Issued:
2019-07-04
Updated:
2019-07-04

RHBA-2019:1634 - OpenShift Container Platform 4.1 bug fix update

Synopsis

OpenShift Container Platform 4.1 bug fix update

Type/Severity

Bug Fix Advisory None

Topic

Red Hat OpenShift Container Platform release 4.1.4 is now available with updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.1.4. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2019:1635

This update fixes the following bugs:

  • Image pruning was taking too long to complete because all images were processed as a single request. Now, pager is used to complete the process successfully without timing out. (#BZ1710561)

  • The Jenkins Sync plugin confused ImageStreams and ConfigMaps with the same name when processing them for Jenkins k8s plugin PodTemplates, causing conflict with the api object types. Now, the Jenkins Sync plugin has been modified to keep track of which api object type created the pod template of a given name. (BZ#1711334)

  • OAuth was unable to authenticate to OpenShift Jenkins instances. The Jenkins login plugin has been updated to attempt TLS connections with default certifications. Users are now able to log into the Jenkins console using OAuth. (BZ#1712240)

  • Cluster Operators did not provide enough node-tuning related resources, making the must-gather tool unable to collect sufficient information for node-tuning resources. Now, more resources have been added to node-tuning and the must-gather tool is now able to collect sufficient information about node-tuning related resources. (BZ#1717739)

  • Networking outages were occurring with EgressIP because monitoring code was mistakenly interpreting Not responding inputs. As a result, egress IP addresses may switch from one node to another. The monitoring code now distinguishes a node that's not responding from a final destination that is not responding. Egress IP addresses will not be switched between nodes unnecessarily. (BZ#1718541)

  • The node-tuning-operator in OpenShift Container Platform 4.1.0 unnecessarily updated tuned service accounts, causing extraneous secrets in the openshift-cluster-node-tuning-operator namespace. This was resolved in the OpenShift Container Platform 4.1.1 release, but this did not clean up the extraneous secrets. Now those secrets are cleaned up. (BZ#1718842)

  • ElasticSearch curl commands would bloat the dentry cache, causing the node to become unresponsive. Now, the NSS_SDB_USE_CACHE=no option may be set in the readiness probe to work around the NSS behavior that bloated the dentry cache. (BZ#1720656)

  • A race condition existed when updating conditions on the openshift-cluster-samples-operator, causing duplicate conditions or upgrades to fail. The Samples Operator would incorrectly show a Degraded statge. Now, proper synchronization has been added so that the duplication of conditions does not occur and the Degraded state is not reported. (BZ#1722183)

  • Fluentd was unable to correctly parse the CONTAINER_NAME field for Kubernetes metadata, causing records to go to the .orphaned index. Now, fluentd checks the record tag and record data for Kubernetes metadata. (BZ#1722898)

  • The permissions set on previous version of ElasticSearch were restrictive so that non-administrative users were unable to access the root endpoints, and non-administrative useres were unable to determine the ElasticSearch version information. Permissions have now been changed to accomodate all users able to see the version of ElasticSearch.(BZ#1724341)

All OpenShift Container Platform 4.1 users are advised to upgrade to these updated packages and images.

Solution

Before applying this update, ensure all previously released errata relevant to your system have been applied.

For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.4, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-release-notes.html

Details on how to access this content are available at This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/container-platform/4.1/updating/updating-cluster-cli.html.

Affected Products

ProductVersionArch
Red Hat OpenShift Container Platform4.1x86_64
Red Hat OpenShift Container Platform4.1x86_64

Updated Packages

  • openshift-4.1.4-201906261555.git.0.c9e4f28.el7.src.rpm
  • atomic-enterprise-service-catalog-4.1.4-201906261555.git.1.9d82c80.el7.x86_64.rpm
  • openshift-clients-4.1.4-201906261555.git.0.c9e4f28.el8.x86_64.rpm
  • atomic-enterprise-service-catalog-4.1.4-201906261555.git.1.9d82c80.el7.src.rpm
  • openshift-clients-redistributable-4.1.4-201906261555.git.0.c9e4f28.el7.x86_64.rpm
  • openshift-clients-redistributable-4.1.4-201906261555.git.0.c9e4f28.el8.x86_64.rpm
  • openshift-hyperkube-4.1.4-201906261555.git.0.c9e4f28.el8.x86_64.rpm
  • openshift-4.1.4-201906261555.git.0.c9e4f28.el8.src.rpm
  • atomic-enterprise-service-catalog-svcat-4.1.4-201906261555.git.1.9d82c80.el7.x86_64.rpm
  • openshift-clients-4.1.4-201906261555.git.0.c9e4f28.el7.x86_64.rpm
  • openshift-hyperkube-4.1.4-201906261555.git.0.c9e4f28.el7.x86_64.rpm

Fixes

CVEs

(none)

References

(none)

Additional information