Back to index
4.8.0-0.okd-2023-07-15-032754
Download installer and client with:
oc adm release extract --tools registry.ci.openshift.org/origin/release:4.8.0-0.okd-2023-07-15-032754
No tests for this release
Loading changelog, this may take a while ...
Created: 2023-07-15 03:31:09 +0000 UTC
Image Digest: sha256:a06a82b073ec572f35f76f34d2b40b76a956eddd126b3c094efb0024a763ced5
Components
- Kubernetes 1.21.14
- Fedora CoreOS 48.34.4
Rebuilt images without code change
- OCPBUGS-19235: Updating ose-cluster-bootstrap images to be consistent with ART #100
- OCPBUGS-16504: bump(*): vendor update #99
- Updating ose-cluster-bootstrap images to be consistent with ART #88
- Updating ose-cluster-bootstrap images to be consistent with ART #82
- OCPBUGS-3505: Waiting for 2 masters in HA mode case #71
- OCPBUGS-6234: Bump dependencies and image #74
- Add API team to reviewers #75
- Add API team to the OWNERS #73
- Bug 2006945: extend hardcoded restmapper for cluster-bootstrap to avoid crashlooping bootstrap kube-apiserver #64
- update golang version #65
- Full changelog
- OCPBUGS-22710: Add apbroute/status patch rights for ovnkube-node to update status #2139
- NETOBSERV-1047: Add a cluster monitoring dashboard for ovn #1871
- OCPBUGS-21924: Bump library-go #2082
- SDN-4101: Remove HyperShift API dependency, Bump kubernetes dependencies #2128
- NO ISSUE: add ownership of the proxy-ca #2111
- OCPBUGS-22869: hypershift, hosted clusters: enable multi-homing and multi-net features #2113
- OCPBUGS-23082: set automountServiceAccountToken to false for hypershift managed network-node-identity deploy #2100
- OCPBUGS-21924: Bump golang.org/x/net to v0.17.0 #2068
- OCPBUGS-18088, OCPBUGS-18089: ovnkube: container scripts cleanup [v2] #2060
- OCPBUGS-11179: change CNO to use custom ServiceAccount #2084
- two replicas for CM instead of 3 #2052
- OCPBUGS-15817: Egress router: request at least 100 milliCPU #2077
- OCPBUGS-18785: SDN controller manifest: add node name from downward kapi to sdn controller #2047
- OCPBUGS-19370: Added HCP label to CNO pods #2048
- OCPBUGS-15220: Add zone node preference to multus-admission-controller #1795
- multinetworkpolicy: allow Neighbor Discovery Protocol traffic #2010
- OCPBUGS-18569: hypershift: adjust backoff on infrastructure name retry #1986
- OCPBUGS-20533: Revisit cipher suits for multus-admission-controller’s rbac-proxy #2074
- OCPBUGS-10652: ovnkube: disable conntrack on hybrid overlay VXLAN ports #1819
- Make APB External Route namespace selector mandatory for a dynamic hop #1929
- OCPBUGS-20519: hosted cluster upgrade failure from 4.13 stable to 4.14 #2065
- Revert “Merge pull request #2037 from dcbw/db-script-cleanup” #2058
- OCPBUGS-18392: notify when /etc/openvswitch path changes #1989
- OCPBUGS-18088, OCPBUGS-18089: ovnkube: container scripts cleanup #2037
- Remove ability to deploy with Kuryr #2056
- OCPBUGS-20104: Don’t run network node identity as root #2051
- OCPBUGS-20076: Multus should determine kubeconfig path #2049
- Revert Kuryr MTU fixes #2038
- Fix MTU miscalculation #1778
- OCPBUGS-19918: get ipsecStatus from host daemonset #2042
- Network metrics daemon: change priority class to openshift-user-critical #2044
- OCPBUGS-14819: HyperShift: Use the local konnectivity proxy when checking proxy readiness #1985
- OCPBUGS-19861: Multus per-node certificates should have 24h duration #2039
- OCPBUGS-19418: Relax conditions to get IC upgrade started #2018
- OCPBUGS-18396: Fix config status MTU migration not being updated #2021
- OCPBUGS-19705: Use port 9108 for ovnkube-control-plane metrics #2031
- OCPBUGS-19715: Do not enable node admission webhook if the CNI is not OVN-Kubernetes #2030
- OCPBUGS-17391: remove prestop hooks for northd, sbdbd and nbdb #1978
- OCPBUGS-19625: Multus per-node certificate request #2009
- OCPBUGS-19377: Kuryr: Fix deriving MTU from previous config #2007
- OCPBUGS-19648: Network identity: node-specific certificate in ovnkube-node, admission webhook #1983
- OCPBUGS-19550: multus: set MULTUS_NODE_NAME to filter pods to local node #2020
- OCPBUGS-19018: use $CPE_NAME to find the OS major version #2003
- OCPBUGS-19494: ipsec: remove preStop from host #2015
- OCPBUGS-18114: Update node selector in various YAMLs #1845
- Limit OVN-Kubernetes permissions #1982
- OCPBUGS-18892: make ipsec.service required #1999
- OCPBUGS-19236: Updating cluster-network-operator images to be consistent with ART #2006
- separate libovsdblogs from main ovnkube-master logs #1938
- OCPBUGS-15201: Disable weak SSH cipher suites #1981
- OCPBUGS-18676: ovnkube: set northd backoff-interval and use a single thread to save CPU #1990
- OCPBUGS-17380: ipsec: fix oopsy from 2e3fc8e7a0 #1996
- OCPBUGS-18517: Kuryr: Set MTU on Bootstrap, not Render phase #1988
- OCPBUGS-18135: IBMCloud specific: patch out management workload for dataplane component thats needed for bootstrapping #1955
- move IPsec to host #1849
- OCPBUGS-17916: Fix IC configmap lookup in pod_status.go #1954
- OCPBUGS-17677: [Azure]CNCC failed to assign egressIP to NIC for Azure Workload Identity Cluster #1980
- OCPBUGS-18363: Add ‘/etc/cni/multus/net.d’ into volumemount in multus pod #1979
- OCPBUGS-18175: Fix bond-cni’s default directory in multus manifest #1953
- OCPBUGS-17782, SDN-3664: Join ovnkube-controller and ovnkube-node container for multizone setup #1971
- OCPBUGS-16051, OCPBUGS-3176: Enables IP Forwarding config in CNO #1952
- OCPBUGS-17257: CVE-2023-3978: golang.org/x/net/html: Cross site scripting #1935
- OCPBUGS-17677: [Azure] Add granular permission for assigning egressIP to NIC to Azure CredentialsRequest for workload identity. #1949
- OCPBUGS-17964: ovn-k, managed: Align join subnet configuration #1962
- SDN-4024: Add ANP Feature Gate #1859
- SDN-4057: hypershift: Allow ovnkube-master and ovnkube-node to have different images #1942
- Remove certificatesigningrequests/update permission from ovnkubenode #1934
- Add rolling update for managed ovnkube-control-plane #1944
- IC & openshift + hypershift #1874
- OCPBUGS-16019: prevent creation of multiple cni-sysctl-allowlist-ds pods #1904
- OCPBUGS-10765: make MAXLOGFILES a real variable and work for self-hosted #1931
- Multus thick plugin support #1915
- OVN-Kubernetes ipsec: create the CSR with a random name #1928
- CCO-294: Switch azure credentials request to use explicit permissions #1922
- OVN-Kubernetes: Add status subresource permissions for setting labels and annotations #1896
- SDN-3223: Use encapsulation=true for IBM Cloud #1800
- Bug 16136: change whereabouts ip reconciler exec #1890
- Add OpenStack platform to list of allowed dual-stack clusters #1697
- OCPBUGS-15945: Stop using utilruntime.PanicHandlers to handle reconciliation panics #1893
- HOSTEDCP-1063: allow webhooks in hosted clusters to reach multus-admission-controller service #1879
- OCPBUGS-15961: FIPS related CNO changes #1901
- OCPBUGS-10765: Revert “Revert “OCPBUGS-10765: Remove oldest ovn acl log files when f… #1876
- ovn-k: Configure dns service namespace and name #1912
- OCPBUGS-15544: Enable multi-external-gateway feature by default for managed and hosted clusters #1887
- OCPBUGS-15918: Skip rendering 0.0.0.0/0 for cluster proxy status #1903
- Change rhel7/8 to rhel8/9 #1870
- Enable EgressService controller #1848
- Edited multus-admission-controller deployment config to not add autom… #1767
- OCPBUGS-15794: fix: add missing annotation for workload partitioning #1866
- OCPBUGS-15544: Add adminpolicybasedexternalroutes rights for ovnkube-node. #1867
- Revert “Remove oldest ovn acl log files when file limit exceeded” #1873 #1873
- OCPBUGS-10765: Remove oldest ovn acl log files when file limit exceeded #1868
- kube-proxy config overriding updates #1831
- OCPBUGS-15282: Add release version annotation to whereabouts-reconciler #1851
- CCO-356: Add Infrastructures permission to CNCC cluster role #1843
- Add multi-networkpolicies support for OVN #1796
- Add support for AdminPolicyBasedExternalRoute CRD and controller’s RBAC #1765
- OCPBUGS-15138: Add kubernetes.io/os nodeSelector to wherebouts reconciler DS #1841
- OCPBUGS-14988, SDN-3901: Rebase to kube 1.27 #1826
- CCO-358: Manifest changes necessary to support Azure Workload Identity #1755
- OCPBUGS-14714: Do not rely on ControlPlaneTopology do determine if running in HyperShift #1835
- OCPBUGS-11882: Added another volume to safe-to-evict-local-volume annotation #1830
- OCPBUGS-14833: Fixes lint issues #1834
- OCPBUGS-14384: Remove nodeSelector for architecture in whereabouts daemonset #1828
- OCPBUGS-11882: Added safe-to-evict annotation to ovnkube-master and multus admission controller components #1822
- OCPBUGS-13922: Revert “Do not set the operator as available before updating the network config” #1818
- OCPBUGS-11448: add Hypershift release-image annotation to multus #1770
- OCPBUGS-10937: multus-admission-controller mounts secret with mode 0640 #1752
- OCPBUGS-13219: Use
IfNotPresent
instead of Always
in OVNK upgrades pre-puller #1803
- OCPBUGS-5027: Make the operator degraded on panic #1786
- OCPBUGS-12856: Support Device Plugin Resources For Smart NIC and DPU Hosts #1721
- Updating cluster-network-operator images to be consistent with ART #1790
- OCPBUGS-11565: High API requests due to allowlist and operconfig reconcilers running too often #1788
- OCPBUGS-8070: Depreciate legacy field manager #1763
- OCPBUGS-11550: AUTH: update cluster-reader to include k8s.ovn.org #1791
- OCPBUGS-10009: HyperShift: Support HostedControlPlane node selector #1736
- OCPBUGS-11046: fix reconciliation process of the allowlist controller #1792
- OCPBUGS-1341: Enhance check controller to remove old check objects #1649
- OCPBUGS-11046: Fix allowlist ds template #1773
- OCPBUGS-10647: multus-admission-controller should not run as root under Hypershift #1745
- OCPBUGS-9174: The cluster-readers group should be able to get net-attach-defs #1343
- Updating cluster-network-operator images to be consistent with ART #1768
- OCPBUGS-9964: Split out konnectivity certs #1734
- SDN-3444: Add runbook url for SBDB connectivity alert #1553
- OCPBUGS-7777: use –template instead of -a for ‘oc observe’ #1760
- Fix tier label, privileged, HOSTNAME/NODENAME in whereabouts reconciler #1735
- OCPBUGS-10433: Hypershift: Add RollingUpdate parameters to multus-admission-controller #1740
- ovn-kube: move back to unsuffixed RHEL9 images #1747
- Updating cluster-network-operator images to be consistent with ART #1732
- OCPBUGS-10649: HyperShift: Add POD_NAME env to ovnkube-node #1748
- OCPBUGS-10031: operConfig reconcile can return nil error on failure #1744
- Set OVN-K north/south bound stale alerts severity to critical #1668
- OCPBUGS-8707: Point libreswan to proper nss location #1727
- Whereabouts should implement the reconciliation controller #1693
- add/update some UTs around clusternetwork change #1725
- OCPBUGS-9931: Enable configuration of node healthz server on ovnkube #1715
- OCPBUGS-8692: HyperShift: Set affinity, tolerations and co-location for all hcp resources created by CNO #1728
- Cno 4.13 kubernetes 1.26 #1708
- use annotation on the daemonset to update hybrid overlay #1709
- Remove the ovn-kind-cno.sh script #1710
- SDN-3597: OVN-K alerts: add OVS overflow alerts #1630
- SDN-3730: OVN IC: migrate master alerts to cluster manager #1716
- Allow cidr expansion #1707
- Enables nodeSelector to be used in egress firewall rule #1720
- Add ovnk alert for resource retry failure #1674
- OCPBUGS-6730, SDN-3221: ovn-kubernetes: use RHEL9-based images #1712
- OCPBUGS-4343: update apf configuration to use v1beta3 #1633
- Jira OCPBUGS-7774: Print RawCNIConfig in its string representation #1718
- OCPBUGS-6235: Updating cluster-network-operator images to be consistent with ART #1656
- Allow updates to pods #1717
- OCPBUGS-5559: add default noProxy config for Azure #1672
- always create env.sh when run_vs_existing_cluster #1711
- OCPBUGS-7354: Revert “Revert “OCPBUGS-5842: Use pods oc vs host”” #1714
- ovn-k, multi-homing: enable the feature #1699
- Revert “OCPBUGS-5842: Use pods oc vs host” #1713
- OCPBUGS-5842: Use pods oc vs host #1681
- OCPBUGS-4417: Added missing API field podref to OverlappingRangeIPReservation CRD #1677
- OCPBUGS-6651: HyperShift: Add .hypershift.local to no proxy list #1692
- OCPBUGS-6651: HyperShift: Do not use proxy for internal routes #1694
- remove TLS_RSA_WITH_AES_128_CBC_SHA256 cipher #1680
- ovn-kubernetes: Allow node_mgmt_port_netdev_flags for non-DPU modes #1676
- OCPBUGS-3272: Unhealthy Readiness Probe failing ci #1665
- OCPBUGS-5306: ovn-kubernetes: ignore NB/SB readiness checks and dbchecker when not RAFT member #1673
- OCPBUGS-5802: Update github.com/Masterminds/sprig to v3 #1679
- OCPBUGS-5306: OVN-Kubernetes: Stop sorting master node addresses #1675
- Allow SDN migration from Kuryr to OVNKubernetes #1639
- update ‘make install.tools’ for golangci-lint #1670
- Fix CNO crashing when Kuryr without MTU is set #1669
- OCPBUGS-2947: Disable the drop-icmp container ‘oc’ pprof webserver on Azure #1607
- OCPBUGS-4350: Fix handling of deployment and statefulset updates #1648
- OCPBUGS-2532: Fix default disable-udp-aggregation value on s390x #1655
- Fix info log formatting #1650
- Support RHOBS monitoring for HyperShift #1644
- OCPBUGS-3916: SDN alerts: Add
$labels.node
to SDNPodNotRady
metric #1637
- The allowlist daemonset should set a priority class. #1647
- Bug OCPBUGS-736: Kuryr: If set use MTU from Config for svc net #1586
- OCPBUGS-3883: HyperShift: Co-locate OVN-Kubernetes master with other hcp pods #1627
- OCPBUGS-2532: Disable UDP aggregation on s390x #1629
- Jira OCPBUGS-3777: IPsec: Fix broken counter++ expression #1623
- OCPBUGS-3114: HyperShift: Do not accept empty infrastructure name #1611
- HyperShift: Fix typo in control-plane-component label value #1626
- Remove references to the hosts kubeconfig #1612
- OCPBUGS-3744: SDN: /var/run mount cleanup #1625
- OCPBUGS-3460: CNI binary copy should account for the possibility of symlinks #1614
- OCPBUGS-2598: ipsec: Run ovs-monitor-ipsec in the foreground and change probes #1606
- SDN-3508: HyperShift: Render cncc with proxy settings of the management cluster #1577
- NP-607: update microshift ovnk manifests #1589
- Bug 1896533: moved SetDegraded call out of object loop to process all items first #1600
- OCPBUGS-2362: Prefer oldest nodes, harden new alerts and revert setting new OVN-K alerts to info #1579
- fixed typo in comment #1597
- Jira OCPBUGS-1736: Always set PROXY variables for CNCC #1576
- Remove the allow_ra sysctl for ipv4 from default systl whitelist #1590
- SDN-2591: allow hybrid overlay to be enabled post install #1584
- SDN-3515: HyperShift: multus admission controller: expose metrics over HTTPs #1583
- rebase to k8s v1.25.0 #1571
- Bug OCPBUGS-2328: Fix for index out of range error #1588
- Add sysctl whitelist controller #1573
- Kuryr: Add missing keystoneauth options #1581
- OCPBUGS-1341: Set owner reference for pod network connectivity check #1566
- ovn-k, managed: pass join-subnet to control-plane #1582
- OCPBUGS-1083: Move OVNK alert level to info #1564
- Pass enable-udp-aggregation=true to ovn-kubernetes #1533
- OCPBUGS-1038: Multus IPAM detection should honor conflists #1570
- egress_ip: remove redundant config #1568
- OCPBUGS-1515: Use custom uint128 type when validating v6InternalSubnet #1561
- SDN-3283: HyperShift: Use a socks-proxy in ovnkube-master to allow for node heath checks #1539
- Bug: OCPBUGS-736: Kuryr: Use machine net MTU to create service net #1545
- Migrate Egress IP configuration during SDN migration and rollback #1536
- Allow empty vSphere status field in VIP sync #1558
- microshift: update ovnk manifests #1552
- Add ovn-kubernetes-microshift to image-stream #1556
- Migrate Multicast configuration during SDN migration and rollback #1543
- OVN-K: add patch/update service permissions to controller #1554
- Add controller to synchronize the API and Ingress VIP fields #1519
- Bug SDN-3458: HyperShift: Differentiate resources deployed by different CNO instances in status manager #1541
- OVN-K alerts: first tranche #1526
- SDN-3432: Add alert for OVNKubernetesControllerDisconnectedSouthboundDatabase #1548
- Add vSphere platform to allow dual-stack cluster #1518
- OKD-49: Adds support for scos to multus #1544
- Bug 1894268: Allow users to specify ovnkube join subnet #1508
- Bug OCPBUGS-917: Add EgressQoS DstCIDR format validation #1492
- Multus admission controller: Wait for token in Hypershift #1546
- Use fixed name for creating EgressFirewall CRs #1540
- Migrate Egress Firewall Configuration during SDN migration and Rollback #1534
- hypershift: set multus controller priority appropriate for hosted clusters #1538
- Bug 2094068: Add northboundstale alert runbook #1482
- microshift: compact ovn databases periodically #1537
- Hypershift: Allow configuring hostname and labels on the route #1531
- Multus admission controller changes for hypershift #1516
- HyperShift: Move CNCC to the controll-plane namespace #1525
- Bug OCPBUGS-216: Kuryr: Bump timeoutSeconds for livenessProbe #1528
- Add missing runbook links for OVN-kubernetes alerts #1523
- Bug 2103680: avoid overrriding disableNetworkDiagnostics on reconciliation #1527
- Render CRDs for both OSDN and OVNK during migration #1521
- Configure ignored namespaces into multus-admission-controller #1515
- Add microshift ovnk manifests #1517
- Bug 2116982: multus-admission-controller SNO number of replicas #1524
- Enable the cloud-network-config-controller for OpenStack #1505
- multi-networkpolicy: Enable on SR-IOV networks #1443
- Updating cluster-network-operator images to be consistent with ART #1507
- Add configmap list/watch rights to cloud-network-config-controller #1511
- The Multus admission controller should run as a deployment #1514
- Bug 2108232: Revert “Bug 2085089: Pass enable-udp-aggregation=true to ovn-kubernetes” #1510
- Bug 2100601: Update CNO to config EgressIP timeout for ovnk #1498
- Bug 2060079: Enhance sensitivity of SDN alert NodeProxyApplySlow #1491
- Bug 2103590: Add init container to ensure that Status.podIP is set before postStart hooks run #1503
- remove @squeed from owners #1497
- Bug 2085089: Pass enable-udp-aggregation=true to ovn-kubernetes #1489
- Bug 2089681: Disable EgressIP reachability check in hypershift deployments #1485
- Bug 2084062: Make northd probe interval default to 10 seconds #1494
- Bug 2100079: Update sdn-controller perms for “configmapsleases” leaderelection #1496
- Bug 2099357: k8s 1.24 bump: add RBAC coordination leases for ovn-k master #1490
- Bug 2094071: Add southboundStale alert runbook #1481
- Bug 2095772: bindata: managed: reduce memory requests to align with observed usage #1479
- Bug 2095756: client: register types during init, not later #1483
- Bug 2090336: Multus should log at a verbose log level (without a logfile) #1474
- Bug 2092047: cncc: add RBAC coordination.k8s.io leases #1461
- Bug 2089805: Enable config duration for OVN-Kubernetes #1455
- Bug 2090437: Bump CNO to k8s 1.24 #1459
- Bug 2073452: Copying CNI binaries should be an atomic operation. #1472
- Bug 2092495: ovn: use up to 4 northd threads in non-SNO clusters #1471
- Bug 2091167: incorrectly setting rbac role for certificatesigningrequests #1463
- Revert “Copying CNI binaries should be an atomic operation.” #1466
- Bug 2073452: Copying CNI binaries should be an atomic operation. #1462
- Bug 2076776: remove patch permissions from ovnkube-node service account #1450
- Bug 2089968: ensures type: Directory for multus host paths #1453
- Bug 2090343: [temporary] Adds multus debug logging #1456
- Bug 2087942: bump to go 1.18, lint improvements #1451
- Bug 2086461: Hypershift: Also add default for Azure mtu #1454
- Bug 2086461: AWS: Use hardcoded MTU to speed up cluster creation #1441
- Bug 2087556: Fix rendering DPU manifests #1448
- Bug 2086506: hypershift: respect statefulset when upgrading ovnk #1447
- Bug 2087135: Fixing Hypershift nodeport flow #1440
- Bug 2086544: Stop passing hosted cluster token as a parameter to ovnkube-master #1446
- Bug 2086437: Enable EgressQoS controller #1430
- Bug 2086143: Status controller: use a label, rather than watching all objects #1431
- Bug 2082235: manifests: Add in service, service-cert, and ServiceMonitor #1433
- Bug 2023295: Cleanup CNO relatedObjects #1432
- Bug 2079422: Bump PodDisruptionBudget to v1 #1427
- Re-reconcile network on configmap, stop watching all configmaps in proxy controllers #1416
- hypershift: add ovnkube-node-proxy container in ovnkube-node ds #1408
- Hypershift: enable TLS for ovnkube-master metrics #1423
- Add gm metric record to use for telemetry exposure #1425
- Revert “ovn: reduce SB<->ovn-controller inactivity probe to 30 seconds” #1428
- Bug 2082611: Limit Kuryr pods permissions #1367
- Bug 2076877: Bump FlowScema apiVersion to v1beta2 #1419
- bindata/network-diagnostics, cloud-network-config-controller: comply to restricted pod security level #1406
- Remove ObjectMeta.ClusterName usage #1421
- Hypershift: Fix ovnkube-master priority class and set resource requests on token-minter #1420
- add more sysctls to the multus allowlist #1411
- ovn: fix northd preStop command handling #1414
- Add control-plane-component label to ovnkube-master for hypershift #1422
- Add link to runbook urls #1417
- Hypershift: Copy all CNO conditions to HostedControlPlane status #1415
- ovn: reduce SB<->ovn-controller inactivity probe to 30 seconds #1412
- Bug 2075475: Add default-route field to egress-router k8s.v1.cni.cncf.io/networks #1390
- OCPVE-106 Customize rollout strategy to fix SNO upgrade #1392
- Bug 2080255: SDN: Re-add list/watch/get permissions for nodes needed for EgressIP #1409
- Bug 2071859: Switch dnsPolicy to Default for OVN hostNetwork pods #1395
- Revert “Revert ipsec: Allow enablement/disablement at runtime” #1384
- ovnkube: export OVS metrics along with OVN metrics #1393
- Bug 2078910: Correct runbook_url field location within schema #1396
- Adds dougbtv to owners as approver and reviewer #1397
- Bug 2072215: Make the use of the ip-reconciler cronjob opt-in by detecting IPAM type usage #1369
- ovn-kube hypershift: fix pipefailure that prevents HA startup #1394
- Bug 2063123: Drop Node update permission for sdn-node #1350
- OVN-K alert: Increase severity and add runbook_url for NoRunningOvnMa… #1327
- Remove Kuryr mutating DNS webhook #1363
- raise the alert NoOvnMasterLeader to critical and add the runbook url #1328
- Bug 2072710: Make northd probe interval default to 10 seconds #1386
- hypershift: get control plane replicas from hcp #1385
- Bug 2072766: Reserve port TCP/9104 for cluster-network-operator #1378
- Multus: split pod/status rbac #1340
- add runbook link for NodeWithoutOVNKubeNodePodRunning and V4SubnetAll… #1366
- OVN: remove detecing db_ip via kapi #1368
- Hypershift: Respect publishing strategy of OVN southbound database service #1349
- Proxyconfig: Add a knob for Hypershift to enable proxying internal apiserver address #1381
- Bug 1983056: Kuryr: Update CRD from upstream #1360
- hypershift: disable TLS for ovnk master metrics #1382
- hypershift: enable publishNotReadyAddress explicitly for ovnk-master service #1372
- Bug 2070047: Bump max value of hist quantile for kuryr_cni_request_duration #1359
- Don’t return err with empty relatedClusterObject annotation #1379
- hypershift: enable ovnk-master metrics in management cluster #1374
- Use (un)setProgressing for pod status update #1376
- Use the hosted cluster token explicitly #1370
- HyperShift: Watch StatefulSets in the management cluster #1364
- Exclude openshift-kube-apiserver and openshift-apiserver service/endpoints from connectivity checks in hypershift #1375
- Run ovnkube-master statefulset pods in parallel #1361
- Add ibm-cloud-managed annotations to 02-cncc-credentials.yaml, this is required in HyperShift #1358
- Add ipsec daemonset for hypershift managed cluster #1356
- Add statefulset in status manager #1345
- hypershift ovnk route status #1341
- Add tuning cni sysctl allowlist to nodes #1347
- Bug 2058368: move enable memory trimming to readiness prob #1365
- Add ovnkube-node initContainer to make sure sbdb is up before running other containers #1354
- Vendor: pull in hypershift #1346
- Hypershift: Use token minter instead of a kubeconfig in ovn-kubernetes master #1344
- Add an option to define the client name for in-cluster config #1342
- Add ovnkube manifests for hypershift #1329
- network, bootstrap: don’t get apiserver from the environment #1339
- Fix MTU detection for multi path default routes #1338
- Multi cluster support in CNO #1319
- Fix golang image version in Dockerfile #1330
- Remove empty selector from the mtu prober job. #1331
- Switch to server-side apply #1304
- Probe MTU from a Job, rather than directly in the CNO #1313
- Bug 2058368: Move memory-trimming-on-compaction out of dbchecker to nbdb/sbdb #1320
- Fix group for CVO override used for running CNO locally #1314
- Bug 2058671: ip reconciler: auto clean failed jobs #1318
- Bug 2037721: Do not apply OVN-Kubernetes
PodDisruptionBudget
on single-node clusters #1307
- ovn: stop spawning the ovn-nbctl daemon #1315
- Bug 1944264: ovnkube: gracefully terminate databases from preStop #1312
- Bug 2044227: Add rolling update strategy for Kuryr-CNI. #1311
- Bug 2032559: Block DualStack migration for unsupported cluster types #1257
- Bug 2010361: SDN alerts: conform to monitoring team style guide #1248
- Update project owners #1309
- Bug 2048575: The Whereabouts ip-reconciler should use api-int load balancer #1302
- Bug 2048793: Kuryr: Decrease vif_annotation_timeout #1293
- Bug 2049613: Use a separate configmap for mtu migration config to avoid pod restart #1299
- Fix bond cni source directory path #1295
- Updating cluster-network-operator images to be consistent with ART #1294
- Bug 2041546: ovn-kubernetes: set RAFT election timer at RAFT cluster creation time #1282
- Bug 2034484: Upgrade library-go version #1247
- Bug 2042796: whereabouts, reconciler: disable retries on failure #1290
- Bug 2039345: Verify against mininimal IPv6 MTU value for clusters with IPv6 networks #1276
- Bug 2034155: Adds back –disable-snat-multiple-gws #1254
- Bug 2039321: SDN: Expose controller metrics for collection #1250
- clean up OWNERS #1287
- Bug 2041989: no CredentialsRequests in ibm-cloud-managed #1280
- Bug 2035459: modify cluster-network-features for OpenshiftSDN #1251
- Bug 1896533: Nonexistent Namespaces Degradation logging message #1128
- Bug 2038732: Add egress* patch credentials for ovnkube-master #1285
- Bug 2041329: cncc: add serviceAccountNames to CredentialsRequests #1283
- Bug 2010663: OVN-K alerts: conform to monitoring team style guide #1246
- Bug 2021191: Project admins should be able to list net-attach-defs in their namespaces #1226
- BUG 2034413: cncc: create Cloud CredentialsRequest in /manifests #1277
- Bug 2034460: cncc: handle advanced AWS and Azure configurations #1275
- Bug 2034153: Fix MTU migration verification for OpenShiftSDN #1259
- Bug 1943363: ovn: try to gracefully terminate ovn-northd #1221
- Bug 2018093: Kuryr: Add resource requests for pods #1269
- Bug 2036861: multitenant - Add openshift-kube-apiserver-operator to global namespaces #1272
- Bug 2035093: Cloud network config controller: Fix for Hypershift #1268
- Bug 2034398: Whereabouts CRD should include a “podref” field. #1262
- Bug 2034517: watch and apply changes of the ovs-flows-config configmap #1231
- Bug 2034322: Move infrastructure bootstrap to its own package #1261
- Bug 2033422: bootstrapOVNGatewayConfig should only be called once #1258
- Add MTU migration support for OVNKubernetes and OpenshiftSDN #1241
- Cloud network config controller - CNO deployment #1112
- Bug 2022144: sbdb and nbdb containers leave pid around if they restarted or crashed #1256
- OVN-K alerts: Fix incorrect metric name reference #1237
- Pod networking on DPU host in Infra and Tenant clusters #1249
- OVN-K: Enable OVN metrics to be consumed by ServiceMonitor #1236
- Bump openshift/build-machinery-go #1253
- SDN 2316: Use GatewayConfig in OVN-K to set gateway modes #1209
- Add CNI to DPU and enable Kube-Proxy on DPU #1220
- NETOBSERV-31: Expose CNI type features as a config-map #1204
- Bump openshift/api module #1242
- The ip-reconciler should not restart on failures. #1238
- SDN: Do not tolerate a controller failure during upgrade #1213
- Set upgrade strategy on kube-proxy #1214
- openshift-sdn/daemonset: Mount /host/opt/cni/bin at /host-cni-bin #1172
- Specific SDN controller alert #1206
- update for ART #1233
- bindata/network: specify pod-security levels via labels not annotations #1224
- Add bond-cni #1205
- Bug 1961509: DHCP Daemon should have memory and CPU limits set #1218
- Add ip6tables NOTRACK rules for udp/6081 #1222
- Bug 1962206: DHCP daemon should have maxunavailable for upgrade strategy #1219
- Bug 1976399: Raft election timer: move the logic to ovndbchecker #1161
- Bug 2009078: Remove NetworkPodsCrashLooping alert for ovn-kubernetes #1212
- Bug 1914053: whereabouts: add ip-reconciler cronjob #1207
- Add Kuryr to be able to create events objects. #1210
- fix a typo in a field name #1208
- podsecurity: enforce privileged for network namespaces #1203
- Bug 1988483: OVN drop icmp frag from other nodes on Azure cluster #1132
- Bug 1985486: Use proxy to connect to OSP cloud #1173
- Updating cluster-network-operator images to be consistent with ART #1198
- Bug 2003676: Restrict serving SDN metrics to loopback only #1197
- Bug 2002713: Add millisecond resolution to OVN logs #1196
- Bug 1939435: proxyconfig - accept IPv6 address literals for noProxy #1191
- Bug 1986061: Monitor openshift-network-diagnostics namespace #1190
- Bug 1960101: Fix update-codegen hack, pull in changes from openshift/api, bump k8.io deps to v0.22.1 #1140
- Bug 1997050: Fix panic with unknown networks #1188
- Bug 1998508: Fix the install-time “waiting for other operators” statuses #1192
- Bug 1990631: ovnkube: use ovn-nbctl daemon monitor mode to restart and log issues #1182
- Bug 1914398: Changed pod user to non-root #1124
- Bug 1991551: allow sdn (and others) to use new events.k8s.io API #1177
- Bug 1989246: use new default leader election values to handle apiserver rollout on SNO #1175
- Bug 1992507: Use prometheus rule annotations comply with the OpenShift alerting guidelines #1181
- Bug 1989734: Whereabouts should have RBAC for leases #1174
- Bug 1984049: Slow OVN Recovery on SNO #1159
- Bug 1990725: Add missing node name into KuryrSDNPodNotReady Alert #1176
- Bug 1987019: Support external control plane topology #1158
- Docs: add architecture overview, remove outdated HACKING guide. #1078
- Remove valadas from owners #1081
- Bug 1989122: let openshift-sdn use EndpointSliceProxying #1166
- Updating cluster-network-operator images to be consistent with ART #1136
- Bug 1981055: ovnkube-master handle 60 seconds downtime of API server gracefully in SNO #1154
- Bug 1985033: Make inactivity_probe configurable #1165
- Bug 1984449: Change to use mountPath: /host #1160
- Bug 1961757: ovnkube: set ovn-controller lflow cache limit to 1GB #1147
- Revert: Add env variable OVS_SYS_LOG_LEVEL for ovn nodes to setup ovs syslog level #1163
- Bug 1981975: Update service network status to reflect dual stack entries #1155
- Bug 1970985: SDN-1955: Add pre-puller ds to reduce upgrade downtime #1141
- Bug 1961811: Add a newline between user CAs and system CAs #1156
- OVNKube: check if br-ex1 is available and pass it as a parameter #1152
- Make egress IP and ICNI mutually exclusive when bootstrapping OVN-kube #1145
- Bug 1970129: Add env variable OVS_SYS_LOG_LEVEL for ovn nodes to setup ovs syslog level #1142
- Add alerts for issues with load balancers/ports. #1148
- Include alerts for critical lbs #1146
- Removing old kuryr-kubernetes CRDs #989
- Bug 1962951: enable ovs column diffs feature #1101
- Bug 1975016: Kuryr: Store OpenStack credentials in a secret #1139
- Add JacobTanenbaum to list of approvers #1099
- Updating .ci-operator.yaml
build_root_image
from openshift/release #1130
- Full changelog
- Revert PAO and later changes #330
- Bug 2017427: tuned: add timeout and restarts #282
- Makefile cleanup, replace yq with yaml-patch from openshift/build-machinery-go #274
- Bug 2016988: openshift profile: fix malformed patch #283
- Bug 2013321: TuneD: workaround for high CPU utilization of [scheduler] plug-in. #278
- RBAC: tighten the rules and remove unnecessary listers. #276
- podsecurity: enforce privileged for openshift-cluster-node-tuning-operator namespace #275
- Updating cluster-node-tuning-operator images to be consistent with ART #273
- Bug 2004508: TuneD: Revert the ConfigParser changes. #271
- Updating cluster-node-tuning-operator images to be consistent with ART #270
- OWNERS: updating based on team changes. #269
- e2e tests: s/plugin/plug-in/ and TuneD renaming #253
- Bug 1998247: Reload when deps of recommended profile change. #267
- Bug 1997486: Ship the latest TuneD and stalld. #265
- Bug 1994891: Fix e2e tests after the recent 1.22.0 bump #264
- Bug 1992560: monitoring: comply with OpenShift alerting guidelines #263
- Bug 1994891: Bump vendor dependencies to k8s 1.22.0 #261
- Bug 1985739: Move OpenShift profile to TuneD. #258
- Bug 1986477: Handle kube-apiserver disruption more gracefully. #256
- scheduler: new option cgroup_ps_blacklist #250
- Address a race in the stalld e2e test. #249
- IBM Cloud manifest profile patch for operator deployment #252
- Ship the latest TuneD, adjust default Tuned CR. #245
- Updating to the latest stalld v1.13.0. #246
- openshift-tuned event-driven change processing #243
- Adjusting the OWNERS file due to team changes. #244
- Updating to the latest stalld v1.12.0. #242
- Bug 1974277: Fix conditional order for setting net device param. #239
- Bug 1973154: Switch back to NTO-shipped stalld. #236
- Updating cluster-node-tuning-operator images to be consistent with ART #235
- More precise description of MCP matching. #219
- Updating .ci-operator.yaml
build_root_image
from openshift/release #234
- Full changelog
Source code for this page located on github