# 4.17.0-okd-scos.ec.3 Created: 2024-11-07 16:35:06 +0000 UTC Image Digest: `sha256:0305f882ffc77423cbffbc1a16c6c93f281fc960d36c0271d9e7f97a63af0b25` Promoted from registry.ci.openshift.org/origin/release-scos:4.17.0-0.okd-scos-2024-11-07-025119 ## Changes from 4.17.0-okd-scos.ec.2 ### Components * Kubectl 1.30.5 * Kubernetes 1.30.5 * Kubernetes Tests 1.30.0 * CentOS Stream CoreOS upgraded from 418.9.202410161643-0 to 417.9.202410282133-0 ### New images * [gcp-workload-identity-federation-webhook](https://github.com/openshift/gcp-workload-identity-federation-webhook) git [08579e9f](https://github.com/openshift/gcp-workload-identity-federation-webhook/commit/08579e9f60ab7f5f6c57f7e507c66a7ff0cc6d62) `sha256:c745d30328955c16c034204d44b6bb25585cdde54072d65a7ee8be0123d8afb9` ### Rebuilt images without code change * stream-coreos `sha256:0c15b14cf02ad6d2933a109d5c1ddb82d0579851edc362edad7ac9e3221a2901` * stream-coreos-extensions `sha256:c5d27e408e6245c800742c7748237ff71a71d15d0cef654173f511b582a18d9b` ### [aws-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-aws/tree/1f1c59f0ffd0bda9101e74356142e62305259590) * [OCPBUGS-43921](https://issues.redhat.com/browse/OCPBUGS-43921): OSD-25934: Only tag NetworkInterfaces in `RunInstances` if IAM Allows It [#528](https://github.com/openshift/cluster-api-provider-aws/pull/528) * [Full changelog](https://github.com/openshift/cluster-api-provider-aws/compare/b722659d11fcdbc4ed003aa866ed877ce654af3a...1f1c59f0ffd0bda9101e74356142e62305259590) ### [baremetal-installer, installer, installer-altinfra, installer-artifacts](https://github.com/openshift/installer/tree/6339911b42825bbae9868d39c7d400abf1d8e1c9) * [OCPBUGS-44247](https://issues.redhat.com/browse/OCPBUGS-44247): PowerVS: Update 4.17 CAPI ibmcloud to 9b077049 [#9182](https://github.com/openshift/installer/pull/9182) * [OCPBUGS-41642](https://issues.redhat.com/browse/OCPBUGS-41642): vendor: Update openshift/api to pick up v4.17 capability sets [#9013](https://github.com/openshift/installer/pull/9013) * [OCPBUGS-44226](https://issues.redhat.com/browse/OCPBUGS-44226): PowerVS: Fix MissingSecurityGroupRules [#9175](https://github.com/openshift/installer/pull/9175) * [OCPBUGS-44227](https://issues.redhat.com/browse/OCPBUGS-44227): PowerVS: Fix destroy persistent TG [#9176](https://github.com/openshift/installer/pull/9176) * [OCPBUGS-44228](https://issues.redhat.com/browse/OCPBUGS-44228): PowerVS: Change CAPI verbosity level [#9177](https://github.com/openshift/installer/pull/9177) * [OCPBUGS-43846](https://issues.redhat.com/browse/OCPBUGS-43846): add chrony.conf file when additional NTP sources are configured [#9142](https://github.com/openshift/installer/pull/9142) * [OCPBUGS-43735](https://issues.redhat.com/browse/OCPBUGS-43735): Add C4 instance validation [#9130](https://github.com/openshift/installer/pull/9130) * [OCPBUGS-43897](https://issues.redhat.com/browse/OCPBUGS-43897): Revendor assisted service external platform oci [#9147](https://github.com/openshift/installer/pull/9147) * [OCPBUGS-43786](https://issues.redhat.com/browse/OCPBUGS-43786): Limit GCP API firewall rule for internal clusters [#9138](https://github.com/openshift/installer/pull/9138) * [Full changelog](https://github.com/openshift/installer/compare/6723dfd18056a6d002f792afce5547fc24874908...6339911b42825bbae9868d39c7d400abf1d8e1c9) ### [cloud-credential-operator](https://github.com/openshift/cloud-credential-operator/tree/a836d6794373f8c2f69cef842e5a9f3d92556abe) * [OCPBUGS-44123](https://issues.redhat.com/browse/OCPBUGS-44123): Add GCP pod identity webhook [#776](https://github.com/openshift/cloud-credential-operator/pull/776) * [OCPBUGS-43644](https://issues.redhat.com/browse/OCPBUGS-43644): Only attempt timed token credentials on supported platforms. [#773](https://github.com/openshift/cloud-credential-operator/pull/773) * [Full changelog](https://github.com/openshift/cloud-credential-operator/compare/3d5dade6a6505d157f1978796894da83a21c1fd5...a836d6794373f8c2f69cef842e5a9f3d92556abe) ### [cluster-control-plane-machine-set-operator](https://github.com/openshift/cluster-control-plane-machine-set-operator/tree/f7e01c2f91628b25d1578c0a752f9b55c4233625) * [OCPBUGS-44047](https://issues.redhat.com/browse/OCPBUGS-44047): relax validation on delete and if failureDomains not configured [#330](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/330) * [Full changelog](https://github.com/openshift/cluster-control-plane-machine-set-operator/compare/a52da80dbb374fcb91b610cc2688cc863615f97d...f7e01c2f91628b25d1578c0a752f9b55c4233625) ### [cluster-image-registry-operator](https://github.com/openshift/cluster-image-registry-operator/tree/46b5602933182b749b36727d97f1ee9f9d9ee15e) * [OCPBUGS-43564](https://issues.redhat.com/browse/OCPBUGS-43564): fix proxy config and leader election test flakes [#1144](https://github.com/openshift/cluster-image-registry-operator/pull/1144) * [Full changelog](https://github.com/openshift/cluster-image-registry-operator/compare/dd8791c76bd60468f4fb3e357ba061835f2e7c48...46b5602933182b749b36727d97f1ee9f9d9ee15e) ### [cluster-monitoring-operator](https://github.com/openshift/cluster-monitoring-operator/tree/ae150000fe5529474786a10d7ef2f98a5cb571f3) * [OCPBUGS-43788](https://issues.redhat.com/browse/OCPBUGS-43788): Add runbook url for TelemeterClientFailures [#2507](https://github.com/openshift/cluster-monitoring-operator/pull/2507) * [Full changelog](https://github.com/openshift/cluster-monitoring-operator/compare/6267e06473d93cc32c584d7856c8f3daa1d97854...ae150000fe5529474786a10d7ef2f98a5cb571f3) ### [cluster-node-tuning-operator](https://github.com/openshift/cluster-node-tuning-operator/tree/86d8984ed6ec5f4d716fdfe39de5043001a2d727) * E2E: fix modify node selector to use lowercase (#1186) [#1186](https://github.com/openshift/cluster-node-tuning-operator/pull/1186) * [OCPBUGS-38900](https://issues.redhat.com/browse/OCPBUGS-38900): Drop sched_migration_cost_ns setting (#1201) [#1201](https://github.com/openshift/cluster-node-tuning-operator/pull/1201) * Make ocp-tuned-one-shot.service restart on-failure (#1187) [#1187](https://github.com/openshift/cluster-node-tuning-operator/pull/1187) * Fix context deadlines in ExecCommandOnPod() (#1189) [#1189](https://github.com/openshift/cluster-node-tuning-operator/pull/1189) * [OCPBUGS-43566](https://issues.redhat.com/browse/OCPBUGS-43566): CI: unblock (#1188) [#1188](https://github.com/openshift/cluster-node-tuning-operator/pull/1188) * [Full changelog](https://github.com/openshift/cluster-node-tuning-operator/compare/d7086bb43aa2ce0fb9f277c170d8d43f5f81be73...86d8984ed6ec5f4d716fdfe39de5043001a2d727) ### [cluster-update-keys](https://github.com/openshift/cluster-update-keys/tree/2ce31fc513224e76ac5924addc6207c205d95742) * Revert "OCPBUGS-38257: Revert #58 "OTA-1304: manifests.rhel/0000_90_openshift-cluster-image-policy: New manifest"" [#61](https://github.com/openshift/cluster-update-keys/pull/61) * [Full changelog](https://github.com/openshift/cluster-update-keys/compare/0072e6642a4eadc193d10a662fce5ecbd8320b63...2ce31fc513224e76ac5924addc6207c205d95742) ### [cluster-version-operator](https://github.com/openshift/cluster-version-operator/tree/8c3b8082fe109c24c23894635428549cab5be26c) * [OCPBUGS-43586](https://issues.redhat.com/browse/OCPBUGS-43586): Upgradeable=False should not block a 4.(y+1).z to 4.(y+1).z' retarget [#1095](https://github.com/openshift/cluster-version-operator/pull/1095) * [Full changelog](https://github.com/openshift/cluster-version-operator/compare/1e57277c34cb32ee4e5489fb4139a5fe97f338ad...8c3b8082fe109c24c23894635428549cab5be26c) ### [console](https://github.com/openshift/console/tree/bba72844a6de199a4fb82184e5889569ddcc38f6) * [OCPBUGS-43878](https://issues.redhat.com/browse/OCPBUGS-43878): Add flag to hide the pipelines-plugin pipeline builder extensions [#14457](https://github.com/openshift/console/pull/14457) * [OCPBUGS-42824](https://issues.redhat.com/browse/OCPBUGS-42824): remove axios as it is no longer in use [#14381](https://github.com/openshift/console/pull/14381) * [Full changelog](https://github.com/openshift/console/compare/203b90125b296e5ff11d9e4b673ca2e24bbae6d3...bba72844a6de199a4fb82184e5889569ddcc38f6) ### [gcp-machine-controllers](https://github.com/openshift/machine-api-provider-gcp/tree/0d6fbdb09401bcdf1a6da8dc07842732bc8e95ff) * [OCPBUGS-43738](https://issues.redhat.com/browse/OCPBUGS-43738): Add c4a instance as arm type [#95](https://github.com/openshift/machine-api-provider-gcp/pull/95) * [Full changelog](https://github.com/openshift/machine-api-provider-gcp/compare/5e0d1e45e04a327a2353807936db4d1b3dd130f6...0d6fbdb09401bcdf1a6da8dc07842732bc8e95ff) ### [hypershift](https://github.com/openshift/hypershift/tree/56deb3a2249d8a8b3ed71d66ada138298579dccd) * NO-JIRA: chore(deps): update konflux references (release-4.17) [#5053](https://github.com/openshift/hypershift/pull/5053) * NO-JIRA: Update Konflux references to fedcfe0 (release-4.17) [#5041](https://github.com/openshift/hypershift/pull/5041) * chore(deps): update konflux references (release-4.17) [#5023](https://github.com/openshift/hypershift/pull/5023) * chore(deps): update konflux references to f53fe54 (release-4.17) [#5018](https://github.com/openshift/hypershift/pull/5018) * NO-JIRA: Update Konflux references (release-4.17) [#5009](https://github.com/openshift/hypershift/pull/5009) * [OCPBUGS-42879](https://issues.redhat.com/browse/OCPBUGS-42879): Add network policies for konnectivity server and ignition server proxy [#4865](https://github.com/openshift/hypershift/pull/4865) * NO-JIRA: bump catalog operators version [#4992](https://github.com/openshift/hypershift/pull/4992) * NO-JIRA: chore(deps): update konflux references (release-4.17) [#4972](https://github.com/openshift/hypershift/pull/4972) * [OCPBUGS-43746](https://issues.redhat.com/browse/OCPBUGS-43746): add ValidIDPConfiguration condition to report IDP config issues [#4969](https://github.com/openshift/hypershift/pull/4969) * [Full changelog](https://github.com/openshift/hypershift/compare/b9e977da802d07591cd9fb8ad91ba24116f4a3a8...56deb3a2249d8a8b3ed71d66ada138298579dccd) ### [ibmcloud-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-ibmcloud/tree/a2beaa303d4ebaa0cfc5137153a90328d8d5fff0) * [OCPBUGS-37369](https://issues.redhat.com/browse/OCPBUGS-37369): UPSTREAM: <carry>: Fix go-retryablehttp CVE - 4.17 [#86](https://github.com/openshift/cluster-api-provider-ibmcloud/pull/86) * [Full changelog](https://github.com/openshift/cluster-api-provider-ibmcloud/compare/9179e15477e8de38460db74b4ec1ac125ea9d625...a2beaa303d4ebaa0cfc5137153a90328d8d5fff0) ### [insights-operator](https://github.com/openshift/insights-operator/tree/714aeb53392b66b4346edbee4b9b7f8c8836b419) * gather selected clusterroles (#1021) [#1021](https://github.com/openshift/insights-operator/pull/1021) * [OCPBUGS-43790](https://issues.redhat.com/browse/OCPBUGS-43790): update the filtering of the container logs (#1019) [#1019](https://github.com/openshift/insights-operator/pull/1019) * [OCPBUGS-43277](https://issues.redhat.com/browse/OCPBUGS-43277): do not propagate the remote configuration status as an (#1011) [#1011](https://github.com/openshift/insights-operator/pull/1011) * [Full changelog](https://github.com/openshift/insights-operator/compare/4f503fb6f2b83471e24f8418ce57d96ce7e10245...714aeb53392b66b4346edbee4b9b7f8c8836b419) ### [machine-config-operator](https://github.com/openshift/machine-config-operator/tree/5ea53a326ccda8712e2d5c93ba503e17e4a7c385) * [MCO-1343](https://issues.redhat.com/browse/MCO-1343): Backport Telemetry to 4.17 [#4650](https://github.com/openshift/machine-config-operator/pull/4650) * [OCPBUGS-43917](https://issues.redhat.com/browse/OCPBUGS-43917): Disable ESP offload for OVS attached interfaces [#4667](https://github.com/openshift/machine-config-operator/pull/4667) * [OCPBUGS-43719](https://issues.redhat.com/browse/OCPBUGS-43719): Soften haproxy timeout for kubeapi probe [#4657](https://github.com/openshift/machine-config-operator/pull/4657) * [Full changelog](https://github.com/openshift/machine-config-operator/compare/aece6973c2863397aa4d8c13910390b23f154fde...5ea53a326ccda8712e2d5c93ba503e17e4a7c385) ### [networking-console-plugin](https://github.com/openshift/networking-console-plugin/tree/d747e371f8e4b02a8e4a1614b3a56c50d0745960) * [OCPBUGS-43037](https://issues.redhat.com/browse/OCPBUGS-43037): hide routes metrics non-admin users [#129](https://github.com/openshift/networking-console-plugin/pull/129) * [OCPBUGS-43065](https://issues.redhat.com/browse/OCPBUGS-43065): Routes list sort by status [#131](https://github.com/openshift/networking-console-plugin/pull/131) * [Full changelog](https://github.com/openshift/networking-console-plugin/compare/426d13819907247cfcefcdc67d194a2d222e001b...d747e371f8e4b02a8e4a1614b3a56c50d0745960) ### [oauth-server](https://github.com/openshift/oauth-server/tree/5a70bcef9c5a913bda3ac9fbb5a27cb43d27a7db) * [OCPBUGS-44118](https://issues.redhat.com/browse/OCPBUGS-44118): escape spaces in oauth callback path [#167](https://github.com/openshift/oauth-server/pull/167) * [OCPBUGS-43587](https://issues.redhat.com/browse/OCPBUGS-43587): Fix login path for go1.22 mux pattern matching [#162](https://github.com/openshift/oauth-server/pull/162) * [Full changelog](https://github.com/openshift/oauth-server/compare/a44685102fbccd24a68207eacdc0a63435af5dde...5a70bcef9c5a913bda3ac9fbb5a27cb43d27a7db) ### [openshift-controller-manager](https://github.com/openshift/openshift-controller-manager/tree/f299e54abad2f06a51f95bf40b611a5f1519b31e) * [OCPBUGS-44093](https://issues.redhat.com/browse/OCPBUGS-44093): user system:serviceaccount:openshift-infra:serviceaccount-pull-secrets-controller in ns/openshift-infra must not produce too many applies [#350](https://github.com/openshift/openshift-controller-manager/pull/350) * [Full changelog](https://github.com/openshift/openshift-controller-manager/compare/fddd93bf30628b15fee660e94faea94b4a222365...f299e54abad2f06a51f95bf40b611a5f1519b31e) ### [operator-framework-tools, operator-lifecycle-manager, operator-registry](https://github.com/openshift/operator-framework-olm/tree/4cbfa455ffbd86afc26471f29bf46fed9f4779e3) * [OCPBUGS-43965](https://issues.redhat.com/browse/OCPBUGS-43965): Return an error when the IP status cannot be updated [#885](https://github.com/openshift/operator-framework-olm/pull/885) * [Full changelog](https://github.com/openshift/operator-framework-olm/compare/b0d86a042d2b36be77b3b5bca74e73194bfdeee8...4cbfa455ffbd86afc26471f29bf46fed9f4779e3) ### [tests](https://github.com/openshift/origin/tree/b231f7618836468e5006239cdb71cc290c579472) * [OCPBUGS-44062](https://issues.redhat.com/browse/OCPBUGS-44062): Adjust createDNSPod() to support hypershift dual-stack test [#29254](https://github.com/openshift/origin/pull/29254) * [OCPBUGS-44045](https://issues.redhat.com/browse/OCPBUGS-44045): Ignore infra nodes on tap cni tests [#29251](https://github.com/openshift/origin/pull/29251) * [Full changelog](https://github.com/openshift/origin/compare/13862c13dba55f899d39c2227fc1ab99ded627d8...b231f7618836468e5006239cdb71cc290c579472) ### [vsphere-csi-driver, vsphere-csi-driver-syncer](https://github.com/openshift/vmware-vsphere-csi-driver/tree/039ee3684d5addee3ff8436b19462def77bd5804) * [OCPBUGS-43705](https://issues.redhat.com/browse/OCPBUGS-43705): redact sensitive information when logging VCenter config [#133](https://github.com/openshift/vmware-vsphere-csi-driver/pull/133) * [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver/compare/738c43cfac38f92f5304935368bb3c41a147069f...039ee3684d5addee3ff8436b19462def77bd5804) ### [vsphere-csi-driver-operator](https://github.com/openshift/vmware-vsphere-csi-driver-operator/tree/c9ad7eca24e515bc6555b65ffd172ebc2702c5ff) * [OCPBUGS-43778](https://issues.redhat.com/browse/OCPBUGS-43778): Fix panic on nil infrastructure Spec.PlatformSpec.VSphere [#264](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/264) * [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver-operator/compare/9ec205c12f5b893065d3c1e944fac78bd2a56aa9...c9ad7eca24e515bc6555b65ffd172ebc2702c5ff)