com/openshift/cluster-ingress-operator/pull/1390)
* [NE-2131](https://issues.redhat.com/browse/NE-2131): tests-extension: Append suite names to OTE test specs to preserve original test names [#1387](https://github.com/openshift/cluster-ingress-operator/pull/1387)
* [NE-2418](https://issues.redhat.com/browse/NE-2418): Add e2e test for haproxy_max_connections metric [#1361](https://github.com/openshift/cluster-ingress-operator/pull/1361)
* [NE-2183](https://issues.redhat.com/browse/NE-2183): Implement GatewayAPI status controller [#1294](https://github.com/openshift/cluster-ingress-operator/pull/1294)
* [NE-2131](https://issues.redhat.com/browse/NE-2131): tests-extension: restore test names and remove metadata tracking [#1379](https://github.com/openshift/cluster-ingress-operator/pull/1379)
* [OCPBUGS-77493](https://issues.redhat.com/browse/OCPBUGS-77493): e2e: Increase GatewayClass acceptance timeout to 5m [#1372](https://github.com/openshift/cluster-ingress-operator/pull/1372)
* [OCPBUGS-77704](https://issues.redhat.com/browse/OCPBUGS-77704): Update annotations in gatewayclass to use the istio version [#1375](https://github.com/openshift/cluster-ingress-operator/pull/1375)
* [NE-2131](https://issues.redhat.com/browse/NE-2131): Add OpenShift Tests Extension scaffolding with GatewayAPI CRD tests [#1371](https://github.com/openshift/cluster-ingress-operator/pull/1371)
* [OCPBUGS-74508](https://issues.redhat.com/browse/OCPBUGS-74508): Remove the GatewayAPI feature gate [#1366](https://github.com/openshift/cluster-ingress-operator/pull/1366)
* NO-JIRA: enable inheritance on coderabbit [#1373](https://github.com/openshift/cluster-ingress-operator/pull/1373)
* [OCPBUGS-74511](https://issues.redhat.com/browse/OCPBUGS-74511): remove RouteExternalCertificate feature gate [#1355](https://github.com/openshift/cluster-ingress-operator/pull/1355)
* [OCPBUGS-65629](https://issues.redhat.com/browse/OCPBUGS-65629): ensure canary daemon set uses its own service account. [#1310](https://github.com/openshift/cluster-ingress-operator/pull/1310)
* [OCPBUGS-77305](https://issues.redhat.com/browse/OCPBUGS-77305): Bump to OSSM 3.2.2 and Istio 1.27.5 [#1350](https://github.com/openshift/cluster-ingress-operator/pull/1350)
* NO-JIRA: Add coderabbit to CIO [#1348](https://github.com/openshift/cluster-ingress-operator/pull/1348)
* [OCPBUGS-58145](https://issues.redhat.com/browse/OCPBUGS-58145): reload serving cert on rotation [#1285](https://github.com/openshift/cluster-ingress-operator/pull/1285)
* [NE-2481](https://issues.redhat.com/browse/NE-2481): bump k8s libraries to v0.35.0 [#1356](https://github.com/openshift/cluster-ingress-operator/pull/1356)
* [NE-2434](https://issues.redhat.com/browse/NE-2434): E2E test for internal LoadBalancer Annotations [#1353](https://github.com/openshift/cluster-ingress-operator/pull/1353)
* [OCPBUGS-64565](https://issues.redhat.com/browse/OCPBUGS-64565), [OCPBUGS-9037](https://issues.redhat.com/browse/OCPBUGS-9037): Ensure canary cert matches the default ingress controller's cert [#1334](https://github.com/openshift/cluster-ingress-operator/pull/1334)
* [NE-2395](https://issues.redhat.com/browse/NE-2395): Fix e2e tests to work on platforms with unmanaged DNS [#1342](https://github.com/openshift/cluster-ingress-operator/pull/1342)
* [NE-2374](https://issues.redhat.com/browse/NE-2374): Add e2e test for Gateway API infrastructure annotations [#1331](https://github.com/openshift/cluster-ingress-operator/pull/1331)
* [NE-2435](https://issues.redhat.com/browse/NE-2435): Bump Gateway API CRDs to v1.4.1 [#1343](https://github.com/openshift/cluster-ingress-operator/pull/1343)
* [OCPBUGS-16728](https://issues.redhat.com/browse/OCPBUGS-16728): Require Service Deletion for LB Type Updates [#1142](https://github.com/openshift/cluster-ingress-operator/pull/1142)
* NO-JIRA: add jcmoraisjr to owners [#1346](https://github.com/openshift/cluster-ingress-operator/pull/1346)
* [OKD-259](https://issues.redhat.com/browse/OKD-259): Bump openshift/api and add support for OKD featureset specific CRDs [#1324](https://github.com/openshift/cluster-ingress-operator/pull/1324)
* [OCPBUGS-65482](https://issues.redhat.com/browse/OCPBUGS-65482): Add e2e test for secure redirect port stripping [#1316](https://github.com/openshift/cluster-ingress-operator/pull/1316)
* [NE-1743](https://issues.redhat.com/browse/NE-1743): Add documentation for pre-release script for OSSM testing [#1315](https://github.com/openshift/cluster-ingress-operator/pull/1315)
* [OCPBUGS-70212](https://issues.redhat.com/browse/OCPBUGS-70212): testGatewayAPIDNS: Fix nil gateway in cleanup [#1330](https://github.com/openshift/cluster-ingress-operator/pull/1330)
* [OCPBUGS-70211](https://issues.redhat.com/browse/OCPBUGS-70211): Fix logging for unmanaged controllers [#1329](https://github.com/openshift/cluster-ingress-operator/pull/1329)
* [OCPBUGS-69954](https://issues.redhat.com/browse/OCPBUGS-69954): Updating ose-cluster-ingress-operator-container image to be consistent with ART for 4.22 [#1328](https://github.com/openshift/cluster-ingress-operator/pull/1328)
* [OCPBUGS-65939](https://issues.redhat.com/browse/OCPBUGS-65939): Update command to get Konflux index image [#1325](https://github.com/openshift/cluster-ingress-operator/pull/1325)
* [OSSM-10865](https://issues.redhat.com/browse/OSSM-10865): set trustBundleName in Istio global values [#1288](https://github.com/openshift/cluster-ingress-operator/pull/1288)
* [CORS-4229](https://issues.redhat.com/browse/CORS-4229): Revert "dns/gcp: Allow configuring custom endpoints" [#1302](https://github.com/openshift/cluster-ingress-operator/pull/1302)
* [OCPBUGS-61858](https://issues.redhat.com/browse/OCPBUGS-61858): Implement HTTPKeepAliveTimeout tuning option [#1297](https://github.com/openshift/cluster-ingress-operator/pull/1297)
* [CORS-4174](https://issues.redhat.com/browse/CORS-4174): Azure: Add Ingress LB IPs to Infra CR when in-cluster DNS is enabled [#1256](https://github.com/openshift/cluster-ingress-operator/pull/1256)
* [OCPBUGS-60885](https://issues.redhat.com/browse/OCPBUGS-60885): Implement ClosedClientConnectionPolicy field [#1307](https://github.com/openshift/cluster-ingress-operator/pull/1307)
* [NE-2203](https://issues.redhat.com/browse/NE-2203): Add PrometheusRule for Gateway API [#1300](https://github.com/openshift/cluster-ingress-operator/pull/1300)
* [NE-2233](https://issues.redhat.com/browse/NE-2233): Bump to OSSM 3.2.0 and Istio 1.27.3 [#1306](https://github.com/openshift/cluster-ingress-operator/pull/1306)
* [NE-2161](https://issues.redhat.com/browse/NE-2161): Fix Gateway API CRD metadata updates during operator upgrades [#1309](https://github.com/openshift/cluster-ingress-operator/pull/1309)
* [OCPBUGS-64675](https://issues.redhat.com/browse/OCPBUGS-64675): Fix variable shadowing in testGatewayAPIDNS e2e [#1304](https://github.com/openshift/cluster-ingress-operator/pull/1304)
* [NE-2161](https://issues.redhat.com/browse/NE-2161): Bump Gateway API CRDs to v1.3.0 [#1303](https://github.com/openshift/cluster-ingress-operator/pull/1303)
* [OCPBUGS-61508](https://issues.redhat.com/browse/OCPBUGS-61508): IngressOperator not exposing some metrics for degraded… [#1290](https://github.com/openshift/cluster-ingress-operator/pull/1290)
* [NE-1334](https://issues.redhat.com/browse/NE-1334): Enhancement to add operator channel when creating gatewayclass [#1301](https://github.com/openshift/cluster-ingress-operator/pull/1301)
* [NE-1334](https://issues.redhat.com/browse/NE-1334): Enhancement to add brew and stage secrets for pre-release image testing [#1291](https://github.com/openshift/cluster-ingress-operator/pull/1291)
* [OCPBUGS-43919](https://issues.redhat.com/browse/OCPBUGS-43919): desiredWildcardDNSRecord: Check for nil LB field [#1189](https://github.com/openshift/cluster-ingress-operator/pull/1189)
* [OCPBUGS-62400](https://issues.redhat.com/browse/OCPBUGS-62400): Updating ose-cluster-ingress-operator-container image to be consistent with ART for 4.21 [#1286](https://github.com/openshift/cluster-ingress-operator/pull/1286)
* [NE-1334](https://issues.redhat.com/browse/NE-1334): Script to install ossm pre-release operator and run GWAPI e2e tests [#1283](https://github.com/openshift/cluster-ingress-operator/pull/1283)
* [OCPBUGS-55649](https://issues.redhat.com/browse/OCPBUGS-55649): Remove SetEIPForNLBIngressController feature gate [#1280](https://github.com/openshift/cluster-ingress-operator/pull/1280)
* [OCPBUGS-55673](https://issues.redhat.com/browse/OCPBUGS-55673): Remove IngressControllerLBSubnetsAWS featuregate [#1242](https://github.com/openshift/cluster-ingress-operator/pull/1242)
* NO-JIRA: Add bentito (btofel@redhat.com) to OWNERS [#1281](https://github.com/openshift/cluster-ingress-operator/pull/1281)
* [NE-2139](https://issues.redhat.com/browse/NE-2139): Kubernetes to 1.33.4 and controller-runtime to 0.21 [#1279](https://github.com/openshift/cluster-ingress-operator/pull/1279)
* NO-JIRA: Add davidesalerno to OWNERS [#1278](https://github.com/openshift/cluster-ingress-operator/pull/1278)
* [OCPBUGS-60859](https://issues.redhat.com/browse/OCPBUGS-60859): Fix logic on gatewayapi test cleanup [#1273](https://github.com/openshift/cluster-ingress-operator/pull/1273)
* [OCPBUGS-53432](https://issues.redhat.com/browse/OCPBUGS-53432): deflake TestIngressControllerCustomEndpoints by proper waiting for CCM to be ready [#1267](https://github.com/openshift/cluster-ingress-operator/pull/1267)
* [OCPBUGS-59139](https://issues.redhat.com/browse/OCPBUGS-59139): Increase assertExpectedDNSRecords timeouts [#1271](https://github.com/openshift/cluster-ingress-operator/pull/1271)
* [NE-2066](https://issues.redhat.com/browse/NE-2066): Set degraded=true when OSSM 3 can't be installed [#1268](https://github.com/openshift/cluster-ingress-operator/pull/1268)
* [OCPBUGS-60620](https://issues.redhat.com/browse/OCPBUGS-60620): e2e: Deflake tests by using ReplicaSet for test workload [#1262](https://github.com/openshift/cluster-ingress-operator/pull/1262)
* [OCPBUGS-54966](https://issues.redhat.com/browse/OCPBUGS-54966): Improve detection of missing DNSRecord for Gateway [#1212](https://github.com/openshift/cluster-ingress-operator/pull/1212)
* [OCPBUGS-60302](https://issues.redhat.com/browse/OCPBUGS-60302): e2e - Reduce flakiness in testGatewayAPIResourcesProtection [#1265](https://github.com/openshift/cluster-ingress-operator/pull/1265)
* [NE-2096](https://issues.redhat.com/browse/NE-2096): Bump to OSSM 3.1.0 and Istio 1.26.2 [#1257](https://github.com/openshift/cluster-ingress-operator/pull/1257)
* NO-JIRA: Add rikatz to OWNERS [#1259](https://github.com/openshift/cluster-ingress-operator/pull/1259)
* [OCPBUGS-59894](https://issues.redhat.com/browse/OCPBUGS-59894): Update GatewayAPI test to check if deployment has 1 or more pod [#1250](https://github.com/openshift/cluster-ingress-operator/pull/1250)
* [NE-2108](https://issues.redhat.com/browse/NE-2108): docs - correct Istio version format in ossm-overrides.md [#1253](https://github.com/openshift/cluster-ingress-operator/pull/1253)
* [NE-2108](https://issues.redhat.com/browse/NE-2108): Add OSSM channel and version override annotations [#1246](https://github.com/openshift/cluster-ingress-operator/pull/1246)
* [NE-2104](https://issues.redhat.com/browse/NE-2104): desiredIstio: Enable GIE if InferencePool found [#1245](https://github.com/openshift/cluster-ingress-operator/pull/1245)
* [OCPBUGS-59839](https://issues.redhat.com/browse/OCPBUGS-59839): desiredIstio: Delete trustBundleName [#1243](https://github.com/openshift/cluster-ingress-operator/pull/1243)
* [NE-2022](https://issues.redhat.com/browse/NE-2022): Bump to OSSM 3.0.1 and Istio 1.24.4 [#1227](https://github.com/openshift/cluster-ingress-operator/pull/1227)
* [OCPBUGS-58358](https://issues.redhat.com/browse/OCPBUGS-58358): desiredIstio: Do not enable a default PDB [#1240](https://github.com/openshift/cluster-ingress-operator/pull/1240)
* [OCPBUGS-57728](https://issues.redhat.com/browse/OCPBUGS-57728): Updating ose-cluster-ingress-operator-container image to be consistent with ART for 4.20 [#1236](https://github.com/openshift/cluster-ingress-operator/pull/1236)
* [OCPBUGS-55652](https://issues.redhat.com/browse/OCPBUGS-55652): Removed PrivateHostedZoneAWS from component [#1230](https://github.com/openshift/cluster-ingress-operator/pull/1230)
* [OCPBUGS-54745](https://issues.redhat.com/browse/OCPBUGS-54745): status: Conditionally add CRDs to relatedObjects [#1217](https://github.com/openshift/cluster-ingress-operator/pull/1217)
* [OCPBUGS-55317](https://issues.redhat.com/browse/OCPBUGS-55317): Check capabilities before watching OLM resource [#1232](https://github.com/openshift/cluster-ingress-operator/pull/1232)
* [CNTRLPLANE-112](https://issues.redhat.com/browse/CNTRLPLANE-112): Remove ARO HCP MIv2 Authentication for Ingress Operator [#1222](https://github.com/openshift/cluster-ingress-operator/pull/1222)
* [CNTRLPLANE-112](https://issues.redhat.com/browse/CNTRLPLANE-112): Add new Azure authentication type for managed Azure HCP for cluster-ingress [#1191](https://github.com/openshift/cluster-ingress-operator/pull/1191)
* [NE-2009](https://issues.redhat.com/browse/NE-2009): Relax pod bound validating admission rule for HyperShift [#1221](https://github.com/openshift/cluster-ingress-operator/pull/1221)
* [NE-1969](https://issues.redhat.com/browse/NE-1969): Set Degraded=True if unmanaged Gateway API CRDs exist [#1205](https://github.com/openshift/cluster-ingress-operator/pull/1205)
* [NE-1957](https://issues.redhat.com/browse/NE-1957): Add Gateway API DNS Feature e2e tests [#1213](https://github.com/openshift/cluster-ingress-operator/pull/1213)
* [OCPBUGS-54650](https://issues.redhat.com/browse/OCPBUGS-54650), [OCPBUGS-54651](https://issues.redhat.com/browse/OCPBUGS-54651), [OCPBUGS-54652](https://issues.redhat.com/browse/OCPBUGS-54652): desiredSubscription: Specify annotations and SCC [#1214](https://github.com/openshift/cluster-ingress-operator/pull/1214)
* [NE-2009](https://issues.redhat.com/browse/NE-2009): Move VAP to Default featureset [#1216](https://github.com/openshift/cluster-ingress-operator/pull/1216)
* [OCPBUGS-54568](https://issues.redhat.com/browse/OCPBUGS-54568): desiredIstio: Specify priorityClassName [#1211](https://github.com/openshift/cluster-ingress-operator/pull/1211)
* [OCPBUGS-53424](https://issues.redhat.com/browse/OCPBUGS-53424): Wait for install plans to enter the "Requires Approval" phase before approving them [#1203](https://github.com/openshift/cluster-ingress-operator/pull/1203)
* [NE-2008](https://issues.redhat.com/browse/NE-2008): Add GRPC conformance tests [#1208](https://github.com/openshift/cluster-ingress-operator/pull/1208)
* [NE-1277](https://issues.redhat.com/browse/NE-1277): status: Add Gateway API objects to relatedObjects [#933](https://github.com/openshift/cluster-ingress-operator/pull/933)
* [NE-1994](https://issues.redhat.com/browse/NE-1994): Add E2E test for Istio manual deployment [#1204](https://github.com/openshift/cluster-ingress-operator/pull/1204)
* [NE-1969](https://issues.redhat.com/browse/NE-1969): Add "v1" version to OpenShift GatewayClass controller name [#1202](https://github.com/openshift/cluster-ingress-operator/pull/1202)
* [NE-1934](https://issues.redhat.com/browse/NE-1934): Bump to OSSM 3.0 for Gateway API support [#1152](https://github.com/openshift/cluster-ingress-operator/pull/1152)
* [CORS-3907](https://issues.redhat.com/browse/CORS-3907): Update ingress operator to with custom endpoints [#1197](https://github.com/openshift/cluster-ingress-operator/pull/1197)
* [NE-1953](https://issues.redhat.com/browse/NE-1953): Add experimental Gateway API group to Validating Admission Policy [#1200](https://github.com/openshift/cluster-ingress-operator/pull/1200)
* [NE-1907](https://issues.redhat.com/browse/NE-1907): Manage OSSM operator subscription manually to ensure a compatible version is installed [#1112](https://github.com/openshift/cluster-ingress-operator/pull/1112)
* [NE-1981](https://issues.redhat.com/browse/NE-1981): Move controller test helpers to dedicated package [#1199](https://github.com/openshift/cluster-ingress-operator/pull/1199)
* [NE-1953](https://issues.redhat.com/browse/NE-1953): Add Validating Admission Policy for Gateway API CRDs [#1192](https://github.com/openshift/cluster-ingress-operator/pull/1192)
* [NE-1954](https://issues.redhat.com/browse/NE-1954): Implement GatewayAPIController feature gate [#1198](https://github.com/openshift/cluster-ingress-operator/pull/1198)
* [NE-1936](https://issues.redhat.com/browse/NE-1936): Bump k8s.io dependencies to v0.32.1 [#1184](https://github.com/openshift/cluster-ingress-operator/pull/1184)
* [OCPBUGS-31550](https://issues.redhat.com/browse/OCPBUGS-31550): Gateway API - recreating SMCP which breaks Gateway API [#1115](https://github.com/openshift/cluster-ingress-operator/pull/1115)
* [OCPBUGS-32776](https://issues.redhat.com/browse/OCPBUGS-32776): Fix IBM Public Cloud DNS Provider Update Logic [#1133](https://github.com/openshift/cluster-ingress-operator/pull/1133)
* [OCPBUGS-48780](https://issues.redhat.com/browse/OCPBUGS-48780): Fix IBMCloud DNS Propagation Issues in E2E [#1164](https://github.com/openshift/cluster-ingress-operator/pull/1164)
* [OCPBUGS-43745](https://issues.redhat.com/browse/OCPBUGS-43745): Skip Test_IdleConnectionTerminationPolicyDeferred when DCM feature gate is enabled [#1186](https://github.com/openshift/cluster-ingress-operator/pull/1186)
* [NE-1260](https://issues.redhat.com/browse/NE-1260): Add Makefile target to run Gateway API conformance tests [#1176](https://github.com/openshift/cluster-ingress-operator/pull/1176)
* [OCPBUGS-43745](https://issues.redhat.com/browse/OCPBUGS-43745): Add support for IdleCloseTerminationPolicy (Go http.Client) [#1182](https://github.com/openshift/cluster-ingress-operator/pull/1182)
* [OCPBUGS-45585](https://issues.redhat.com/browse/OCPBUGS-45585): Updating ose-cluster-ingress-operator-container image to be consistent with ART for 4.19 [#1173](https://github.com/openshift/cluster-ingress-operator/pull/1173)
* [OCPBUGS-41892](https://issues.redhat.com/browse/OCPBUGS-41892): Single Watch on GWAPI CRD [#1165](https://github.com/openshift/cluster-ingress-operator/pull/1165)
* [NE-1790](https://issues.redhat.com/browse/NE-1790): Follow up to enable Dynamic Configuration Manager feature gate [#1174](https://github.com/openshift/cluster-ingress-operator/pull/1174)
* [SPLAT-1722](https://issues.redhat.com/browse/SPLAT-1722): Remove alibaba [#1111](https://github.com/openshift/cluster-ingress-operator/pull/1111)
* [CORS-3755](https://issues.redhat.com/browse/CORS-3755): AWS: Add Ingress LB IPs to Infra CR when in-cluster DNS is enabled [#1167](https://github.com/openshift/cluster-ingress-operator/pull/1167)
* [NE-1790](https://issues.redhat.com/browse/NE-1790): Enable Dynamic Configuration Manager feature gate [#1159](https://github.com/openshift/cluster-ingress-operator/pull/1159)
* [OSASINFRA-3642](https://issues.redhat.com/browse/OSASINFRA-3642): openstack: support setting external LB floating IP [#1147](https://github.com/openshift/cluster-ingress-operator/pull/1147)
* [HOSTEDCP-2031](https://issues.redhat.com/browse/HOSTEDCP-2031): Use Client Certificate Authentication for ARO HCP deployments [#1151](https://github.com/openshift/cluster-ingress-operator/pull/1151)
* [OCPBUGS-43412](https://issues.redhat.com/browse/OCPBUGS-43412): Bump to k8s.io v0.31.1 (and deps) [#1156](https://github.com/openshift/cluster-ingress-operator/pull/1156)
* [NE-1716](https://issues.redhat.com/browse/NE-1716): Bump Gateway API to v1.0.0 and OSSM to v2.6 [#1163](https://github.com/openshift/cluster-ingress-operator/pull/1163)
* [CFE-1134](https://issues.redhat.com/browse/CFE-1134): Watch infrastructure and update AWS tags [#1148](https://github.com/openshift/cluster-ingress-operator/pull/1148)
* [OCPBUGS-43033](https://issues.redhat.com/browse/OCPBUGS-43033): e2e/ingress_dns: support both private & public [#1153](https://github.com/openshift/cluster-ingress-operator/pull/1153)
* [OCPBUGS-37932](https://issues.redhat.com/browse/OCPBUGS-37932): Always log AWS service endpoints [#1137](https://github.com/openshift/cluster-ingress-operator/pull/1137)
* [OCPBUGS-36340](https://issues.redhat.com/browse/OCPBUGS-36340): Retry IngressController and Route updates in E2E tests [#1116](https://github.com/openshift/cluster-ingress-operator/pull/1116)
* [OCPBUGS-42004](https://issues.redhat.com/browse/OCPBUGS-42004): Set the MI client ID for the ARO HCP override [#1144](https://github.com/openshift/cluster-ingress-operator/pull/1144)
* [AUTH-482](https://issues.redhat.com/browse/AUTH-482): set required-scc for openshift workloads [#1031](https://github.com/openshift/cluster-ingress-operator/pull/1031)
* [OCPBUGS-36044](https://issues.redhat.com/browse/OCPBUGS-36044): Bump IBM/go-sdk-core to v5.17.4 [#1120](https://github.com/openshift/cluster-ingress-operator/pull/1120)
* [OCPBUGS-41527](https://issues.redhat.com/browse/OCPBUGS-41527): Add tolerations to survive scheduler taint manager e2e tests on workers [#1143](https://github.com/openshift/cluster-ingress-operator/pull/1143)
* [OCPBUGS-41112](https://issues.redhat.com/browse/OCPBUGS-41112): Updating ose-cluster-ingress-operator-container image to be consistent with ART for 4.18 [#1140](https://github.com/openshift/cluster-ingress-operator/pull/1140)
* [OCPBUGS-39151](https://issues.redhat.com/browse/OCPBUGS-39151): Add Missing Scope Change Instructions [#1135](https://github.com/openshift/cluster-ingress-operator/pull/1135)
* [OCPBUGS-38871](https://issues.redhat.com/browse/OCPBUGS-38871): ingress: deployment: explicitly set DeploymentStrategy in SingleReplica case [#1134](https://github.com/openshift/cluster-ingress-operator/pull/1134)
* [OCPBUGS-37491](https://issues.redhat.com/browse/OCPBUGS-37491): Ingress operator status not degraded when canary route fails [#1125](https://github.com/openshift/cluster-ingress-operator/pull/1125)
* [OCPBUGS-38217](https://issues.redhat.com/browse/OCPBUGS-38217): Clear LB Status Parameters on LB Type Change [#1126](https://github.com/openshift/cluster-ingress-operator/pull/1126)
* [OCPBUGS-34418](https://issues.redhat.com/browse/OCPBUGS-34418): Allow router pods to use the "restricted" SCC [#1064](https://github.com/openshift/cluster-ingress-operator/pull/1064)
* [OCPBUGS-38441](https://issues.redhat.com/browse/OCPBUGS-38441): Resolve DNS Resolution CI Flakes in Subnets and EIP E2E [#1127](https://github.com/openshift/cluster-ingress-operator/pull/1127)
* [OCPBUGS-38079](https://issues.redhat.com/browse/OCPBUGS-38079): Bump controller-runtime to v0.18.4 [#1122](https://github.com/openshift/cluster-ingress-operator/pull/1122)
* [NE-1798](https://issues.redhat.com/browse/NE-1798): API bump for promotion of eipAllocation from feature gates to GA. [#1118](https://github.com/openshift/cluster-ingress-operator/pull/1118)
* [NE-1688](https://issues.redhat.com/browse/NE-1688): Enable Azure MSI authentication for ARO HCP [#1119](https://github.com/openshift/cluster-ingress-operator/pull/1119)
* [NE-1674](https://issues.redhat.com/browse/NE-1674): Add LB EIP Allocation for AWS [#1109](https://github.com/openshift/cluster-ingress-operator/pull/1109)
* [NE-1531](https://issues.redhat.com/browse/NE-1531): Fix Initialization of NLB Status Parameters [#1114](https://github.com/openshift/cluster-ingress-operator/pull/1114)
* [NE-1531](https://issues.redhat.com/browse/NE-1531): AWS Subnet Selection [#1046](https://github.com/openshift/cluster-ingress-operator/pull/1046)
* [NE-1273](https://issues.redhat.com/browse/NE-1273): Add a watch to the ingress operator so it will recreate the gwapi crds [#1106](https://github.com/openshift/cluster-ingress-operator/pull/1106)
* [OCPBUGS-37627](https://issues.redhat.com/browse/OCPBUGS-37627): Fix getRouteHost error handling [#1110](https://github.com/openshift/cluster-ingress-operator/pull/1110)
* [NE-1208](https://issues.redhat.com/browse/NE-1208): Gateway API E2E Testing [#1023](https://github.com/openshift/cluster-ingress-operator/pull/1023)
* [OCPBUGS-31664](https://issues.redhat.com/browse/OCPBUGS-31664): Fix SyncLoadBalancerFailed status message of IngressController [#1102](https://github.com/openshift/cluster-ingress-operator/pull/1102)
* [OCPBUGS-36465](https://issues.redhat.com/browse/OCPBUGS-36465): Delete and recreate canary route to clear spec.host [#1095](https://github.com/openshift/cluster-ingress-operator/pull/1095)
* [OCPBUGS-34413](https://issues.redhat.com/browse/OCPBUGS-34413): Refine logging for accurate infra CR status updates [#1103](https://github.com/openshift/cluster-ingress-operator/pull/1103)
* [OCPBUGS-35342](https://issues.redhat.com/browse/OCPBUGS-35342): Add e2e test for connect timeout [#1084](https://github.com/openshift/cluster-ingress-operator/pull/1084)
* NO-JIRA: Add grzpiotrowski to OWNERS [#1090](https://github.com/openshift/cluster-ingress-operator/pull/1090)
* NO-JIRA: addowner-Thealisyed [#1091](https://github.com/openshift/cluster-ingress-operator/pull/1091)
* [OCPBUGS-35356](https://issues.redhat.com/browse/OCPBUGS-35356): Retry IngressController updates in router status E2E [#1085](https://github.com/openshift/cluster-ingress-operator/pull/1085)
* [OCPBUGS-9037](https://issues.redhat.com/browse/OCPBUGS-9037): Change Canary to use passthrough route [#978](https://github.com/openshift/cluster-ingress-operator/pull/978)
* [OCPBUGS-35368](https://issues.redhat.com/browse/OCPBUGS-35368): Add Regexp Anchor to TestAll [#1087](https://github.com/openshift/cluster-ingress-operator/pull/1087)
* [OCPBUGS-23221](https://issues.redhat.com/browse/OCPBUGS-23221): internalServiceChanged: Fix target port logic [#1052](https://github.com/openshift/cluster-ingress-operator/pull/1052)
* [OCPBUGS-34262](https://issues.redhat.com/browse/OCPBUGS-34262): Updating ose-cluster-ingress-operator-container image to be consistent with ART for 4.17 [#1067](https://github.com/openshift/cluster-ingress-operator/pull/1067)
* [NE-1400](https://issues.redhat.com/browse/NE-1400): Bump to OSSM 2.5 and Gateway API v0.6.2 CRDs [#1018](https://github.com/openshift/cluster-ingress-operator/pull/1018)
* [OCPBUGS-33792](https://issues.redhat.com/browse/OCPBUGS-33792): Bump openshift/library-go to resolve NewPrometheusClient E2E failures [#1054](https://github.com/openshift/cluster-ingress-operator/pull/1054)
* [OCPBUGS-32887](https://issues.redhat.com/browse/OCPBUGS-32887): Allow operator to update Route spec.subdomain [#1047](https://github.com/openshift/cluster-ingress-operator/pull/1047)
* [OCPBUGS-32942](https://issues.redhat.com/browse/OCPBUGS-32942): Bump controller-runtime to v0.17.3 [#1050](https://github.com/openshift/cluster-ingress-operator/pull/1050)
* [OCPBUGS-28673](https://issues.redhat.com/browse/OCPBUGS-28673): implement connect timeout tuning option [#1035](https://github.com/openshift/cluster-ingress-operator/pull/1035)
* [NE-1317](https://issues.redhat.com/browse/NE-1317): manifests - add ingress capability annotation [#950](https://github.com/openshift/cluster-ingress-operator/pull/950)
* [OCPBUGS-32371](https://issues.redhat.com/browse/OCPBUGS-32371): Bump openshift/api, and update CRD generation [#1045](https://github.com/openshift/cluster-ingress-operator/pull/1045)
* [OCPBUGS-25193](https://issues.redhat.com/browse/OCPBUGS-25193): Add vnet subnet read and join permission for azure [#1029](https://github.com/openshift/cluster-ingress-operator/pull/1029)
* [OCPBUGS-30834](https://issues.redhat.com/browse/OCPBUGS-30834): Update to go 1.21 [#1040](https://github.com/openshift/cluster-ingress-operator/pull/1040)
* [OCPBUGS-31722](https://issues.redhat.com/browse/OCPBUGS-31722): Use centos7 tag for quay.io/centos7/httpd-24-centos7 image [#1037](https://github.com/openshift/cluster-ingress-operator/pull/1037)
* [OCPBUGS-3522](https://issues.redhat.com/browse/OCPBUGS-3522): Include recent errors in canary checks fail [#865](https://github.com/openshift/cluster-ingress-operator/pull/865)
* [OCPBUGS-30091](https://issues.redhat.com/browse/OCPBUGS-30091): TestHostNetworkPortBinding: Delete t.Parallel() [#1032](https://github.com/openshift/cluster-ingress-operator/pull/1032)
* [CFE-987](https://issues.redhat.com/browse/CFE-987): Use RouterExternalCertificate feature gate for adding ROUTER_ENABLE_EXTERNAL_CERTIFICATE env var to the router pods [#1017](https://github.com/openshift/cluster-ingress-operator/pull/1017)
* [CORS-2317](https://issues.redhat.com/browse/CORS-2317): Add Ingress LB IPs to Infra CR and set DNS unmanaged when BYO DNS is enabled [#1016](https://github.com/openshift/cluster-ingress-operator/pull/1016)
* [OCPBUGS-28596](https://issues.redhat.com/browse/OCPBUGS-28596): Updating ose-cluster-ingress-operator-container image to be consistent with ART for 4.16 [#1020](https://github.com/openshift/cluster-ingress-operator/pull/1020)
* [OCPBUGS-28230](https://issues.redhat.com/browse/OCPBUGS-28230): add FallbackToLogsOnError for easier debugging [#1019](https://github.com/openshift/cluster-ingress-operator/pull/1019)
* [NE-1490](https://issues.redhat.com/browse/NE-1490): update to go v1.20 [#1012](https://github.com/openshift/cluster-ingress-operator/pull/1012)
* [OCPBUGS-15253](https://issues.redhat.com/browse/OCPBUGS-15253): Include namespace in prometheus alerts IngressWithoutClassName and UnmanagedRoutes [#980](https://github.com/openshift/cluster-ingress-operator/pull/980)
* [CCO-249](https://issues.redhat.com/browse/CCO-249): Replace GCP role with explicit permissions [#844](https://github.com/openshift/cluster-ingress-operator/pull/844)
* [OCPBUGS-25006](https://issues.redhat.com/browse/OCPBUGS-25006): Updating ose-cluster-ingress-operator-container image to be consistent with ART [#1006](https://github.com/openshift/cluster-ingress-operator/pull/1006)
* [OCPBUGS-24531](https://issues.redhat.com/browse/OCPBUGS-24531): Revert " OCPBUGS-24531 Skip CI for scope change until OCPBUGS-24044 is resolved" [#1011](https://github.com/openshift/cluster-ingress-operator/pull/1011)
* [OCPBUGS-24531](https://issues.redhat.com/browse/OCPBUGS-24531): Revert "Merge pull request #1007 from candita/OCPBUGS-24531-SkipScopeChangeTest" and add changes to skip test only for Azure and GCP [#1008](https://github.com/openshift/cluster-ingress-operator/pull/1008)
* [OCPBUGS-24531](https://issues.redhat.com/browse/OCPBUGS-24531): Skip CI for scope change until OCPBUGS-24044 is resolved [#1007](https://github.com/openshift/cluster-ingress-operator/pull/1007)
* [OCPVE-780](https://issues.redhat.com/browse/OCPVE-780): annotate credentials request manifests [#995](https://github.com/openshift/cluster-ingress-operator/pull/995)
* [OCPBUGS-23742](https://issues.redhat.com/browse/OCPBUGS-23742): Bump controller-runtime to v0.16.3 [#1001](https://github.com/openshift/cluster-ingress-operator/pull/1001)
* [NE-1402](https://issues.redhat.com/browse/NE-1402): Add service endpoint override capability to IBM DNS provider [#990](https://github.com/openshift/cluster-ingress-operator/pull/990)
* [OCPBUGS-16762](https://issues.redhat.com/browse/OCPBUGS-16762): Revert "OCPBUGS-16762: Bump openshift/api for container.maxLength fix" [#982](https://github.com/openshift/cluster-ingress-operator/pull/982)
* [OCPBUGS-14994](https://issues.redhat.com/browse/OCPBUGS-14994): Don't add clientca-configmap finalizer if deleting [#948](https://github.com/openshift/cluster-ingress-operator/pull/948)
* [OCPBUGS-22020](https://issues.redhat.com/browse/OCPBUGS-22020): Bump golang.org/x/net for CVE-2023-44487 [#985](https://github.com/openshift/cluster-ingress-operator/pull/985)
* [OCPBUGS-21803](https://issues.redhat.com/browse/OCPBUGS-21803): test/e2e: Add test case for 2000000 maxConnections [#983](https://github.com/openshift/cluster-ingress-operator/pull/983)
* [OCPBUGS-20192](https://issues.redhat.com/browse/OCPBUGS-20192): Require non-readonly filesystem in router container [#981](https://github.com/openshift/cluster-ingress-operator/pull/981)
* [OCPBUGS-16762](https://issues.redhat.com/browse/OCPBUGS-16762): Bump openshift/api for container.maxLength fix [#979](https://github.com/openshift/cluster-ingress-operator/pull/979)
* [OCPBUGS-3541](https://issues.redhat.com/browse/OCPBUGS-3541): Don't create route metrics for ingress controllers that are not admitted [#869](https://github.com/openshift/cluster-ingress-operator/pull/869)
* [OCPBUGS-18248](https://issues.redhat.com/browse/OCPBUGS-18248): Prevent GatewayClass from getting recreated [#975](https://github.com/openshift/cluster-ingress-operator/pull/975)
* [OCPBUGS-19268](https://issues.redhat.com/browse/OCPBUGS-19268): Updating ose-cluster-ingress-operator images to be consistent with ART [#977](https://github.com/openshift/cluster-ingress-operator/pull/977)
* [OCPBUGS-15900](https://issues.redhat.com/browse/OCPBUGS-15900): TestMTLSWithCRLs: only try to parse HTTP status code from curl output when stdout is long enough. [#973](https://github.com/openshift/cluster-ingress-operator/pull/973)
* [OCPBUGS-3356](https://issues.redhat.com/browse/OCPBUGS-3356): E2E test for cookie length truncation [#871](https://github.com/openshift/cluster-ingress-operator/pull/871)
* [OCPBUGS-15978](https://issues.redhat.com/browse/OCPBUGS-15978): Check public DNS zone when reporting status [#967](https://github.com/openshift/cluster-ingress-operator/pull/967)
* [OCPBUGS-17359](https://issues.redhat.com/browse/OCPBUGS-17359): test/e2e: Don't use openshift/origin-node [#970](https://github.com/openshift/cluster-ingress-operator/pull/970)
* [NE-1140](https://issues.redhat.com/browse/NE-1140), [NE-1145](https://issues.redhat.com/browse/NE-1145): Set/delete HTTP request/response headers via IngressController API [#872](https://github.com/openshift/cluster-ingress-operator/pull/872)
* [OCPBUGS-16089](https://issues.redhat.com/browse/OCPBUGS-16089): Set spec.subdomain on the canary route [#965](https://github.com/openshift/cluster-ingress-operator/pull/965)
* [OCPBUGS-14995](https://issues.redhat.com/browse/OCPBUGS-14995): desiredRouterDeployment: Set HostPort if needed [#947](https://github.com/openshift/cluster-ingress-operator/pull/947)
* [OCPBUGS-10875](https://issues.redhat.com/browse/OCPBUGS-10875): gateway-service-dns: Set DNS policy appropriately [#934](https://github.com/openshift/cluster-ingress-operator/pull/934)
* [NE-1244](https://issues.redhat.com/browse/NE-1244): Use permissions instead of the "Contributor" role in Azure CredentialsRequest [#929](https://github.com/openshift/cluster-ingress-operator/pull/929)
* [OCPBUGS-12790](https://issues.redhat.com/browse/OCPBUGS-12790): README: Fix Bugzilla link [#968](https://github.com/openshift/cluster-ingress-operator/pull/968)
* [RFE-3007](https://issues.redhat.com/browse/RFE-3007): Expose option-contstats as an unsupported option [#887](https://github.com/openshift/cluster-ingress-operator/pull/887)
* [NE-1189](https://issues.redhat.com/browse/NE-1189): Refactor Test_desiredLoadBalancerService [#886](https://github.com/openshift/cluster-ingress-operator/pull/886)
* [NE-1187](https://issues.redhat.com/browse/NE-1187): Use t.Run for table-driven tests [#884](https://github.com/openshift/cluster-ingress-operator/pull/884)
* [NE-1183](https://issues.redhat.com/browse/NE-1183): Rename unit tests for specific functions [#880](https://github.com/openshift/cluster-ingress-operator/pull/880)
* [NE-1269](https://issues.redhat.com/browse/NE-1269): Replace bindata using embed [#905](https://github.com/openshift/cluster-ingress-operator/pull/905)
* [RFE-3765](https://issues.redhat.com/browse/RFE-3765): Allow Ingress to Modify the HAProxy Log Length when using a Sidecar [#900](https://github.com/openshift/cluster-ingress-operator/pull/900)
* [OCPBUGS-9274](https://issues.redhat.com/browse/OCPBUGS-9274): canary: Tolerate infra node NoExecute taint [#932](https://github.com/openshift/cluster-ingress-operator/pull/932)
* [OCPBUGS-7546](https://issues.redhat.com/browse/OCPBUGS-7546): Allow only 1 disruption with 3 replicas [#931](https://github.com/openshift/cluster-ingress-operator/pull/931)
* [OCPBUGS-15100](https://issues.redhat.com/browse/OCPBUGS-15100): Fix previous attempt of adding a missing trailing dot to hostname [#956](https://github.com/openshift/cluster-ingress-operator/pull/956)
* [OCPBUGS-14396](https://issues.redhat.com/browse/OCPBUGS-14396): Set controller-runtime logger to a null logger for E2E [#946](https://github.com/openshift/cluster-ingress-operator/pull/946)
* [OCPBUGS-14998](https://issues.redhat.com/browse/OCPBUGS-14998): Only use RoleARN for Route53 API [#951](https://github.com/openshift/cluster-ingress-operator/pull/951)
* [OCPBUGS-15100](https://issues.redhat.com/browse/OCPBUGS-15100): Create valid DNS names for Gateway API on GCP [#949](https://github.com/openshift/cluster-ingress-operator/pull/949)
* [OCPBUGS-13106](https://issues.redhat.com/browse/OCPBUGS-13106): Add ingress controller status logging on waitForIngressControllerCondition [#924](https://github.com/openshift/cluster-ingress-operator/pull/924)
* [OCPBUGS-13190](https://issues.redhat.com/browse/OCPBUGS-13190): Avoid spurious updates for internalTrafficPolicy [#927](https://github.com/openshift/cluster-ingress-operator/pull/927)
* [OCPBUGS-13810](https://issues.redhat.com/browse/OCPBUGS-13810): Update TestAWSELBConnectionIdleTimeout to not use wildcard DNS record [#944](https://github.com/openshift/cluster-ingress-operator/pull/944)
* [NE-1294](https://issues.redhat.com/browse/NE-1294): Add support for AWS shared VPC in another account [#928](https://github.com/openshift/cluster-ingress-operator/pull/928)
* [CCO-318](https://issues.redhat.com/browse/CCO-318): Enable Azure Workload Identity authentication. [#906](https://github.com/openshift/cluster-ingress-operator/pull/906)
* [OCPBUGS-6661](https://issues.redhat.com/browse/OCPBUGS-6661), [OCPBUGS-9464](https://issues.redhat.com/browse/OCPBUGS-9464): Move mTLS CRL handling into the router, and fix accidental duplication of CRLs [#939](https://github.com/openshift/cluster-ingress-operator/pull/939)
* [OCPBUGS-13963](https://issues.redhat.com/browse/OCPBUGS-13963): Bump vendors k8s libraries to 0.27.2 [#936](https://github.com/openshift/cluster-ingress-operator/pull/936)
* Revert "OCPBUGS-6661, OCPBUGS-9464: Move mTLS CRL handling into the router, and fix accidental duplication of CRLs" [#938](https://github.com/openshift/cluster-ingress-operator/pull/938)
* [OCPBUGS-6661](https://issues.redhat.com/browse/OCPBUGS-6661), [OCPBUGS-9464](https://issues.redhat.com/browse/OCPBUGS-9464): Move mTLS CRL handling into the router, and fix accidental duplication of CRLs [#930](https://github.com/openshift/cluster-ingress-operator/pull/930)
* [OCPBUGS-5478](https://issues.redhat.com/browse/OCPBUGS-5478): add UBI based Dockerfile [#925](https://github.com/openshift/cluster-ingress-operator/pull/925)
* [CCO-318](https://issues.redhat.com/browse/CCO-318): Read feature gates for future usage [#908](https://github.com/openshift/cluster-ingress-operator/pull/908)
* [OCPBUGS-12913](https://issues.redhat.com/browse/OCPBUGS-12913): Deflake TestRouterCompressionOperation [#920](https://github.com/openshift/cluster-ingress-operator/pull/920)
* [OCPBUGS-6784](https://issues.redhat.com/browse/OCPBUGS-6784): bump controller-runtime to fix the multi namespace cache indexing [#913](https://github.com/openshift/cluster-ingress-operator/pull/913)
* [OCPBUGS-12579](https://issues.redhat.com/browse/OCPBUGS-12579): Address CVE-2022-41723 [#915](https://github.com/openshift/cluster-ingress-operator/pull/915)
* [OCPBUGS-12790](https://issues.redhat.com/browse/OCPBUGS-12790): Replace Bugzilla link with Red Hat Issue Tracker [#916](https://github.com/openshift/cluster-ingress-operator/pull/916)
* [OCPBUGS-10714](https://issues.redhat.com/browse/OCPBUGS-10714): gatewayclass: Update for OSSM 2.4 API change [#901](https://github.com/openshift/cluster-ingress-operator/pull/901)
* [OCPBUGS-10189](https://issues.redhat.com/browse/OCPBUGS-10189): Updating ose-cluster-ingress-operator images to be consistent with ART [#898](https://github.com/openshift/cluster-ingress-operator/pull/898)
* [OCPBUGS-10846](https://issues.redhat.com/browse/OCPBUGS-10846): Fix TestClientTLS flakes [#904](https://github.com/openshift/cluster-ingress-operator/pull/904)
* [NE-1184](https://issues.redhat.com/browse/NE-1184): Test_desiredHttpErrorCodeConfigMap: Kill dead code and fix format [#881](https://github.com/openshift/cluster-ingress-operator/pull/881)
* [OCPBUGS-4054](https://issues.redhat.com/browse/OCPBUGS-4054): configurable-route: Don't use NewKindWithCache [#860](https://github.com/openshift/cluster-ingress-operator/pull/860)
* [NE-1186](https://issues.redhat.com/browse/NE-1186): Test_getRR: Fix typo: "excepted" → "expected" [#883](https://github.com/openshift/cluster-ingress-operator/pull/883)
* [CORS-2467](https://issues.redhat.com/browse/CORS-2467): dns: azure: use azidentity with an adapter [#846](https://github.com/openshift/cluster-ingress-operator/pull/846)
* [NE-1105](https://issues.redhat.com/browse/NE-1105): Add support for Gateway API [#890](https://github.com/openshift/cluster-ingress-operator/pull/890)
* [OCPBUGS-7424](https://issues.redhat.com/browse/OCPBUGS-7424): Bump vendored k8s libraries to 1.26.1 [#888](https://github.com/openshift/cluster-ingress-operator/pull/888)
* [CFE-679](https://issues.redhat.com/browse/CFE-679): Add user defined tags to the created DNS resources [#874](https://github.com/openshift/cluster-ingress-operator/pull/874)
* [OCPBUGS-6247](https://issues.redhat.com/browse/OCPBUGS-6247): Updating ose-cluster-ingress-operator images to be consistent with ART [#862](https://github.com/openshift/cluster-ingress-operator/pull/862)
* [CORS-2072](https://issues.redhat.com/browse/CORS-2072): GCP - Parse Zone ID with a project ID embedded [#855](https://github.com/openshift/cluster-ingress-operator/pull/855)
* [NE-1092](https://issues.redhat.com/browse/NE-1092): Add proxy protocol support for IBMCloud loadbalancers [#812](https://github.com/openshift/cluster-ingress-operator/pull/812)
* [OCPBUGS-6384](https://issues.redhat.com/browse/OCPBUGS-6384): Address CVE-2022-41717 [#876](https://github.com/openshift/cluster-ingress-operator/pull/876)
* [OCPBUGS-4827](https://issues.redhat.com/browse/OCPBUGS-4827): Add missing AWS permission for ListTagsForResources [#868](https://github.com/openshift/cluster-ingress-operator/pull/868)
* [OCPBUGS-6701](https://issues.redhat.com/browse/OCPBUGS-6701): Avoid spurious updates for scope in IngressClass [#879](https://github.com/openshift/cluster-ingress-operator/pull/879)
* [OCPBUGS-6698](https://issues.redhat.com/browse/OCPBUGS-6698): Fix conflict error message in ensureNodePortService [#877](https://github.com/openshift/cluster-ingress-operator/pull/877)
* [OCPBUGS-6700](https://issues.redhat.com/browse/OCPBUGS-6700): updateIngressClass: Fix log message [#878](https://github.com/openshift/cluster-ingress-operator/pull/878)
* [NE-1124](https://issues.redhat.com/browse/NE-1124): Add support for External platform to CIO [#873](https://github.com/openshift/cluster-ingress-operator/pull/873)
* [OCPBUGS-4573](https://issues.redhat.com/browse/OCPBUGS-4573): Target metrics port by name in internal service [#864](https://github.com/openshift/cluster-ingress-operator/pull/864)
* [OCPBUGS-434](https://issues.redhat.com/browse/OCPBUGS-434): Absorb PodsScheduled condition into MinAvailable [#854](https://github.com/openshift/cluster-ingress-operator/pull/854)
* [OCPBUGS-4759](https://issues.redhat.com/browse/OCPBUGS-4759): Do not manage DNS for an ingresscontroller with domain mismatch in GCP [#866](https://github.com/openshift/cluster-ingress-operator/pull/866)
* [OCPBUGS-4703](https://issues.redhat.com/browse/OCPBUGS-4703): Replace liveness-grace-period-seconds annotation [#863](https://github.com/openshift/cluster-ingress-operator/pull/863)
* [OCPBUGS-3404](https://issues.redhat.com/browse/OCPBUGS-3404): Bump openshift/api for matchExpressions doc fix [#856](https://github.com/openshift/cluster-ingress-operator/pull/856)
* [OPNET-133](https://issues.redhat.com/browse/OPNET-133): Support remote worker [#858](https://github.com/openshift/cluster-ingress-operator/pull/858)
* [OCPBUGS-1725](https://issues.redhat.com/browse/OCPBUGS-1725): Ingress controller should not have affinity policy in single-replica clusters [#810](https://github.com/openshift/cluster-ingress-operator/pull/810)
* [OCPBUGS-1807](https://issues.redhat.com/browse/OCPBUGS-1807): Fix bad `handleSingleNode4Dot11Upgrade` log message [#808](https://github.com/openshift/cluster-ingress-operator/pull/808)
* And 6 elided commits (e.g. from squash or rebase merges)
* [Full changelog](https://github.com/openshift/cluster-ingress-operator/compare/992b43b3cf3e1784bfe8d3083229c7ecb410e7e3...)


### [cluster-kube-apiserver-operator](https://github.com/openshift/cluster-kube-apiserver-operator/tree/)

* [CORS-4363](https://issues.redhat.com/browse/CORS-4363): set bindAddress/bindNetwork for dual-stack clusters [#2079](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2079)
* [CNTRLPLANE-2992](https://issues.redhat.com/browse/CNTRLPLANE-2992): Update CKASO to use a default webhook authenticator secret when authentication type is not `None` [#2074](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2074)
* [OCPBUGS-65626](https://issues.redhat.com/browse/OCPBUGS-65626): update library-go to latest [#2026](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2026)
* [CNTRLPLANE-2223](https://issues.redhat.com/browse/CNTRLPLANE-2223): Migrate TestBoundTokenSignerController to ginkgo [#2067](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2067)
* [CNTRLPLANE-2622](https://issues.redhat.com/browse/CNTRLPLANE-2622): config tls on check-endpoints container [#2058](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2058)
* [OCPBUGS-46086](https://issues.redhat.com/browse/OCPBUGS-46086): Always set service-account-jwks-uri to LB URL even with custom issuer [#1919](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1919)
* [OCPBUGS-78146](https://issues.redhat.com/browse/OCPBUGS-78146): move event-ttl test to its own suite [#2069](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2069)
* [OCPBUGS-78117](https://issues.redhat.com/browse/OCPBUGS-78117): Update the deprecated usage alerts for 1.35 [#2068](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2068)
* [OCPBUGS-77509](https://issues.redhat.com/browse/OCPBUGS-77509): Add support for event-ttl cases and go test cases in Kube API Server Operator [#2060](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2060)
* [OCPSTRAT-2728](https://issues.redhat.com/browse/OCPSTRAT-2728): Rebase 1.35 [#2003](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2003)
* [CNTRLPLANE-2223](https://issues.redhat.com/browse/CNTRLPLANE-2223): Test bound token signer controller fix [#2050](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2050)
* [TRT-2561](https://issues.redhat.com/browse/TRT-2561): Revert #2032 "CNTRLPLANE-2622: config tls on check-endpoints container" [#2057](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2057)
* [CNTRLPLANE-2622](https://issues.redhat.com/browse/CNTRLPLANE-2622): config tls on check-endpoints container [#2032](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2032)
* [CNTRLPLANE-2241](https://issues.redhat.com/browse/CNTRLPLANE-2241): Update library-go to get KMS encryption [#2033](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2033)
* NO-JIRA: Test encryption provider migration [#2028](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2028)
* [OCPBUGS-70298](https://issues.redhat.com/browse/OCPBUGS-70298): remove kube-apiserver user from crb [#2012](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2012)
* [CNTRLPLANE-2247](https://issues.redhat.com/browse/CNTRLPLANE-2247): Adding KMS TestKMSEncryptionOnOff test [#2027](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2027)
* [CNTRLPLANE-2241](https://issues.redhat.com/browse/CNTRLPLANE-2241): Conditionally add the KMS plugin volume mount to the kube-apiserver container [#2015](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2015)
* [CNTRLPLANE-2563](https://issues.redhat.com/browse/CNTRLPLANE-2563): update wording for major upgrades [#2010](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2010)
* [CNTRLPLANE-2648](https://issues.redhat.com/browse/CNTRLPLANE-2648): Migrating user_cors_test to OTE [#2011](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2011)
* [CNTRLPLANE-2247](https://issues.redhat.com/browse/CNTRLPLANE-2247): Add empty KMS encryption test case for CI job validation [#2014](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2014)
* [CNTRLPLANE-2585](https://issues.redhat.com/browse/CNTRLPLANE-2585): Migrating user_client_ca_test to ginkgo [#2008](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2008)
* [OCPBUGS-65807](https://issues.redhat.com/browse/OCPBUGS-65807): SCC: allow image volume type for all SCCs [#1968](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1968)
* [CNTRLPLANE-2492](https://issues.redhat.com/browse/CNTRLPLANE-2492): Migrating user_certs_test to ote [#2005](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2005)
* NO-JIRA:Refactor serviceaccountissuer ginkgo test [#2002](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2002)
* NO-JIRA: clean up the OWNER files [#2001](https://github.com/openshift/cluster-kube-apiserver-operator/pull/2001)
* NO-JIRA: Add API server stabilization wait to serviceaccountissuer tests [#1997](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1997)
* [OCPBUGS-62422](https://issues.redhat.com/browse/OCPBUGS-62422): deps: Update library-go to update pruner [#1994](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1994)
* NO-JIRA: ote: a small cleanup [#1995](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1995)
* [CNTRLPLANE-2286](https://issues.redhat.com/browse/CNTRLPLANE-2286): Migrating serviceaccountissuer test to ote [#1992](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1992)
* [CNTRLPLANE-2280](https://issues.redhat.com/browse/CNTRLPLANE-2280): Migrating deprecated_api_test to ote [#1990](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1990)
* [CNTRLPLANE-2281](https://issues.redhat.com/browse/CNTRLPLANE-2281): Migrating operator_test to ote [#1991](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1991)
* [OCPBUGS-70323](https://issues.redhat.com/browse/OCPBUGS-70323): bump library-go [#1986](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1986)
* [OCPBUGS-69758](https://issues.redhat.com/browse/OCPBUGS-69758): CNTRLPLANE-2222:Migrate go test cert-rotation-tests.go to OTE [#1983](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1983)
* [CNTRLPLANE-2158](https://issues.redhat.com/browse/CNTRLPLANE-2158): Migrating TestTokenRequestAndReview to ginkgo [#1978](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1978)
* NO-JIRA: increases termination timeouts for GCP [#1982](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1982)
* [OCPSTRAT-2728](https://issues.redhat.com/browse/OCPSTRAT-2728): Update k8s version ranges for MutatingAdmissionPolicy [#1980](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1980)
* [CNTRLPLANE-1721](https://issues.redhat.com/browse/CNTRLPLANE-1721): Ote infrastructure only [#1977](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1977)
* [OCPBUGS-65755](https://issues.redhat.com/browse/OCPBUGS-65755): Stop serving VolumeAttributesClass v1beta1 [#1949](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1949)
* [CNTRLPLANE-180](https://issues.redhat.com/browse/CNTRLPLANE-180): check for user-based SCCs causing PSA violations [#1881](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1881)
* [CNTRLPLANE-1724](https://issues.redhat.com/browse/CNTRLPLANE-1724): Refactor OTE to single-module architecture [#1966](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1966)
* [OCPBUGS-62366](https://issues.redhat.com/browse/OCPBUGS-62366): remove beta enablement for resource api [#1923](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1923)
* [OCPBUGS-33013](https://issues.redhat.com/browse/OCPBUGS-33013): deps: Update library-go to update staticpod pkg [#1917](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1917)
* [CNTRLPLANE-1721](https://issues.redhat.com/browse/CNTRLPLANE-1721): Create separate Go module for test extension [#1953](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1953)
* [CNTRLPLANE-1544](https://issues.redhat.com/browse/CNTRLPLANE-1544): scc: Grant authenticated users use of restricted-v3 [#1944](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1944)
* [CNTRLPLANE-1544](https://issues.redhat.com/browse/CNTRLPLANE-1544): Enable user namespace for the operator [#1934](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1934)
* [CNTRLPLANE-1616](https://issues.redhat.com/browse/CNTRLPLANE-1616): add event-ttl config observer [#1938](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1938)
* [CNTRLPLANE-1544](https://issues.redhat.com/browse/CNTRLPLANE-1544): scc: restricted-v3: Fix runAsUser range [#1947](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1947)
* NO-JIRA: Update the deprecated API usage alerts for 1.34 [#1946](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1946)
* [OCPSTRAT-2371](https://issues.redhat.com/browse/OCPSTRAT-2371): Update to Kubernetes v1.34.1 [#1939](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1939)
* [OCPNODE-3758](https://issues.redhat.com/browse/OCPNODE-3758): alpha/beta apis for DRA should not be enabled in 1.34 [#1932](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1932)
* [OCPBUGS-60045](https://issues.redhat.com/browse/OCPBUGS-60045): Bump library-go to latest master [#1928](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1928)
* [OCPBUGS-62450](https://issues.redhat.com/browse/OCPBUGS-62450): Updating ose-cluster-kube-apiserver-operator-container image to be consistent with ART for 4.21 [#1931](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1931)
* NO-JIRA: Add priority field to prevent early shutdown [#1915](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1915)
* NO-ISSUE: Use scrapeClass for service monitors [#1930](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1930)
* [OCPSTRAT-2371](https://issues.redhat.com/browse/OCPSTRAT-2371): MutatingAdmissionPolicy e2es depend on both v1alpha1 and v1beta1 of admissionregistration.k8s.io being served in k8 1.34 [#1927](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1927)
* [OCPBUGS-15430](https://issues.redhat.com/browse/OCPBUGS-15430): move alerting rules from CMO over [#1922](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1922)
* Re-apply "OCPBUGS-57049: certrotation: move test case name outside of AutoRegenerateAfterOfflineExpiry" [#1910](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1910)
* [OCPSTRAT-2371](https://issues.redhat.com/browse/OCPSTRAT-2371): promote MutatingAdmissionPolicy to v1beta1 for > 1.34.0 [#1921](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1921)
* Revert "OCPBUGS-57049: certrotation: move test case name outside of AutoRegenerateAfterOfflineExpiry" [#1907](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1907)
* [OCPBUGS-57049](https://issues.redhat.com/browse/OCPBUGS-57049): certrotation: move test case name outside of AutoRegenerateAfterOfflineExpiry [#1870](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1870)
* [CNTRLPLANE-1248](https://issues.redhat.com/browse/CNTRLPLANE-1248): Add README to test extension [#1904](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1904)
* [OCPBUGS-60628](https://issues.redhat.com/browse/OCPBUGS-60628): certrotation: ensure that all rotated secrets/configmaps have RefreshOnlyWhenExpired set [#1900](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1900)
* [CNTRLPLANE-1248](https://issues.redhat.com/browse/CNTRLPLANE-1248): Standardized scaffolding for tests extension [#1899](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1899)
* [RFE-4153](https://issues.redhat.com/browse/RFE-4153): enabled readonly filesystem [#1864](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1864)
* Revert "Revert "OCPBUGS-56551: certregenerationcontroller: start configInformers again"" [#1891](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1891)
* [CNTRLPLANE-1248](https://issues.redhat.com/browse/CNTRLPLANE-1248): set up openshift-tests-extension and add a sanity test [#1892](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1892)
* [OCPBUGS-55217](https://issues.redhat.com/browse/OCPBUGS-55217): Optimistically update Kube Server and Client CA bundles [#1812](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1812)
* [OCPBUGS-59527](https://issues.redhat.com/browse/OCPBUGS-59527): certrotationcontroller: extend node-system-admin-signer lifetime [#1872](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1872)
* [OCPBUGS-59626](https://issues.redhat.com/browse/OCPBUGS-59626): operator: don't react to events all namespaces [#1874](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1874)
* [OCPNODE-2559](https://issues.redhat.com/browse/OCPNODE-2559): SCC: add nested-podman and restricted-v3 [#1847](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1847)
* NO-JIRA: Add negative tests of GOAWAY-chance [#1882](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1882)
* [OCPBUGS-44842](https://issues.redhat.com/browse/OCPBUGS-44842): Set not-before/not-after annotations [#1873](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1873)
* [OCPBUGS-50489](https://issues.redhat.com/browse/OCPBUGS-50489): Add missing service ports to apiserver service [#1875](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1875)
* [OCPBUGS-58232](https://issues.redhat.com/browse/OCPBUGS-58232): Don't wait for 2 etcd members when the cluster is TNF installed with assisted-installer [#1866](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1866)
* [OCPBUGS-43521](https://issues.redhat.com/browse/OCPBUGS-43521): Set goaway chance to 0.001 [#1863](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1863)
* NO-JIRA: Update the deprecated API usage alerts for 1.33. [#1871](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1871)
* Revert "OCPBUGS-56551: certregenerationcontroller: start configInformers again" [#1869](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1869)
* [CNTRLPLANE-371](https://issues.redhat.com/browse/CNTRLPLANE-371): Update to Kubernetes v1.33.2 [#1849](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1849)
* [OCPBUGS-57811](https://issues.redhat.com/browse/OCPBUGS-57811): Updating ose-cluster-kube-apiserver-operator-container image to be consistent with ART for 4.20 [#1865](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1865)
* [OCPBUGS-58158](https://issues.redhat.com/browse/OCPBUGS-58158): Enable watch termination grace period [#1862](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1862)
* NO-JIRA: Enable watch termination grace period [#1846](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1846)
* [OCPBUGS-56551](https://issues.redhat.com/browse/OCPBUGS-56551): certregenerationcontroller: start configInformers again [#1853](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1853)
* [OCPBUGS-55465](https://issues.redhat.com/browse/OCPBUGS-55465): Stop serving admissionregistration.k8s.io/v1beta1. [#1836](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1836)
* [CNTRLPLANE-79](https://issues.redhat.com/browse/CNTRLPLANE-79): Disable oauth admission plugins [#1810](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1810)
* NO-JIRA: remove unused yaml [#1856](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1856)
* NO-JIRA: Enable MutatingAdmissionPolicy group version [#1854](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1854)
* NO-JIRA: Use new PSS annotation [#1833](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1833)
* [OCPBUGS-55013](https://issues.redhat.com/browse/OCPBUGS-55013): SCC: add hostmount-anyuid-v2 [#1834](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1834)
* [OCPBUGS-43777](https://issues.redhat.com/browse/OCPBUGS-43777): certrotationcontroller: run tests which runs deployment and creates projects - reapply [#1831](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1831)
* [OCPBUGS-52466](https://issues.redhat.com/browse/OCPBUGS-52466): bump library-go to bring in updated audit policies [#1837](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1837)
* [OCPBUGS-55274](https://issues.redhat.com/browse/OCPBUGS-55274): Change validity / refresh for some certs which should not be affected by dev cycle rotation change [#1832](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1832)
* Revert "OCPBUGS-43777: certrotationcontroller: run tests which runs deployment and creates projects" [#1830](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1830)
* [OCPBUGS-43777](https://issues.redhat.com/browse/OCPBUGS-43777): certrotationcontroller: run tests which runs deployment and creates projects [#1759](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1759)
* [CNTRLPLANE-347](https://issues.redhat.com/browse/CNTRLPLANE-347): Issue short lived certificates if ShortCertRotation featuregate is enabled [#1823](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1823)
* [MON-4161](https://issues.redhat.com/browse/MON-4161): add `cluster:controlplane_topology:sum` recording rule [#1829](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1829)
* [MON-4160](https://issues.redhat.com/browse/MON-4160): operator: add topology metrics [#1827](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1827)
* [OCPBUGS-35102](https://issues.redhat.com/browse/OCPBUGS-35102): Bump library-go [#1824](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1824)
* NO-JIRA: readme: describe mapping between operatorLogLevel and log level [#1820](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1820)
* [AUTH-541](https://issues.redhat.com/browse/AUTH-541): OIDC structured auth config [#1760](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1760)
* [OCPNODE-2940](https://issues.redhat.com/browse/OCPNODE-2940): add support for minimumKubeletVersion [#1754](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1754)
* [MON-4129](https://issues.redhat.com/browse/MON-4129): slos: accomodate for Prometheus v3 "le" normalization [#1815](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1815)
* [MON-4129](https://issues.redhat.com/browse/MON-4129): revert https://github.com/openshift/cluster-kube-apiserver-operator/pull/1784 [#1817](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1817)
* NO-ISSUE: Bump TraceAll log level to v=10 [#1814](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1814)
* [OCPBUGS-48673](https://issues.redhat.com/browse/OCPBUGS-48673): targetconfigcontroller: check live etcd endpoints [#1792](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1792)
* [API-1689](https://issues.redhat.com/browse/API-1689): TLS registry: add description [#1763](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1763)
* [OCPBUGS-49980](https://issues.redhat.com/browse/OCPBUGS-49980): change one sum:apiserver_request:burnrate5m to sum:apiserver_request:burnrate6h [#1804](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1804)
* [OCPBUGS-49763](https://issues.redhat.com/browse/OCPBUGS-49763): Disregard health endpoints in the burn rate alerts [#1742](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1742)
* [OCPQE-28167](https://issues.redhat.com/browse/OCPQE-28167): Increase waitForFallbackDegradedConditionTimeout [#1789](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1789)
* [OCPBUGS-49764](https://issues.redhat.com/browse/OCPBUGS-49764): bindata/alerts/slo: improve burnrate calculation [#1744](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1744)
* [OCPBUGS-48686](https://issues.redhat.com/browse/OCPBUGS-48686): bump(library-go) [#1795](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1795)
* [MON-4129](https://issues.redhat.com/browse/MON-4129): adjust Prometheus classic histograms 'le' related selectors in rules defs and relabel config to accommodate the update to Prometheus v3 [#1784](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1784)
* NO-JIRA: alerts: update APIRemovedInNextEUSReleaseInUse for 1.32 [#1794](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1794)
* [CNTRLPLANE-20](https://issues.redhat.com/browse/CNTRLPLANE-20): Update to Kubernetes 1.32.1 [#1791](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1791)
* [OCPBUGS-45654](https://issues.redhat.com/browse/OCPBUGS-45654): Updating ose-cluster-kube-apiserver-operator-container image to be consistent with ART for 4.19 [#1786](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1786)
* [OCPBUGS-48686](https://issues.redhat.com/browse/OCPBUGS-48686): Bump library-go for static pod controller apply fixes. [#1787](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1787)
* NO-JIRA: bump library-go [#1779](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1779)
* [OCPBUGS-45943](https://issues.redhat.com/browse/OCPBUGS-45943): skip generating certs when networkConfig.status.ServiceNetwork is nil [#1776](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1776)
* [CNTRLPLANE-1](https://issues.redhat.com/browse/CNTRLPLANE-1): Add resource.k8s.io/v1beta1 API for Kubernetes 1.32 [#1777](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1777)
* NO-JIRA: Revert Disable ResilientWatchCacheInitialization [#1771](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1771)
* [OCPBUGS-44693](https://issues.redhat.com/browse/OCPBUGS-44693): Disable ResilientWatchCacheInitialization [#1769](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1769)
* [API-1835](https://issues.redhat.com/browse/API-1835): bump library-go [#1767](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1767)
* [API-1835](https://issues.redhat.com/browse/API-1835): migrate static pod fallback to ssa [#1765](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1765)
* [API-1835](https://issues.redhat.com/browse/API-1835): migrate startup monitor conditon to ssa [#1764](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1764)
* [STOR-2078](https://issues.redhat.com/browse/STOR-2078): Enable VolumesAttributesClass API in kube-apiserver [#1761](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1761)
* [API-1835](https://issues.redhat.com/browse/API-1835): migrate the installer controller to SSA [#1756](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1756)
* NO-JIRA: Update "deprecated API in use" alert expressions for 1.31. [#1750](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1750)
* [OCPBUGS-42083](https://issues.redhat.com/browse/OCPBUGS-42083): Don't rollout revision until three etcd endpoints are listed [#1743](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1743)
* [WRKLDS-1449](https://issues.redhat.com/browse/WRKLDS-1449): bump(k8s): update k8s.io/* dependencies to v1.31.1 [#1722](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1722)
* [API-1835](https://issues.redhat.com/browse/API-1835): update to use the latest revision controller [#1747](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1747)
* [API-1835](https://issues.redhat.com/browse/API-1835): operator client update [#1737](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1737)
* [WRKLDS-1449](https://issues.redhat.com/browse/WRKLDS-1449): cleanup flag validation after they have been added to the installer [#1736](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1736)
* NO-JIRA: Re-apply "certrotationcontroller: set AutoRegenerateAfterOfflineExpiry for generated certificates" [#1665](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1665)
* create CRDs from openshift/api [#1735](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1735)
* [OCPBUGS-41778](https://issues.redhat.com/browse/OCPBUGS-41778): increase kube-apiserver failureThreshold [#1732](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1732)
* [OCPBUGS-41173](https://issues.redhat.com/browse/OCPBUGS-41173): Updating ose-cluster-kube-apiserver-operator-container image to be consistent with ART for 4.18 [#1730](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1730)
* NO-JIRA: Bump library-go to add audit logs about events [#1723](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1723)
* [OCPBUGS-41257](https://issues.redhat.com/browse/OCPBUGS-41257): introduce --operand-kubernetes-version flag and resolve API group versions accordingly [#1731](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1731)
* [OCPBUGS-38335](https://issues.redhat.com/browse/OCPBUGS-38335): Bump library-go [#1721](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1721)
* NO-JIRA: nodekubeconfigcontroller: set ownership component for node kubeconfigs [#1704](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1704)
* [AUTH-521](https://issues.redhat.com/browse/AUTH-521): add disabled syncer as reason to CFE for PSA [#1686](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1686)
* NO-JIRA: update library-go [#1703](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1703)
* [OCPEDGE-1102](https://issues.redhat.com/browse/OCPEDGE-1102): Revert high cpu usage alert description [#1680](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1680)
* [OCPEDGE-902](https://issues.redhat.com/browse/OCPEDGE-902): add SNO control plane high cpu usage alert [#1676](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1676)
* [OCPBUGS-34782](https://issues.redhat.com/browse/OCPBUGS-34782): manifests: add ownership annotation for kubelet-bootstrap-kubeconfig [#1694](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1694)
* [OCPBUGS-34544](https://issues.redhat.com/browse/OCPBUGS-34544): Disable PersistentVolumeLabel admission plugin [#1693](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1693)
* [OCPBUGS-34800](https://issues.redhat.com/browse/OCPBUGS-34800): Update APIRemovedInNextReleaseInUse for kube 1.30 / ocp 4.17 [#1697](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1697)
* [OCPBUGS-33963](https://issues.redhat.com/browse/OCPBUGS-33963): Create one-shot migrations for the flowcontrol group. [#1689](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1689)
* [API-1783](https://issues.redhat.com/browse/API-1783): bump(k8s): update k8s version to v1.30.0 [#1666](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1666)
* [OCPBUGS-33522](https://issues.redhat.com/browse/OCPBUGS-33522): add a controller that reconciles SCCs' volumes [#1675](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1675)
* NO-ISSUE: Revert "add SNO control plane high cpu usage alert" [#1674](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1674)
* [OCPBUGS-33184](https://issues.redhat.com/browse/OCPBUGS-33184): Fix incorrect name for hostmount-anyuid SCC ClusterRole [#1671](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1671)
* [OCPEDGE-902](https://issues.redhat.com/browse/OCPEDGE-902): add SNO control plane high cpu usage alert [#1660](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1660)
* [WRKLDS-1015](https://issues.redhat.com/browse/WRKLDS-1015): tolerate node-role.kubernetes.io/control-plane:NoExecute [#1664](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1664)
* [OCPBUGS-22969](https://issues.redhat.com/browse/OCPBUGS-22969): Use v1 for flowcontrol API [#1577](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1577)
* [OCPBUGS-31384](https://issues.redhat.com/browse/OCPBUGS-31384): use RotatedSigningCASecret controller in update only mode [#1659](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1659)
* NO-ISSUE: Revert "certrotationcontroller: set AutoRegenerateAfterOfflineExpiry for generated certificates [#1661](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1661)
* NO-JIRA: certrotationcontroller: set AutoRegenerateAfterOfflineExpiry [#1652](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1652)
* [OCPBUGS-30119](https://issues.redhat.com/browse/OCPBUGS-30119): certrotation: Bump library-go to latest master [#1651](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1651)
* [OCPCLOUD-2514](https://issues.redhat.com/browse/OCPCLOUD-2514): External CCM should no longer rely on feature gate access [#1649](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1649)
* [OCPBUGS-25894](https://issues.redhat.com/browse/OCPBUGS-25894): operator: stop removing kube-apiserver-slos asset [#1642](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1642)
* NO-JIRA: extend node-system-admin-client validity to 2 years [#1618](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1618)
* [OBSDA-553](https://issues.redhat.com/browse/OBSDA-553): add provider name to cluster_infrastructure_provider when external platform [#1638](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1638)
* [AUTH-481](https://issues.redhat.com/browse/AUTH-481): Add PSa labels to openshift-kube-apiserver-operator namespace [#1637](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1637)
* [OCPBUGS-27842](https://issues.redhat.com/browse/OCPBUGS-27842): Add sno section to alert description [#1633](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1633)
* NO-JIRA: Add Vu and Vadim to OWNERS [#1634](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1634)
* [OCPBUGS-24005](https://issues.redhat.com/browse/OCPBUGS-24005): when skipping a webhook check because of missing CA log the name of the webhook [#1632](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1632)
* NO-JIRA: Add ownership for the admin kubeconfig [#1584](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1584)
* [OCPBUGS-18939](https://issues.redhat.com/browse/OCPBUGS-18939): manifest: drop slo latency metrics in favor of sli [#1546](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1546)
* NO-ISSUE: prevent update status conflicts [#1621](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1621)
* [OCPBUGS-21846](https://issues.redhat.com/browse/OCPBUGS-21846): sync(library-go): revision_controller: update last revision only when a revision is completely rendered [#1619](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1619)
* [OCPBUGS-14496](https://issues.redhat.com/browse/OCPBUGS-14496): manifests: fix the scope of the TechPreviewNoUpgrade alert [#1512](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1512)
* [OCPBUGS-24907](https://issues.redhat.com/browse/OCPBUGS-24907): Updating ose-cluster-kube-apiserver-operator-container image to be consistent with ART [#1606](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1606)
* [OCPNODE-1892](https://issues.redhat.com/browse/OCPNODE-1892): Rebase 1.29.0 [#1608](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1608)
* [OCPBUGS-24005](https://issues.redhat.com/browse/OCPBUGS-24005): webhookcontroller: report when a webhook resource is missing a caBundle provided by the service-ca-operator [#1587](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1587)
* [TRT-1420](https://issues.redhat.com/browse/TRT-1420): revert #1586 #1596 [#1607](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1607)
* [OCPNODE-1890](https://issues.redhat.com/browse/OCPNODE-1890): Bump k8s api to v0.29.0 [#1586](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1586)
* [OCPNODE-1892](https://issues.redhat.com/browse/OCPNODE-1892): Set flag to skip setting cloud-provider=external [#1596](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1596)
* [OCPBUGS-24701](https://issues.redhat.com/browse/OCPBUGS-24701): ignore vendor folder in SAST scan [#1599](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1599)
* [AUTH-442](https://issues.redhat.com/browse/AUTH-442): psa cluster fleet evaluation [#1588](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1588)
* [OCPBUGS-24213](https://issues.redhat.com/browse/OCPBUGS-24213): Annotate managed certs [#1568](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1568)
* [OCPBUGS-23796](https://issues.redhat.com/browse/OCPBUGS-23796): use AlwaysAllow UnhealthyPodEvictionPolicy option [#1579](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1579)
* [OCPBUGS-21836](https://issues.redhat.com/browse/OCPBUGS-21836): use external load balancer url for jwks-uri [#1578](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1578)
* manifests: set owning component for TLS artifacts [#1583](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1583)
* [OCPBUGS-19160](https://issues.redhat.com/browse/OCPBUGS-19160): Updating ose-cluster-kube-apiserver-operator images to be consistent with ART [#1550](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1550)
* [OCPBUGS-20331](https://issues.redhat.com/browse/OCPBUGS-20331): manifests/0000_90_kube-apiserver-operator_04_servicemonitor-apiserver: Rename to kube-apiserver-performance-recording-rules [#1566](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1566)
* [OCPBUGS-20331](https://issues.redhat.com/browse/OCPBUGS-20331): manifests: rename API performance dashboard [#1565](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1565)
* [OCPBUGS-21729](https://issues.redhat.com/browse/OCPBUGS-21729): bump library-go to include switch to HTTP/1.1 [#1567](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1567)
* Update required GV for ValidatingAdmissionPolicy gate. [#1561](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1561)
* Update "deprecated API in use" alert expressions for 1.28. [#1562](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1562)
* bump(openshift/client-go,library-go) [#1560](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1560)
* [OCPBUGS-16794](https://issues.redhat.com/browse/OCPBUGS-16794): installerpod: change pod manifest mode to 0600 [#1557](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1557)
* [OCPBUGS-19024](https://issues.redhat.com/browse/OCPBUGS-19024): remove featuregate upgradeable controller that moved to cluster-config-operator [#1547](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1547)
* [OCPBUGS-18247](https://issues.redhat.com/browse/OCPBUGS-18247): manifests: don't include recording rules when Console capability is not enabled [#1542](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1542)
* [OCPBUGS-15504](https://issues.redhat.com/browse/OCPBUGS-15504): manifest: remove kube-apiserver PrometheusRule [#1543](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1543)
* Bump openshift/* libs [#1549](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1549)
* Update to Kubernetes 1.28.2 [#1548](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1548)
* [STOR-1425](https://issues.redhat.com/browse/STOR-1425): Update to Kubernetes 1.28.1 [#1534](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1534)
* [OCPBUGS-17436](https://issues.redhat.com/browse/OCPBUGS-17436): Unrevert 1536 and 1538. [#1541](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1541)
* Reverts DynamicResourceAllocation enablement on techpreview [#1540](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1540)
* [OCPBUGS-17436](https://issues.redhat.com/browse/OCPBUGS-17436): Enable DynamicResourceAllocation API in kube-apiserver [#1538](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1538)
* Set runtime-config in lockstep with feature-gates, if needed. [#1536](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1536)
* bump(api) [#1535](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1535)
* [OCPBUGS-16511](https://issues.redhat.com/browse/OCPBUGS-16511): bump(*): vendor update [#1529](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1529)
* [OCPBUGS-16511](https://issues.redhat.com/browse/OCPBUGS-16511): remove dependency on typed prometheus client [#1527](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1527)
* [OCPBUGS-13635](https://issues.redhat.com/browse/OCPBUGS-13635): make webhook connection failure a warning in log [#1526](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1526)
* [OCPBUGS-15489](https://issues.redhat.com/browse/OCPBUGS-15489): manifests: add new PrometheusRule for recording rules [#1521](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1521)
* certrotation: rotate kube-apiserver-to-kubelet-signer when 80% of validity is over [#1523](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1523)
* [OCPBUGS-13946](https://issues.redhat.com/browse/OCPBUGS-13946): do not use one second timeout when asserting a webhook connection [#1510](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1510)
* [OCPBUGS-14008](https://issues.redhat.com/browse/OCPBUGS-14008): Enable "send-retry-after-while-not-ready-once" on SNO [#1500](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1500)
* update probes for best practices and consistency [#1516](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1516)
* api_performance_dashboard: show apiserver_longrunning_requests metric [#1518](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1518)
* allow greater timeout for etcd health check [#1517](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1517)
* api_performance_dashboard: show apiserver_request_total instead of apiserver_dropped_requests [#1520](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1520)
* [OCPBUGS-8404](https://issues.redhat.com/browse/OCPBUGS-8404): pkg/operator/configobserver: check that the serving certificate refer… [#1482](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1482)
* [OCPBUGS-3986](https://issues.redhat.com/browse/OCPBUGS-3986): dashboard: use recording rules for most metrics [#1484](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1484)
* [OCPBUGS-14940](https://issues.redhat.com/browse/OCPBUGS-14940): api_performance_dashboard: show apiserver_longrunning_requests metric [#1511](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1511)
* [OCPBUGS-13946](https://issues.redhat.com/browse/OCPBUGS-13946): degraded_webhook.go x509: certificate signed by unknown authority [#1503](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1503)
* [OCPBUGS-14323](https://issues.redhat.com/browse/OCPBUGS-14323): Change manifest directory permissions [#1505](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1505)
* [OCPBUGS-13547](https://issues.redhat.com/browse/OCPBUGS-13547): Remove featureset flag and use only the manifest [#1491](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1491)
* [OCPBUGS-13303](https://issues.redhat.com/browse/OCPBUGS-13303): pkg/operator/startupmonitor: skip openshift-apiserver readiness check… [#1492](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1492)
* [OCPBUGS-14038](https://issues.redhat.com/browse/OCPBUGS-14038): Update APIRemovedInNextRelease alerts [#1497](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1497)
* [STOR-1263](https://issues.redhat.com/browse/STOR-1263): Bump k8s 1.27 [#1469](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1469)
* read featureset from the manifests [#1490](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1490)
* Read feature manifest [#1488](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1488)
* Cover featuregate access errors in PSA configobserver unit tests. [#1486](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1486)
* switch to featuregates via the API [#1485](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1485)
* [OCPBUGS-10831](https://issues.redhat.com/browse/OCPBUGS-10831): pod security: use v1 api [#1481](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1481)
* [OCPBUGS-11361](https://issues.redhat.com/browse/OCPBUGS-11361): Revert "Merge pull request #1474 from benluddy/oapi-bump" [#1477](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1477)
* Bump dependency on openshift/api. [#1474](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1474)
* Updating ose-cluster-kube-apiserver-operator images to be consistent with ART [#1460](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1460)
* [OCPBUGS-10713](https://issues.redhat.com/browse/OCPBUGS-10713): PSA Violation alert: add ocp_namespace label [#1435](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1435)
* [OCPBUGS-10039](https://issues.redhat.com/browse/OCPBUGS-10039): update openshift/api to include aesgcm provider in the default apiserver schema [#1462](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1462)
* [OCPBUGS-10577](https://issues.redhat.com/browse/OCPBUGS-10577): update apf configuration to use v1beta3 [#1413](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1413)
* [OCPBUGS-8711](https://issues.redhat.com/browse/OCPBUGS-8711): API-1509: Enable AES-GCM encryption [#1449](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1449)
* [OCPBUGS-8478](https://issues.redhat.com/browse/OCPBUGS-8478): Disable TestBoundTokenSignerController [#1455](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1455)
* [STOR-1051](https://issues.redhat.com/browse/STOR-1051): Allow CSI inline volumes in all SCCs [#1434](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1434)
* [WRKLDS-705](https://issues.redhat.com/browse/WRKLDS-705): Bump openshift/api to enable DynamicResourceAllocation through TechPreviewNoUpgrade [#1447](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1447)
* bump(api) [#1444](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1444)
* bump(*) [#1442](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1442)
* Update OWNERS to remove/replace adambkaplan [#1438](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1438)
* [OCPBUGS-5873](https://issues.redhat.com/browse/OCPBUGS-5873): dashboard: use apiserver_storage_objects metric [#1432](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1432)
* [API-1520](https://issues.redhat.com/browse/API-1520): Update SLO alerts based on upstream improvements [#1431](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1431)
* [WRKLDS-649](https://issues.redhat.com/browse/WRKLDS-649): Guard pod set readiness probe endpoint explicitly [#1437](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1437)
* update APIRemovedInNextRelease alerts [#1436](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1436)
* [OCPBUGS-6202](https://issues.redhat.com/browse/OCPBUGS-6202): Updating ose-cluster-kube-apiserver-operator images to be consistent with ART [#1415](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1415)
* [OCPBUGS-6258](https://issues.redhat.com/browse/OCPBUGS-6258): bump(k8s): 1.26.1 [#1433](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1433)
* increase audit log size to contain an entire upgrade+e2e run [#1430](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1430)
* [OCPBUGS-3985](https://issues.redhat.com/browse/OCPBUGS-3985): enable pod security admission for techpreview [#1403](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1403)
* [OCPBUGS-272](https://issues.redhat.com/browse/OCPBUGS-272): Remove duplicate find word in error msg for degraded webhook [#1428](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1428)
* Fix typo in PodSecurityViolation alert's description [#1391](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1391)
* make the bootstrap kube-apiserver honor cluster-wide featuregates [#1419](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1419)
* remove use of deprecated klog flags [#1427](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1427)
* Revert "drop log-file flag removed in 1.26" [#1425](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1425)
* make api team approver [#1377](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1377)
* drop log-file flag removed in 1.26 [#1420](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1420)
* bump(api) [#1418](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1418)
* Drop flags removed in k8s 1.26 [#1417](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1417)
* [OCPBUGS-3041](https://issues.redhat.com/browse/OCPBUGS-3041): guard controller: set an explicit hostname to avoid name collisions [#1410](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1410)
* [STOR-829](https://issues.redhat.com/browse/STOR-829): Enable CSIInlineVolumeSecurity admission plugin [#1385](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1385)
* [OCPBUGS-3985](https://issues.redhat.com/browse/OCPBUGS-3985): update for featureset rendering [#1409](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1409)
* [OCPBUGS-3929](https://issues.redhat.com/browse/OCPBUGS-3929): update apf configuration to use v1beta2 [#1408](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1408)
* bootstrap-kube-apiserver: specify resources.requests [#1398](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1398)
* [OCPBUGS-1601](https://issues.redhat.com/browse/OCPBUGS-1601): CVE-2022-3259: enable HSTS for kube-apiserver [#1392](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1392)
* [Bug 2100429](https://bugzilla.redhat.com/show_bug.cgi?id=2100429): Allow ephemeral volumes in all SCCs [#1380](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1380)
* [Full changelog](https://github.com/openshift/cluster-kube-apiserver-operator/compare/336ffd5e7491f565faccf843571303377b1d4825...)


### [cluster-kube-controller-manager-operator](https://github.com/openshift/cluster-kube-controller-manager-operator/tree/73f7ea7014f57cc37d6f2c720d3bcc00c7d4718b)

* [OCPBUGS-7369](https://issues.redhat.com/browse/OCPBUGS-7369): Guard pod set readiness probe endpoint explicitly [#699](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/699)
* [Full changelog](https://github.com/openshift/cluster-kube-controller-manager-operator/compare/9243e022c42c6d55e1d97a15ed51831f6080984a...73f7ea7014f57cc37d6f2c720d3bcc00c7d4718b)


### [cluster-kube-scheduler-operator](https://github.com/openshift/cluster-kube-scheduler-operator/tree/845ae423e831b1cacf0bcae5e6528f1d21b5ddf2)

* [OCPBUGS-7369](https://issues.redhat.com/browse/OCPBUGS-7369): Guard controller: set the readiness probe endpoint explicitly [#462](https://github.com/openshift/cluster-kube-scheduler-operator/pull/462)
* [Full changelog](https://github.com/openshift/cluster-kube-scheduler-operator/compare/e0b6bf9c4ddb0da9268d504d23ca2ca11880d970...845ae423e831b1cacf0bcae5e6528f1d21b5ddf2)


### [cluster-kube-storage-version-migrator-operator](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/tree/)

* [CNTRLPLANE-2706](https://issues.redhat.com/browse/CNTRLPLANE-2706): add network policy e2e tests for operator and operand [#151](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/151)
* [OCPBUGS-65984](https://issues.redhat.com/browse/OCPBUGS-65984): Revert TRT-2577: Revert #139 "OCPBUGS-65984: scale migrator deployment" [#149](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/149)
* [OCPBUGS-74038](https://issues.redhat.com/browse/OCPBUGS-74038): Updating ose-cluster-kube-storage-version-migrator-operator-container image to be consistent with ART for 4.22 [#137](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/137)
* [TRT-2577](https://issues.redhat.com/browse/TRT-2577): Revert #139 "OCPBUGS-65984: scale migrator deployment" [#148](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/148)
* [OCPBUGS-65984](https://issues.redhat.com/browse/OCPBUGS-65984): scale migrator deployment [#139](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/139)
* NO-JIRA: OWNERS: remove engineers who have left Red Hat [#147](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/147)
* [OCPBUGS-65984](https://issues.redhat.com/browse/OCPBUGS-65984): Prevent AvailableReplicas from dropping to 0 during deployment rollout [#138](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/138)
* [OCPBUGS-70004](https://issues.redhat.com/browse/OCPBUGS-70004): Updating ose-cluster-kube-storage-version-migrator-operator-container image to be consistent with ART for 4.22 [#136](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/136)
* [OCPBUGS-65984](https://issues.redhat.com/browse/OCPBUGS-65984): Prevent AvailableReplicas from dropping to 0 during deployment rollout [#135](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/135)
* [CNTRLPLANE-1306](https://issues.redhat.com/browse/CNTRLPLANE-1306): Refactor OTE to single-module architecture [#133](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/133)
* [OCPBUGS-62444](https://issues.redhat.com/browse/OCPBUGS-62444): Updating ose-cluster-kube-storage-version-migrator-operator-container image to be consistent with ART for 4.21 [#132](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/132)
* [CNTRLPLANE-1306](https://issues.redhat.com/browse/CNTRLPLANE-1306): Fixing arch issue [#130](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/130)
* [CNTRLPLANE-1306](https://issues.redhat.com/browse/CNTRLPLANE-1306): Fix arch issue [#128](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/128)
* [CNTRLPLANE-1306](https://issues.redhat.com/browse/CNTRLPLANE-1306): set up openshift-tests-extension and add a sanity test [#126](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/126)
* [OCPBUGS-57807](https://issues.redhat.com/browse/OCPBUGS-57807): Updating ose-cluster-kube-storage-version-migrator-operator-container image to be consistent with ART for 4.20 [#124](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/124)
* [OCPBUGS-45640](https://issues.redhat.com/browse/OCPBUGS-45640): Updating ose-cluster-kube-storage-version-migrator-operator-container image to be consistent with ART for 4.19 [#122](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/122)
* [API-1835](https://issues.redhat.com/browse/API-1835): bump library-go [#120](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/120)
* [OCPBUGS-20062](https://issues.redhat.com/browse/OCPBUGS-20062): "gracefully" shutdown KSVM pod. [#118](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/118)
* NO-JIRA: operator/starter.go: don't report an error on shutdown [#117](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/117)
* [OCPBUGS-41169](https://issues.redhat.com/browse/OCPBUGS-41169): Updating ose-cluster-kube-storage-version-migrator-operator-container image to be consistent with ART for 4.18 [#116](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/116)
* NO-JIRA: bump(*) [#113](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/113)
* [OCPBUGS-34306](https://issues.redhat.com/browse/OCPBUGS-34306): Updating ose-cluster-kube-storage-version-migrator-operator-container image to be consistent with ART for 4.17 [#110](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/110)
* [OCPBUGS-34306](https://issues.redhat.com/browse/OCPBUGS-34306): Updating ose-cluster-kube-storage-version-migrator-operator-container image to be consistent with ART for 4.17 [#109](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/109)
* [AUTH-482](https://issues.redhat.com/browse/AUTH-482): set required-scc for openshift workloads [#107](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/107)
* [OCPBUGS-29567](https://issues.redhat.com/browse/OCPBUGS-29567): Apply hypershift cluster-profile for ibm-cloud-managed [#106](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/106)
* [OCPBUGS-27930](https://issues.redhat.com/browse/OCPBUGS-27930): Updating ose-cluster-kube-storage-version-migrator-operator-container image to be consistent with ART for 4.16 [#103](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/103)
* [OCPBUGS-24989](https://issues.redhat.com/browse/OCPBUGS-24989): Updating ose-cluster-kube-storage-version-migrator-operator-container image to be consistent with ART [#101](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/101)
* [OCPBUGS-21738](https://issues.redhat.com/browse/OCPBUGS-21738): bump library-go to include switch to HTTP/1.1 [#95](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/95)
* [OCPBUGS-19253](https://issues.redhat.com/browse/OCPBUGS-19253): Updating ose-cluster-kube-storage-version-migrator-operator images to be consistent with ART [#94](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/94)
* Revert "specify master node selector on migrator pod" [#93](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/93)
* [OCPBUGS-17170](https://issues.redhat.com/browse/OCPBUGS-17170): specify master node selector on migrator pod [#92](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/92)
* [OCPBUGS-16513](https://issues.redhat.com/browse/OCPBUGS-16513): bump(*): update to 1.27.1 [#91](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/91)
* Fix operator doc in README [#90](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/90)
* Updating ose-cluster-kube-storage-version-migrator-operator images to be consistent with ART [#89](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/89)
* [OCPBUGS-6240](https://issues.redhat.com/browse/OCPBUGS-6240): Updating ose-cluster-kube-storage-version-migrator-operator images to be consistent with ART [#87](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/87)
* And 1 elided commits (e.g. from squash or rebase merges)
* [Full changelog](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/compare/12d050abd0cf37dae8973d453930bcf494a2499b...)


### [cluster-machine-approver](https://github.com/openshift/cluster-machine-approver/tree/)

* [OCPCLOUD-3286](https://issues.redhat.com/browse/OCPCLOUD-3286): Bump k8s v1.35, go 1.25 [#295](https://github.com/openshift/cluster-machine-approver/pull/295)
* Revert "OCPCLOUD-3347: tls: use centralized TLS profile" [#291](https://github.com/openshift/cluster-machine-approver/pull/291)
* [OCPCLOUD-3347](https://issues.redhat.com/browse/OCPCLOUD-3347): tls: use centralized TLS profile [#286](https://github.com/openshift/cluster-machine-approver/pull/286)
* [OCPBUGS-69815](https://issues.redhat.com/browse/OCPBUGS-69815): Updating ose-cluster-machine-approver-container image to be consistent with ART for 4.22 [#289](https://github.com/openshift/cluster-machine-approver/pull/289)
* [MON-4476](https://issues.redhat.com/browse/MON-4476): chore: add permissions on endpointslice to Prometheus Role and use serviceDiscoveryRole: EndpointSlice in ServiceMonitors [#288](https://github.com/openshift/cluster-machine-approver/pull/288)
* NO-JIRA: Fix expired test certificate in csr_check_test.go [#287](https://github.com/openshift/cluster-machine-approver/pull/287)
* [OCPCLOUD-3082](https://issues.redhat.com/browse/OCPCLOUD-3082): K8s 1.34 bump and update dependencies [#282](https://github.com/openshift/cluster-machine-approver/pull/282)
* [OCPBUGS-63519](https://issues.redhat.com/browse/OCPBUGS-63519): port 9193 need to be internal and port 9194 need to have a service [#279](https://github.com/openshift/cluster-machine-approver/pull/279)
* [OCPBUGS-62583](https://issues.redhat.com/browse/OCPBUGS-62583): NO-JIRA: Updating ose-cluster-machine-approver-container image to be consistent with ART for 4.21 [#277](https://github.com/openshift/cluster-machine-approver/pull/277)
* NO-JIRA: Update OWNERS [#276](https://github.com/openshift/cluster-machine-approver/pull/276)
* NO-JIRA: set machine-approver-controller as default container [#278](https://github.com/openshift/cluster-machine-approver/pull/278)
* NO-JIRA: Fix some lints and nits [#273](https://github.com/openshift/cluster-machine-approver/pull/273)
* [OCPCLOUD-2939](https://issues.redhat.com/browse/OCPCLOUD-2939): Bump k8s 1.33 [#272](https://github.com/openshift/cluster-machine-approver/pull/272)
* NO-JIRA: Update OWNERS [#274](https://github.com/openshift/cluster-machine-approver/pull/274)
* [OCPBUGS-57610](https://issues.redhat.com/browse/OCPBUGS-57610): Updating ose-cluster-machine-approver-container image to be consistent with ART for 4.20 [#271](https://github.com/openshift/cluster-machine-approver/pull/271)
* [OCPBUGS-19856](https://issues.redhat.com/browse/OCPBUGS-19856): Improve log message when searching for node by InternalDNS [#269](https://github.com/openshift/cluster-machine-approver/pull/269)
* No-Jira: ignore test file csr_check_test.go [#270](https://github.com/openshift/cluster-machine-approver/pull/270)
* [OCPCLOUD-2832](https://issues.redhat.com/browse/OCPCLOUD-2832): Bump k8s 1.32 [#268](https://github.com/openshift/cluster-machine-approver/pull/268)
* [OCPBUGS-48056](https://issues.redhat.com/browse/OCPBUGS-48056): Fix race condition in CO status controller test [#264](https://github.com/openshift/cluster-machine-approver/pull/264)
* [OCPCLOUD-2787](https://issues.redhat.com/browse/OCPCLOUD-2787): Deploy CAPI manifests in CustomNoUpgrade [#262](https://github.com/openshift/cluster-machine-approver/pull/262)
* [OCPBUGS-36404](https://issues.redhat.com/browse/OCPBUGS-36404): Filter CSRs by signerName [#243](https://github.com/openshift/cluster-machine-approver/pull/243)
* [OCPBUGS-45434](https://issues.redhat.com/browse/OCPBUGS-45434): Updating ose-cluster-machine-approver-container image to be consistent with ART for 4.19 [#247](https://github.com/openshift/cluster-machine-approver/pull/247)
* [OCPBUGS-45306](https://issues.redhat.com/browse/OCPBUGS-45306): Ensure trailing dots on DNS names do not block serving cert auth [#253](https://github.com/openshift/cluster-machine-approver/pull/253)
* [OCPBUGS-45306](https://issues.redhat.com/browse/OCPBUGS-45306): Client internal DNS checks should ignore trailing dot [#248](https://github.com/openshift/cluster-machine-approver/pull/248)
* [OCPCLOUD-2736](https://issues.redhat.com/browse/OCPCLOUD-2736): Update to k8s 1.31 [#240](https://github.com/openshift/cluster-machine-approver/pull/240)
* [OCPCLOUD-2703](https://issues.redhat.com/browse/OCPCLOUD-2703): OWNERS: update subcomponent [#239](https://github.com/openshift/cluster-machine-approver/pull/239)
* [OCPBUGS-39526](https://issues.redhat.com/browse/OCPBUGS-39526): Updating ose-cluster-machine-approver-container image to be consistent with ART for 4.18 [#238](https://github.com/openshift/cluster-machine-approver/pull/238)
* [OCPBUGS-36871](https://issues.redhat.com/browse/OCPBUGS-36871): Client internal DNS checks should be case insensitive [#237](https://github.com/openshift/cluster-machine-approver/pull/237)
* NO-JIRA: Update OWNERS [#236](https://github.com/openshift/cluster-machine-approver/pull/236)
* [OCPCLOUD-2602](https://issues.redhat.com/browse/OCPCLOUD-2602): Update dependencies to Kube 1.30 [#235](https://github.com/openshift/cluster-machine-approver/pull/235)
* [OCPBUGS-34138](https://issues.redhat.com/browse/OCPBUGS-34138): Updating ose-cluster-machine-approver-container image to be consistent with ART for 4.17 [#232](https://github.com/openshift/cluster-machine-approver/pull/232)
* [OCPBUGS-33644](https://issues.redhat.com/browse/OCPBUGS-33644): check for machine crd before listing machines [#231](https://github.com/openshift/cluster-machine-approver/pull/231)
* [OCPBUGS-29568](https://issues.redhat.com/browse/OCPBUGS-29568): Apply hypershift cluster-profile for ibm-cloud-managed [#229](https://github.com/openshift/cluster-machine-approver/pull/229)
* [OCPBUGS-28230](https://issues.redhat.com/browse/OCPBUGS-28230): add FallbackToLogsOnError for easier debugging [#227](https://github.com/openshift/cluster-machine-approver/pull/227)
* [OCPBUGS-26116](https://issues.redhat.com/browse/OCPBUGS-26116): Add Snyk file to exclude vendor directory on scan [#225](https://github.com/openshift/cluster-machine-approver/pull/225)
* [OCPCLOUD-2417](https://issues.redhat.com/browse/OCPCLOUD-2417): Update to kube 1.29 and controller-runtime 0.17.0 [#224](https://github.com/openshift/cluster-machine-approver/pull/224)
* [OCPBUGS-23544](https://issues.redhat.com/browse/OCPBUGS-23544): Increase concurrent reconciles to 10 [#222](https://github.com/openshift/cluster-machine-approver/pull/222)
* [OCPBUGS-25582](https://issues.redhat.com/browse/OCPBUGS-25582): Updating ose-cluster-machine-approver-container image to be consistent with ART [#223](https://github.com/openshift/cluster-machine-approver/pull/223)
* [OCPBUGS-24985](https://issues.redhat.com/browse/OCPBUGS-24985): Updating ose-cluster-machine-approver-container image to be consistent with ART [#218](https://github.com/openshift/cluster-machine-approver/pull/218)
* [OCPBUGS-24154](https://issues.redhat.com/browse/OCPBUGS-24154): Updating ose-cluster-machine-approver-container image to be consistent with ART [#217](https://github.com/openshift/cluster-machine-approver/pull/217)
* [OCPCLOUD-2277](https://issues.redhat.com/browse/OCPCLOUD-2277): Ensure Cluster Machine Approver metrics are only available via HTTPS [#211](https://github.com/openshift/cluster-machine-approver/pull/211)
* [OCPBUGS-21594](https://issues.redhat.com/browse/OCPBUGS-21594): Filter non node CSRs in metrics [#208](https://github.com/openshift/cluster-machine-approver/pull/208)
* [OCPBUGS-21793](https://issues.redhat.com/browse/OCPBUGS-21793): Bump x/net package to v0.17.0 [#204](https://github.com/openshift/cluster-machine-approver/pull/204)
* Update OWNERS [#205](https://github.com/openshift/cluster-machine-approver/pull/205)
* [OCPBUGS-19250](https://issues.redhat.com/browse/OCPBUGS-19250): Updating ose-cluster-machine-approver images to be consistent with ART [#201](https://github.com/openshift/cluster-machine-approver/pull/201)
* [OCPCLOUD-2181](https://issues.redhat.com/browse/OCPCLOUD-2181): Update K8s dependencies to 1.28 [#203](https://github.com/openshift/cluster-machine-approver/pull/203)
* [OCPBUGS-17090](https://issues.redhat.com/browse/OCPBUGS-17090): Set logger for controller runtime [#200](https://github.com/openshift/cluster-machine-approver/pull/200)
* [OCPBUGS-18338](https://issues.redhat.com/browse/OCPBUGS-18338): Fix CI by running tests natively by default [#199](https://github.com/openshift/cluster-machine-approver/pull/199)
* [OCPBUGS-16156](https://issues.redhat.com/browse/OCPBUGS-16156): check if machine api present [#198](https://github.com/openshift/cluster-machine-approver/pull/198)
* handle situation when machine CRD is not present [#191](https://github.com/openshift/cluster-machine-approver/pull/191)
* [OCPCLOUD-2044](https://issues.redhat.com/browse/OCPCLOUD-2044): Update to Kubernetes 1.27 deps [#195](https://github.com/openshift/cluster-machine-approver/pull/195)
* [OCPBUGS-10171](https://issues.redhat.com/browse/OCPBUGS-10171): Go 1.20 bump with fixed unit tests [#194](https://github.com/openshift/cluster-machine-approver/pull/194)
* [OCPBUGS-11225](https://issues.redhat.com/browse/OCPBUGS-11225): Update node client allowed usages [#189](https://github.com/openshift/cluster-machine-approver/pull/189)
* [OCPBUGS-11225](https://issues.redhat.com/browse/OCPBUGS-11225): Update isNodeClientCert to allow for new key usages [#186](https://github.com/openshift/cluster-machine-approver/pull/186)
* [OCPBUGS-11225](https://issues.redhat.com/browse/OCPBUGS-11225): approver: fix ECDSA approvals in 1.27 [#184](https://github.com/openshift/cluster-machine-approver/pull/184)
* Update TLS Bootstrapping doc links in README [#182](https://github.com/openshift/cluster-machine-approver/pull/182)
* Updating ose-cluster-machine-approver images to be consistent with ART [#180](https://github.com/openshift/cluster-machine-approver/pull/180)
* Update OWNERS [#179](https://github.com/openshift/cluster-machine-approver/pull/179)
* : Update tooling for CMA [#178](https://github.com/openshift/cluster-machine-approver/pull/178)
* [OCPCLOUD-1805](https://issues.redhat.com/browse/OCPCLOUD-1805): Port to ginkgo v2 [#176](https://github.com/openshift/cluster-machine-approver/pull/176)
* Updating ose-cluster-machine-approver images to be consistent with ART [#174](https://github.com/openshift/cluster-machine-approver/pull/174)
* Update OWNERS [#177](https://github.com/openshift/cluster-machine-approver/pull/177)
* [Full changelog](https://github.com/openshift/cluster-machine-approver/compare/60081982654993534de29d224d6a42c251762420...)


### [cluster-monitoring-operator](https://github.com/openshift/cluster-monitoring-operator/tree/)

* NO-ISSUE: [bot] Update jsonnet dependencies [#2861](https://github.com/openshift/cluster-monitoring-operator/pull/2861)
* [MON-4481](https://issues.redhat.com/browse/MON-4481), [MON-4482](https://issues.redhat.com/browse/MON-4482): set minimum TLS version for Thanos sidecars [#2859](https://github.com/openshift/cluster-monitoring-operator/pull/2859)
* NO-JIRA: update jsonnet dependencies [#2858](https://github.com/openshift/cluster-monitoring-operator/pull/2858)
* [OCPBUGS-78976](https://issues.redhat.com/browse/OCPBUGS-78976): configure repair policy to 'evict' [#2856](https://github.com/openshift/cluster-monitoring-operator/pull/2856)
* [MON-4542](https://issues.redhat.com/browse/MON-4542): update Prometheus operator CRDS to v0.90.0 [#2854](https://github.com/openshift/cluster-monitoring-operator/pull/2854)
* NO-JIRA: update github.com/openshift/library-go [#2852](https://github.com/openshift/cluster-monitoring-operator/pull/2852)
* NO-JIRA: change ClusterRolefailed to ClusterRole failed [#2853](https://github.com/openshift/cluster-monitoring-operator/pull/2853)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2857](https://github.com/openshift/cluster-monitoring-operator/pull/2857)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2851](https://github.com/openshift/cluster-monitoring-operator/pull/2851)
* NO-JIRA: add unit tests for admission webhook's TLS configuration [#2850](https://github.com/openshift/cluster-monitoring-operator/pull/2850)
* [MON-4479](https://issues.redhat.com/browse/MON-4479): use TLS profile to configure CMO server [#2841](https://github.com/openshift/cluster-monitoring-operator/pull/2841)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2849](https://github.com/openshift/cluster-monitoring-operator/pull/2849)
* [MON-4535](https://issues.redhat.com/browse/MON-4535): Add .coderabbit.yaml to reduce review noise [#2845](https://github.com/openshift/cluster-monitoring-operator/pull/2845)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2847](https://github.com/openshift/cluster-monitoring-operator/pull/2847)
* [OCPBUGS-48578](https://issues.redhat.com/browse/OCPBUGS-48578): chore(metrics-server): prefer control-plane nodes and tolerate their taints [#2801](https://github.com/openshift/cluster-monitoring-operator/pull/2801)
* [OCPBUGS-78221](https://issues.redhat.com/browse/OCPBUGS-78221): fix return value format [#2846](https://github.com/openshift/cluster-monitoring-operator/pull/2846)
* NO-JIRA: fix wrong string formatter in tests [#2839](https://github.com/openshift/cluster-monitoring-operator/pull/2839)
* NO-ISSUE: fix typo [#2837](https://github.com/openshift/cluster-monitoring-operator/pull/2837)
* [OCPBUGS-77543](https://issues.redhat.com/browse/OCPBUGS-77543): Updating cluster-monitoring-operator-container image to be consistent with ART for 4.22 [#2836](https://github.com/openshift/cluster-monitoring-operator/pull/2836)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2830](https://github.com/openshift/cluster-monitoring-operator/pull/2830)
* [MON-4533](https://issues.redhat.com/browse/MON-4533): Bump prometheus-operator to v0.89.0 [#2822](https://github.com/openshift/cluster-monitoring-operator/pull/2822)
* [OCPBUGS-74524](https://issues.redhat.com/browse/OCPBUGS-74524): Remove MetricsCollectionProfiles feature-gate [#2812](https://github.com/openshift/cluster-monitoring-operator/pull/2812)
* [MON-4494](https://issues.redhat.com/browse/MON-4494): add kubernetes-mcp-server metrics to allowed list [#2818](https://github.com/openshift/cluster-monitoring-operator/pull/2818)
* [MON-4491](https://issues.redhat.com/browse/MON-4491): Implement Logic for User Defined [#2807](https://github.com/openshift/cluster-monitoring-operator/pull/2807)
* [OCPBUGS-61262](https://issues.redhat.com/browse/OCPBUGS-61262): AlertingRule: fix duplicate PrometheusRules after MD5->SHA-224 naming change [#2820](https://github.com/openshift/cluster-monitoring-operator/pull/2820)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2800](https://github.com/openshift/cluster-monitoring-operator/pull/2800)
* [OCPBUGS-73957](https://issues.redhat.com/browse/OCPBUGS-73957): Updating cluster-monitoring-operator-container image to be consistent with ART for 4.22 [#2790](https://github.com/openshift/cluster-monitoring-operator/pull/2790)
* NO-ISSUE: test/e2e: add Func suffix to assertion helpers for consistency [#2803](https://github.com/openshift/cluster-monitoring-operator/pull/2803)
* [OCPBUGS-74673](https://issues.redhat.com/browse/OCPBUGS-74673): Fix NodeRAIDDegraded & NodeRAIDDiskFailure alerts [#2799](https://github.com/openshift/cluster-monitoring-operator/pull/2799)
* [OCPBUGS-69397](https://issues.redhat.com/browse/OCPBUGS-69397): Move console control plane health queries to their own… [#2778](https://github.com/openshift/cluster-monitoring-operator/pull/2778)
* [OCPBUGS-74347](https://issues.redhat.com/browse/OCPBUGS-74347): config: add bond device to default node-exporter ignore list [#2806](https://github.com/openshift/cluster-monitoring-operator/pull/2806)
* NO-ISSUE: merge case 67008,68958 to node-exporter e2e test [#2788](https://github.com/openshift/cluster-monitoring-operator/pull/2788)
* NO-ISSUE: test: TestUserWorkloadWithAlertmanager|TestNetworkPolicy: fix a no-op check [#2802](https://github.com/openshift/cluster-monitoring-operator/pull/2802)
* [OCPBUGS-67162](https://issues.redhat.com/browse/OCPBUGS-67162): update expr for AlertmanagerClusterFailedToSendAlerts to exclude value 0 [#2796](https://github.com/openshift/cluster-monitoring-operator/pull/2796)
* NO-JIRA: Upgrade golangci-lint from v1 to v2 [#2789](https://github.com/openshift/cluster-monitoring-operator/pull/2789)
* [OCPBUGS-66069](https://issues.redhat.com/browse/OCPBUGS-66069): Include `kube_pod_labels` in minimal profile [#2777](https://github.com/openshift/cluster-monitoring-operator/pull/2777)
* [MON-4470](https://issues.redhat.com/browse/MON-4470): ship collector:node_scrape_collector_success:avg to Telemetry [#2794](https://github.com/openshift/cluster-monitoring-operator/pull/2794)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2791](https://github.com/openshift/cluster-monitoring-operator/pull/2791)
* [OCPBUGS-66180](https://issues.redhat.com/browse/OCPBUGS-66180): create networkpolicy settings for user workload monitoring [#2765](https://github.com/openshift/cluster-monitoring-operator/pull/2765)
* NO-ISSUE: move endpointslice RBAC to Role [#2786](https://github.com/openshift/cluster-monitoring-operator/pull/2786)
* [MON-4466](https://issues.redhat.com/browse/MON-4466): enable ethtool collector [#2779](https://github.com/openshift/cluster-monitoring-operator/pull/2779)
* NO-ISSUE: add app.kubernetes.io/part-of=openshift-monitoring label to thanos-ruler pod [#2787](https://github.com/openshift/cluster-monitoring-operator/pull/2787)
* [MON-4343](https://issues.redhat.com/browse/MON-4343): Reapply "MON-4343: Cleanup deprecate pa config" [#2782](https://github.com/openshift/cluster-monitoring-operator/pull/2782)
* NO-ISSUE: remove test case 74734 [#2785](https://github.com/openshift/cluster-monitoring-operator/pull/2785)
* [OCPBUGS-61088](https://issues.redhat.com/browse/OCPBUGS-61088): revert PR #2766 [#2769](https://github.com/openshift/cluster-monitoring-operator/pull/2769)
* [OCPBUGS-69733](https://issues.redhat.com/browse/OCPBUGS-69733): Updating cluster-monitoring-operator-container image to be consistent with ART for 4.22 [#2781](https://github.com/openshift/cluster-monitoring-operator/pull/2781)
* [MON-4406](https://issues.redhat.com/browse/MON-4406): watch ClusterMonitoring config resource [#2770](https://github.com/openshift/cluster-monitoring-operator/pull/2770)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2780](https://github.com/openshift/cluster-monitoring-operator/pull/2780)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2776](https://github.com/openshift/cluster-monitoring-operator/pull/2776)
* NO-ISSUE: ensure CMO and its operands pods have the app.kubernetes.io/part-of: openshift-monitoring label [#2771](https://github.com/openshift/cluster-monitoring-operator/pull/2771)
* NO-ISSUE: Migrate away from deprecated ioutil [#2754](https://github.com/openshift/cluster-monitoring-operator/pull/2754)
* NO-ISSUE: rename manifests_test package to manifests [#2768](https://github.com/openshift/cluster-monitoring-operator/pull/2768)
* [MON-4436](https://issues.redhat.com/browse/MON-4436): Drop CHANGELOG.md [#2755](https://github.com/openshift/cluster-monitoring-operator/pull/2755)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2767](https://github.com/openshift/cluster-monitoring-operator/pull/2767)
* [TRT-2442](https://issues.redhat.com/browse/TRT-2442): revert enhance test for config_test.go and let CVO manage CMO networkpolicies" [#2766](https://github.com/openshift/cluster-monitoring-operator/pull/2766)
* [OCPBUGS-66137](https://issues.redhat.com/browse/OCPBUGS-66137): update ghcr.io/rhobs/prometheus-example-app to 0.5.1 which aligns versions [#2762](https://github.com/openshift/cluster-monitoring-operator/pull/2762)
* [MON-3940](https://issues.redhat.com/browse/MON-3940): Add the collection of MTV migration metrics to Telemetry [#2743](https://github.com/openshift/cluster-monitoring-operator/pull/2743)
* [MON-4424](https://issues.redhat.com/browse/MON-4424): update ghcr.io/rhobs/prometheus-example-app to 0.5.0 [#2749](https://github.com/openshift/cluster-monitoring-operator/pull/2749)
* [MON-4444](https://issues.redhat.com/browse/MON-4444): thanos-ruler: set default retention from UWM Prometheus if present [#2759](https://github.com/openshift/cluster-monitoring-operator/pull/2759)
* [OCPBUGS-61088](https://issues.redhat.com/browse/OCPBUGS-61088): revert PR #2738, enhance test for config_test.go and let CVO manage CMO networkpolicies [#2740](https://github.com/openshift/cluster-monitoring-operator/pull/2740)
* [MON-4435](https://issues.redhat.com/browse/MON-4435): EndpointSlice migration in UWM Prometheus Operator [#2756](https://github.com/openshift/cluster-monitoring-operator/pull/2756)
* NO-ISSUE: update prometheus operator dependencies to v0.87.0 [#2752](https://github.com/openshift/cluster-monitoring-operator/pull/2752)
* [MON-4434](https://issues.redhat.com/browse/MON-4434): Migrate core monitoring ServiceMonitors to EndpointSlice [#2745](https://github.com/openshift/cluster-monitoring-operator/pull/2745)
* NO-ISSUE: Bump openshift/library-go [#2751](https://github.com/openshift/cluster-monitoring-operator/pull/2751)
* [OCPBUGS-65630](https://issues.redhat.com/browse/OCPBUGS-65630): add monitoring-plugin service account to deployment. [#2748](https://github.com/openshift/cluster-monitoring-operator/pull/2748)
* [MON-4420](https://issues.redhat.com/browse/MON-4420): Enable Gateway API collection by telemeter [#2750](https://github.com/openshift/cluster-monitoring-operator/pull/2750)
* [MON-4420](https://issues.redhat.com/browse/MON-4420): Gateway API telemetry [#2734](https://github.com/openshift/cluster-monitoring-operator/pull/2734)
* [OCPBUGS-65600](https://issues.redhat.com/browse/OCPBUGS-65600): fetch misspell binary upon invocation and fix CHANGELOG typo [#2747](https://github.com/openshift/cluster-monitoring-operator/pull/2747)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2736](https://github.com/openshift/cluster-monitoring-operator/pull/2736)
* [MON-4392](https://issues.redhat.com/browse/MON-4392): set serviceDiscoveryRole:EndpointSlice for kubelet and node-exporter servicemonitors [#2742](https://github.com/openshift/cluster-monitoring-operator/pull/2742)
* NO-ISSUE: bump jsonnet dependencies [#2741](https://github.com/openshift/cluster-monitoring-operator/pull/2741)
* [MON-4296](https://issues.redhat.com/browse/MON-4296): Bump prometheus-operator libs to v0.86.2 [#2720](https://github.com/openshift/cluster-monitoring-operator/pull/2720)
* [TRT-2395](https://issues.redhat.com/browse/TRT-2395): Revert "OCPBUGS-61088: create networkpolicy settings for in-cluster monitoring" [#2738](https://github.com/openshift/cluster-monitoring-operator/pull/2738)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2728](https://github.com/openshift/cluster-monitoring-operator/pull/2728)
* [OCPBUGS-62310](https://issues.redhat.com/browse/OCPBUGS-62310): Fix KSM deny-list typo [#2677](https://github.com/openshift/cluster-monitoring-operator/pull/2677)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2712](https://github.com/openshift/cluster-monitoring-operator/pull/2712)
* NO-JIRA: clarify ExternalLabels doc [#2691](https://github.com/openshift/cluster-monitoring-operator/pull/2691)
* [MON-4398](https://issues.redhat.com/browse/MON-4398): Enable UTF-8 by default in admission-webhook [#2704](https://github.com/openshift/cluster-monitoring-operator/pull/2704)
* [OCPBUGS-45671](https://issues.redhat.com/browse/OCPBUGS-45671): chore(prometheus/remotewrite): clarify that the in-cluster proxy env vars set in prometheus container can be used in all configs that support proxyConfig.proxyFromEnvironment [#2717](https://github.com/openshift/cluster-monitoring-operator/pull/2717)
* [MON-4383](https://issues.redhat.com/browse/MON-4383): feat(auto_docs_examples): adjust and add more examples [#2573](https://github.com/openshift/cluster-monitoring-operator/pull/2573)
* [MON-4408](https://issues.redhat.com/browse/MON-4408): chore: make test/monitoring a seperate module to keep managing deps in root go.mod simple [#2714](https://github.com/openshift/cluster-monitoring-operator/pull/2714)
* [OCPBUGS-62276](https://issues.redhat.com/browse/OCPBUGS-62276): add tls configuration for the monitoring plugin deployment [#2706](https://github.com/openshift/cluster-monitoring-operator/pull/2706)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2705](https://github.com/openshift/cluster-monitoring-operator/pull/2705)
* [OCPBUGS-62972](https://issues.redhat.com/browse/OCPBUGS-62972): enhance case 66736 [#2708](https://github.com/openshift/cluster-monitoring-operator/pull/2708)
* NO-ISSUE: Update jsonnet dependencies [#2696](https://github.com/openshift/cluster-monitoring-operator/pull/2696)
* [OCPBUGS-62160](https://issues.redhat.com/browse/OCPBUGS-62160): Remove AlertManager endpoints when disabled [#2684](https://github.com/openshift/cluster-monitoring-operator/pull/2684)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2703](https://github.com/openshift/cluster-monitoring-operator/pull/2703)
* [MON-4395](https://issues.redhat.com/browse/MON-4395): Bump prometheus-operator to v0.86.0 [#2698](https://github.com/openshift/cluster-monitoring-operator/pull/2698)
* NO-ISSUE: set openshift-state-metrics as default container [#2693](https://github.com/openshift/cluster-monitoring-operator/pull/2693)
* [OCPBUGS-61661](https://issues.redhat.com/browse/OCPBUGS-61661): Remove cluster from non-multicluster dashboards [#2679](https://github.com/openshift/cluster-monitoring-operator/pull/2679)
* [MON-4384](https://issues.redhat.com/browse/MON-4384): adding Blackwell GPU device to accelerators configmap [#2689](https://github.com/openshift/cluster-monitoring-operator/pull/2689)
* NO-ISSUE: chore: remove image locations in assets [#2683](https://github.com/openshift/cluster-monitoring-operator/pull/2683)
* NO-ISSUE: [bot] Update jsonnet dependencies [#2687](https://github.com/openshift/cluster-monitoring-operator/pull/2687)
* NO-ISSUE: chore: remove mentions of prometheus Adapter [#2682](https://github.com/openshift/cluster-monitoring-operator/pull/2682)
* [OCPBUGS-15430](https://issues.redhat.com/browse/OCPBUGS-15430): remove Kubernetes API alerting rules [#2671](https://github.com/openshift/cluster-monitoring-operator/pull/2671)
* NO-JIRA: chore: bump jsonnet dependencies [#2649](https://github.com/openshift/cluster-monitoring-operator/pull/2649)
* [OCPBUGS-62109](https://issues.redhat.com/browse/OCPBUGS-62109): test: remove image registry e2e tests [#2681](https://github.com/openshift/cluster-monitoring-operator/pull/2681)
* NO-ISSUE: update Go dependencies [#2674](https://github.com/openshift/cluster-monitoring-operator/pull/2674)
* [MON-4346](https://issues.redhat.com/browse/MON-4346): Bump Go to 1.24 [#2655](https://github.com/openshift/cluster-monitoring-operator/pull/2655)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2673](https://github.com/openshift/cluster-monitoring-operator/pull/2673)
* [OCPBUGS-60161](https://issues.redhat.com/browse/OCPBUGS-60161): Add mcd_local_unsupported_packages metric from MCO to telemetry [#2638](https://github.com/openshift/cluster-monitoring-operator/pull/2638)
* NO-ISSUE: Updating cluster-monitoring-operator-container image to be consistent with ART for 4.21 [#2662](https://github.com/openshift/cluster-monitoring-operator/pull/2662)
* [MON-4344](https://issues.redhat.com/browse/MON-4344): chore: port the test suite over from openshift-tests-private [#2635](https://github.com/openshift/cluster-monitoring-operator/pull/2635)
* [MON-4371](https://issues.redhat.com/browse/MON-4371): chore(prometheus): enable use-uncached-io feature flag [#2637](https://github.com/openshift/cluster-monitoring-operator/pull/2637)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2668](https://github.com/openshift/cluster-monitoring-operator/pull/2668)
* [OCPBUGS-61113](https://issues.redhat.com/browse/OCPBUGS-61113): add flag `--watch-referenced-objects-in-all-namespaces` to prometheus-operator [#2657](https://github.com/openshift/cluster-monitoring-operator/pull/2657)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2663](https://github.com/openshift/cluster-monitoring-operator/pull/2663)
* [OCPBUGS-56568](https://issues.redhat.com/browse/OCPBUGS-56568): chore(jsonnet): use prometheus_remote_storage_queue_highest_timestamp_seconds in PrometheusRemoteWriteBehind [#2660](https://github.com/openshift/cluster-monitoring-operator/pull/2660)
* [OCPBUGS-61135](https://issues.redhat.com/browse/OCPBUGS-61135): Revert "MON-4343: Cleanup deprecate pa config" [#2658](https://github.com/openshift/cluster-monitoring-operator/pull/2658)
* [OCPBUGS-60948](https://issues.redhat.com/browse/OCPBUGS-60948): Add selinux_warning_controller_selinux_volume_conflict to telemetry [#2653](https://github.com/openshift/cluster-monitoring-operator/pull/2653)
* [MON-4343](https://issues.redhat.com/browse/MON-4343): Cleanup deprecate pa config [#2651](https://github.com/openshift/cluster-monitoring-operator/pull/2651)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2654](https://github.com/openshift/cluster-monitoring-operator/pull/2654)
* NO-JIRA: chore: drop check for AlertmanagerV1 [#2650](https://github.com/openshift/cluster-monitoring-operator/pull/2650)
* [OCPBUGS-56158](https://issues.redhat.com/browse/OCPBUGS-56158): Bump prometheus-operator to v0.85.0 [#2652](https://github.com/openshift/cluster-monitoring-operator/pull/2652)
* [OCPBUGS-34568](https://issues.redhat.com/browse/OCPBUGS-34568), [OCPBUGS-35095](https://issues.redhat.com/browse/OCPBUGS-35095), [OCPBUGS-60689](https://issues.redhat.com/browse/OCPBUGS-60689), [OCPBUGS-60691](https://issues.redhat.com/browse/OCPBUGS-60691), [OCPBUGS-60692](https://issues.redhat.com/browse/OCPBUGS-60692): non-HA alert cases [#2630](https://github.com/openshift/cluster-monitoring-operator/pull/2630)
* [OCPBUGS-58475](https://issues.redhat.com/browse/OCPBUGS-58475): Enforce secure TLS settings in CMO server [#2647](https://github.com/openshift/cluster-monitoring-operator/pull/2647)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2642](https://github.com/openshift/cluster-monitoring-operator/pull/2642)
* [MON-4312](https://issues.redhat.com/browse/MON-4312): Adding new accelerator to the accelerator configmap [#2636](https://github.com/openshift/cluster-monitoring-operator/pull/2636)
* [MON-4318](https://issues.redhat.com/browse/MON-4318): Add debug image manifest to CMO [#2623](https://github.com/openshift/cluster-monitoring-operator/pull/2623)
* [OCPBUGS-60221](https://issues.redhat.com/browse/OCPBUGS-60221): remove `managed_cluster` from reserved external labels [#2641](https://github.com/openshift/cluster-monitoring-operator/pull/2641)
* NO-JIRA: Use label matchers for Rules API in prom-label-proxy [#2640](https://github.com/openshift/cluster-monitoring-operator/pull/2640)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2639](https://github.com/openshift/cluster-monitoring-operator/pull/2639)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2620](https://github.com/openshift/cluster-monitoring-operator/pull/2620)
* [MON-4299](https://issues.redhat.com/browse/MON-4299): chore(thanos): replace CLI args that will disappear in future versions [#2626](https://github.com/openshift/cluster-monitoring-operator/pull/2626)
* [OCPBUGS-58475](https://issues.redhat.com/browse/OCPBUGS-58475): Enforce secure TLS settings in CMO [#2618](https://github.com/openshift/cluster-monitoring-operator/pull/2618)
* [OCPBUGS-57215](https://issues.redhat.com/browse/OCPBUGS-57215): operator: increase wait time till degraded to max 4 times 5m [#2624](https://github.com/openshift/cluster-monitoring-operator/pull/2624)
* [MON-4255](https://issues.redhat.com/browse/MON-4255): Bump prometheus-operator dependencies to v0.84.0 [#2619](https://github.com/openshift/cluster-monitoring-operator/pull/2619)
* [MON-4255](https://issues.redhat.com/browse/MON-4255): Bump prometheus-operator to v0.83 [#2614](https://github.com/openshift/cluster-monitoring-operator/pull/2614)
* [OCPBUGS-57561](https://issues.redhat.com/browse/OCPBUGS-57561): Updating cluster-monitoring-operator-container image to be consistent with ART for 4.20 [#2611](https://github.com/openshift/cluster-monitoring-operator/pull/2611)
* [MON-4288](https://issues.redhat.com/browse/MON-4288): set up openshift-tests-extension and add a sanity test [#2616](https://github.com/openshift/cluster-monitoring-operator/pull/2616)
* [MON-4282](https://issues.redhat.com/browse/MON-4282): Multi-tenant support for KSM's CRS [#2595](https://github.com/openshift/cluster-monitoring-operator/pull/2595)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2615](https://github.com/openshift/cluster-monitoring-operator/pull/2615)
* [OCPBUGS-58427](https://issues.redhat.com/browse/OCPBUGS-58427): pkg/manifests: don't reset annotations for metrics client CA [#2612](https://github.com/openshift/cluster-monitoring-operator/pull/2612)
* [OCPBUGS-57184](https://issues.redhat.com/browse/OCPBUGS-57184): chore(alerts): adjust PrometheusPossibleNarrowSelectors description and add link to to-be-added runbook [#2608](https://github.com/openshift/cluster-monitoring-operator/pull/2608)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2607](https://github.com/openshift/cluster-monitoring-operator/pull/2607)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2606](https://github.com/openshift/cluster-monitoring-operator/pull/2606)
* [OCPBUGS-18282](https://issues.redhat.com/browse/OCPBUGS-18282): provide more context in externalLabels unmarshalling error [#2605](https://github.com/openshift/cluster-monitoring-operator/pull/2605)
* NO-JIRA: metrics-client-ca: set owner annotation [#2602](https://github.com/openshift/cluster-monitoring-operator/pull/2602)
* [OCPBUGS-18282](https://issues.redhat.com/browse/OCPBUGS-18282): prevent use of reserved labels keys in Prometheus externalLabels [#2604](https://github.com/openshift/cluster-monitoring-operator/pull/2604)
* [MON-4242](https://issues.redhat.com/browse/MON-4242): chore(metrics-server): allow setting log verbosity [#2599](https://github.com/openshift/cluster-monitoring-operator/pull/2599)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2603](https://github.com/openshift/cluster-monitoring-operator/pull/2603)
* [OCPBUGS-33691](https://issues.redhat.com/browse/OCPBUGS-33691): mixin: longer rate interval for Alertmanager[Cluster]FailedToSendAlerts [#2598](https://github.com/openshift/cluster-monitoring-operator/pull/2598)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2600](https://github.com/openshift/cluster-monitoring-operator/pull/2600)
* [MON-4200](https://issues.redhat.com/browse/MON-4200): disable --auto-gomemlimit for Prometheus on SNO until we can ensure it won't result in excessive CPU usage [#2549](https://github.com/openshift/cluster-monitoring-operator/pull/2549)
* NO-JIRA: Synchronize versions of the downstream components [#2594](https://github.com/openshift/cluster-monitoring-operator/pull/2594)
* [MON-4207](https://issues.redhat.com/browse/MON-4207): Bump prometheus-operator to v0.81.0 [#2593](https://github.com/openshift/cluster-monitoring-operator/pull/2593)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2589](https://github.com/openshift/cluster-monitoring-operator/pull/2589)
* [MON-4161](https://issues.redhat.com/browse/MON-4161): add topology telemetry signals [#2588](https://github.com/openshift/cluster-monitoring-operator/pull/2588)
* [MON-4126](https://issues.redhat.com/browse/MON-4126): set fallbackScrapeProtocol: 'PrometheusText1.0.0' as default for all UWM Prometheus targets for backward compatibility with Prometheus v2 until a better migration process is available [#2590](https://github.com/openshift/cluster-monitoring-operator/pull/2590)
* [MON-4150](https://issues.redhat.com/browse/MON-4150): chore: update prometheus-operator go dep [#2586](https://github.com/openshift/cluster-monitoring-operator/pull/2586)
* [OCPBUGS-54516](https://issues.redhat.com/browse/OCPBUGS-54516): provide context-rich and case-sensitive config validation [#2584](https://github.com/openshift/cluster-monitoring-operator/pull/2584)
* [MON-4149](https://issues.redhat.com/browse/MON-4149): chore: update library-go [#2587](https://github.com/openshift/cluster-monitoring-operator/pull/2587)
* [OCPBUGS-54223](https://issues.redhat.com/browse/OCPBUGS-54223): Fix opentelemetry processor/receiver/exporter/extensions labels [#2583](https://github.com/openshift/cluster-monitoring-operator/pull/2583)
* [MON-4188](https://issues.redhat.com/browse/MON-4188): Add docs for proxy_url alertmanager [#2582](https://github.com/openshift/cluster-monitoring-operator/pull/2582)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2577](https://github.com/openshift/cluster-monitoring-operator/pull/2577)
* [MON-4189](https://issues.redhat.com/browse/MON-4189): Updating node-exporter accelerators configmap [#2558](https://github.com/openshift/cluster-monitoring-operator/pull/2558)
* [MON-4043](https://issues.redhat.com/browse/MON-4043): Configuring external Alertmangers with proxy_url [#2580](https://github.com/openshift/cluster-monitoring-operator/pull/2580)
* [MON-4136](https://issues.redhat.com/browse/MON-4136): set up the PrometheusPossibleNarrowSelectors alert [#2554](https://github.com/openshift/cluster-monitoring-operator/pull/2554)
* [MON-3960](https://issues.redhat.com/browse/MON-3960): test: enable back TestTLSSecurityProfileConfiguration and m… [#2545](https://github.com/openshift/cluster-monitoring-operator/pull/2545)
* NO-JIRA: chore: versions: kubeRbacProxy's primary branch isn't main yet [#2574](https://github.com/openshift/cluster-monitoring-operator/pull/2574)
* [OU-515](https://issues.redhat.com/browse/OU-515): remove old nginx configmap deletion [#2575](https://github.com/openshift/cluster-monitoring-operator/pull/2575)
* NO-JIRA: Bump prometheus-operator to 0.80.1 [#2572](https://github.com/openshift/cluster-monitoring-operator/pull/2572)
* [MON-4147](https://issues.redhat.com/browse/MON-4147): test: remove unnecessary UWM configuration in TestUserWorkloadMonitoringXXX [#2567](https://github.com/openshift/cluster-monitoring-operator/pull/2567)
* [OCPBUGS-50837](https://issues.redhat.com/browse/OCPBUGS-50837): Fix opentelemetry metrics to use regexp on label match [#2568](https://github.com/openshift/cluster-monitoring-operator/pull/2568)
* [OCPBUGS-50703](https://issues.redhat.com/browse/OCPBUGS-50703): Add incidents metric to telemetry [#2569](https://github.com/openshift/cluster-monitoring-operator/pull/2569)
* NO-JIRA: Bump prometheus-operator to v0.80.0 [#2565](https://github.com/openshift/cluster-monitoring-operator/pull/2565)
* [MON-3866](https://issues.redhat.com/browse/MON-3866): create separate metrics client cert for metrics server [#2536](https://github.com/openshift/cluster-monitoring-operator/pull/2536)
* NO-JIRA: tweak asciiDocs formatting to ease the mapping into the monitoring Docs [#2563](https://github.com/openshift/cluster-monitoring-operator/pull/2563)
* [OCPBUGS-48381](https://issues.redhat.com/browse/OCPBUGS-48381): jsonnet: switch telemeter to main [#2560](https://github.com/openshift/cluster-monitoring-operator/pull/2560)
* [OCPBUGS-48376](https://issues.redhat.com/browse/OCPBUGS-48376): jsonnet: switch openshift-state-metrics to main branch [#2559](https://github.com/openshift/cluster-monitoring-operator/pull/2559)
* [OCPBUGS-48370](https://issues.redhat.com/browse/OCPBUGS-48370): chore: rename default branch in various places [#2561](https://github.com/openshift/cluster-monitoring-operator/pull/2561)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2531](https://github.com/openshift/cluster-monitoring-operator/pull/2531)
* [OCPBUGS-48074](https://issues.redhat.com/browse/OCPBUGS-48074): Fixing telemetry rule for accelerators [#2551](https://github.com/openshift/cluster-monitoring-operator/pull/2551)
* [MON-4107](https://issues.redhat.com/browse/MON-4107): chore: add logs (at v=3 level) regarding the deactivation of components [#2546](https://github.com/openshift/cluster-monitoring-operator/pull/2546)
* [OCPBUGS-31356](https://issues.redhat.com/browse/OCPBUGS-31356): chore(client): DeleteXXX short-circuit if the resource doesn't exist as a GET is less expensive than a no-op DELETE [#2547](https://github.com/openshift/cluster-monitoring-operator/pull/2547)
* [MON-4118](https://issues.redhat.com/browse/MON-4118): chore: use alertmanager v2 in tests as v1 is not longer supported in Prometheus 3 [#2544](https://github.com/openshift/cluster-monitoring-operator/pull/2544)
* NO-JIRA: fix TestPrometheusRemoteWrite to align the image used for th… [#2543](https://github.com/openshift/cluster-monitoring-operator/pull/2543)
* NO-JIRA: Bump prometheus-operator to 0.79.2 [#2542](https://github.com/openshift/cluster-monitoring-operator/pull/2542)
* [MGMT-19498](https://issues.redhat.com/browse/MGMT-19498): Fixing the configmap data fields [#2540](https://github.com/openshift/cluster-monitoring-operator/pull/2540)
* NO-JIRA: Bump prometheus-operator to v0.79.1 [#2538](https://github.com/openshift/cluster-monitoring-operator/pull/2538)
* [MGMT-19498](https://issues.redhat.com/browse/MGMT-19498): Adding accelerators configuration file to the node-exporter [#2530](https://github.com/openshift/cluster-monitoring-operator/pull/2530)
* [OCPBUGS-35095](https://issues.redhat.com/browse/OCPBUGS-35095): unpin `kubernetes-mixin` [#2422](https://github.com/openshift/cluster-monitoring-operator/pull/2422)
* [OCPBUGS-45389](https://issues.redhat.com/browse/OCPBUGS-45389): update image to be consistent with ART for 4.19 [#2533](https://github.com/openshift/cluster-monitoring-operator/pull/2533)
* [OCPBUGS-35726](https://issues.redhat.com/browse/OCPBUGS-35726): remove certificate hash annotation for monitoring-plugin [#2524](https://github.com/openshift/cluster-monitoring-operator/pull/2524)
* [OCPBUGS-45179](https://issues.redhat.com/browse/OCPBUGS-45179): Use explicit name label for logging telemetry metrics [#2529](https://github.com/openshift/cluster-monitoring-operator/pull/2529)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2527](https://github.com/openshift/cluster-monitoring-operator/pull/2527)
* [OCPBUGS-44831](https://issues.redhat.com/browse/OCPBUGS-44831): disable token automount for alertmanager-user-workload SA [#2522](https://github.com/openshift/cluster-monitoring-operator/pull/2522)
* NO-JIRA: use scrape class to avoid TLS config repetitions [#2492](https://github.com/openshift/cluster-monitoring-operator/pull/2492)
* [AUTH-482](https://issues.redhat.com/browse/AUTH-482): set required-scc for openshift workloads [#2498](https://github.com/openshift/cluster-monitoring-operator/pull/2498)
* [MON-4046](https://issues.redhat.com/browse/MON-4046): add early validation for Platform and UWM monitoring configmaps [#2490](https://github.com/openshift/cluster-monitoring-operator/pull/2490)
* [OCPBUGS-38655](https://issues.redhat.com/browse/OCPBUGS-38655): take cluster proxy into account for UWM Prometheus rem… [#2523](https://github.com/openshift/cluster-monitoring-operator/pull/2523)
* [MON-4058](https://issues.redhat.com/browse/MON-4058): Fix api-docs for ThanosRuler EvaluationInterval [#2518](https://github.com/openshift/cluster-monitoring-operator/pull/2518)
* [MON-3934](https://issues.redhat.com/browse/MON-3934): make TestImageRegistryPods more robust and split it into Pl… [#2468](https://github.com/openshift/cluster-monitoring-operator/pull/2468)
* [MON-4058](https://issues.redhat.com/browse/MON-4058): Expose evaluationInterval setting for UWM Prometheus and ThanosRuler [#2517](https://github.com/openshift/cluster-monitoring-operator/pull/2517)
* [MON-4078](https://issues.redhat.com/browse/MON-4078): report vendor_model:node_accelerator_cards:sum to Telemetry [#2515](https://github.com/openshift/cluster-monitoring-operator/pull/2515)
* [MON-4057](https://issues.redhat.com/browse/MON-4057): Expose `scrapeInterval` setting for UWM Prometheus [#2503](https://github.com/openshift/cluster-monitoring-operator/pull/2503)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2516](https://github.com/openshift/cluster-monitoring-operator/pull/2516)
* [OCPBUGS-43987](https://issues.redhat.com/browse/OCPBUGS-43987): Bump library-go to get latest tls suite changes [#2513](https://github.com/openshift/cluster-monitoring-operator/pull/2513)
* [OCPBUGS-27250](https://issues.redhat.com/browse/OCPBUGS-27250): bump prometheus-operator to v0.78.1 [#2514](https://github.com/openshift/cluster-monitoring-operator/pull/2514)
* [MON-4051](https://issues.redhat.com/browse/MON-4051): Add new metrics for OpenShift logging telemetry [#2512](https://github.com/openshift/cluster-monitoring-operator/pull/2512)
* [MON-4065](https://issues.redhat.com/browse/MON-4065): [bot] Synchronize versions of the downstream components [#2504](https://github.com/openshift/cluster-monitoring-operator/pull/2504)
* [OCPBUGS-18007](https://issues.redhat.com/browse/OCPBUGS-18007): Add runbook url for TelemeterClientFailures [#2506](https://github.com/openshift/cluster-monitoring-operator/pull/2506)
* [MON-4060](https://issues.redhat.com/browse/MON-4060): Bump prometheus-operator to v0.77.2 [#2502](https://github.com/openshift/cluster-monitoring-operator/pull/2502)
* [OCPBUGS-42671](https://issues.redhat.com/browse/OCPBUGS-42671): make config unmarshalling more strict to help detect [#2493](https://github.com/openshift/cluster-monitoring-operator/pull/2493)
* [OCPBUGS-42148](https://issues.redhat.com/browse/OCPBUGS-42148): Fix api doc on Thanos Ruler default retention [#2500](https://github.com/openshift/cluster-monitoring-operator/pull/2500)
* [MON-3850](https://issues.redhat.com/browse/MON-3850): Lint CMO tests [#2292](https://github.com/openshift/cluster-monitoring-operator/pull/2292)
* [MON-4021](https://issues.redhat.com/browse/MON-4021): feat: add the required utils for automated tests and integration with the docs [#2443](https://github.com/openshift/cluster-monitoring-operator/pull/2443)
* NO-JIRA: fix CMO config for Alertmanager e2e tests [#2495](https://github.com/openshift/cluster-monitoring-operator/pull/2495)
* NO-JIRA: [bot] Update jsonnet dependencies [#2486](https://github.com/openshift/cluster-monitoring-operator/pull/2486)
* [MON-3523](https://issues.redhat.com/browse/MON-3523): Disable http2 in metrics-server by default [#2485](https://github.com/openshift/cluster-monitoring-operator/pull/2485)
* [MON-3802](https://issues.redhat.com/browse/MON-3802): implement cross-namespace rules for UWM [#2307](https://github.com/openshift/cluster-monitoring-operator/pull/2307)
* [MON-3991](https://issues.redhat.com/browse/MON-3991): set noProxy for Prometheus remote-write via the CR. [#2453](https://github.com/openshift/cluster-monitoring-operator/pull/2453)
* [OCPBUGS-30122](https://issues.redhat.com/browse/OCPBUGS-30122): chore: Bump to prometheus-operator 0.77.1 [#2480](https://github.com/openshift/cluster-monitoring-operator/pull/2480)
* [OCPBUGS-30122](https://issues.redhat.com/browse/OCPBUGS-30122): Bump openshift/prometheus-operator to v0.77.1 [#2484](https://github.com/openshift/cluster-monitoring-operator/pull/2484)
* NO-JIRA: vendor Kubernetes dashboards [#2482](https://github.com/openshift/cluster-monitoring-operator/pull/2482)
* NO-JIRA: update Go dependencies [#2481](https://github.com/openshift/cluster-monitoring-operator/pull/2481)
* [OCPBUGS-41158](https://issues.redhat.com/browse/OCPBUGS-41158): add pod-metrics-reader cluster role [#2475](https://github.com/openshift/cluster-monitoring-operator/pull/2475)
* [MON-3896](https://issues.redhat.com/browse/MON-3896): Add OpenTelemetry operator metrics [#2450](https://github.com/openshift/cluster-monitoring-operator/pull/2450)
* NO-JIRA: clean-up generated dashboards [#2479](https://github.com/openshift/cluster-monitoring-operator/pull/2479)
* NO-JIRA: remove 4.17 TODOs [#2478](https://github.com/openshift/cluster-monitoring-operator/pull/2478)
* NO-JIRA: Update ConsolePlugin to include specs for i18n.loadType : Preload. [#2477](https://github.com/openshift/cluster-monitoring-operator/pull/2477)
* [MON-3367](https://issues.redhat.com/browse/MON-3367): chore: enable delayed-compaction feature flag on Platform and UWM Prometheuses [#2469](https://github.com/openshift/cluster-monitoring-operator/pull/2469)
* [OCPBUGS-39246](https://issues.redhat.com/browse/OCPBUGS-39246): filter alerts sent to Telemeter [#2466](https://github.com/openshift/cluster-monitoring-operator/pull/2466)
* [MON-3934](https://issues.redhat.com/browse/MON-3934): move port forward setup inside retry loop for more resiliency [#2465](https://github.com/openshift/cluster-monitoring-operator/pull/2465)
* [MON-3934](https://issues.redhat.com/browse/MON-3934): merge TestAlertManagerHasAdditionalAlertRelabelConfigs into… [#2464](https://github.com/openshift/cluster-monitoring-operator/pull/2464)
* [MON-3994](https://issues.redhat.com/browse/MON-3994): [bot] Synchronize versions of the downstream components [#2462](https://github.com/openshift/cluster-monitoring-operator/pull/2462)
* [OCPBUGS-39133](https://issues.redhat.com/browse/OCPBUGS-39133): Configure graceful shutdown for metrics-server [#2460](https://github.com/openshift/cluster-monitoring-operator/pull/2460)
* [MON-3994](https://issues.redhat.com/browse/MON-3994): [bot] Synchronize versions of the downstream components [#2457](https://github.com/openshift/cluster-monitoring-operator/pull/2457)
* [OCPBUGS-39126](https://issues.redhat.com/browse/OCPBUGS-39126): disable user-defined monitoring per object [#2452](https://github.com/openshift/cluster-monitoring-operator/pull/2452)
* [OU-450](https://issues.redhat.com/browse/OU-450): Migrate Monitoring Plugin Deployment from nginx to Go server [#2412](https://github.com/openshift/cluster-monitoring-operator/pull/2412)
* [MON-3992](https://issues.redhat.com/browse/MON-3992): [bot] Synchronize versions of the downstream components [#2454](https://github.com/openshift/cluster-monitoring-operator/pull/2454)
* NO-JIRA: Update README.md [#2456](https://github.com/openshift/cluster-monitoring-operator/pull/2456)
* Updating cluster-monitoring-operator-container image to be consistent with ART for 4.18 [#2455](https://github.com/openshift/cluster-monitoring-operator/pull/2455)
* [MON-3990](https://issues.redhat.com/browse/MON-3990): make TestClusterMonitorConsolePlugin check that one of the pods can serve /plugin-manifest.json [#2444](https://github.com/openshift/cluster-monitoring-operator/pull/2444)
* [MON-3989](https://issues.redhat.com/browse/MON-3989): [bot] Synchronize versions of the downstream components [#2446](https://github.com/openshift/cluster-monitoring-operator/pull/2446)
* [MON-3895](https://issues.redhat.com/browse/MON-3895): Add tempo operator metrics [#2421](https://github.com/openshift/cluster-monitoring-operator/pull/2421)
* [OCPBUGS-38780](https://issues.redhat.com/browse/OCPBUGS-38780): update links to OpenShift documentation [#2442](https://github.com/openshift/cluster-monitoring-operator/pull/2442)
* [OCPBUGS-38289](https://issues.redhat.com/browse/OCPBUGS-38289): fix(prometheus): avoid passing the cluster-wide proxy config to a remote endpoint when noProxy will prevent the proxuying anyway [#2441](https://github.com/openshift/cluster-monitoring-operator/pull/2441)
* [MON-3982](https://issues.redhat.com/browse/MON-3982): [bot] Synchronize versions of the downstream components [#2440](https://github.com/openshift/cluster-monitoring-operator/pull/2440)
* [MON-3982](https://issues.redhat.com/browse/MON-3982): Upgrade to Prometheus operator v0.76.0 [#2438](https://github.com/openshift/cluster-monitoring-operator/pull/2438)
* [MON-3967](https://issues.redhat.com/browse/MON-3967), [MON-3981](https://issues.redhat.com/browse/MON-3981): [bot] Synchronize versions of the downstream components [#2437](https://github.com/openshift/cluster-monitoring-operator/pull/2437)
* [MON-3962](https://issues.redhat.com/browse/MON-3962): set proxy_from_environment to true [#2431](https://github.com/openshift/cluster-monitoring-operator/pull/2431)
* [OCPBUGS-33863](https://issues.redhat.com/browse/OCPBUGS-33863): use UserWorkloadInvalidConfiguration reason when UWM config only is invalid [#2436](https://github.com/openshift/cluster-monitoring-operator/pull/2436)
* [HOSTEDCP-1044](https://issues.redhat.com/browse/HOSTEDCP-1044): Add nodepools telemetry metrics for HyperShift [#2265](https://github.com/openshift/cluster-monitoring-operator/pull/2265)
* NO-JIRA: [bot] Synchronize versions of the downstream components [#2435](https://github.com/openshift/cluster-monitoring-operator/pull/2435)
* [MON-3972](https://issues.redhat.com/browse/MON-3972): [bot] Synchronize versions of the downstream components [#2434](https://github.com/openshift/cluster-monitoring-operator/pull/2434)
* [OCPBUGS-17506](https://issues.redhat.com/browse/OCPBUGS-17506): Make error messages clearer on poll timeouts [#2417](https://github.com/openshift/cluster-monitoring-operator/pull/2417)
* [MON-3964](https://issues.redhat.com/browse/MON-3964): set scrape timestamp tolerance for user workload monitoring [#2429](https://github.com/openshift/cluster-monitoring-operator/pull/2429)
* [MON-3961](https://issues.redhat.com/browse/MON-3961): inject proxy env variables in Alertmanager [#2424](https://github.com/openshift/cluster-monitoring-operator/pull/2424)
* [MON-3949](https://issues.redhat.com/browse/MON-3949): [bot] Synchronize versions of the downstream components [#2419](https://github.com/openshift/cluster-monitoring-operator/pull/2419)
* [MON-3900](https://issues.redhat.com/browse/MON-3900): follow-up: clean up operator logic and some tests now that metrics-server is the default Metrics API backend [#2425](https://github.com/openshift/cluster-monitoring-operator/pull/2425)
* [OCPBUGS-37686](https://issues.redhat.com/browse/OCPBUGS-37686): fix documentation typos [#2427](https://github.com/openshift/cluster-monitoring-operator/pull/2427)
* NO-JIRA: fix: fix a small typo [#2426](https://github.com/openshift/cluster-monitoring-operator/pull/2426)
* [MON-3921](https://issues.redhat.com/browse/MON-3921): Revert "Revert "Merge pull request #2392 from machine424/f-… [#2403](https://github.com/openshift/cluster-monitoring-operator/pull/2403)
* [MON-3959](https://issues.redhat.com/browse/MON-3959): Skip TestTLSSecurityProfileConfiguration as disruptive [#2423](https://github.com/openshift/cluster-monitoring-operator/pull/2423)
* [MON-3900](https://issues.redhat.com/browse/MON-3900): Remove prometheus-adapter code [#2409](https://github.com/openshift/cluster-monitoring-operator/pull/2409)
* [MON-3947](https://issues.redhat.com/browse/MON-3947): [bot] Synchronize versions of the downstream components [#2418](https://github.com/openshift/cluster-monitoring-operator/pull/2418)
* [MON-3947](https://issues.redhat.com/browse/MON-3947): [bot] Synchronize versions of the downstream components [#2414](https://github.com/openshift/cluster-monitoring-operator/pull/2414)
* [MON-3947](https://issues.redhat.com/browse/MON-3947): Bump prometheus-operator to 0.75.1 [#2416](https://github.com/openshift/cluster-monitoring-operator/pull/2416)
* [MON-2065](https://issues.redhat.com/browse/MON-2065): jsonnet: exclude `kubernetes-storage` rules [#2377](https://github.com/openshift/cluster-monitoring-operator/pull/2377)
* [OCPBUGS-36495](https://issues.redhat.com/browse/OCPBUGS-36495): Add deprecated config runbook [#2410](https://github.com/openshift/cluster-monitoring-operator/pull/2410)
* [OCPBUGS-31250](https://issues.redhat.com/browse/OCPBUGS-31250): Exclude windows nodes from kubelet servicemonitor [#2368](https://github.com/openshift/cluster-monitoring-operator/pull/2368)
* [OCPBUGS-36406](https://issues.redhat.com/browse/OCPBUGS-36406): add runbook_url annotations [#2401](https://github.com/openshift/cluster-monitoring-operator/pull/2401)
* [MON-3914](https://issues.redhat.com/browse/MON-3914): add a regression test for gogc based on the go_gc_gogc_percent metric [#2393](https://github.com/openshift/cluster-monitoring-operator/pull/2393)
* [MON-3914](https://issues.redhat.com/browse/MON-3914): [bot] Synchronize versions of the downstream components [#2394](https://github.com/openshift/cluster-monitoring-operator/pull/2394)
* [OCPBUGS-36299](https://issues.redhat.com/browse/OCPBUGS-36299): Revert #2392 "MON-3800: jsonnet: update prometheus dep to fetch the PrometheusKuber…" [#2398](https://github.com/openshift/cluster-monitoring-operator/pull/2398)
* [MON-3800](https://issues.redhat.com/browse/MON-3800): jsonnet: update prometheus dep to fetch the PrometheusKuber… [#2392](https://github.com/openshift/cluster-monitoring-operator/pull/2392)
* [OCPBUGS-35480](https://issues.redhat.com/browse/OCPBUGS-35480): Add deprecation for prometheus adapter [#2381](https://github.com/openshift/cluster-monitoring-operator/pull/2381)
* [MON-3915](https://issues.redhat.com/browse/MON-3915): chore: bump Go dependencies [#2387](https://github.com/openshift/cluster-monitoring-operator/pull/2387)
* [MON-3914](https://issues.redhat.com/browse/MON-3914): adjust Prometheus GOGC based on infra topology [#2390](https://github.com/openshift/cluster-monitoring-operator/pull/2390)
* [OCPBUGS-32696](https://issues.redhat.com/browse/OCPBUGS-32696): opt-out of multi-cluster Prometheus dashboard [#2351](https://github.com/openshift/cluster-monitoring-operator/pull/2351)
* [OCPBUGS-35397](https://issues.redhat.com/browse/OCPBUGS-35397): attach runbook to the PrometheusDuplicateTimestamps alert [#2365](https://github.com/openshift/cluster-monitoring-operator/pull/2365)
* [MON-3905](https://issues.redhat.com/browse/MON-3905): [bot] Synchronize versions of the downstream components [#2382](https://github.com/openshift/cluster-monitoring-operator/pull/2382)
* [MON-3894](https://issues.redhat.com/browse/MON-3894): revert(monitoring-plugin): undo nginx caching tweaks as the issue was… [#2380](https://github.com/openshift/cluster-monitoring-operator/pull/2380)
* [MON-3795](https://issues.redhat.com/browse/MON-3795), [SDN-3817](https://issues.redhat.com/browse/SDN-3817): Expose OVNKubernetes:AdminNetworkPolicy Metrics via telemetry [#2297](https://github.com/openshift/cluster-monitoring-operator/pull/2297)
* [MON-3897](https://issues.redhat.com/browse/MON-3897): [bot] Synchronize versions of the downstream components [#2378](https://github.com/openshift/cluster-monitoring-operator/pull/2378)
* [OBSDOCS-883](https://issues.redhat.com/browse/OBSDOCS-883): change docs to correct retention time uwm prometheus [#2277](https://github.com/openshift/cluster-monitoring-operator/pull/2277)
* [MON-3884](https://issues.redhat.com/browse/MON-3884): Send metric acm_managed_cluster_worker_cores via Telemetry [#2367](https://github.com/openshift/cluster-monitoring-operator/pull/2367)
* [MON-3887](https://issues.redhat.com/browse/MON-3887), [MON-3889](https://issues.redhat.com/browse/MON-3889): [bot] Synchronize versions of the downstream components [#2376](https://github.com/openshift/cluster-monitoring-operator/pull/2376)
* [MON-3888](https://issues.redhat.com/browse/MON-3888): bump go tools 1.22 [#2375](https://github.com/openshift/cluster-monitoring-operator/pull/2375)
* [MON-3882](https://issues.redhat.com/browse/MON-3882): [bot] Synchronize versions of the downstream components [#2371](https://github.com/openshift/cluster-monitoring-operator/pull/2371)
* [MON-3701](https://issues.redhat.com/browse/MON-3701): clean-up injection of CA bundle for user Alertmanager [#2361](https://github.com/openshift/cluster-monitoring-operator/pull/2361)
* [OCPBUGS-33645](https://issues.redhat.com/browse/OCPBUGS-33645): inject trusted CA bundle into UWM Alertmanager [#2349](https://github.com/openshift/cluster-monitoring-operator/pull/2349)
* [OCPBUGS-34437](https://issues.redhat.com/browse/OCPBUGS-34437): Updating cluster-monitoring-operator-container image to be consistent with ART for 4.17 [#2372](https://github.com/openshift/cluster-monitoring-operator/pull/2372)
* [MON-3881](https://issues.redhat.com/browse/MON-3881): chore: remove hack/ocp-images.sh [#2366](https://github.com/openshift/cluster-monitoring-operator/pull/2366)
* [MON-3801](https://issues.redhat.com/browse/MON-3801): clean-up unused OAuth proxy references [#2359](https://github.com/openshift/cluster-monitoring-operator/pull/2359)
* [MON-3701](https://issues.redhat.com/browse/MON-3701): clean-up injection of CA bundle for user Prometheus [#2362](https://github.com/openshift/cluster-monitoring-operator/pull/2362)
* [MON-3874](https://issues.redhat.com/browse/MON-3874): chore: poll immediately in the e2e tests [#2356](https://github.com/openshift/cluster-monitoring-operator/pull/2356)
* [MON-3701](https://issues.redhat.com/browse/MON-3701): clean-up tests [#2360](https://github.com/openshift/cluster-monitoring-operator/pull/2360)
* [OCPBUGS-33955](https://issues.redhat.com/browse/OCPBUGS-33955): remove deprecated logtostderr argument [#2355](https://github.com/openshift/cluster-monitoring-operator/pull/2355)
* [OCPBUGS-33686](https://issues.redhat.com/browse/OCPBUGS-33686): [bot] Synchronize versions of the downstream components [#2363](https://github.com/openshift/cluster-monitoring-operator/pull/2363)
* [OCPBUGS-23000](https://issues.redhat.com/browse/OCPBUGS-23000): node-exporter: Prevent cluster-autoscaler from evicting [#2346](https://github.com/openshift/cluster-monitoring-operator/pull/2346)
* [MON-3763](https://issues.redhat.com/browse/MON-3763): Add cnv_abnormal [#2291](https://github.com/openshift/cluster-monitoring-operator/pull/2291)
* [OCPBUGS-34080](https://issues.redhat.com/browse/OCPBUGS-34080): Updating cluster-monitoring-operator-container image to be consistent with ART for 4.17 [#2358](https://github.com/openshift/cluster-monitoring-operator/pull/2358)
* : NO-JIRA: Fix formatting in the resources documentation [#2353](https://github.com/openshift/cluster-monitoring-operator/pull/2353)
* [MON-3861](https://issues.redhat.com/browse/MON-3861): Bump go tools 1.21 [#2348](https://github.com/openshift/cluster-monitoring-operator/pull/2348)
* [MON-3856](https://issues.redhat.com/browse/MON-3856): Bump openshift/prometheus to v2.52.0 [#2342](https://github.com/openshift/cluster-monitoring-operator/pull/2342)
* [OCPBUGS-32510](https://issues.redhat.com/browse/OCPBUGS-32510): change metrics-server probes for SNO [#2337](https://github.com/openshift/cluster-monitoring-operator/pull/2337)
* [MON-3851](https://issues.redhat.com/browse/MON-3851): Bump openshift/thanos to v0.35.0 [#2338](https://github.com/openshift/cluster-monitoring-operator/pull/2338)
* [MON-3847](https://issues.redhat.com/browse/MON-3847): Bump openshift/node_exporter to v1.8.0 [#2336](https://github.com/openshift/cluster-monitoring-operator/pull/2336)
* [OCPBUGS-32510](https://issues.redhat.com/browse/OCPBUGS-32510): tweak Prometheus RBAC setup as a temp fix. [#2334](https://github.com/openshift/cluster-monitoring-operator/pull/2334)
* [AUTH-482](https://issues.redhat.com/browse/AUTH-482): set required-scc for openshift workloads [#2335](https://github.com/openshift/cluster-monitoring-operator/pull/2335)
* [MON-3163](https://issues.redhat.com/browse/MON-3163): support VPAs [#2078](https://github.com/openshift/cluster-monitoring-operator/pull/2078)
* [OCPBUGS-23801](https://issues.redhat.com/browse/OCPBUGS-23801): update OTEL `google.golang.org/grpc/otelgrpc` [#2321](https://github.com/openshift/cluster-monitoring-operator/pull/2321)
* NO-JIRA: Increase `checkAlertmanagerAPIVerbs` timeout [#2330](https://github.com/openshift/cluster-monitoring-operator/pull/2330)
* [MON-3487](https://issues.redhat.com/browse/MON-3487): base CP enablement on dedicated feature gate [#2153](https://github.com/openshift/cluster-monitoring-operator/pull/2153)
* [OCPBUGS-32177](https://issues.redhat.com/browse/OCPBUGS-32177): fix wrong dir hack/tools of tools.go [#2327](https://github.com/openshift/cluster-monitoring-operator/pull/2327)
* [MON-3707](https://issues.redhat.com/browse/MON-3707): Add ipsec state metric into telemetry [#2326](https://github.com/openshift/cluster-monitoring-operator/pull/2326)
* [MON-3701](https://issues.redhat.com/browse/MON-3701): clean-up injection of trusted CA bundle for k8s Prometheus [#2323](https://github.com/openshift/cluster-monitoring-operator/pull/2323)
* [MON-3839](https://issues.redhat.com/browse/MON-3839): test: add skip tests for prometheus adapter tests [#2328](https://github.com/openshift/cluster-monitoring-operator/pull/2328)
* [MON-3820](https://issues.redhat.com/browse/MON-3820): allow read-only access for Alertmanager API [#2319](https://github.com/openshift/cluster-monitoring-operator/pull/2319)
* [MON-3701](https://issues.redhat.com/browse/MON-3701): remove trusted CA bundle from Thanos Querier [#2325](https://github.com/openshift/cluster-monitoring-operator/pull/2325)
* [MON-3701](https://issues.redhat.com/browse/MON-3701): follow-up of PR #2308 [#2324](https://github.com/openshift/cluster-monitoring-operator/pull/2324)
* [MON-3825](https://issues.redhat.com/browse/MON-3825): Synchronize versions of the downstream components [#2322](https://github.com/openshift/cluster-monitoring-operator/pull/2322)
* [OCPBUGS-30430](https://issues.redhat.com/browse/OCPBUGS-30430): update `google.golang.org/protobuf` [#2320](https://github.com/openshift/cluster-monitoring-operator/pull/2320)
* [MON-3701](https://issues.redhat.com/browse/MON-3701): clean-up injection of trusted CA bundle for main Alertmanager [#2310](https://github.com/openshift/cluster-monitoring-operator/pull/2310)
* [MON-3783](https://issues.redhat.com/browse/MON-3783): add controller-id annotation to pods deployments and operator [#2309](https://github.com/openshift/cluster-monitoring-operator/pull/2309)
* [OCPBUGS-18643](https://issues.redhat.com/browse/OCPBUGS-18643): address lint warnings [#2284](https://github.com/openshift/cluster-monitoring-operator/pull/2284)
* [WINC-1180](https://issues.redhat.com/browse/WINC-1180): assets, jsonnet: Add container_network openshift-kubernetes.rules [#2314](https://github.com/openshift/cluster-monitoring-operator/pull/2314)
* [OCPBUGS-31847](https://issues.redhat.com/browse/OCPBUGS-31847): Synchronize versions of the downstream components [#2318](https://github.com/openshift/cluster-monitoring-operator/pull/2318)
* [MON-3701](https://issues.redhat.com/browse/MON-3701): remove references to OAuth proxy [#2308](https://github.com/openshift/cluster-monitoring-operator/pull/2308)
* [MON-3706](https://issues.redhat.com/browse/MON-3706): chore: simplify GetServiceAccountToken() [#2272](https://github.com/openshift/cluster-monitoring-operator/pull/2272)
* [MON-3621](https://issues.redhat.com/browse/MON-3621): Enable `extra-scrape-metrics` feature in PrometheusUWM [#2302](https://github.com/openshift/cluster-monitoring-operator/pull/2302)
* [OCPBUGS-31411](https://issues.redhat.com/browse/OCPBUGS-31411): add runbook link for KubeAggregatedAPIErrors alert [#2316](https://github.com/openshift/cluster-monitoring-operator/pull/2316)
* [OCPBUGS-29531](https://issues.redhat.com/browse/OCPBUGS-29531): Add include.release.openshift.io/hypershift label [#2264](https://github.com/openshift/cluster-monitoring-operator/pull/2264)
* [MON-3778](https://issues.redhat.com/browse/MON-3778), [OLS-117](https://issues.redhat.com/browse/OLS-117): Add OLS metrics to telemetry whitelist [#2300](https://github.com/openshift/cluster-monitoring-operator/pull/2300)
* [OCPBUGS-31920](https://issues.redhat.com/browse/OCPBUGS-31920): go.mod: bump openshift/api [#2290](https://github.com/openshift/cluster-monitoring-operator/pull/2290)
* [MON-3700](https://issues.redhat.com/browse/MON-3700): replace OAuth proxy for Thanos Ruler [#2294](https://github.com/openshift/cluster-monitoring-operator/pull/2294)
* [MON-3799](https://issues.redhat.com/browse/MON-3799): Synchronize versions of the downstream components [#2301](https://github.com/openshift/cluster-monitoring-operator/pull/2301)
* [MON-3749](https://issues.redhat.com/browse/MON-3749): enable request headers flags for metrics server [#2293](https://github.com/openshift/cluster-monitoring-operator/pull/2293)
* [OCPBUGS-28650](https://issues.redhat.com/browse/OCPBUGS-28650): fix generation of telemeter token hash [#2298](https://github.com/openshift/cluster-monitoring-operator/pull/2298)
* [MON-3801](https://issues.redhat.com/browse/MON-3801): remove oauth-redirectreference annotations [#2299](https://github.com/openshift/cluster-monitoring-operator/pull/2299)
* [MON-3793](https://issues.redhat.com/browse/MON-3793): Synchronize versions of the downstream components [#2295](https://github.com/openshift/cluster-monitoring-operator/pull/2295)
* [MON-3793](https://issues.redhat.com/browse/MON-3793): jsonnet: Bump jsonnet deps for prometheus-operator [#2296](https://github.com/openshift/cluster-monitoring-operator/pull/2296)
* [MON-3792](https://issues.redhat.com/browse/MON-3792): fix metrics-server path for /test versions [#2286](https://github.com/openshift/cluster-monitoring-operator/pull/2286)
* [MON-3789](https://issues.redhat.com/browse/MON-3789): add a golangci-lint-fix makefile target to fix golangci-lint errros when possible [#2275](https://github.com/openshift/cluster-monitoring-operator/pull/2275)
* [MON-3771](https://issues.redhat.com/browse/MON-3771): update Prometheus operator to v0.72.0 [#2288](https://github.com/openshift/cluster-monitoring-operator/pull/2288)
* [MON-3498](https://issues.redhat.com/browse/MON-3498): Modify prometheus-adapter e2e tests to compact with metrics server [#2196](https://github.com/openshift/cluster-monitoring-operator/pull/2196)
* [OCPBUGS-30257](https://issues.redhat.com/browse/OCPBUGS-30257): Making sure proxy settings are correctly forwarded in the generated remote write configs [#2269](https://github.com/openshift/cluster-monitoring-operator/pull/2269)
* [OCPNODE-2100](https://issues.redhat.com/browse/OCPNODE-2100): jsonnet: update crio port to TLS port 9637 [#2257](https://github.com/openshift/cluster-monitoring-operator/pull/2257)
* [MON-3694](https://issues.redhat.com/browse/MON-3694): chore: encourage the use of the new 'slices' package instead of 'golang.org/x/exp/slices' [#2243](https://github.com/openshift/cluster-monitoring-operator/pull/2243)
* [MON-3748](https://issues.redhat.com/browse/MON-3748): Enable audit logs by default for metrics-server [#2280](https://github.com/openshift/cluster-monitoring-operator/pull/2280)
* [MON-3380](https://issues.redhat.com/browse/MON-3380): adjust prometheus-k8s service openshift.io/description [#2279](https://github.com/openshift/cluster-monitoring-operator/pull/2279)
* [MON-3747](https://issues.redhat.com/browse/MON-3747): Increase e2e test timeout to 150 min [#2278](https://github.com/openshift/cluster-monitoring-operator/pull/2278)
* [MON-3381](https://issues.redhat.com/browse/MON-3381): replace OAuth proxy for Alertmanager [#2260](https://github.com/openshift/cluster-monitoring-operator/pull/2260)
* [OCPBUGS-28246](https://issues.redhat.com/browse/OCPBUGS-28246): fix Thanos ruler alert generator url [#2267](https://github.com/openshift/cluster-monitoring-operator/pull/2267)
* [MON-3706](https://issues.redhat.com/browse/MON-3706): Revert "chore: poll immediately in the e2e tests" [#2271](https://github.com/openshift/cluster-monitoring-operator/pull/2271)
* [MON-3717](https://issues.redhat.com/browse/MON-3717): pkg/client.go: make some CreateOrUpdateXXX functions use library-go’s resourceapply utils. [#2226](https://github.com/openshift/cluster-monitoring-operator/pull/2226)
* [MON-3717](https://issues.redhat.com/browse/MON-3717): update library-go to get https://github.com/openshift/libra… [#2266](https://github.com/openshift/cluster-monitoring-operator/pull/2266)
* [MON-3380](https://issues.redhat.com/browse/MON-3380): re-add kube-rbac-proxy for /metrics and /federate [#2261](https://github.com/openshift/cluster-monitoring-operator/pull/2261)
* [MON-3172](https://issues.redhat.com/browse/MON-3172): describe monitoring services [#2188](https://github.com/openshift/cluster-monitoring-operator/pull/2188)
* [MON-3706](https://issues.redhat.com/browse/MON-3706): chore: poll immediately in the e2e tests [#2258](https://github.com/openshift/cluster-monitoring-operator/pull/2258)
* [MON-3380](https://issues.redhat.com/browse/MON-3380): replace OAuth proxy for prometheus-k8s [#2246](https://github.com/openshift/cluster-monitoring-operator/pull/2246)
* [OCPBUGS-18326](https://issues.redhat.com/browse/OCPBUGS-18326): add Console cap annotation to dashboards [#2254](https://github.com/openshift/cluster-monitoring-operator/pull/2254)
* [TRT-1489](https://issues.redhat.com/browse/TRT-1489): Revert "jsonnet: update crio port to TLS port 9637" [#2255](https://github.com/openshift/cluster-monitoring-operator/pull/2255)
* [OCPNODE-2022](https://issues.redhat.com/browse/OCPNODE-2022): jsonnet: update crio port to TLS port 9637 [#2229](https://github.com/openshift/cluster-monitoring-operator/pull/2229)
* [MON-3705](https://issues.redhat.com/browse/MON-3705): [bot] Update jsonnet dependencies [#2208](https://github.com/openshift/cluster-monitoring-operator/pull/2208)
* [MON-3699](https://issues.redhat.com/browse/MON-3699): chore: merge OmitFromDoc with HideFromDoc introduced in https://github.com/https://github.com/openshift/cluster-monitoring-operator/pull/2210 to hide fields from the doc [#2247](https://github.com/openshift/cluster-monitoring-operator/pull/2247)
* [MON-3697](https://issues.redhat.com/browse/MON-3697): use `maximumStartupDurationSeconds` instead of container patch [#2251](https://github.com/openshift/cluster-monitoring-operator/pull/2251)
* [OCPBUGS-28246](https://issues.redhat.com/browse/OCPBUGS-28246): fix: set externalURL in UWM Prometheus [#2250](https://github.com/openshift/cluster-monitoring-operator/pull/2250)
* [MON-3689](https://issues.redhat.com/browse/MON-3689): Synchronize versions of the downstream components [#2245](https://github.com/openshift/cluster-monitoring-operator/pull/2245)
* [OCPBUGS-27289](https://issues.redhat.com/browse/OCPBUGS-27289): followup of https://github.com/openshift/cluster-monitoring-operator/pull/2242 [#2244](https://github.com/openshift/cluster-monitoring-operator/pull/2244)
* [STOR-1289](https://issues.redhat.com/browse/STOR-1289): Move vSphere prometheus rules to cluster-storage-operator [#2235](https://github.com/openshift/cluster-monitoring-operator/pull/2235)
* [OCPBUGS-27289](https://issues.redhat.com/browse/OCPBUGS-27289): rollout metrics-server on cert rotations [#2242](https://github.com/openshift/cluster-monitoring-operator/pull/2242)
* [OCPBUGS-27213](https://issues.redhat.com/browse/OCPBUGS-27213): Adjust lastError injection to wait.PollUntilContextTimeout's final error [#2234](https://github.com/openshift/cluster-monitoring-operator/pull/2234)
* [MON-3676](https://issues.redhat.com/browse/MON-3676): move raptorsun out of reviewer list [#2240](https://github.com/openshift/cluster-monitoring-operator/pull/2240)
* [MON-3673](https://issues.redhat.com/browse/MON-3673): [bot] Synchronize versions of the downstream components [#2238](https://github.com/openshift/cluster-monitoring-operator/pull/2238)
* [MON-2853](https://issues.redhat.com/browse/MON-2853): add runbook link to TargetDown alert [#2237](https://github.com/openshift/cluster-monitoring-operator/pull/2237)
* [MON-3661](https://issues.redhat.com/browse/MON-3661): [bot] Synchronize versions of the downstream components [#2236](https://github.com/openshift/cluster-monitoring-operator/pull/2236)
* [OCPBUGS-26983](https://issues.redhat.com/browse/OCPBUGS-26983): rollout monitoring plugin on TLS rotation [#2233](https://github.com/openshift/cluster-monitoring-operator/pull/2233)
* [MON-3661](https://issues.redhat.com/browse/MON-3661): chore: update Prometheus operator to v0.71.0 [#2230](https://github.com/openshift/cluster-monitoring-operator/pull/2230)
* [MON-3667](https://issues.redhat.com/browse/MON-3667): remove outdated documentation [#2232](https://github.com/openshift/cluster-monitoring-operator/pull/2232)
* [OCPBUGS-25849](https://issues.redhat.com/browse/OCPBUGS-25849): make PrometheusAdapter and MetricsServer tasks less conflict prone [#2218](https://github.com/openshift/cluster-monitoring-operator/pull/2218)
* [OCPBUGS-25378](https://issues.redhat.com/browse/OCPBUGS-25378): drop InfoInhibitor from default Alertmanager config [#2225](https://github.com/openshift/cluster-monitoring-operator/pull/2225)
* [MON-3664](https://issues.redhat.com/browse/MON-3664): chore: avoid issues with std.set* functions [#2231](https://github.com/openshift/cluster-monitoring-operator/pull/2231)
* [MON-3654](https://issues.redhat.com/browse/MON-3654): use Go standard errors package instead of github.com/pkg/errors [#2224](https://github.com/openshift/cluster-monitoring-operator/pull/2224)
* [MON-1047](https://issues.redhat.com/browse/MON-1047): fix: add terminationMessagePolicy: FallbackToLogsOnError to all conta… [#2228](https://github.com/openshift/cluster-monitoring-operator/pull/2228)
* [MON-3552](https://issues.redhat.com/browse/MON-3552): remove temporary cleanup code and no longer needed tests [#2210](https://github.com/openshift/cluster-monitoring-operator/pull/2210)
* [MON-3650](https://issues.redhat.com/browse/MON-3650): Synchronize versions of the downstream components [#2222](https://github.com/openshift/cluster-monitoring-operator/pull/2222)
* [MON-3649](https://issues.redhat.com/browse/MON-3649): Synchronize versions of the downstream components [#2221](https://github.com/openshift/cluster-monitoring-operator/pull/2221)
* [MON-3644](https://issues.redhat.com/browse/MON-3644): Ease the tracking of monitoring components versions. [#2220](https://github.com/openshift/cluster-monitoring-operator/pull/2220)
* [OCPBUGS-25803](https://issues.redhat.com/browse/OCPBUGS-25803): make CMO ConsolePluginComponents task resilient to dependencies [#2193](https://github.com/openshift/cluster-monitoring-operator/pull/2193)
* [OCPBUGS-25676](https://issues.redhat.com/browse/OCPBUGS-25676): fix(tasks): adjust 'trusted CA bundle ConfigMap' related logs for alertmanagers. [#2219](https://github.com/openshift/cluster-monitoring-operator/pull/2219)
* [MON-3633](https://issues.redhat.com/browse/MON-3633): Synchronize versions of the downstream components [#2214](https://github.com/openshift/cluster-monitoring-operator/pull/2214)
* [OCPBUGS-24977](https://issues.redhat.com/browse/OCPBUGS-24977): Updating cluster-monitoring-operator-container image to be consistent with ART [#2211](https://github.com/openshift/cluster-monitoring-operator/pull/2211)
* [OCPBUGS-25403](https://issues.redhat.com/browse/OCPBUGS-25403): go.mod update k8s.io/api* to v0.29.0 [#2205](https://github.com/openshift/cluster-monitoring-operator/pull/2205)
* [MON-3589](https://issues.redhat.com/browse/MON-3589): Refactor assertExemplarsEnabled check for UWM Prometheus xand add a check for --scrape.timestamp-tolerance on Platform Prometheus [#2194](https://github.com/openshift/cluster-monitoring-operator/pull/2194)
* [OCPBUGS-24977](https://issues.redhat.com/browse/OCPBUGS-24977): use 1.20 in go.mod [#2199](https://github.com/openshift/cluster-monitoring-operator/pull/2199)
* [MON-3592](https://issues.redhat.com/browse/MON-3592): Use strict yaml unmarshaling [#2195](https://github.com/openshift/cluster-monitoring-operator/pull/2195)
* [OCPBUGS-25025](https://issues.redhat.com/browse/OCPBUGS-25025): go.mod: bump prometheus-operator to v0.70.0 [#2191](https://github.com/openshift/cluster-monitoring-operator/pull/2191)
* [OCPBUGS-24977](https://issues.redhat.com/browse/OCPBUGS-24977): Updating cluster-monitoring-operator-container image to be consistent with ART [#2190](https://github.com/openshift/cluster-monitoring-operator/pull/2190)
* [OCPBUGS-24630](https://issues.redhat.com/browse/OCPBUGS-24630): additionalArgs: list items must have named fields [#2189](https://github.com/openshift/cluster-monitoring-operator/pull/2189)
* [MON-3553](https://issues.redhat.com/browse/MON-3553): Set scrape.timestamp tolerance [#2187](https://github.com/openshift/cluster-monitoring-operator/pull/2187)
* [OCPBUGS-23516](https://issues.redhat.com/browse/OCPBUGS-23516): prevent plugin entry assets from caching [#2186](https://github.com/openshift/cluster-monitoring-operator/pull/2186)
* [OCPBUGS-21610](https://issues.redhat.com/browse/OCPBUGS-21610): Detect ipv4/ipv6 socket in pod ip for nginx conf [#2173](https://github.com/openshift/cluster-monitoring-operator/pull/2173)
* [MON-3134](https://issues.redhat.com/browse/MON-3134): allow to query alerts from thanos-querier tenancy port [#2184](https://github.com/openshift/cluster-monitoring-operator/pull/2184)
* [MON-3551](https://issues.redhat.com/browse/MON-3551): fix: simplify jq script avoids error with jq1.7 [#2180](https://github.com/openshift/cluster-monitoring-operator/pull/2180)
* [MON-3454](https://issues.redhat.com/browse/MON-3454): Add track timestamps staleness [#2160](https://github.com/openshift/cluster-monitoring-operator/pull/2160)
* [OCPBUGS-24212](https://issues.redhat.com/browse/OCPBUGS-24212): Add ownership annotation for certificates [#2158](https://github.com/openshift/cluster-monitoring-operator/pull/2158)
* [MON-3379](https://issues.redhat.com/browse/MON-3379): Replace the oauth-proxy before thanos-querier with kube-rbac-proxy [#2136](https://github.com/openshift/cluster-monitoring-operator/pull/2136)
* [MON-3544](https://issues.redhat.com/browse/MON-3544): Adjust NodeClock* alerting rules to work with PTP operator [#2182](https://github.com/openshift/cluster-monitoring-operator/pull/2182)
* [OCPBUGS-23745](https://issues.redhat.com/browse/OCPBUGS-23745): Wait for 3 (instead of 2) consecutive failing reconcil… [#2179](https://github.com/openshift/cluster-monitoring-operator/pull/2179)
* [MON-3548](https://issues.redhat.com/browse/MON-3548): [bot] Synchronize versions of the downstream components [#2183](https://github.com/openshift/cluster-monitoring-operator/pull/2183)
* [MON-3543](https://issues.redhat.com/browse/MON-3543): Update API docs for Metrics Server [#2181](https://github.com/openshift/cluster-monitoring-operator/pull/2181)
* [OCPBUGS-24323](https://issues.redhat.com/browse/OCPBUGS-24323): synchronize versions of the downstream components [#2174](https://github.com/openshift/cluster-monitoring-operator/pull/2174)
* [OCPBUGS-24340](https://issues.redhat.com/browse/OCPBUGS-24340): patch securityContext for Thanos querier [#2178](https://github.com/openshift/cluster-monitoring-operator/pull/2178)
* [OCPBUGS-24323](https://issues.redhat.com/browse/OCPBUGS-24323): update prometheus-operator jsonnet to v0.70.0 [#2177](https://github.com/openshift/cluster-monitoring-operator/pull/2177)
* [MON-3287](https://issues.redhat.com/browse/MON-3287): Remove openshift-etcd related RBAC as they will be manager by [#2165](https://github.com/openshift/cluster-monitoring-operator/pull/2165)
* [OCPBUGS-21610](https://issues.redhat.com/browse/OCPBUGS-21610): revert #2166 [#2172](https://github.com/openshift/cluster-monitoring-operator/pull/2172)
* [MON-3524](https://issues.redhat.com/browse/MON-3524): Update metrics-server in CHANGELOG and README [#2169](https://github.com/openshift/cluster-monitoring-operator/pull/2169)
* [MON-3533](https://issues.redhat.com/browse/MON-3533): Update cluster:kube_persistentvolume_plugin_type_counts:sum [#2171](https://github.com/openshift/cluster-monitoring-operator/pull/2171)
* [STOR-1277](https://issues.redhat.com/browse/STOR-1277): Add SELinux metrics to telemetry [#2155](https://github.com/openshift/cluster-monitoring-operator/pull/2155)
* [MON-3500](https://issues.redhat.com/browse/MON-3500): Enable sending exemplars over RW in UWM [#2161](https://github.com/openshift/cluster-monitoring-operator/pull/2161)
* [OCPBUGS-21610](https://issues.redhat.com/browse/OCPBUGS-21610): Change config to allow ipv6/4 [#2166](https://github.com/openshift/cluster-monitoring-operator/pull/2166)
* [MON-3511](https://issues.redhat.com/browse/MON-3511): hack/local-cmo.sh: pass desired version in cmo run command [#2168](https://github.com/openshift/cluster-monitoring-operator/pull/2168)
* [MON-3211](https://issues.redhat.com/browse/MON-3211): Implement switching to metrics-server [#2022](https://github.com/openshift/cluster-monitoring-operator/pull/2022)
* [MON-3505](https://issues.redhat.com/browse/MON-3505): move aggregated-metrics-reader role to cmo jsonnet [#2163](https://github.com/openshift/cluster-monitoring-operator/pull/2163)
* [MON-3503](https://issues.redhat.com/browse/MON-3503): Synchronize versions of the downstream components [#2162](https://github.com/openshift/cluster-monitoring-operator/pull/2162)
* [OCPBUGS-23495](https://issues.redhat.com/browse/OCPBUGS-23495): Change UWM Prometheus' kube-rbac-proxy-thanos port num… [#2164](https://github.com/openshift/cluster-monitoring-operator/pull/2164)
* [MON-3479](https://issues.redhat.com/browse/MON-3479): update Prometheus operator assets to v0.69.1 [#2152](https://github.com/openshift/cluster-monitoring-operator/pull/2152)
* [MON-3503](https://issues.redhat.com/browse/MON-3503): Synchronize versions of the downstream components [#2150](https://github.com/openshift/cluster-monitoring-operator/pull/2150)
* [MON-3421](https://issues.redhat.com/browse/MON-3421): improve the detection of CMO unavailability/degradation due to U… [#2129](https://github.com/openshift/cluster-monitoring-operator/pull/2129)
* [MON-3476](https://issues.redhat.com/browse/MON-3476): Add code block to check FeatureGate status [#2151](https://github.com/openshift/cluster-monitoring-operator/pull/2151)
* [OCPBUGS-17035](https://issues.redhat.com/browse/OCPBUGS-17035): fix KRP permissions for Thanos Querier [#2057](https://github.com/openshift/cluster-monitoring-operator/pull/2057)
* [OCPBUGS-22742](https://issues.redhat.com/browse/OCPBUGS-22742): go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to 0.44.0 [#2138](https://github.com/openshift/cluster-monitoring-operator/pull/2138)
* [OCPBUGS-21621](https://issues.redhat.com/browse/OCPBUGS-21621): Set the new --disable-http2 flag for prometheus-adapter to disable HTTP2 [#2145](https://github.com/openshift/cluster-monitoring-operator/pull/2145)
* [MON-3398](https://issues.redhat.com/browse/MON-3398): Add RHACM telemetry metric [#2100](https://github.com/openshift/cluster-monitoring-operator/pull/2100)
* Synchronize versions of the downstream components [#2135](https://github.com/openshift/cluster-monitoring-operator/pull/2135)
* Fix UWM alert access permissions [#2131](https://github.com/openshift/cluster-monitoring-operator/pull/2131)
* Synchronize versions of the downstream components [#2133](https://github.com/openshift/cluster-monitoring-operator/pull/2133)
* [OCPBUGS-4069](https://issues.redhat.com/browse/OCPBUGS-4069): Prometheus Adatper takes metrics from kubelet job only. [#2117](https://github.com/openshift/cluster-monitoring-operator/pull/2117)
* [MON-3422](https://issues.redhat.com/browse/MON-3422): Remove temporary no more needed code [#2132](https://github.com/openshift/cluster-monitoring-operator/pull/2132)
* fix: force HTTP/1.1 connections [#2128](https://github.com/openshift/cluster-monitoring-operator/pull/2128)
* [OCPVE-711](https://issues.redhat.com/browse/OCPVE-711): feat: add olm capability annotation [#2105](https://github.com/openshift/cluster-monitoring-operator/pull/2105)
* [OCPBUGS-21631](https://issues.redhat.com/browse/OCPBUGS-21631): upgrade golang.org/x/net to v0.17.0 [#2120](https://github.com/openshift/cluster-monitoring-operator/pull/2120)
* [OCPBUGS-18326](https://issues.redhat.com/browse/OCPBUGS-18326): revert previous fix to avoid activating console capability during update [#2118](https://github.com/openshift/cluster-monitoring-operator/pull/2118)
* [MON-3286](https://issues.redhat.com/browse/MON-3286): Remove no longer needed code. [#2116](https://github.com/openshift/cluster-monitoring-operator/pull/2116)
* [OCPBUGS-17850](https://issues.redhat.com/browse/OCPBUGS-17850): replace nonResourceURLs permissions by subresource [#2099](https://github.com/openshift/cluster-monitoring-operator/pull/2099)
* Synchronize versions of the downstream components [#2115](https://github.com/openshift/cluster-monitoring-operator/pull/2115)
* Update jsonnet dependencies [#2076](https://github.com/openshift/cluster-monitoring-operator/pull/2076)
* OWNERS: remove sthaha [#2114](https://github.com/openshift/cluster-monitoring-operator/pull/2114)
* build: add `-e` to `go list` command to install tools [#2112](https://github.com/openshift/cluster-monitoring-operator/pull/2112)
* Change kube-rbac-proxy-thanos port [#2113](https://github.com/openshift/cluster-monitoring-operator/pull/2113)
* [OCPBUGS-11344](https://issues.redhat.com/browse/OCPBUGS-11344): alertmanager: use alertmanager CRD's automountServiceAccountToken option [#2111](https://github.com/openshift/cluster-monitoring-operator/pull/2111)
* Remove deprecated ioutil [#2108](https://github.com/openshift/cluster-monitoring-operator/pull/2108)
* [OCPBUGS-18326](https://issues.redhat.com/browse/OCPBUGS-18326): add console capability annotation to dashboards and monitoring-plugin. [#2101](https://github.com/openshift/cluster-monitoring-operator/pull/2101)
* [MON-3302](https://issues.redhat.com/browse/MON-3302): add RHACS telemetry metrics [#2062](https://github.com/openshift/cluster-monitoring-operator/pull/2062)
* add `machine424` and `rexagod`  to OWNERS [#2083](https://github.com/openshift/cluster-monitoring-operator/pull/2083)
* Remove bparees from approvers [#2104](https://github.com/openshift/cluster-monitoring-operator/pull/2104)
* Revert "feat: add olm capability annotation" [#2103](https://github.com/openshift/cluster-monitoring-operator/pull/2103)
* [MON-3270](https://issues.redhat.com/browse/MON-3270): Add kube-metrics-server to image-references [#2102](https://github.com/openshift/cluster-monitoring-operator/pull/2102)
* [OCPVE-711](https://issues.redhat.com/browse/OCPVE-711): feat: add olm capability annotation [#2095](https://github.com/openshift/cluster-monitoring-operator/pull/2095)
* chore: fix imports order [#2098](https://github.com/openshift/cluster-monitoring-operator/pull/2098)
* Set Thanos version in the Thanos Ruler spec [#2094](https://github.com/openshift/cluster-monitoring-operator/pull/2094)
* [OCPBUGS-19237](https://issues.redhat.com/browse/OCPBUGS-19237): Updating cluster-monitoring-operator images to be consistent with ART [#2084](https://github.com/openshift/cluster-monitoring-operator/pull/2084)
* Synchronize versions of the downstream components [#2093](https://github.com/openshift/cluster-monitoring-operator/pull/2093)
* Synchronize versions of the downstream components [#2089](https://github.com/openshift/cluster-monitoring-operator/pull/2089)
* [MON-3383](https://issues.redhat.com/browse/MON-3383): Remove weak cryptograhic primitive usage [#2086](https://github.com/openshift/cluster-monitoring-operator/pull/2086)
* [OCPBUGS-18390](https://issues.redhat.com/browse/OCPBUGS-18390): jsonnet/rules: exclude -1 from etcd objects count [#2081](https://github.com/openshift/cluster-monitoring-operator/pull/2081)
* [OCPBUGS-19059](https://issues.redhat.com/browse/OCPBUGS-19059): Enable ipv6 on monitoring-plugin nginx [#2090](https://github.com/openshift/cluster-monitoring-operator/pull/2090)
* [MON-3376](https://issues.redhat.com/browse/MON-3376): Remove deprecated --logtostderr argument [#2077](https://github.com/openshift/cluster-monitoring-operator/pull/2077)
* [OCPBUGS-19356](https://issues.redhat.com/browse/OCPBUGS-19356): Topology spread constraints admission webhook [#2073](https://github.com/openshift/cluster-monitoring-operator/pull/2073)
* [OCPBUGS-17682](https://issues.redhat.com/browse/OCPBUGS-17682): add topologySpreadConstraints to UWM prometheus operator [#2072](https://github.com/openshift/cluster-monitoring-operator/pull/2072)
* Synchronize versions of the downstream components [#2082](https://github.com/openshift/cluster-monitoring-operator/pull/2082)
* [MON-2642](https://issues.redhat.com/browse/MON-2642): Improve e2e tests for alertrelabelconfigs CRD [#2080](https://github.com/openshift/cluster-monitoring-operator/pull/2080)
* [MON-3304](https://issues.redhat.com/browse/MON-3304): Add option to specify resource limits for all components [#2067](https://github.com/openshift/cluster-monitoring-operator/pull/2067)
* [OCPBUGS-17690](https://issues.redhat.com/browse/OCPBUGS-17690): remove deprecated argument [#2075](https://github.com/openshift/cluster-monitoring-operator/pull/2075)
* [OCPBUGS-17691](https://issues.redhat.com/browse/OCPBUGS-17691): replace outdated repository link [#2074](https://github.com/openshift/cluster-monitoring-operator/pull/2074)
* [MON-2641](https://issues.redhat.com/browse/MON-2641): Add e2e tests for AlertingRule controller [#2054](https://github.com/openshift/cluster-monitoring-operator/pull/2054)
* Add telemeter client SA to rbac proxy [#2043](https://github.com/openshift/cluster-monitoring-operator/pull/2043)
* [OCPBUGS-1062](https://issues.redhat.com/browse/OCPBUGS-1062): update webhook configuration only if required [#2065](https://github.com/openshift/cluster-monitoring-operator/pull/2065)
* [MON-988](https://issues.redhat.com/browse/MON-988): remove alert "MultipleContainersOOMKilled" [#2071](https://github.com/openshift/cluster-monitoring-operator/pull/2071)
* Remove deprecated visual_web_terminal_sessions metric [#2059](https://github.com/openshift/cluster-monitoring-operator/pull/2059)
* [OCPBUGS-17487](https://issues.redhat.com/browse/OCPBUGS-17487): fix typo for ThanosRulerConfig.Resources [#2070](https://github.com/openshift/cluster-monitoring-operator/pull/2070)
* Update jsonnet dependencies [#2063](https://github.com/openshift/cluster-monitoring-operator/pull/2063)
* [OCPBUGS-17346](https://issues.redhat.com/browse/OCPBUGS-17346): Avoid recreating some resources, created by prometheus-operator, during 4.13->4.14 upgrade [#2066](https://github.com/openshift/cluster-monitoring-operator/pull/2066)
* [MON-3291](https://issues.redhat.com/browse/MON-3291): Adjust node-exporter's MaxProcs documentation now that we s… [#2055](https://github.com/openshift/cluster-monitoring-operator/pull/2055)
* Synchronize versions of the downstream components [#2061](https://github.com/openshift/cluster-monitoring-operator/pull/2061)
* [MON-3093](https://issues.redhat.com/browse/MON-3093): fix single node replica issue [#2060](https://github.com/openshift/cluster-monitoring-operator/pull/2060)
* [OCPBUGS-17191](https://issues.redhat.com/browse/OCPBUGS-17191): add namespace label to alerting rules [#2058](https://github.com/openshift/cluster-monitoring-operator/pull/2058)
* Synchronize versions of the downstream components [#2056](https://github.com/openshift/cluster-monitoring-operator/pull/2056)
* [MON-2645](https://issues.redhat.com/browse/MON-2645): remove unnecessary RBAC permissions [#2051](https://github.com/openshift/cluster-monitoring-operator/pull/2051)
* Synchronize versions of the downstream components [#2052](https://github.com/openshift/cluster-monitoring-operator/pull/2052)
* [OCPBUGS-10699](https://issues.redhat.com/browse/OCPBUGS-10699): remove Kube*QuotaOvercommit alerts [#2049](https://github.com/openshift/cluster-monitoring-operator/pull/2049)
* [MON-2645](https://issues.redhat.com/browse/MON-2645): remove unused rebalancer code [#2048](https://github.com/openshift/cluster-monitoring-operator/pull/2048)
* Synchronize versions of the downstream components [#2050](https://github.com/openshift/cluster-monitoring-operator/pull/2050)
* Remove OADP metrics from the Telemetry [#2040](https://github.com/openshift/cluster-monitoring-operator/pull/2040)
* [MON-669](https://issues.redhat.com/browse/MON-669): Remove etcd ServiceMonitors management code as they'll be no… [#2039](https://github.com/openshift/cluster-monitoring-operator/pull/2039)
* [MON-3216](https://issues.redhat.com/browse/MON-3216): Add ownership labels to kube resources [#1986](https://github.com/openshift/cluster-monitoring-operator/pull/1986)
* [MON-3177](https://issues.redhat.com/browse/MON-3177): Expose and propagate TopologySpreadConstraints for kube state metrics [#2026](https://github.com/openshift/cluster-monitoring-operator/pull/2026)
* [OCPBUGS-16203](https://issues.redhat.com/browse/OCPBUGS-16203): correct docs for metric node_systemd_timer_last_trigger_seconds. [#2045](https://github.com/openshift/cluster-monitoring-operator/pull/2045)
* [MON-3178](https://issues.redhat.com/browse/MON-3178): Expose and propagate TopologySpreadConstraints for prometheus-operator [#2033](https://github.com/openshift/cluster-monitoring-operator/pull/2033)
* [MON-3274](https://issues.redhat.com/browse/MON-3274): collect the number of LIST and WATCH requests to the apiserver from telemetry [#2044](https://github.com/openshift/cluster-monitoring-operator/pull/2044)
* [MON-2903](https://issues.redhat.com/browse/MON-2903): add nodeExporter.collectors.systemd settings. [#1892](https://github.com/openshift/cluster-monitoring-operator/pull/1892)
* [MON-3179](https://issues.redhat.com/browse/MON-3179): Expose and propagate TopologySpreadConstraints for openshift state metrics [#2034](https://github.com/openshift/cluster-monitoring-operator/pull/2034)
* [MON-3176](https://issues.redhat.com/browse/MON-3176): Expose and propagate TopologySpreadConstraints for prometheus-adapter [#2025](https://github.com/openshift/cluster-monitoring-operator/pull/2025)
* [OCPBUGS-9835](https://issues.redhat.com/browse/OCPBUGS-9835): Add Content-Security-Policy headers to prometheus and alertmanager [#2012](https://github.com/openshift/cluster-monitoring-operator/pull/2012)
* [MON-3182](https://issues.redhat.com/browse/MON-3182): Expose and propagate TopologySpreadConstraints for UWM alertmanager [#2037](https://github.com/openshift/cluster-monitoring-operator/pull/2037)
* [MON-3180](https://issues.redhat.com/browse/MON-3180): Expose and propagate TopologySpreadConstraints for telemeter-client [#2017](https://github.com/openshift/cluster-monitoring-operator/pull/2017)
* [MON-3183](https://issues.redhat.com/browse/MON-3183): Expose and propagate TopologySpreadConstraints for UWM prometheus [#2038](https://github.com/openshift/cluster-monitoring-operator/pull/2038)
* [MON-3181](https://issues.redhat.com/browse/MON-3181): Expose and propagate TopologySpreadConstraints for thanos-querier [#2035](https://github.com/openshift/cluster-monitoring-operator/pull/2035)
* [MON-3231](https://issues.redhat.com/browse/MON-3231): add metric for the configured profile [#2030](https://github.com/openshift/cluster-monitoring-operator/pull/2030)
* [MON-3269](https://issues.redhat.com/browse/MON-3269): add nodeExporter.collectors.processes settings. [#2032](https://github.com/openshift/cluster-monitoring-operator/pull/2032)
* [MON-3222](https://issues.redhat.com/browse/MON-3222): Make netdev/netclass interfaces configurable [#1963](https://github.com/openshift/cluster-monitoring-operator/pull/1963)
* e2e-tests: ensure pod assertions find at least one pod [#2028](https://github.com/openshift/cluster-monitoring-operator/pull/2028)
* test/e2e/framework: remove unused function [#2020](https://github.com/openshift/cluster-monitoring-operator/pull/2020)
* [OCPBUGS-15440](https://issues.redhat.com/browse/OCPBUGS-15440): fix CMO to apply console-plugin pod.spec config [#2018](https://github.com/openshift/cluster-monitoring-operator/pull/2018)
* chore: update dependencies [#2013](https://github.com/openshift/cluster-monitoring-operator/pull/2013)
* [OCPBUGS-14922](https://issues.redhat.com/browse/OCPBUGS-14922): skip console-plugin installation if console CO is absent [#2011](https://github.com/openshift/cluster-monitoring-operator/pull/2011)
* [OCPBUGS-12714](https://issues.redhat.com/browse/OCPBUGS-12714): turn on netlink mode of netclass collector for node exporter [#2015](https://github.com/openshift/cluster-monitoring-operator/pull/2015)
* [MON-3249](https://issues.redhat.com/browse/MON-3249): Update telemeter-client to allow TLS through rbac proxy [#2005](https://github.com/openshift/cluster-monitoring-operator/pull/2005)
* Synchronize versions of the downstream components [#2024](https://github.com/openshift/cluster-monitoring-operator/pull/2024)
* [OCPBUGS-13153](https://issues.redhat.com/browse/OCPBUGS-13153): Limit the value of GOMAXPROCS on node-exporter. [#1996](https://github.com/openshift/cluster-monitoring-operator/pull/1996)
* hack/local-cmo: show the correct logged-in user [#2019](https://github.com/openshift/cluster-monitoring-operator/pull/2019)
* [MON-3253](https://issues.redhat.com/browse/MON-3253): refactor local-cmo.sh to use CMO SA by default [#2010](https://github.com/openshift/cluster-monitoring-operator/pull/2010)
* test/e2e: validate CMO and UWM configs [#2006](https://github.com/openshift/cluster-monitoring-operator/pull/2006)
* pkg/operator: reduce duplication in CSR controllers [#2007](https://github.com/openshift/cluster-monitoring-operator/pull/2007)
* Synchronize versions of the downstream components [#2009](https://github.com/openshift/cluster-monitoring-operator/pull/2009)
* [OCPBUGS-15210](https://issues.redhat.com/browse/OCPBUGS-15210): manifest: rename TP roleBinding to cluster-monitoring-operator-alert-… [#2008](https://github.com/openshift/cluster-monitoring-operator/pull/2008)
* [MON-3127](https://issues.redhat.com/browse/MON-3127): add nodeExporter.collectors.ksmd settings. [#1931](https://github.com/openshift/cluster-monitoring-operator/pull/1931)
* Synchronize versions of the downstream components [#2004](https://github.com/openshift/cluster-monitoring-operator/pull/2004)
* [MON-3229](https://issues.redhat.com/browse/MON-3229): Remove the dependency on the apiserver auth [#1904](https://github.com/openshift/cluster-monitoring-operator/pull/1904)
* Synchronize versions of the downstream components [#2003](https://github.com/openshift/cluster-monitoring-operator/pull/2003)
* Fix link metrics [#1999](https://github.com/openshift/cluster-monitoring-operator/pull/1999)
* [OCPBUGS-11958](https://issues.redhat.com/browse/OCPBUGS-11958): Add the trusted CA bundle in UWM Prometheus pods [#1970](https://github.com/openshift/cluster-monitoring-operator/pull/1970)
* [OCPBUGS-14123](https://issues.redhat.com/browse/OCPBUGS-14123): make TestBodySizeLimit less flaky [#1991](https://github.com/openshift/cluster-monitoring-operator/pull/1991)
* Update OWNERS list [#1951](https://github.com/openshift/cluster-monitoring-operator/pull/1951)
* [MON-3113](https://issues.redhat.com/browse/MON-3113): add nodeExporter.collectors.mountstats settings. [#1936](https://github.com/openshift/cluster-monitoring-operator/pull/1936)
* [OCPBUGS-12903](https://issues.redhat.com/browse/OCPBUGS-12903): Fix console metrics doc typo [#1997](https://github.com/openshift/cluster-monitoring-operator/pull/1997)
* [OCPBUGS-14816](https://issues.redhat.com/browse/OCPBUGS-14816): Add misspell target in Makefile [#1994](https://github.com/openshift/cluster-monitoring-operator/pull/1994)
* [OCPBUGS-14887](https://issues.redhat.com/browse/OCPBUGS-14887): [bot] Synchronize versions of the downstream components [#1995](https://github.com/openshift/cluster-monitoring-operator/pull/1995)
* [MON-2967](https://issues.redhat.com/browse/MON-2967): CMO deploys monitoring console-plugin [#1890](https://github.com/openshift/cluster-monitoring-operator/pull/1890)
* [OCPBUGS-14772](https://issues.redhat.com/browse/OCPBUGS-14772): Add federate-client-certs [#1990](https://github.com/openshift/cluster-monitoring-operator/pull/1990)
* [OCPBUGS-14072](https://issues.redhat.com/browse/OCPBUGS-14072): test: increase poll wait time for alertmanager [#1973](https://github.com/openshift/cluster-monitoring-operator/pull/1973)
* [OCPBUGS-14618](https://issues.redhat.com/browse/OCPBUGS-14618): Synchronize versions of the downstream components [#1988](https://github.com/openshift/cluster-monitoring-operator/pull/1988)
* [OCPBUGS-14378](https://issues.redhat.com/browse/OCPBUGS-14378): Skip some errcheck golangci-lint violations [#1983](https://github.com/openshift/cluster-monitoring-operator/pull/1983)
* [MON-2981](https://issues.redhat.com/browse/MON-2981): alertingrule and relabel: promote to v1 [#1945](https://github.com/openshift/cluster-monitoring-operator/pull/1945)
* [OCPBUGS-11889](https://issues.redhat.com/browse/OCPBUGS-11889): disable CORS headers on Thanos querier [#1950](https://github.com/openshift/cluster-monitoring-operator/pull/1950)
* [OCPBUGS-14606](https://issues.redhat.com/browse/OCPBUGS-14606): Remove remaining staticcheck violations [#1989](https://github.com/openshift/cluster-monitoring-operator/pull/1989)
* [OCPBUGS-14375](https://issues.redhat.com/browse/OCPBUGS-14375): Fix golangci-lint gosimple violations [#1979](https://github.com/openshift/cluster-monitoring-operator/pull/1979)
* [OCPBUGS-14381](https://issues.redhat.com/browse/OCPBUGS-14381): Skip golang-ci lint unused false positives [#1985](https://github.com/openshift/cluster-monitoring-operator/pull/1985)
* [OCPBUGS-14561](https://issues.redhat.com/browse/OCPBUGS-14561): Prevent ci/prow/versions from failing on PR against release-xxx [#1969](https://github.com/openshift/cluster-monitoring-operator/pull/1969)
* [OCPBUGS-10387](https://issues.redhat.com/browse/OCPBUGS-10387): label for infra nodes for metric cluster:capacity_cpu_cores:sum [#1926](https://github.com/openshift/cluster-monitoring-operator/pull/1926)
* [OCPBUGS-14379](https://issues.redhat.com/browse/OCPBUGS-14379): Skip specific govet violation on operator main.go [#1984](https://github.com/openshift/cluster-monitoring-operator/pull/1984)
* [OCPBUGS-14371](https://issues.redhat.com/browse/OCPBUGS-14371): Fix golangci-lint misspell violations [#1978](https://github.com/openshift/cluster-monitoring-operator/pull/1978)
* [OCPBUGS-14380](https://issues.redhat.com/browse/OCPBUGS-14380): Fix golangcilint whitespace violations [#1977](https://github.com/openshift/cluster-monitoring-operator/pull/1977)
* [OCPBUGS-14377](https://issues.redhat.com/browse/OCPBUGS-14377): Fix golangci-int wastedassign violations [#1981](https://github.com/openshift/cluster-monitoring-operator/pull/1981)
* [OCPBUGS-14376](https://issues.redhat.com/browse/OCPBUGS-14376): Fix golangci-lint ineffassign violations [#1980](https://github.com/openshift/cluster-monitoring-operator/pull/1980)
* [OCPBUGS-14366](https://issues.redhat.com/browse/OCPBUGS-14366): Fix golangci-lint unconvert violations [#1982](https://github.com/openshift/cluster-monitoring-operator/pull/1982)
* [OCPBUGS-13147](https://issues.redhat.com/browse/OCPBUGS-13147): Add golangci-lint linters [#1949](https://github.com/openshift/cluster-monitoring-operator/pull/1949)
* [OCPBUGS-1626](https://issues.redhat.com/browse/OCPBUGS-1626): update jsonnet dependencies [#1961](https://github.com/openshift/cluster-monitoring-operator/pull/1961)
* [OCPBUGS-12903](https://issues.redhat.com/browse/OCPBUGS-12903): Add new web console usage metrics [#1910](https://github.com/openshift/cluster-monitoring-operator/pull/1910)
* [OCPBUGS-13939](https://issues.redhat.com/browse/OCPBUGS-13939): Extend remote write test timeout [#1971](https://github.com/openshift/cluster-monitoring-operator/pull/1971)
* [OCPBUGS-14007](https://issues.redhat.com/browse/OCPBUGS-14007): test/e2e: don't fail on telemeter remote write failed samples [#1972](https://github.com/openshift/cluster-monitoring-operator/pull/1972)
* [OCPBUGS-13095](https://issues.redhat.com/browse/OCPBUGS-13095): Uncomment cluster:vsphere_infrastructure_failure_domains:max [#1960](https://github.com/openshift/cluster-monitoring-operator/pull/1960)
* [OCPBUGS-12995](https://issues.redhat.com/browse/OCPBUGS-12995): go.mod: update golang.org/x/net to v0.7.0 [#1958](https://github.com/openshift/cluster-monitoring-operator/pull/1958)
* [OCPBUGS-13006](https://issues.redhat.com/browse/OCPBUGS-13006): Add build number to vsphere vcenter information [#1946](https://github.com/openshift/cluster-monitoring-operator/pull/1946)
* [OCPBUGS-12343](https://issues.redhat.com/browse/OCPBUGS-12343): Update 4.14 cluster-monitoring-operator image to be consistent with ART [#1952](https://github.com/openshift/cluster-monitoring-operator/pull/1952)
* jsonnet: add comment why empty prometheus container needed [#1943](https://github.com/openshift/cluster-monitoring-operator/pull/1943)
* [OCPBUGS-11434](https://issues.redhat.com/browse/OCPBUGS-11434): node-exporter: disable btrfs collector [#1937](https://github.com/openshift/cluster-monitoring-operator/pull/1937)
* 4.14: OCPBUGS-11269: Add CSI migration for vSphere to telemetry [#1933](https://github.com/openshift/cluster-monitoring-operator/pull/1933)
* Speedup jsonnet generation by running in parallel [#1908](https://github.com/openshift/cluster-monitoring-operator/pull/1908)
* [OCPBUGS-10690](https://issues.redhat.com/browse/OCPBUGS-10690): jsonnet: Add prometheus container in UWM [#1930](https://github.com/openshift/cluster-monitoring-operator/pull/1930)
* [OCPBUGS-7694](https://issues.redhat.com/browse/OCPBUGS-7694): add startup probe for prometheus-adapter [#1917](https://github.com/openshift/cluster-monitoring-operator/pull/1917)
* [OCPBUGS-10161](https://issues.redhat.com/browse/OCPBUGS-10161): Updating cluster-monitoring-operator images to be consistent with ART [#1914](https://github.com/openshift/cluster-monitoring-operator/pull/1914)
* [OCPBUGS-8215](https://issues.redhat.com/browse/OCPBUGS-8215): bugfix in Node Exporter argument setting [#1909](https://github.com/openshift/cluster-monitoring-operator/pull/1909)
* [OCPBUGS-7282](https://issues.redhat.com/browse/OCPBUGS-7282): Node Exporter ignores network interface under name "cali[a-f0-9]*" [#1905](https://github.com/openshift/cluster-monitoring-operator/pull/1905)
* Update jsonnet dependencies [#1913](https://github.com/openshift/cluster-monitoring-operator/pull/1913)
* [OCPBUGS-8282](https://issues.redhat.com/browse/OCPBUGS-8282): turn off netlink mode of netclass collector in Node Exporter. [#1912](https://github.com/openshift/cluster-monitoring-operator/pull/1912)
* [MON-2894](https://issues.redhat.com/browse/MON-2894): add nodeExporter.maxProcs setting. [#1895](https://github.com/openshift/cluster-monitoring-operator/pull/1895)
* [MON-2973](https://issues.redhat.com/browse/MON-2973): test/e2e: Add cleanup func for alertmanager uwm secret test [#1907](https://github.com/openshift/cluster-monitoring-operator/pull/1907)
* [MON-2693](https://issues.redhat.com/browse/MON-2693): Scrape profiles [#1785](https://github.com/openshift/cluster-monitoring-operator/pull/1785)
* [MON-2959](https://issues.redhat.com/browse/MON-2959): test/e2e: Add test for alertmanager secret platform [#1899](https://github.com/openshift/cluster-monitoring-operator/pull/1899)
* [MON-2904](https://issues.redhat.com/browse/MON-2904): add nodeExporter.collectors.buddyinfo settings. [#1891](https://github.com/openshift/cluster-monitoring-operator/pull/1891)
* [MON-2895](https://issues.redhat.com/browse/MON-2895): toggle netlink implementation of netclass collector [#1894](https://github.com/openshift/cluster-monitoring-operator/pull/1894)
* [MON-2932](https://issues.redhat.com/browse/MON-2932): jsonnet/dashboards: add role template variable to node related dashbo… [#1879](https://github.com/openshift/cluster-monitoring-operator/pull/1879)
* [MON-2900](https://issues.redhat.com/browse/MON-2900): add nodeExporter.collectors.netclass settings. [#1893](https://github.com/openshift/cluster-monitoring-operator/pull/1893)
* Update jsonnet dependencies [#1903](https://github.com/openshift/cluster-monitoring-operator/pull/1903)
* [MON-2951](https://issues.redhat.com/browse/MON-2951): create Routes only with ingress operator [#1885](https://github.com/openshift/cluster-monitoring-operator/pull/1885)
* [OCPBUGS-7391](https://issues.redhat.com/browse/OCPBUGS-7391): wait for service CA secrets [#1900](https://github.com/openshift/cluster-monitoring-operator/pull/1900)
* Synchronize versions of the downstream components [#1902](https://github.com/openshift/cluster-monitoring-operator/pull/1902)
* [MON-2973](https://issues.redhat.com/browse/MON-2973): pkg/manifests: Allow configuring secrets in alertmanager (UWM) [#1884](https://github.com/openshift/cluster-monitoring-operator/pull/1884)
* Synchronize versions of the downstream components [#1898](https://github.com/openshift/cluster-monitoring-operator/pull/1898)
* pkg/operator: fix typo in info logs [#1896](https://github.com/openshift/cluster-monitoring-operator/pull/1896)
* [MON-2901](https://issues.redhat.com/browse/MON-2901): add nodeExporter.collectors.netdev settings. [#1888](https://github.com/openshift/cluster-monitoring-operator/pull/1888)
* [STOR-1154](https://issues.redhat.com/browse/STOR-1154): Add vSphere topology to telemetry [#1886](https://github.com/openshift/cluster-monitoring-operator/pull/1886)
* Add nodeExporter.collectors.tcpstat settings. [#1876](https://github.com/openshift/cluster-monitoring-operator/pull/1876)
* Synchronize versions of the downstream components [#1887](https://github.com/openshift/cluster-monitoring-operator/pull/1887)
* [MON-2959](https://issues.redhat.com/browse/MON-2959): Allow configuring secrets in alertmanager (platform) [#1882](https://github.com/openshift/cluster-monitoring-operator/pull/1882)
* Update jsonnet dependencies [#1880](https://github.com/openshift/cluster-monitoring-operator/pull/1880)
* Synchronize versions of the downstream components [#1878](https://github.com/openshift/cluster-monitoring-operator/pull/1878)
* pkg/manifests/manifests.go: move constants to jsonnet [#1873](https://github.com/openshift/cluster-monitoring-operator/pull/1873)
* Synchronize versions of the downstream components [#1877](https://github.com/openshift/cluster-monitoring-operator/pull/1877)
* add nodeExporter.collectors.cpufreq settings. [#1855](https://github.com/openshift/cluster-monitoring-operator/pull/1855)
* Update jsonnet dependencies [#1869](https://github.com/openshift/cluster-monitoring-operator/pull/1869)
* Fix 'make run-local' target [#1874](https://github.com/openshift/cluster-monitoring-operator/pull/1874)
* *: remove kube-rbac-proxy sidecar container [#1870](https://github.com/openshift/cluster-monitoring-operator/pull/1870)
* [OCPBUGS-2729](https://issues.redhat.com/browse/OCPBUGS-2729): unify ignored network device list of Node Exporter. [#1871](https://github.com/openshift/cluster-monitoring-operator/pull/1871)
* [OCPBUGS-5353](https://issues.redhat.com/browse/OCPBUGS-5353): unstack dashboards with limit markers. [#1868](https://github.com/openshift/cluster-monitoring-operator/pull/1868)
* Update jsonnet dependencies [#1865](https://github.com/openshift/cluster-monitoring-operator/pull/1865)
* Synchronize versions of the downstream components [#1867](https://github.com/openshift/cluster-monitoring-operator/pull/1867)
* Update jsonnet dependencies [#1864](https://github.com/openshift/cluster-monitoring-operator/pull/1864)
* Synchronize versions of the downstream components [#1863](https://github.com/openshift/cluster-monitoring-operator/pull/1863)
* [OCPBUGS-4521](https://issues.redhat.com/browse/OCPBUGS-4521): check that all targets are up after certificate recreation [#1848](https://github.com/openshift/cluster-monitoring-operator/pull/1848)
* Synchronize versions of the downstream components [#1861](https://github.com/openshift/cluster-monitoring-operator/pull/1861)
* [OCPBUGS-4219](https://issues.redhat.com/browse/OCPBUGS-4219): Adds runbook link to PrometheusRuleFailures [#1860](https://github.com/openshift/cluster-monitoring-operator/pull/1860)
* [MON-2807](https://issues.redhat.com/browse/MON-2807): Use bearer token file for remote write authentication with telemeter [#1733](https://github.com/openshift/cluster-monitoring-operator/pull/1733)
* [OCPBUGS-1998](https://issues.redhat.com/browse/OCPBUGS-1998): pkg/client: Update daemonset degrade condition [#1812](https://github.com/openshift/cluster-monitoring-operator/pull/1812)
* Synchronize versions of the downstream components [#1859](https://github.com/openshift/cluster-monitoring-operator/pull/1859)
* [Bug 2114515](https://bugzilla.redhat.com/show_bug.cgi?id=2114515): jsonnet: ignore `/var/lib/ibmc-s3fs/` mountpoints [#1854](https://github.com/openshift/cluster-monitoring-operator/pull/1854)
* Synchronize versions of the downstream components [#1853](https://github.com/openshift/cluster-monitoring-operator/pull/1853)
* Synchronize versions of the downstream components [#1852](https://github.com/openshift/cluster-monitoring-operator/pull/1852)
* [OCPBUGS-4793](https://issues.redhat.com/browse/OCPBUGS-4793): fix object reference in Kubernetes events [#1842](https://github.com/openshift/cluster-monitoring-operator/pull/1842)
* Synchronize versions of the downstream components [#1849](https://github.com/openshift/cluster-monitoring-operator/pull/1849)
* Updating cluster-monitoring-operator images to be consistent with ART [#1846](https://github.com/openshift/cluster-monitoring-operator/pull/1846)
* [OCPBUGS-2729](https://issues.redhat.com/browse/OCPBUGS-2729): Node Exporter ignore virtual network device 'enP.*'. [#1843](https://github.com/openshift/cluster-monitoring-operator/pull/1843)
* Unpin and update jsonnet dependencies [#1818](https://github.com/openshift/cluster-monitoring-operator/pull/1818)
* [OCPBUGS-2141](https://issues.redhat.com/browse/OCPBUGS-2141): compute doc link in PVC not configured message [#1836](https://github.com/openshift/cluster-monitoring-operator/pull/1836)
* Synchronize versions of the downstream components [#1838](https://github.com/openshift/cluster-monitoring-operator/pull/1838)
* go.mod: switch to go 1.19 [#1839](https://github.com/openshift/cluster-monitoring-operator/pull/1839)
* Synchronize versions of the downstream components [#1835](https://github.com/openshift/cluster-monitoring-operator/pull/1835)
* [OCPBUGS-2260](https://issues.redhat.com/browse/OCPBUGS-2260): add alert KubePodNotScheduled to group openshift-kubernetes.rules [#1830](https://github.com/openshift/cluster-monitoring-operator/pull/1830)
* Synchronize versions of the downstream components [#1831](https://github.com/openshift/cluster-monitoring-operator/pull/1831)
* Remove deprecated option from kube-state-metrics args [#1832](https://github.com/openshift/cluster-monitoring-operator/pull/1832)
* [OCPBUGS-4184](https://issues.redhat.com/browse/OCPBUGS-4184): use mTLS authentication for metrics scraping [#1827](https://github.com/openshift/cluster-monitoring-operator/pull/1827)
* [OCPBUGS-4168](https://issues.redhat.com/browse/OCPBUGS-4168): Increase startupProbe for prometheus [#1824](https://github.com/openshift/cluster-monitoring-operator/pull/1824)
* [OCPBUGS-4181](https://issues.redhat.com/browse/OCPBUGS-4181): Fixes externalURL field for Prometheus and Alertmanager [#1826](https://github.com/openshift/cluster-monitoring-operator/pull/1826)
* Synchronize versions of the downstream components [#1823](https://github.com/openshift/cluster-monitoring-operator/pull/1823)
* [OCPBUGS-1453](https://issues.redhat.com/browse/OCPBUGS-1453): Fixed TargetDown expression to join on the proper label [#1767](https://github.com/openshift/cluster-monitoring-operator/pull/1767)
* [Bug 2095719](https://bugzilla.redhat.com/show_bug.cgi?id=2095719): Updates CreateOrUpdateServiceAccounts [#1745](https://github.com/openshift/cluster-monitoring-operator/pull/1745)
* [OCPBUGS-4024](https://issues.redhat.com/browse/OCPBUGS-4024): test: increase timeout when checking remote write metrics [#1817](https://github.com/openshift/cluster-monitoring-operator/pull/1817)
* [OCPBUGS-3331](https://issues.redhat.com/browse/OCPBUGS-3331): Pin Jsonnet Deps + Update go.mod for 4.12 + Patch Alert KubePodNotRead [#1816](https://github.com/openshift/cluster-monitoring-operator/pull/1816)
* Revert "OCPBUGS-3331: Pin Jsonnet Deps + Update go.mod for 4.12" [#1815](https://github.com/openshift/cluster-monitoring-operator/pull/1815)
* [OCPBUGS-3331](https://issues.redhat.com/browse/OCPBUGS-3331): Pin Jsonnet Deps + Update go.mod for 4.12 [#1814](https://github.com/openshift/cluster-monitoring-operator/pull/1814)
* Switch ksm registry to registry.k8s.io [#1809](https://github.com/openshift/cluster-monitoring-operator/pull/1809)
* [MGDAPI-4488](https://issues.redhat.com/browse/MGDAPI-4488): RHOAM fleet wide observability metrics [#1771](https://github.com/openshift/cluster-monitoring-operator/pull/1771)
* And 1 elided commits (e.g. from squash or rebase merges)
* [Full changelog](https://github.com/openshift/cluster-monitoring-operator/compare/5a154c3dd01544adc280691be54fec94a5dc8d67...)


### [cluster-network-operator](https://github.com/openshift/cluster-network-operator/tree/43bc195cf9fef2db627369f86d10e0f501e9d3fa)

* [OCPBUGS-7044](https://issues.redhat.com/browse/OCPBUGS-7044): HyperShift: Add .hypershift.local to no proxy list [#1706](https://github.com/openshift/cluster-network-operator/pull/1706)
* [OCPBUGS-7044](https://issues.redhat.com/browse/OCPBUGS-7044): HyperShift: Do not use proxy for internal routes [#1704](https://github.com/openshift/cluster-network-operator/pull/1704)
* [OCPBUGS-4778](https://issues.redhat.com/browse/OCPBUGS-4778): Fix handling of deployment and statefulset updates [#1663](https://github.com/openshift/cluster-network-operator/pull/1663)
* [Full changelog](https://github.com/openshift/cluster-network-operator/compare/68d109ac3b8605525c2aabc29789415bc302c9c7...43bc195cf9fef2db627369f86d10e0f501e9d3fa)


### [cluster-node-tuning-operator](https://github.com/openshift/cluster-node-tuning-operator/tree/)

* NO-JIRA: E2E: move dra resource test to reboot tests directory [#1486](https://github.com/openshift/cluster-node-tuning-operator/pull/1486)
* [PSAP-2185](https://issues.redhat.com/browse/PSAP-2185): Support centralized TLS security profile configuration [#1483](https://github.com/openshift/cluster-node-tuning-operator/pull/1483)
* [CNF-18941](https://issues.redhat.com/browse/CNF-18941): e2e: PP: cover ExecCPUAffinity support in tests [#1432](https://github.com/openshift/cluster-node-tuning-operator/pull/1432)
* [CNF-20404](https://issues.redhat.com/browse/CNF-20404): DRA: disable Kubelet resources and topology managers [#1445](https://github.com/openshift/cluster-node-tuning-operator/pull/1445)
* [OCPBUGS-78470](https://issues.redhat.com/browse/OCPBUGS-78470): e2e: fixed flaky test_id:32646 CPU load balancing on cgroupv1 [#1457](https://github.com/openshift/cluster-node-tuning-operator/pull/1457)
* [PSAP-2229](https://issues.redhat.com/browse/PSAP-2229): Prevent multiple reboots via MachineConfig creation/update sync [#1474](https://github.com/openshift/cluster-node-tuning-operator/pull/1474)
* NO-JIRA: workloadhints: use IsVM to skip BM-only tests [#1478](https://github.com/openshift/cluster-node-tuning-operator/pull/1478)
* [OCPBUGS-77200](https://issues.redhat.com/browse/OCPBUGS-77200): Remove hardcoded nf_conntrack_hashsize from performance profile tuned configuration [#1477](https://github.com/openshift/cluster-node-tuning-operator/pull/1477)
* [OCPBUGS-62702](https://issues.redhat.com/browse/OCPBUGS-62702): AA: latency-e2e: skip tests on HT-disabled systems [#1386](https://github.com/openshift/cluster-node-tuning-operator/pull/1386)
* [OCPBUGS-77377](https://issues.redhat.com/browse/OCPBUGS-77377): E2E: Add test case to check Infrastructure pods affinity [#1470](https://github.com/openshift/cluster-node-tuning-operator/pull/1470)
* NO-JIRA: Eliminate expensive and unnecessary MachineConfig updates [#1473](https://github.com/openshift/cluster-node-tuning-operator/pull/1473)
* NO-JIRA: Bump Kubernetes, OpenShift and other dependencies [#1475](https://github.com/openshift/cluster-node-tuning-operator/pull/1475)
* [OCPBUGS-74027](https://issues.redhat.com/browse/OCPBUGS-74027): AA: E2E: LLC: Add tests related to odd cpus [#1458](https://github.com/openshift/cluster-node-tuning-operator/pull/1458)
* [CNF-20755](https://issues.redhat.com/browse/CNF-20755): e2e: Add housekeeping IRQ load balancing tests [#1456](https://github.com/openshift/cluster-node-tuning-operator/pull/1456)
* [CNF-18941](https://issues.redhat.com/browse/CNF-18941): perfprof: enable `exec-cpu-affinity` by default (annotation) [#1426](https://github.com/openshift/cluster-node-tuning-operator/pull/1426)
* NO-JIRA: Make changes for migrating to OTE in Dockerfile [#1453](https://github.com/openshift/cluster-node-tuning-operator/pull/1453)
* [OCPBUGS-62632](https://issues.redhat.com/browse/OCPBUGS-62632): Do not report Progressing=True during cluster scaleup or node reboot [#1447](https://github.com/openshift/cluster-node-tuning-operator/pull/1447)
* NO-JIRA: Bump upstream containerfile to 4.22 [#1452](https://github.com/openshift/cluster-node-tuning-operator/pull/1452)
* [OCPBUGS-62496](https://issues.redhat.com/browse/OCPBUGS-62496): hypershift:e2e:status: check for duplicated configmap status [#1413](https://github.com/openshift/cluster-node-tuning-operator/pull/1413)
* [OCPBUGS-69802](https://issues.redhat.com/browse/OCPBUGS-69802): Updating cluster-node-tuning-operator-container image to be consistent with ART for 4.22 [#1450](https://github.com/openshift/cluster-node-tuning-operator/pull/1450)
* [OCPBUGS-69391](https://issues.redhat.com/browse/OCPBUGS-69391): E2E: Granular IRQ functional test cases [#1441](https://github.com/openshift/cluster-node-tuning-operator/pull/1441)
* [OCPBUGS-66337](https://issues.redhat.com/browse/OCPBUGS-66337): E2E:PPC:Use default worker mcp instead worker-cnf [#1442](https://github.com/openshift/cluster-node-tuning-operator/pull/1442)
* NO-JIRA:Update code for migrating nto test case from openshift-test-private to OTE [#1436](https://github.com/openshift/cluster-node-tuning-operator/pull/1436)
* [OCPBUGS-66214](https://issues.redhat.com/browse/OCPBUGS-66214): Add support for lscpu_check TuneD built-in [#1439](https://github.com/openshift/cluster-node-tuning-operator/pull/1439)
* [OCPBUGS-55399](https://issues.redhat.com/browse/OCPBUGS-55399): : Fix metrics for HyperShift [#1438](https://github.com/openshift/cluster-node-tuning-operator/pull/1438)
* [OCPBUGS-64676](https://issues.redhat.com/browse/OCPBUGS-64676): components: validate defaultHugePagesSize [#1424](https://github.com/openshift/cluster-node-tuning-operator/pull/1424)
* [PSAP-2021](https://issues.redhat.com/browse/PSAP-2021): Vendor in latest dependencies and k8s 1.34.2 [#1435](https://github.com/openshift/cluster-node-tuning-operator/pull/1435)
* [PSAP-1655](https://issues.redhat.com/browse/PSAP-1655): Make machineConfigLabels-related misconfiguration more visible [#1316](https://github.com/openshift/cluster-node-tuning-operator/pull/1316)
* [OCPBUGS-63321](https://issues.redhat.com/browse/OCPBUGS-63321): Watch MCP changes including spec and labels [#1425](https://github.com/openshift/cluster-node-tuning-operator/pull/1425)
* NO-JIRA: Revert "E2E: skip stalld test case checking sched_fifo" [#1429](https://github.com/openshift/cluster-node-tuning-operator/pull/1429)
* [OCPBUGS-65489](https://issues.redhat.com/browse/OCPBUGS-65489): Add more entries to relatedObjects [#1431](https://github.com/openshift/cluster-node-tuning-operator/pull/1431)
* [CNTRLPLANE-1544](https://issues.redhat.com/browse/CNTRLPLANE-1544): manifests: Use restricted-v3 scc for the operator [#1430](https://github.com/openshift/cluster-node-tuning-operator/pull/1430)
* [OCPNODE-3874](https://issues.redhat.com/browse/OCPNODE-3874): Remove CgroupModeV1 reference from the code [#1428](https://github.com/openshift/cluster-node-tuning-operator/pull/1428)
* [OCPBUGS-62836](https://issues.redhat.com/browse/OCPBUGS-62836): E2E: Pass pull secret path to pull cnf-tests [#1402](https://github.com/openshift/cluster-node-tuning-operator/pull/1402)
* [OCPBUGS-63190](https://issues.redhat.com/browse/OCPBUGS-63190): e2e:hugepages: changing tests to use hugepages-allocator tool [#1400](https://github.com/openshift/cluster-node-tuning-operator/pull/1400)
* [OCPBUGS-63724](https://issues.redhat.com/browse/OCPBUGS-63724): e2e:llc: skip test when no BM worker is found [#1419](https://github.com/openshift/cluster-node-tuning-operator/pull/1419)
* [OCPBUGS-60218](https://issues.redhat.com/browse/OCPBUGS-60218): PPC: ghw: filter out namespaces dir [#1403](https://github.com/openshift/cluster-node-tuning-operator/pull/1403)
* NO-ISSUE: pkg/metrics/server: Log client-CA-bundle handling [#1412](https://github.com/openshift/cluster-node-tuning-operator/pull/1412)
* NO-JIRA: Address false reports of bootcmdline conflicts [#1371](https://github.com/openshift/cluster-node-tuning-operator/pull/1371)
* NO-JIRA: Fix support for nvidia-smi [#1410](https://github.com/openshift/cluster-node-tuning-operator/pull/1410)
* [OCPBUGS-62940](https://issues.redhat.com/browse/OCPBUGS-62940): Do not cause kubelet failed dependency by ocp-tuned-one-shot.service [#1414](https://github.com/openshift/cluster-node-tuning-operator/pull/1414)
* NO-ISSUE: pkg/metrics/server: Log bind address [#1411](https://github.com/openshift/cluster-node-tuning-operator/pull/1411)
* [OCPBUGS-62839](https://issues.redhat.com/browse/OCPBUGS-62839): E2E: Add test cases related to schedulable control plane nodes [#1405](https://github.com/openshift/cluster-node-tuning-operator/pull/1405)
* [OCPBUGS-62835](https://issues.redhat.com/browse/OCPBUGS-62835): E2E: llc: make sure to remove any trailing newspaces [#1407](https://github.com/openshift/cluster-node-tuning-operator/pull/1407)
* [OCPBUGS-62153](https://issues.redhat.com/browse/OCPBUGS-62153): E2E: skip SMT disabled test when L3 cache spans entire NUMA node [#1397](https://github.com/openshift/cluster-node-tuning-operator/pull/1397)
* [OCPBUGS-62605](https://issues.redhat.com/browse/OCPBUGS-62605): e2e: refactor GetSMTLevel to remove Gomega assertions [#1399](https://github.com/openshift/cluster-node-tuning-operator/pull/1399)
* [OCPBUGS-62578](https://issues.redhat.com/browse/OCPBUGS-62578): Updating cluster-node-tuning-operator-container image to be consistent with ART for 4.21 [#1391](https://github.com/openshift/cluster-node-tuning-operator/pull/1391)
* [OCPBUGS-62091](https://issues.redhat.com/browse/OCPBUGS-62091): E2E: Add function to check control plane nodes are schedulable. [#1396](https://github.com/openshift/cluster-node-tuning-operator/pull/1396)
* And 444 elided commits (e.g. from squash or rebase merges)
* [Full changelog](https://github.com/openshift/cluster-node-tuning-operator/compare/e40a5156fd9282c6ea3d7f4ac9c9407ae4f326ba...)


### [cluster-openshift-apiserver-operator](https://github.com/openshift/cluster-openshift-apiserver-operator/tree/)

* [CNTRLPLANE-2619](https://issues.redhat.com/browse/CNTRLPLANE-2619): make checkendpoints use apiserver config [#657](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/657)
* NO-JIRA: OWNERS: remove engineers who have left Red Hat [#646](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/646)
* NO-JIRA: Disable WatchList feature gate due to the missing support of Project watch [#667](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/667)
* [CNTRLPLANE-2241](https://issues.redhat.com/browse/CNTRLPLANE-2241): Update library-go to get KMS encryption [#647](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/647)
* NO-JIRA: Create test namespace for KMS migration scenario [#650](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/650)
* [CNTRLPLANE-2247](https://issues.redhat.com/browse/CNTRLPLANE-2247): Adding KMS TestKMSEncryptionOnOff test for OAS [#649](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/649)
* [CNTRLPLANE-2247](https://issues.redhat.com/browse/CNTRLPLANE-2247): Adding KMS TestKMSEncryptionOnOff test for Routes [#644](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/644)
* [CNTRLPLANE-2241](https://issues.redhat.com/browse/CNTRLPLANE-2241): Conditionally add the KMS plugin volume mount to the openshift-apiserver container [#641](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/641)
* [CNTRLPLANE-2247](https://issues.redhat.com/browse/CNTRLPLANE-2247): Add KMS encryption test target [#642](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/642)
* NO-JIRA: update to Kubernetes v1.34.1 [#640](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/640)
* [OCPBUGS-70035](https://issues.redhat.com/browse/OCPBUGS-70035): Updating ose-cluster-openshift-apiserver-operator-container image to be consistent with ART for 4.22 [#635](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/635)
* [OCPBUGS-62500](https://issues.redhat.com/browse/OCPBUGS-62500): Updating ose-cluster-openshift-apiserver-operator-container image to be consistent with ART for 4.21 [#626](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/626)
* NO-JIRA: Bump library go rm co dep [#625](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/625)
* [CNTRLPLANE-1257](https://issues.redhat.com/browse/CNTRLPLANE-1257): Add README to test extension [#624](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/624)
* [CNTRLPLANE-1257](https://issues.redhat.com/browse/CNTRLPLANE-1257): set up openshift-tests-extension and add a sanity test [#623](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/623)
* : NO-JIRA:  Bump to Go 1.24 and k8s 1.33 [#620](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/620)
* NO-JIRA: operator: annotate image-import-ca configmap with owner [#616](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/616)
* [OCPBUGS-48177](https://issues.redhat.com/browse/OCPBUGS-48177): Exclude etcd readiness checks from /readyz to ignore temporary etcd hiccups [#612](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/612)
* [MON-4129](https://issues.redhat.com/browse/MON-4129): adjust Prometheus classic histograms 'le' related selectors in relabel config to accommodate the update to Prometheus v3 [#611](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/611)
* [OCPBUGS-45701](https://issues.redhat.com/browse/OCPBUGS-45701): Updating ose-cluster-openshift-apiserver-operator-cont… [#607](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/607)
* NO-JIRA: Revert Disable ResilientWatchCacheInitialization [#604](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/604)
* [OCPBUGS-44693](https://issues.redhat.com/browse/OCPBUGS-44693): Disable ResilientWatchCacheInitialization [#603](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/603)
* [OCPBUGS-23435](https://issues.redhat.com/browse/OCPBUGS-23435): bump library-go to bring in workload-conditions fix [#600](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/600)
* NO-JIRA: bump dependencies [#598](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/598)
* [API-1835](https://issues.redhat.com/browse/API-1835): update to use the latest API [#597](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/597)
* [API-1835](https://issues.redhat.com/browse/API-1835): switch OpenshiftDeploymentLatestRevisionClient to use the generic client [#595](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/595)
* [API-1835](https://issues.redhat.com/browse/API-1835): update for more apply loops [#592](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/592)
* [MULTIARCH-4557](https://issues.redhat.com/browse/MULTIARCH-4557): Sync import mode image config status field in the observed config [#582](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/582)
* NO-JIRA: remove unused OperatorClient [#594](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/594)
* [API-1835](https://issues.redhat.com/browse/API-1835): last transition time update [#593](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/593)
* [API-1835](https://issues.redhat.com/browse/API-1835): update library-go to use new operator client [#584](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/584)
* create CRDs from openshift/api [#591](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/591)
* [OCPBUGS-41617](https://issues.redhat.com/browse/OCPBUGS-41617): increase openshift-apiserver failureThreshold [#588](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/588)
* [OCPBUGS-41232](https://issues.redhat.com/browse/OCPBUGS-41232): Updating ose-cluster-openshift-apiserver-operator-container image to be consistent with ART for 4.18 [#586](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/586)
* NO-JIRA: Bump library-go to add audit logs about events [#587](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/587)
* [OCPBUGS-39589](https://issues.redhat.com/browse/OCPBUGS-39589): Rebase 1.30 [#585](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/585)
* [OCPBUGS-30492](https://issues.redhat.com/browse/OCPBUGS-30492): bump google.golang.org/protobuf [#583](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/583)
* [OCPBUGS-34349](https://issues.redhat.com/browse/OCPBUGS-34349): Updating ose-cluster-openshift-apiserver-operator-container image to be consistent with ART for 4.17 [#580](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/580)
* [OCPBUGS-34349](https://issues.redhat.com/browse/OCPBUGS-34349): Updating ose-cluster-openshift-apiserver-operator-container image to be consistent with ART for 4.17 [#579](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/579)
* [AUTH-482](https://issues.redhat.com/browse/AUTH-482): Set required-scc for openshift workloads [#573](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/573)
* [WRKLDS-1015](https://issues.redhat.com/browse/WRKLDS-1015): tolerate node-role.kubernetes.io/control-plane:NoExecute [#574](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/574)
* [OCPBUGS-29580](https://issues.redhat.com/browse/OCPBUGS-29580): Apply hypershift cluster-profile for ibm-cloud-managed [#572](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/572)
* [OCPBUGS-32346](https://issues.redhat.com/browse/OCPBUGS-32346): the apiservice controller waits until bootstrap complete [#575](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/575)
* NO-ISSUE: Makefile: fixes test-e2e-encryption-rotation targets [#577](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/577)
* NO-ISSUE: fix: TestRedeployOnConfigChange [#576](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/576)
* [OCPBUGS-22969](https://issues.redhat.com/browse/OCPBUGS-22969): Use v1 for flowcontrol API [#559](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/559)
* [OCPBUGS-18115](https://issues.redhat.com/browse/OCPBUGS-18115): Remove "include.release.openshift.io/ibm-cloud-managed:" annotation [#566](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/566)
* [OCPBUGS-18939](https://issues.redhat.com/browse/OCPBUGS-18939): manifest: drop slo latency metrics in favor of sli [#547](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/547)
* [WRKLDS-1004](https://issues.redhat.com/browse/WRKLDS-1004): use AlwaysAllow UnhealthyPodEvictionPolicy in PDBs [#562](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/562)
* [OCPBUGS-24972](https://issues.redhat.com/browse/OCPBUGS-24972): Updating ose-cluster-openshift-apiserver-operator-container image to be consistent with ART [#561](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/561)
* [OCPBUGS-18115](https://issues.redhat.com/browse/OCPBUGS-18115): Remove "include.release.openshift.io/ibm-cloud-managed:" annotation [#551](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/551)
* [OCPBUGS-19231](https://issues.redhat.com/browse/OCPBUGS-19231): Updating ose-cluster-openshift-apiserver-operator images to be consistent with ART [#548](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/548)
* [OCPBUGS-21733](https://issues.redhat.com/browse/OCPBUGS-21733): bump library-go to include switch to HTTP/1.1 [#552](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/552)
* [WRKLDS-728](https://issues.redhat.com/browse/WRKLDS-728): Capabilities: drop build/apps APIService when capabilities are not enabled [#532](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/532)
* switch image-registry cert CM [#545](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/545)
* [OCPBUGS-16554](https://issues.redhat.com/browse/OCPBUGS-16554): update dependencies to get rid of goproxy [#546](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/546)
* [AUTH-408](https://issues.redhat.com/browse/AUTH-408): bindata: set required-scc [#544](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/544)
* Plumb featuregates to the openshift-apiserver [#542](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/542)
* allow etcd healthcheck timeout closer to probe timeouts to avoid failing on slower etcd [#540](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/540)
* Add AES-GCM encryption tests [#539](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/539)
* [OCPBUGS-14010](https://issues.redhat.com/browse/OCPBUGS-14010): increase timeout for probes [#536](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/536)
* [OCPBUGS-2765](https://issues.redhat.com/browse/OCPBUGS-2765): Library go bump [#538](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/538)
* [OCPBUGS-12813](https://issues.redhat.com/browse/OCPBUGS-12813): Updating ose-cluster-openshift-apiserver-operator images to be consistent with ART [#534](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/534)
* Updating ose-cluster-openshift-apiserver-operator images to be consistent with ART [#525](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/525)
* [OCPBUGS-10040](https://issues.redhat.com/browse/OCPBUGS-10040): update openshift/api to include aesgcm provider in the default apiserver schema [#526](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/526)
* [API-1509](https://issues.redhat.com/browse/API-1509): Enable AESGCM encryption [#521](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/521)
* [OCPBUGS-4343](https://issues.redhat.com/browse/OCPBUGS-4343): update apf configuration to use v1beta3 [#509](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/509)
* [OCPBUGS-6233](https://issues.redhat.com/browse/OCPBUGS-6233): Bump dependencies and images [#517](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/517)
* [OCPBUGS-5300](https://issues.redhat.com/browse/OCPBUGS-5300): routes/status resources can leak sensitive data, exclude it from audit [#511](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/511)
* make api team approver [#506](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/506)
* [OCPBUGS-3929](https://issues.redhat.com/browse/OCPBUGS-3929): update apf configuration to use v1beta2 [#508](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/508)
* [Full changelog](https://github.com/openshift/cluster-openshift-apiserver-operator/compare/4c5b4882e20944d9c44272551053fccbe16d6451...)


### [cluster-openshift-controller-manager-operator](https://github.com/openshift/cluster-openshift-controller-manager-operator/tree/)

* [CNTRLPLANE-2620](https://issues.redhat.com/browse/CNTRLPLANE-2620): Restart operator when TLS config changes [#412](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/412)
* [CNTRLPLANE-2769](https://issues.redhat.com/browse/CNTRLPLANE-2769): bump kubernetes dependencies to v1.35 [#415](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/415)
* no-jira: Migrate away from deprecated ioutil [#401](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/401)
* no-jira: refactor: use the configured clock source during startup [#411](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/411)
* [CNTRLPLANE-2620](https://issues.redhat.com/browse/CNTRLPLANE-2620): propagate global tls config to operand [#407](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/407)
* [OCPBUGS-70032](https://issues.redhat.com/browse/OCPBUGS-70032): Updating ose-cluster-openshift-controller-manager-operator-container image to be consistent with ART for 4.22 [#404](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/404)
* [CNTRLPLANE-1307](https://issues.redhat.com/browse/CNTRLPLANE-1307): Refactor OTE to single-module architecture [#403](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/403)
* [CNTRLPLANE-1676](https://issues.redhat.com/browse/CNTRLPLANE-1676): Rebase k8s 1.34 [#402](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/402)
* [CNTRLPLANE-1544](https://issues.redhat.com/browse/CNTRLPLANE-1544): Use user namespace for the operator [#397](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/397)
* [CNTRLPLANE-1544](https://issues.redhat.com/browse/CNTRLPLANE-1544): Enable user namespaces for the operands [#400](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/400)
* [OCPBUGS-62494](https://issues.redhat.com/browse/OCPBUGS-62494): Updating ose-cluster-openshift-controller-manager-operator-container image to be consistent with ART for 4.21 [#399](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/399)
* [CNTRLPLANE-1307](https://issues.redhat.com/browse/CNTRLPLANE-1307): set up openshift-tests-extension for cluster-openshift-controller-manager-operator and add a sanity test [#395](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/395)
* [CNTRLPLANE-926](https://issues.redhat.com/browse/CNTRLPLANE-926): Add readonlyRootFilesystem [#392](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/392)
* [CNTRLPLANE-1054](https://issues.redhat.com/browse/CNTRLPLANE-1054): Update k8s deps to 1.33.2 [#393](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/393)
* [WRKLDS-844](https://issues.redhat.com/browse/WRKLDS-844): sync: Use more descriptive variable name [#390](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/390)
* [WRKLDS-844](https://issues.redhat.com/browse/WRKLDS-844): pkg/operator: Split OCM/RCM status conditions [#387](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/387)
* [WRKLDS-954](https://issues.redhat.com/browse/WRKLDS-954): pkg/operator: Remove expired conditional resources [#388](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/388)
* [WRKLDS-1676](https://issues.redhat.com/browse/WRKLDS-1676): ocm deployment: Add POD_NAME [#386](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/386)
* [WRKLDS-1676](https://issues.redhat.com/browse/WRKLDS-1676): controller manager config: Set leaderElection.name [#385](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/385)
* [WRKLDS-1653](https://issues.redhat.com/browse/WRKLDS-1653): bump(k8s): update k8s.io/* dependencies to v1.32.2 [#381](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/381)
* [OCPBUGS-47528](https://issues.redhat.com/browse/OCPBUGS-47528): Add team members to the OWNERS file [#373](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/373)
* [OCPBUGS-45698](https://issues.redhat.com/browse/OCPBUGS-45698): Updating ose-cluster-openshift-controller-manager-operator-container image to be consistent with ART for 4.19 [#372](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/372)
* [API-1835](https://issues.redhat.com/browse/API-1835): bump library-go [#370](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/370)
* [WRKLDS-1492](https://issues.redhat.com/browse/WRKLDS-1492): Update k8s dependencies to 1.31.1 [#368](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/368)
* [OCPBUGS-41227](https://issues.redhat.com/browse/OCPBUGS-41227): Updating ose-cluster-openshift-controller-manager-operator-container image to be consistent with ART for 4.18 [#364](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/364)
* create CRDs from openshift/api [#367](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/367)
* no-jira: OWNERS: remove former employees [#354](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/354)
* [OCPBUGS-35801](https://issues.redhat.com/browse/OCPBUGS-35801): nil pointer reference in ocm-operator [#355](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/355)
* [WRKLDS-1327](https://issues.redhat.com/browse/WRKLDS-1327): Replace wildcards by explicit list of verbs [#353](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/353)
* [WRKLDS-1292](https://issues.redhat.com/browse/WRKLDS-1292): Bump k8s dependencies to 1.30.1 [#352](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/352)
* [OCPBUGS-34395](https://issues.redhat.com/browse/OCPBUGS-34395): Move `cluster` Build CR to runlevel 10 to match CRD [#351](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/351)
* [OCPBUGS-34077](https://issues.redhat.com/browse/OCPBUGS-34077): Always Disable Default Rolebindings Controller [#346](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/346)
* [OCPBUGS-34054](https://issues.redhat.com/browse/OCPBUGS-34054): lots of churn during image registry managed/removed transition [#347](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/347)
* [OCPBUILD-9](https://issues.redhat.com/browse/OCPBUILD-9): Adds capabilities for builder & deployer rolebindings controller [#335](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/335)
* [AUTH-482](https://issues.redhat.com/browse/AUTH-482): set required-scc for openshift workloads [#336](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/336)
* [OCPBUGS-23848](https://issues.redhat.com/browse/OCPBUGS-23848): Bumps opentelemetry dependencies [#341](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/341)
* [OCPBUGS-29973](https://issues.redhat.com/browse/OCPBUGS-29973): Updating ose-cluster-openshift-controller-manager-operator-container image to be consistent with ART for 4.16 [#337](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/337)
* [OCPBUGS-29581](https://issues.redhat.com/browse/OCPBUGS-29581): Apply hypershift cluster-profile for ibm-cloud-managed [#334](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/334)
* [OCPBUGS-22969](https://issues.redhat.com/browse/OCPBUGS-22969): Use v1 for flowcontrol API [#316](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/316)
* [BUILD-854](https://issues.redhat.com/browse/BUILD-854): Add adambkaplan as approver [#338](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/338)
* [OCPBUGS-24888](https://issues.redhat.com/browse/OCPBUGS-24888): Updating ose-cluster-openshift-controller-manager-operator-container image to be consistent with ART [#321](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/321)
* [OCPBUGS-28666](https://issues.redhat.com/browse/OCPBUGS-28666): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#326](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/326)
* [OCPBUGS-23624](https://issues.redhat.com/browse/OCPBUGS-23624): Add .snyk file to exclude vendor and ignore unit tests [#325](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/325)
* [WRKLDS-1016](https://issues.redhat.com/browse/WRKLDS-1016): Bump k8s dependencies to 1.29.0 [#324](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/324)
* [OCPBUGS-24190](https://issues.redhat.com/browse/OCPBUGS-24190): Disable deployer-controller when deploymentconfig is disabled [#320](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/320)
* [OCPBUGS-22956](https://issues.redhat.com/browse/OCPBUGS-22956): Remove blockage of ConfigObserver by build informer HasSynced flag [#315](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/315)
* Revert "Revert #300 "API-1666: add image pull secret cleanup controller"" [#314](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/314)
* Revert #300 "API-1666: add image pull secret cleanup controller" [#313](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/313)
* [API-1642](https://issues.redhat.com/browse/API-1642): add image pull secret cleanup controller [#300](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/300)
* [API-1642](https://issues.redhat.com/browse/API-1642): Do not generate image pull secrets for internal registry when internal registry is disabled. [#298](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/298)
* [OCPBUGS-21830](https://issues.redhat.com/browse/OCPBUGS-21830): bump(k8s,openshift) to address CVE-2023-44487 [#308](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/308)
* [OCPBUGS-20164](https://issues.redhat.com/browse/OCPBUGS-20164): Include Build CRD in manifests [#306](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/306)
* [WRKLDS-806](https://issues.redhat.com/browse/WRKLDS-806): Bump kube dependencies to 1.28.2 [#305](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/305)
* [OCPBUGS-19136](https://issues.redhat.com/browse/OCPBUGS-19136): Updating ose-cluster-openshift-controller-manager-operator images to be consistent with ART [#304](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/304)
* [OCPBUGS-18932](https://issues.redhat.com/browse/OCPBUGS-18932): Always sort disabled controller list [#302](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/302)
* [OCPBUGS-18498](https://issues.redhat.com/browse/OCPBUGS-18498): Disable BuildConfigChange controller when Build cap is disabled [#299](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/299)
* route-controller-manager deployment updates [#295](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/295)
* [OCPBUGS-16072](https://issues.redhat.com/browse/OCPBUGS-16072): Updating Kubernetes and other associated dependencies [#296](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/296)
* [OCPBUGS-13926](https://issues.redhat.com/browse/OCPBUGS-13926): change the operator log level to default normal in the deployment [#289](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/289)
* [BUILD-582](https://issues.redhat.com/browse/BUILD-582), [OCPBUGS-14638](https://issues.redhat.com/browse/OCPBUGS-14638): bump(k8s): 1.27.1 [#294](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/294)
* [OCPBUGS-13926](https://issues.redhat.com/browse/OCPBUGS-13926): add loglevel controller for  OCM-o [#292](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/292)
* Revert "13895: [WRKLDS-730] route-controller-manager deployment updates" [#293](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/293)
* [OCPBUGS-13895](https://issues.redhat.com/browse/OCPBUGS-13895): [WRKLDS-730] route-controller-manager deployment updates [#288](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/288)
* Updating ose-cluster-openshift-controller-manager-operator images to be consistent with ART [#287](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/287)
* Updating ose-cluster-openshift-controller-manager-operator images to be consistent with ART [#286](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/286)
* Updating ose-cluster-openshift-controller-manager-operator images to be consistent with ART [#285](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/285)
* Bump golang.org/x/net from 0.5.0 to 0.7.0 [#284](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/284)
* Updating ose-cluster-openshift-controller-manager-operator images to be consistent with ART [#279](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/279)
* [OCPBUGS-10568](https://issues.redhat.com/browse/OCPBUGS-10568): migrate to using lease objects for leader election [#282](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/282)
* Add Divyanshu Agrawal as a reviewer [#283](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/283)
* [OCPBUGS-4343](https://issues.redhat.com/browse/OCPBUGS-4343): update apf configuration to use v1beta3 [#273](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/273)
* Updating ose-cluster-openshift-controller-manager-operator images to be consistent with ART [#274](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/274)
* [WRKLDS-594](https://issues.redhat.com/browse/WRKLDS-594): bump(k8s): 1.26.1 [#277](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/277)
* [OCPBUGS-5275](https://issues.redhat.com/browse/OCPBUGS-5275): remove unnecessary RBAC for leader-locking-ingress-to-route-controller [#276](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/276)
* [OCPBUGS-3929](https://issues.redhat.com/browse/OCPBUGS-3929): update apf configuration to use v1beta2 [#272](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/272)
* let deployer pods patch/apply replication controllers [#270](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/270)
* [Bug 2111979](https://bugzilla.redhat.com/show_bug.cgi?id=2111979): Set openshift.io/run-level to nil in openshift-controller-manager nam… [#269](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/269)
* And 1 elided commits (e.g. from squash or rebase merges)
* [Full changelog](https://github.com/openshift/cluster-openshift-controller-manager-operator/compare/d1915d130481541b8bacb5b98eddbc1541809d0a...)


### [cluster-policy-controller](https://github.com/openshift/cluster-policy-controller/tree/)

* [CNTRLPLANE-2769](https://issues.redhat.com/browse/CNTRLPLANE-2769): bump k8s 1.35 [#174](https://github.com/openshift/cluster-policy-controller/pull/174)
* [CNTRLPLANE-1676](https://issues.redhat.com/browse/CNTRLPLANE-1676): Update to Kubernetes v1.34.2 [#170](https://github.com/openshift/cluster-policy-controller/pull/170)
* [OCPBUGS-62440](https://issues.redhat.com/browse/OCPBUGS-62440): Updating ose-cluster-policy-controller-container image to be consistent with ART for 4.21 [#169](https://github.com/openshift/cluster-policy-controller/pull/169)
* [OCPBUGS-57191](https://issues.redhat.com/browse/OCPBUGS-57191): fix(psalabelsyncer): return an error instead of panic when converting an unknown volume [#167](https://github.com/openshift/cluster-policy-controller/pull/167)
* NO-JIRA: scc allocation controller: Use server-side apply [#165](https://github.com/openshift/cluster-policy-controller/pull/165)
* [CNTRLPLANE-1054](https://issues.redhat.com/browse/CNTRLPLANE-1054): rebase k8s (1.33.2), openshift (4.20) and other underlying dependencies [#164](https://github.com/openshift/cluster-policy-controller/pull/164)
* [CNTRLPLANE-55](https://issues.redhat.com/browse/CNTRLPLANE-55): Add MinimallySufficientPodSecurityStandard annotation to namespaces [#161](https://github.com/openshift/cluster-policy-controller/pull/161)
* [WRKLDS-1653](https://issues.redhat.com/browse/WRKLDS-1653): bump(k8s): update k8s.io/* dependencies to v1.32.2 [#160](https://github.com/openshift/cluster-policy-controller/pull/160)
* [MON-3866](https://issues.redhat.com/browse/MON-3866): chore: csr: Add approver for monitoring CSRs issued for metrics-server [#148](https://github.com/openshift/cluster-policy-controller/pull/148)
* [OCPBUGS-45829](https://issues.redhat.com/browse/OCPBUGS-45829): Updating ose-cluster-policy-controller-container image to be consistent with ART for 4.19 ++ [#159](https://github.com/openshift/cluster-policy-controller/pull/159)
* [OCPBUGS-43380](https://issues.redhat.com/browse/OCPBUGS-43380): psalabelsyncer: add image volume type to list [#157](https://github.com/openshift/cluster-policy-controller/pull/157)
* [WRKLDS-1492](https://issues.redhat.com/browse/WRKLDS-1492): Update k8s dependencies to 1.31.1 [#156](https://github.com/openshift/cluster-policy-controller/pull/156)
* [OCPBUGS-41166](https://issues.redhat.com/browse/OCPBUGS-41166): Updating ose-cluster-policy-controller-container image to be consistent with ART for 4.18 [#152](https://github.com/openshift/cluster-policy-controller/pull/152)
* no-jira: Update OWNERS [#155](https://github.com/openshift/cluster-policy-controller/pull/155)
* [AUTH-537](https://issues.redhat.com/browse/AUTH-537): pkg/psalabelsyncer: switch to PSA version 'latest' [#153](https://github.com/openshift/cluster-policy-controller/pull/153)
* [WRKLDS-1292](https://issues.redhat.com/browse/WRKLDS-1292): bump(k8s.io)=1.30.1 [#151](https://github.com/openshift/cluster-policy-controller/pull/151)
* [OCPBUGS-34304](https://issues.redhat.com/browse/OCPBUGS-34304): Updating ose-cluster-policy-controller-container image to be consistent with ART for 4.17 [#150](https://github.com/openshift/cluster-policy-controller/pull/150)
* [OCPBUGS-34304](https://issues.redhat.com/browse/OCPBUGS-34304): Updating ose-cluster-policy-controller-container image to be consistent with ART for 4.17 [#149](https://github.com/openshift/cluster-policy-controller/pull/149)
* [OCPBUGS-30496](https://issues.redhat.com/browse/OCPBUGS-30496): bump(google.golang.org/protobuf)=v1.33.0 [#147](https://github.com/openshift/cluster-policy-controller/pull/147)
* [WRKLDS-1016](https://issues.redhat.com/browse/WRKLDS-1016): bump k8s to 1.29.1 [#146](https://github.com/openshift/cluster-policy-controller/pull/146)
* [OCPBUGS-24877](https://issues.redhat.com/browse/OCPBUGS-24877): Updating ose-cluster-policy-controller-container image to be consistent with ART [#144](https://github.com/openshift/cluster-policy-controller/pull/144)
* [OCPBUGS-26190](https://issues.redhat.com/browse/OCPBUGS-26190): Add .snyk file to exclude vendor and ignore unit tests [#145](https://github.com/openshift/cluster-policy-controller/pull/145)
* [OCPBUGS-24078](https://issues.redhat.com/browse/OCPBUGS-24078): Updating ose-cluster-policy-controller-container image to be consistent with ART [#143](https://github.com/openshift/cluster-policy-controller/pull/143)
* go.mod: remove replaces [#138](https://github.com/openshift/cluster-policy-controller/pull/138)
* [OCPBUGS-21638](https://issues.redhat.com/browse/OCPBUGS-21638): bump(k8s,openshift) to address CVE-2023-44487 [#137](https://github.com/openshift/cluster-policy-controller/pull/137)
* [OCPBUGS-21638](https://issues.redhat.com/browse/OCPBUGS-21638): Bump deps to address CVE-2023-44487 [#133](https://github.com/openshift/cluster-policy-controller/pull/133)
* [WRKLDS-806](https://issues.redhat.com/browse/WRKLDS-806): bump k8s to 1.28 [#132](https://github.com/openshift/cluster-policy-controller/pull/132)
* [OCPBUGS-19119](https://issues.redhat.com/browse/OCPBUGS-19119): Updating cluster-policy-controller images to be consistent with ART [#131](https://github.com/openshift/cluster-policy-controller/pull/131)
* [OCPBUGS-17458](https://issues.redhat.com/browse/OCPBUGS-17458): ps syncer: don't hotloop on a missing namespace [#130](https://github.com/openshift/cluster-policy-controller/pull/130)
* [OCPBUGS-17989](https://issues.redhat.com/browse/OCPBUGS-17989): pkg/psalabelsyncer: enforce syncing in case label is set [#129](https://github.com/openshift/cluster-policy-controller/pull/129)
* [AUTH-413](https://issues.redhat.com/browse/AUTH-413): ps syncer: only sync labels if noone else is managing them [#127](https://github.com/openshift/cluster-policy-controller/pull/127)
* ps syncer: add a controller for run-level 0 namespaces [#128](https://github.com/openshift/cluster-policy-controller/pull/128)
* Adjust logs per generic troubleshooting [#126](https://github.com/openshift/cluster-policy-controller/pull/126)
* [OCPBUGS-15568](https://issues.redhat.com/browse/OCPBUGS-15568): Add timeout into cache sync wait to prevent hanging forever [#124](https://github.com/openshift/cluster-policy-controller/pull/124)
* [OCPBUGS-15568](https://issues.redhat.com/browse/OCPBUGS-15568): Remove debugs logs in workqueuebucket [#125](https://github.com/openshift/cluster-policy-controller/pull/125)
* Add more logs for queue operations [#122](https://github.com/openshift/cluster-policy-controller/pull/122)
* [OCPBUGS-15568](https://issues.redhat.com/browse/OCPBUGS-15568): Handle error if caches are not synced instead silently exit [#121](https://github.com/openshift/cluster-policy-controller/pull/121)
* Add ingvagabund to owners [#120](https://github.com/openshift/cluster-policy-controller/pull/120)
* Add logs for quota namespace syncing with verbosity level 2 [#119](https://github.com/openshift/cluster-policy-controller/pull/119)
* [OCPBUGS-13649](https://issues.redhat.com/browse/OCPBUGS-13649): fix ClusterResourceQuotas to work for all api resources including custom resources [#115](https://github.com/openshift/cluster-policy-controller/pull/115)
* [OCPBUGS-13579](https://issues.redhat.com/browse/OCPBUGS-13579): bump(k8s) to v0.27.1 [#113](https://github.com/openshift/cluster-policy-controller/pull/113)
* [OCPBUGS-8271](https://issues.redhat.com/browse/OCPBUGS-8271): external template and route Informer [#100](https://github.com/openshift/cluster-policy-controller/pull/100)
* Updating cluster-policy-controller images to be consistent with ART [#110](https://github.com/openshift/cluster-policy-controller/pull/110)
* complete controller description [#104](https://github.com/openshift/cluster-policy-controller/pull/104)
* [OCPBUGS-160](https://issues.redhat.com/browse/OCPBUGS-160): psalabelsyncer: handle empty namespace of a rolebinding subject [#107](https://github.com/openshift/cluster-policy-controller/pull/107)
* Updating cluster-policy-controller images to be consistent with ART [#105](https://github.com/openshift/cluster-policy-controller/pull/105)
* update psa dependency version [#103](https://github.com/openshift/cluster-policy-controller/pull/103)
* update controller-manager dependency to point to v0.25.0 [#101](https://github.com/openshift/cluster-policy-controller/pull/101)
* [OCPBUGS-723](https://issues.redhat.com/browse/OCPBUGS-723): clusterquotareconciliation: do not sync quota monitor cache with no monitors registered [#94](https://github.com/openshift/cluster-policy-controller/pull/94)
* [OCPBUGS-3985](https://issues.redhat.com/browse/OCPBUGS-3985): enforce pod security admission when techpreview is enabled [#89](https://github.com/openshift/cluster-policy-controller/pull/89)
* Updating cluster-policy-controller images to be consistent with ART [#91](https://github.com/openshift/cluster-policy-controller/pull/91)
* [Full changelog](https://github.com/openshift/cluster-policy-controller/compare/105cc773b37f00be2351c9a4e6df24af94d547c1...)


### [cluster-samples-operator](https://github.com/openshift/cluster-samples-operator/tree/ab23d0e04237ffc8cf69cbf9b73f8bc2eee190bb)

* [OCPBUGS-7208](https://issues.redhat.com/browse/OCPBUGS-7208): When setting allowedRegistries urls the openshift-samples operator is degraded [#489](https://github.com/openshift/cluster-samples-operator/pull/489)
* [Full changelog](https://github.com/openshift/cluster-samples-operator/compare/212a4553b3bf87d56f2f360b562187a685099c3e...ab23d0e04237ffc8cf69cbf9b73f8bc2eee190bb)


### [cluster-storage-operator](https://github.com/openshift/cluster-storage-operator/tree/b29bac7a510082ffd99534ba84bcd035079741ba)

* [OCPBUGS-7331](https://issues.redhat.com/browse/OCPBUGS-7331): hypershift: remove inject-proxy annotation from aws-ebs-csi-driver-operator deployment [#337](https://github.com/openshift/cluster-storage-operator/pull/337)
* [Full changelog](https://github.com/openshift/cluster-storage-operator/compare/220a777e094ff6b198007518d0734f9b54a7f9af...b29bac7a510082ffd99534ba84bcd035079741ba)


### [console](https://github.com/openshift/console/tree/a734e812a8ce3e1540bc1dc822baa5ab513173d7)

* [OCPBUGS-7506](https://issues.redhat.com/browse/OCPBUGS-7506): Fix different CI issues [#12555](https://github.com/openshift/console/pull/12555)
* [OCPBUGS-6966](https://issues.redhat.com/browse/OCPBUGS-6966): Remove description field from the PLR parameters page [#12519](https://github.com/openshift/console/pull/12519)
* [OCPBUGS-7437](https://issues.redhat.com/browse/OCPBUGS-7437): Webhook Secret (1 of 2) is not removed when Knative Service is deleted [#12560](https://github.com/openshift/console/pull/12560)
* [OCPBUGS-6887](https://issues.redhat.com/browse/OCPBUGS-6887): Show Tag label and tag name if tag is detected in repository PipelineRun list and details page [#12510](https://github.com/openshift/console/pull/12510)
* [OCPBUGS-6816](https://issues.redhat.com/browse/OCPBUGS-6816): Repositories list does not show the running pipelinerun as last pipelinerun [#12500](https://github.com/openshift/console/pull/12500)
* [OCPBUGS-4072](https://issues.redhat.com/browse/OCPBUGS-4072): Fix rerender loop/crash when bindable-kinds is found but has no status [#12304](https://github.com/openshift/console/pull/12304)
* [OCPBUGS-6671](https://issues.redhat.com/browse/OCPBUGS-6671): fix broken pipeline secret [#12474](https://github.com/openshift/console/pull/12474)
* [OCPBUGS-6913](https://issues.redhat.com/browse/OCPBUGS-6913): PipelineRun task status overlaps status text [#12516](https://github.com/openshift/console/pull/12516)
* And 1 elided commits (e.g. from squash or rebase merges)
* [Full changelog](https://github.com/openshift/console/compare/63cb4d6e28e931640f55e9f1dca83ed76db99a46...a734e812a8ce3e1540bc1dc822baa5ab513173d7)


### [console-operator](https://github.com/openshift/console-operator/tree/bb87c5921246a64a59c1c09336c2ab0423330b4d)

* [OCPBUGS-6921](https://issues.redhat.com/browse/OCPBUGS-6921): Recover ConsoleNotificationSync after being degraded [#728](https://github.com/openshift/console-operator/pull/728)
* And 1 elided commits (e.g. from squash or rebase merges)
* [Full changelog](https://github.com/openshift/console-operator/compare/8c938a46686746518cc37e71b444d40d1b4e6c2d...bb87c5921246a64a59c1c09336c2ab0423330b4d)


### [csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager](https://github.com/openshift/cloud-provider-openstack/tree/c21f88a0470f4321943e26b6cb19a8939a300fb9)

* [OCPBUGS-6591](https://issues.redhat.com/browse/OCPBUGS-6591): Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.25 into release-4.12 [#174](https://github.com/openshift/cloud-provider-openstack/pull/174)
* [Full changelog](https://github.com/openshift/cloud-provider-openstack/compare/3125fe729221139aa8c87b427655669880bbd06c...c21f88a0470f4321943e26b6cb19a8939a300fb9)


### [csi-driver-manila-operator](https://github.com/openshift/csi-driver-manila-operator/tree/2c0d3b1c56f485cf6f4ad2787753545975326e6d)

* [OCPBUGS-6599](https://issues.redhat.com/browse/OCPBUGS-6599): Address CVE-2022-41717 [#166](https://github.com/openshift/csi-driver-manila-operator/pull/166)
* [Full changelog](https://github.com/openshift/csi-driver-manila-operator/compare/6cad8759f4456659c9397a61d20a7f084bd90304...2c0d3b1c56f485cf6f4ad2787753545975326e6d)


### [csi-driver-nfs](https://github.com/openshift/csi-driver-nfs/tree/d90992573acb3df6c7fbb6dbe1b215125d26fc34)

* [OCPBUGS-6590](https://issues.redhat.com/browse/OCPBUGS-6590): Address CVE-2022-41717 [#105](https://github.com/openshift/csi-driver-nfs/pull/105)
* [Full changelog](https://github.com/openshift/csi-driver-nfs/compare/b7393faceb18e18eae133a6de89e4b4339295fa8...d90992573acb3df6c7fbb6dbe1b215125d26fc34)


### [fedora-coreos, machine-os-content, okd-rpms](https://github.com/openshift/okd-machine-os/tree/fd9575e20e4bcf64e1f13b256f82cb5c4d30d36b)

* Bump fedora-coreos to latest stable [#531](https://github.com/openshift/okd-machine-os/pull/531)
* overlay: prevent NM from modifying resolv.conf [#528](https://github.com/openshift/okd-machine-os/pull/528)
* Bump fedora-coreos to latest stable [#526](https://github.com/openshift/okd-machine-os/pull/526)
* Dockerfile.rpms: use stable CRIO releases [#521](https://github.com/openshift/okd-machine-os/pull/521)
* [Full changelog](https://github.com/openshift/okd-machine-os/compare/03a7b60ec1521a42695454f6ddd4d757ef56e485...fd9575e20e4bcf64e1f13b256f82cb5c4d30d36b)


### [hypershift](https://github.com/openshift/hypershift/tree/96cd4a6b0fb11bbc87982c2c55acfcd30705fcf0)

* fix(cpo): Remove OLM collect for IBM Cloud to reduce artifacts and rbac [#2189](https://github.com/openshift/hypershift/pull/2189)
* fix(cpo): Reduce CNO access if Calico used as network provider [#2184](https://github.com/openshift/hypershift/pull/2184)
* Skip destroyAWSDefaultSecurityGroup if not AWS [#2168](https://github.com/openshift/hypershift/pull/2168)
* Create default security group for AWS clusters [#2162](https://github.com/openshift/hypershift/pull/2162)
* [AUTH-323](https://issues.redhat.com/browse/AUTH-323): pki: split out konnectivity certs from the rootCA [#2156](https://github.com/openshift/hypershift/pull/2156)
* fix(ibmcloud): Initialize image registry config on creates and bad config [#2104](https://github.com/openshift/hypershift/pull/2104)
* fix(cpo): Allow KAS profiling disablement [#2122](https://github.com/openshift/hypershift/pull/2122)
* reduce ignition server scope [#2140](https://github.com/openshift/hypershift/pull/2140)
* OpenID add support for groups claim in the config [#2129](https://github.com/openshift/hypershift/pull/2129)
* fix(cpo): Restart registry operator on annotation [#2121](https://github.com/openshift/hypershift/pull/2121)
* [Full changelog](https://github.com/openshift/hypershift/compare/d93280cff4348d3d2e0438ae91e0cba06c614458...96cd4a6b0fb11bbc87982c2c55acfcd30705fcf0)


### [insights-operator](https://github.com/openshift/insights-operator/tree/06da9df07e96c56c49d10222e6940d65a6d04534)

* [OCPBUGS-6782](https://issues.redhat.com/browse/OCPBUGS-6782): Create gatherer for gathering machines. (#734) [#734](https://github.com/openshift/insights-operator/pull/734)
* [Full changelog](https://github.com/openshift/insights-operator/compare/9b28d553555da54585cc05b018a1828fb8f81a5e...06da9df07e96c56c49d10222e6940d65a6d04534)


### [kube-proxy, sdn](https://github.com/openshift/sdn/tree/e32a8fa9f58a7f38045af135b207fe6764616e24)

* [OCPBUGS-6842](https://issues.redhat.com/browse/OCPBUGS-6842): Handle race condition to setup default vnid flows [#497](https://github.com/openshift/sdn/pull/497)
* [OCPBUGS-7227](https://issues.redhat.com/browse/OCPBUGS-7227): Update for 4.12 / go 1.19, including gofmt updates [#482](https://github.com/openshift/sdn/pull/482)
* [Full changelog](https://github.com/openshift/sdn/compare/d6903305ca12bf21f4ef6b96cb7aeed7defa2fc2...e32a8fa9f58a7f38045af135b207fe6764616e24)


### [machine-config-operator](https://github.com/openshift/machine-config-operator/tree/4099f3c4f4ea9df85a7516a6300a4c6e5504a5cd)

* [OCPBUGS-6943](https://issues.redhat.com/browse/OCPBUGS-6943): Improvements for `configure-ovs.sh` [#3528](https://github.com/openshift/machine-config-operator/pull/3528)
* [OCPBUGS-6045](https://issues.redhat.com/browse/OCPBUGS-6045): There are not enough logs in case "oc extract" is stuck in mco first boot [#3503](https://github.com/openshift/machine-config-operator/pull/3503)
* [OCPBUGS-6973](https://issues.redhat.com/browse/OCPBUGS-6973): configure-ovs: optionally generate configuration in /run [#3532](https://github.com/openshift/machine-config-operator/pull/3532)
* [OCPBUGS-6779](https://issues.redhat.com/browse/OCPBUGS-6779): baremetal: clean state generated by NM when run by dracut [#3521](https://github.com/openshift/machine-config-operator/pull/3521)
* [OCPBUGS-7241](https://issues.redhat.com/browse/OCPBUGS-7241): controller: default overwrite to true for files [#3546](https://github.com/openshift/machine-config-operator/pull/3546)
* [Full changelog](https://github.com/openshift/machine-config-operator/compare/84e78c83d5f1d6cb97a43b264154f1f519b69fb2...4099f3c4f4ea9df85a7516a6300a4c6e5504a5cd)


### [network-interface-bond-cni](https://github.com/openshift/bond-cni/tree/e8d4dc2e25fa71ca34c3066097aaf8511daf2b1e)

* Updating ose-network-interface-bond-cni images to be consistent with ART [#37](https://github.com/openshift/bond-cni/pull/37)
* [Full changelog](https://github.com/openshift/bond-cni/compare/a88d72fc5df78d3a43ec17cf313ac57678423b87...e8d4dc2e25fa71ca34c3066097aaf8511daf2b1e)


### [network-metrics-daemon](https://github.com/openshift/network-metrics-daemon/tree/b480d571c66d05fb844120995580cc05353f1101)

* Update golang.org/x/text to 0.7.0 (#66) [#66](https://github.com/openshift/network-metrics-daemon/pull/66)
* [Full changelog](https://github.com/openshift/network-metrics-daemon/compare/2dfa218ea9feb2b80f22f16c27bddd16fbcbfb87...b480d571c66d05fb844120995580cc05353f1101)


### [oc-mirror](https://github.com/openshift/oc-mirror/tree/3d517407dcbc46ededd7323c7e8f6d6a45efc649)

* [OCPBUGS-6703](https://issues.redhat.com/browse/OCPBUGS-6703): fix: adds logic that searches for the correct name when using a heads… (#554) [#554](https://github.com/openshift/oc-mirror/pull/554)
* [Full changelog](https://github.com/openshift/oc-mirror/compare/4d9ea8d0d25673c0af0950adf8c6b8714ea6016c...3d517407dcbc46ededd7323c7e8f6d6a45efc649)


### [openstack-machine-api-provider](https://github.com/openshift/machine-api-provider-openstack/tree/9176d8600a10d34527992d462f4006178d4bfcf7)

* [OCPBUGS-7155](https://issues.redhat.com/browse/OCPBUGS-7155): Address CVE-2022-41717 [#55](https://github.com/openshift/machine-api-provider-openstack/pull/55)
* [Full changelog](https://github.com/openshift/machine-api-provider-openstack/compare/5f1ea9f0dbdadb30f67e7539ff357170f9401773...9176d8600a10d34527992d462f4006178d4bfcf7)


### [operator-lifecycle-manager, operator-registry](https://github.com/openshift/operator-framework-olm/tree/01e82553f65d660f4c61d8a8617dba60d6ecb412)

* [OCPBUGS-7556](https://issues.redhat.com/browse/OCPBUGS-7556): Defuse E2e timebomb [#449](https://github.com/openshift/operator-framework-olm/pull/449)
* [OCPBUGS-7086](https://issues.redhat.com/browse/OCPBUGS-7086): cherry-pick pull request refactor FBC caching (#1051) f… [#441](https://github.com/openshift/operator-framework-olm/pull/441)
* [OCPBUGS-6260](https://issues.redhat.com/browse/OCPBUGS-6260): Catalog, fatal error: concurrent map read and map write [#440](https://github.com/openshift/operator-framework-olm/pull/440)
* [OCPBUGS-7025](https://issues.redhat.com/browse/OCPBUGS-7025): Set ImagePullPolicy of bundle unpacker to "IfNotPresent" for image digests [#439](https://github.com/openshift/operator-framework-olm/pull/439)
* [Full changelog](https://github.com/openshift/operator-framework-olm/compare/d6d213925d54c360f4d2f93ef729ff983322375a...01e82553f65d660f4c61d8a8617dba60d6ecb412)


### [ovn-kubernetes, ovn-kubernetes-microshift](https://github.com/openshift/ovn-kubernetes/tree/d827e379656033d95c695787f1abdc512497c7bb)

* [OCPBUGS-6040](https://issues.redhat.com/browse/OCPBUGS-6040): addMasqueradeRoute: fallback to gateway interface IPs [#1484](https://github.com/openshift/ovn-kubernetes/pull/1484)
* [OCPBUGS-7230](https://issues.redhat.com/browse/OCPBUGS-7230): Delete IGMP Groups when deleting stale chassis [#1516](https://github.com/openshift/ovn-kubernetes/pull/1516)
* [OCPBUGS-3399](https://issues.redhat.com/browse/OCPBUGS-3399): Drop in-cluster traffic towards svcCIDR at wrong port [#1490](https://github.com/openshift/ovn-kubernetes/pull/1490)
* [OCPBUGS-6961](https://issues.redhat.com/browse/OCPBUGS-6961): update base image of Dockerfile [#1504](https://github.com/openshift/ovn-kubernetes/pull/1504)
* [OCPBUGS-6823](https://issues.redhat.com/browse/OCPBUGS-6823): [release-4.12] Fix Egress FW ACL rules in dualstack mode [#1500](https://github.com/openshift/ovn-kubernetes/pull/1500)
* [OCPBUGS-4862](https://issues.redhat.com/browse/OCPBUGS-4862): Correct the deletion of noHostSubnet nodes [#1470](https://github.com/openshift/ovn-kubernetes/pull/1470)
* [OCPBUGS-298](https://issues.redhat.com/browse/OCPBUGS-298): ovnkube-trace: run ovn-sbctl and ovn-trace with --no-leader-only [#1489](https://github.com/openshift/ovn-kubernetes/pull/1489)
* [Full changelog](https://github.com/openshift/ovn-kubernetes/compare/e5fff733e0936d3ce30633f41d402da82e173186...d827e379656033d95c695787f1abdc512497c7bb)


### [prometheus-config-reloader, prometheus-operator, prometheus-operator-admission-webhook](https://github.com/openshift/prometheus-operator/tree/57e7c5741af878b97e473827c5bd82462e996856)

* [OCPBUGS-7458](https://issues.redhat.com/browse/OCPBUGS-7458): Fixes ThanoRuler StatefulSet re-creation bug [#217](https://github.com/openshift/prometheus-operator/pull/217)
* [Full changelog](https://github.com/openshift/prometheus-operator/compare/9b41d30910b7f36da0dad500fdb0870e86759366...57e7c5741af878b97e473827c5bd82462e996856)


### [tests](https://github.com/openshift/origin/tree/4262632da6af0f720159bda4c37276956e8829e5)

* [OCPBUGS-7633](https://issues.redhat.com/browse/OCPBUGS-7633): remove reference to old guard pods [#27732](https://github.com/openshift/origin/pull/27732)
* [OCPBUGS-7285](https://issues.redhat.com/browse/OCPBUGS-7285): extended: security: do not explicitly set api audience on token request [#27716](https://github.com/openshift/origin/pull/27716)
* [OCPBUGS-6850](https://issues.redhat.com/browse/OCPBUGS-6850): [release-4.12] upgrade/adminack: guarantee one admin ack check post-upgrade [#27684](https://github.com/openshift/origin/pull/27684)
* [Full changelog](https://github.com/openshift/origin/compare/bcbf338ea7ca23ed7b6014455d17b09b66417355...4262632da6af0f720159bda4c37276956e8829e5)


### [vsphere-csi-driver, vsphere-csi-driver-syncer](https://github.com/openshift/vmware-vsphere-csi-driver/tree/4d9496e254d15bfc50b58d60a37d0e9968986832)

* [OCPBUGS-6936](https://issues.redhat.com/browse/OCPBUGS-6936): fix for nil user session (#1859) [#57](https://github.com/openshift/vmware-vsphere-csi-driver/pull/57)
* [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver/compare/df89e303405042aa0c8f8704962910a4ef486ab8...4d9496e254d15bfc50b58d60a37d0e9968986832)


### [vsphere-problem-detector](https://github.com/openshift/vsphere-problem-detector/tree/c65eb79c378729ef266cdc219324ecc3e7c3ac87)

* [OCPBUGS-6788](https://issues.redhat.com/browse/OCPBUGS-6788): Derive the fully qualified vSphere username when checking permissions [#98](https://github.com/openshift/vsphere-problem-detector/pull/98)
* [Full changelog](https://github.com/openshift/vsphere-problem-detector/compare/7328d215995baa4bdf623021741c669251ea4296...c65eb79c378729ef266cdc219324ecc3e7c3ac87)