Back to index

Download installer and client with:

oc adm release extract --tools registry.ci.openshift.org/origin/release:4.8.0-0.okd-2023-07-15-032754

Team Approvals:

No tests for this release

---

Loading changelog, this may take a while ...

Changes from 4.8.0-0.okd-2023-04-19-211216

Created: 2023-07-15 03:31:09 +0000 UTC

Image Digest: sha256:a06a82b073ec572f35f76f34d2b40b76a956eddd126b3c094efb0024a763ced5

Components

• Kubernetes 1.21.14
• Fedora CoreOS 48.34.4

Rebuilt images without code change

• cli git acf4dd4b sha256:bb5e052770e5d3f384a95162724d3cd4e9c05e25505cb8f7d95840b16508244b
• cli-artifacts git acf4dd4b sha256:5f5fd3ec41226012b21024d93d59272b309dada2c78a191e8cdfddd44a243bf0
• cluster-kube-apiserver-operator git 25c54939 sha256:b8d97778f71a0a6c7088e018b2e0b466ba709343e563eb720e4956254cb87298
• deployer git acf4dd4b sha256:76a773db3e602dc948f7c546fa64975278da5f352a7a341dd121b9673e6032c8
• tools git acf4dd4b sha256:9b16b5715a4a70d277bbee490cb4cd44c83290bee010678ac55f86fb73975353

cluster-bootstrap

• OCPEDGE-1683: feat: add support for arbiter and dual replica: #116
• OCPBUGS-48821: bootstrap API server should terminate only after API is HA #111
• OCPBUGS-45351: Updating ose-cluster-bootstrap-container image to be consistent with ART for 4.19 #110
• OCPBUGS-39429: Updating ose-cluster-bootstrap-container image to be consistent with ART for 4.18 #107
• OCPBUGS-24975: Updating ose-cluster-bootstrap-container image to be consistent with ART #103
• OCPBUGS-24975: Updating ose-cluster-bootstrap-container image to be consistent with ART #102
• OCPBUGS-19235: Updating ose-cluster-bootstrap images to be consistent with ART #100
• OCPBUGS-16504: bump(*): vendor update #99
• Updating ose-cluster-bootstrap images to be consistent with ART #88
• Updating ose-cluster-bootstrap images to be consistent with ART #82
• OCPBUGS-3505: Waiting for 2 masters in HA mode case #71
• OCPBUGS-6234: Bump dependencies and image #74
• Add API team to reviewers #75
• Add API team to the OWNERS #73
• Bug 2006945: extend hardcoded restmapper for cluster-bootstrap to avoid crashlooping bootstrap kube-apiserver #64
• update golang version #65
• Full changelog

cluster-network-operator

• OCPBUGS-55488: Remove environment variables related to ARO HCP MIv2 for CNO #2686
• OCPBUGS-55285: bindata,ovn-k,cudn: Validate loclanet topology’s excludeSubnet match specified subnets #2692
• OCPBUGS-40906: Implement IPsec NAT-Traversal encapsulation option #2573
• OCPBUGS-55090: Configures subdirectory based CNI chain loading #2690
• OCPBUGS-54238: Update CSR status condition appropriately #2674
• CORENET-5914: bindata,ovn-k: Update CUDN CRD following localnet support #2678
• SDN-5701: [multus-networkpolicy] Update CRD to the latest v1beta1 #2668
• CNF-16707: frr-k8s: wire the frr-status sidecar container #2687
• CORENET-5856: Update RouteAdvertisements schema #2685
• OCPBUGS-54837: Add missing backendAddressPools read permission on azure #2684
• CORENET-4481: update install-cni script #2676
• SDN-5342: Signer username validation #2560
• OCPBUGS-53180: Add IPv6 NGINX configuration #2681
• CNF-16707: frr-k8s: Add BGPSessionState CRD #2671
• SDN-5689: Rebase k8s v1.32 #2656
• OCPBUGS-54159: frr-k8s: tolerate all taints #2677
• OCPBUGS-5241: Auto opt in for whereabouts-controller #2670
• OCPBUGS-52280: Move to use newer IPsec DaemonSets irrespective of MCP state #2454
• CNTRLPLANE-112: Update managed Azure HCP cloud network config #2647
• OCPBUGS-52972: Correct namespace ref and cert dir #2665
• NO-JIRA: ovn-k: sync EgressService with upstream #2664
• OCPBUGS-52361: frr-k8s: rename validatingwebhook name #2659
• SDN-4829: Add machine config watchers to report IPsec status #2383
• NP-1100: Enable fast ranges #2648
• NO-JIRA: Add “centos” to supported OS ids #2652
• SDN-5330: Keep rendering OVN IPsec when its daemonset not available #2628
• OCPBUGS-49746: ovn-k,cudn crd: Ensure matching toplogy and topology-config #2638
• OCPBUGS-48312: frr-k8s: align manifests with operator #2615
• OCPBUGS-49621: Fix UDN and CUDN hostSubnet validation #2636
• OCPBUGS-49667: OVNK should be able to annotate network ID on NADs #2634
• OCPBUGS-46564: Update egressfirewall CRD to be consistent with ovn-kubernetes repo #2610
• SDN-5426: ©UDN CRD: add IPAM section and IPAM.Mode field. #2623
• SDN-5330: Keep IPsec in OVN enabled during the upgrade #2621
• OCPBUGS-48425: ovn-k, rbac: Enable users read & modify UserDefinedNetwork CRs #2619
• SDN-4930: Fix user-defined-networks-namespace-label binding #2616
• SDN-4930: Add host isolation mounts to ovnkube-node #2591
• SDN-4168: Cleanup ipsec state only when ipsec is not full mode #2611
• OCPBUGS-42609: Disable adding/removing the UDN namespace label #2612
• SDN-5085: Add support for route advertisements #2442
• CNF-15518: Bump the openshift api version #2586
• OCPBUGS-46065: Skip including default crypto policies to avoid authby issue #2590
• OCPBUGS-33656: Remove ip xfrm state when IPsec is disabled #2372
• OCPBUGS-45341: iptables-alerter daemonset should run everywhere #2581
• OCPBUGS-42189: Re-disable metrics server #2516
• OCPBUGS-44950: Propagate HCP pods labels to 2nd level operands #2567
• : OCPBUGS-44812: Add nodeslicepool #2570
• SDN-5234: rebase k8s v1.31.1 #2509
• OCPBUGS-44344: The sysctl allowlist daemonset should set requests for memory and cpu #2557
• SDN-5472: ovn-k, cudn: Add missing permissions to ovnkube-node #2563
• SDN-5472: bindata, ovn-k: Add ClusterUserDefinedNetwork CRD and RBAC #2558
• SDN-5436: Use host ipsec binary inside ovn-ipsec container #2553
• SDN-5436: Provide support for user owned IPsec machine configs #2554
• OCPBUGS-43740: Pass transit_switch_subnet options in ovnkube-node pod #2549
• SDN-4930: UDN: Allow access to default/kubernetes and openshift-dns/dns-default #2492
• OCPBUGS-39189: fix annotation from deployment to pod #2545
• NO-JIRA: onv-k, udn: Update UserDefinedNetwork CRD #2517
• HOSTEDCP-2035: Set up Azure authentication with cert for ARO HCP #2522
• OCPBUGS-42605: OCPBUGS-42244: Exporting environment varialbe NODE_CNI for live migration #2532
• CNF-14971: frr-k8s: allow setting the loglevel from env-overrides #2535
• CNF-13671: Adjust frr-k8s metrics #2531
• CNF-14199: Align FRR-K8s CRDs #2525
• CNF-14251, CNF-14257: multi-networkpolicy: Enable for ipvlan and bond networkds #2518
• SDN-5186: Process OVNObservability feature gate #2462
• NO-JIRA: OVN-Kubernetes node RBAC tightening #2526
• SDN-4930: Adds UDN list/watch to ovnknode rbac #2524
• OCPBUGS-42449: Use CNIConfDir for mounting directory to ovn-ipsec-host pod #2515
• OCPBUGS-42472: Add certificatesigningrequests/watch RBAC to ovnkube-node #2513
• HOSTEDCP-1981: Add controlplane cli image envar for use with hypershift #2507
• OCPBUGS-42238: Updates terminationGracePeriodSeconds to 30 seconds for Multus daemonset #2508
• OCPBUGS-35417: Configure narrowing=yes for IPsec connections #2400
• OCPBUGS-39209: Add configurable subnets while running hybrid-overlay-node binary #2495
• OCPBUGS-39398: Preload networking plugin locales #2488
• OCPBUGS-39189: add required-scc annotation to console-plugin deployment #2484
• OCPBUGS-29497: HyperShift: do not use antiaffinity on single replica control planes #2480
• OCPBUGS-39096: Live migration: report network overlap via live_migration_blocked metric #2482
• SDN-4900: rebase openshift/api for openshift-sdn removal #2476
• CONSOLE-3952: Deploy networking-console-plugin by CNO #2322
• AUTH-482: set required-scc for openshift workloads #2282
• OCPBUGS-38249: Verify that the codegen changes were commited #2373
• NO-JIRA: iptables-alerter streamlining #2404
• CONSOLE-3952: Add networking-console-plugin image to release payload #2332
• OCPBUGS-38326: OVN-K, UDN CRD: Add missing permissions to control-plane #2468
• OCPBUGS-38176: multus, Add openshift-cnv to globalNamespace #2466
• SDN-4919: Change the masquerade subnet default value for new clusters #2460
• SDN-5072: Deploy FRR-K8s #2450
• SDN-5144: Add UserDefinedNetwork CRD and RBAC #2464
• SDN-4773: Add Azure MSI Env Var for ARO HCP #2465
• NO-JIRA: more openshift-sdn cleanup #2455
• SDN-5070: Allow day 2 customization of masquerade subnet #2421
• OCPBUGS-37786: Add proxy env vars to onvkube-node #2453
• OCPBUGS-37713: Handle random crictl errors in iptables-alerter #2451
• CNV-43973: HCP custom tolerations integration #2441
• SDN-4919: OVN-Kubernetes UDN: EndpointSlice mirror controller RBAC permissions #2448
• SDN-4934: Enable TechPreview FeatureGate for NetworkSegmentation #2433
• OCPBUGS-33758: Fix IC distributed control plane alerts #2406
• SDN-5029: ipam, virt: enable the persistent ips feature #2431
• SDN-4916: Bump to k8s v1.30 latest #2429
• OCPBUGS-30950: Set mount propagation to HostToContainer for /var/lib/kubelet #2368
• SDN-4934: Network Segmentation Feature Gate Vendoring from API #2428
• OCPBUGS-23758: Set global IP forwarding sysctl parameters while starting ovnkube-node #2385
• OCPBUGS-29648: update whereabouts crd #2414
• OCPBUGS-31878: Propogate hypershift control plane priority class override to multus and preserve container resource requests #2335
• OCPBUGS-35316: Create the configmap mtu if not found #2410
• OCPBUGS-34313: Updating cluster-network-operator-container image to be consistent with ART for 4.17 #2381
• OCPBUGS-30948: Use applyconfigurations for updating network.oprerator status #2333
• SDN-5029: linter: removed deprecated linters #2408
• OCPBUGS-23000: Adds cluster-autoscaler annotation to prevent eviction #2369
• OCPBUGS-33497: Limit iptables-alerter’s cpu #2401
• SDN-4896: Drop openshift-sdn support #2384
• NP-976, OCPBUGS-34658: Live migration: add metrics to observe CNI live migration #2388
• OCPBUGS-34858, OCPBUGS-34916: Validate live migration before setting the progressing condition #2399
• OCPBUGS-34524: Fix DNSResolver feature gate enablement #2387
• MON-3795, SDN-3817: Add ANP metric rule expressions for telemetry exposure #2347
• OCPBUGS-33497: Handle pod exiting race conditions in iptables-alerter #2377
• OCPBUGS-31876: Enable UDP aggregation on s390x #2331
• OCPBUGS-34359: Ensure that the node-identity webhook address contains colons for IPv6 #2382
• NP-975: Align new node subnet allocation between OVN-K and SDN during live migration #2367
• OCPBUGS-32991: Add conditions for ignored-namespaces #2358
• NP-974: Validation for live migration from OpenShiftSDN to OVNKubernetes #2344
• OCPBUGS-33728: Add custom masquerade subnet against right key at ovnkube-config CM #2371
• CFE-888: Enable DNSNameResolver feature-gate #2131
• OCPBUGS-32979: Update network operator status for IPsec #2360
• USHIFT-2912: Add ref to MicroShift’s Multus and CNI Plugins #2365
• OCPBUGS-29403: add more safe sysctls #2273
• OCPBUGS-32525: Check every MachineConfigPool for IPsec plugin existence #2349
• OCPBUGS-28230: enforce termination message policy on all platform pods #2364
• OCPBUGS-33080: Update EQoS CRD to latest #2362
• SDN-4726: Reapply “Merge pull request #2330 from pperiyasamy/block-sdn-upgrade” #2361
• OCPBUGS-28230: enforce termination message policy on all platform pods #2354
• Revert #2330 “SDN-4726: Block upgrade for openshift-sdn” #2356
• SDN-4434: Network diagnostics scheduling #2339
• SDN-4726: Block upgrade for openshift-sdn #2330
• SDN-4114: Add iptables-alerter daemonset #2329
• OCPBUGS-31528: infraconfig: handle vSphere UPI by not updating any fields #2327
• SDN-4163: Improved prometheus rule for ipsec metric #2346
• OCPBUGS-32402: Fix wait logic for IPsec certificate signing request #2342
• SDN-4688: ANP: Add RBAC for cluster-manager #2338
• OCPBUGS-32347: Improve IPsec MachineConfig readiness check #2341
• SDN-4163: Add ipsec state to telemetry #2270
• OCPBUGS-22969: Use v1 for flowcontrol API #2095
• OCPBUGS-28230: enforce termination message policy on all platform pods #2340
• SDN-4519: Configure CNO as per new API changes for join and transit switch subnet #2318
• OCPBUGS-28230: enforce termination message policy on all platform pods #2334
• NP-956: Remove managed cluster checking for live migration #2321
• OCPBUGS-26408: automountServiceAccountToken:false hosted CP pods #2306
• SDN-4596: Update (B)ANP CRDs; prepare for GA #2328
• SDN-4500: Add write permission for EgressQoS status #2319
• SDN-4607: Allow HyperShift ability to set ConfigMap through env var #2309
• OCPBUGS-22995: Tighten the permissions on whereabouts.conf #2106
• OCPBUGS-24690: Fully disable network-node-identity on ROKS #2313
• SDN-4598: Set runAsUser to env variable if it is set #2307
• OCPBUGS-30103: ensure local networking deployments within hypershift use the client side load balancer to be resilient to control plane node failures #2288
• OCPBUGS-30831: Updating cluster-network-operator-container image to be consistent with ART for 4.16 #2308
• OCPBUGS-30299: Fix managed cluster detection on ARO #2299
• OPNET-358, OPNET-360: Allow VIP mutation in Infra CR #2130
• OCPBUGS-29288: Ensure proper deprecation for the default field manager #2274
• OCPBUGS-24380, OCPBUGS-24381, OCPBUGS-24382: Update APBExternalRoute, EgressFirewall, EgressQoS permissions for ovnkube pods #2262
• OCPBUGS-25764: memory-trim-on-compaction is enabled by default #2260
• OCPBUGS-23788: Only allow valid values for gatewayConfig.ipForwarding #2127
• OCPBUGS-29341: Run dhcp-daemon pods as system-node-critical priority #2280
• OCPBUGS-24690: Disable network-node-identity on ROKS #2197
• OCPBUGS-26492: Not set CNO to degraded if API server returns conflict error #2192
• OCPBUGS-24214: Add ownership annotations #2120
• OCPBUGS-24601: Add minReadySeconds to network-node-identity #2151
• OCPBUGS-29305: ipsec: fix openssl typo #2269
• OCPBUGS-28920: Update ingressconfig_controller to use field Manager #2259
• NO-JIRA: Remove ILB from CNCC #2182
• OCPBUGS-27222: Fix CloudPrivateIPConfig CRD in common #2249
• OCPBUGS-24976: Updating cluster-network-operator-container image to be consistent with ART for 4.16 #2233
• OCPBUGS-28676: Remove libreswan rpm existence checks #2238
• OCPBUGS-29099: Add hostNetwork:true to cni-sysctl-allowlist ds #2237
• OCPBUGS-24436: Add probes to node-network-identity #2148
• OCPBUGS-24299: network-node-identity mounts secrets with mode 0640 #2142
• OCPBUGS-28230: add FallbackToLogsOnError for easier debugging #2224
• NP-874, OCPBUGS-27222: Bump openshift API #2246
• OCPBUGS-24383: Limit write permissions for egressservices #2171
• NP-903: Only allows live migration on standalone managed clusters #2236
• OCPBUGS-19551: ovnkube: simplify northd threading and SNO templating #2234
• OCPBUGS-24976: Updating cluster-network-operator-container image to be consistent with ART #2156
• OCPBUGS-25079: Prevent NoRunningOvnControlPlane alert getting fired continuously #2208
• NO-JIRA: add kyrtapz as reviewer and approver #2226
• OCPBUGS-27823: Not update migration conditions when any MCP is updating #2213
• OCPBUGS-26986: Add ConfigMap mount to the whereabouts-reconciler #2209
• SDN-3708: Support configurable masquerade subnet in ovn-k #1807
• OCPBUGS-26952: Deploy CNO IPsec MC even if user already have one #2201
• OCPBUGS-27264: Only reconcile on Node updates with Label changes #2206
• NO-JIRA: Fix jira component info #2199
• SDN-4166: Enable N-S IPsec #2191
• OCPBUGS-24379: Remove egressip write permissions from ovn-kubernetes-node #2170
• OCPBUGS-24635: network node identity: tolarate all taints #2153
• OCPBUGS-25207: Render IPsec MachineConfig after cluster settles with MachineConfigs #2187
• OCPBUGS-25688: remove microshift folder, since CNO doesn’t manage it #2173
• OCPBUGS-25669: Update ovn-k managed control-plane RBAC #2169
• OCPBUGS-25760: Keep the live migration annotation consistant with the enhancement doc #2179
• OCPBUGS-19635: OVN-K in SNO deployment mode: fix Lease override for CM #2070
• SDN-4227: Use specific permissions for CNCC in GCP #2069
• OCPBUGS-24693: HyperShift, network-node-identity: Check the deployment in the management cluster #2166
• OCPBUGS-24176: Ignore invalid PEM blocks #2178
• OCPBUGS-25337: Avoid removal of ipsec-host daemonset when node is NotReady #2161
• HOSTEDCP-1308: remove service account token mount in cloud-network-con… #2165
• OCPBUGS-23729: Set replicas of Multus admission controller according to Hypershift ControllerAvailabilityPolicy #2159
• OCPBUGS-24036: remove all managed fields used by old manager #2114
• OCPBUGS-23199: add env var in whereabouts-reconciler daemonset #2160
• OCPBUGS-19830: fix whereabouts conformance test failures #2103
• OCPBUGS-24650, SDN-4308: Set enable-multi-external-gateway flag in ovnkube.conf #2149
• OCPBUGS-19817, SDN-4162: Upgrade IPsec with single daemonset pod #2087
• NP-615: Live migration #2091
• OCPBUGS-23161: Set logging for controller-runtime #2129
• SDN-4061: Remove interconnect upgrade logic, single-zone YAMLs and everything related to OVNK centralized architecture #2101
• OCPVE-779: Annotate credentials request manifests #2105
• NP-615: Bump github.com/openshift/api #2138
• SDN-4308: Update status merge for APBRoute and EgressFirewall. #2132
• OCPBUGS-22710: Add apbroute/status patch rights for ovnkube-node to update status #2139
• NETOBSERV-1047: Add a cluster monitoring dashboard for ovn #1871
• OCPBUGS-21924: Bump library-go #2082
• SDN-4101: Remove HyperShift API dependency, Bump kubernetes dependencies #2128
• NO ISSUE: add ownership of the proxy-ca #2111
• OCPBUGS-22869: hypershift, hosted clusters: enable multi-homing and multi-net features #2113
• OCPBUGS-23082: set automountServiceAccountToken to false for hypershift managed network-node-identity deploy #2100
• OCPBUGS-21924: Bump golang.org/x/net to v0.17.0 #2068
• OCPBUGS-18088, OCPBUGS-18089: ovnkube: container scripts cleanup [v2] #2060
• OCPBUGS-11179: change CNO to use custom ServiceAccount #2084
• two replicas for CM instead of 3 #2052
• OCPBUGS-15817: Egress router: request at least 100 milliCPU #2077
• OCPBUGS-18785: SDN controller manifest: add node name from downward kapi to sdn controller #2047
• OCPBUGS-19370: Added HCP label to CNO pods #2048
• OCPBUGS-15220: Add zone node preference to multus-admission-controller #1795
• multinetworkpolicy: allow Neighbor Discovery Protocol traffic #2010
• OCPBUGS-18569: hypershift: adjust backoff on infrastructure name retry #1986
• OCPBUGS-20533: Revisit cipher suits for multus-admission-controller’s rbac-proxy #2074
• OCPBUGS-10652: ovnkube: disable conntrack on hybrid overlay VXLAN ports #1819
• Make APB External Route namespace selector mandatory for a dynamic hop #1929
• OCPBUGS-20519: hosted cluster upgrade failure from 4.13 stable to 4.14 #2065
• Revert “Merge pull request #2037 from dcbw/db-script-cleanup” #2058
• OCPBUGS-18392: notify when /etc/openvswitch path changes #1989
• OCPBUGS-18088, OCPBUGS-18089: ovnkube: container scripts cleanup #2037
• Remove ability to deploy with Kuryr #2056
• OCPBUGS-20104: Don’t run network node identity as root #2051
• OCPBUGS-20076: Multus should determine kubeconfig path #2049
• Revert Kuryr MTU fixes #2038
• Fix MTU miscalculation #1778
• OCPBUGS-19918: get ipsecStatus from host daemonset #2042
• Network metrics daemon: change priority class to openshift-user-critical #2044
• OCPBUGS-14819: HyperShift: Use the local konnectivity proxy when checking proxy readiness #1985
• OCPBUGS-19861: Multus per-node certificates should have 24h duration #2039
• OCPBUGS-19418: Relax conditions to get IC upgrade started #2018
• OCPBUGS-18396: Fix config status MTU migration not being updated #2021
• OCPBUGS-19705: Use port 9108 for ovnkube-control-plane metrics #2031
• OCPBUGS-19715: Do not enable node admission webhook if the CNI is not OVN-Kubernetes #2030
• OCPBUGS-17391: remove prestop hooks for northd, sbdbd and nbdb #1978
• OCPBUGS-19625: Multus per-node certificate request #2009
• OCPBUGS-19377: Kuryr: Fix deriving MTU from previous config #2007
• OCPBUGS-19648: Network identity: node-specific certificate in ovnkube-node, admission webhook #1983
• OCPBUGS-19550: multus: set MULTUS_NODE_NAME to filter pods to local node #2020
• OCPBUGS-19018: use $CPE_NAME to find the OS major version #2003
• OCPBUGS-19494: ipsec: remove preStop from host #2015
• OCPBUGS-18114: Update node selector in various YAMLs #1845
• Limit OVN-Kubernetes permissions #1982
• OCPBUGS-18892: make ipsec.service required #1999
• OCPBUGS-19236: Updating cluster-network-operator images to be consistent with ART #2006
• separate libovsdblogs from main ovnkube-master logs #1938
• OCPBUGS-15201: Disable weak SSH cipher suites #1981
• OCPBUGS-18676: ovnkube: set northd backoff-interval and use a single thread to save CPU #1990
• OCPBUGS-17380: ipsec: fix oopsy from 2e3fc8e7a0 #1996
• OCPBUGS-18517: Kuryr: Set MTU on Bootstrap, not Render phase #1988
• OCPBUGS-18135: IBMCloud specific: patch out management workload for dataplane component thats needed for bootstrapping #1955
• move IPsec to host #1849
• OCPBUGS-17916: Fix IC configmap lookup in pod_status.go #1954
• OCPBUGS-17677: [Azure]CNCC failed to assign egressIP to NIC for Azure Workload Identity Cluster #1980
• OCPBUGS-18363: Add ‘/etc/cni/multus/net.d’ into volumemount in multus pod #1979
• OCPBUGS-18175: Fix bond-cni’s default directory in multus manifest #1953
• OCPBUGS-17782, SDN-3664: Join ovnkube-controller and ovnkube-node container for multizone setup #1971
• OCPBUGS-16051, OCPBUGS-3176: Enables IP Forwarding config in CNO #1952
• OCPBUGS-17257: CVE-2023-3978: golang.org/x/net/html: Cross site scripting #1935
• OCPBUGS-17677: [Azure] Add granular permission for assigning egressIP to NIC to Azure CredentialsRequest for workload identity. #1949
• OCPBUGS-17964: ovn-k, managed: Align join subnet configuration #1962
• SDN-4024: Add ANP Feature Gate #1859
• SDN-4057: hypershift: Allow ovnkube-master and ovnkube-node to have different images #1942
• Remove certificatesigningrequests/update permission from ovnkubenode #1934
• Add rolling update for managed ovnkube-control-plane #1944
• IC & openshift + hypershift #1874
• OCPBUGS-16019: prevent creation of multiple cni-sysctl-allowlist-ds pods #1904
• OCPBUGS-10765: make MAXLOGFILES a real variable and work for self-hosted #1931
• Multus thick plugin support #1915
• OVN-Kubernetes ipsec: create the CSR with a random name #1928
• CCO-294: Switch azure credentials request to use explicit permissions #1922
• OVN-Kubernetes: Add status subresource permissions for setting labels and annotations #1896
• SDN-3223: Use encapsulation=true for IBM Cloud #1800
• Bug 16136: change whereabouts ip reconciler exec #1890
• Add OpenStack platform to list of allowed dual-stack clusters #1697
• OCPBUGS-15945: Stop using utilruntime.PanicHandlers to handle reconciliation panics #1893
• HOSTEDCP-1063: allow webhooks in hosted clusters to reach multus-admission-controller service #1879
• OCPBUGS-15961: FIPS related CNO changes #1901
• OCPBUGS-10765: Revert “Revert “OCPBUGS-10765: Remove oldest ovn acl log files when f… #1876
• ovn-k: Configure dns service namespace and name #1912
• OCPBUGS-15544: Enable multi-external-gateway feature by default for managed and hosted clusters #1887
• OCPBUGS-15918: Skip rendering 0.0.0.0/0 for cluster proxy status #1903
• Change rhel7/8 to rhel8/9 #1870
• Enable EgressService controller #1848
• Edited multus-admission-controller deployment config to not add autom… #1767
• OCPBUGS-15794: fix: add missing annotation for workload partitioning #1866
• OCPBUGS-15544: Add adminpolicybasedexternalroutes rights for ovnkube-node. #1867
• Revert “Remove oldest ovn acl log files when file limit exceeded” #1873 #1873
• OCPBUGS-10765: Remove oldest ovn acl log files when file limit exceeded #1868
• kube-proxy config overriding updates #1831
• OCPBUGS-15282: Add release version annotation to whereabouts-reconciler #1851
• CCO-356: Add Infrastructures permission to CNCC cluster role #1843
• Add multi-networkpolicies support for OVN #1796
• Add support for AdminPolicyBasedExternalRoute CRD and controller’s RBAC #1765
• OCPBUGS-15138: Add kubernetes.io/os nodeSelector to wherebouts reconciler DS #1841
• OCPBUGS-14988, SDN-3901: Rebase to kube 1.27 #1826
• CCO-358: Manifest changes necessary to support Azure Workload Identity #1755
• OCPBUGS-14714: Do not rely on ControlPlaneTopology do determine if running in HyperShift #1835
• OCPBUGS-11882: Added another volume to safe-to-evict-local-volume annotation #1830
• OCPBUGS-14833: Fixes lint issues #1834
• OCPBUGS-14384: Remove nodeSelector for architecture in whereabouts daemonset #1828
• OCPBUGS-11882: Added safe-to-evict annotation to ovnkube-master and multus admission controller components #1822
• OCPBUGS-13922: Revert “Do not set the operator as available before updating the network config” #1818
• OCPBUGS-11448: add Hypershift release-image annotation to multus #1770
• OCPBUGS-10937: multus-admission-controller mounts secret with mode 0640 #1752
• OCPBUGS-13219: Use IfNotPresent instead of Always in OVNK upgrades pre-puller #1803
• OCPBUGS-5027: Make the operator degraded on panic #1786
• OCPBUGS-12856: Support Device Plugin Resources For Smart NIC and DPU Hosts #1721
• Updating cluster-network-operator images to be consistent with ART #1790
• OCPBUGS-11565: High API requests due to allowlist and operconfig reconcilers running too often #1788
• OCPBUGS-8070: Depreciate legacy field manager #1763
• OCPBUGS-11550: AUTH: update cluster-reader to include k8s.ovn.org #1791
• OCPBUGS-10009: HyperShift: Support HostedControlPlane node selector #1736
• OCPBUGS-11046: fix reconciliation process of the allowlist controller #1792
• OCPBUGS-1341: Enhance check controller to remove old check objects #1649
• OCPBUGS-11046: Fix allowlist ds template #1773
• OCPBUGS-10647: multus-admission-controller should not run as root under Hypershift #1745
• OCPBUGS-9174: The cluster-readers group should be able to get net-attach-defs #1343
• Updating cluster-network-operator images to be consistent with ART #1768
• OCPBUGS-9964: Split out konnectivity certs #1734
• SDN-3444: Add runbook url for SBDB connectivity alert #1553
• OCPBUGS-7777: use –template instead of -a for ‘oc observe’ #1760
• Fix tier label, privileged, HOSTNAME/NODENAME in whereabouts reconciler #1735
• OCPBUGS-10433: Hypershift: Add RollingUpdate parameters to multus-admission-controller #1740
• ovn-kube: move back to unsuffixed RHEL9 images #1747
• Updating cluster-network-operator images to be consistent with ART #1732
• OCPBUGS-10649: HyperShift: Add POD_NAME env to ovnkube-node #1748
• OCPBUGS-10031: operConfig reconcile can return nil error on failure #1744
• Set OVN-K north/south bound stale alerts severity to critical #1668
• OCPBUGS-8707: Point libreswan to proper nss location #1727
• Whereabouts should implement the reconciliation controller #1693
• add/update some UTs around clusternetwork change #1725
• OCPBUGS-9931: Enable configuration of node healthz server on ovnkube #1715
• OCPBUGS-8692: HyperShift: Set affinity, tolerations and co-location for all hcp resources created by CNO #1728
• Cno 4.13 kubernetes 1.26 #1708
• use annotation on the daemonset to update hybrid overlay #1709
• Remove the ovn-kind-cno.sh script #1710
• SDN-3597: OVN-K alerts: add OVS overflow alerts #1630
• SDN-3730: OVN IC: migrate master alerts to cluster manager #1716
• Allow cidr expansion #1707
• Enables nodeSelector to be used in egress firewall rule #1720
• Add ovnk alert for resource retry failure #1674
• OCPBUGS-6730, SDN-3221: ovn-kubernetes: use RHEL9-based images #1712
• OCPBUGS-4343: update apf configuration to use v1beta3 #1633
• Jira OCPBUGS-7774: Print RawCNIConfig in its string representation #1718
• OCPBUGS-6235: Updating cluster-network-operator images to be consistent with ART #1656
• Allow updates to pods #1717
• OCPBUGS-5559: add default noProxy config for Azure #1672
• always create env.sh when run_vs_existing_cluster #1711
• OCPBUGS-7354: Revert “Revert “OCPBUGS-5842: Use pods oc vs host”” #1714
• ovn-k, multi-homing: enable the feature #1699
• Revert “OCPBUGS-5842: Use pods oc vs host” #1713
• OCPBUGS-5842: Use pods oc vs host #1681
• OCPBUGS-4417: Added missing API field podref to OverlappingRangeIPReservation CRD #1677
• OCPBUGS-6651: HyperShift: Add .hypershift.local to no proxy list #1692
• OCPBUGS-6651: HyperShift: Do not use proxy for internal routes #1694
• remove TLS_RSA_WITH_AES_128_CBC_SHA256 cipher #1680
• ovn-kubernetes: Allow node_mgmt_port_netdev_flags for non-DPU modes #1676
• OCPBUGS-3272: Unhealthy Readiness Probe failing ci #1665
• OCPBUGS-5306: ovn-kubernetes: ignore NB/SB readiness checks and dbchecker when not RAFT member #1673
• OCPBUGS-5802: Update github.com/Masterminds/sprig to v3 #1679
• OCPBUGS-5306: OVN-Kubernetes: Stop sorting master node addresses #1675
• Allow SDN migration from Kuryr to OVNKubernetes #1639
• update ‘make install.tools’ for golangci-lint #1670
• Fix CNO crashing when Kuryr without MTU is set #1669
• OCPBUGS-2947: Disable the drop-icmp container ‘oc’ pprof webserver on Azure #1607
• OCPBUGS-4350: Fix handling of deployment and statefulset updates #1648
• OCPBUGS-2532: Fix default disable-udp-aggregation value on s390x #1655
• Fix info log formatting #1650
• Support RHOBS monitoring for HyperShift #1644
• OCPBUGS-3916: SDN alerts: Add $labels.node to SDNPodNotRady metric #1637
• The allowlist daemonset should set a priority class. #1647
• Bug OCPBUGS-736: Kuryr: If set use MTU from Config for svc net #1586
• OCPBUGS-3883: HyperShift: Co-locate OVN-Kubernetes master with other hcp pods #1627
• OCPBUGS-2532: Disable UDP aggregation on s390x #1629
• Jira OCPBUGS-3777: IPsec: Fix broken counter++ expression #1623
• OCPBUGS-3114: HyperShift: Do not accept empty infrastructure name #1611
• HyperShift: Fix typo in control-plane-component label value #1626
• Remove references to the hosts kubeconfig #1612
• OCPBUGS-3744: SDN: /var/run mount cleanup #1625
• OCPBUGS-3460: CNI binary copy should account for the possibility of symlinks #1614
• OCPBUGS-2598: ipsec: Run ovs-monitor-ipsec in the foreground and change probes #1606
• SDN-3508: HyperShift: Render cncc with proxy settings of the management cluster #1577
• NP-607: update microshift ovnk manifests #1589
• Bug 1896533: moved SetDegraded call out of object loop to process all items first #1600
• OCPBUGS-2362: Prefer oldest nodes, harden new alerts and revert setting new OVN-K alerts to info #1579
• fixed typo in comment #1597
• Jira OCPBUGS-1736: Always set PROXY variables for CNCC #1576
• Remove the allow_ra sysctl for ipv4 from default systl whitelist #1590
• SDN-2591: allow hybrid overlay to be enabled post install #1584
• SDN-3515: HyperShift: multus admission controller: expose metrics over HTTPs #1583
• rebase to k8s v1.25.0 #1571
• Bug OCPBUGS-2328: Fix for index out of range error #1588
• Add sysctl whitelist controller #1573
• Kuryr: Add missing keystoneauth options #1581
• OCPBUGS-1341: Set owner reference for pod network connectivity check #1566
• ovn-k, managed: pass join-subnet to control-plane #1582
• OCPBUGS-1083: Move OVNK alert level to info #1564
• Pass enable-udp-aggregation=true to ovn-kubernetes #1533
• OCPBUGS-1038: Multus IPAM detection should honor conflists #1570
• egress_ip: remove redundant config #1568
• OCPBUGS-1515: Use custom uint128 type when validating v6InternalSubnet #1561
• SDN-3283: HyperShift: Use a socks-proxy in ovnkube-master to allow for node heath checks #1539
• Bug: OCPBUGS-736: Kuryr: Use machine net MTU to create service net #1545
• Migrate Egress IP configuration during SDN migration and rollback #1536
• Allow empty vSphere status field in VIP sync #1558
• microshift: update ovnk manifests #1552
• Add ovn-kubernetes-microshift to image-stream #1556
• Migrate Multicast configuration during SDN migration and rollback #1543
• OVN-K: add patch/update service permissions to controller #1554
• Add controller to synchronize the API and Ingress VIP fields #1519
• Bug SDN-3458: HyperShift: Differentiate resources deployed by different CNO instances in status manager #1541
• OVN-K alerts: first tranche #1526
• SDN-3432: Add alert for OVNKubernetesControllerDisconnectedSouthboundDatabase #1548
• Add vSphere platform to allow dual-stack cluster #1518
• OKD-49: Adds support for scos to multus #1544
• Bug 1894268: Allow users to specify ovnkube join subnet #1508
• Bug OCPBUGS-917: Add EgressQoS DstCIDR format validation #1492
• Multus admission controller: Wait for token in Hypershift #1546
• Use fixed name for creating EgressFirewall CRs #1540
• Migrate Egress Firewall Configuration during SDN migration and Rollback #1534
• hypershift: set multus controller priority appropriate for hosted clusters #1538
• Bug 2094068: Add northboundstale alert runbook #1482
• microshift: compact ovn databases periodically #1537
• Hypershift: Allow configuring hostname and labels on the route #1531
• Multus admission controller changes for hypershift #1516
• HyperShift: Move CNCC to the controll-plane namespace #1525
• Bug OCPBUGS-216: Kuryr: Bump timeoutSeconds for livenessProbe #1528
• Add missing runbook links for OVN-kubernetes alerts #1523
• Bug 2103680: avoid overrriding disableNetworkDiagnostics on reconciliation #1527
• Render CRDs for both OSDN and OVNK during migration #1521
• Configure ignored namespaces into multus-admission-controller #1515
• Add microshift ovnk manifests #1517
• Bug 2116982: multus-admission-controller SNO number of replicas #1524
• Enable the cloud-network-config-controller for OpenStack #1505
• multi-networkpolicy: Enable on SR-IOV networks #1443
• Updating cluster-network-operator images to be consistent with ART #1507
• Add configmap list/watch rights to cloud-network-config-controller #1511
• The Multus admission controller should run as a deployment #1514
• Bug 2108232: Revert “Bug 2085089: Pass enable-udp-aggregation=true to ovn-kubernetes” #1510
• Bug 2100601: Update CNO to config EgressIP timeout for ovnk #1498
• Bug 2060079: Enhance sensitivity of SDN alert NodeProxyApplySlow #1491
• Bug 2103590: Add init container to ensure that Status.podIP is set before postStart hooks run #1503
• remove @squeed from owners #1497
• Bug 2085089: Pass enable-udp-aggregation=true to ovn-kubernetes #1489
• Bug 2089681: Disable EgressIP reachability check in hypershift deployments #1485
• Bug 2084062: Make northd probe interval default to 10 seconds #1494
• Bug 2100079: Update sdn-controller perms for “configmapsleases” leaderelection #1496
• Bug 2099357: k8s 1.24 bump: add RBAC coordination leases for ovn-k master #1490
• Bug 2094071: Add southboundStale alert runbook #1481
• Bug 2095772: bindata: managed: reduce memory requests to align with observed usage #1479
• Bug 2095756: client: register types during init, not later #1483
• Bug 2090336: Multus should log at a verbose log level (without a logfile) #1474
• Bug 2092047: cncc: add RBAC coordination.k8s.io leases #1461
• Bug 2089805: Enable config duration for OVN-Kubernetes #1455
• Bug 2090437: Bump CNO to k8s 1.24 #1459
• Bug 2073452: Copying CNI binaries should be an atomic operation. #1472
• Bug 2092495: ovn: use up to 4 northd threads in non-SNO clusters #1471
• Bug 2091167: incorrectly setting rbac role for certificatesigningrequests #1463
• Revert “Copying CNI binaries should be an atomic operation.” #1466
• Bug 2073452: Copying CNI binaries should be an atomic operation. #1462
• Bug 2076776: remove patch permissions from ovnkube-node service account #1450
• Bug 2089968: ensures type: Directory for multus host paths #1453
• Bug 2090343: [temporary] Adds multus debug logging #1456
• Bug 2087942: bump to go 1.18, lint improvements #1451
• Bug 2086461: Hypershift: Also add default for Azure mtu #1454
• Bug 2086461: AWS: Use hardcoded MTU to speed up cluster creation #1441
• Bug 2087556: Fix rendering DPU manifests #1448
• Bug 2086506: hypershift: respect statefulset when upgrading ovnk #1447
• Bug 2087135: Fixing Hypershift nodeport flow #1440
• Bug 2086544: Stop passing hosted cluster token as a parameter to ovnkube-master #1446
• Bug 2086437: Enable EgressQoS controller #1430
• Bug 2086143: Status controller: use a label, rather than watching all objects #1431
• Bug 2082235: manifests: Add in service, service-cert, and ServiceMonitor #1433
• Bug 2023295: Cleanup CNO relatedObjects #1432
• Bug 2079422: Bump PodDisruptionBudget to v1 #1427
• Re-reconcile network on configmap, stop watching all configmaps in proxy controllers #1416
• hypershift: add ovnkube-node-proxy container in ovnkube-node ds #1408
• Hypershift: enable TLS for ovnkube-master metrics #1423
• Add gm metric record to use for telemetry exposure #1425
• Revert “ovn: reduce SB<->ovn-controller inactivity probe to 30 seconds” #1428
• Bug 2082611: Limit Kuryr pods permissions #1367
• Bug 2076877: Bump FlowScema apiVersion to v1beta2 #1419
• bindata/network-diagnostics, cloud-network-config-controller: comply to restricted pod security level #1406
• Remove ObjectMeta.ClusterName usage #1421
• Hypershift: Fix ovnkube-master priority class and set resource requests on token-minter #1420
• add more sysctls to the multus allowlist #1411
• ovn: fix northd preStop command handling #1414
• Add control-plane-component label to ovnkube-master for hypershift #1422
• Add link to runbook urls #1417
• Hypershift: Copy all CNO conditions to HostedControlPlane status #1415
• ovn: reduce SB<->ovn-controller inactivity probe to 30 seconds #1412
• Bug 2075475: Add default-route field to egress-router k8s.v1.cni.cncf.io/networks #1390
• OCPVE-106 Customize rollout strategy to fix SNO upgrade #1392
• Bug 2080255: SDN: Re-add list/watch/get permissions for nodes needed for EgressIP #1409
• Bug 2071859: Switch dnsPolicy to Default for OVN hostNetwork pods #1395
• Revert “Revert ipsec: Allow enablement/disablement at runtime” #1384
• ovnkube: export OVS metrics along with OVN metrics #1393
• Bug 2078910: Correct runbook_url field location within schema #1396
• Adds dougbtv to owners as approver and reviewer #1397
• Bug 2072215: Make the use of the ip-reconciler cronjob opt-in by detecting IPAM type usage #1369
• ovn-kube hypershift: fix pipefailure that prevents HA startup #1394
• Bug 2063123: Drop Node update permission for sdn-node #1350
• OVN-K alert: Increase severity and add runbook_url for NoRunningOvnMa… #1327
• Remove Kuryr mutating DNS webhook #1363
• raise the alert NoOvnMasterLeader to critical and add the runbook url #1328
• Bug 2072710: Make northd probe interval default to 10 seconds #1386
• hypershift: get control plane replicas from hcp #1385
• Bug 2072766: Reserve port TCP/9104 for cluster-network-operator #1378
• Multus: split pod/status rbac #1340
• add runbook link for NodeWithoutOVNKubeNodePodRunning and V4SubnetAll… #1366
• OVN: remove detecing db_ip via kapi #1368
• Hypershift: Respect publishing strategy of OVN southbound database service #1349
• Proxyconfig: Add a knob for Hypershift to enable proxying internal apiserver address #1381
• Bug 1983056: Kuryr: Update CRD from upstream #1360
• hypershift: disable TLS for ovnk master metrics #1382
• hypershift: enable publishNotReadyAddress explicitly for ovnk-master service #1372
• Bug 2070047: Bump max value of hist quantile for kuryr_cni_request_duration #1359
• Don’t return err with empty relatedClusterObject annotation #1379
• hypershift: enable ovnk-master metrics in management cluster #1374
• Use (un)setProgressing for pod status update #1376
• Use the hosted cluster token explicitly #1370
• HyperShift: Watch StatefulSets in the management cluster #1364
• Exclude openshift-kube-apiserver and openshift-apiserver service/endpoints from connectivity checks in hypershift #1375
• Run ovnkube-master statefulset pods in parallel #1361
• Add ibm-cloud-managed annotations to 02-cncc-credentials.yaml, this is required in HyperShift #1358
• Add ipsec daemonset for hypershift managed cluster #1356
• Add statefulset in status manager #1345
• hypershift ovnk route status #1341
• Add tuning cni sysctl allowlist to nodes #1347
• Bug 2058368: move enable memory trimming to readiness prob #1365
• Add ovnkube-node initContainer to make sure sbdb is up before running other containers #1354
• Vendor: pull in hypershift #1346
• Hypershift: Use token minter instead of a kubeconfig in ovn-kubernetes master #1344
• Add an option to define the client name for in-cluster config #1342
• Add ovnkube manifests for hypershift #1329
• network, bootstrap: don’t get apiserver from the environment #1339
• Fix MTU detection for multi path default routes #1338
• Multi cluster support in CNO #1319
• Fix golang image version in Dockerfile #1330
• Remove empty selector from the mtu prober job. #1331
• Switch to server-side apply #1304
• Probe MTU from a Job, rather than directly in the CNO #1313
• Bug 2058368: Move memory-trimming-on-compaction out of dbchecker to nbdb/sbdb #1320
• Fix group for CVO override used for running CNO locally #1314
• Bug 2058671: ip reconciler: auto clean failed jobs #1318
• Bug 2037721: Do not apply OVN-Kubernetes PodDisruptionBudget on single-node clusters #1307
• ovn: stop spawning the ovn-nbctl daemon #1315
• Bug 1944264: ovnkube: gracefully terminate databases from preStop #1312
• Bug 2044227: Add rolling update strategy for Kuryr-CNI. #1311
• Bug 2032559: Block DualStack migration for unsupported cluster types #1257
• Bug 2010361: SDN alerts: conform to monitoring team style guide #1248
• Update project owners #1309
• Bug 2048575: The Whereabouts ip-reconciler should use api-int load balancer #1302
• Bug 2048793: Kuryr: Decrease vif_annotation_timeout #1293
• Bug 2049613: Use a separate configmap for mtu migration config to avoid pod restart #1299
• Fix bond cni source directory path #1295
• Updating cluster-network-operator images to be consistent with ART #1294
• Bug 2041546: ovn-kubernetes: set RAFT election timer at RAFT cluster creation time #1282
• Bug 2034484: Upgrade library-go version #1247
• Bug 2042796: whereabouts, reconciler: disable retries on failure #1290
• Bug 2039345: Verify against mininimal IPv6 MTU value for clusters with IPv6 networks #1276
• Bug 2034155: Adds back –disable-snat-multiple-gws #1254
• Bug 2039321: SDN: Expose controller metrics for collection #1250
• clean up OWNERS #1287
• Bug 2041989: no CredentialsRequests in ibm-cloud-managed #1280
• Bug 2035459: modify cluster-network-features for OpenshiftSDN #1251
• Bug 1896533: Nonexistent Namespaces Degradation logging message #1128
• Bug 2038732: Add egress* patch credentials for ovnkube-master #1285
• Bug 2041329: cncc: add serviceAccountNames to CredentialsRequests #1283
• Bug 2010663: OVN-K alerts: conform to monitoring team style guide #1246
• Bug 2021191: Project admins should be able to list net-attach-defs in their namespaces #1226
• BUG 2034413: cncc: create Cloud CredentialsRequest in /manifests #1277
• Bug 2034460: cncc: handle advanced AWS and Azure configurations #1275
• Bug 2034153: Fix MTU migration verification for OpenShiftSDN #1259
• Bug 1943363: ovn: try to gracefully terminate ovn-northd #1221
• Bug 2018093: Kuryr: Add resource requests for pods #1269
• Bug 2036861: multitenant - Add openshift-kube-apiserver-operator to global namespaces #1272
• Bug 2035093: Cloud network config controller: Fix for Hypershift #1268
• Bug 2034398: Whereabouts CRD should include a “podref” field. #1262
• Bug 2034517: watch and apply changes of the ovs-flows-config configmap #1231
• Bug 2034322: Move infrastructure bootstrap to its own package #1261
• Bug 2033422: bootstrapOVNGatewayConfig should only be called once #1258
• Add MTU migration support for OVNKubernetes and OpenshiftSDN #1241
• Cloud network config controller - CNO deployment #1112
• Bug 2022144: sbdb and nbdb containers leave pid around if they restarted or crashed #1256
• OVN-K alerts: Fix incorrect metric name reference #1237
• Pod networking on DPU host in Infra and Tenant clusters #1249
• OVN-K: Enable OVN metrics to be consumed by ServiceMonitor #1236
• Bump openshift/build-machinery-go #1253
• SDN 2316: Use GatewayConfig in OVN-K to set gateway modes #1209
• Add CNI to DPU and enable Kube-Proxy on DPU #1220
• NETOBSERV-31: Expose CNI type features as a config-map #1204
• Bump openshift/api module #1242
• The ip-reconciler should not restart on failures. #1238
• SDN: Do not tolerate a controller failure during upgrade #1213
• Set upgrade strategy on kube-proxy #1214
• openshift-sdn/daemonset: Mount /host/opt/cni/bin at /host-cni-bin #1172
• Specific SDN controller alert #1206
• update for ART #1233
• bindata/network: specify pod-security levels via labels not annotations #1224
• Add bond-cni #1205
• Bug 1961509: DHCP Daemon should have memory and CPU limits set #1218
• Add ip6tables NOTRACK rules for udp/6081 #1222
• Bug 1962206: DHCP daemon should have maxunavailable for upgrade strategy #1219
• Bug 1976399: Raft election timer: move the logic to ovndbchecker #1161
• Bug 2009078: Remove NetworkPodsCrashLooping alert for ovn-kubernetes #1212
• Bug 1914053: whereabouts: add ip-reconciler cronjob #1207
• Add Kuryr to be able to create events objects. #1210
• fix a typo in a field name #1208
• podsecurity: enforce privileged for network namespaces #1203
• Bug 1988483: OVN drop icmp frag from other nodes on Azure cluster #1132
• Bug 1985486: Use proxy to connect to OSP cloud #1173
• Updating cluster-network-operator images to be consistent with ART #1198
• Bug 2003676: Restrict serving SDN metrics to loopback only #1197
• Bug 2002713: Add millisecond resolution to OVN logs #1196
• Bug 1939435: proxyconfig - accept IPv6 address literals for noProxy #1191
• Bug 1986061: Monitor openshift-network-diagnostics namespace #1190
• Bug 1960101: Fix update-codegen hack, pull in changes from openshift/api, bump k8.io deps to v0.22.1 #1140
• Bug 1997050: Fix panic with unknown networks #1188
• Bug 1998508: Fix the install-time “waiting for other operators” statuses #1192
• Bug 1990631: ovnkube: use ovn-nbctl daemon monitor mode to restart and log issues #1182
• Bug 1914398: Changed pod user to non-root #1124
• Bug 1991551: allow sdn (and others) to use new events.k8s.io API #1177
• Bug 1989246: use new default leader election values to handle apiserver rollout on SNO #1175
• Bug 1992507: Use prometheus rule annotations comply with the OpenShift alerting guidelines #1181
• Bug 1989734: Whereabouts should have RBAC for leases #1174
• Bug 1984049: Slow OVN Recovery on SNO #1159
• Bug 1990725: Add missing node name into KuryrSDNPodNotReady Alert #1176
• Bug 1987019: Support external control plane topology #1158
• Docs: add architecture overview, remove outdated HACKING guide. #1078
• Remove valadas from owners #1081
• Bug 1989122: let openshift-sdn use EndpointSliceProxying #1166
• Updating cluster-network-operator images to be consistent with ART #1136
• Bug 1981055: ovnkube-master handle 60 seconds downtime of API server gracefully in SNO #1154
• Bug 1985033: Make inactivity_probe configurable #1165
• Bug 1984449: Change to use mountPath: /host #1160
• Bug 1961757: ovnkube: set ovn-controller lflow cache limit to 1GB #1147
• Revert: Add env variable OVS_SYS_LOG_LEVEL for ovn nodes to setup ovs syslog level #1163
• Bug 1981975: Update service network status to reflect dual stack entries #1155
• Bug 1970985: SDN-1955: Add pre-puller ds to reduce upgrade downtime #1141
• Bug 1961811: Add a newline between user CAs and system CAs #1156
• OVNKube: check if br-ex1 is available and pass it as a parameter #1152
• Make egress IP and ICNI mutually exclusive when bootstrapping OVN-kube #1145
• Bug 1970129: Add env variable OVS_SYS_LOG_LEVEL for ovn nodes to setup ovs syslog level #1142
• Add alerts for issues with load balancers/ports. #1148
• Include alerts for critical lbs #1146
• Removing old kuryr-kubernetes CRDs #989
• Bug 1962951: enable ovs column diffs feature #1101
• Bug 1975016: Kuryr: Store OpenStack credentials in a secret #1139
• Add JacobTanenbaum to list of approvers #1099
• Updating .ci-operator.yaml build_root_image from openshift/release #1130
• Full changelog

cluster-node-tuning-operator

• Revert PAO and later changes #330
• Bug 2017427: tuned: add timeout and restarts #282
• Makefile cleanup, replace yq with yaml-patch from openshift/build-machinery-go #274
• Bug 2016988: openshift profile: fix malformed patch #283
• Bug 2013321: TuneD: workaround for high CPU utilization of [scheduler] plug-in. #278
• RBAC: tighten the rules and remove unnecessary listers. #276
• podsecurity: enforce privileged for openshift-cluster-node-tuning-operator namespace #275
• Updating cluster-node-tuning-operator images to be consistent with ART #273
• Bug 2004508: TuneD: Revert the ConfigParser changes. #271
• Updating cluster-node-tuning-operator images to be consistent with ART #270
• OWNERS: updating based on team changes. #269
• e2e tests: s/plugin/plug-in/ and TuneD renaming #253
• Bug 1998247: Reload when deps of recommended profile change. #267
• Bug 1997486: Ship the latest TuneD and stalld. #265
• Bug 1994891: Fix e2e tests after the recent 1.22.0 bump #264
• Bug 1992560: monitoring: comply with OpenShift alerting guidelines #263
• Bug 1994891: Bump vendor dependencies to k8s 1.22.0 #261
• Bug 1985739: Move OpenShift profile to TuneD. #258
• Bug 1986477: Handle kube-apiserver disruption more gracefully. #256
• scheduler: new option cgroup_ps_blacklist #250
• Address a race in the stalld e2e test. #249
• IBM Cloud manifest profile patch for operator deployment #252
• Ship the latest TuneD, adjust default Tuned CR. #245
• Updating to the latest stalld v1.13.0. #246
• openshift-tuned event-driven change processing #243
• Adjusting the OWNERS file due to team changes. #244
• Updating to the latest stalld v1.12.0. #242
• Bug 1974277: Fix conditional order for setting net device param. #239
• Bug 1973154: Switch back to NTO-shipped stalld. #236
• Updating cluster-node-tuning-operator images to be consistent with ART #235
• More precise description of MCP matching. #219
• Updating .ci-operator.yaml build_root_image from openshift/release #234
• Full changelog

---

View changelog in Markdown or change previous release: 4.20.0-0.okd-scos-2025-05-11-1015264.20.0-0.okd-scos-2025-05-10-2215264.20.0-0.okd-scos-2025-05-10-1015264.20.0-0.okd-scos-2025-05-09-2215264.20.0-0.okd-scos-2025-05-09-1015264.20.0-0.okd-scos-2025-05-08-221526───4.19.0-0.okd-scos-2025-05-10-2357144.19.0-0.okd-scos-2025-05-09-2243034.19.0-0.okd-scos-2025-05-09-1043024.19.0-0.okd-scos-2025-05-08-2243014.19.0-0.okd-scos-2025-05-08-104300───4.18.0-0.okd-scos-2025-05-10-0414244.18.0-0.okd-scos-2025-05-09-1614234.18.0-0.okd-scos-2025-05-09-0414224.18.0-0.okd-scos-2025-05-08-1614214.18.0-0.okd-scos-2025-05-08-041420───4.17.0-0.okd-scos-2025-02-25-0904554.17.0-0.okd-scos-2025-02-24-2104554.17.0-0.okd-scos-2025-02-24-0904544.17.0-0.okd-scos-2025-02-23-2104544.17.0-0.okd-scos-2025-02-22-211215───4.16.0-0.okd-scos-2025-01-06-1432414.16.0-0.okd-scos-2025-01-04-1456004.16.0-0.okd-scos-2025-01-04-0142364.16.0-0.okd-scos-2025-01-03-1342364.16.0-0.okd-scos-2025-01-03-0142364.16.0-0.okd-scos-2024-12-17-0222464.16.0-0.okd-scos-2024-11-24-1100454.16.0-0.okd-scos-2024-11-23-1818454.16.0-0.okd-scos-2024-11-23-0618454.16.0-0.okd-scos-2024-11-22-1818454.16.0-0.okd-scos-2024-11-22-061845───4.15.0-0.okd-scos-2024-12-16-1913164.15.0-0.okd-scos-2024-01-18-1035224.15.0-0.okd-scos-2024-01-17-2235214.15.0-0.okd-scos-2024-01-17-1035204.15.0-0.okd-scos-2024-01-16-223519───4.15.0-0.okd-2025-05-02-1402244.15.0-0.okd-2025-04-03-2126204.15.0-0.okd-2025-04-02-1800124.15.0-0.okd-2025-03-28-1148024.15.0-0.okd-2025-03-26-0131074.15.0-0.okd-2024-03-27-1109014.15.0-0.okd-2024-03-26-2309014.15.0-0.okd-2024-03-23-1640104.15.0-0.okd-2024-03-23-0440104.15.0-0.okd-2024-03-22-164010───4.3.0-0.okd-2025-04-09-1531174.3.0-0.okd-2021-08-03-2048314.3.0-0.okd-2021-03-22-1309504.3.0-0.okd-2021-02-02-2356544.3.0-0.okd-2021-02-02-1747534.3.0-0.okd-2021-01-28-0046514.3.0-0.okd-2021-01-18-145029───4.19.0-okd-scos.04.18.0-okd-scos.94.18.0-okd-scos.84.18.0-okd-scos.74.18.0-okd-scos.64.18.0-okd-scos.54.18.0-okd-scos.44.18.0-okd-scos.34.18.0-okd-scos.24.18.0-okd-scos.14.18.0-okd-scos.04.17.0-okd-scos.34.17.0-okd-scos.24.17.0-okd-scos.14.17.0-okd-scos.04.16.0-okd-scos.14.16.0-okd-scos.04.16.0-0.okd-scos-2024-09-24-1517474.16.0-0.okd-scos-2024-08-21-1556134.15.0-0.okd-scos-2024-01-18-223523───4.15.0-0.okd-2024-03-10-0101164.15.0-0.okd-2024-02-23-1634104.15.0-0.okd-2024-02-10-0355344.15.0-0.okd-2024-01-27-070424───4.20.0-okd-scos.ec.04.19.0-okd-scos.ec.94.19.0-okd-scos.ec.84.19.0-okd-scos.ec.74.19.0-okd-scos.ec.64.19.0-okd-scos.ec.54.19.0-okd-scos.ec.44.19.0-okd-scos.ec.34.19.0-okd-scos.ec.24.19.0-okd-scos.ec.14.19.0-okd-scos.ec.04.18.0-okd-scos.ec.34.18.0-okd-scos.ec.24.18.0-okd-scos.ec.14.18.0-okd-scos.ec.04.17.0-okd-scos.ec.44.17.0-okd-scos.ec.34.17.0-okd-scos.ec.24.17.0-okd-scos.ec.14.17.0-okd-scos.ec.04.17.0-0.okd-scos-2024-09-30-1017394.17.0-0.okd-scos-2024-09-26-2248284.17.0-0.okd-scos-2024-09-24-1048284.17.0-0.okd-scos-2024-08-21-100712

Source code for this page located on github