Back to index

Download the installer for your operating system or run

oc adm release extract --tools quay.io/openshift-release-dev/ocp-release:4.10.41-x86_64

Tests:

• Blocking jobs
  • upgrade Succeeded release-openshift-origin-installer-e2e-aws-upgrade
  • upgrade-minor Succeeded release-openshift-origin-installer-e2e-aws-upgrade
• Informing jobs
  • aws-sdn-upgrade-4.10-micro Succeeded periodic-ci-openshift-release-master-nightly-4.10-e2e-aws-upgrade
  • aws-serial Succeeded periodic-ci-openshift-release-master-nightly-4.10-e2e-aws-serial
  • gcp-ovn-upgrade-4.10-minor Succeeded periodic-ci-openshift-release-master-ci-4.10-upgrade-from-stable-4.9-e2e-gcp-ovn-upgrade

Upgrades from:

• 4.10.40 (changes) - S S S
• 4.10.39 (changes) - Success
• 4.10.38 (changes) - Success
• 4.10.14 (changes) - Failed
• 4.10.11 (changes) - Failed
• 4.10.9 (changes) - Success
• 4.10.5 - Failed
• 4.10.4 (changes) - Failed
• 4.10.3 (changes) - Success
• 4.9.51 (changes) - F S S S
• 4.9.50 (changes) - Failed
• 4.9.49 (changes) - Success
• 4.9.44 (changes) - Success
• 4.9.43 (changes) - Failed
• 4.9.38 (changes) - Success
• 4.9.22 (changes) - Failed
• 4.9.21 (changes) - Success
• 4.9.19 (changes) - Failed

Upgrades to:

• 4.11.34 (changes) - Success
• 4.11.21 (changes) - Success
• 4.11.18 (changes) - Success
• 4.11.17 (changes) - Success
• 4.11.16 (changes) - Success
• 4.11.15 (changes) - S S S
• 4.11.14 (changes) - S S S
• 4.10.62 (changes) - Success
• 4.10.44 (changes) - Failed
• 4.10.43 (changes) - Success
• 4.10.42 (changes) - S F F

---

Loading changelog, this may take a while ...

Changes from 4.10.5

Created: 2022-11-09 09:21:16 +0000 UTC

Image Digest: sha256:7d62627dde39d83084bf17bd2d0d46ee2a984210446a131b66ab047aeeb513cc

Release 4.10.41 was created from registry.ci.openshift.org/ocp/release:4.10.0-0.nightly-2022-11-08-174205

Components

• Kubernetes upgraded from 1.23.3 to 1.23.12
• Red Hat Enterprise Linux CoreOS upgraded from 410.84.202203141348-0 to 410.84.202211032138-0 (diff)

Removed images

• cluster-capi-controllers
• cluster-capi-operator

Rebuilt images without code change

• alibaba-cloud-controller-manager git db2d118a sha256:1ebd37ef5b47a495cd491b22b2e54f28c0542fa92ae8a993ba16102162467f79
• aws-cloud-controller-manager git d85867fe sha256:7fd24ef5ac7b6881f0794be25101a11b56311d4c159e4e63989908a14e2591c9
• aws-pod-identity-webhook git 7f9eb87a sha256:9e9ae423f1732ee5dbe8af1ea229c661d181eb9070e878205439c81f1a7c064f
• azure-file-csi-driver-operator git 3807eb37 sha256:8c29e465958ca58e5bbe6f1c80c60a2363e5cc73ffe5b688c6767e91c1cd513b
• cluster-bootstrap git f22d1c60 sha256:2040b215b1459eb1452d8ef7cc782a11e3f646b7a4f43c17614102b93834edc4
• cluster-dns-operator git bc48e0aa sha256:d02576713de11db4a07fdc3fd4237ad1625e5d1e578c1cb166fd22d1946c50f0
• cluster-openshift-controller-manager-operator git b8b65d15 sha256:8f9b88821aaeaebc991b65647e9d71d426fdc76f430e596ec17079e8a01079bf
• cluster-policy-controller git 8e5b3651 sha256:ed27c6fa1eaeb3a1e812662b6b28ebd1f5b14e60dc0248b6900ae9f59b41e29b
• configmap-reloader git 22a40ce7 sha256:f4f09ee27b4e6400ecac0e0d7b4572ab684c9f87cedcdc4ea9a52c3b53958d62
• coredns git 3ec1ee7d sha256:adb10bb2eed278eedcfa7aa9e65acce4467d8630ca37593a760788ceda16fc86
• csi-driver-manila git df0b27de sha256:ce307905e6623d1604c9816c869f1c4e1ea5c222fe73eb8ae970d31e202a5d2c
• csi-driver-nfs git 3448830c sha256:258f30835027a17b70b4c268da757508fff3e924a9b32c4d050fe890eb80bf02
• csi-driver-shared-resource git d06ff18b sha256:10d6dcd1106f4808276426ecacc6005155e83fa31557fdd622ad0e3f8586c972
• csi-driver-shared-resource-operator git 662615b3 sha256:6645686f32feb6777f2bdddf39a1b0e50b1cabb3bb37768cabf4334309317610
• csi-external-attacher git 27e71f2b sha256:ad3e03ab360df59f560479a7e3843dceb70aa1f241a84c1d11c1612b58826a66
• csi-external-provisioner git 31de1e19 sha256:62b2c6f7e2f84ec840d1ef264646c9e8f155631defe205348a55588c9118708b
• csi-external-resizer git e5934091 sha256:62634941dbc0150c055e45b99edbe3c40aa2079d76e1134eac3780f4859b500d
• csi-external-snapshotter git fe4a0a2f sha256:19c31a1a248d498bffe12ff9f2675fae733423979dc79f3ad6206c2b73ce6761
• csi-livenessprobe git 8c1a5bca sha256:c6114d0ffa57dba48271a6d3cca48aada961cf8742ce3d499498343170f9b9c7
• csi-node-driver-registrar git bb0bd823 sha256:b90df0181fa84317e12429c6da4171b9d8680f8f7ffd29d54c0379153de063ca
• csi-snapshot-controller git fe4a0a2f sha256:0808aa5acadd5b19db1c2ad20aeb96c7ef6f41cc2d0643ae28b52f8d89bc50ed
• csi-snapshot-validation-webhook git fe4a0a2f sha256:f45828f1f540af7a97c0e423216adc91b1584644c5cf20f4fe2055710d95e74f
• driver-toolkit git 0c77c8d6 sha256:a9850e432e0f2093161fae20ba89161dc4e3ddf8a4b2b67ceae772026f2ce79b
• egress-router-cni git 5c56bc8a sha256:cd6de4896805b834eb7a374038b47ad6db8958bde085753ef1d0e36af4da45fc
• gcp-cloud-controller-manager git 4dc728d0 sha256:b6166e4b1b6ee64e2dfca4c66905c4df26fda000d3bad4d3ab16ea27aae4d120
• gcp-machine-controllers git 3fe46c8b sha256:ece6e008c37f87d911c8eb25a332b41618e991c16e8561514d53e04fce1579e8
• gcp-pd-csi-driver git 19e9a57f sha256:60f31f36d610ecf6c62839468e0e2a541a0414a001781ec992e586d64893adb9
• grafana git 48aec355 sha256:e90ebc15878cb01d777b009401abc8944ee6f2b6b10155641e5bb75bafd74698
• ibm-cloud-controller-manager git e3039120 sha256:80eb1a8a604ffdc38a6296e10dee0b358cd158ad90fd4ca2bc15b9c4a710c53c
• ibm-vpc-node-label-updater git 7074dfc3 sha256:19a9b46bffd38cbec31073d945ca7edecf40063317b7cd130685ffb925541c75
• ibmcloud-machine-controllers git 7449a94f sha256:94b77fd02162bd51fca1ac9fa0a45d2dc7c76953ea39b8cc58a264c85f5a72b6
• ironic-hardware-inventory-recorder git 62469223 sha256:30ed45d2c6befcbea2275f5477a0261ede5e452439313541f566a9202f159891
• ironic-machine-os-downloader git 81fe2974 sha256:8e9743c15ef94ad5a88b5373ac2f23e576bef2428f1b0c1a538bb91452ded573
• ironic-static-ip-manager git 45a1c542 sha256:771fe1c61b15ab17dc36439d525250e36d351398b45daa8e0ea3fc0ffda9fb39
• k8s-prometheus-adapter git 4052b317 sha256:a0fb02927896ec74fc4b8cd90adaf3772f639285112edadbd67846d42bcbe05c
• keepalived-ipfailover git 5d526c41 sha256:3d75e2e57bc81e74ae37fc64d2f0b6bd97f7ad7b568efd12b556852a7c07d62a
• kube-rbac-proxy git 4f198b2b sha256:4d6d9815fdd1a11959ec8b743c95bf856efd4d76e1783b593cc353c7d651b28f
• kube-storage-version-migrator git 901a6d22 sha256:c238aece552bfe4cba762152916f6ba3aee8d1e49e1f5fe549b05d32219bf05b
• libvirt-machine-controllers git 3b330b72 sha256:2fe84fa7cf264e4784414b8c274039b6d767258f50fb628f19af13750e6b5e05
• machine-os-content sha256:4db499051ae7bf9fe9f1ee1963add35d18316956b4f6b040b5ffb85c2e7ff526
• multus-admission-controller git d7a7fe5d sha256:26d78968934b4e97a2f200bef08c4cfcd2202f8d7b3a6df080bf190eb9c081ea
• multus-networkpolicy git bfcc6c85 sha256:83298424cfadfe00bab43d426d87b450ff91103e16bb9020d78ecffd7ff0c248
• multus-route-override-cni git 707dd380 sha256:521f03e789a084b6b55c27fd78b1c914bc7b0d8ad73b03565fd4c290922a880c
• network-tools git bcfec9c5 sha256:a506c3825f0fdb5a908ecedb84b58ea795a5aef086b72dcaa0220a9c087c5485
• oauth-proxy git 799d414b sha256:4330299a44f3533bd3efed707c6213244e911e1de922187a4b7d56936cea46d9
• oauth-server git 245b95f8 sha256:354f1acf075e9933259af6583dcfd19d649c72c169f561dd352e000efb7ba946
• openshift-controller-manager git 2c2d50db sha256:b7ca5d81c95f8c0d612f55ac3fb2a6b6df08602c377a1920abdc6692f90f234b
• openstack-cinder-csi-driver git df0b27de sha256:2fa391e95382d0535f90cbee18365df6dd730c04d85988bbfb02fa30e197f676
• openstack-cloud-controller-manager git df0b27de sha256:9088775e9c1be24565027a0790d582ff864a66b4e614ce7323acfe63c4f28f61
• openstack-machine-api-provider git 2401f74d sha256:6312827a0b8b5b431a90d27a928afd1662c57fc49dc1d455a0c4849624c3dd08
• operator-marketplace git 80b92ecf sha256:15d50b8086af3ba794d42c0a46ca21d83ac9627d5f63f200e6dd4fcb005b3d76
• ovirt-machine-controllers git 35ce9aaf sha256:a295f27b04b744756ad920fbab68bbf1cf181e8f00d0ccf722fca91024c14e6c
• powervs-machine-controllers git c1d68e7b sha256:c1e1194530716454377695f300582bd8de4408d3e698fc754bbf1490e36f1af1
• prom-label-proxy git 5f4c8992 sha256:e4230f1af4f1da72e3bf7627a3e7203910e5aaf7e6758b7820244b5e6fc021d5
• prometheus git 3c6cd55e sha256:5ad205ce42a08ca55e9a804364676463a9a12667b6592f877715c572bbc69c65
• prometheus-alertmanager git 01339596 sha256:c1cc7a9502746854b1057cc817aa8768dc5acabf36638f5d781dd38e16358f44
• prometheus-node-exporter git 0eed3102 sha256:4578b08e8c013651a18f58957f777d7fb635959165e9353e6d20f192ae8386dc
• service-ca-operator git 1611373e sha256:c637519b3f40214345d79006e44b187173dce785b44d987b88192d0c262d379c
• telemeter git 2c9c76e6 sha256:5b20ebe974ee547a6dc66770a344bba8dd1f9dc0cb03a4255f59d7f21b72b17d
• vsphere-csi-driver git e310f4d3 sha256:6668987c875133f99e19bd5bdb583eb4073a5bcd5fed7a985aacc25e1af24799
• vsphere-csi-driver-syncer git e310f4d3 sha256:9875635ec57d8b420ff1e96729cb2bbf4c08896707dcd8a874571b1c5f445b17

alibaba-cloud-csi-driver

• Bug 2076671: 4.10: Add a parameter to the schema to automatically increase volume sizes #14
• Full changelog

alibaba-disk-csi-driver-operator

• Bug 2076671: Auto increase volume size to 20 GiB in the default storage class #28
• Full changelog

alibaba-machine-controllers

• Updating ose-alibaba-machine-controllers images to be consistent with ART #23
• Full changelog

aws-ebs-csi-driver

• OCPBUGS-1804: UPSTREAM: 1398: Add resolver to handle custom endpoints #210
• Full changelog

aws-ebs-csi-driver-operator

• Bug 2077894: Set custom endpoint environment variable if available #154
• Full changelog

aws-machine-controllers

• Bug 2117557: Fix panic when accessing nil machine annotations map #50
• Bug 2109124: Validate unknown regions using AWS API #48
• Bug 2083270: Custom DHCP Option Set: empty domain-name is a valid custom domain #37
• Full changelog

azure-cloud-controller-manager, azure-cloud-node-manager

• bug OCPBUGS-2062: .dockerignore: enable OSBS2 builds #42
• Full changelog

azure-disk-csi-driver

• Bug 2118392: Update dd table 4.10 #31
• Full changelog

azure-disk-csi-driver-operator

• Bug 2105304: Increase pod startup timeout in e2e tests #52
• Bug 2097439: Only use credentials that are provided by the azure-inject-credential… #50
• Full changelog

azure-file-csi-driver

• OCPBUGS-2607: remove “replace” directive in go.mod #20
• Full changelog

azure-machine-controllers

• OCPBUGS-3165: Update azure instance types cache #38
• OCPBUGS-930: Ignore unknown Instance types in accelerated networking check #34
• Bug 2093275: update getAvailabilitySetName function #23
• Full changelog

baremetal-installer, installer, installer-artifacts

• OCPBUGS-2795: Bump gophercloud #6529
• Bug 2101014: Release 4.10 go getter update #6361
• OCPBUGS-1737: OpenStack: Lift validation for 14 chars cluster names #6420
• OCPBUGS-1936: bump RHCOS 4.10 bootimage metadata #6454
• Bug 2107154: Make azure baseDomainResoureGroup optional for private c… #6120
• Bug 2112914: Fix validation errors for instance type #6189
• Bug 2102363: Dynamic retrieval of GCP Regions for a Project #6059
• OCPBUGS-784: Download yq in upi installer containers #6285
• Bug 2111258: vsphere installconfig: use full dc path in network validation #6173
• OCPBUGS-249: Allow setting bootstrap kubelet ip #6231
• Bug 2095319: bump RHCOS 4.10 bootimage metadata #6095
• Bug 2099673: Collect whole journal and netstat data #6035
• Bug 2097753: Bootstrap timeout increase #6017
• Bug 2083632: Delete all the ports from tagged Neutron networks. #5882
• Bug 2077904: Fix empty string usage in ValidateForProvisioning #5835
• Bug 2045771: bump RHCOS 4.10 bootimage metadata #5932
• Bug 2083335: Set rc-manager=unmanaged for on-prem bootstrap #5876
• Bug 2084547: update azure arm templates to support customer provided vnet #5892
• Bug 2083327: [release-4.10] Add ‘ARG TAGS=“”’ line for each build step #5874
• Bug 2076613: [release-4.10] data/data/coreos/fcos.json: update initial FCOS to 35.20220327.3.0 #5820
• Bug 2079589: azurestack: stop pinning to Standard_LRS for disk type #5851
• Bug 2041765: Update BMO vendor #5705
• Bug 2077411: for vsphere ipi add cluster domain to the uploaded vm configs so that 30-local-dns-prepender can use it #5827
• Bug 2068948: Update region check for coreos AMIs #5752
• Bug 2072135: vsphere: Use Managed Object ID for networks instead of potentially duplicate name. #5773
• Bug 2062429: IBMCloud: Missing infra providertype #5693
• Bug 2065808: stop considering Mint mode as supported on Azure (#5699) #5717
• Bug 2064731: fix(ibmcloud): Properly match regex for DNS destroy #5711
• Full changelog

baremetal-machine-controllers

• Update OWNERS #179
• Bug 2099584: Update BMO vendor to v0.0.0-20211102102625-469cc9bf7fee #174
• Full changelog

baremetal-operator

• Bug 2047930: Move from Available to Preparing if HostFirmwareSettings changed #210
• Bug 2100996: Uplift kustomize to v4 to remove go-getter dependency #234
• Bug 2097695: Stop treating missing network as fatal error #230
• Full changelog

baremetal-runtimecfg

• Bug 2084187: Avoid kubernetes node port range #178
• Full changelog

cli, cli-artifacts, deployer, tools

• Bug 2015119: bump(k8s.io/kubectl) to pick up k/k#110764 #1270
• OCPBUGS-1788: oc adm logs: generate proper path for static pods #1246
• OCPBUGS-1638: Increase default value of cache TTL to 6 hours #1241
• Bug 2116526: oc adm inspect: check a resource exists before its inspection #1227
• Bug 2106158: remove klog format and update messages for docker config deprecation #1205
• Bug 2095584: Backport oc adm catalog mirror –continue-on-error flag #1170
• Bug 2084591: [inspect] Add namespace-scoped networking resources to inspect #1133
• Bug 2087248: Add the ReleaseAccepted condition to the oc adm upgrade command #1147
• Bug 2080151: Remove network CRDs scheme registration #1122
• Bug 2084429: Fix project command auto completion #1131
• Bug 2077332: pkg/cli/admin/upgrade: Use PATCH instead of POST for spec updates #1114
• Bug 2079325: Fix kubectl version to 1.23.0 #1117
• Bug 2068763: make sure that we check for resorces and files before picking the simplest path #1098
• Bug 2068474: expose –keep-startup flag for oc debug #1097
• Bug 2049427: Enhancing the output provided when backup collections are attempted #1056
• Bug 2060419: reuse SourceRepository.DetectAuth during argument classification for consistent interaction with private source repositories #1083
• Full changelog

cloud-credential-operator

• OCPBUGS-2802: Backport –credentials-requests-dir for ccoctl gcp delete. #507
• OCPBUGS-2884: Make ccoctl use regional STS endpoint by default #504
• OCPBUGS-2279: Add ccoctl support to create OIDC endpoint with private S3 bucket #501
• Bug 2107276: Make ccoctl work with credentials fetched from gcloud cli defaults #479
• Full changelog

cloud-network-config-controller

• OCPBUGS-2162: Add resolver to handle custom endpoints #67
• Bug 2075444: Get subnet information from subnet instead of from network addresses #40
• Bug 2076935: azure: default empty environment to AzurePublicCloud #37
• Bug 2062133: Fix Azure VNET lookup when the NIC’s subnet is in a different resource group #28
• Full changelog

cluster-authentication-operator

• Bug 2084054: only ever include certificates in the oauth-serving-cert CM #577
• Full changelog

cluster-autoscaler

• OCPBUGS-2546: UPSTREAM: <carry>: switched policy for PodDisruptionBudget from v1beta1 to v1 in time for 1.25 #245
• Bug 2105110: Have VPA ignore phantom containers named “POD” #236
• Full changelog

cluster-autoscaler-operator

• Bug 2069095: add leader election flags to autoscaler deployment #243
• Full changelog

cluster-baremetal-operator

• OCPBUGS-1517: [release-4.10] Fix a few papercuts #291
• Bug 2101002: Uplift kustomize and BMO to remove go-getter dependency #281
• Synchronize OWNERS from master #274
• Bug 2091738: Fix interpretation of Deployment Status Conditions #267
• Full changelog

cluster-cloud-controller-manager-operator

• Bug 2099499: Backport resourceapply changes for being able to recreate daemonsets/deployments #194
• Bug 2079791: Ensure release version is injected into all controller status clients #187
• Full changelog

cluster-config-operator

• Bug 2072739: [release-4.10] Bump openshift/api to a83e6f8f1d #247
• Full changelog

cluster-csi-snapshot-controller-operator

• Bug 2062197: Fix race when setting Progressing condition #115
• Full changelog

cluster-etcd-operator

• OCPBUGS-2920: update prometheus alerts #956
• OCPBUGS-2800: Add niceness to important etcd processes #953
• OCPBUGS-1758: fix cert rotation on IP changes #936
• Bug 2116624: etcd-metrics container is flooding logs #906
• OCPBUGS-200: Exits with a non-zero code in case Etcd backup fails #907
• Bug 2108176: Fix etcd minor upgrade backup #892
• Bug 2105249: Add etcd pod liveness and readiness probes #880
• Bug 2086451: fix races in etcdclient #828
• fixing unit test health flakes with tolerance #882
• Bug 2105148: fix degraded missing cluster version #878
• Bug 2102793: avoid extrapolation in leaderhip alert #870
• Bug 2095579: etcdHighNumberOfFailedGRPCRequests alerts with wrong results #850
• Bug 2101912: Upping defrag timeout to 1 minute #866
• Bug 2095114: cluster-backup.sh script has a conflict to use the ‘/etc/kubernetes/static-pod-certs’ folder if a custom API certificate is defined #848
• Bug 2010346: Add summary to etcd alert rules #825
• Bug 2088131: remove etcd_perf before restore #836
• Bug 2082312: Adding Thomas to reviewers, adding Allen to approvers #817
• Bug 2080554: manually disable defrag #809
• Bug 2079660: pkg/operator/upgradebackupcontroller: Pivot from Failing to ReleaseAccepted #806
• Bug 2055833: Increase IBMCloud VPC heartbeat timeout to 500ms and leader election timeout to 2500ms #794
• Bug 2059632: pkg/operator/metriccontroller/fsync_controller: Fix “treshold” -> “thresholds” typos #757
• Bug 2076773: Update owners to add new team members #793
• Bug 2059347: Fix FSyncController degraded latch #755
• Bug 2069825: turn on initial corruption check #771
• Full changelog

cluster-image-registry-operator

• Bug 2110957: Add progressing condition for node-ca daemon set #791
• OCPBUGS-2107: Enable enableHttpsTrafficOnly for Azure storage account #804
• Bug 2110957: Use actualDaemonSet for SetDaemonSetGeneration #799
• Bug 2115267: Disable dualstack when it is not available #794
• Bug 2110963: Bump aws-sdk-go to 1.44.4 #793
• Bug 2083242: IR-253: add prometheus rules for image registry operations metrics #786
• Bug 2083242: IR-120: Add prometheus rules for image stream tags rules #777
• Bug 2083242: IR-120: Implementing metrics for ImageStreams #775
• Bug 2084514: Fix cloudfront middleware configuration #780
• Bug 2083559: IBMCloud: Add admin permissions to CR #778
• Bug 2074050: Deployment annotations, runtimeClassName override and fs policy change #765
• Full changelog

cluster-ingress-operator

• BUG 2094051: Fix removing custom created service in openshift-ingress with same naming convention #820
• Bug 2079034: Add allowPrivilegeEscalation to the router container #748
• Bug 2097735: Fix loadBalancerServiceAnnotationsChanged check and update #784
• Bug 2100630: Fix flakey logic in haproxy timeout tests #792
• Bug 2082161: Delete LoadBalancer-type service finalizer logic #755
• BUG 2063283: Disable keepalive for canary probe #719
• Bug 2059210: Set Upgradeable=False if default cert has no SAN #710
• Full changelog

cluster-kube-apiserver-operator

• OCPBUGS-2202: [release-4.10] Wire support for trusted service account issuers #1387
• Bug 2060058: superfluous apirequestcount entries in audit log #1327
• Bug 2071030: OCP 4.10 should be firing APIRemovedInNextEUSReleaseInUse for APIs removed in 1.25 #1335
• Full changelog

cluster-kube-controller-manager-operator

• OCPBUGS-466: PodDisruptionBudgetAtLimit should not alert when no app/pods exist #648
• Bug 2116983: e2e: Fix test pod disruption budget at limit alert #646
• Bug 2114587: add runbook urls to KCM-o alerts #645
• Full changelog

cluster-kube-scheduler-operator

• Bug 2089336: Fix bootstrap leader election config #429
• Full changelog

cluster-kube-storage-version-migrator-operator

• Updating ose-cluster-kube-storage-version-migrator-operator images to be consistent with ART #65
• Full changelog

cluster-machine-approver

• Updating ose-cluster-machine-approver images to be consistent with ART #168
• Bug 2072928: Reconcile recently approved CSRs by other controllers #162
• Full changelog

cluster-monitoring-operator

• OCPBUGS-2037: Bump Thanos to 0.23.2 #1811
• OCPBUGS-450: jsonnet: bump dependencies #1802
• OCPBUGS-1446: [release-4.10] Use service ca beta annotation #1778
• OCPBUGS-1676: Dedicated kubelet ServiceMonitor for prometheus-adapter #1777
• OCPBUGS-924: increase alertmanager’s startupProbe failure threshold #1760
• OCPBUGS-579: Give precedence to CMO config map proxy config #1751
• Bug 2118303: Adds UWM extrenalLabels from Prometheus to ThanosRuler labels #1742
• Bug 2099526: Updates jsonnet dependencies, prom-adapter #1715
• Bug 2098505: Backport PR#1692 to release-4.10 #1695
• Bug 2083242: IR-254: Collecting registry and image stream usage #1694
• Bug 2089806: Refactors CreateRouteIfNotExists to CreateOrUpdateRoute #1677
• Bug 2090422: pkg/manifest: Allow retention to be configurable for Thanos-Ruler in UWM #1678
• Bug 2090602: Federation for UWM metrics #1657
• Bug 2083460: Set timeout across Grafana components #1654
• Bug 2077722: Adjust NodeFilesystemSpaceFillingUp thresholds according default kubelet GC behavior #1665
• Bug 2075757: UWM: add SAR capabilities to prometheus cluster role #1653
• Bug 2075757: use bearer token as fall-back authn method #1641
• Bug 2062452: React to changes in clusteroperators #1585
• Bug 2060756: Properly deal with an empty console URL #1582
• Full changelog

cluster-network-operator

• Bug 2111588: Enable OVS metrics for ovnk #1599
• OCPBUGS-1538: Make northd probe interval default to 10 seconds #1563
• Bug OCPBUGS-942: Kuryr: Bump timeoutSeconds for livenessProbe #1550
• Bug 2095111: ovn: fix northd preStop command handling #1477
• Bug 2083266: Limit Kuryr pods permissions #1435
• Bug 2077384: Bump max value of hist quantile for kuryr_cni_request_duration #1388
• Bug 2084591: Cleanup CNO relatedObjects #1467
• Bug 2085510: OCPVE-106 Customize rollout strategy to fix SNO upgrade #1445
• Bug 2078501: [release-4.10] Drop Node update permission for sdn-node #1410
• Bug 2058508: Add rolling update strategy for Kuryr-CNI. #1321
• Bug 2083593: Add default-route field to egress-router k8s.v1.cni.cncf.io/networks #1436
• Bug 2079031: Make the use of the ip-reconciler cronjob opt-in by detecting IPAM type usage [backport 4.10] #1398
• Bug 2081149: Reserve port TCP/9104 for cluster-network-operator #1418
• Adds dougbtv to owners [release-4.10] #1401
• Bug 2058672: ip-reconciler cronjob specification requires hostnetwork, api-int lb usage & proper backoff [backport 4.10] #1322
• Bug 2057961: Do not apply OVN-Kubernetes PodDisruptionBudget on single-node clusters #1317
• Full changelog

cluster-node-tuning-operator

• Switch to OS-shipped stalld (#490) #490
• e2e: check for tsc=reliable instead of tsc=nowatchdog (#428) #428
• Ignore Profile updates triggered by old operands (#357) #357
• Full changelog

cluster-openshift-apiserver-operator

• [release 4.10] Bug 2109235: openshift-apiserver pods never going NotReady #501
• Full changelog

cluster-samples-operator

• OCPBUGS-2132: openshift template cakephp-mysql-persistent apiVersion for 4.10 #466
• Full changelog

cluster-storage-operator

• OCPBUGS-691: [release-4.10] correct sc error messages for ibm and alibaba platforms #314
• OCPBUGS-286: HTTPS_PROXY ENV missing in some CSI driver operators #311
• Bug 2098655: gcp cluster rollback fails due to storage failure #300
• Bug 2102242: Add missing ibm cloud annotations to prometheus rbac #293
• Bug 2072191: cluster storage operator AWS credentialsrequest lacks KMS privileges #268
• Full changelog

cluster-update-keys

• Updating ose-cluster-update-keys images to be consistent with ART #41
• Full changelog

cluster-version-operator

• OCPBUGS-233: pkg/cvo/updatepayload: Set ‘readOnlyRootFilesystem: false’ #824
• OCPBUGS-235: pkg/clusterconditions/promql: Cap PromQL queries at 5 minutes #825
• Bug 2108292: pkg/cvo: retain initial completed update history entry #798
• Bug 2094078: pkg/cvo/updatepayload: Guard against ‘rm -fR -whatever’ with ./* #787
• Bug 2090150: pkg/cvo/sync_worker.go: Save overrides #782
• Bug 2083370: Do not save desired update on load failures #776
• Bug 2080058: pkg/cvo/updatepayload: Prune previous payload downloads #769
• Bug 2071211: lib/resourcebuilder/batch: Stop waiting on Job deadline exceeded #764
• Bug 2064991: pkg/cvo: Separate payload load from payload apply #753
• Bug 2052839: pkg/cvo/sync_worker: Use current state, not suggested state, for guarding Initializing->Updating #738
• Full changelog

console

• OCPBUGS-2781: Fix broken advanced options layout on the add page #12204
• OCPBUGS-3161: ‘CatalogSource not found’ in the virtualization #12202
• Bug 2072792: Fetch common templates in a different namespace #12163
• Bug 2071517: Fix swap usage queries for Top Consumers card in virtualization Overview page #12172
• Bug 2090127: Remove nodeSelectorTerms if not defined #12161
• Bug 2052469: Filter template list for boot source available #12164
• OCPBUGS-2583: attach owner reference to resources created on creating a user to allow garbage collection #12189
• OCPBUGS-2894: UI crash when storage class had missing annotation #12220
• OCPBUGS-1696: Handle missing BMH for Node gracefully #12129
• OCPBUGS-1465: mock call to /api/devfile in e2e #12062
• OCPBUGS-2622: Use local test data to mock a devfile registry #12194
• OCPBUGS-2523: updates test id for 3scale #12184
• Bug 2072790: Regression “Create VM” #12160
• OCPBUGS-938: do not show NodesUpdateGroup if there are 0 nodes #12061
• Bug 2090127: CNV 20527: Enable boot source select for vm template #12082
• Bug 2094074: Remove error on user template with DS #12092
• Bug 2054917: Fix template example yaml #12091
• Bug 2072790: Select template using also queryParams #12090
• OCPBUGS-1759: Show already loaded catalog items after a timeout (3sec) #12106
• OCPBUGS-403: fix broken update server link #11974
• OCPBUGS-1815: fetch shared resource imagestreams based on labels instance or name #12110
• Bug 2107898: Access mode and volume mode with sourceRef will now be taken from default storageclass #11907
• OCPBUGS-1828: Fix devfile registry assertion #12112
• OCPBUGS-1634: Update registry library dependency to pick up proxy support #12040
• Bug 2080389: Link to documentation from the overview page goes to a missing link #11909
• OCPBUGS-382: [OSD] ClusterVersion YAML editor should be read only #11922
• OCPBUGS-550: Input values in Instantiate Template are disappeared randomly in the developer console #11983
• Bug 2077142: Fix Web Terminal availability check to verify operator is installed #11374
• Bug 2117642: Backport CI test fix to relase 4.10 #11966
• Bug 2117351: fix helm readme bug #11950
• Revert “Bug 2100103: Can’t delete rootdisk in customization wizard” #11932
• Bug 2114833: Use hostname from provided git url when making git api calls #11924
• Bug 2111335: Cannot edit ssh even vm is stopped #11886
• Bug 2101412: fix bug where Cluster update modal errors weren’t displa… #11765
• Bug 2112910: Fix search redirect #11914
• Bug 2100103: Can’t delete rootdisk in customization wizard #11887
• Bug 2052444: Unstar RHEL 7 template #11885
• Bug 2110536: add z-index to ocs-drawer to make box-shadow visible #11873
• Bug 2110938: VM list page crashed #11879
• Bug 2063153: Use link to the downstream doc for Sysprep info #11772
• Bug 2108193: update icons for eventSource and eventSink #11847
• Bug 2053703: Handle blank usernames in error message #11045
• Bug 2109225: Remove modelsLoaded conditional rendering from ModelStatusBox #11857
• Bug 2106385: Fix CronJob resource version to batch/v1 #11820
• Bug 2106385: redirect v1beta1 CronJobs #11819
• Bug 2095217: VM SSH command generated by UI points at api VIP #11779
• [release 4.10] Bug 2094584: Cant create vm with sysprep #11775
• Bug 2100974: Restore spacing between/below modal body content #11763
• Bug 2092832: Check if spec is available in MCP details page #11629
• Bug 2084629: Add params prop to HorizontalNav component #11488
• Bug 2100330: disable upload for sourceRef templates #11774
• Bug 2104889: Fix topology sidebar update issues #11798
• Bug 2052416: fix offensive vm names #11778
• Bug 2094194: fix bug where log stream pauses in Chrome #11654
• Bug 2100345: fix clone vm error creating DV #11770
• Bug 2097338: Filter virtualization alerts in status card #11715
• Bug 2094215: Pass contextSource to TopologyApplicationActionProvider #11656
• Bug 2099600: Topology toolbars are unaligned to other toolbars #11703
• Bug 2095637: Disable update channel validation as well #11753
• Bug 2078699: Display disk size in correct units #11746
• Bug 2099527: Bug fix context menu position on topology #11735
• Bug 2078699: Display disk size in GiB in VM customize wizard #11733
• Bug 2079985: use the correct Alertmanager tenancy proxy #11418
• Bug 2094348: Display only running VMs in Virtualization Overview chart #11659
• Bug 2095217: Fix SSH command string #11679
• Bug 2062980: fixes uri case for event sink #11175
• Bug 2092496: [release-4.10] Added vault_tenants_sa to the list of supported providers #11584
• Bug 2094863: fix web terminal start #11672
• Bug 2094211: Change Ping source spec.jsonData (deprecated) field to spec.data #11655
• Bug 2090750: Handle medik8s node maintenance #11581
• Bug 2091482: change metrics queries based on metrics level configurations #11595
• Bug 2089589: add debounce to tektonhub versions api call to avoid many calls #11552
• Bug 2092140: Avoid using ‘gp2’ hardcoded storage class #11618
• Bug 2089315: fix rolebinding in DevConsole dropping all subjects when updating #11545
• Bug 2095637: Fix failing backend test after devfile registry update #11710
• Bug 2094001: Add high priority alerts to overview #11647
• Bug 2092168: Add ‘Unavailable’ status to clusteroperator status filter #11619
• Bug 2088210: Monitoring: Fix first panel sometimes not rendered #11528
• Bug 2090124: Removing SSH service selectors to minimum required #11565
• Bug 2081946: Fix default branch param in pipeline import from git flow #11442
• Bug 2091402: cloud-init User check for Windows VM refuses to accept capitalized #11592
• Bug 2084430: fixes apiversion for k8s svc and resource selection for sink for form yaml switcher #11482
• Bug 2087065: show Limit exceeded state for large number of nodes in topology #11506
• Bug 2050273: Update MON_DISK_LOW whitelisted alert documentation URL #11411
• Bug 2089162: Change learn more link in virtualization -> migration tool #11541
• Bug 2089547: Eliminate use of lookaside cache and move to Cachito #11551
• Bug 2088430: Set dashboards timeout based on selected timespan #11532
• Bug 2084091: MCG standalone deployment page goes blank when the KMS option is enabled #11479
• Bug 2088247: Different status shows on VM list page and details page #11538
• Bug 2087041: back port conditional updates #11487
• Bug 2088281: Attached disk keeps in loading status when add disk to a power off VM by non-privileged user #11530
• Bug 2088246: Overview page crash if no labels available #11525
• Bug 2051433: [release-4.10] Create HANA VM does not use values from customized HANA templates #11011
• Bug 2088255: Adding missing annotations to create VM from YAML #11527
• Bug 2088019: The default YAML on vm wizard is not latest #11522
• Bug 2083729: Fix Filter Dropdown State Management #11471
• Bug 2084489: Create VM from template that has sourceRef - will now reflect sourceRef at yaml #11485
• Bug 2076989: Fix ResourceQuota dashboard card and ACRQ donut label #11367
• Bug 2083385: fix bug where “Update blocked” label incorrectly displa… #11466
• Bug 2076370: fix CRD name filter #11356
• Bug 2083551: customize wizard is crashed #11469
• Bug 2076275: Update and scope our breadcrumb padding rule so it doesn’t effect a pure implementation #11365
• Bug 2076777: add update mode to Update cluster #11364
• Bug 2074163: remove .pf-c-button.pf-m-link override #11315
• Bug 2071904: Translate Extensions On Each Language Change #11348
• Bug 2078385: Remove reference to deprecated v2v-vmware ConfigMap #11387
• Bug 2076369: fix bug where ClusterRole > RoleBindings did not display… #11354
• Bug 2073477: Add IBM Flashsystem volume types #11308
• Bug 2077641: Improve Firehose cache, so that it does not return unexpected data also if isList differs on two concurrent calls #11382
• Bug 2065008: add a hardcoded blog link as fallback in guided tours #11193
• Bug 2074571: fix bug where Cluster Settings shows 0 of N, 0% progres… #11319
• Bug 2073023: Fix WebSockets not reconnecting during upgrade #11302
• Bug 2072839: fix bug where RoleBindings are not displaying in ClusterRole > RoleBindings #11297
• Bug 2069246: Fixed the render of a Tab Extension when there is a version present #11242
• Bug 2076221: Fix failing TestGetRegistrySamples test #11351
• Bug 2057218: Added support for customized wizard - new templates #11341
• Bug 2069959: Update getting started blog link #11255
• Bug 2074895: Display correct disk size in Edit disk modal #11329
• Bug 2061250: Update ConsolePlugin manifest #11267
• Bug 2072440: avoid pre-fetching tekton hub task versions in pipeline builder #11290
• Bug 2067719: correct ChannelDocLink url #11225
• Bug 2069913: Fix disabling community tasks in pipeline builder issue #11253
• Bug 2059186: Don’t pass Authorization header when not needed #11108
• Bug 2048892: Add empty state to running VMs card #10986
• Bug 2054949: Disabling Vault SA based auth for storage class encryption #11064
• Bug 2049762: Cannot change storage class of boot disk when creating VM #10994
• Bug 2054650: Allow custom template namespace #11057
• Bug 2067983: Pipeline metrics: use prometheus-tenancy API to get data #11226
• Bug 2065480: Fix VolumeSnapshot creation sort #11196
• Bug 2064988: [Tekton Hub] show read more link in the task quick search details pane #11192
• Bug 2057507: Decode secrets before authorizing repository #11094
• Bug 2052414: Add started-by annotation to pipelines created with “Start last run” #11015
• Bug 2059807: Show standalone resources as sink and not the one’s owned by other resource #11119
• Bug 2065672: Fix alert from showing an object #11200
• Bug 2060090: updates versions for kafka and kafkaTopic #11127
• Bug 2059989: Fix to add labels to webhook secrets created during import #11125
• Bug 2056512: fix ClusterOperator Status, Version col sorts #11084
• Bug 2064510: Change the tekton hub api endpoint to use v1 api #11186
• Full changelog

console-operator

• Bug 2106944: InfrastructureTopology must be driving console affinity rule creation #664
• Bug 2078912: Modify the operator display name to match it with the name displayed in operatorhub #651
• Bug 2076453: Console operator should not block installation/upgrade process when set to Removed state #649
• Bug 2059992: Re-enable TestMetricsEndpoint e2e test case #646
• Bug 2054535: ODF quickstart permissions check #637
• Bug 2054199: Dockerfile.rhel7: add new Helm CRD, ProjectHelmChartRepository #636
• Full changelog

container-networking-plugins

• Bug 2103175: Sysctl IFNAME [backport 4.10] #63
• Full changelog

csi-driver-manila-operator

• Bug 2091649: SWEET32: Improve TLS configuration for Kube RBAC Proxy #150
• Full changelog

docker-builder

• OCPBUGS-205: Add support for BUILDAH_QUIET environment variable #310
• Full changelog

docker-registry

• OCPBUGS-920: Keep OCI image configs when hard prune #344
• Bug 2110963: Bump aws-sdk-go to 1.44.4 #340
• Bug 2099416: Support authentication using gcp workload identity federation #336
• Bug 2085414: forward http.StatusTooManyRequests to client #332
• Bug 2069807: Bug 2060362: Revert “Support authentication using gcp workload identity federation” #321
• Bug 2061785: Fix ICSP for subrepositories #318
• Full changelog

etcd

• OCPBUGS-2142: Rebase openshift/etcd 4.10 onto 3.5.5 #156
• Update OWNERS #123
• Bug 2077498: Merge Upstream etcd 3.5.3 into Openshift 4.10 #118
• fix the flaky test TestV3AuthRestartMember #14454
• server: don’t panic in readonly serializable txn #14178
• etcdctl: allow move-leader to connect to multiple endpoints #14434
• testing: fix TestOpenWithMaxIndex cleanup #14440
• server/etcdmain: add build support for Apple M1 #14436
• server,test: refresh cache on each NewAuthStore #14409
• Fix corruption checks v3.5 #14282
• Move consistent_index forward when executing alarmList operation #14429
• fix the potential data loss for clusters with only one member #14424
• Backport of pull/14354 to release-3.5 #14397
• Refactor the keepAliveListener and keepAliveConn #14366
• clientv3: close streams after use in lessor keepAliveOnce method #14361
• etcdserver: bump OpenTelemetry to 1.0.1 and gRPC to 1.41.0 #14312
• Change default sampling rate from 100% to 0% #14318
• server/auth: protect rangePermCache with a RW lock #14227
• clientv3: Fix parsing of ETCD_CLIENT_DEBUG #14222
• Support configuring MaxConcurrentStreams for http2 #14219
• Automated cherry pick of #14182 #14187
• client/v3: do not overwrite authTokenBundle on dial #14132
• Restrict the max size of each WAL entry to the remaining size of the WAL file #14127
• Backport two lease related bug fixes to 3.5 #14087
• scripts: Avoid additional repo clone #14050
• Test release scripts #14043
• [backport 3.5]: server/auth: enable tokenProvider if recoved store enables auth #13205
• Update golang.org/x/crypto to latest #13996
• Update consitent_index when applying fails #13946
• Revert #13714 #13950
• PR 13923 to release-3.5 #13938
• Dockerfile*: Switch baseimage to k8s hosted one #13862
• Set backend to cindex before recovering the lessor in applySnapshot #13933
• Support linearizable renew lease #13932
• clientv3: filter learners members during autosync #13917
• etcdserver: upgrade the golang.org/x/crypto dependency #13669
• Fix the data inconsistency issue by adding a txPostLockHook into the backend #13908
• server: Save consistency index and term to backend even when they decrease #13904
• go.mod: Upgrade to prometheus/client_golang v1.11.1 #13895
• server: Add verification of whether lock was called within out outsid… #13887
• Fix inconsistent log format #13866
• Makefile: Fix wrong target #13858
• Update go to 1.16.15 #13832
• Fix offline defrag in etcdctl #13792
• backport 3.5: #13676 load all leases from backend #13726
• server/storage/backend: restore original bolt db options after defrag #13701
• Always print raft term in decimal when displaying member list in json #13727
• *: fix IsOptsWithFromKey #13736
• enhance health check endpoint to support serializable request #13706
• Trim the suffix dot from the srv.Target for etcd-client DNS lookup #13714
• Update dep: gopkg.in/yaml.v2 v2.2.8 -> v2.4.0 due to: CVE-2019-11254 [release 3.5] #13616
• Backport watchablestore runlock bug fix to release-3.5 #13541
• Set the backend again after recovering v3 backend from snapshot #13501
• Backport Lease Checkpoints fix to release-3.5 #13515
• Backport PR 13308 to release-3.5 #13477
• cherry-pick to 3.5 from #13467 exclude the same alarm type activated by multiple peers #13476
• storage/backend: Add a gauge to indicate if defrag is active (backport) #13395
• Dockerfile: bump debian bullseye-20210927 #13380
• Cherry pick “Fix http2 authority header in single endpoint scenario” to release-3.5 #13375
• Fix for v3.5 Ensure that cluster members stored in v2store and backend are in sync #13348
• Stop using tip golang version in CI #13349
• [backport 3.5]: Automated cherry pick of #13145 #13237 #13257
• Full changelog

gcp-pd-csi-driver-operator

• Bug 2098655: gcp cluster rollback fails due to storage failure #49
• Full changelog

haproxy-router

• Bug 2098230: Fix gap in router’s handling of graceful shutdowns. #406
• Bug 2096362: HAProxy: enable PROXY protocol for all listeners #405
• Bug 2076371: generateRouteHostRegexp: Escape blanks #385
• Full changelog

hyperkube, pod

• UPSTREAM: <carry>: Wait for default service account in node authorizer test #1398
• Bug 2101326: bump to k8s 1.23.12 #1382
• Automated cherry pick of #112299: Reduce default gzip compression level from 4 to 1 in #112400
• Automated cherry pick of #112526: Limit redirect proxy handling to redirected responses #112529
• Automated cherry pick of #112508: kubeadm: allow RSA and ECDSA format keys in preflight check #112536
• Automated cherry pick of #111205: Fix problem in updating VolumeAttached in node status #112303
• Automated cherry pick of #112193: Add an option for aggregator #112358
• Automated cherry pick of #112017: exec auth: support TLS config caching #112338
• Automated cherry pick of #110951: fix nestedPendingOperations mount and umount parallel bug #112102
• Automated cherry pick of #110179: Prune defaults for CRD serving #110578
• Automated cherry pick of #111009: Windows: ensure runAsNonRoot does case-insensitive comparison #112212
• Automated cherry pick of #111999: fix error type #112140
• Automated cherry pick of #107025: Remove AttachID matching from Detach #111952
• Automated cherry pick of #112183: Tolerate sub-microsecond eventTime changes on update #112188
• Automated cherry pick of #112150: Improve kubectl display of invalid errors #112156
• Automated cherry pick of #108146: Fixing logic for kubelet permissions check on windows #111079
• Automated cherry pick of #111773: fix a memory leak problem when calling DryRunPreemption #111804
• Automated cherry pick of #111235: fix a possible panic because of taking the address of nil #111273
• Automated cherry pick of #110140: Fixing issue in generatePodSandboxWindowsConfig for #110965
• Automated cherry pick of #108593: tests: Updates the should delete a collection of pods test #109789
• Automated cherry pick of #111141: Fix kubelet panic when accessing metrics/resource endpoint #111164
• Automated cherry pick of #110075: Add retry logic for Unix Domain sockets on Windows #110934
• Automated cherry pick of #111477: Share a single etcd3 client logger across all clients #111649
• Automated cherry pick of #111721: Fix deleting UIDs tracking expectations #111723
• Automated cherry pick of #110813: Ensure the dir of –audit-log-path exists #111226
• Automated cherry pick of #111646: Fix JobTrackingWithFinalizers when a pod succeeds after the #111665
• Update Go to 1.17.13 #111640
• Update Go to 1.17.12 #111465
• kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join #111022
• Automated cherry pick of #111026: Do not skip job requeue in conflict error #111038
• [release-1.23 cherrypick] Bump cAdvisor to v0.43.1 #111013
• Hotfix: filter out unsatisfied nodes when calling AddPod in PodTopologySpread #110853
• Cherry pick of #110294 GIT-110239: fix activeDeadlineSeconds enforcement bug #110545
• Automated cherry pick of #107631: Avoid updating Services with stale specs Fix the bug that #109358
• Automated cherry pick of #110523: fix image pulling failure when IMDS is unavailalbe in kubelet #110555
• Automated cherry pick of #110791: kubeadm: fix the bug that configurable KubernetesVersion not #110909
• Automated cherry pick of #110408: apiserver: printers should use int64 #110602
• Automated cherry pick of #110469: add missing error handling steps #110577
• Automated cherry pick of #109124: Winkernel proxier cache HNS data to improve syncProxyRules #110702
• Automated cherry pick of #110652: fix: –chunk-size with selector returns missing result #110757
• Automated cherry pick of #108284: fix: exclude non-ready nodes and deleted nodes from azure #109932
• Revert “Automated cherry pick of #109124: Winkernel proxier cache HNS data to improve syncProxyRules” #110585
• Automated cherry pick of #108078: Skip updating Endpoints and EndpointSlice if no relevant #108879
• Automated cherry pick of #109624: Ignore EndpointSlices that are already marked for deletion #110483
• Automated cherry pick of #110256: kubelet: Mark ready condition as false explicitly for terminal pods #110480
• Automated cherry pick of #110145: fix audit union loop variables in closures #110275
• Automated cherry pick of #109124: Winkernel proxier cache HNS data to improve syncProxyRules #109981
• ipvs: fix prevent concurrent map read and map write for 1.23 #110322
• Automated cherry pick of #109987: Fix resizing of ephemeral volumes #110118
• Automated cherry pick of #110191: kubelet: Pod probes should be handled by pod worker #110417
• Update Go to 1.17.11 #110423
• Automated cherry pick of #107402: Reject proxy requests to 0.0.0.0 as well #110361
• Automated cherry pick of #110255: Endpoints and EndpointSlices should not publish IPs for terminal pods #110259
• Automated cherry pick of #109103: cpu manager policy set to none, no one remove container id #109156
• Backport of #106539: Replace url label in rest client latency metrics by host and path #109699
• Automated cherry pick of #110009: Fix requests scope classification #110091
• Automated cherry pick of #109969: authn: fix cache mutation by AuthenticatedGroupAdder #110005
• Automated cherry pick of #109858: GCE: skip updating and deleting external loadbalancers if #110002
• Automated cherry pick of #109947: Wait for cache to sync in job’s TestWatchOrphanPods #109980
• Update Go to 1.17.10 #110045
• Automated cherry pick of #109836: Fix OpenAPI loading error caused by empty APIService #109867
• Disable JobTrackingWithFinalizers due to unresolved bug #109491
• Automated cherry pick of #108107: kubelet apiserver: be gentle closing connections on #109381
• Automated cherry pick of #109486: Integration test for backoff limit and finalizers #109788
• Automated cherry pick of #108613: Fix a bug that out-of-tree plugin is misplaced when using #108890
• Automated cherry pick of #108429: Allow KUBE_TEST_REPO_LIST to be a remote url as well #109512
• Automated cherry pick of #108553: fix: race detected in TestErrConnKilled #109257
• Automated cherry pick of #106969: kubectl: fix hard-coded value in zsh completion #109235
• Automated cherry pick of #109074: kubeadm: add etcd flag for member data consistency #109075
• Automated cherry pick of #109442: Correct event registration for multiple scheduler plugins. #109446
• Automated cherry pick of #108496: iptables: remove port opener #108885
• Automated cherry pick of #108000: azure_file: add namespace tests for InTree to CSI #108600
• Update Go to 1.17.9 #109462
• Automated cherry pick of #109188 upstream release 1.23 #109216
• Automated cherry pick of #108752: Fix: Clean job tracking finalizer from orphan pods #109020
• Automated cherry pick of #109245: Fix: abort nominating a pod that was already scheduled to a #109246
• Fix non-enum CSR condition field, omit enums from static openapi snapshot #109179
• Adjust tests to pass for both client-side and server-side validation #109041
• Automated cherry pick of #108639: unmark non-validated types as enums. #108740
• Cherry pick 108772 #108791
• Automated cherry pick of #109137 upstream release 1.23 #109159
• Automated cherry pick of #107845: kubelet: If the container status is created, we are waiting #108882
• Automated cherry pick of #108455: Copy request in timeout handler #109015
• Automated cherry pick of #108928: kube-up: use registry.k8s.io for containerd-related jobs #108943
• Automated cherry pick of #107763: e2e: Wait for kube-root-ca.crt to be created #108860
• Move kubelet secret and configmap manager calls to sync_Pod functions #108756
• Automated cherry pick of #108366 (release-1.23): Delay writing a terminal phase until the pod is terminated #108723
• OCPBUGS-1266: UPSTREAM: <carry>: Remove reserved CPUs from default set #1362
• Bug 2106414: UPSTREAM: 109103: cpu/memory manager containerMap memory leak #1318
• Bug 2103381: UPSTREAM: <carry>: update list of deprecated apis #1306
• Bug 2104928: UPSTREAM: 109932: fix: exclude non-ready nodes and deleted nodes from azure load balancers #1263
• Bug 2067464: Backport 107821 and 107831 #1241
• Bug 2075831: UPSTREAM: 109487: Disable JobTrackingWithFinalizers due to unresolved… #1244
• Bug 2074094: UPSTREAM: <carry>: An APIRequestCount without dots in the name can cause a panic #1237
• Bug 2069311: UPSTREAM: <carry>: use hardcoded rest mapper from library-go #1231
• Bug 2065774: Backport 108723 OutofCpu Fixes #1221
• Bug 2065620: Rebase 1.23.5 #1220
• Automated cherry pick of #108631: Remove apf_fd from httplog #108634
• Update Go to 1.17.8 #108559
• Bump konnectivity-client@v0.0.30 #108438
• Automated cherry pick of #107131: Fix default config flags #108401
• Automated cherry pick of #108410: fix dryrun when ca file exists #108469
• Automated cherry pick of #107121: fix regression introduced by PR 100320 #108465
• Automated cherry pick of #107764: wrap error from RunCordonOrUncordon #107938
• Automated cherry pick of #107413: kube-proxy: fix duplicate port opening #108294
• Automated cherry pick of #107997: cronjob_controllerv2: do not filter jobs to be reconciled by #108306
• Automated cherry pick of #108209: increase Azure ACR credential provider timeout #108226
• Automated cherry pick of #108149: fix: do not return early in the node informer when there is #108177
• Automated cherry pick of #108167: Fix nodes volumesAttached status not updated #108461
• Automated cherry pick of #108002: kubeadm: fix the bug that ‘kubeadm init –dry-run #108120
• test/e2e/framework: include the new control plane taint for “–non-blocking-taints” #108336
• /test/e2e_kubeadm: adjust label / taint checks for 1.23 #108170
• Automated cherry pick of #108127: test/e2e_kubeadm: fix matching UnversionedKubeletConfigMap #108128
• Automated cherry pick of #107900: Add an e2e test for updating a static pod while it #107931
• Automated cherry pick of #108198: Updating EndpointSlice strategy to retain node name in #108201
• Automated cherry pick of #108138: Revert v1beta1 PodDisruptionBudget select patchStrategy #108139
• Automated cherry pick of #107670: Ignore container notfound error while getPodstatuses #108164
• Automated cherry pick of #107789: Mark device as uncertain if unmount device succeeds #107791
• Update Go to 1.17.7 #108100
• Automated cherry pick of #107575: fix: azurefile volumeid conflict in csi migration #107850
• Automated cherry pick of #106715: set secondary address on host-network pods #107988
• Automated cherry pick of #107970: Make JSON schema round tripping test more strict #108030
• Automated cherry pick of #107956: Deeply copy JSONSchemaProps.XValidations. #107968
• Automated cherry pick of #107786: Revert “Fix comparison between FQDN and hostname” #107902
• Automated cherry pick of #107847: service REST: Call Decorator(old) on update path #107875
• Automated cherry pick of #106280: Set max results if its not set #107651
• Automated cherry pick of #107695: kubelet: fix podstatus not containing pod full name #107761
• Full changelog

hypershift

• Use non-strict mode when parsing global config #1619
• adopt existing immutable selectors to prevent errors reconciling components from roks toolkit clusters #1571
• cache registry files #1567
• feat(oauth): allow challenge override for OpenID #1543
• Add fallback set cache value from old token #1531
• Set Recommended Leader Election Values #1507
• feat(cpo): Support disable profiling annotation #1501
• Use ImagePullPolicyIfNotPresent for HO #1483
• Updated secret permissions to conform to kubernetes CIS benchmark #1480
• Ensure that everything uses imagePullPolicy IfNotPResent for resiliency #1475
• Add missing control plane prometheus rules #1471
• Ensure cache is set during token rotation before reconciling #1461
• Fix(cpo): Propagate TLS security profile config to kube-controller-manager and kube-scheduler #1416
• feat(cpo): adhere to upgrade order from kube version skew policy #1410
• Set shutdown params to improve graceful shutdown #1387
• fix(cpo): Scope down secrets access for olm collect profiles cj #1378
• move to ga apis for all components now that management clusters at minimum release boundary #1361
• configure cipher suites to prevent using medium strength ssl ciphers #1359
• Use apiserver host/port from InfraStatus in reconciling Kube API Server #1333
• Ignition server: Actually use workdir #1317
• Use forked processes instead of pods to generate ignition payload #1311
• disable reconcile of registry config in IBMCloud deployments #1309
• feat(cpo): Disable PodSecurity for 4.10 #1289
• Disable PodSecurity admission in 4.11 as it breaks conformance #1286
• Expose a service account signing key in the API #1265
• release-4.10 - Create valid route names with long namespace names #1252
• Fast-Forward from main #1233
• e2e: Don’t enable user workload monitoring on management clusters #1231
• Fix priority class for olm cronjob and verify priorityclasses in e2e #1226
• e2e: Don’t fail test on transient recoverable API lookup #1230
• Hypershift operator: Give a priority that is higher than any controlplane component #1229
• Get autoscaler/machine-approver images from the payload #1090
• Document KubeVirt Platform Ingress Setup #1213
• AntiAffinity rules to spread KubeVirt VMs across mgmt nodes #1218
• Retry EIP tagging failures during infra creation #1219
• Fix CPO to work with 4.11 #1217
• read apiserver-network-proxy image from ocp payload #1215
• Add support for AdditionalTrustBundle #972
• docs for DNS indirection #1208
• docs: Upgrade mkdocs/material to fix Netlify breakages #1212
• Dump: Always create an archive #1204
• Update staticcheck to a version that works with go 1.18 #1207
• Unique OpenShift vxlan port for KubeVirt Platform #1206
• Registry configuration: reconcile only what we need to changes #1202
• enable external-dns registry #1198
• sync MaxConcurrentReconciles across all controllers #1199
• add external-dns flags to CI install make target #1163
• KAS: Set proxy, but exempt pod and service CIDR #1200
• HO: Don’t report NotFund for hostedcluster as error #1192
• Forward from main #1190
• Revert “PKI: Use ECDSA keys by default” #1195
• add required-api to availablity prober for OLM and HCCO #1193
• Trigger reconcile when paused time is up #1184
• Fix ko entries and update ignition-server dev docs #1191
• Converge helper binaries and ignition-server into CPO binary #1169
• KAS: Never set proxy #1187
• fix AWS HostedCluster fixture to set hostname in alignment with endpointAccess #1188
• Use patch instead of update when updating HCP status and finalizers #1186
• Introduce OIDCConfigurationInvalid condition for OIDC setup validation #1180
• e2e: adjust budgets #1183
• Fix OLM container restart flakes in CI #1185
• Make clusterID optional in HostedControlPlane clusterID #1179
• Hypershift-operator: Increase worker count #1181
• Forward from main #1178
• Add ClusterID to HostedCluster #1151
• Remove CAPI-provider-agent ClusterRole from hypershift Agent platform #1162
• Fix typo in how to pause reconciliation doc #1174
• Update release-4.10 branch with latest from main #1173
• Ensure that all control plane pods use the cluster’s pull secret #1172
• PKI: Use ECDSA keys by default #1167
• dev: specify a more useful ko base image #1165
• Unify hypershift install make targets #1171
• Run unitests with racedetector and -count=25 to detect flakes #1166
• Dump: Dump guest cluster nodes #1170
• Add proxy support #1157
• Resources: Improve runtime of test #1168
• ensure token minter, socks proxy, and availablity prober are versioned with the control plane operator to prevent large scale restarts on hypershift operator upgrades for IBM Cloud #1164
• add clusterid label to admin kubeconfig secret #1154
• Fix events message unit test flake #1161
• Switching KubeVirt platform’s default ingress to NodePort #1150
• Update release-4.10 branch with latest from main #1160
• e2e: support dns indirection #1149
• Surface cloud error conditions for HostedCluster resources #1135
• feat(cpo): Support OLM catalog placement #1139
• Allow overriding images at the hypershift operator level #1155
• Remove capi-provider-agent role from hypershift management #1153
• Restructure how-to docs to categorise per platform #1147
• Alow hypershift operator to grant RBAC permissions to the cpai-provider-agent #1152
• Enable DNS indirection to control plane endpoints #1145
• Forward from main #1148
• Validate that agent namespace exists #1138
• Agent: each hostedcluster provider should have it’s own role and role binding in the agent namespace #1137
• Documented howto BM agent/none #1079
• prevent privilege esclation by explicitly not allowing the escalate and bind verbs with rbac on the control plane operator #1136
• Run the konnektivity agent DS with hostnetwork #1142
• Azure: Fix image name to match what HPO expects #1141
• Rename variable for machineconfig and pretty print message #1140
• add konnectivity proxy sidecar to ingress-operator to ensure it can properly perform in cluster canary healthchecks #1131
• Azure: Add multi-AZ support #1127
• Azure: Stop logging errors during role assignment retry #1120
• Azure: Use an apiserver port that ends with 443 to make conformance tests happy #1133
• Give control-plane-operator access to the pull secret #1132
• add https prefix for proper redirects of console url #1129
• Move oidc configmap management back into install command #1128
• fix dns crd reconciliation for ibm cloud or providers that provide a subdomain #1123
• Fix create nodepool azure command #1118
• Azure: Fix credentials log #1126
• Updated secret permissions to 416 #1124
• Add missing readiness probes on HA deployments #1106
• Fix type in azurecluser for Private DNS name #1119
• Azure: Make the rootdisksize on nodepool configurable #1097
• Full changelog

ibm-vpc-block-csi-driver

• OCPBUGS-1488: Add udev #20
• Full changelog

ibm-vpc-block-csi-driver-operator

• Bug 2077419: [4.10] [ibm-vpc-block] Unable to change default storage class #35
• Full changelog

image-customization-controller

• OCPBUGS-754: mount /run/udev into the agent container #64
• Bug 2098627: Remove the container at exit #56
• Update OWNERS to current team status #53
• Bug 2061977: Add delay between ironic-agent restart, but restart forever #54
• Bug 2061977: Restart ironic-agent.service when it fails #43
• Full changelog

insights-operator

• helm upgrades and uninstalls backport 4.10 (#663) #663
• OCPBUGS-251 Gather status of the cephclusters.ceph.rook.io resources (#659) #659
• Backport console helm installs to 4.10 (#638) #638
• Bug 2081844: Fix the clusteroperator conditions values when IO is (#619) #619
• Bug 2079318: Remove PSP gatherer (#608) (#615) #608
• Bug 2072848: Gather namespace names with overlapping UIDs (#605) #605
• Gather some error messages from the kube-controller-manager containers (#598) #598
• Full changelog

ironic

• OCPBUGS-2829: Removed ServerName from VirtualHost Directives #307
• OCPBUGS-1740: Backport improvements to iDRAC steps to OCP 4.10 #303
• OCPBUGS-1225: sync BIOS settings fixes #298
• Bug 2109125: Upgrade version of ironic package to include fix for ZTP deployment #284
• Bug 2080442: Update sushy version #272
• Full changelog

ironic-agent

• OCPBUGS-1232: Include Fix for discovering bond interfaces #63
• Bug 2100775: Include Fix discovering WWN/serial for devicemapper devices #56
• Bug 2100836: Add missing multipath modules #55
• Bug 2089312: multipath fix for passive paths #52
• Bug 2053752: import time #49
• Bug 2053752: Bump retries for UEFI boot configuration #48
• Bug 2061278: [release-4.10] Retry UEFI boot Configuration #43
• Bug 2048481: Update ironic-python-agent to latest bugfix version #38
• Full changelog

jenkins, jenkins-agent-base, jenkins-agent-maven, jenkins-agent-nodejs

• [release: 4.10] OCPBUGS-2137: Sync javax-mail-api with version required by jenkins 2.361.1 #1496
• OCPBUGS-724: Update blueocean-autofavorite to 1.2.5 #1478
• OCPBUGS-2943: Force git-server to an earlier version #1509
• OCPBUGS-2185: Bump Jenkins version to 2.361.1 #1499
• OCPBUGS-1440: fix install plugins script #1484
• OCPBUGS-1037: Install glibc language package to remove setLocale warning #1480
• OCPBUGS-473: CVE mitigations #1479
• OCPBUGS-713: Add user coreydaley to approvers list #1477
• OCPBUGS-400: Revert xmlstarlet usage #1469
• Bug 2095620: Bump matrix-project plugin to 1.20 #1453
• Bug 2080204: Correctly declare Jenkins URL with trailing slash #1441
• Bug 2076253: Mitigate multiple CVEs #1430
• Bug 2075135: set necessary JVM args to allow jenkins JVM to come up on a FIPS node #1425
• Bug 2069134: [release-4.10] Update bundle-plugins.txt #1420
• Bug 2069134: [release-4.10] Enable supply-chain check #1417
• Bug 2061616: [release-4.10] Compute bundle plugins in build #1398
• Bug 2063898: [release-4.10] 2022-02-15 Security Advisory #1403
• Bug 2062053: Add Jitendar to OWNERS file #1401
• Bug 2055653: Add xmlstarlet to handle JENKINS_PASSWORD properly #1391
• Full changelog

kube-proxy, sdn

• OCPBUGS-647: Fix DNS endpoint hack to prefer local instead of forcing it #467
• OCPBUGS-647: Fix OCP hack to prefer local DNS endpoints #457
• OCPBUGS-255: setup network policy rules during pod creation to fix postStart hook #455
• Bug 2078501: [release-4.10] Remove node-tainting for too-small MTU #422
• Bug 2087763: Probe failures and pod restarts during 4.7 to 4.8 upgrade #431
• Bug 2082451: Masquerade in cluster traffic that is marked for egress IP #430
• Bug 2066466: Fix releasing egress IP in cloud environments #416
• Bug 2064807: Rebase SDN k8 1.23.4 #415
• Bug 2062859: mixed ingress and egress policies can result in half-isolated pods #410
• Full changelog

kube-state-metrics

• OCPBUGS-2196: internal/store: fix metrics slice length #79
• Bug 2078835: internal/store: fix potential panic in pod store #70
• Bug 2085329: Use v1 PodDisruptionBudget and CronJob resources #72
• Full changelog

kuryr-cni, kuryr-controller

• Bug 2082079: Parallelize ports removal #663
• Bug 2097277: Use upper-constraints.txt from stable/xena in UT #673
• Bug 2077384: Increase cni_request_duration buckets #656
• Bug 2055661: Update KLB .spec.provider when required #637
• Full changelog

machine-api-operator

• OCPBUGS-957: Change “create” sequence with powering on the vm after clone #1065
• Bug 2109124: Add DescribeRegions permission for aws controller #1046
• Bug 2086104: Set vCenter client request timeout #1017
• Full changelog

machine-config-operator

• OCPBUGS-2973: drop doc overlaysize default #3395
• OCPBUGS-2070: Make sure there is a search domain in resolv.conf #3366
• OCPBUGS-642: Fix .ssh directory not owned by core when created by Machine Config Daemon #3315
• Bug 2118609: Fix problem with retaining data in string array in piped while loop #3289
• Bug 2118607: configure-ovs: clone inactive autoconnect slaves #3288
• Bug 2100894: fix MCNameSuffix with kcfg ctrrcfg #3224
• Bug 2084187: Avoid kubernetes node port range #3145
• Bug 2099686: controller: de-couple FIPS and realtime detection #3201
• Bug 2098626: configure-ovs: improve handling of static ip and mac address configuration #3197
• Bug 2096564: Bug fix for node drain caused by ICSP objects #3181
• Bug 2089757: configure-ovs: avoid restarting NetworkManager #3159
• Bug 2085410: OVN Kubernetes configure-ovs-network set static if conversion metric #3147
• Bug 2081317: configure-ovs.sh: Provide store hint for default route interface #3131
• Bug 2076493: [on-prem] make Corefile api matching stricter #3095
• Bug 2082567: [vsphere] remove warning encountered on vSphere UPI cluster without API VIP #3138
• Bug 2069798: ClusterRoleUpdated/ClusterRoleBindingUpdated Spamming Event Logs #3045
• Bug 2079097: Ensure only one apiserver-watcher process is active on a node. #3121
• Bug 2071696: Add KUBELET_NODEIP_HINT to nodeip-configuration #3058
• Bug 2072621: Fix bootstrap-unit test failure caused by #3008 #3109
• Bug 2076308: Move removeUpdateInProgressTaint functionality to mcc #3091
• Bug 2072621: [OCPNODE-869] Create a drop-in file for cri-o’s seccomp use default config #3008
• Bug 2070492: configure-ovs: move dhcp config from br-ex to ovs-if-br-ex #3049
• Bug 2062666: configure-ovs: reload NM only when necessary #3005
• Bug 2062290: Add –templates flag to MCC bootstrap command #2997
• Bug 2063326: [release-4.10] Ensure directories are created with usable permission bits #3012
• Bug 2060954: Explicitly set keyfile as the default plugin #2985
• Full changelog

machine-os-images

• OCPBUGS-960: Update rhcos release browser url #24
• Bug 2090022: Get rid of lookaside cache in OCP build #17
• Revert .ci-operator.yaml #18
• Updating ose-machine-os-images images to be consistent with ART #9
• Bug 2077305: Remove destination coreos if it exists #14
• Full changelog

multus-cni

• OCPBUGS-2448: Fix missing device-info in networks-status annotation for chained plugins #137
• Bug 2084289: Bumps net-attach-def client library (for CNI v1.0 IP compatibility) [backport 4.10] #128
• Updating multus-cni images to be consistent with ART #110
• Full changelog

multus-whereabouts-ipam-cni

• OCPBUGS-1659: ip-reconciler: Add all non default interfaces to Pod IP list #98
• Bug 2065488: Sync upstream for context improvements for reconciler [backport 4.10] #88
• Full changelog

must-gather

• Bug 2106842: Add timeout to oc cp command to fix must-gather delays when routers are terminating #323
• Bug 2059777: Fix the namespace extract filter #288
• Bug 2106559: fix gather_insights collection #322
• Bug 2084591: Add networking resources #307
• Bug 2069554: Collect NMState resources when operator is installed #294
• Full changelog

network-interface-bond-cni

• Bug 2116642: Backport “mac duplicates” #42
• Bug 2101841: Backport Fix incorrect bond name issue #36
• Bug 2084289: Backport IPAM fixes [4.10] #34
• Full changelog

network-metrics-daemon

• Updating ose-network-metrics-daemon images to be consistent with ART (#40) #40
• Fix field selector (#50) #50
• Added METRIC_TEST_IMAGE var (#47) #47
• Full changelog

oauth-apiserver

• OCPBUGS-2553: bump kube to 1.23.12 to fix group sync #85
• Bug 2094022: Update 4.10 to 1.23 #79
• Full changelog

oc-mirror

• Bug 2075051: [release-4.10] fix: adds handling for channel with different prefixes in cincinnati.go (#413) #413
• build(deps): bump operator-registry dep to v1.21.1 (#390) #390
• Bug 2064901: fix(associations): modifies association return values to allows image… (#359) #359
• Bug 2065500: resolves multiple channel heads in merged catalogs (#372) #372
• chore: adds dynamic version info for version command with ldflags (#328) (#334) #328
• Full changelog

openshift-apiserver

• Add coreydaley as reviewer/approver for pkg/build #298
• Full changelog

openshift-state-metrics

• Updating openshift-state-metrics images to be consistent with ART #80
• Bug 2052804: adding new build comments required for go 1.17 #83
• Full changelog

openstack-cinder-csi-driver-operator

• Bug 2091649: SWEET32: Improve TLS configuration for Kube RBAC Proxy #89
• Full changelog

openstack-machine-controllers

• OCPBUGS-2628: Ensure network defs without subnet follow noAllowedAddressPairs #249
• OCPBUGS-1951: Apply noAllowedAddressPairs on intended subnets only #245
• Bug 1921656: Remove dependence on annotation to allow Server deletion #240
• Bug 2077380: Fix InstanceCreate port & trunk cleanup #233
• Bug 2071538: Address CVE-2022-21698 #226
• Bug 2050064: Ensure subnets belong to the queried network #219
• Full changelog

operator-lifecycle-manager, operator-registry

• OCPBUGS-1323: Add autoscaling eviction annotation to catalog pods to enable proper draining of nodes #392
• OCPBUGS-1087: Stop corrupting resolver cache. #385
• Bug 2115874: fix(grpc): Add startupProbe to check for grpc health readiness (#2791) #348
• Bug 2118261: Update containerd version #357
• Bug 2106838: remove broken thread-safety (#2697) #340
• Bug 2101802: opm bug fix #327
• Bug 2095329: [release-4.10] Bump go to v1.17 (#922) #310
• Bug 2080609: Fix GRPC CheckRegistryServer function (#2756) #298
• Bug 2071941: Replace collect-profile jobs that haven’t completed #277
• Bug 2070131: Fix a bug in deletion of webhook service for replacement #272
• Full changelog

ovirt-csi-driver

• OCPBUGS-761: CSI provisioned disks are preallocated #117
• OCPBUGS-620: Upgrade go-ovirt-client to 1.0.0 #116
• Full changelog

ovirt-csi-driver-operator

• Bug 2050118: Add custom CA bundle support #84
• Bug 2070525: Recreate oVirt connection for every sync #94
• Full changelog

ovn-kubernetes

• Bug 2099843: Add final db check to egress IP test #1357
• Bug 2105657: Fix egressIP object deletion if the node is deleted first #1228
• OCPBUGS-2660: Add logging verbosity to configuring OVN logs #1326
• OCPBUGS-1454: Fix NP upgrade bug: unexpectedly found multiple equivalent ACLs (arp v/s arp||nd) #1269
• OCPBUGS-2746: Fixes SNAT-ing Logic for EgressIPs #1336
• OCPBUGS-2208: getDefaultGatewayInterfaceByFamily: custom filter for MultiHop #1303
• OCPBUGS-2464: Fix the golang image used for unit-tests #1299
• OCPBUGS-1024: Dockerfile: bump to 2.16.0-89.3.el8fdp #1271
• Bug 2111552: Remove conntrack entries after rules #1219
• OCPBUGS-660: [release-4.10] pods: deleteLogicalPort should not fail when port is already gone #1257
• Bug 2113861: reconcile-node-lbs #1227
• OCPBUGS-174: [release-4.10] Fix race when adding and removing pod with same name #1250
• Bug 2070392: Fix egress IP reassignment on cloud #1203
• Bug 2111588: [release-4.10] export OVS metrics #1215
• Bug 2109442: Fix GetPodsBySelector/GetNamespacesBySelector so MatchExpressions is respected #1195
• Bug 2104454: improve performance of service sync #1173
• Bug 2105653: egressIP: node retrieval failure is not respected, causes panic #1185
• Bug 2105275: Fix egressips for pods recreated with same name #1179
• Bug 2107903: Append the SNAT rule in management chain #1201
• Bug 2105265: EGW: Clean Stale Conntrack Entries #1191
• Bug 2099680: [release-4.10] libovsdb fixes for empty values #1164
• Bug 2105276: Fix panics in DestroyNetworkPolicy if policy is nil #1182
• Bug 2099206: Update logging for specific policy when creating it #1149
• Bug 2099822: Fix pointer loop var #1153
• Bug 2091157: [release-4.10] Free IPs and delete resources for completed pods #1152
• Bug 2092501: Fixes finding default gateway for configured GW interface #1131
• Bug 2095193: duplicated IPs can be assigned to multiple Pods #1132
• Bug 2088582: Bumps OVN to 21.12.0-58.el8fdp #1101
• Bug 2086891: policy: Fix multicast allow policy type. #1093
• Bug 2088040: Delete ChassisPrivate along with Chassis #1099
• Bug 2077129: [release-4.10] Fixes secondary bridge #1044
• Bug 2088627: EgressIP NATs are not being cleared correctly from the logical router #1098
• Bug 2087203: enable exportloopref linter and fix violations #1095
• Bug 2082467: Fix cluster/status parsing for single-member db cluster (SNO) #1082
• Bug 2083116: delete SNAT2NIP if pod.node == egressNodeServingPod #1084
• Bug 2080069: Cleanup conntrack entries when services are deleted #1061
• Bug 2080895: Ensure stale information is not present in metrics with labels when they change #1070
• Bug 2080882: Fix incorrectly logged error when searching for ovnkube master pod #1069
• Bug 2080925: Don’t spawn go routines for adding metric events #1071
• Bug 2079546: [release-4.10] call clearInitialNodeNetworkUnavailableCondition for noHostSubnet nodes #1057
• Bug 2065780: [release-4.10][backport] Fix cleaning VF representor ports #1001
• Bug 2073411: Fix ETP=local for host->svc traffic #1063
• Bug 2073137: Fix lgw flows for ingress-svc traffic #1026
• Bug 2074839: [release-4.10] fix ipv6 network policy #1043
• Bug 2052017: Retry Pod Deletions on Failure #1025
• Bug 2059354: [4.10z] After reboot egress node, lr-policy-list was not correct #994
• fix so that this branch can build #7
• Bug 2055381: [release-4.10] support new ingress pipeline option for ACLs #6
• Bug 2061804: [4.10] Fixes “ErrorAddingLogicalPort: duplicate IP found in ECMP Pod route cache!” for same pod #990
• Bug 2063834: backport 2052975 to 4.10 #995
• Full changelog

prometheus-config-reloader, prometheus-operator

• Bug 2108976: pkg/prometheus: fix curl exec probe #196
• Bug 2060718: Add relabel validations #161
• Full changelog

tests

• OCPBUGS-2614: Fix s2i ruby test that relys on rack #27479
• disruption checking is disabled for prior releases because we lack a good baseline #27472
• OCPBUGS-1454: Fixes OVN ACL audit log parsing #27429
• Bug 2117301: Skip ErrImagePull for expected failures #27352
• Bug 2115862: Skip internet connection test if we use a proxy #27344
• Bug 2065028: rearrange test cases #26915
• OCPBUGS-374: test: allow -f to match tests for any test suite #27366
• Bug 2080198: skip tests for etcd leaders when etcd revisions change a lot #27076
• Bug 2080759: Remove BlueOcean annotation check #27065
• Bug 2077995: Best matcher single node OVN #27048
• Bug 2059845: [test]: bump upper bounds for AWS single node and GCP #27055
• Bug 2077414: MGMT-9440: Fix single node serial tests API crash #27037
• Bug 2074714: synthetictests: skip “alert/Watchdog must have no gaps or changes” on SNO upgrades #27011
• Bug 2074448: exclude loki-promtail from duplicated events #27010
• Bug 2077516: don’t fail when a query returns warnings #27039
• Bug 2059845: operators should not create watch channels very often: bump OpenStack monitoring operator #26879
• Bug 2076265: [release-4.10] test: switch to testing CapBnd over CapInh #27021
• Bug 2060592: only add failure when no event was found for the target revision #26881
• Bug 2055381: cleanup network policy ACL extended test #26946
• Full changelog

thanos

• OCPBUGS-2037: Bump 4.10 to 0.23.2 #92
• Full changelog

vsphere-cloud-controller-manager

• OCPBUGS-2065: fix .dockerignore to satisfy OCP specific requirements #27
• Full changelog

vsphere-csi-driver-operator

• OCPBUGS-2282: Add HTTP proxy to syncer container #114
• OCPBUGS-376: storageclass should not be created for unsupported vsphere version #105
• Bug 2108003: 4.10: Don’t block upgrades when another CSI driver is found #99
• Bug 2095824: Report max. nr. of attachable volumes per node #91
• Full changelog

vsphere-problem-detector

• Bug 2055895: change NodePerfCheck criteria to be based on average latency #76
• Full changelog

---

View changelog in Markdown or change previous release: 4.10.404.10.394.10.384.10.374.10.364.10.354.10.344.10.334.10.324.10.314.10.304.10.294.10.284.10.274.10.264.10.254.10.244.10.234.10.224.10.214.10.204.10.194.10.184.10.174.10.164.10.154.10.144.10.134.10.124.10.114.10.104.10.94.10.84.10.74.10.64.10.54.10.44.10.34.10.24.10.14.10.04.10.0-rc.84.10.0-rc.74.10.0-rc.64.10.0-rc.54.10.0-rc.44.10.0-rc.34.10.0-rc.24.10.0-rc.14.10.0-rc.04.10.0-fc.44.10.0-fc.34.10.0-fc.24.10.0-fc.14.10.0-fc.04.9.594.9.584.9.574.9.564.9.554.9.544.9.534.9.524.9.514.9.504.9.494.9.484.9.474.9.464.9.454.9.444.9.434.9.424.9.414.9.404.9.394.9.384.9.374.9.364.9.354.9.344.9.334.9.324.9.314.9.304.9.294.9.284.9.274.9.264.9.254.9.244.9.234.9.224.9.214.9.204.9.194.9.184.9.174.9.164.9.154.9.144.9.134.9.124.9.114.9.104.9.94.9.84.9.74.9.64.9.54.9.44.9.34.9.24.9.14.9.04.9.0-rc.84.9.0-rc.74.9.0-rc.64.9.0-rc.54.9.0-rc.44.9.0-rc.34.9.0-rc.24.9.0-rc.14.9.0-rc.04.9.0-fc.14.9.0-fc.04.8.574.8.564.8.554.8.544.8.534.8.524.8.514.8.504.8.494.8.484.8.474.8.464.8.454.8.444.8.434.8.424.8.414.8.404.8.394.8.384.8.374.8.364.8.354.8.344.8.334.8.324.8.314.8.304.8.294.8.284.8.274.8.264.8.254.8.244.8.234.8.224.8.214.8.204.8.194.8.184.8.174.8.164.8.154.8.144.8.134.8.124.8.114.8.104.8.94.8.84.8.74.8.64.8.54.8.44.8.34.8.24.8.14.8.04.8.0-rc.34.8.0-rc.24.8.0-rc.14.8.0-rc.04.8.0-fc.94.8.0-fc.84.8.0-fc.74.8.0-fc.64.8.0-fc.54.8.0-fc.44.8.0-fc.34.8.0-fc.24.8.0-fc.14.8.0-fc.04.7.604.7.594.7.584.7.574.7.564.7.554.7.544.7.534.7.524.7.514.7.504.7.494.7.484.7.474.7.464.7.454.7.444.7.434.7.424.7.414.7.404.7.394.7.384.7.374.7.364.7.354.7.344.7.334.7.324.7.314.7.304.7.294.7.284.7.274.7.264.7.254.7.244.7.234.7.224.7.214.7.204.7.194.7.184.7.174.7.164.7.154.7.144.7.134.7.124.7.114.7.104.7.94.7.84.7.74.7.64.7.54.7.44.7.34.7.24.7.14.7.04.7.0-rc.34.7.0-rc.24.7.0-rc.14.7.0-rc.04.7.0-fc.54.7.0-fc.44.7.0-fc.34.7.0-fc.24.7.0-fc.14.7.0-fc.04.6.624.6.614.6.604.6.594.6.584.6.574.6.564.6.554.6.544.6.534.6.524.6.514.6.504.6.494.6.484.6.474.6.464.6.454.6.444.6.434.6.424.6.414.6.404.6.394.6.384.6.374.6.364.6.354.6.344.6.334.6.324.6.314.6.304.6.294.6.284.6.274.6.264.6.254.6.244.6.234.6.224.6.214.6.204.6.194.6.184.6.174.6.164.6.154.6.144.6.134.6.124.6.114.6.104.6.94.6.84.6.74.6.64.6.54.6.44.6.34.6.24.6.14.6.04.6.0-rc.44.6.0-rc.34.6.0-rc.24.6.0-rc.14.6.0-rc.04.6.0-fc.94.6.0-fc.84.6.0-fc.74.6.0-fc.64.6.0-fc.54.6.0-fc.44.6.0-fc.3───4.15.0-0.nightly-2023-09-28-0849294.15.0-0.nightly-2023-09-28-0315144.15.0-0.nightly-2023-09-27-1505224.15.0-0.nightly-2023-09-27-0733534.15.0-0.nightly-2023-09-27-0158044.15.0-0.nightly-2023-09-25-1010134.15.0-0.nightly-2023-09-17-0458114.15.0-0.nightly-2023-09-17-002308───4.15.0-0.ci-2023-09-28-1206334.15.0-0.ci-2023-09-28-0606334.15.0-0.ci-2023-09-28-0006334.15.0-0.ci-2023-09-27-1806334.15.0-0.ci-2023-09-27-1206334.15.0-0.ci-2023-09-27-0606334.15.0-0.ci-2023-09-27-0006334.15.0-0.ci-2023-09-26-1206334.15.0-0.ci-2023-09-26-060633───4.14.0-0.nightly-2023-09-28-0840474.14.0-0.nightly-2023-09-27-2257184.14.0-0.nightly-2023-09-27-1540264.14.0-0.nightly-2023-09-27-0911294.14.0-0.nightly-2023-09-27-0425484.14.0-0.nightly-2023-09-26-2225474.14.0-0.nightly-2023-09-26-1245074.14.0-0.nightly-2023-09-26-0801114.14.0-0.nightly-2023-09-26-0215474.14.0-0.nightly-2023-09-24-0441104.14.0-0.nightly-2023-09-23-2317454.14.0-0.nightly-2023-09-23-090342───4.14.0-0.ci-2023-09-28-0800054.14.0-0.ci-2023-09-28-0200054.14.0-0.ci-2023-09-27-2000054.14.0-0.ci-2023-09-27-1400054.14.0-0.ci-2023-09-27-0800054.14.0-0.ci-2023-09-27-0200054.14.0-0.ci-2023-09-26-2000054.14.0-0.ci-2023-09-26-1400054.14.0-0.ci-2023-09-26-080005───4.13.0-0.nightly-2023-09-28-1142114.13.0-0.nightly-2023-09-28-0411524.13.0-0.nightly-2023-09-27-1930404.13.0-0.nightly-2023-09-27-0532554.13.0-0.nightly-2023-09-26-1355064.13.0-0.nightly-2023-09-26-0158234.13.0-0.nightly-2023-09-25-0820454.13.0-0.nightly-2023-09-25-022045───4.13.0-0.ci-2023-09-28-1027554.13.0-0.ci-2023-09-28-0424354.13.0-0.ci-2023-09-27-2050164.13.0-0.ci-2023-09-27-1417574.13.0-0.ci-2023-09-27-0426174.13.0-0.ci-2023-09-26-2159014.13.0-0.ci-2023-09-26-1558534.13.0-0.ci-2023-09-26-0548274.13.0-0.ci-2023-09-25-230813───4.12.0-0.nightly-2023-09-28-0109034.12.0-0.nightly-2023-09-27-1526464.12.0-0.nightly-2023-09-27-0510014.12.0-0.nightly-2023-09-26-2310014.12.0-0.nightly-2023-09-26-1710014.12.0-0.nightly-2023-09-26-0422514.12.0-0.nightly-2023-09-25-161205───4.12.0-0.ci-2023-09-28-0912134.12.0-0.ci-2023-09-27-2021444.12.0-0.ci-2023-09-27-0830544.12.0-0.ci-2023-09-26-2255434.12.0-0.ci-2023-09-26-1312534.12.0-0.ci-2023-09-25-1917404.12.0-0.ci-2023-09-25-061328───4.11.0-0.nightly-2023-09-27-0736084.11.0-0.nightly-2023-09-26-0643034.11.0-0.nightly-2023-09-25-1610514.11.0-0.nightly-2023-09-24-1005464.11.0-0.nightly-2023-09-14-210203───4.11.0-0.ci-2023-09-26-1642164.11.0-0.ci-2023-09-26-0559014.11.0-0.ci-2023-09-25-2335174.11.0-0.ci-2023-09-25-1321364.11.0-0.ci-2023-09-22-092603───4.10.0-0.nightly-2023-09-23-1306564.10.0-0.nightly-2023-09-23-0706564.10.0-0.nightly-2023-09-23-0106564.10.0-0.nightly-2023-09-16-1319474.10.0-0.nightly-2023-09-10-155710───4.10.0-0.ci-2023-09-28-1339344.10.0-0.ci-2023-09-28-0707294.10.0-0.ci-2023-09-26-1906354.10.0-0.ci-2023-09-26-1041584.10.0-0.ci-2023-09-26-0150564.10.0-0.ci-2023-09-25-1331074.10.0-0.ci-2023-09-23-191132───4.9.0-0.nightly-2023-08-25-1035294.9.0-0.nightly-2023-08-01-1726394.9.0-0.nightly-2023-08-01-1126394.9.0-0.nightly-2023-07-31-1954554.9.0-0.nightly-2023-07-29-095441───4.9.0-0.ci-2023-09-17-0021354.9.0-0.ci-2023-09-13-1725374.9.0-0.ci-2023-09-10-1733394.9.0-0.ci-2023-09-09-0429524.9.0-0.ci-2023-08-26-090204───4.8.0-0.nightly-2023-08-31-0446344.8.0-0.nightly-2023-08-23-1312364.8.0-0.nightly-2023-08-21-0304314.8.0-0.nightly-2023-08-01-1043124.8.0-0.nightly-2023-07-31-231822───4.8.0-0.ci-2023-09-16-0434424.8.0-0.ci-2023-09-14-1936014.8.0-0.ci-2023-09-14-1603404.8.0-0.ci-2023-07-28-0029404.8.0-0.ci-2023-07-15-003738───4.7.0-0.nightly-2023-08-31-0544414.7.0-0.nightly-2023-08-22-1823064.7.0-0.nightly-2023-08-21-0305164.7.0-0.nightly-2023-08-01-1056574.7.0-0.nightly-2023-07-31-162336───4.7.0-0.ci-2023-09-17-0149564.7.0-0.ci-2023-09-13-1520064.7.0-0.ci-2023-08-23-1118494.7.0-0.ci-2023-08-22-1807414.7.0-0.ci-2023-08-01-193229───4.6.0-0.nightly-2023-08-26-0322404.6.0-0.nightly-2023-08-02-1901424.6.0-0.nightly-2023-08-01-1130314.6.0-0.nightly-2023-07-28-0756174.6.0-0.nightly-2023-07-26-212417───4.6.0-0.ci-2023-08-04-2015434.6.0-0.ci-2023-08-02-1612084.6.0-0.ci-2023-07-28-0433114.6.0-0.ci-2023-07-28-0226034.6.0-0.ci-2023-07-28-003217───4.14.0-ec.44.14.0-ec.34.14.0-ec.24.14.0-ec.14.14.0-ec.0

Source code for this page located on github