Back to index 
4.14.0-0.nightly-2025-10-26-025612 Download the installer  for your operating system or run 
oc adm release extract --tools registry.ci.openshift.org/ocp/release:4.14.0-0.nightly-2025-10-26-025612 Team Approvals: 
Tests:
Upgrades from:
Loading changelog, this may take a while ...
Created: 2025-10-26 02:59:13 +0000 UTC
Image Digest: sha256:4f3cb9ae2f35a1c2f1d4cea44f9b629cff7a630f0bb227ec189f1cfab4cc5d7b
Components 
New images 
Removed images 
ovn-kubernetes-microshift-rhel-9 
ovn-kubernetes-rhel-9 
 
Rebuilt images without code change 
apiserver-network-proxy  git f56c606a  sha256:abc887bf574b3e364cc29a9a789197af6c5a3e9d9cdd1f7794ea3d5828da8e36machine-os-content sha256:7e08d4dd8b1384bcae5d41a1d9652b754142ac179cea041e87c6a582cd06a9db 
rhel-coreos sha256:41364400a8c89c65afa89d0296b34483c62e88877c967918ac2f71d6483516eb 
rhel-coreos-extensions sha256:b47e8b8441d42639f472630a2a3f1f6e6e2292e4a126fd90abffb264208f4db3 
 
OCPBUGS-58632 , OCPBUGS-58637 : Bump glog to v1.2.5 in release-4.14 (#7906) #7906 OCPBUGS-53691 : Bump jwt to 4.5.2 in release-4.14 (#7499) #7499 OCPBUGS-46941 : OCPBUGS-46184: Bump golang.org/x/net to 0.33.0 (#7200) #7200 OCPBUGS-15346 , OCPBUGS-15347 : Update version go-http-metrics and gin-gonic/gin (#6899) #6899 OCPBUGS-34641 : Invalid Pull-Secret when using password which contains a colon character (#6416) #6416 OCPBUGS-31631 : Deploy dual stack with IPv6 on top of bond/vlan fails (#6322) #6322 MGMT-17594 : Bump x/net to v0.24.0 to mitigate CVE-2023-45288 (#6216) #6216 MGMT-17549 : Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#6203) #6203 MGMT-17541 : Replace broken golangci reference (#6197) #6197 NO-ISSUE: replace postgres images as current one disappeared from quay (#6134) #6134  
MGMT-16950 : changing dnsmasq configuration for sno in order to meet single ip installation flow for ibu (#5973) #5973 MGMT-16494 : Move ip hint file creation to ignition in order to change it in IBI process (#5974) #5974 MGMT-16517 : Add Env Var Deployment Type & Set ABI (#5987) #5987 MGMT-15796 : set CloudControllerManager to External for OCI (#5877) #5877 OCPBUGS-23069 : Ignore hostPrefix validation for plugins other than OVN/SDN (#5676) #5676 MGMT-15704 : One typo and one missing piece of config, discovered after MGMT-15704 merged (#5465) #5465 Bump OCP versions: 4.12 (#5467) #5467  
MGMT-15653 : Validate domain in one place (#5451) #5451 MGMT-15704 : Assisted service should create Day2 import CR for hub cluster. (#5459) #5459 MGMT-15340 : Ensure vlan interface names will be <= 15 characters (#5389) #5389 NO-ISSUE: Add subsystem tests to platform support level (#5460) #5460  
Bump OCP versions: 4.10 (#5463) #5463  
Bump OCP versions: 4.13 (#5457) #5457  
Bump OCP versions: 4.13, 4.11, 4.12 (#5454) #5454  
MGMT-11456 : Bugfix - remove redundant code (#5372) #5372 Bump OCP versions: 4.11, 4.12, 4.13 (#5452) #5452  
AGENT-694 : Support external platform type for agent installer (#5438) #5438 MGMT-15100 : Remove unused feature-support-levels API endpoint (#5450) #5450 Update RHTAP references (#5410) #5410  
Fix setup_env.sh failure handling (#5442) #5442  
Add BMH annotation keys to docs (#5444) #5444  
OCPBUGS-17992 day2 skip install config overrides (#5439) #5439  
Bump OCP versions: 4.12, 4.10 (#5441) #5441  
MGMT-14881 : return a valid error when no disks has been found (#5430) #5430 MGMT-15595 : Make client a separate go module (#5434) #5434 MGMT-15177 : Align feature support level to support platform as filterable feature (#5424) #5424 Bump OCP versions: 4.12 (#5432) #5432  
Bump OCP versions: 4.11, 4.13 (#5431) #5431  
Use go 1.18 when setting up environment (#5422) #5422  
NO-ISSUE: Bump k8s.io/klog/v2 from 2.70.1 to 2.100.1 (#5428) #5428  
MGMT-15356 : Ensure filenames are distinct between openshift and manifest (#5382) #5382 MGMT-15491 : Validate vSphere disk.EnableUUID ignoring cluster platform (#5416) #5416 NO-ISSUE: Extend waiting time to test DB container to be ready (#5425) #5425  
Bump OCP versions: 4.10 (#5423) #5423  
Bump OCP versions: 4.13, 4.12 (#5421) #5421  
OCPBUGS-17415 : Bump golang.org/x/net (#5417) #5417 MGMT-14933 : Validate hosts running in OCI (#5413) #5413 Ensure inspection is disabled on day-2 spoke node BMHs (#5406) #5406  
MGMT-15423 : Change the user message from: ‘Host is not compatible with cluster platform %s; either disable this host or choose a compatible cluster platform (%v)’ to ‘Host is not compatible with cluster platform %s; either disable this host or discover a new, compatible host.’ (#5412) #5412 Don’t set detached for BMHs without infraenv label (#5414) #5414  
RHTAPBUGS-318 : Fetch tag in RHTAP build (#5333) #5333 MGMT-15424 : parametrize envoy configmap name (#5411) #5411 Bump OCP versions: 4.12 (#5409) #5409  
Bump OCP versions: 4.11 (#5407) #5407  
MGMT-15335 : Fix missing state when trying to update to not supported platform (#5399) #5399 Bump OCP versions: 4.14 (#5403) #5403  
Update RHTAP references (#5387) #5387  
MGMT-15389 : add feature flag to enable/disable OKD support (#5400) #5400 MGMT-11949 : MGMT-12278: Update libksba and libxml2 (#5398) #5398 MGMT-15388 : Remove unsupported platforms from the supported-platforms endpoint (#5394) #5394 AGENT-557 : Split register into registerCluster and registerInfraEnv (#5376) #5376 MGMT-15339 : Run network config before NetworkManager (#5375) #5375 MGMT-15128 : Remove control plane machine set so that control-plane-machine-set operator would not go degraded due to placeholder credentials on installation. (#5378) #5378 MGMT-15047 : use installer to deploy on external platform (#5381) #5381 MGMT-15343 : dependabot remove docker (#5392) #5392 Bump OCP versions: 4.13, 4.10 (#5391) #5391  
Don’t attempt to contact spoke while unbinding a day2 host (#5383) #5383  
Update RHTAP references (#5374) #5374  
MGMT-15128 : Remove control plane machine set so that control-plane-machine-set operator would not go degraded due to placeholder credentials on installation. (#5364) #5364 Bump OCP versions: 4.12 (#5384) #5384  
MGMT-14793 : Assisted discovery core and root user shell should have (#5373) #5373 MGMT-15215 : Allow setting of UI specific data for a cluster (#5358) #5358 MGMT-15343 : dependabot group updates (#5379) #5379 MGMT-14923 : add OSImageVersion to InfraEnvSpec (#5365) #5365 Bump OCP versions: 4.13 (#5377) #5377  
Update RHTAP references (#5370) #5370  
OCPBUGS-16077 : Fix DNS validation (#5371) #5371 MGMT-11456 : kube-api should allow user to specify infraenv additional trust bundle (#5357) #5357 Bump OCP versions: 4.11, 4.12 (#5369) #5369  
MGMT-15295 : Fixc bug in list manifests (#5366) #5366 MGMT-14015 : Custom manifest feature usage is never turning off (#5363) #5363 MGMT-14491 : Invalid node label returns error 500 instead of 400 (#5362) #5362 Update RHTAP references (#5328) #5328  
Bump OCP versions: 4.14 (#5360) #5360  
MGMT-15243 : Skip any zero size manifests when applying (#5355) #5355 Bump OCP versions: 4.12 (#5356) #5356  
MGMT-14656 : Sort disks by HCTL after the other options (#5354) #5354 No-ISSUE: Revert “MGMT-14634: Ensure that empty manifest may not be added. (#5348)” (#5353) #5348  
MGMT-15213 : temporary disable release-domain-name-resolved-correctly validation (#5351) #5351 MGMT-15073 : Cluster reset - only system generated manifests to be deleted (#5338) #5338 MGMT-15070 : Unable to change machine-network with dual stack (#5349) #5349 MGMT-14634 : Ensure that empty manifest may not be added. (#5348) #5348 MGMT-15150 : Use same installer binary for all platform types (#5334) #5334 MGMT-14851 : Update docs for allowing automatedCleaningMode (#5343) #5343 Bump OCP versions: 4.14, 4.12 (#5345) #5345  
MGMT-14726 : Ensure that manifest filename does not contain spaces. (#5342) #5342 MGMT-15064 : Update is_external API description (#5336) #5336 Bump OCP versions: 4.10, 4.11 (#5339) #5339  
MGMT-14852 : Allow AutomatedCleaningMode to be set by user (#5319) #5319 MGMT-14374 : update day2 master docs (#5335) #5335 MGMT-14620 Only emit succesful host creation message for pre install hosts (#5296) #5296  
MGMT-14704 : Provide info on custom/vs non custom manifest in manifest endpoint. (#5278) #5278 MGMT-15114 : remove event for cluster registration failed (#5330) #5330 MGMT-15126 : Add missing incompatible features in some of the feature-support feature (#5327) #5327 MGMT-15107 : Bump version for hacking LSO catalog (#5323) #5323 Create an override annotation for the ironic agent image (#5310) #5310  
OCPBUGS-13621 : Fix singular Ingress and API cluster VIPs removal (#5216) #5216 Don’t require key encipherment usage for approving CSRs (#5322) #5322  
MGMT-13284 : Check for BMH CRD before creating controller (#5284) #5284 MGMT-14937 : Deprecate user_managed_networking attribute (#5317) #5317 Bump OCP versions: 4.14 (#5320) #5320  
Bump OCP versions: 4.13, 4.10, 4.12 (#5316) #5316  
NO-ISSUE: parametrize template to enable switching secrets (#5313) #5313  
MGMT-14240 : Specify connect-timeout on curl (#5314) #5314 MGMT-15034 : Fix patch of infrastructure CR with external platform (#5312) #5312 MGMT-14979 : add sasl/scraml auth method for kafka notifications (#5299) #5299 MGMT-15025 : Forbid register Z architecture cluster with OCI platform (#5309) #5309 MGMT-15015 Provider IsHostSupported panic if platform is not found (#5306) #5306  
OCPBUGS-13738 enforce additional ntp sources added into chrony (#5295) #5295  
MGMT-14992 : Fix Minimal ISO set as default in s390x (#5302) #5302 MGMT-14631 : Removing leftover of support for openshift 4.8 (#5301) #5301 Bump OCP versions: 4.14, 4.11 (#5300) #5300  
MGMT-14973 : Fix misleading logs showing wrong platform and user_managed_networking combination (#5298) #5298 MGMT-14975 : Update MCE operator installation to use stable-2.3 channel (#5297) #5297 MGMT-14769 : Enable upgrade agent by default (#5276) #5276 MGMT-14165 : AgentClusterInstall Webhooks improvements and fixes (#5275) #5275 Bump OCP versions: 4.13, 4.12 (#5293) #5293  
MGMT-14730 : Validate that manifest file size does not exceed 1MB (#5281) #5281 MGMT-14883 : Fix feature-support validation fail to validate openshift version (#5290) #5290 MGMT-14904 : fix error code for ignition size validation (#5291) #5291 MGMT-14631 : Remove support for openshift 4.8 (#5221) #5221 Add tls config for the service monitor (#5282) #5282  
Bump OCP versions: 4.12, 4.10 (#5288) #5288  
Red Hat Trusted App Pipeline update assisted-service-q2vh (#5270) #5270  
Bump OCP versions: 4.13 (#5280) #5280  
OCPBUGS-7076 : Copy Day2 BMH if Agent is installing (#5250) #5250 OCPBUGS-14405 : Avoid panic if pull secret contains non-string (#5267) #5267 MGMT-13746 : validate discovery ignition size (#5273) #5273 MGMT-14830 : Enable TechPreviewNoUpgrade when platform is external (#5279) #5279 MGMT-13431 : patching bug - ODF storage class not recognizing all device sets (#5268) #5268 MGMT-14803 : Fix cluster update won’t fail on incompatible OLM operator dependency (#5264) #5264 MGMT-14600 : Prevent installing dual-stack vSphere on OCP version smaller than 4.13 (#5271) #5271 MGMT-14750 : Allow FC, ECKD, FBA drive types on s390x (#5269) #5269 MGMT-12186 : Add MCE operator plugin (#5203) #5203 Bump OCP versions: 4.11, 4.12 (#5265) #5265  
MGMT-14781 : Make LSO operator to support all CPU architectures (#5262) #5262 Bump OCP versions: 4.13 (#5261) #5261  
MGMT-14582 : Set OCI platform behind a capability (#5249) #5249 MGMT-13997 : Issues when using multiple bonds with CIM Assisted Installer (#5233) #5233 MGMT-13685 : Make sure ingress and api vip are not broadcast address. (#5256) #5256 MGMT-14723 : Fix randomly failing subsystem test (#5259) #5259 MGMT-14649 : Add feature support for OCI platform (#5244) #5244 NO-ISSUE: fixed misleading error message, the order of the host status was reverse (#5257) #5257  
MGMT-14306 : Update host role validation to accept AutoAssign in Day2 (#5247) #5247 Delete the spoke BMH before removing the finalizer (#5239) #5239  
MGMT-14723 : Remove duplicate operator cpu architecture validation (#5254) #5254 MGMT-14734 : Fix failed to update Nutanix provider cluster when on multi architecture (#5253) #5253 MGMT-14728 : Escape the escape char () (#5252) #5252 Bump OCP versions: 4.14 (#5251) #5251  
MGMT-14721 : Get icsp-file from registries.conf for oc extract command (#5245) #5245 Bump OCP versions: 4.10 (#5248) #5248  
Docs fix: ensure kubeconfig secret is created with a kubeconfig key. (#5246) #5246  
MGMT-13938 : support external platform (#5143) #5143 Bump OCP versions: 4.11, 4.12 (#5243) #5243  
MGMT-8097 : masters schedulable kube-api (#5240) #5240 Remove the detached annotation when BMH is being deleted (#5228) #5228  
MGMT-13643 : added MaxLength to additional_trust_bundle (#5226) #5226 Bump OCP versions: 4.11, 4.12 (#5232) #5232  
MGMT-14356 : Set 4.13 to default (#5230) #5230 Fix cpu partitioning struct tag/field (#5227) #5227  
Force a BMH reboot when the infraenv image changes (#5212) #5212  
MGMT-14416 : VipDhcpAllocation from update params should take precedence (#5209) #5209 Bump OCP versions: 4.13 (#5225) #5225  
MGMT-14526 : Possible issue with validateNoWildcardDNS resolution validation (#5198) #5198 MGMT-14648 : Make “sufficient-masters-count - failed” subsystem test tolerate extra event. (#5223) #5223 Don’t panic on BMH delete when agents are unbound (#5219) #5219  
NO-ISSUE: Wait for hostedcontrolplane to be created (#5218) #5218  
NO-ISSUE: Fix install customization doc (#5217) #5217  
MGMT-14610 : Wait for the hostedcontrolplane CR ready status instead of watching the ready status of all pods in the namespace (#5215) #5215 OCPBUGS-13081 : Support by-path root device hints (#5185) #5185 MGMT-14526 : Allow trailing dot (.) to be appended to domain name (#5208) #5208 OCPBUGS-13310 support setting CPUPartitioningMode with install config overrides (#5207) #5207  
Bump OCP versions: 4.12, 4.13 (#5205) #5205  
Deprovision when using converged and unbinding (#5199) #5199  
OCPBUGS-13356 : Fix ‘vendor’ root device hint evaluation (#5197) #5197 MGMT-13977 : Disallow single character base domain (#5196) #5196 Updating ose-agent-installer-api-server images to be consistent with ART (#5026) #5026  
MGMT-14530 : Changing event message filtering to escape wildcards %,_ and not be case sensetive (#5194) #5194 OCPBUGS-13250 : Fix disk name in generated HardwareDetails (#5193) #5193 MGMT-14370 : add OCP 4.14.0-ec.0 images (#5190) #5190 Podman README-disconnected requires 4.2 and not 3.3 (#5191) #5191  
Bump OCP versions: 4.13 (#5189) #5189  
MGMT-14425 : Changing event counts behavior (#5186) #5186 MGMT-14226 : Upgrade moby to 20.10.24 (#5153) #5153 Remove all spoke resources when deleting the node (#5161) #5161  
Bump OCP versions: 4.12, 4.10 (#5182) #5182  
MGMT-14507 : Exposing event headers for scripts (#5179) #5179 MGMT-14509 return 404 if cluster not found when host try to register (#5180) #5180  
NO-ISSUE: Check whether is defined (#5178) #5178  
NO-ISSUE: Override the control plane operator image only if explicitly asked to (#5176) #5176  
MGMT-11424 : added validations for ignition cert (#5145) #5145 Bump OCP versions: 4.11 (#5173) #5173  
Bump OCP versions: 4.13 (#5170) #5170  
NO-ISSUE: Fixes the UI deployment (#5169) #5169  
Update state machine graphs (#5168) #5168  
MGMT-14462 : Allow to deploy assisted-service with all available images (#5167) #5167 NO-ISSUE Remove Approvers that are not longer in the group (#5166) #5166  
Handle ironic URLs in dual stack hub and IPv6 spoke (#5163) #5163  
MGMT-14449 : change creation time for hosts to one minute ago instead of now, to avoid race conditions in tests (#5160) #5160 MGMT-13890 : Drain before deprovisioning spoke nodes (#5110) #5110 Bump OCP versions: 4.10, 4.11 (#5157) #5157  
MGMT-13955 : Add known issue regarding ignoring disk size validations (#5158) #5158 MGMT-14315 : Allow to install P and Z architectures with Single Node Openshift on 4.13 (#5147) #5147 NO ISSUE: use literal for cpu limits, to enable nulliable value (#5155) #5155  
Bump OCP versions: 4.12 (#5151) #5151  
MGMT-14389 : Update operator bundle channel (#5148) #5148 MGMT-14108 : add readiness probe initialDelaySeconds for assisted-service and assisted-image-service (#5150) #5150 MGMT-14137 : Create test flow for ZTP for node labeling and avoiding reboot for custom role (#5086) #5086 Bump OCP versions: 4.13 (#5149) #5149  
MGMT-14396 : Get correct path for binary from mirror (#5141) #5141 NO-ISSUE: Fix grammar mistakes (#5146) #5146  
MGMT-14395 : Day-2 domain name resolution step shouldn’t include release image domain (#5139) #5139 Cache must-gather images by architecture (#5140) #5140  
MGMT-14298 : Set full ISO as default for Z architecture (#5136) #5136 Improve inaccurate ODF validation message (#5137) #5137  
MGMT-14338 : add missing stream notifications (#5132) #5132 Bump OCP versions: 4.11 (#5135) #5135  
Bump OCP versions: 4.10, 4.12 (#5131) #5131  
Use contexts in spoke client (#5130) #5130  
MGMT-13083 : limit the size of release binaries (#5120) #5120 NO-ISSUE: Currently, while trying to fetch events using cluster_id, host_ids and severities we don’t get severity filtered correctly because of the precedence of AND, OR in SQL. (#5123) #5123  
MGMT-14239 : Enable UMN as default for Power arch (ppc64le) (#5127) #5127 MGMT-14266 : Fix unclear message when creating a P/Z cluster with OCP ver 4.10 (#5122) #5122 MGMT-10977 : Validate DNS server connection (#5102) #5102 MGMT-14242 : MGMT-14017:  MGMT-14239: MGMT-14300: Fix multiple bugs (feature support and feature usage) (#5119) #5119 Add private SELinux label for volume mount content (#5109) #5109  
Bump OCP versions: 4.11, 4.12, 4.13 (#5118) #5118  
MGMT-14283 : Ignored validations - validation id “all” does not work (#5117) #5117 MGMT-14125 : Use systemd unit instead of dracut hook to configure network (#5107) #5107 MGMT-12301 : refator the progress bar to use state machine (#5103) #5103 Bump OCP versions: 4.13, 4.9, 4.12, 4.11, 4.10 (#5115) #5115  
MGMT-13178 : As part of events pagination epic, this commit is about adding ‘order’ parameter so the client can request the events in the desired order, and changing the counting of events by severity to apply after the filtering (#5106) #5106 Bump OCP versions: 4.12, 4.13 (#5105) #5105  
MGMT-14195 : Use clusterIdMatcher instead of gomock.Any() in inventory_test (#5104) #5104 MGMT-14161 : removing multi cpu architecture for infra envs (#5098) #5098 MGMT-13846 : Reject UserManagedNetworking true when cluster VIPs are set (#5071) #5071 MGMT-13888 : Remove spoke node on BMH delete (#5028) #5028 MGMT-14190 : Allow installing Power architecture with CMN and MinimalISO (#5101) #5101 MGMT-14026 : Add validation to ensure ignored validation ID exists (#5074) #5074 MGMT-13918 : Modify ignored validation should not be possible post-install (#5077) #5077 NO-ISSUE: Make DB transaction terminate function only when error (#4946) #4946  
NO-ISSUE: Wrap VIP update in the DB around transaction (#4943) #4943  
MGMT-13916 : Update enhancement doc for ignoring validations feature (#5095) #5095 Bump OCP versions: 4.10, 4.11, 4.13 (#5100) #5100  
Add a function for setting annotations (#5099) #5099  
Presently, in the PreNetworkConfig script, we are removing the default network manager configuration for a host in every case. This should be altered so that the default configuration is deleted only if custom nmstate configuration has been provided for the host. (#5044) #5044  
MGMT-14078 : Add “unavailable” option to the support-level enum (#5062) #5062 MGMT-14150 : Update install-config to support multi vSphere data-centers (#5090) #5090 MGMT-14133 : Fix P/Z support level allows cluster with OLM operators. (#5088) #5088 MGMT-14017 : report accurate P/Z feature usage if multi (#5079) #5079 MGMT-14074 : Don’t run nmcli if not available (#5087) #5087 Bump OCP versions: 4.12, 4.9 (#5080) #5080  
MGMT-13925 : Get the ironic URLs in reconcile rather than at startup (#5041) #5041 MGMT-14074 : Reload NM config after creation (#5066) #5066 Update cluster-baremetal-operator to 4.13 branch (#5078) #5078  
NO-ISSUE: add release tag to notified events versions (#5068) #5068  
MGMT-14109 : Set P and Z architectures support label as tech-preview on 4.12 (#5072) #5072 MGMT-13308 : Adding events pagination - Currently events are retrieved by the service as a list of events which match the query. This commit is implementing events pagination. (#4987) #4987 MGMT-14073 : Fix logging for event uploader (#5070) #5070 Remove README section about the assisted-service live iso (#5069) #5069  
MGMT-14040 : Add log that shows event upload is running (#5054) #5054 Bump OCP versions: 4.11 (#5060) #5060  
actually use the ENABLE_DATA_COLLECTION parameter (#5063) #5063  
MGMT-14075 : Fix register cluster won’t fail when creating cluster with P or Z architectures on 4.12 (#5061) #5061 MGMT-14000 : Document support-level new API (#5053) #5053 Cleanup BMAC logging (#5055) #5055  
Bump OCP versions: 4.12 (#5057) #5057  
MGMT-13550 : Create day2 support for node labeling (#5042) #5042 OKD: bump to latest stable release (#5020) #5020  
MGMT-14042 : Disable data collection for SaaS by default (#5056) #5056 Bump OCP versions: 4.13 (#5051) #5051  
manifests: Add a shebang to NM dispatcher script (#5050) #5050  
MGMT-12486 : Add ENABLE_DATA_COLLECTION environment variable to template.yaml (#5048) #5048 MGMT-13520 : filter out unnecessary validations for unbound host (#5023) #5023 MGMT-13862 : Return bed request on wrong feature-feature or feature-architecture combination. (#5039) #5039 MGMT-13947 : Revert assisted boot reporter service (#5035) #5035 Sparing the redirect for official k8s registry (#5033) #5033  
MGMT-13596 : Add PATCH to the Manifests API (#5015) #5015 Bump OCP versions: 4.12, 4.13, 4.9, 4.8, 4.11, 4.10 (#5043) #5043  
NO-ISSUE: remove the full ignition from log (#5032) #5032  
OCPBUGS-8335 : Don’t wait for console if disabled (#5022) #5022 Update multi image names (#5016) #5016  
ACM-4127 : Cache release images even if there is no matching OS image (#5027) #5027 MGMT-13957 : deny requests with query parameters matching node-boot. Directed at upload files (#5037) #5037 In case the converged flow is enabled and the assisted-service fails to get a valid ironic inspection URL it’s using the Ironic URL as default. (#5031) #5031  
MGMT-13903 : Select inside machine CIDR for BMH (#5024) #5024 MGMT-13904	Add missing feature IDs. (#5030) #5030  
MGMT-13913 : Fix empty features list when calling GET v2/support-levels/features (#5029) #5029 MGMT-13859 : notify when creating cluster and resources (#5013) #5013 Allow removing the agent when BMH is deleted (#4948) #4948  
MGMT-13659 : Design a feature support mechanism that supports different feature-support criteria (#4989) #4989 MGMT-12486 : Implement data sending for on-prem deployments (#4880) #4880 Fix invalid character in feature-support enhancement (#5021) #5021  
MGMT-13780 : Write a feature-support-level enhancement doc (#5000) #5000 MGMT-13398 omit BMH secret from day2 spoke worker (#5009) #5009  
NO-ISSUE: display code coverage locally without mocks (#5011) #5011  
Full changelog  
OCPBUGS-58642 : CVE-2024-45339: Bump glog pkg version to 1.2.4 (#1194) #1194 OCPBUGS-53715 : Bump jwt to 4.5.2 in release-4.14 (#1093) #1093 Bump golang.org/x/net to v0.33.0 (#1012) #1012  
OCPBUGS-15347 : Update version go-http-metrics/gin (#933) #933 MGMT-17594 : Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#834) #834 MGMT-17591 : Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#830) #830 MGMT-16843 : Ensure valid hostname during install (#794) #794 OCPBUGS-20049 : Remove uninitialized taint for agent-based installs (#753) #753 NO-ISSUE: dependabot exclude k8s (#706) #706  
OCPBUGS-16482 : bump golangci-lint to 1.53.1 (#702) #702 OCPBUGS-4240 : allow controller to complete for agent-based installs (#700) #700 MGMT-15235 : Compile with CGO_ENABLED=1 for amd64 (#699) #699 Revert “MGMT-15235: Compile with CGO_ENABLED=1 for FIPS (#683)” (#693) #683  
OCPBUGS-17252 : Bump golang.org/x/net/html (#695) #695 Updating ose-agent-installer-orchestrator images to be consistent with ART (#652) #652  
MGMT-15343 : dependabot group updates (#692) #692 MGMT-15344 : Assisted-controller should not timeout on waiting cvo by itself (#688) #688 MGMT-15235 : Compile with CGO_ENABLED=1 for FIPS (#683) #683 MGMT-13586 : Wait for ETCD Bootstrap to complete (#670) #670 NO-ISSUE: Remove slaviered from project OWNERS (#669) #669  
NO-ISSUE: Bump github.com/go-openapi/strfmt from 0.21.3 to 0.21.7 (#663) #663  
Updating ose-agent-installer-csr-approver images to be consistent with ART (#651) #651  
MGMT-14299 : Limit untaint nodes to vsphere/nutanix (#660) #660 NO-ISSUE: Add javipolo to approvers (#659) #659  
MGMT-12967 : Create network policy in assisted-installer namespace (#658) #658 NO-ISSUE: Bump github.com/onsi/gomega from 1.24.2 to 1.27.5 (#656) #656  
MGMT-14114 : Nutanix - uninitialized set on nodes (#653) #653 Full changelog  
OCPBUGS-58652 , OCPBUGS-58657 : Bump glog to v1.2.5 in release-4.14 (#1073) #1073 OCPBUGS-53707 : Bump golang-jwt/jwt/v4 to 4.5.2 in release-4.14 (#973) #973 OCPBUGS-46955 : Bump golang.org/x/net to 0.33.0 (#885) #885 OCPBUGS-16483 : Update apimachinery dependency to remove goproxy dep (#709) #709 OCPBUGS-33404 : Make removable disks eligible (#725) #725 MGMT-17594 : Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#705) #705 MGMT-17591 : Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#703) #703 MGMT-17541 : Replace broken golangci reference (#698) #698 NO-ISSUE: Bump the go-dependencies group with 1 update (#597) #597  
NO-ISSUE: Bump the go-dependencies group with 5 updates (#595) #595  
MGMT-15661 : Update to latest ghw version (#594) #594 MGMT-15235 : Allow setting CGO_ENABLED flag (#589) #589 MGMT-15235 : Compile with CGO_ENABLED=1 for amd64 (#588) #588 Revert “MGMT-15235: Compile with CGO_ENABLED=1 for FIPS (#569)” (#582) #569  
OCPBUGS-17251 : Bumping golang.org/x/net (#586) #586 MGMT-14933 : Detect if the host in running in OCI (#585) #585 MGMT-15359 : support appliance multipath virtual device (#584) #584 MGMT-13111 : Freeze on 404 Not Found (#583) #583 MGMT-15343 : dependabot remove docker (#581) #581 MGMT-15343 : dependabot group updates (#579) #579 Updating ose-agent-installer-node-agent images to be consistent with ART (#575) #575  
OCPBUGS-16373 : Ignore arping errors on RHEL 9 (#576) #576 NO-ISSUE: Bump github.com/coreos/ignition/v2 from 2.16.0 to 2.16.2 (#574) #574  
NO-ISSUE: Bump github.com/PuerkitoBio/rehttp from 1.1.0 to 1.2.0 (#568) #568  
MGMT-15235 : Compile with CGO_ENABLED=1 for FIPS (#569) #569 NO-ISSUE: Bump golang.org/x/sys from 0.9.0 to 0.10.0 (#566) #566  
NO-ISSUE: Bump github.com/coreos/ignition/v2 from 2.15.0 to 2.16.0 (#564) #564  
AGENT-594 : remove agent based installer code (#563) #563 NO-ISSUE: Bump golang.org/x/sync from 0.2.0 to 0.3.0 (#561) #561  
MGMT-14540 : Mark Appliance disk(s) with a partition name prefix ‘agent’ as eligible (#554) #554 OCPBUGS-14848 : Filter out hidden devices (#558) #558 NO-ISSUE: Bump github.com/onsi/gomega from 1.27.7 to 1.27.8 (#555) #555  
NO-ISSUE: Bump github.com/go-openapi/swag from 0.22.3 to 0.22.4 (#556) #556  
MGMT-13009 : Auto rename host with VLAN (#553) #553 NO-ISSUE: Bump github.com/itchyny/gojq from 0.12.12 to 0.12.13 (#552) #552  
NO-ISSUE: Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#550) #550  
MGMT-14751 : Detect DASD disks (s390x) (#549) #549 NO-ISSUE: Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 (#545) #545  
NO-ISSUE: Bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#543) #543  
NO-ISSUE: Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#544) #544  
MGMT-14526 : Refernce latest assisted service to reflect domain name pattern change (#542) #542 Updating ose-agent-installer-node-agent images to be consistent with ART (#516) #516  
NO-ISSUE: Bump golang.org/x/sync (#541) #541  
NO-ISSUE: Remove slaviered from project OWNERS (#539) #539  
MGMT-14481 : journal logs are empty during installation on rhel9.2 (#538) #538 NO-ISSUE: Bump github.com/go-openapi/runtime from 0.25.0 to 0.26.0 (#537) #537  
MGMT-14319 chronyc segfaulting (#534) #534  
NO-ISSUE: Bump golang.org/x/sys from 0.6.0 to 0.7.0 (#533) #533  
NO-ISSUE: Bump github.com/cenkalti/backoff/v4 from 4.1.3 to 4.2.1 (#532) #532  
NO-ISSUE: Bump github.com/onsi/gomega from 1.27.5 to 1.27.6 (#530) #530  
NO-ISSUE: Bump github.com/go-openapi/strfmt from 0.21.5 to 0.21.7 (#529) #529  
Force update to pick up latest libs (#531) #531  
NO-ISSUE: Bump github.com/go-openapi/strfmt from 0.21.3 to 0.21.5 (#525) #525  
NO-ISSUE: Bump github.com/onsi/gomega from 1.27.3 to 1.27.5 (#528) #528  
MGMT-13946 : Ignore Proliant Gen 11 serial (#522) #522 NO-ISSUE: Bump github.com/onsi/gomega from 1.27.1 to 1.27.3 (#520) #520  
NO-ISSUE: Bump golang.org/x/sys from 0.5.0 to 0.6.0 (#519) #519  
OCPBUGS-8695 : vendor agent-installer-utils to v0.0.0-20230310220517-8506fbb6a346 (#517) #517 OCPBUGS-8677 : vendor agent-installer-utils to v0.0.0-20230308101916-306b7995977e (#514) #514 OCPBUGS-8390 : vendor agent-installer-utils to v0.0.0-20230307094740-57807526b660 (#512) #512 NO-ISSUE: Bump github.com/itchyny/gojq from 0.12.11 to 0.12.12 (#511) #511  
NO-ISSUE: Bump github.com/spf13/afero from 1.9.3 to 1.9.5 (#510) #510  
Full changelog  
OCPBUGS-21350 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #36 OCPBUGS-16783 : Chore: Update OWNERS #32 OCPBUGS-12544 : 4.14: UPSTREAM: 763: Bump (golang.org/x/net): to address CVE-2022-41723 #30 STOR-1159 : Rebase to v1.1.7 #29 Updating ose-alibaba-cloud-csi-driver images to be consistent with ART #28  
Updating ose-alibaba-cloud-csi-driver images to be consistent with ART #27  
Updating ose-alibaba-cloud-csi-driver images to be consistent with ART #26  
Updating ose-alibaba-cloud-csi-driver images to be consistent with ART #25  
Full changelog  
OCPBUGS-25657 : Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #81 OCPBUGS-23078 : CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #71 OCPBUGS-21443 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #64 STOR-1439 : Restart controller Pods if metrics-serving-cert changed #56 OCPBUGS-16783 : Chore: Update OWNERS #54 OCPBUGS-14824 : Bump alibaba-disk-csi-driver-operator library-go #53 STOR-1168 : Bump common libraries #51 OCPBUGS-12545 : Bump golang.org/x/net@v0.9.0 #50 Updating ose-alibaba-disk-csi-driver-operator images to be consistent with ART #49  
Updating ose-alibaba-disk-csi-driver-operator images to be consistent with ART #48  
Updating ose-alibaba-disk-csi-driver-operator images to be consistent with ART #47  
OCPBUGS-8683 : Add management workloads annotations #46 Updating ose-alibaba-disk-csi-driver-operator images to be consistent with ART #45  
Full changelog  
Updating ose-alibaba-machine-controllers images to be consistent with ART #42  
OCPBUGS-10134 : Updating ose-alibaba-machine-controllers images to be consistent with ART #41 Full changelog  
OCPBUGS-33078 : Explicitly reserve 1 attachment for the root disk #306 OCPBUGS-25657 : Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #302 OCPBUGS-23078 : CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #296 OCPBUGS-21057 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #280 STOR-1432 : hypershift: deploy controller with control plane release images #252 OCPBUGS-16783 : Chore: Update OWNERS #251 Bump k8s.io/apiextensions-apiserver from 0.27.1 to 0.27.4 #250  
Bump k8s.io/component-base from 0.26.3 to 0.27.3 #240  
OCPBUGS-15823 : Change CSI RPC call timeouts #248 STOR-1065 : Rework sidecar bindings to bind common ClusterRoles #244 OCPBUGS-14824 : Bump efs-ebs-driver-operator library-go #247 STOR-1168 : Bump common libraries #222 Bump Kubernetes libs to v0.27.1 #243  
STOR-1167 : Enable extra-create-metadata to tag snapshots #223 STOR-1300 : Restart controller Pods if metrics-serving-cert changed #216 OCPBUGS-11882 : Added safe-to-evict-local-volume annotation from bound-sa-token to ebs-controller #232 OCPBUGS-11882 : Added safe-to-evict annotation to aws-ebs-csi-driver-controller pods #231 OCPBUGS-13017 : assets/hypershift/controller_sa: Set controller ServiceAccount imagePullSecrets #219 Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #217  
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #215  
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #214  
Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 #207  
OCPBUGS-8691 : Hypershift: set control plane operand properties #205 Bump k8s.io/apiextensions-apiserver from 0.26.2 to 0.26.3 #203  
OCPBUGS-8752 : fix: typo #198 OCPBUGS-8752 : feat: add workload annotation to deployment and daemonset #194 Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #195  
Bump k8s.io/apiextensions-apiserver from 0.26.1 to 0.26.2 #189  
Bump k8s.io/klog/v2 from 2.90.0 to 2.90.1 #190  
Full changelog  
OCPBUGS-32884 : Upgrade go-jose module to 2.6.3 #189 OCPBUGS-21761 : Backport the recent rebase to 4.14 #168 NO-ISSUE: Sync OWNERS with team members #176  
snyk: exclude vendor/ #171  
Bump to go 1.20 in go.mod #163  
Updating ose-aws-pod-identity-webhook images to be consistent with ART #162  
Updating ose-aws-pod-identity-webhook images to be consistent with ART #159  
Full changelog  
OCPBUGS-25657 : Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #120 OCPBUGS-23078 : CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #109 OCPBUGS-20784 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #101 OCPBUGS-16654 : Revert revert “STOR-1065: Rework sidecar bindings to b… #88 OCPBUGS-16496 : Bump library-go to remove dependency on goproxy #90 OCPBUGS-16783 : Chore: Update OWNERS #89 Revert “STOR-1065: Rework sidecar bindings to bind common ClusterRoles” #87  
STOR-1065 : Rework sidecar bindings to bind common ClusterRoles #84 OCPBUGS-14824 : Bump azure-disk-csi-driver-operator library-go #85 CCO-324 : Unrevert “CCO-324: add support for workload identity” #83 Revert “CCO-324: add support for workload identity” #82  
CCO-324 : add support for workload identity #78 STOR-1168 : Bump common libraries #81 OCPBUGS-12559 : Bump golang.org/x/net@v0.9.0 #80 Updating ose-azure-disk-csi-driver-operator images to be consistent with ART #79  
OCPBUGS-8683 : Add management workloads annotations #74 OCPBUGS-10842 : Reorder static resources to create RBAC first #75 Updating ose-azure-disk-csi-driver-operator images to be consistent with ART #73  
And 1 elided commits (e.g. from squash or rebase merges) 
Full changelog  
ART-13080 : Regenerate go.mod to fix build failures #95 OCPBUGS-41164 : bump mount-utils to treat ENODEV error as corrupted mount #79 OCPBUGS-33039 : Rebase v1.29.5 for OCP 4.14 #66 OCPBUGS-20884 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #37 OCPBUGS-17285 : UPSTREAM: 1355: build(deps): bump golang.org/x/net from 0.12.0 to 0.14.0 #33 OCPBUGS-16783 : Chore: Update OWNERS #32 OCPBUGS-15657 : Update to 1.28.1 #31 STOR-1160 : Rebase to v1.28.0 for OCP 4.14 #29 Updating azure-file-csi-driver images to be consistent with ART #28  
Updating azure-file-csi-driver images to be consistent with ART #27  
Updating azure-file-csi-driver images to be consistent with ART #26  
Updating azure-file-csi-driver images to be consistent with ART #25  
Full changelog  
OCPBUGS-33039 : add token audience for Azure File #104 OCPBUGS-25657 : Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #94 OCPBUGS-23078 : CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #83 OCPBUGS-20983 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #76 STOR-1434 : Restart controller Pods if metrics-serving-cert changed #68 OCPBUGS-16654 : Revert revert “STOR-1065: Rework sidecar bindings to b… #64 OCPBUGS-16783 : Chore: Update OWNERS #65 OCPBUGS-16498 : Bump library-go to remove dependency on goproxy #66 Revert “STOR-1065: Rework sidecar bindings to bind common ClusterRoles” #63  
STOR-1065 : Rework sidecar bindings to bind common ClusterRoles #60 CCO-325 : Unrevert “CCO-325: add support for workload identity” #62 STOR-989 : Remove SC and manifest  file for NFS backend #58 OCPBUGS-14824 : Bump azure-file-csi-driver-operator library-go #61 Revert “CCO-325: add support for workload identity” #59  
CCO-325 : add support for workload identity #54 CCO-325 : Mount serviceaccount token into csi-driver container #53 STOR-1168 : Bump common libraries #57 OCPBUGS-12561 : Bump golang.org/x/net@v0.9.0 #56 Updating azure-file-csi-driver-operator images to be consistent with ART #55  
Updating azure-file-csi-driver-operator images to be consistent with ART #52  
Updating azure-file-csi-driver-operator images to be consistent with ART #51  
OCPBUGS-10842 : Reorder static resources to create RBAC first #50 OCPBUGS-8683 : Add management workloads annotations #49 Updating azure-file-csi-driver-operator images to be consistent with ART #48  
Full changelog  
OCPBUGS-62814 : Release 4.14 bump terraform provider azurerm #10001 OCPBUGS-55193 : data/manifests/bootkube/cvo-overrides: Default to eus-4.14 #9643 OCPBUGS-54323 : Update upi references to api-internal #9609 OCPBUGS-54264 : IBMCloud: Move to IBM TF openshift fork #9605 OCPBUGS-54260 : vsphere-fix convert if only provided name #9602 OCPBUGS-52996 : Bump terraform-provider-google version to v5.37.0 to fix consistent issues during cluster creation #9587 OCPBUGS-53210 : PowerVS: remove system pools #9572 OCPBUGS-46606 : Power VS: Create region-zone-sysType hierarchy #9331 OCPBUGS-48196 : IBMCloud: Ignore failed VPC regions #9350 OCPBUGS-45464 : add chrony.conf file when additional NTP sources are configured #9269 OCPBUGS-43505 : Stop rendering networks.config CRD #9105 OCPBUGS-42285 : Add AWS r8g to arm tested instance types #9050 OCPBUGS-42848 : add tested instance type for IBMCloud #9082 OCPBUGS-25508 : Update Golang SSH package version update to 0.17.0 #8992 OCPBUGS-39411 : Added yq to ci image #8943 OCPBUGS-36180 : baremetal IPI without provisioning network failing on provisioning-interface.service #8712 OCPBUGS-36089 : [release-4.14] bump go-retryablehttp for CVE fix #8658 OCPBUGS-37183 : ic: fix typo in warning message #8771 OCPBUGS-37068 : update RHCOS 4.14 bootimage metadata to 414.92.202407091253-0 #8748 OCPBUGS-36748 : Add yq-v4 to the upi-installer image for CI #8684 OCPBUGS-35827 : If host is offline or disconnected don’t check ver #8634 OCPBUGS-35826 : [release-4.14] bump github.com/containers/image for CVE fix #8633 OCPBUGS-35485 : [release-4.14] aws: terraform: add spot instance support for masters #8605 OCPBUGS-34024 : go.mod: bump aws-sdk-go for ca-west-1 support #8440 OCPBUGS-33401 : PowerVS: Add composite_instance to listServiceInstances #8479 CORS-2951 : Add deprecation notice for OpenShiftSDN for 4.14 users #8518 OCPBUGS-28611 : remove retired serial NCv2 from azure tested instance type list on x86 #7960 OCPBUGS-27394 : preserve category name when trying to find tag category #7926 OCPBUGS-33010 : escape ‘%’ in proxy settings #8318 OCPBUGS-31756 : openstack: Honour worker server group policy #8231 NO-ISSUE: test fix to support slightly different nmstate error messages #8286  
OCPBUGS-32358 : Updated libvirt installer to include multi-arch yq and symlink for backwards compatibility #8281 OCPBUGS-31885 : Validate control plane replicas #8241 OCPBUGS-31677 : coreos-installer iso kargs show broken on Agent ISO #8228 OCPBUGS-31338 : upi: aws: fix typo in worker templates #8203 Bug OCPBUGS-30187: OpenStack: fix controlPlanePort validation #8095  
OCPBUGS-30027 : gcp: better error msg when service accnt missing #8078 OCPBUGS-30259 : PowerVS remove ibm cloud/bluemix go 4.14 #8103 OCPBUGS-29123 : IBMCloud: Handle disk delete errors #7988 OCPBUGS-29626 : update RHCOS 4.14 bootimage metadata to 414.92.202402130420-0 #8037 OCPBUGS-28929 : [release-4.14] Bump containerd for vulnerability fix #7981 OCPBUGS-27419 : Fix depreciated typo #7929 OCPBUGS-24521 : set vmType in azure cloud config [release-4.14] #7804 OCPBUGS-23738 : vSphere - when using RP network path is incorrect #7759 OCPBUGS-27241 : baremetal: correct external_http_url for v6-only BMCs #7914 OCPBUGS-22315 : bootstrap: Enable gatewayd units only on RHCOS #7628 OCPBUGS-23498 : update RHCOS 4.14 bootimage metadata to 414.92.202401110948-0 #7919 OCPBUGS-20860 : Bump versions for golang modules to accommodate fixes for CVE-2023-39325 & CVE-2023-44487 #7887 OCPBUGS-22895 : Do not generate azure-cloud-provider in manual mode for aro builds #7670 OCPBUGS-22771 : aws: use security groups from defaultMachinePlatform #7658 OCPBUGS-24489 : baremetal: populate customDeploy in advance #7802 OCPBUGS-22770 : destroy: gcp: fix destroying regional disks #7657 Bug OCPBUGS-22776: OpenStack: Fix IPv6 address configuration for bootstrap #7660  
OCPBUGS-22978 : IBMCloud: Add eu-es region #7684 OCPBUGS-23399 : Check if PER is enabled in the target PowerVS workspace #7736 OCPBUGS-22688 : Bump Fedora CoreOS to latest stable #7647 OCPBUGS-22774 : Add KMS encryption keys if provided #7659 OCPBUGS-21868 : vSphere,segfault on version check #7605 OCPBUGS-22945 : Update gcloud version to 447.0.0 #7681 OCPBUGS-22187 : azure: validation: validate defaultMachinePlatform #7615 OCPBUGS-22758 : update RHCOS 4.14 bootimage metadata to 414.92.202310210434-0 #7655 OCPBUGS-19922 : Release 4.14 skip agent tui on external oci platform #7599 OCPBUGS-21653 : Rectify GCP label key validation check #7606 OCPBUGS-20357 : update RHCOS 4.14 bootimage metadata to 414.92.202310170514-0 #7618 OCPBUGS-20396 : Unable to disable external CCM for platform external #7594 OCPBUGS-20522 : Use changes to AgentClusterInstall during loading #7588 Enforcing the serial execution of the integration tests #7598  
OCPBUGS-20581 : enable cloud controller manager type to be defined #7581 OCPBUGS-20441 : Warn about host and target compatibility #7583 OCPBUGS-20345 : Enable serial console for external OCI platform #7569 OCPBUGS-20401 : always write AWS cloud.conf #7578 OCPBUGS-19922 : Do not start agent-tui if no graphical console available #7539 OCPBUGS-20103 : GCP default value for service account #7553 OCPBUGS-19953 : AWS terraform bootstrap destroy will not refresh state #7543 OCPBUGS-20066 : Use updated ansible-core for Openstack image #7551 OCPBUGS-19835 : Enable FIPS in agent ISO #7541 OCPBUGS-19846 : Graceful fail for AWS getUser on destroy #7532 OCPBUGS-19033 : Add Net capabilities to dnsmasq container #7489 OCPBUGS-19319 : Handle agent tui failure gracefully #7497 OCPBUGS-19738 : Remove warning about CPUPartitioning #7529 OCPBUGS-19300 : Implement workaround to allow SNO installations for OKD/FCOS #7479 OCPBUGS-19702 : Increase bootstrap timeout for vSphere platform by 30 mins #7528 OCPBUGS-19636 : Pass CPUPartitioning via install-config overrides if set #7521 OCPBUGS-18181 : update RHCOS 4.14 bootimage metadata to 414.92.202309201615-0 #7517 OCPBUGS-18719 : for vsphere ipi add cluster domain to the uploaded vm configs so that… #7477 OCPBUGS-18883 : Do not set FailureDomains on CPMS when in a single zone Azure region #7483 AGENT-702 : Generate minimal ISO for external platform #7478 OCPBUGS-18428 : Add ip=dhcp,dhcp6 kernel param for vSphere dual-stack #7467 OSDOCS-6999 : tested machine series ‘C3’, ‘C2D’ #7381 OCPBUGS-18450 : AWS permission missing for security group viewing. #7460 OCPBUGS-18365 : Fix defaulting of userManagedNetworking value #7458 integration tests: Swap order of diff arguments #7462  
AGENT-693 : Support external platform #7442 OCPBUGS-18457 : Make extracting ISO kargs more robust #7463 OCPBUGS-18457 : Fix PXE integration tests #7461 OCPBUGS-17806 : gomod: bump openshift/api version #7421 OCPBUGS-17770 : azure: use marketplace image plan’s publisher #7426 OCPBUGS-7690 : azure: destroy: dns records leak if permissions missing #7433 OCPBUGS-17869 : azure: fix setting outboundType #7455 OSDOCS-6880 : Adding 64-bit ARM GCP instance types to documentation #7320 OCPBUGS-16204 : aws: attach additional security groups to controlPlane #7352 OCPBUGS-18046 : update govc version to v0.30.7 #7425 OCPBUGS-15659 : IPI pre-check for MachineAPI capability #7414 OCPBUGS-17860 : OpenStack: Remove NodePorts range 0.0.0.0/0 rules #7405 OCPBUGS-17073 : Revert “Merge pull request #7205 from rna-afk/azure_managed_by_tag” #7412 OCPBUGS-17940 : Add COS endpoint to proxy server (Power VS) #7430 AGENT-692 , OCPBUGS-3860 : Update assisted-service dependencies #7439 OCPBUGS-17227 : gcp: fix validation of custom instance types #7388 OCPBUGS-17869 : azure: put NAT gateway behind TechPreviewNoUpgrade #7434 Destroy startironic.sh forever #7250  
CORS-2660 : GCP: deprecate the licenses field #7397 CFE-858 : Update google terraform provider to latest version #7201 MULTIARCH-3676 : PowerVS TG terraform changes #7389 CFE-686 : Generate Infrastructure CR with the GCP user defined tags & labels #7138 CFE-687 : Apply user defined labels on created gcp resources #7153 OCPBUGS-11999 : upkeep: updated description to remove techpreview #7313 CORS-2700 : Make bootstrap S3 bucket optional during bootstrap destroy #7288 CFE-688 : Update install-config CRD to support gcp labels and tags #7126 OCPBUGS-16776 : update RHCOS 4.14 bootimage metadata to 414.92.202308032115-0 #7409 Add baremetal capability validation #7394  
azure: validation: machinepool: sort slice before comparing #7407  
OCPBUGS-13408 : Log message and add integration test #7408 PowerVS: Update listCOSInstances to continue querying #7404  
maintenance: update openshift/api #7401  
MGMT-13628 : add support for confidential VMs on Azure #7312 openstack: Test zero replicas in worker machine-pool #7400  
OpenStack: Fix user docs for additional network with IPv6 #7395  
gather: Use journalctl -o with-unit #7371  
SPLAT-1123 : Revert Alibaba deprecation warning #7396 OCPBUGS-15994 : Update core password after loading config-image #7338 OpenStack: Remove SGS created by CPO on destroy #7378  
data/data/coreos: bump FCOS to F38 stable #7311  
OCPBUGS-16912 : Ensure DHCPv6 client sends Solicit with mac address #7384 Bug OCPBUGS-16249: Add ip=dhcp,dhcp6 option to Kernel args #7367  
PowerVS: Check whether Machine pool CIDR is /24 #6903  
OCPBUGS-16292 : GCP XPN: clarify service account support #7347 OCPBUGS-6759 : Fix discrepancy with disk size master #7100 OCPBUGS-16959 : openstack/upi: add missing modules namespaces + doc #7373 CORS-2719 : Remove service account user permission #7291 OCPBUGS-17064 : always create a MachineSet #7380 OpenStack: Fix default for openstack_worker_server_group_names #7359  
OCPBUGS-16692 : OpenStack: fix crash with empty platform in machinepool #7363 CORS-2445 : GCP add bootimage override in install-config #7215 CORS-2503 : azure: use marketplace images for all nodes #6890 MULTIARCH-3676 : PowerVS add transit gateway destroy #7294 CORS-1770 : Support pd-balanced disk types for GCP deployments #7337 OCPBUGS-15989 : vSphere - bump terraform provider #7354 OWNERS_ALIASES: Add new user to owners_aliases #7348  
OCPBUGS-16515 : gcp: use zones available for both instance and project #7317 OCPBUGS-15852 : Single node cannot be installed if etcd appears in the hostname #7304 OCPBUGS-14877 : Validate that number hosts does not exceed replicas #7268 CORS-2628 : Allow users to set ManagedBy tag to resource group #7205 OCPBUGS-16380 : Add /etc/containers volume on create-cluster-and-infraenv #7332 OCPBUGS-16207 : ic: aws: validate max security groups #7345 OpenStack: Add steps to enable dual-stack clusters #7269  
Revert “Merge pull request #7096 from r4f4/gcp-instance-zones” #7360  
SPLAT-657 : AWS Local Zones subnets automation for edge compute pool #7137 OSASINFRA-3193 : Update openstack/Dockerfile.ci for ansible-core #7346 Include start-cluster.env in agent-gather #7350  
Fix the deployment on OpenStack for worker pools with no replicas. #7356  
OCPBUGS-16219 : Fix timing issue between network services #7355 OCPBUGS-16415 : Sync nmstateconfig script with assisted-service changes #7353 Agent: Allow additional kernel args to be passed to ISO #7306  
Remove mentions of use-octavia #7335  
OCPCLOUD-2036 : introduce External platform type #7217 OCPBUGS-16395 : openstack/upi: update doc for CCPMSO #7351 OCPBUGS-16245 : Make nmstateconfig.yaml optional in config-drive #7333 OSASINFRA-3181 : Volume Types for OpenStack CPMS #7300 CORS-2445 : GCP: Add default values for arm64 #7258 PowerVS: Replace deprecated key_id attribute with name for ibm_pi_key resource #7256  
PowerVS: Handle empty serviceInstanceID in metadata.json #7328  
OpenStack: Dual stack support with BYON #6797  
MULTIARCH-3667 : Add support for CPMSO for Power VS #7226 OCPBUGS-15421 : Allow different service account for xpn installs in gcp #7308 OCPBUGS-15997 : openstack: add root volume AZ validation #7309 aws: drop hostedZoneRole Feature Gate #7327  
Agent: clear service status once all services started #7316  
AGENT-660 Display insert config image message to console #7299  
PowerVS: Create new newAuthenticator function #7321  
OCPBUGS-9404 : azure: skip LB creation when not needed #7063 Revert “Merge pull request #7289 from r4f4/padillon-settle-ops” #7318  
Agent: Log kernel params when generating pxe assets #7314  
OCPBUGS-15238 : GCP: ic: client: use a higher context timeout #7290 AGENT-648 : Remove validation check limiting None platform to SNO #7236 Allow destroy for C2S isolated (us-iso and us-isob) partitions. #7086  
OCPBUGS-15999 : update RHCOS 4.14 bootimage metadata to 414.92.202307070025-0 #7310 OCPBUGS-14900 : Use correct SELinux label. Make rename atomic. #7307 create: add check for cluster operator stability #7289  
SPLAT-827 : support static IP assignments with vSphere IPI #7179 AGENT-562 : Load config from config image #7200 OCPBUGS-15825 : Fix agent gather tui logs #7293 OSASINFRA-3155 : OpenStack: Create ControlPlaneMachineSet CRDs #7280 ic: gcp: validate instances against user-configured zones #7096  
AGENT-678 : Fix concurrency issue in agent integration tests #7303 OCPBUGS-14762 : Use the same names for public LB in IPI and UPI Azure #7292 OCPBUGS-2324 : terraform: aws: bump version to 5.4.0 #7274 tls/root: Document this more and change friendly name #7232  
CORS-2572 : azure: implement egress via NAT gateway #6933 docs: Add note about not configuring allowed address pairs for day 2 manila configuration #7287  
OCPBUGS-14932 : specify azure cli version #7297 OCPBUGS-14932 : Update azure cli to 2.40.0+ #7216 PowerVS Add support for Capped processors #7286  
CORS-2645 : AWS Cross-Account Private Hosted Zone: Add Further Validations #7253 AGENT-624 : Allow override of networkType #7223 Update hack/go-test.sh to golang 1.20 #7270  
AGENT-627 : Decompress kernel on ARM #7276 OWNERS_ALIASES: offboard ashcrow and bgilbert from CoreOS #7275  
AGENT-558 Generate unconfigured agent ignition #7186  
OWNERS: merge agent/installer #7278  
OSASINFRA-3182 : openstack: remove portTargets #7239 AGENT-498 : Get iPXE script template kernel parameters from ISO #7150 OCPBUGS-15238 : GCP: ic: improve project validation #7267 Default dataStore is returned the name instead the inventoryPath #7261  
Use the correct image name for agent-tui extraction #7266  
OCPBUGS-13636 : new Aws secret regions support #6184 CORS-2372 : Azure: auth Installer with Managed Identity from VM #7108 OCPBUGS-11796 : azure: skip NSG creation when BYO vnet #7094 OCPBUGS-9435 : terraform: aws: secret regions now support ALIAS record #7184 SPLAT-1094 : warn users about deprecation of Alibaba Cloud #7257 OCPBUGS-14869 : Add timezone info in installer logs #7243 CORS-2656 : Remove context from cluster uninstaller struct #7169 openstack: document external LB #6920  
bootkube: Drop cruft in MCO bootstrap #7244  
Update OWNERS_ALIASES #7203  
Agent: run shellcheck on start-cluster-installation.sh #7062  
OSASINFRA-2168 : Docs: update OpenStack requirements #7015 OCPBUGS-15095 : Add kubevirt digest-ref in RHCOS boot images #7254 AGENT-563 : Create configuration image #7157 AGENT-510 : Support interactive network console when pxe booting #7185 Allow CustomNoUpgrade features via install-config #7246  
MULTIARCH-3664 : enable multipath for powervs #7222 OCPBUGS-13960 : update RHCOS 4.14 bootimage metadata to 414.92.202306141028-0 #7247 CFE-829 : Remove Azure Tags TechPreview only indicators and checks #7187 CORS-2631 : Add additional security group ids in AWS #7151 AGENT-596 : use agent-installer-utils for agent-tui extraction #7212 AGENT-491 : Support pxe base url #6723 OCPBUGS-14917 : PowerVS: Cleanup service instances for destroy cluster #7173 OpenStack: add support to multiple subnets in the bootstrap #7111  
Add ControlPlaneMachineSet for Nutanix #7119  
OPNET-298 : Allow primary-v6 dual-stack on vSphere #7124 CORS-2613 : AWS: Cross-account Shared VPC Support #7225 OpenStack: support user provided dual-stack api and ingress Port #7133  
OpenStack: configure IPv6 address in the bootstrap node #7128  
SPLAT-995 : vSphere Add new template field #6995 OCPBUGS-14757 : images: installer: add xz to the container #7238 OCPBUGS-14818 : disable oVirt provider #7213 AGENT-556 : Wait for rendezvous host configuration #7068 OCPBUGS-13955 : support OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE #7211 OCPBUGS-14121 : Convert Rendezvous IPv6 address to canonical format #7234 OCPBUGS-14416 : Shorten SNO installation duration by releasing CPC lease #7219 OCPBUGS-14565 : Replace with govc docker image and fix ibmcli folder permission issue #7231 OCPBUGS-13108 : Log additional host info at warning level #7209 OCPBUGS-13662 : Ignore CPUPartitioning for ABI #7218 OCPBUGS-11736 : gcp use preconfigured private zone for installation #7155 Bump & vendor k8s 1.27 dependencies #7220  
OCPBUGS-10342 : Check that number of replicas matches hosts #7059 OSASINFRA-3153 : move loadBalancer API to GA for OpenStack #7127 OCPBUGS-10306 : [vSphere] Upi installation failed due to VMs for master and worker node creation failed #6999 AGENT-567 : Re-enable ‘create pxe-files’ command #7102 AGENT-555 : Move Rendezvous Host config to separate file #7061 OCPBUGS-13764 : Support /dev/disk/by-path root device hints #7192 OCPBUGS-1769 : Ignore IAM Roles that the Installer is not authorized to access #7180 OCPBUGS-14077 : MULTIARCH-3492: Avoid conflicting subnets #7145 OCPBUGS-14076 : PowerVS: Remove ClusterOSImage #6996 OCPBUGS-13094 : Use oc command in bootkube.service in a disconnected env #7178 OCPBUGS-7410 : Reject active VPC connections before service destroy #7101 OCPBUGS-7699 : CVE: go-getter vulnerable to denial of service via malicious compressed archive #6893 OCPBUGS-13552 : vSphere Add ova sha query; additional debugging #7171 OCPBUGS-13718 : ic: azure: validate diskTypes in AzureStack #7194 OCPBUGS-9378 : vSphere set bootstrap/master efi #7154 OCPBUGS-13535 : Set AdditionalTrustBundle in override when mirroring not enabled #7182 OCPBUGS-13547 : Ensure –payload-version is set for MCO on bootstrap #7160 OCPBUGS-13547 : remove special cases for featureset in rendering #7189 OCPBUGS-7978 : FCOS: bump to latest stable version #6902 OCPBUGS-13628 : Revert “remove special cases for featureset in rendering” #7183 OCPBUGS-13300 : masters on a single compute server group #7172 OCPBUGS-3542 : Add bootstrapExternalStaticDNS #6585 remove special cases for featureset in rendering #7158  
OCPBUGS-13253 : update RHCOS 4.14 bootimage metadata to 414.92.202305090606-0 #7176 pass payload version and manifests to kas and kcm #7152  
OCPBUGS-9081 : openstack destroy: account for BULK DELETE limits on object-storage #7168 OCPBUGS-7699 : terraform: google: bump provider for go-getter CVE fix #7051 OCPBUGS-13107 : openstack destroy: Limit Swift workers to 3 #7165 Updating ose-installer-artifacts images to be consistent with ART #7122  
OCPBUGS-11921 : GCP XPN: Pass instance service acct in manual mode #7117 OCPBUGS-12964 : Bootstrap on aws should have same metadata service type as on other nodes #7149 OCPBUGS-11792 : update RHCOS 4.14 bootimage metadata to 414.92.202304252144-0 #7135 pass featuregate args to config-operator to get rendered featuregates #6990  
OCPBUGS-12904 : openstack: Add netcat to the Installer image #7142 OCPBUGS-12776 : GCP XPN Private Cluster Fails with no Public Zone #7134 OCPBUGS-12869 : fix nmstate related unit tests #7089 Updating ose-baremetal-installer images to be consistent with ART #7121  
Updating ose-installer images to be consistent with ART #7120  
OCPBUGS-12748 : use python3 for cloud sdk #7118 OCPBUGS-12196 : bump CVO to stable-4.14 #7114 OCPBUGS-11999 : fix: remove feature flag for cpu partitioning no longer needed #7110 OCPBUGS-11801 : Fix agent-tui libnmstate dependency name #7095 OpenStack: enable ingress traffic for dual-stack installations #7099  
OCPBUGS-10767 : Fix and improve locking session and AWS Metadata access #7070 OWNERS_ALIASES: offboard Sohan from CoreOS #7103  
OCPBUGS-9081 : openstack: Bump Gophercloud #7098 OCPBUGS-11100 , OCPBUGS-11102 , OCPBUGS-11418 : CVE: bump hashicorp/vault  version #7091 OCPBUGS-11788 : update RHCOS 4.14 bootimage metadata to 414.92.202304131328-0 #7092 OCPBUGS-8449 : Azure: don’t set default subscriptionID for disk encryption sets #7076 pkg: rhcos: use Errorf instead of Error #7074  
OCPBUGS-4998 : Log additional info when status is pending-user-action #7060 OCPBUGS-10673 : [Alibaba] update the bandwidth value of EIP #7011 OCPBUGS-11636 : AWS - Remove ACLs from s3 ign #7081 OCPBUGS-11479 : Upgrade libnmstate version used #7075 OCPBUGS-10478 : gather: azure: fix collecting VM serial logs #6992 Add imageDigestSources, deprecate imageContentSources #6235  
PowerVS: fix human readable group-id #7073  
docs: gcp: upi: update obtaining RHCOS source image #7072  
gcp: add confidential compute support for boostrap TF #7002  
AGENT-275 : Add new agent graph command to output agent internal dependency graph #7066 OCPBUGS-7954 : openstack: Only check HTTPS certs on public endpoints #7057 MULTIARCH-2517 : PowerVS: create install-config improvements #6885 OCPBUGS-10845 : Use 100 GB as minimum disk size in validations #7025 openstack: Bump CI base image to v4.14 #7052  
terraform: don’t run zip if building provider binary failed #7047  
OCPBUGS-8449 : pkg/asset/installconfig: set subscriptionID #6975 OCPBUGS-11039 : remove container-runtime flag from kubelet config #7036 rhcos: Bump to 414.92.202303281555-0 #7038  
update tested instance type on 4.13 #7042  
OCPBUGS-11038 : GCP: add europe-west12 region to the survey as supported region #7033 OCPBUGS-7966 : Do not remove host default configuration unless network configuration is provided for it #6991 OCPBUGS-2130 : vSphere - finding networks use full path cluster #6973 OCPBUGS-7699 : bump terraform for go-getter CVE fix #6892 OCPBUGS-8349 : Kubelet Client Cert should include system:serviceaccounts group #7032 OCPBUGS-10728 add project filter to gcp usage api requests #7018  
OCPBUGS-10638 : Properly handle invalid agent command #7005 OCPGUS-2363 : IBMCloud: Use direct COS endpoint #6952 OCPBUGS-9081 : openstack/destroy: BulkDelete more objects at once #7017 OCPBUGS-8035 : IBMCloud: Fix SSH Private bootstrap #6944 OCPBUGS-7973 : IBMCloud set dnsrecords offset #6924 OCPBUGS-8509 : baremetal: do not use port 80 for httpd #6945 OCPBUGS-9982 : bootstrap-pivot: skip pivot in SCOS Live ISO #6965 PowerVS: Add capacity checks before installation #6850  
OCPBUGS-8237 : update terraform-provider-ironic to 0.4.0 #6956 OCPBUGS-6727 : Nutanix Hostname of the VM is not set when using DHCP network config #6981 AGENT-502 : add agent-tui it test #6978 openstack: Remove version info, update lb FIP -> API FIP #7001  
OCPBUGS-10570 : openstack: No master primarySubnet control-plane if portTarget is set #6994 OSDOCS-5240 : doc/fix-aws-localzones: replace jq to aws –query #6993 OCPBUGS-10207 : Do not always output warning msg when releaseImage is digest #6971 OCPBUGS-7015 : vsphere, nutanix survey: relax vip in machine cidr #6967 OCPBUGS-9949 : Verify output file exists when oc image extract is run #6960 OCPBUGS-7954 : openstack: Provide manual instructions for invalid certificates #6998 OCPBUGS-10313 : fix agent tui showing up multiple times #6977 Bump mongo-driver from 1.10 to 1.11.2 #6987  
OCPBUGS-8540 : CVE: bump mongo-go-driver for fix #6950 OCPBUGS-10394 : Sort userTags in Machine and Machineset manifests #6976 Shorten SNO installation duration by releasing CVO lease #6757  
OCPBUGS-2968 : bootstrap: Do not needlessly podman pull #6536 terraform: google: bump stringset dependency #6951  
openstack-manifests: Export JUnit results #6966  
Updating ose-installer-artifacts images to be consistent with ART #6968  
quota: gcp: replace deprecated monitoring package and fix linting issues #6896  
OCPBUGS-8119 : CVE-2023-25173: bump containerd #6949 OCPBUGS-8468 : aws: bump aws-sdk-go version #6943 data: libvirt: increase volume size to 32GB #6963  
Updating ose-baremetal-installer images to be consistent with ART #6954  
Updating ose-installer images to be consistent with ART #6953  
refactor: replace github.com/ghodss/yaml with sigs.k8s.io/yaml #6935  
OpenStack: support multiple API and ingress VIPs #6940  
update RHCOS 4.13 bootimage metadata #6886  
OCPBUGS-8094 : In agent ‘wait-for bootstrap’ command, test ssh to Node0 #6919 openstack-manifest: Show assets dir if persisted #6929  
OCPBUGS-7262 : Disable systemd status while TUI showing #6925 OpenStack Failure domains #6917  
OCPBUGS-8203 : Don’t log password values #6922 OCPBUGS-5129 : Pass Capabilites from install-config to cluster #6923 OCPBUGS-8305 : Power VS: Add resourceGroup to infrastructure manifest #6928 AGENT-356 : Disable ‘create pxe-files’ command #6927 OCPBUGS-8258 : Specify filename for default registries.conf #6926 openstack: consistent TechPreview-only feature validation #6916  
RFE-2782 : Create edge compute pool to support AWS Local Zones #6371 And 2 elided commits (e.g. from squash or rebase merges) 
Full changelog  
OCPBUGS-35475 : Remove some of newapp unit tests relying on external deprecated images #1802 OCPBUGS-35447 : bump go-git to 5.11.0 #1799 OCPBUGS-30287 : oc adm catalog mirror: use ToSlash and FromSlash to unify the path separators #1699 OCPBUGS-25983 : Remove deprecated password defaulting in default config flag #1646 OCPBUGS-24197 : Add client version in must-gather summary #1607 OCPBUGS-24460 : Overwrite template’s namespace with the explicit one #1616 OCPBUGS-22702 : Reflect container’s exit code for long running tasks not attached to terminal #1592 OCPBUGS-20508 : regeneratemco: explicitly check for PlatformStatus field #1573 OCPBUGS-20527 : Set ImportPolicy to PreserveOriginal to honor –keep-manifest-list when mirroring a payload to an image stream #1574 OCPBUGS-21611 : Bump golang.org/x/net to v0.17.0 #1579 OCPBUGS-20258 : Updating excluded list of unsupported oc adm commands in MicroShift #1561 OCPBUGS-20269 : Use quay redis image instead docker mysql #1562 OCPBUGS-17925 : pkg/cli/admin/prune/images: omit not found error for deployment configs #1530 OCPBUGS-17253 : Bump go x/net library to 0.13.0 #1529 OTA-559 : Revert “Revert “pkg/cli/admin/release/extract: Add –included and –install-config”” #1528 OCPBUGS-17711 : Revert “pkg/cli/admin/release/extract: Add –included and –install-config” #1527 Update openshift/api #1525  
OTA-559 : pkg/cli/admin/release/extract: Add –included and –install-config #1521 Stop using deprecated github.com/docker/docker go APIs #1514  
OCPBUGS-16735 : Truncate existing files when writing from inspect #1520 introduce plugin and plugin shadowing tests for oc #1424  
pkg/cli/admin/upgrade: Newlines after –allow-upgrade-with-warnings errors #1519  
Add profiling functionality and flags in oc #1516  
Fix typo in /var/log folder #1517  
login: improve usage message for –web option #1513  
Bump k8s packages to 1.27.4 #1515  
OTA-994 : pkg/cli/admin/release/extract: Centralize manifest extraction #1404 OCPBUGS-16009 : reboot: set ignition version to 3.1 #1499 Add tls-server-name when property exists in kubeconfig #1456  
OCPBUGS-15776 : mcs cert: account for environments that use IP directly #1497 OCPNODE-1656 : oc release info: Introduce –idms-file and deprecate –icsp-file #1465 AUTH-355 : Add OAuth2 Authorization Code Grant Flow for login #1402 upgrade distribution No 2 #1495  
WRKLDS-700 : bump(k8s) to v1.27.2 #1420 OCPBUGS-15012 : oc image extract: idms-file flag map to IDMSFile field #1464 Correct incorrect command in observe command #1419  
Clarify the use of the filter without keep-manifest-list #1414  
OCPBUGS-10612 : make registry auth prefence default to podman config locations #1376 handle the error case of node retrieval while waiting for reboot #1482  
Fix the output of error prompt #1433  
pkg/cli/admin/upgrade: Surface Recommended=Unknown more prominently #1442  
pkg/cli/admin/upgrade: Add post-period to space to some error messages #1330  
Wait for reboot #1473  
tweak output format #1471  
OCPNODE-1580 : Add –print-mirror-instructions to oc adm release mirror to allow idms instructions #1341 add reboot-nodes #1468  
Trust check #1469  
fix directories for consistency #1467  
ocpcertificates: add ability to rotate MCS CA/cert #1450  
OCPNODE-1656 : oc image extract: Introduce IDMS as alternative source #1426 pernodepod: percent works like this #1463  
ocpcertificates: don’t make assumptions on resources not to bring pip… #1462  
allow running a command while the kubelet is off #1459  
add command to create new bootstrap kubeconfig for kubelet #1458  
ocpcertificates: fix handling resources by names explicitly + other cosmetic fixes #1460  
tweaks needed for wait #1455  
Add a command to remove older trust #1447  
create command to create new adminkubeconfig #1452  
add a command to copy content to every node #1454  
Minor updates to CLI help text #1453  
add command for regenerating OCP leaf certs #1443  
add a new command to wait for all clusteroperators to go stable #1444  
add command to produce an updated CA bundle for trusting the kube-apiserver #1446  
add printing for new revisions #1445  
add oc adm ocp-certificates regenerate-top-level #1439  
OCPBUGS-11652 : Extend adm node-logs to new API #1403 OCPBUGS-12793 : adds a mapping for exposed ports to DockerConfig when manifest listed #1415 OCPBUGS-14340 : Name containers w/‘multi’ when mirroring a multi release image #1423 OCPBUGS-11123 : oc adm groups sync: all groups: print warning before caching #1436 OCPBUGS-11632 : Skip invalid events yamls and continue #1429 OCPBUGS-14082 : Remove closed centos7 registry from newapp unit tests #1430 OCPBUGS-12901 : preserve explicit release image in ClusterVersion #1416 OCPBUGS-11123 : oc adm groups sync: fix the annotation key #1427 OCPBUGS-11123 : oc adm groups sync: print a warning when two or more groups are mapped to the same ldap uid #1425 OCPBUGS-13355 : Use RequestToken functions from library-go #991 OCPBUGS-11632 : Improve error log messages in event filtering #1417 OCPBUGS-12143 : oc login: unwrap tls.CertificateVerificationError to use x509 errors #1406 pkg/cli/admin/upgrade: Clarify client-side vs. server-side docs #1181  
replace trimLeft with trimPrefix #1400  
Support OCI manifest lists in image mirror #1362  
OCPBUGS-8004 : Fix bug when recreating an index with fewer images #1335 adm catalog mirror update example to idms #1401  
OCPBUGS-10843 : oc debug unique pod name #1393 adm catalog mirror generates idms manifest #1389  
OCPBUGS-1115 : Use linux/arch when user’s OS isn’t in manifests #1311 Remove already deprecated adm create-kubeconfig command #1367  
append: expose keep-manifest-list option and preserve manifestlist when appending to specific arch images #1361  
Updating ose-tools images to be consistent with ART #1369  
OCPBUGS-8048 : pkg/cli/admin/upgrade: Client-side checks for –to-multi-arch #1359 IR-300 , IR-301 : generates ImageStreamTags with import-mode when using oc new-build and oc-new-app #1353 OCPBUGS-10879 : Fix deprecated oc command suggestion #1390 Exclude irrelevant commands from MicroShift documentation #1375  
Test Fix: Allow submodule using file transport with newer git #1378  
Updating openshift-enterprise-deployer images to be consistent with ART #1368  
Updating openshift-enterprise-cli images to be consistent with ART #1364  
OCPBUGS-3393 : Always copy the blobs if the target isn’t a registry #1355 Updating ose-cli-artifacts images to be consistent with ART #1370  
OCPBUGS-1117 : The architecture of oc in the cli-artifacts’ /usr/bin folder should to the one of the built image #1374 OCPBUGS-10622 : bump repo sclorg/s2i-ruby-container location for newapp test #1377 Add microshift into generate-docs #1365  
OCPBUGS-5949 : Add subrepository support for ICSP #1350 And 1 elided commits (e.g. from squash or rebase merges) 
Full changelog  
OCPBUGS-60975 : ccoctl: aws to use proper issuer url on subsequent runs #911 OCPBUGS-58677 : github.com/golang/glog v1.2.5 #895 OCPBUGS-53418 : github.com/golang/glog v1.2.4 #845 OCPBUGS-53819 : update github.com/golang-jwt/jwt #841 OCPBUGS-51542 : Ignore SNYK-GOLANG-GOLANGORGXOAUTH2JWS-8749594 due to not being affected #830 OCPBUGS-47069 : golang.org/x/net v0.33.0 #810 OCPBUGS-46487 : Add AWS region to aws-pod-identity-webhook #801 OCPBUGS-45009 : Add retry to ccoctl gcp create functions #791 OCPBUGS-45004 : github.com/golang-jwt/jwt/v4 v4.5.1 #785 OCPBUGS-43647 : Only attempt timed token credentials on supported platforms. #775 OCPBUGS-43339 : Update github.com/sirupsen/logrus v1.9.3 #769 OCPBUGS-41236 : List secrets in batches to avoid api timeout #755 OCPBUGS-38378 : Update google.golang.org/grpc v1.65.0 #750 OCPBUGS-37823 : GCP passthrough permissions check to ignore problematic permissions. #741 OCPBUGS-37062 : Update cloud.google.com/go/storage v1.43.0 #742 OCPBUGS-37420 : SNYK ignore go-client misreporting #739 OCPBUGS-37276 : Update to azidentity v1.7.0 #732 OCPBUGS-36029 : IBM/go-sdk-core update to v5.17.4 #721 OCPBUGS-36716 : AWS STS should not error when a credentailsRequest does not have awsSTSIAMRoleARN #713 OCPBUGS-32899 : Upgrade go-jose module to 2.6.3 #697 OCPBUGS-29156 : Fix the ClusterOperator watch of the status controller #676 OCPBUGS-28231 : Guard upgrading GCP from 4.14 to 4.15 without RoleAdmin permissions #670 OCPBUGS-29199 : ccoctl - use proxy when validating CloudFront URL #678 OCPBUGS-27911 : Resolve all outstanding snyk vulnerabilities #650 OCPBUGS-28382 : Use cached clients to avoid client side throttling #666 OCPBUGS-27515 : Write manifests when AWS IAM roles already exist. #659 OCPBUGS-26512 : Use live client for metrics #647 OCPBUGS-25275 : Azure Workload Identity info in CredsRequests creates a Secret #643 OCPBUGS-24346 : Discover AWS dns suffix from partition and region. #635 OCPBUGS-23986 : Use per-project custom roles instead of per-cluster custom roles #631 OCPBUGS-23426 : Explicitly set the vsphere secret credential data on sync. #629 OCPBUGS-21388 : Upgrade golang/x/net for CVE-2023-39325 #622 NO-ISSUE: Removing andrew from OWNERS #617  
snyk: exclude vendor/ #615  
OCPBUGS-22651 : explicitly set azure oidc bucket to allow public blob access #612 OCPBUGS-21926 : azure create-managed-identites to add cloud controller manager to network resource group #608 OCPBUGS-19865 : Add networkResourceGroupName parameter for Azure #602 OCPBUGS-17719 : Double timeout delays for managed identity creation and role assignment from 2 to 4 minutes. #591 pkg/aws/actuator: Drop comment which suggested passthrough permission verification #590  
CCO-363 : Adding azure identity webhook #559 OCPBUGS-16684 : Set cr.status.provisioned=false on syncErr path #583 OCPBUGS-17049 : update lastSyncGeneration in STS flow sync success #585 Revert “CCO-401: Add azure-workload-identity-webhook to image references.” #588  
CCO-401 : Add azure-workload-identity-webhook to image references. #586 CCO-413 : Add dataPermissions to Azure credentials request. #584 CCO-402 : Create Azure AD pod identity webhook config secret manifest in create-all,create-oidc-issuer #573 OCPCLOUD-2012 : ccoctl: Plumb credreq.spec.cloudTokenPath override into Azure secret creation #580 OCPBUGS-16807 : ccoctl azure exit with error when OIDC and installation resource group names are the same #582 OCPCLOUD-2012 : ccoctl: Add –enable-tech-preview arg to azure create-all subcommand. #581 OCPBUGS-16614 : *: stop checking for the STS feature gate #579 Add DOCKER_CMD Makefile var to use podman when found. #577  
OCPBUGS-16614 : go.mod: re-vendor openshift/api #578 CCO-233 : Add Azure AD Workload Identity doc. #566 *: use a global codec #576  
OCPBUGS-16313 : pkg/operator: correctly fetch CA for AWS minter #575 OCPBUGS-16334 : Clarify updateActuatorConditions & update lastSync #568 OCPBUGS-16313 : manifests: allow list/watch globally on our config configmap #572 CCO-388 : manifests: add cloudcredentials.operator.openshift.io to HCP #571 Revert “manifests: manually amend resources that get laid down by CVO in HCP” #570  
OCPBUGS-15365 : manifests: fix rbac #567 OCPBUGS-15906 : ccoctl azure delete to also delete role assignments #564 OCPBUGS-16088 : Adds [default] section header to STS Secrets #565 OCPBUGS-16036 : Set status on CR properly when STS provisioned #562 Revert “Merge pull request #398 from csrwng/exclude_config_ibmcloud” #561  
OCPBUGS-15365 : *: use correct clients in the secretannotator #563 OCPBUGS-15365 : *: use a filtered LIST + WATCH on Secrets for AWS STS #545 reconcile status when the clusteroperator changes #560  
CCO-353 : ccoctl to create azure custom roles #556 CCO-394 : Do not Add PodIdentityWebhook controller when InfraStatus.ControlPlaneToplogy is External. #547 CCO-366 Add ability to detect AWS STS and behave accordingly #542  
Implement ccoctl command to create infrastructure required for Azure workload identity #523  
PORTENABLE-526 : operator: use a partial metadata watch for Namespaces #546 manager: filter the cache of configmaps #544  
Bump to go 1.20 in go.mod #536  
OCPBUGS-13549 : Determine AWS partition based on region for readOnlyAnonUserPolicyTemplate bucket ARN. #537 Add a make target and stub for actuator e2e tests #535  
Updating ose-cloud-credential-operator images to be consistent with ART #534  
Updating ose-cloud-credential-operator images to be consistent with ART #533  
Updating ose-cloud-credential-operator images to be consistent with ART #532  
OCPBUGS-11671 : ccoctl: Enable public anon read access to default OIDC S3 bucket #526 Updating ose-cloud-credential-operator images to be consistent with ART #521  
OCPBUGS-8666 : Correct pod-identity-webhook annotations for PreferredDuringScheduling. #522 SPLAT-950 : doc/aws-sts : steps to migrate from public bucket to private issuer URL #515 OCPBUGS-8666 : feat: add workload annotation to pod identity webhook deployment #520 Upgrade build-machinery-go: make vulncheck #519  
Bump golang.org/x/net from v0.5.0 to v0.7.0 #517  
Full changelog  
OCPBUGS-44095 : Backport SDN live migration #425 OCPBUGS-28649 : Add required PSa labels #403 NO-JIRA: add inert featuregate files to allow diff against later releases #398  
OCPBUGS-21653 : Update openshift/api package to latest version #371 : OCPBUGS-21286:  bump library-go to include switch to HTTP/1.1 #369  
OCPBUGS-20439 : Remove Build CRD #363 OCPBUGS-16726 : psa - move into tech preview for 4.14 #354 Revert “Bump to enable ValidatingAdmissionPolicy in tech preview.” #346  
Bump to enable ValidatingAdmissionPolicy in tech preview. #343  
Bump openshift/api to add ValidatingAdmissionPolicy feature gate. #340  
OCPVE-626 : bump(openshift/api@master) #341 CFE-689 : Update openshift/api package to latest version #335 OCPBUGS-16614 : go.mod: bump openshift/api #338 OCPBUGS-16614 : go.mod: update openshift/api #334 OCPBUGS-16507 : bump sigs.k8s.io/kube-storage-version-migrator #333 OCPCLOUD-2010 : Remove feature gate for external platform #331 SDN-4024 : Vendor openshift/api to get ANP feature-gate changes #330 Promote privateHostedZoneAWS from Tech Preview to Default #328  
Update openshift/api #327  
OCPBUGS-13547 : Promote Azure CCM from TPNU to default #307 OCPBUGS-15877 : go upgradeable=false when latencysensitive is used and not corrected #325 Enable feature gate for externalCertificate on Route API #326  
stomp the latencysensitive featureset for equivalent default #324  
WRKLDS-757 : Sync with openshift/api to drop MatchLabelKeysInPodTopologySpread from TechPreviewNoUpgrade #322 SPLAT-1099 : bump openshift/api for vSphere static IP feature gate and platform spec #323 remove dead flag for file #309  
Changes to move to api@2d36f53 #321  
OCPBUGS-12767 : Add CustomNoUpgrade CRD versions to payload #320 OCPCLOUD-2010 : Re-vendor api to support external platform #306 Update openshift/api to disable EventedPLEG featuregate in techpreview #317  
update openshift/api for types and gates #316  
Update github.com/openshift/api to pull in evented pleg and sigstore feature flags #312  
Update github.com/openshift/api to pull in feature gates #311  
OCPBUGS-6266 : Rename config-operator_00_namespace run level to 00 #303 Update library-go dependency #305  
Add JoelSpeed to owners #302  
Update API and library-go #301  
Require consistency in rendered artifacts #299  
specify all known featureGates in disabled #297  
update render to handle directories of manifests #295  
adjust to refined openshift/api types #296  
update ordering and featuregates #294  
add featuregate status #288  
Updating ose-cluster-config-operator images to be consistent with ART #287  
OCPBUGS-10037 : update openshift/api to get new apiserver schema #289 Full changelog  
OCPBUGS-53867 : Bump github.com/golang-jwt/jwt #1229 OCPBUGS-53867 : Bump github.com/golang-jwt/jwt #1224 OCPBUGS-51598 : bump golang.org/x/oauth2 #1213 OCPBUGS-51312 : ensure that storage names don’t end in dashes #1185 OCPBUGS-44048 : fix proxy config and leader election test flakes #1153 OCPBUGS-44002 : Continuous pull-secret updates / slow initialization on build01 (test platform infrastructure) #1152 OCPBUGS-42935 : azureclient: stop validating credentials when creating the client #1137 OCPBUGS-39100 : Avoid Shared Access Key usage for Azure Storage Account when using Managed Identity based auth #1114 OCPBUGS-36035 : go.*,vendor: bump go-retryablehttp #1069 OCPBUGS-33147 : azure-path-fix: get client secret from k8s secret #1058 OCPBUGS-34668 : pkg/storage/s3: use force path style in favour of virtual hosted style config #1051 OCPBUGS-33409 : azurepathfix: check if platform status is nil before accessing it #1033 OCPBUGS-32450 : azure-path-fix: support auth via account key (without clientID) #1023 OCPBUGS-31857 : bump aws-sdk-go from v1.44 to v1.50 #1018 OCPBUGS-28989 : pkg/storage/s3: enable bucket key on encryption settings #995 OCPBUGS-29755 : azurepathfix: fix stack hub, government and workload identity setup #1005 OCPBUGS-29604 : move azure storage blobs from docker back into /docker #1001 OCPBUGS-22127 : increase storage account key cache expiration #941 OCPBUGS-20710 : mitigate effects of rapid reset #942 OCPBUGS-18794 : check if response is nil before using it #917 OCPVE-632 : add capability annotations to manifests #856 OCPBUGS-17882 : Add rbac permission IDMS, ITMS #891 TRT-1193 : Revert “IR-373: remove node-ca daemon” #899 CFE-846 : Add user defined tags to the GCP buckets created #873 IR-373 : remove node-ca daemon #867 build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.4 #877  
build(deps): bump the k8s-dependencies group with 1 update #895  
IR-363 : Update Azure Credentials Request manifest of the Cluster Image Registry Operator to use new API field for requesting permissions #890 build(deps): bump github.com/prometheus/common from 0.37.0 to 0.44.0 #878  
CFE-682 : Add user defined labels to the GCP buckets created #872 CFE-682 : Update openshift/api package to latest version #887 IR-390 : Make a configmap for MCO to consume CAs #880 build(deps): bump github.com/aws/aws-sdk-go from 1.44.291 to 1.44.298 #879  
build(deps): bump golang.org/x/net from 0.8.0 to 0.11.0 #871  
build(deps): bump github.com/aliyun/aliyun-oss-go-sdk from 2.1.10+incompatible to 2.2.7+incompatible #869  
.github/dependabot.yml: group certain dependencies #865  
IR-389 : bump aws-sdk-go #860 .github: configure dependabot #861  
IR-369 , IR-370 : support Azure workload identity #857 OCPBUGS-12132 : Updating ose-cluster-image-registry-operator images to be consistent with ART #854 Updating ose-cluster-image-registry-operator images to be consistent with ART #849  
OCPBUGS-8224 : fix storage selection on IBM cloud #847 Full changelog  
OCPBUGS-28247 : Remove “include.release.openshift.io/ibm-cloud-managed:” annotation #791 OCPBUGS-27063 : bump(library-go)=release-4.14 #787 OCPBUGS-21088 : Bump deps to address CVE-2023-44487 [4.14] #764 OCPBUGS-21088 : Bump deps to address CVE-2023-44487 #756 OCPBUGS-19553 : Update static pod manifests perms #749 add roles for the new privileged namespaces PSa syncer controller #743  
OCPBUGS-15256 : Sync openshift/api to reduce installerpod configmap based file permissions to 0600 #740 OCPCLOUD-2010 : Re-vendor api and library-go for external platform support #736 OCPBUGS-14323 : Change manifest directory permissions #739 OCPBUGS-13579 : remove RBAC for cluster-policy-controller CM leader election #738 OCPBUGS-13579 : Drop flags removed in k8s 1.26 #737 Remove featureset flag and use only the manifest #735  
Update cloud provider tests with feature gate changes #731  
STOR-1263 : Bump k8s 1.27 #713 Read feature manifest #733  
Restricted featuregate reader #732  
use new featuregate API #730  
OCPBUGS-12709 : Reset library-go branch after Azure revert #729 OCPBUGS-12133 : Updating ose-cluster-kube-controller-manager-operator images to be consistent with ART #727 Revert azure out of tree provider change #724  
OCPBUGS-11352 : AWS should not use external-cloud-volume-plugin post CSI migration #721 OCPBUGS-7440 : do not degrade KCM when when monitoring stack rollout is in progress #706 OCPBUGS-10568 : migrate to using lease objects for leader election #715 Updating ose-cluster-kube-controller-manager-operator images to be consistent with ART #709  
OWNERS: remove ravi from the owners #714  
Reset library-go to openshift fork #708  
Update library-go dependency to move Azure to out of tree #705  
Update library-go dependency to move AWS to out of tree #707  
Full changelog  
: OCPBUGS-21371: bump library-go to include switch to HTTP/1.1 #96  
Revert “specify master node selector on migrator pod” #93  
OCPBUGS-17170 : specify master node selector on migrator pod #92 OCPBUGS-16513 : bump(*): update to 1.27.1 #91 Fix operator doc in README #90  
Updating ose-cluster-kube-storage-version-migrator-operator images to be consistent with ART #89  
Full changelog  
OCPBUGS-51170 : Use applyconfigurations for updating network.oprerator status #2660 OCPBUGS-48323 : Pass transit_switch_subnet options in ovnkube-node pod for single-zone #2617 OCPBUGS-42754 : Set mount propagation to HostToContainer for /var/lib/kubelet #2521 OCPBUGS-47320 : Pass transit_switch_subnet options in ovnkube-node pod #2607 OCPBUGS-43821 : manifests/02-cncc-credentials: Set skipServiceCheck for GCP #2546 OCPBUGS-39086 : Fix wait logic for IPsec certificate signing request #2481 OCPBUGS-41508 : Tighten the permissions on whereabouts.conf #2493 OCPBUGS-42021 : Add proxy env vars to onvkube-node #2505 OCPBUGS-38440 : [release-4.14] 4.14 subnet config #2473 OCPBUGS-37221 : Ensure that the node-identity webhook address contains colons for IPv6 #2440 OCPBUGS-38073 : Fix IC distributed control plane alerts #2463 OCPBUGS-37468 : Backport ipsec state metric #2444 OCPBUGS-32706 : Add conditions for ignored-namespaces #2380 OCPBUGS-36722 : update whereabouts crd #2434 OCPBUGS-34885 : [release-4.14] Fix 4.13->4.14 upgrade with ipsec enabled #2390 OCPBUGS-27925 , OCPBUGS-30579 : [release-4.14] tighten conditions for the state transitions in IC upgrade #2207 OCPBUGS-30021 : Fully disable network-node-identity on ROKS #2315 OCPBUGS-31669 : [release-4.14] ensure local networking deployments within hypershift use the client side load balancer to be resilient to control plane node failures #2311 OCPBUGS-31360 : Remove egressip write permissions from ovn-kubernetes-node #2320 OCPBUGS-30021 : [release-4.14] Disable network-node-identity on ROKS #2286 OCPBUGS-30100 : ipsec: fix openssl typo #2287 OCPBUGS-29168 : add env var in whereabouts-reconciler daemonset #2257 OCPBUGS-26573 : Improve troubleshooting IC upgrades #2076 OCPBUGS-29033 : network node identity: tolarate all taints #2248 OCPBUGS-18281 : only 2 master nodes are required for ovn-kubernetes #2154 OCPBUGS-29300 : Update ingressconfig_controller to use field Manager #2266 OCPBUGS-28608 : fix whereabouts conformance test failures #2235 NO-JIRA: add kyrtapz as reviewer and approver for release 4.14 #2228  
OCPBUGS-27858 : [release-4.14] Add ConfigMap mount to the whereabouts-reconciler DaemonSet #2219 OCPBUGS-27013 : HyperShift, network-node-identity: Check the deployment in the management cluster #2195 OCPBUGS-24326 : adminpolicybasedexternalroutes CR accepts an invalid IP address #2196 OCPBUGS-24037 : remove all managed fields used by old manager #2112 OCPBUGS-24320 : Add apbroute/status patch rights for ovnkube-node to update status #2143 OCPBUGS-22787 , OCPBUGS-22788 , OCPBUGS-22789 : ovnkube: container scripts cleanup #2090 OCPBUGS-23371 : hypershift, hosted clusters: enable multi-homing and multi-net features #2117 OCPBUGS-21717 : Bump golang.org/x/net and github.com/openshift/library-go #2122 OCPBUGS-24633 : ipsec add pluto restart #2152 OCPBUGS-22363 : Added HCP label to CNO pods #2081 OCPBUGS-22286 : hypershift: adjust backoff on infrastructure name retry #2078 OCPBUGS-23011 : Block upgrades to 4.15 with Kuryr #2096 OCPBUGS-23315 : set automountServiceAccountToken to false for hypershift managed network-node-identity deploy #2107 OCPBUGS-19897 : HyperShift: Use the local konnectivity proxy when checking proxy readiness #2043 OCPBUGS-20472 : hosted cluster upgrade failure from 4.13 stable to 4.14 #2063 OCPBUGS-20254 : [release-4.14] Revert Kuryr MTU fixes #2046 OCPBUGS-20184 : [release-4.14]: Don’t run network node identity as root #2054 OCPBUGS-20064 : Multus should determine kubeconfig path [backport 4.14] #2050 OCPBUGS-19955 : get ipsecStatus from host daemonset #2045 OCPBUGS-19862 : Multus per-node certificates should have 24h duration [backport 4.14] #2040 OCPBUGS-19523 : use $CPE_NAME to find the OS major version #2017 OCPBUGS-19808 : remove prestop hooks for northd, sbdbd and nbdb #2036 OCPBUGS-19747 : [release-4.14] Use port 9108 for ovnkube-control-plane metrics #2033 OCPBUGS-19771 : Relax conditions to get IC upgrade started #2035 OCPBUGS-19748 : Fix config status MTU migration not being updated #2034 OCPBUGS-19725 : Do not enable node admission webhook if the CNI is not OVN-Kubernetes #2032 OCPBUGS-19686 : ipsec: remove preStop from host #2029 OCPBUGS-19627 : Multus per-node certificate request [backport 4.14] #2023 OCPBUGS-19461 : make ipsec.service required #2014 OCPBUGS-19649 : Network node identity: node-specific certificate in ovnkube-node, admission webhook #2011 OCPBUGS-19623 : multus: set MULTUS_NODE_NAME to filter pods to local node #2022 OCPBUGS-19481 : separate libovsdblogs from main ovnkube-master #2008 OCPBUGS-18728 : Kuryr: Set MTU on Bootstrap, not Render phase #1995 OCPBUGS-18871 : ipsec: fix oopsy from 2e3fc8e7a0 #1997 OCPBUGS-18874 : ovnkube: set northd backoff-interval and use a single thread to save CPU #1998 OCPBUGS-18135 : IBMCloud specific: patch out management workload for dataplane component thats needed for bootstrapping #1955 move IPsec to host #1849  
OCPBUGS-17916 : Fix IC configmap lookup in pod_status.go #1954 OCPBUGS-17677 : [Azure]CNCC failed to assign egressIP to NIC for Azure Workload Identity Cluster #1980 OCPBUGS-18363 : Add ‘/etc/cni/multus/net.d’ into volumemount in multus pod #1979 OCPBUGS-18175 : Fix bond-cni’s default directory in multus manifest #1953 OCPBUGS-17782 , SDN-3664 : Join ovnkube-controller and ovnkube-node container for multizone setup #1971 OCPBUGS-16051 , OCPBUGS-3176 : Enables IP Forwarding config in CNO #1952 OCPBUGS-17257 : CVE-2023-3978: golang.org/x/net/html: Cross site scripting #1935 OCPBUGS-17677 : [Azure] Add granular permission for assigning egressIP to NIC to Azure CredentialsRequest for workload identity. #1949 OCPBUGS-17964 : ovn-k, managed: Align join subnet configuration #1962 SDN-4024 : Add ANP Feature Gate #1859 SDN-4057 : hypershift: Allow ovnkube-master and ovnkube-node to have different images #1942 Remove certificatesigningrequests/update permission from ovnkubenode #1934  
Add rolling update for managed ovnkube-control-plane #1944  
IC & openshift + hypershift #1874  
OCPBUGS-16019 : prevent creation of multiple cni-sysctl-allowlist-ds pods #1904 OCPBUGS-10765 : make MAXLOGFILES a real variable and work for self-hosted #1931 Multus thick plugin support #1915  
OVN-Kubernetes ipsec: create the CSR with a random name #1928  
CCO-294 : Switch azure credentials request to use explicit permissions #1922 OVN-Kubernetes: Add status subresource permissions for setting labels and annotations #1896  
SDN-3223 : Use encapsulation=true for IBM Cloud #1800 Bug 16136 : change whereabouts ip reconciler exec #1890 Add OpenStack platform to list of allowed dual-stack clusters #1697  
OCPBUGS-15945 : Stop using utilruntime.PanicHandlers to handle reconciliation panics #1893 HOSTEDCP-1063 : allow webhooks in hosted clusters to reach multus-admission-controller service #1879 OCPBUGS-15961 : FIPS related CNO changes #1901 OCPBUGS-10765 : Revert “Revert “OCPBUGS-10765: Remove oldest ovn acl log files when f… #1876 ovn-k: Configure dns service namespace and name #1912  
OCPBUGS-15544 : Enable multi-external-gateway feature by default for managed and hosted clusters #1887 OCPBUGS-15918 : Skip rendering 0.0.0.0/0 for cluster proxy status #1903 Change rhel7/8 to rhel8/9 #1870  
Enable EgressService controller #1848  
Edited multus-admission-controller deployment config to not add autom… #1767  
OCPBUGS-15794 : fix: add missing annotation for workload partitioning #1866 OCPBUGS-15544 : Add adminpolicybasedexternalroutes rights for ovnkube-node. #1867 Revert “Remove oldest ovn acl log files when file limit exceeded” #1873 #1873  
OCPBUGS-10765 : Remove oldest ovn acl log files when file limit exceeded #1868 kube-proxy config overriding updates #1831  
OCPBUGS-15282 : Add release version annotation to whereabouts-reconciler #1851 CCO-356 : Add Infrastructures permission to CNCC cluster role #1843 Add multi-networkpolicies support for OVN #1796  
Add support for AdminPolicyBasedExternalRoute CRD and controller’s RBAC #1765  
OCPBUGS-15138 : Add kubernetes.io/os nodeSelector to wherebouts reconciler DS #1841 OCPBUGS-14988 , SDN-3901 : Rebase to kube 1.27 #1826 CCO-358 : Manifest changes necessary to support Azure Workload Identity #1755 OCPBUGS-14714 : Do not rely on ControlPlaneTopology do determine if running in HyperShift #1835 OCPBUGS-11882 : Added another volume to safe-to-evict-local-volume annotation #1830 OCPBUGS-14833 : Fixes lint issues #1834 OCPBUGS-14384 : Remove nodeSelector for architecture in whereabouts daemonset #1828 OCPBUGS-11882 : Added safe-to-evict annotation to ovnkube-master and multus admission controller components #1822 OCPBUGS-13922 : Revert “Do not set the operator as available before updating the network config” #1818 OCPBUGS-11448 : add Hypershift release-image annotation to multus #1770 OCPBUGS-10937 : multus-admission-controller mounts secret with mode 0640 #1752 OCPBUGS-13219 : Use IfNotPresent instead of Always in OVNK upgrades pre-puller #1803 OCPBUGS-5027 : Make the operator degraded on panic #1786 OCPBUGS-12856 : Support Device Plugin Resources For Smart NIC and DPU Hosts #1721 Updating cluster-network-operator images to be consistent with ART #1790  
OCPBUGS-11565 : High API requests due to allowlist and operconfig reconcilers running too often #1788 OCPBUGS-8070 : Depreciate legacy field manager #1763 OCPBUGS-11550 : AUTH: update cluster-reader to include k8s.ovn.org #1791 OCPBUGS-10009 : HyperShift: Support HostedControlPlane node selector #1736 OCPBUGS-11046 : fix reconciliation process of the allowlist controller #1792 OCPBUGS-1341 : Enhance check controller to remove old check objects #1649 OCPBUGS-11046 : Fix allowlist ds template #1773 OCPBUGS-10647 : multus-admission-controller should not run as root under Hypershift #1745 OCPBUGS-9174 : The cluster-readers group should be able to get net-attach-defs #1343 Updating cluster-network-operator images to be consistent with ART #1768  
OCPBUGS-9964 : Split out konnectivity certs #1734 SDN-3444 : Add runbook url for SBDB connectivity alert #1553 OCPBUGS-7777 : use –template instead of -a for ‘oc observe’ #1760 Fix tier label, privileged, HOSTNAME/NODENAME in whereabouts reconciler #1735  
OCPBUGS-10433 : Hypershift: Add RollingUpdate parameters to multus-admission-controller #1740 ovn-kube: move back to unsuffixed RHEL9 images #1747  
Updating cluster-network-operator images to be consistent with ART #1732  
OCPBUGS-10649 : HyperShift: Add POD_NAME env to ovnkube-node #1748 OCPBUGS-10031 : operConfig reconcile can return nil error on failure #1744 Set OVN-K north/south bound stale alerts severity to critical #1668  
OCPBUGS-8707 : Point libreswan to proper nss location #1727 Whereabouts should implement the reconciliation controller #1693  
add/update some UTs around clusternetwork change #1725  
OCPBUGS-9931 : Enable configuration of node healthz server on ovnkube #1715 OCPBUGS-8692 : HyperShift: Set affinity, tolerations and co-location for all hcp resources created by CNO #1728 Cno 4.13 kubernetes 1.26 #1708  
use annotation on the daemonset to update hybrid overlay #1709  
Remove the ovn-kind-cno.sh script #1710  
SDN-3597 : OVN-K alerts: add OVS overflow alerts #1630 Full changelog  
e2e:performance: decode to valid kubeletconfig object (#1276) #1276  
Fix context deadlines in ExecCommandOnPod() (#1272) #1272  
OCPBUGS-44506 : Drop sched_migration_cost_ns setting (#1215) #1215 OCPBUGS-44283 : right-hand-side profile_dirs take precedence (#1210) #1210 OCPBUGS-42567 : Add cluster-wide proxy env file (#1176) #1176 TuneD prior to kubelet in one-shot mode (#1137) #1137  
OCPBUGS-37754 : Remove tuned/rendered object (#1133) #1133 OCPBUGS-37734 : Backport fix for OCPBUGS-36355 (#1126) #1126 OCPBUGS-33929 : Negative net interface name does not reduce queues (#1074) #1074 Add a ‘.snyk’ to silence static code analysis warnings (#1002) #1002  
OCPBUGS-30153 : fix rendering extra ctrcfgs (#978) #978 fix extra-reboot on upgrade with paused mcp worker (#1053) #1053  
OCPBUGS-31694 : E2E: Workload hints test cases fixes (#1012) (#1052) #1012 Systemd processes not being moved to cpuset/systemd.slice fix (#1040) #1040  
Reduce number of reboots in offline tests (#1035) #1035  
OCPBUGS-30507 : Add performance real time tuned template (#984) (#1025) #984 Report duplicate priority only for multiple matching profiles (#1018) #1018  
Scheduler plugin: ignore IRQs (#1023) #1023  
irqbalance: set banned cpus list to 0 (#994) #994  
OCPBUGS-18640 : [release-4.14][manual] backport performance profile owner reference ehnancements (#989) #989 rps: fail silently when rps application failed (#901) #901  
OCPBUGS-25982 : E2E: Add tests for Dynamic ovs pinning (#904) (#913) #904 OCPBUGS-26003 : E2E: PPC Test cases (#905) #905 Make MC names deterministic (#903) #903  
OCPBUGS-25671 : rps: fix mask update for SR-IOV devices (#891) #891 OCPBUGS-18640 : Fix Racing Machine Configs and add Day 0 Support (#854) (#871) #854 OCPBUGS-24638 : Do not set default RPS sysctl twice (#880) #880 OCPBUGS-21845 : rps: trigger udev event per queue #832 (#832) #832 OCPBUGS-21845 : e2e:rps: improve logging (#831) #831 render: change dir path (#826) #826  
Disable HTTP/2 for webhook and metrics servers (#841) #841  
Remove obsolete protocols and weak ciphers (#835) #835  
OCPBUGS-19459 : check for object being nil (#805) #805 OCPBUGS-19821 : e2e: perfprof: enhance the scheduling domain tests (#813) #813 nto: avoid timeout when there are too many CSV (#817) #817  
Add kubeconfig path for IBM Managed OpenShift (#812) #812  
OCPBUGS-18868 : [release-4.14] e2e: add expected max latancy to hwlatdetec test & rename constant (#788) #788 Sync DaemonSet if operand image changes (#785) #785  
OCPBUGS-18392 : Change the OVN trigger file name to adapt to OVN IC (#777) #777 OCPBUGS-15044 : e2e:irqloadbalance: wait for profile revert (#768) #768 Add SetLogger() prior to controller-runtime start (#779) #779  
OCPBUGS-18052 : feat: added logic to handle legacy sno install (#778) #778 OCPBUGS-17943 : Add rtentsk plugin to pp tuned profile (#767) #767 Tighten the rules for modifying Tuned Profiles (#775) #775  
Revert “Tighten the rules for modifying Tuned Profiles (#765)” (#771) #765  
Tighten the rules for modifying Tuned Profiles (#765) #765  
OCPBUGS-14026 : cgroup: Match the name of the cgroup to what is expected by kubelet (#758) #758 e2e: irqbalance: improve test troubleshooting (#753) #753  
OCPBUGS-16348 : OSLAT latency spikes due to tsc karg setting (#756) #756 Makefile: hack: add helpers to compile testsuites (#751) #751  
OCPBUGS-17219 : Render mode should not segfault w/ no matching MCP (#754) #754 Release leader election on manager exit (#745) #745  
generate missing files (#752) #752  
vendor: bump OCP dependencies 08082023 (#750) #750  
OCPBUGS-7980 : e2e:ht-aware: exec on the correct worker node (#729) #729 bump k8s to 1.27.4 (#748) #748  
e2e: wait for objects deletion (#749) #749  
e2e:wait: return updated pod object explicitly (#744) #744  
OCPBUGS-17258 : CVE-2023-3978: golang.org/x/net/html (#747) #747 e2e: remove image parameter from must gather (#743) #743  
Update the config.openshift.io/node object’s cgroupMode to “v1” (#737) #737  
Fix a race in e2e test rollback.go code (#739) #739  
e2e:irqbalance: applied condition exists (#727) #727  
Improve render error handling (#724) #724  
e2e:irqbalance: wait for tuned profile to be ready (#721) #721  
pao:status: do not take address of loop var (#720) #720  
nto:tuned: remove sched_min_granularity_ns settings (#722) #722  
Align TuneD with the latest shipped FDP version (#716) #716  
E2E: update cpu load balancing test for latest cgroup related changes (#712) #712  
Build gather-sysinfo (#714) #714  
e2e: overhaul Performance-Addon-Operator tests (#590) #590  
e2e: latency testing: increase the expected threshold (#706) #706  
e2e: perf-prof: disable truncating gomega output (#702) #702  
Configure OVS for dynamic cpu pinning (#559) #559  
OCPVE-382 : fix: add default state for crio config (#700) #700 e2e: devmgr: fine tune kubelet restart test (#701) #701  
e2e: RPS: fix expected cpu set (#703) #703  
Switch to rslave/HostToContainer volume mount propagation (#692) #692  
Do not rollback settings on TuneD exit (#699) #699  
e2e: reboot: add kubelet restart test (#697) #697  
remove conditional skip (#690) #690  
e2e: memorymanager fix: check the hugepage size condition (#693) #693  
Use RHEL9 as a base (#665) #665  
Expose TuneD socket to host. (#651) #651  
E2E: Use appropriate device path for rpsmask test (#691) #691  
chore: replace github.com/ghodss/yaml with sigs.k8s.io/yaml (#628) #628  
test: perfprof: devices: fix default test image (#672) #672  
e2e: verify latency tests run with LATENCY_TEST_DELAY>120 (#662) #662  
E2E: Add memory manager sanity test case (#573) #573  
modify owners (#634) #634  
Add minLength restriction to Tuned CR (#689) #689  
OCPBUGS-14934 : consistent use of ginkgo flags in Makefile (#682) #682 OCPBUGS-14622 : Do not fail creating cgroups if they exist already (#683) #683 OCPBUGS-14193 : pao e2e: Split e2e PAO update lane to more lanes (#631) #631 OCPBUGS-4194 : rps: use default rps mask kernel API (#650) #650 OCPBUGS-14756 : [test] [e2e] Check ci lanes are executing the right test suites (#679) #679 check ocp version and export CNF_TEST_IMAGE variable with appropriate cluster version (#584) #584  
OCPBUGS-5529 : Fix updating numa core siblings map in GetCpuSiblings function (#564) #564 Remove cpu-quota.crio.io: disable annotation (#663) #663  
OCPBUGS-14137 : e2e: perfprof: add SNO device recovery test (#653) #653 Add PerformanceProfiles to ‘oc adm must-gather’ (#655) #655  
Revert “Add PerformanceProfiles to ‘oc adm must-gather’ (#582)” (#654) #582  
Add PerformanceProfiles to ‘oc adm must-gather’ (#582) #582  
OCPBUGS-13148 : Configure cpu balancing cpu sets for all clusters (#646) #646 OCPBUGS-12978 use WatchNamespace() when deleting Profiles (#644) #644  
Updating cluster-node-tuning-operator images to be consistent with ART (#579) #579  
OCPBUGS-11083 : pao e2e: fix update test suit timeouts (#626) #626 e2e: Fix RPS test for multi-worker cluster (#641) #641  
Revert PR558 and PR585 partially (#639) #639  
e2e: add missing test id (#622) #622  
OCPNODE-1539 : perf profile: add script for preparing cgroups for CPU load balance disabling (#601) #601 Remove subPaths, they are broken (#623) #623  
OCPBUGS-10293 : performance-profile: enable crun for high-performance runtime (#588) #588 Revert #567 and cleanup PPC-generated TuneD config (#611) #611  
Backup and revert profile when hugepages test completes (#597) #597  
tuned: Handle UserLevelNetworking nil pointer gracefully (#608) #608  
A new env var NO_BZ_CHECKS disables Bz and Jira status checks (#607) #607  
OCPBUGS-9959 : check scheduler settings under /sys/kernel/debug/sched/  (#581) #581 workload-hints: disable stalld when rt disabled (#592) #592  
render: remove uid from render-sync target (#594) #594  
OCPBUGS-11083 : e2e: profile updates tests revised (#600) #600 Update to the latest k8s and OpenShift deps (#580) #580  
Make the enable-leader-election option work (#586) #586  
Update NTO-generated MC on MachineCount <= 1 (#585) #585  
remove BZ 2181546 from skip list (#602) #602  
Fix updating nodeSelector test (#595) #595  
Remove the preStop hook for openshift-tuned (#587) #587  
Skip tests depending on Jira or Bz issue status (#591) #591  
kubectl explain to explicitly state workloadHint default values (#576) #576  
Full changelog  
OCPBUGS-28247 : Remove “include.release.openshift.io/ibm-cloud-managed:” annotation #570 : OCPBUGS-20724:  bump library-go to include switch to HTTP/1.1 #554  
WRKLDS-728 : Capabilities: drop build/apps APIService when capabilities are not enabled #532 switch image-registry cert CM #545  
OCPBUGS-16554 : update dependencies to get rid of goproxy #546 AUTH-408 : bindata: set required-scc #544 Plumb featuregates to the openshift-apiserver #542  
allow etcd healthcheck timeout closer to probe timeouts to avoid failing on slower etcd #540  
Add AES-GCM encryption tests #539  
OCPBUGS-14010 : increase timeout for probes #536 OCPBUGS-2765 : Library go bump #538 OCPBUGS-12813 : Updating ose-cluster-openshift-apiserver-operator images to be consistent with ART #534 Updating ose-cluster-openshift-apiserver-operator images to be consistent with ART #525  
OCPBUGS-10040 : update openshift/api to include aesgcm provider in the default apiserver schema #526 Full changelog  
OCPBUGS-48841 : Add new team members to the OWNERS file #380 OCPBUGS-33295 : Update opentelemetry to mitigate CVE-2023-47108 #344 OCPBUGS-28951 : Replace ‘coreydaley’ with ‘sayan-biswas’ in OWNERS file #328 OCPBUGS-23490 : Remove blockage of ConfigObserver by build informer has synced flag #318 OCPBUGS-20818 : bump(k8s,openshift) to address CVE-2023-44487 [4.14] #309 OCPBUGS-20439 : Include Build CRD in manifests #307 OCPBUGS-18992 : Always sort disabled controller list #303 OCPBUGS-18980 : Disable BuildConfigChange controller when Build cap is disabled #301 route-controller-manager deployment updates #295  
OCPBUGS-16072 : Updating Kubernetes and other associated dependencies #296 OCPBUGS-13926 : change the operator log level to default normal in the deployment #289 BUILD-582 , OCPBUGS-14638 : bump(k8s): 1.27.1 #294 OCPBUGS-13926 : add loglevel controller for  OCM-o #292 Revert “13895: [WRKLDS-730] route-controller-manager deployment updates” #293  
OCPBUGS-13895 : [WRKLDS-730] route-controller-manager deployment updates #288 Updating ose-cluster-openshift-controller-manager-operator images to be consistent with ART #287  
Updating ose-cluster-openshift-controller-manager-operator images to be consistent with ART #286  
Updating ose-cluster-openshift-controller-manager-operator images to be consistent with ART #285  
Bump golang.org/x/net from 0.5.0 to 0.7.0 #284  
Updating ose-cluster-openshift-controller-manager-operator images to be consistent with ART #279  
OCPBUGS-10568 : migrate to using lease objects for leader election #282 Add Divyanshu Agrawal as a reviewer #283  
And 1 elided commits (e.g. from squash or rebase merges) 
Full changelog  
OCPBUGS-21759 : switch to bingo for dependency management (and bump golangci-lint@v1.51.0) #98 OCPBUGS-21019 : Bump golang.org/x/net to v0.17.0 #96 Merge rukpak updates into main + Required Fixes #88  
Add ncdc to OWNERS #89  
Temporarily remove from payload #90  
Revert “Merge rukpak updates into main” #87  
Merge rukpak updates into main #86  
Updating ose-cluster-platform-operators-manager images to be consistent with ART #83  
OCPBUGS-10333 : feat: add workload pinning annotations #82 Full changelog  
OCPBUGS-21122 : bump(k8s,openshift) to address CVE-2023-44487 [4.14] #139 OCPBUGS-21122 : Bump deps to address CVE-2023-44487 #134 OCPBUGS-17989 : pkg/psalabelsyncer: enforce syncing in case label is set #129 AUTH-413 : ps syncer: only sync labels if noone else is managing them #127 ps syncer: add a controller for run-level 0 namespaces #128  
Adjust logs per generic troubleshooting #126  
OCPBUGS-15568 : Add timeout into cache sync wait to prevent hanging forever #124 OCPBUGS-15568 : Remove debugs logs in workqueuebucket #125 Add more logs for queue operations #122  
OCPBUGS-15568 : Handle error if caches are not synced instead silently exit #121 Add ingvagabund to owners #120  
Add logs for quota namespace syncing with verbosity level 2 #119  
OCPBUGS-13649 : fix ClusterResourceQuotas to work for all api resources including custom resources #115 OCPBUGS-13579 : bump(k8s) to v0.27.1 #113 OCPBUGS-8271 : external template and route Informer #100 Updating cluster-policy-controller images to be consistent with ART #110  
complete controller description #104  
OCPBUGS-160 : psalabelsyncer: handle empty namespace of a rolebinding subject #107 Updating cluster-policy-controller images to be consistent with ART #105  
Full changelog  
OCPBUGS-55655 : Adding mutex to func createSamples on handler.go #635 OCPBUGS-54537 : add rhdmalone to owners #624 OCPBUGS-49421 : add shannon and aroyoredhat as owners #598 OCPBUGS-21217 : CVE-2023-39325 ose-cluster-samples-operator-container:golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) #539 OCPBUGS-22257 : Sync library to remove invalid dockerhub references for OKD #520 manifests: Drop explicit runlevel from CRD manifest #515  
OCPBUGS-16435 : Bump k8 to v0.27.2 for ocp 4.14 #514 OCPBUGS-16403 : Update Cluster Sample Operator dependencies and libraries for OCP 4.14 #511 reconcile status when clusteroperator changes #510  
OCPBUGS-15754 : Update Jenkins and Jenkins Agent Base image versions #504 OCPBUGS-14491 : Updating to use Jenkins 4.13 images #502 OCPBUGS-12775 : Update Cluster Sample Operator dependencies and libraaies for OCP 4.14 #500 Updating ose-cluster-samples-operator images to be consistent with ART #499  
OCPBUGS-10910 : Add network tools imagestreams #495 Updating ose-cluster-samples-operator images to be consistent with ART #493  
Fix jira component #494  
Full changelog  
OCPBUGS-50592 : Set openshift.io/required-scc: privileged annotation in version pods #1151 OCPBUGS-45331 : deps: bump golang.org/x/net to 0.31.0 #1120 OCPBUGS-44704 : Fix desired before sync_worker’s work is initialized #1109 OCPBUGS-30878 : install/0000_90_cluster-version-operator_02_servicemonitor: Drop $ from ${{ #1040 OCPBUGS-27822 : Revert “[release-4.14] OCPBUGS-27175: clusterOperatorBuilder: Reconcile metadata on COs” #1028 OCPBUGS-27175 : clusterOperatorBuilder: Reconcile metadata on COs #1021 OCPBUGS-27048 : pkg/payload/precondition/clusterversion/rollback: Allow previous version within z-stream #1018 OCPBUGS-26207 : pkg/cvo/availableupdates: Only bump LastAttempt on Cincinnati pulls #1016 OCPBUGS-20762 : [4.14] Bump http-related deps #986 OCPBUGS-19921 : pkg/clusterconditions/cache: Avoid panic on all-fresh-cache evaluation #976 OCPBUGS-19737 : pkg/clusterconditions/promql: Warm cache with 1s delay #973 OCPBUGS-19465 : Properly reconcile SCC resources #972 OCPBUGS-13308 : Simplify user-facing messages on risk evaluation throttling #955 OCPBUGS-17418 : Really handle DeletedFinalStateUnknown correctly #954 CNF-9385 : add ImageRegistry capability #950 OCPBUGS-17418 : Handle cache.DeletedFinalStateUnknown #952 docs/user/tasks-*by-number-and-component.svg: Update to 4.13 #949  
Dockerfile: bump to 1.19 and use public UBI pullspec #944  
pkg/payload: De-noise ‘excluding …’ logs #945  
bump api version to add new capability #941  
pkg/cvo/metrics: Doc from_version semantics for cluster_version{type=“completed”} #929  
Code cleanups for golangci-lint failures #942  
OTA-559 : Migrate to (*Manifest).Include(…, overrides) #934 OCPBUGS-9070 : Fix hotlooping on Cronjob resources #910 Updating cluster-version-operator images to be consistent with ART #932  
Updating cluster-version-operator images to be consistent with ART #930  
Updating cluster-version-operator images to be consistent with ART #928  
syncStatus: Reduce verbosity when syncing nothing of interest #922  
Update dnsPolicy to allow consistent resolution of the internal LB #920  
OTA-941 : pkg/payload/precondition/clusterversion/rollback: New precondition #918 Updating cluster-version-operator images to be consistent with ART #911  
OCPBUGS-5469 : pkg/cvo/availableupdates: Prioritize conditional risks for largest target version #909 Full changelog  
OCPBUGS-44158 : bump dompurify to latest #15593 OCPBUGS-59998 : Remove the devconsole backend common internet proxy and replace it with dedicated ones #15464 OCPBUGS-58274 : Fix TypeError Cannot read properties of null (reading ‘metadata’) #15228 OCPBUGS-57099 : Add all files to vendor regardless of gitignore #15135 OCPBUGS-55942 : fix bug where operator appears twice #15033 OCPBUGS-55427 : Add missing pipelines plugin name to known plugins #15005 OCPBUGS-39010 : fix crash if helm chart metadata is nil #14198 OCPBUGS-53437 : Show Observe section without PROMETHEUS and MONITORING flags #14892 OCPBUGS-54404 : Update the monitoring topic used by the console team #14910 OCPBUGS-54167 : fix run time error when no completed version exists #14899 OCPBUGS-51118 : redirect to correct alert #14823 OCPBUGS-49753 : ImagePullSecret getting duplicated when editing DeploymentConfig in Form View #14711 OCPBUGS-46603 : Unable to remove finally tasks in pipeline builder mode #14642 OCPBUGS-33145 : Fix “Auto deploy when new image is available” becomes unchecked when editing a deployment from web console #14370 OCPBUGS-45323 : Use vCenterCluster value from CM as primary resource #14574 OCPBUGS-39368 : Remove deprecated resources from spec of the Pipeline #14230 OCPBUGS-45283 : Add IBM Block Storage CSI driver support for RWX #14569 OCPBUGS-44791 : A value submitted in From view is wrapped with single quotation after switching to Yaml view. #14518 OCPBUGS-42962 : Need to allow blank for Project/namespace when setting SA Subject in ‘Project access tab’ #14386 OCPBUGS-43000 : List of default Camel K event sources disappears when adding a custom event source #14388 OCPBUGS-36558 : Increase login flow state paramater length/entropy #14439 OCPBUGS-10337 : Updating openshift-enterprise-console images to be consistent with ART #12760 OCPBUGS-42518 : The filepath including leading slash makes error during parsing devfile using Gitlab #14342 OCPBUGS-42517 : Values entered into the Instantiate Template form are automatically cleared #14341 OCPBUGS-42757 : Switch to use annotations as labels from PipelineRuns created through Pipelines as Code is deprecated #14369 OCPBUGS-38883 : Fix password set to Secret created through Start Pipeline form #14184 OCPBUGS-37353 : Import from Git allow users to import an app with Build option Pipeline also when no Pipeline is available #14108 OCPBUGS-41836 : DeploymentConfigs deprecation info alert should not present on the Edit deployment page #14281 OCPBUGS-39389 : Edit the secret and add the Chinese in the web-console, garbled characters will be displayed #14231 OCPBUGS-41581 : Increased max nodes limit to 200 in topology page #14262 OCPBUGS-38972 : Redirects to new PipelineRun logs URL from old PipelineRun logs URL #14234 OCPBUGS-38053 : fix BMH restart annotation #14109 OCPBUGS-33748 : Fix Pipeline details page with when expression using CEL expression #13856 OCPBUGS-32499 : Fixed some problems in topology Chinese translation text #13779 OCPBUGS-33942 : make sure folder is encapsulated with quotas #13869 OCPBUGS-35723 : Upgrade Pipeline trigger resources to v1beta1 #13985 OCPBUGS-33558 : Display “With Data upload form” in Create PVC drop down once #13840 OCPBUGS-33064 : Fix PipelineRun Logs tab navigation #13673 OCPBUGS-33321 : Helm Plugin’s Catalog incorrectly renders a single index entry into multiple tiles #13824 OCPBUGS-33635 : restrict Masthead logo to max-height to 60px #13847 OCPBUGS-33640 : Add visual connector between VMs and non VMs workloads #13848 OCPBUGS-33462 : fix issues with Edit Route form #13831 OCPBUGS-33110 : change OperatorHub filter FIPS Mode to Designed for FIPS #13804 OCPBUGS-32697 : Routes created by devfiles do not always use HTTPS #13787 OCPBUGS-21799 : Fix empty editor error #13256 OCPBUGS-32168 : fix bug where paused MCPs were incorrectly unpausing w… #13753 OCPBUGS-20173 : Console should not panic when no response is retrieved for plugin assets #13217 OCPBUGS-31388 : Application creation fail when manually entering input scaling value in local setup #13697 OCPBUGS-31394 : PipelineRuns in Console show wrong status or load indefinitely #13698 OCPBUGS-31864 : Fix config ini format #13738 OCPBUGS-25145 : fix vCenter cluster being empty #13436 OCPBUGS-28746 : fix bug where Expand PVC modal assumes pvc.spec.resou… #13558 OCPBUGS-29783 : Fix operands list endpoint #13625 OCPBUGS-29813 : Release 4.14 backports #13646 OCPBUGS-29813 : Addition of optional chaining to prevent yaml crash #13541 OCPBUGS-25274 : Add support for Azure Workload Identity / Federated Identity based in… #13642 OCPBUGS-28972 : Add flags checks to hide Pipeline static plugin List and details pages #13572 OCPBUGS-27898 : Add support for custom segment domains (to load JS and make API calls) #13540 OCPBUGS-29349 : Error in displaying BuildRun logs in Console #13601 OCPBUGS-29100 : Pipeline Name gets changed to “new-pipeline” on the Edit Pipeline YAML/Builder #13585 OCPBUGS-29239 : Add a new allowInsecure option to the internet proxy #13592 OCPBUGS-28990 : update check for the ‘provider’ label on the PackageMa… #13573 OCPBUGS-27157 : add additional check to determine if file is binary #13507 OCPBUGS-28635 : Bump graphql-go to v1.3.0 #13553 OCPBUGS-27305 : Copy response code from proxied plugin requests #13517 OCPBUGS-27851 : fix bug where Clone PVC modal assumes pvc.spec.resourc… #13537 OCPBUGS-27350 : Add Pipeline metrics tab using plugin #13520 OCPBUGS-26171 : Set unlimited line width in YAML editor #13482 OCPBUGS-24640 : Strip ‘Server’ header from proxy response #13423 OCPBUGS-25997 : change Alertmanager form to create using matchers inst… #13478 OCPBUGS-24349 : Fix crash when ArtifactHub Task has no version #13399 OCPBUGS-25397 : fix runtime error on Node details Overview when Machin… #13446 OCPBUGS-23771 : Fix for yaml editor that crashes with MCE and ACM plugins enabled #13360 OCPBUGS-24667 : Fix plugin proxy handler #13425 OCPBUGS-24474 : S2I Build Wizard should check for Containerfile in addition to Dockerfile #13415 OCPBUGS-24432 : fix filtering issues on Events #13413 OCPBUGS-24352 : add access review for impersonate #13400 OCPBUGS-22240 : Save also the location.search and .hash values in localStorage to restore them after login #13270 OCPBUGS-24293 : ConsolePlugin metrics must no longer be grouped by the vendor #13391 OCPBUGS-24423 : Searching for items in quick search is confusing #13412 OCPBUGS-22375 : Delete results.tekton.dev annotations before rerun the pipelineRun #13278 OCPBUGS-22478 : Extra space is in the translation text(Chinese) of ‘Create rolebinding’ and ‘replicate rolebinding’ #13290 OCPBUGS-24196 : ApiVersion displayed on console is v1alpha1 whereas we support v1beta1 #13402 OCPBUGS-23423 : Cannot Edit Shipwright Build #13343 OCPBUGS-22980 : remove expandable toggle for conditional update risk d… #13308 OCPBUGS-22374 : Telemetry- Current page was sometimes not tracked when reloading the current page #13277 OCPBUGS-22177 : Channel page shows “Required” message for the default name when navigate to create channel page #13262 OCPBUGS-19371 : Upgrade DomainMapping apiVersion to v1beta1 #13165 OCPBUGS-19416 : Correct logout process #13173 OCPBUGS-22285 : updating doc links for 4.14 GA #13273 OCPBUGS-19845 : mock apis for git repo in test serverless function tests #13199 OCPBUGS-22460 : Fix the forms when BC is not installed in the cluster #13288 OCPBUGS-21877 : add support for new features annotations while preserv… #13258 OCPBUGS-22377 : Fixed Edit Application form for Knative Services #13279 OCPBUGS-21784 : hide page-specific doc links for ROSA and OSD #13254 OCPBUGS-19898 : fix ResourceLog permissions when impersonating #13203 OCPBUGS-19899 : change resource icon for FenceAgentRemediationTemplate… #13204 OCPBUGS-19878 : show all the legends for Pipeline metrics in PipelineRun TaskRun Duration chart #13202 OCPBUGS-19776 : 404 - not found will show on Knative-serving Details page #13193 OCPBUGS-19526 : fetch TaskRuns without selector and reduces the get TaskRuns requests #13178 OCPBUGS-18997 : fix issues with refactored “Create StorageClass” form #13170 OCPBUGS-19664 : Check if filtered object contains name property #13187 OCPBUGS-19380 : Hide the Builds NavItem if BuildConfig is not installed in the cluster #13167 OCPBUGS-19337 : Unhide the Import From Git Tab on the Add page if Pipelines Operator is installed and BuildConfig is not installed in the cluster #13160 OCPBUGS-19336 : Added React Icon #13159 OCPBUGS-18881 : use active namespace in Create cta href of create action for operator backed #13150 OCPBUGS-19362 : Hide the DeploymentConfig option in the User Preferences if that resource type isn’t available #13164 OCPBUGS-19338 : Hide DeploymentConfig option from forms when it’s not installed in the cluster #13161 OCPBUGS-18987 : Monitoring: Fix display of silenced alerts in dev console #13152 OCPBUGS-18727 : bump @patternfly/react-core to v4.276.11 to pick up Sele… #13146 OCPBUGS-18686 : Fix incorrect export of useLabelsModal in dynamic plug… #13142 OCPBUGS-18604 : [knative] Don’t rely on openshift/hello-openshift as a sample image #13134 OCPBUGS-18094 : Remove cluster filter and menu group title #13137 OCPBUGS-18348 : Add deprecation alert for DeploymentConfig #12968 OCPBUGS-13359 : Fix crash when filtering the quick start catalog #13126 OCPBUGS-18306 : fix useDeleteModal Example formatting #13117 OCPBUGS-18406 : Builds navigation item is missing in Developer perspective #13124 OCPBUGS-17341 : OCP console mandate secret for repository creation #13084 OCPBUGS-16108 : Fix DeploymentConfig list performance issues by lazy loading their ReplicationControllers #13118 CONSOLE-3126 : Update cluster paused alert message #13106 OCPBUGS-17864 : Web console slowness on Project>Project access page #13099 OCPBUGS-17981 : Remove DeploymentConfig, Build and BuildConfig sections from navigation and use flags so they can be enabled by cluster admins #13089 OCPBUGS-9182 : Enable default-container annotation to specify the default container for logs and terminal. #13098 OCPBUGS-17913 : Typo in the OCP console menu #13096 OCPBUGS-17948 : Fix that Devconsole plugin show essential features like add page and topology also when Builds and DeploymentConfigs capabilities are disabled #13097 OCPBUGS-13892 : Remove spaces from prometheus queries #13043 OCPBUGS-15927 : Error page when fresh normal user visiting BuildConfigs page of ‘default’ project #13091 OCPBUGS-16374 : Fix topology crash when a console.topology/data/factory extension tries to resolve a resource with version from the CRDs which doesn’t exists #13093 CONSOLE-3327 : Expose useActiveNamespace within dynamic-core-api #13033 OCPBUGS-17595 : Updating YAML from console shows error #13090 OU-206 : Merge monitoring alerts with alerts from other sources in the dev console #12940 CONSOLE-3681 : Convert storage-class-form.tsx from class component to … #13036 OCPBUGS-17496 : Bridge NAD should set “preserveDefaultVlan”: false #13076 CONSOLE-3126 : Remove paused state since its no longer relevant due to 4.14 changes … #13072 OCPBUGS-17515 : Console UI is broken due to patternfly/react-core version change #13086 OCPBUGS-17504 : Dev console: Remove checkboxes on Alert Details page Silenced By list #13085 OCPBUGS-16717 : Fix name validation regex #13075 OCPBUGS-17410 : Fix that “Delete application” doesn’t work in topology when Pipelines operator is not installed #13074 OCPBUGS-14138 : Console fix #13078 OCPBUGS-15458 : Links for console-dynamic-plugin-sdk markdown docs are not working #13062 OCPBUGS-129 : bump @patternfly/react-core to v4.276.11 to pick up Sel… #13052 OCPBUGS-17234 : change Command Line Tools text #13068 OCPBUGS-17347 : Fix “View alerting rule” action URL #13058 OCPBUGS-15419 : Title on Overview page has changed to “Cluster · Red Hat OpenShift” #12951 OCPBUGS-13387 , OCPBUGS-16693 : Import page create button is disabled due to PAC validation #13046 CONSOLE-3683 : Convert FireMan component in list-page.tsx from class c… #13024 OU-231 : Add jgbernalp and zhuje to OWNERS for monitoring #13069 OCPBUGS-17196 : Fix nad ovn type - annotation and netAttachName #13053 OCPBUGS-16844 : external link icon in resource added toast notification not linked #13057 OCPBUGS-15310 : Helm Chart installation modal “Documentation” field is always N/A #13032 CONSOLE-3686 : Convert SecretFormWrapper component in create-secret.ts… #13017 OCPBUGS-15008 : update the KnativeServing API version to v1beta1 for global-config extension #13059 CONSOLE-3679 : Convert instantiate-template.tsx from class component t… #12947 CONSOLE-3568 : expose DeleteModal via useDeleteModal hook in @console/shared #12974 CONSOLE-3677 : Convert edit-yaml.jsx from class component to functiona… #12973 CONSOLE-3678 : Convert EventStream component in events.jsx from class … #12989 OCPBUGS-16093 , OCPBUGS-16270 , OCPBUGS-9409 : Creation of GH webhook and attaching it to repo while importing from git using PAC #13021 CONSOLE-3682 : Convert components in cluster-settings folder from clas… #13011 CONSOLE-3676 : Convert app.jsx from class component to functional comp… #12952 OU-175 : Monitoring: Add “Silences” tab to Developer console #12900 OCPBUGS-10884 : propagate mpath device type to request data #13022 OCPBUGS-16656 : Devfile import fails on master branch #13050 OCPBUGS-9355 : Fix translation bug #13049 OCPBUGS-3495 : Add cacheBuster query string when requesting plugin entry scripts #13035 OCPBUGS-16599 : allow creation of v1beta1 APIversion Pipeline in Pipeline builder YAML view #13034 OCPBUGS-9285 : Add note to the console.page/route extension regarding its usage #13044 OCPBUGS-14341 : Check operands deletionTimestamp to disable kebab action menu #13042 ODC-7336 : automation for customization-of-catalog-add-page-form feature file #12934 OCPBUGS-11285 : Dynamic plugin translation support for plurals broken #13028 chore(i18n): update translations: Completed Master Branch - Sprint 238 #12999  
OCPBUGS-16433 : Fixes location update issues #13023 CONSOLE-3591 : Remove directory listing for /static/* #13001 CONSOLE-3694 : Convert tile-view-page.jsx from class component to func… #12942 ODC-7334 : Show ConsoleSamples resources in the samples catalog #12970 CONSOLE-3666 : Validate shared modules of dynamic plugins #12881 OCPBUGS-11971 : When removing the project owner from the project in GUI, instead of that user, the group (the default group added as project admin through the project template) will be removed. #13016 OCPBUGS-13808 : Console SDK components should be using GroupVersionKin… #13029 OCPBUGS-14837 , OCPBUGS-16025 : Hide the Duplicate Pipelines Card in the DevConsole Add Page #13007 OCPBUGS-8274 : Fix copy login command regression #13003 CONSOLE-3687 : Convert components in utils folder from class component… #12925 OCPBUGS-11219 : Fix incorrectly nested css rule for print styles #12991 OCPBUGS-11620 : Fix stop PLR option #13020 CONSOLE-3706 : Remove custom history.pushPath alias function #12873 CONSOLE-3431 : Allow building dynamic plugins without any exposed modules #12530 HELM-502 : Bump Helm to 3.12.1 #13014 OCPBUGS-15359 : Enable namespace dropdown selection when all namespace installation mode selected by default and… #12975 OCPBUGS-16174 : Update the VSCode extension link and descriptions on Create Serverless function form #13015 OCPBUGS-13142 : InstallPlan info cannot shown on Subscription tab for … #13012 OCPBUGS-14907 : Fix operator backed catalog page when copied CSVs disabled #12932 CONSOLE-3684 : Convert components in modals folder from class componen… #12941 OCPBUGS-16148 : disable Save if Use existing claim is active and no … #13010 OCPBUGS-16150 : Fix Start last run action in Topology sidepanel #13009 OCPBUGS-15458 : Links for console-dynamic-plugin-sdk markdown docs are not working #12993 OU-218 : Monitoring: Use useResolvedExtensions instead of useExtensions #12987 CONSOLE-3680 : Convert row-filter.jsx from class component to function… #12957 OCPBUGS-13808 : Console SDK components should be using GroupVersionKin… #12946 CONSOLE-3685 : Convert components in RBAC folder from class component … #12933 CONSOLE-3611 : User can configure the install of Operators that authenticate using STS #12779 OCPBUGS-9991 : Most of contents are lack of i18n on “Command Line Tools” page #12995 OCPBUGS-15021 : Use FLAGS.CAN_GET_NS to decide whether to show Route details > Metrics tab #12944 ODC-7341 : Show Build output in Shipwright Build list and details page #12972 OCPBUGS-8005 : Fix broken upstream doc link for cluster channel upgrades #12998 OCPBUGS-10884 : add multipath device type to LocalVolumeSet #12723 OCPBUGS-14434 : Running yarn dev results in the build running on a loop #12990 OCPBUGS-10844 : fix bug where binary secret values are corrupted on edit and add test coverage #12986 OCPBUGS-15011 : Upload JAR file does not work if the Cluster Samples Operator is disabled #12917 OCPBUGS-12891 : check for valid OLM selector in K8sResourceWidget to p… #12887 OCPBUGS-15896 : STS label not valid according to kube #12980 RHSTOR-4533 : added a mutator property for the storage class extension #12886 OCPBUGS-7416 : get Kamelets from the camel-k-operator namespace as well #12710 OCPBUGS-14548 : only show pipelines doc link for downstream #12979 CONSOLE-3565 : Expose annotations modal in dynamic plugins sdk #12843 CONSOLE-3610 : User can filter on STS enabled clusters for Operators that claim support for STS #12778 OCPBUGS-15773 : The upgrade Helm Release tab in OpenShift GUI Developer console is not refreshing with updated values. #12966 ODC-7319 : correcting - missing package tag across gherkin files #12847 ODC-7313 : Run CI tests with non-admin user #12814 OCPBUGS-15427 : Remove access review check for PipelineResource from Pipeline section #12964 ODC-7325 : Improve BuildConfig and Shipwright Build list pages #12910 ODC-7340 : Remove Shipwright Tech Preview badges #12960 OCPBUGS-14548 : update pipelines doc links #12890 OCPBUGS-15572 : Fix bug where the install operator update approval radio button does … #12959 OCPBUGS-14959 : Error for DuplicateClusterRoleBinding and Edit ClusterRoleBinding subject in RHOCP4 Web Console #12939 OCPBUGS-14665 , OCPBUGS-14874 , OCPBUGS-14875 : Helm Chart installation form hangs on create if JSON-schema is using 2019-09 or 2020-20 standard revisions #12929 OU-198 : Revert “Disable broken monitoring-tests” #12943 ODC-7337 : Skip wait for authentication operator to start progressing when the secret already exists #12884 OCPBUGS-497 : frontend: fix kube-apiserver availability query #12928 OCPBUGS-15060 : “Duplicate RoleBinding” leads to “Unsupported value” error #12921 OCPBUGS-7794 : Image pull secret creation form doesn’t re-enable Create button once it is disabled #12609 CONSOLE-3616 : Revert multicluster server flags #12782 OCPBUGS-15299 : Create Serverless Function Form is Broken #12926 OCPBUGS-13120 : Serverless functions UI warning is misleading #12923 ODC-7329 : Subsequent PipelineRuns take initial PipelineRun name into account #12913 CONSOLE-3612 : User is warned when cluster is in STS mode #12777 ODC-7322 : Implement a proxy to hit the Artifacthub.io API end point #12905 MGMT-15023 : Add help text to vCenter cluster field #12912 OCPBUGS-11464 : Availability requirement update is initially disabled … #12918 OCPBUGS-15135 : Make knative routes copyable similar to openshift routes #12908 OCPBUGS-14909 : Disabling web-terminal tests in CI #12892 OCPBUGS-14015 : Create helm release page doesn’t show a YAML editor when schema isn’t available (httpd-imagestreams chart) #12914 CONSOLE-3372 , OCPBUGS-13648 , OCPBUGS-13833 : Console supports installing non-latest Operator versions #12743 OCPBUGS-7036 : Add Git Repository (PAC) doesn’t setup GitLab and Bitbucket configuration correct #12593 chore(i18n): update translations: Completed-7034-OCP 4.13/Master Branch UI Localization- Sprint 231 #12695  
OCPBUGS-14354 : e2e: Enable Pipeline tests #12911 OCPBUGS-14915 : Remove entries from the menu that are now added by monitoring-plugin #12893 ODC-7316 : Add discoverability of the IDE extensions from Create Serverless form #12846 OCPBUGS-14419 : Remove tech preview badge from Pipeline repository pages #12888 ODC-7326 : Align Build, BuildRun and PipelineRun details page #12898 OCPBUGS-14836 : Updated BuildConfig and Shipwright Build lists shows runs from another namespace #12896 OCPBUGS-14890 : Missing ‘View details’ link for several servicemonitors.spec.endpoints fields in YAML sidebar #12895 OCPBUGS-14002 : Correct the alignment of yaml toolbar links #12894 OCPBUGS-14660 : Helm Repository “Edit” button results in 404 #12891 OCPBUGS-14716 : add ROSA branding option #12889 OCPBUGS-13208 : Fix PVC metrics query #12867 OCPBUGS-12897 : Knative Route Details Page should show the URL of the route as it is shown in the Openshift Routes Details page #12853 OCPBUGS-8682 : Fix empty create dropdown on provided APIs page #12819 OCPBUGS-9214 : Create button is disabled in Git Import form when git repo url has hyphens in owner part of the url #12652 OCPBUGS-4496 : Fix Samples/Snippets tab #12642 OCPBUGS-7361 : support JSON schema 06 in the helm install/upgrade form #12644 OU-138 : Move QueryBrowser component to dynamic SDK #12841 OCPBUGS-9063 : Remove frontend validation from legacy operand form gen… #12788 ODC-7275 : Implement invoke serverless functions #12755 OCPBUGS-14964 : Disable broken monitoring-tests #12902 OCPBUGS-11219 : Include print styles to allow printout of full screen and … #12849 ODC-7306 : Show the latest Build status in the Build list view #12809 ODC-7277 : added v1 support for Pipeline #12729 CONSOLE-3660 : Introduce react-router v6 compatibility #12861 OCPBUGS-8274 : Do not request token URL if auth is disabled #12818 OCPBUGS-14668 : visiting Configurations page returns error Cannot read… #12882 OCPBUGS-14602 : selected project was not taking effect when searching … #12880 OCPBUGS-14550 : Use proxy with web socket connection and monitoring d… #12877 CONSOLE-3392 : Implement exact search  for more precise result sets and add user prefs setting #12838 ODC-7288 : Add proxy to invoke knative services with a public route #12789 ODC-7320 : Gherkin for customisation of add page and developer catalog through customisation form view #12855 OCPBUGS-14424 : OVN Kubernetes multi-homing #12869 OCPBUGS-14262 : Fix Pipeline metrics page #12863 OCPBUGS-10411 : Edit deployment don’t enable save button if image stream is added #12673 OCPBUGS-14149 : account for single object in status.conditions instead… #12866 OCPBUGS-14352 : E2e tests fails because OpenShift Pipelines operator could not be found #12872 OCPBUGS-9909 : Could not import multiple resources via JSON (while YAML supports this) #12721 ODC-7317 : Update Terminal step of the Guided Tour to indicate that odo CLI is accessible #12848 ODC-7308 : Update test cases of web terminal configuration page #12825 ODC-7283 : Add Web Terminal tab in cluster configuration page #12718 OCPBUGS-6767 : Regression: OpenShift Console no-longer filters SecretList when displaying ServiceAccount #12679 OCPBUGS-13782 : Surface the message from Operator developer #12840 OCPBUGS-12896 : Corrected Labels for resolving the bug related to the Create Route Checkbox #12834 ODC-7315 : Change help texts in initialize Terminal page #12824 OCPBUGS-11668 : Fix kebab actions on Installed Operators page #12822 OCPBUGS-13693 : Fix RTE in bridge. #12817 OCPBUGS-11256 : Topology UI doesn’t recognize Serverless Rust function for proper UI icon #12816 OCPBUGS-11996 : Fixed Make Serverless Form Error #12815 OCPBUGS-13257 : propagate labels to pipeline resources #12808 MGMT-14527 : Add vSphere cluster field. #12806 OCPBUGS-12783 : Remove “Action” type from OLM descriptor readme #12800 CONSOLE-3623 : Add X-CSRF token to console request headers #12719 OCPBUGS-5453 : Add Pipeline metrics unsupported empty page #12435 OCPBUGS-1829 : use service port name instead targetPort in the Pipeline Event listener route #12148 CONSOLE-2501 : Upgrade TypeScript version to 4.5 #12821 ODC-7318 : Update ODC owners, May 2023 edition #12839 CONSOLE-2501 : Update builder image #12828 OCPBUGS-13361 : Update plural string dynamic demo plugin locales #12799 ODC-7309 : Remove dev console integration-tests reviewers #12802 OCPBUGS-12244 : only copy workload annotations to debug pod #12794 ODC-7279 : Correcting CI failures of ODC Packages #12700 HELM-484 : Basic authentication documentation update #12768 CONSOLE-3615 : Mark multicluster code for removal #12754 ODC-7300 : Change method name for labelKeyForNodeKind to getTitleForNodeKind #12733 ODC-7296 : Rename all instances of YAMLEditor to CodeEditor #12708 Bug 2176216 : VMs are listed twice in cluster inventory #12795 OCPBUGS-12267 : Fix OLM k8sResourcePrefix descriptor dropdown behavior #12758 OCPBUGS-11099 : add support for minimal status of tekton #12724 OCPBUGS-12732 : fix buildconfig form ns #12771 OCPBUGS-12637 : update helm release empty state text #12767 OCPBUGS-12286 : Fix missing console plugin control on CSV details page. #12766 OCPBUGS-7692 : Fix that helm details page shows an inf. loading indicator when api call fails #12578 OCPBUGS-11057 : Importing a kn Service shows a non-working Open URL decorator also when the Add Route checkbox was unselected #12726 OCPBUGS-6581 : Serverless - Eventing - Channels: Conditions column i18n misses #12641 OCPBUGS-7485 : When Creating Sample Devfile from the Samples Page, Topology Icon is not set #12725 OCPBUGS-11596 : Do not fetch catalog sources on CSV or Subscription details pages. #12717 OCPBUGS-10224 : Multiple instances of tabs under ODF dashboard #12635 OCPBUGS-6770 : Pipeline doesn’t render correctly when displayed but looks fine in edit mode #12722 OCPBUGS-11869 : Pod Status Overlapping in Sidebar #12732 CONSOLE-3600 : Filter operators based on nodes OS type #12707 OCPBUGS-9329 : update dynamic plugin info for development mode #12666 OCPBUGS-10562 : disable operator-uninstall.ts as the uninstall test is… #12731 OCPBUGS-3036 : Do not list subscriptions in all namespaces on CSV details page. #12716 OCPBUGS-5548 : delete associated pipeline, triggertemplate and eventlistener when deleting app #12587 Add the possibility login with different IDP and user credentials #12709  
ODC-7270 , ODC-7272 : Improve telemetry: Add resource and tab name to the page title #12669 Improve useModal docs example #12115  
Improvements on Web Terminal Operator Installation functionality #12713  
OCPBUGS-10956 : Reduce metrics cardinality by grouping well-known and other perspectives and plugins #12684 OCPBUGS-9305 : add missing readOnly conditions #12685 ODC-7280 : Add PipelineRun tab to Dev perspective Pipeline page #12672 OCPBUGS-10562 : re-enable and fix operator-uninstall.spec.ts #12678 ODC-7282 : Add webhook informations on Repository details and summary page #12690 OCPBUGS-11382 : Update Dockerfile to use latest builder images #12655 ODC-7274 : Prepare a page and modal to invoke a Serverless function #12686 OCPBUGS-103 : Move operator install status to it’s own route/page #12704 OCPBUGS-11020 : fix runtime error on OperatorHub details pages #12702 ODC-7281 : Provide Column management option for the TaskRuns list page #12689 Remove andybraren as dashboard reviewer #11807  
OCPBUGS-11197 : Rephrase vCenter connection tooltips #12694 OCPBUGS-10961 : Fix description for BuildAdapter SDK extension #12683 CONSOLE-3577 : Remove deprecated metering endpoint from backend #12692 OCPBUGS-5940 : Wait with CRD/model translation until i18n bundles are loaded #12697 OCPBUGS-10916 : fix translation string for Image pull secret created alert #12681 OCPBUGS-10836 : fix All projects selection on Pipelines page in dev perspective #12676 OCPBUGS-10950 : use PipelineRun template from ‘pipelines-as-code-pipelinerun-go’ configMap for Go runtime #12682 ODC-7271 : add duration for PipelineRun and TaskRun on details page #12659 ODC-7276 : Add cancelled status color in Pipeline metrics page #12662 automation of edit build config feature file #12622  
OCPBUGS-10619 : Enable modal scroll for uninstall operator instances #12680 OCPBUGS-10562 : disable operator-uninstall.spec.ts as the previous fix… #12677 PF Update 2023-2 #12664  
OCPBUGS-10562 : re-enable and fix operator-uninstall.spec.ts #12661 OCPBUGS-10655 : Do not show builder ImageStreams without sampleRepo as samples #12667 OCPBUGS-10509 : Sync Debug in Terminal feature availability with 3.x pods in web console #12657 OCPBUGS-9956 : update the default pipelineRun template name #12660 OCPBUGS-7620 : Edit Deployment (and DC) form doesn’t enable Save button when changing strategy type #12608 OCPBUGS-8086 : Visual fixes for list items #12619 OCPBUGS-9907 : Fix alerts source display values #12632 OU-110 : Observe > Dashboards : Code Consolidation Fixes #12588 OCPBUGS-7484 : When there are 2 pipelines displayed in the dropdown menu, selecting one, unchecks the Add Pipeline checkbox #12650 OCPBUGS-8268 : OpenShift pipeline TaskRun(s) column Duration is not present as column in UI #12633 OCPBUGS-7632 : comment out suspected problematic test #12647 OCPBUGS-10345 : Fix backend runtime error #12654 OCPBUGS-10269 : Fix grammatical error in feedback modal #12634 OCPBUGS-8299 : CronJobs table/details UI doesn’t have Suspend indication #12638 OCPBUGS-7801 : taskrun ui fails when using object type results #12626 OCPBUGS-10230 : Fixes card sizes not even issue when commit info is not available on Environments page #12550 OCPBUGS-5360 : re-enable operator-install-single-namespace.spec.ts test #12424 OCPBUGS-10232 : Fixes argocd link for non-KAM added application envs #12558 OCPBUGS-7232 : Fixes resource status alignment issue #12429 CONSOLE-3393 : Proxy managed cluster monitoring requests through MCE c… #12360 CONSOLE-3425 : Expose ‘nameFilter’ prop to ‘ListPageFilter’ component #12438 OU-117 : No response for duplicate query with default disabled status when click ‘Hide all queries’ #12621 Update dockerignore. #12538  
CONSOLE-3452 : Add patternfly customer feedback extension mechanism to console #12611 OCPBUGS-7446 : Show type of sample on the samples view #12548 OCPBUGS-7395 : Users don’t know what type of resource is being created by Import from Git or Deploy Image flows #12615 OCPBUGS-7178 : Add page title to Devconsole pages #12591 And 7 elided commits (e.g. from squash or rebase merges) 
Full changelog  
OCPBUGS-56046 : Check error returned by ipv6 SettleAddresses #193 OCPBUGS-46121 : [4.14] cherry-pick containernetworking/plugins#997 #168 OCPBUGS-33066 : macvlan enable ipv6 ndisc_notify #160 OCPBUGS-20374 : build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 [backport 4.14] #129 OCPBUGS-17681 : Default CNI binaries to RHEL 8 #116 Updating ose-containernetworking-plugins images to be consistent with ART #108  
Updating ose-containernetworking-plugins images to be consistent with ART #107  
Add rhel9 binary #106  
OCPBUGS-14095 : Sync with upstream version v1.3.0 #98 Updating ose-containernetworking-plugins images to be consistent with ART #94  
Updating ose-containernetworking-plugins images to be consistent with ART #93  
Updating ose-containernetworking-plugins images to be consistent with ART #92  
Updating ose-containernetworking-plugins images to be consistent with ART #80  
Full changelog  
OCPBUGS-28952 : Replace ‘coreydaley’ with ‘sayan-biswas’ in OWNERS file #167 OCPBUGS-25069 , OCPBUGS-26309 , OCPBUGS-26323 : add snyk config file for SAST scan #163 OCPBUGS-23111 : Should reference configmaps instead of secrets #152 OCPBUGS-20734 : bump golang.org/x/net to v0.17.0 #146 OCPBUGS-16074 : Updating Kubernetes and other associated dependencies #141 OCPBUGS-14489 : Kubernetes 0.27 #139 OCPBUGS-12597 : bump(*): golang.org/x/net #138 Updating ose-csi-driver-shared-resource-webhook images to be consistent with ART #136  
Updating ose-csi-driver-shared-resource images to be consistent with ART #137  
Updating ose-csi-driver-shared-resource-webhook images to be consistent with ART #135  
Updating ose-csi-driver-shared-resource-webhook images to be consistent with ART #133  
Add go-imports-organizer/goio to organize imports #132  
OCPBUGS-10022 : add ‘system:serviceaccounts’ to SAR to allow group based RBAC #130 Updating ose-csi-driver-shared-resource-mustgather images to be consistent with ART #131  
Updating ose-csi-driver-shared-resource-webhook images to be consistent with ART #128  
Updating ose-csi-driver-shared-resource images to be consistent with ART #129  
Full changelog  
OCPBUGS-28957 : Replace ‘coreydaley’ with ‘sayan-biswas’ in OWNERS file #103 OCPBUGS-26312 : add snyk config file for SAST scank #97 OCPBUGS-23078 : CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #91 OCPBUGS-20825 : bump golang.org/x/net to v0.17.0 #86 STOR-1442 : Restart webhook Pods if webhook-serving-cert changed #83 STOR-1441 : Restart node Pods if metrics-serving-cert changed #82 OCPBUGS-16073 : Updating Kubernetes and other associated dependencies #81 OCPBUGS-14824 : Bump csi-driver-shared-resource-operator library-go #80 OCPBUGS-14488 : bumping kubernetes to 0.27.1 #79 Updating ose-csi-driver-shared-resource-operator images to be consistent with ART #77  
Updating ose-csi-driver-shared-resource-operator images to be consistent with ART #76  
Updating ose-csi-driver-shared-resource-operator images to be consistent with ART #75  
Updating ose-csi-driver-shared-resource-operator images to be consistent with ART #73  
OCPBUGS-7906 : add openshift workload annotation to driver daemonset #72 Full changelog  
OCPBUGS-21177 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #60 STOR-1169 : Rebase external-attacher to v4.3.0 for OCP 4.14 #54 OCPBUGS-14815 : Chore: Update OWNERS and OWNERS_ALIASES #55 Updating csi-attacher images to be consistent with ART #53  
Updating csi-attacher images to be consistent with ART #52  
Updating csi-attacher images to be consistent with ART #51  
Updating csi-attacher images to be consistent with ART #50  
Full changelog  
OCPBUGS-35112 : CVE-2023-48795: bump golang.org/x/crypto to v0.17.0 #99 OCPBUGS-20775 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #72 OCPBUGS-17264 : USPTREAM: 969: build(deps): bump golang.org/x/tools from 0.9.3 to 0.12.0 #68 OCPBUGS-14811 : Chore: Update OWNERS and OWNERS_ALIASES #66 STOR-1169 : Rebase external-provisioner to v3.5.0 for OCP 4.14 #65 Updating csi-provisioner images to be consistent with ART #64  
Updating csi-provisioner images to be consistent with ART #63  
Updating csi-provisioner images to be consistent with ART #62  
Updating csi-provisioner images to be consistent with ART #61  
Full changelog  
OCPBUGS-20929 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #147 STOR-1169 : Rebase external-resizer to v1.8.0 for OCP 4.14 #141 OCPBUGS-14812 : Chore: Update OWNERS and OWNERS_ALIASES #142 Updating ose-csi-external-resizer images to be consistent with ART #140  
Updating ose-csi-external-resizer images to be consistent with ART #139  
Updating ose-csi-external-resizer images to be consistent with ART #138  
Updating ose-csi-external-resizer images to be consistent with ART #137  
Full changelog  
OCPBUGS-29433 : cherry-pick:release-4.14: OCPBUGS-29244 Update VolumeSnapshot and VolumeSnapshotContent using JSON patch #142 OCPBUGS-21032 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #109 STOR-1169 : Rebase external-snapshotter to v6.2.2 for OCP 4.14 #101 OCPBUGS-14813 : Chore: Update OWNERS and OWNERS_ALIASES #102 Updating csi-snapshot-validation-webhook images to be consistent with ART #100  
Updating ose-csi-external-snapshotter images to be consistent with ART #99  
Updating ose-csi-snapshot-controller images to be consistent with ART #98  
Updating csi-snapshot-validation-webhook images to be consistent with ART #97  
Updating ose-csi-external-snapshotter images to be consistent with ART #96  
Updating ose-csi-snapshot-controller images to be consistent with ART #95  
Updating csi-snapshot-validation-webhook images to be consistent with ART #94  
Updating ose-csi-external-snapshotter images to be consistent with ART #93  
Updating ose-csi-snapshot-controller images to be consistent with ART #92  
Updating csi-snapshot-validation-webhook images to be consistent with ART #91  
Updating ose-csi-snapshot-controller images to be consistent with ART #89  
Updating ose-csi-external-snapshotter images to be consistent with ART #90  
Full changelog  
OCPBUGS-20640 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #50 STOR-1169 : Rebase livenessprobe to v2.10.0 for OCP 4.14 #44 OCPBUGS-14810 : Chore: Update OWNERS and OWNERS_ALIASES #45 Updating csi-livenessprobe images to be consistent with ART #40  
Updating csi-livenessprobe images to be consistent with ART #38  
Full changelog  
OCPBUGS-20697 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #52 STOR-1169 : Rebase node-driver-registrar to v2.8.0 for OCP 4.14 #46 OCPBUGS-14814 : Chore: Update OWNERS and OWNERS_ALIASES #47 Updating csi-node-driver-registrar images to be consistent with ART #45  
Updating csi-node-driver-registrar images to be consistent with ART #44  
Updating csi-node-driver-registrar images to be consistent with ART #43  
Updating csi-node-driver-registrar images to be consistent with ART #42  
Full changelog  
Removing kernel[-rt]-core packages from the image. (#132) #132  
Upgrade glibc, use dnf (#131) #131  
Fixing the regexp used to get the correct GCC version. (#127) #127  
Updating the docs to use ubi9 instead of ubi8. (#126) #126  
Updating driver-toolkit images to be consistent with ART (#120) #120  
Remove abi since it was not in 9.2 rpms (#121) #121  
Full changelog  
OCPBUGS-35143 : update to go 1.19 and k8s.io mods to v0.27.4 #87 OCPBUGS-19850 : Ensure that IP forwarding is enabled #78 rework PR #74 to switch Dockerfile to use rhel9 #75  
Updating egress-router-cni images to be consistent with ART #70  
OCPBUGS-6553 : update go-yaml to v2.4.0 #67 Updating egress-router-cni images to be consistent with ART #66  
Full changelog  
OCPBUGS-20752 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #45 OCPBUGS-17367 : UPSTREAM: <carry>: Remove the static library linking flag #41 OCPBUGS-16783 : Chore: Update OWNERS #39 UPSTREAM: <carry>: Fix OWNERS_ALIASES #40  
STOR-1163 : Rebase to upstream v1.10.1 #37 Updating ose-gcp-pd-csi-driver images to be consistent with ART #36  
Updating ose-gcp-pd-csi-driver images to be consistent with ART #33  
Full changelog  
OCPBUGS-25657 : Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #107 OCPBUGS-23078 : CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #96 OCPBUGS-20847 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #87 CFE-878 : Add userLabels in Infrastructure to driver args list #74 OCPBUGS-16654 : Revert revert “STOR-1065: Rework sidecar bindings to b… #76 OCPBUGS-16569 : Bump library-go to remove dependency on goproxy #78 OCPBUGS-16783 : Chore: Update OWNERS #77 Revert “STOR-1065: Rework sidecar bindings to bind common ClusterRoles” #75  
STOR-1065 : Rework sidecar bindings to bind common ClusterRoles #71 OCPBUGS-15823 : Change timeout of CSI sidecar #73 OCPBUGS-14824 : Bump gcp-pd-csi-driver-operator library-go #72 STOR-1301 : Restart controller Pods if metrics-serving-cert changed #68 STOR-1168 : Bump common libraries #70 OCPBUGS-12609 : Bump golang.org/x/net@v0.9.0 #69 Updating ose-gcp-pd-csi-driver-operator images to be consistent with ART #67  
Updating ose-gcp-pd-csi-driver-operator images to be consistent with ART #66  
Updating ose-gcp-pd-csi-driver-operator images to be consistent with ART #65  
OCPBUGS-8683 : Add management workloads annotations #64 Updating ose-gcp-pd-csi-driver-operator images to be consistent with ART #63  
Full changelog  
OCPBUGS-61176 : Add missing service network DNS entries to KAS cert #6742 OCPBUGS-57321 : Add validation to avoid conflicts between KubeAPIServer and NamedCertificates SANs #6231 #6252 OCPBUGS-55936 : [release-4.14] Add konnectivity-proxy sidecar to openshift-oauth… #6129 CNTRLPLANE-921 : Konflux build pipeline service account migration #6080 CNTRLPLANE-921 : Konflux build pipeline service account migration #6085 OCPBUGS-51802 : Fix golang crypto dependency go.mod replacement #5996 OCPBUGS-53899 : bump golang-jwt v4 #5909 OCPBUGS-53433 : Prevent IgnitionServer from flooding the API server with patch requests #5878 OCPBUGS-51731 , OCPBUGS-51802 : Bump dependencies to OCP fork in backports #5899 Red Hat Konflux update control-plane-operator-4-14 #5953  
ART-11792 : update go mod dependency for konflux #5921 OCPBUGS-53314 : Fix IsIPv4 function identifying also addresses instead of CIDRs #5867 OCPBUGS-45559 : Add Network Policies for Konnectivity server and Ignition server proxy #5816 NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.6.6 #5730  
NO-JIRA: chore(deps): update dependency mkdocs-material to v9.6.6 #5725  
chore(deps): update dependency mkdocs-mermaid2-plugin to v0.6.0 #5687  
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.6.5 #5681  
NO-JIRA: chore(deps): update dependency mkdocs-material to v9 #5688  
OCPBUGS-50700 : add region to AWS creds passed to operators managed by CPO #5668 NO-JIRA:  Red Hat Konflux update control-plane-operator-4-14 #5339  
OCPBUGS-47630 : Separate CPO containerfiles #5619 NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.6.4 #5538  
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.6.1 #5537  
OCPBUGS-49405 : add ValidIDPConfiguration condition to report IDP config issues #5520 NO-JIRA: chore: update konflux references & bump up go version to 1.20 #5517  
NO-JIRA: Update squidfunk/mkdocs-material Docker tag to v9.5.50 (release-4.14) #5444  
NO-JIRA: Update dependency mkdocs-material to v8.5.11 (release-4.14) #5430  
NO-JIRA: [release-4.14] Bump golang.org/x/crypto and golang.org/x/net #5372  
NO-JIRA: Update dependency mkdocs-glightbox to v0.4.0 (release-4.14) #5331  
NO-JIRA: Update dependency mkdocs to v1.6.1 (release-4.14) #5330  
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.49 (release-4.14) - abandoned #5308  
OCPBUGS-44279 : Configure OAuth https proxy to dial cloud endpoints directly #5067 NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.45 (release-4.14) #5162  
NO-JIRA: chore(deps): update konflux references (release-4.14) #5145  
NO-JIRA: chore(deps): update konflux references (release-4.14) #5121  
NO-JIRA: chore(deps): update registry.access.redhat.com/ubi9-minimal docker tag to v9.5-1731518200 (release-4.14) #5105  
NO-JIRA: Update Konflux references (release-4.14) #5100  
chore(deps): update konflux references (release-4.14) #5076  
NO-JIRA: chore(deps): update konflux references (release-4.14) #5055  
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.44 (release-4.14) #5056  
NO-JIRA: Update Konflux references to fedcfe0 (release-4.14) #5043  
chore(deps): update konflux references (release-4.14) #5026  
chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.43 (release-4.14) #5021  
chore(deps): update konflux references to f53fe54 (release-4.14) #5020  
NO-JIRA: Update Konflux references (release-4.14) #5011  
OCPBUGS-41701 : cmd: report server version, supported OCP #4718 NO-JIRA: chore(deps): update konflux references (release-4.14) #4975  
OCPBUGS-43688 : Use guest DNS resolution in Konnectivity HTTPS proxy by default #4964 chore(deps): update konflux references (release-4.14) #4953  
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.42 (release-4.14) #4948  
OCPBUGS-43368 : Let payload generation pick the release for the NodePool #4913 NO-JIRA: chore(deps): update konflux references (release-4.14) #4934  
NO-JIRA: chore(deps): update konflux references to 66f551f (release-4.14) #4924  
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.41 (release-4.14) #4917  
NO-JIRA: chore(deps): update konflux references to 674e70f (release-4.14) #4910  
NO-JIRA: chore(deps): update konflux references (release-4.14) #4898  
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.40 (release-4.14) #4879  
NO-JIRA: chore(deps): update konflux references to 37b9187 (release-4.14 #4851  
OCPBUGS-42533 : enable audit log for oauth-openshift #4822 chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v1.21.13 (release-4.14) #4794  
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.39 (release-4.14) #4828  
NO-JIRA: chore(deps): update konflux references (release-4.14) #4813  
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.38 (release-4.14) #4805  
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9 (release-4.14) #4788  
chore(deps): update registry.access.redhat.com/ubi9-minimal docker tag to v9.4-1227.1726694542 (release-4.14) #4758  
chore(deps): update squidfunk/mkdocs-material docker tag to v8.5.11 (release-4.14) #4784  
OCPBUGS-41374 : CPO oauth idp converter: resolve names before dialing #4763 NO-JIRA: chore(deps): update konflux references to 5ac9b24 (release-4.14) #4783  
chore(deps): update konflux references to 2c3426a (release-4.14) #4773  
NO-JIRA: chore(deps): update konflux references (release-4.14) #4757  
OCPBUGS-42221 : Make guest cluster components use the correct KAS port #4753 OCPBUGS-38060 : Add HTTP konnectivity proxy to OAuth server #4498 OCPBUGS-38066 : [release-4.14] Use HTTP proxy for ingress controller #4724 NO-JIRA: Security fixes for openshift-ci-security job #4752  
OCPBUGS-42184 : copy image-registry AdditionalTrustedCA configmap into HC openshift-config #4747 OCPBUGS-41506 : fix: bump google.golang.org/protobuf #4687 HOSTEDCP-1957 : bump go-jose version #4698 OCPBUGS-39378 : Set KCM node monitor grace period #4659 chore(deps): update konflux references (release-4.14) #4683  
OCPBUGS-39183 : fix: bump github.com/IBM/go-sdk-core/v5 #4626 NO-JIRA: Add PodDisruptionBudget for router deployment #4692  
NO-JIRA: Revert “Merge pull request #4661 from jparrill/bp-4.14/OCPBUGS-24308” #4667  
NO-JIRA: PDB backports #4661  
NO-JIRA: Konflux migration 4.14 #4648  
OCPBUGS-39230 : set proxy envvars on aws CCM #4638 OCPBUGS-38791 : Let the CPO oidc check resolve through data plane #4617 NO-JIRA: Flaky cert validation test #4633  
HOSTEDCP-1897 : [release-4.14] Allow setting Kube APIServer maximum requests in flight #4553 OCPBUGS-37076 : Fixed audit-logs sigterm failing to terminate gracefully #4369 OCPBUGS-38624 : remove weak ciphers from security profile #4575 OCPBUGS-37173 : Add newline after TLS certs referenced by image.config #4471 OCPBUGS-37172 : OCPBUGS-35899: Doubled machineHealthCheck timeout on Agent and None #4490 OCPBUGS-36944 : [release-4.14] Add HTTP(s) konnectivity proxy and use it with OpenShift APIServer #4360 HOSTEDCP-1795 , HOSTEDCP-1796 : Customize the self-generated cert validity and rotation #4473 OCPBUGS-37175 : Delete IDMS in dataplane once HCP ICS field is removed #4472 NO-JIRA: Konflux mce-2.4 pipeline fixes #4464  
NO-JIRA: [release-4.14] OCPBUGS-36297: kubevirt-csi-driver: Pass infra kubeconfig in case of external infra #4288  
NO-JIRA: [release-4.14] test/e2e: remove api budget checks #4438  
NO-JIRA: chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v1.21.11-2 (release-4.14) - abandoned #4363  
NO-JIRA: Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.21.10-1.1719562237 (release-4.14) - abandoned #4326  
NO-JIRA: Update registry.access.redhat.com/ubi9-minimal Docker tag to v9.4-1134 (release-4.14) - abandoned #4325  
OCPBUGS-36518 : Run haproxy to connect to kas from data plane if noproxy settings contain kas #4315 OCPBUGS-36159 : Generate default worker security group rules based on machineCIDR #4270 OCPBUGS-35549 : Restrict image registry overrides to control plane component #4223 OCPBUGS-35365 : fix router on 4.14 y-stream upgrade #4205 NO-JIRA: chore(deps): update konflux references (release-4.14) #4257  
OCPBUGS-35401 : Fix disconnected metadata inspection for nodepool #4208 OCPBUGS-35482 : Add TrustedBundles to OAS container #4216 OCPBUGS-35290 : [release-4.14] Backport etcd defrag #4189 NO-JIRA: chore(deps): update konflux references (release-4.14) #4248  
OCPBUGS-35183 : add AWS STS URL to OIDC provider audiences #4179 NO-JIRA: hack: make the e2e script generic #4201  
chore(deps): update konflux references to 2be7c9c (release-4.14) #4225  
NO-JIRA: Update Konflux references to 1025001 (release-4.14) #4181  
NO-JIRA: chore(deps): update konflux references (release-4.14) #4168  
OCPBUGS-34856 : [release-4.14] OCPBUGS-34855: Add new permission required in CAPA #4149 NO-JIRA: test/e2e: fix prometheus serviceaccount handling against 4.16+ #4159  
NO-JIRA: chore(deps): update rhtap references (release-4.14) #4112  
NO-JIRA: chore(deps): update rhtap references to 9aec3ae (release-4.14) #4073  
NO-JIRA: Remove CLI inspection of release image #4061  
OCPBUGS-33713 : Reconcile over ICSP/IDMS #4059 NO-JIRA: chore(deps): update rhtap references to 7cd8020 (release-4.14) #4065  
OCPBUGS-33844 : Fix disconnected metadata inspection #4049 OCPBUGS-33843 : Recycler-pod image now points to the OCP Payload reference #4048 NO-JIRA: chore(deps): update rhtap references (release-4.14) #4040  
HOSTEDCP-1480 : Update TLS cert hash creation with sha512 #4025 NO-JIRA:  Update RHTAP references (release-4.14) #3995  
HOSTEDCP-1552 : Update RHTAP tekton files for 0.3 -> 0.4 migration #3958 OCPBUGS-33105 : [release-4.14] remove PrivateIngressController cleanup #3960 OCPBUGS-32471 : Fix ICSP and IDMS inclusion as registriesOverrides #3912 NO-JIRA: chore(deps): update rhtap references (release-4.14) #3920  
OCPBUGS-32221 : Added support for OLM Disable default sources on HC creation #3882 NO-JIRA: chore(deps): update rhtap references (release-4.14) #3903  
NO-JIRA: [4.14] [e2e test framework] Add a flag to add an annotation to Hosted Cluster #3905  
HOSTEDCP-1526 : [release-4.14] Support additional node selectors for request serving nodes #3898 chore(deps): update rhtap references (release-4.14) #3888  
NO-JIRA: Update RHTAP references (release-4.14) #3874  
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3869  
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3858  
NO-JIRA: Update RHTAP references (release-4.14) #3836  
OCPBUGS-31657 : disable http2 for ignition server and proxy #3831 OCPBUGS-31605 : inject built-in MCP selector for KubeletConfigs and ContainerRuntimeConfigs #3826 HOSTEDCP-1322 : NodeUpgradeType defaulted by provider #3822 NO-JIRA: Update RHTAP references (release-4.14) #3813  
OCPBUGS-31417 : honor HC image configuration #3806 OCPBUGS-23914 : Added OLMCatalogPlacement option to the CLI #3229 OCPBUGS-30211 : set Konnectivity cipher suites #3679 chore(deps): update rhtap references (release-4.14) #3792  
OCPBUGS-31048 : [4.15] HCP deletion can get stuck if CPO is unable to delete the default worker security group #3771 HOSTEDCP-1488 : Use regionalized STS endpoints in AWS #3756 NO-JIRA: Update RHTAP references (release-4.14) #3755  
chore(deps): update rhtap references (release-4.14) #3739  
OCPBUGS-30596 : Bump golang.org/x/net to version v0.17.0 #3711 NO-JIRA: chore(deps): update rhtap references (release-4.14) #3706  
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3676  
NO-JIRA: Update RHTAP references (release-4.14) #3672  
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3651  
OCPBUGS-29782 : use 2040 for apiserver svc in IBM provider #3594 ”[release-4.14] OCPBUGS-29259: Fix default release image lookup” #3550  
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3620  
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3625  
OCPBUGS-29094 : Make ControllerAvailabilityPolicy immutable #3534 NO-JIRA: chore(deps): update rhtap references (release-4.14) #3604  
NO-JIRA: Update RHTAP references (release-4.14) #3591  
NO-JIRA: Update RHTAP references (release-4.14) #3519  
NO-JIRA: Approvers update #3580  
MULTIARCH-4084 : Reduce the policy access scope to specific instance #3530 OCPBUGS-29206 : Add GC knobs for KAS #3543 OCPBUGS-29187 : node spread anti-affinity for HA HCP #3541 OCPBUGS-19956 , OCPBUGS-28984 , OCPBUGS-28985 , OCPBUGS-28986 , OCPBUGS-29000 : Support Disconnected HCP #3520 OCPBUGS-29030 : Add ValidatingAdmissionPolicy to KAS config #3524 HOSTEDCP-1272 : Added CLI support to create DualStack clusters using default values #3514 OCPBUGS-28238 : consider HCP upgradeable if CVO has no upgradable condition #3468 OCPBUGS-26526 : Documented to disable UWM telemetry writer in disconnected envs #3389 OCPBUGS-26526 : Disable UWM Telemetry writer when telemeter-client cm not exists #3388 OCPBUGS-27072 : Apply Scheduling Configuration for kCCM #3418 NO-JIRA: Update RHTAP references (release-4.14) #3509  
OCPBUGS-20180 , OCPBUGS-20547 : Added network validations #3096 OCPBUGS-23997 : add watch for HCP pullsecret to HCCO #3265 OCPBUGS-28249 : Required RBAC for network-node-identity is not created when hosted cluster networkType is set to Other. #3485 NO-JIRA: Update RHTAP references (release-4.14) #3447  
OCPBUGS-24315 : Add prestop to konnectiviy server #3268 OCPBUGS-24307 : Set shutdown-delay-duration to 15s #3264 OCPBUGS-21795 : change trusted bundle volume mount for CPO #3102 OCPBUGS-25217 : Konnectivity agent update strategy #3308 OCPBUGS-26574 : Set new condition on SG deletion. #3398 Update RHTAP references (release-4.14) #3402  
Update RHTAP references (release-4.14) #3383  
OCPBUGS-22360 : Validate accessTokenInactivityTimeout >= 300s #3175 OCPBUGS-23936 : Use correct kubeconfig in CCM and remove CCMs access t… #3232 OCPBUGS-12720 : Updating hypershift images to be consistent with ART #2467 OCPBUGS-24627 : unset ServiceAccount on ignition-server-proxy #3295 [Release 4.14] OCPBUGS-24556: Fix a bug on deletion of a hostedcluster #3290  
OCPBUGS-24269 : add CLI oauthclient #3272 OCPBUGS-23569 : Added IPFamilyPolicy to services exposed at the HCP in DualStack mode #3224 HOSTEDCP-1318 : external OIDC enablement #3261 OCPBUGS-23747 : Added brackets to IPv6 KAS address on kubeconfig #3228 OCPBUGS-24063 : fix(cpo): Set restart annotation on network-node-identity #3248 release-4.14, HOSTEDCP-1315:  Improve NodePool CPU arch & platform check #3236  
OCPBUGS-22676 : Make the OLMCatalogPlacement field immutable #3143 OCPBUGS-23558 : Let router use svc ips 4.14 #3221 OCPBUGS-19678 : Remove cluster name validation from HCC #3040 ”[release-4.14] CNV-35326: unsupported escape hatch mechanism custom HS/KV vms” #3202  
OCPBUGS-23027 : Configure HSTS for kube-apiserver #3169 NO-JIRA: chore(deps): update rhtap references (release-4.14) #3085  
OCPBUGS-23142 : adding permission to CNO RBAC Calico path for network-node-identity deploy #3182 OCPBUGS-22295 : Added brackets to the kubeconfig server address when IPv6 #3117 OCPBUGS-22690 : Use the same etcd snapshot for all replicas during etcd restore #3146 OCPBUGS-22959 : Update regex validation for nodepool.spec.taints.value #3165 HOSTEDCP-1280 : Adjustment cluster-cidr,service-cidr to support dualstack #3162 OCPBUGS-22898 : Stop exposing kas on 6443 private route service load balancer #3159 OCPBUGS-22898 : Stop defaulting aws private haproxy external port to 6443 #3160 OCPBUGS-19897 : Add konnectivity-proxy container to CNO #3058 OCPBUGS-22379 : Cluster-policy-controller: add missing RBAC for privileged namespaces PSA syncer controller #3131 OCPBUGS-20526 : Align PSA labels on guest cluster namespaces with standalone OCP #3111 OCPBUGS-21869 : Remove EnsurePSANotPrivileged #3107 OCPBUGS-21822 : Add ign proxy label selector for LabelTopologyZone PodAntiAffinity #3105 OCPBUGS-21587 : change required pod anti-affinity rule to preferred rule #3098 OCPBUGS-19794 : Upgrade Agent APIs to v1beta1 #3059 OCPBUGS-19797 : reconcile Authentication global config #3053 OCPBUGS-19794 : Upgrade agent APIs to v1beta1 #3051 OCPBUGS-20249 : Set KAS config pod security Enforce to privileged #3083 OCPBUGS-20163 : Report correct port when API exposed via route #3078 OCPBUGS-19796 : set accesstoken-inactivity-timeout flag to openshift-oauth-apiserver #3052 Update RHTAP references (release-4.14) #3060  
Migrate deprecated-base-image-check pipeline #3057  
chore(deps): update rhtap references (release-4.14) #2752  
Update kubevirt csi driver deployment with proper timeouts #3046  
OCPBUGS-19463 : set default deploymentconfig params on AWS CCM #3029 ACM-7278 : Remove marking pull secret as required in hcp cli #3023 OCPBUGS-18978 : add KAS endpoints to Except in router egress rule #3010 CNV-31919 : Validate KubeVirt platform required versioning #3026 OCPBUGS-19063 : amend OLM catalogs ImageStream according to annotation #3016 enable CGO_ENABLED for building FIPS compliant images #3006  
OCPBUGS-18828 : tuned DS should not use controlPlaneReleaseImage #3005 Red Hat Trusted App Pipeline update hypershift-release-414 #2639  
HOSTEDCP-1185 : Add flag to create a single NAT gateway #2984 Dump kubevirt external infra clusters #2992  
OCPBUGS-18568 : Use MCO and CCO image references when looking up mappings #2985 HOSTEDCP-591 : Amend OLM catalog IS according to OpenShiftImageRegistryOverrides #2947 e2e: skip CNO pod restart check #2986  
HOSTEDCP-1133 : Signal NodePool rolling upgrade because of platform changes #2973 OCPBUGS-18127 : Enable caching of Unstructured Objects in HO #2988 e2e: run Ensure functions after Main part of test #2983  
OCPBUGS-18127 : Ensure machineTemplate name length respects RFC1123 spec #2975 ACM-6435 : add pausedUntil create cluster option in CLI #2965 OCPBUGS-7840 : Untangle kas port #2964 OCPBUGS-18399 : Preserve mirror order when serializing ICSP to env #2977 OCPBUGS-18336 : make konnectivity routes roundrobin #2971 Use the correct pull secret for HCP KubeVirt components #2919  
Disable nto inplace test for kubevirt #2980  
OCPBUGS-18438 : Properly format IPv6 address when proxying it through Konnectivity #2969 OCPBUGS-18127 : Trigger a rolling upgrade on NodePool .spec.platfrom changes #2956 HOSTEDCP-1156 : Add defaulting webhook to installation and notes #2922 HOSTEDCP-979 : Re-enable nodepool in-place upgrade tests #2960 Add a default value (32Gi) for nodepool in create nodepool kubevirt command #2940  
OCPBUGS-16221 : Adds trust bundle to ignition-server when configured in HC #2819 Avoid creating tar archive if –archive-dump=false #2963  
OCPBUGS-3873 adding rbac for UserOAuthAccessToken #2962  
HOSTEDCP-1178 fix limited support label key #2958  
OCPBUGS-18065 : enable aws-pod-identity-webhook on AWS #2957 OCPBUGS-18308 : Do not use mgmt cluster ICSP to mutate CCO image in KAS pod #2966 OCPBUGS-18266 : fix Progressing condition when ControlPlaneRelease is set #2959 fix(ho): Restore match label selector behavior #2951  
OCPBUGS-18072 : Set emptyDir storage for the image registry only on initial time for None and Kubevirt platform #2895 OCPBUGS-18024 : Set Arch to amd64 for HCP NodePool Create #2941 chore(deps): update rhtap references (main) #2920  
OCPBUGS-16813 : switch konnectivity-server to additional container in KAS pods #2942 Updating hostedcluster controller to stop using deprecated flags #2946  
OCPBUGS-17827 : e2e: remove private-router from NeedManagementKASAccessLabel allowlist #2939 MULTIARCH-3709 : PowerVS - Add reuse resource flags to e2e test #2902 MULTIARCH-3478 : Minor bug fix on PowerVS infra #2451 OCPBUGS-18069 : Ensure load balancers are not exist before declaring load balancers are cleaned up #2887 MULTIARCH-3708 : PowerVS - Fix cluster deletion when existing resources passed #2867 MGMT-15368 : Document scaling down NodePools #2944 OCPBUGS-13348 : Hypershift Audit configuration not working. #2945 TRT-1202 : set SkipReleaseImageValidation annotation properly on e2e clusters #2943 OCPBUGS-17678 : Reconcile cloud credentials configuration to hosted cluster #2937 Add e2e test for etcd member recovery #2930  
OCPBUGS-17827 : remove NeedManagementKASAccessLabel from router pods #2934 OCPBUGS-17985 : Handle empty mirrorImage result for ignition disconnected registry #2935 OCPBUGS-17827 : e2e: refactor checkPodsHaveLabel to be allowlist rather than exact match #2928 OCPBUGS-16813 : do not hardcode ignition-server-proxy replicas #2933 fix(ho): Restore match label selector behavior #2893  
TRT-1202 : add annotation to skip release image validation #2929 OCPBUGS-17812 : Update Etcd health check to mirror standalone etcd #2918 STOR-1443 : Sync 05_operator_role-hypershift.yaml manifest from cluster-csi-snapsht-controller-operator #2915 HOSTEDCP-1065 : CNO deployed hosted-cluster-kubecfg-setup initContainers use CPR image #2917 HOSTEDCP-1001 : Image registryOverride included in the image metadata extraction flow #2909 OCPBUGS-17669 : Validate HostedCluster name against RFC1123 #2914 HOSTEDCP-1075 : Document how to recover single etcd member #2916 HOSTEDCP-1085 : Create a monitoring dashboard per HostedCluster #2907 chore(deps): update rhtap references (main) #2903  
HOSTEDCP-1063 : Account for guest webhook URLs without a port #2898 OCPBUGS-17680 : Remove immutable note from PullSecret #2910 Revert “HOSTEDCP-1001: Image registryOverride included in the image metadata extraction flow” #2908  
OCPBUGS-16076 : Validate HostedCluster name against RFC1123 in CLI #2906 OCPBUGS-15331 , OCPBUGS-16049 : Enable AdvertiseAddress dual stack and IPv6 support and added the changes to be included in the certificates #2779 HOSTEDCP-1081 : Perform etcd recovery when etcd member data is lost #2900 SDN-4057 : Pass ControlPlane image to OVN #2896 test: e2e: remove SingleReplica etcd chaos test #2901  
Allow overriding pod security admission label #2886  
HOSTEDCP-1146 : cpo: use CPO spec container image if it is a sha256 reference #2899 HOSTEDCP-1022 : Set Arch to amd64 #2897 Re-introducing defaulting webhook for self managed HCP #2892  
fix-CNV-30260: KubeVirt: fix failed conformance test #2891  
OCPBUGS-16298 : Prevent the kube-apiserver from connecting to the managment kas #2888 HOSTEDCP-1001 : Image registryOverride included in the image metadata extraction flow #2820 HOSTEDCP-1046 , HOSTEDCP-1102 : Follow-on Items #2847 Revert “[HOSTEDCP-1041] Defaulting webhook for self managed HCP” #2889  
OCPBUGS-17446 : Set advertise-address in HCP etcd to resolvable name #2884 Defaulting webhook for self managed HCP #2864  
STOR-1432 : cso: add envvars for CSI driver controller images #2882 HOSTEDCP-1025 : Add HCP CLI Command to Create a NodePool on AWS #2852 SDN-4042 : Increase upgrade rollout timers #2881 skip olm-collect-profiles in EnsureComponentsHaveNeedManagementKASAccessLabel #2874  
HOSTEDCP-1064 : Add egress policy for private-router #2792 HOSTEDCP-1121 : Ensure SG reconciliation for aws endpoint #2872 chore(deps): update rhtap references #2865  
HOSTEDCP-1065 : add ControlPlaneImage API for provider-side HCP updates #2848 HOSTEDCP-1063 : Disallow webhooks URLs targeting control plane services #2775 OCPBUGS-17374 : Fast specific dockerignore #2879 Kubevirt how-to docs updates #2875  
Fix nodepool upgrade docs link #2880  
OCPBUGS-17171 : Update OLM catalog image tags #2877 HOSTEDCP-1029 : Add HCP CLI Command to Destroy a Cluster on AWS #2853 Add workload management annotation to kubevirt-csi daemonset #2840  
WRKLDS-730 : use default /healthz path for readiness probe in OCM and RCM #2873 Add api and cli validation for kubevirt volume mode #2862  
HOSTEDCP-1079 : RHTAP HO Containerfile #2857 OCPBUGS-16770 : add need-management-kas-access label to olm-collect-profiles pods #2854 MULTIARCH-3684 : PowerVS - Upgrade capi to use v1beta2 APIs #2831 HOSTEDCP-1046 : Add ImageDigestMirrorSet to Config API comment #2868 MULTIARCH-3683 : Add dev flags in destroy cluster powervs command #2764 kubevirt: Reconcile EgressFirewall only for ovn-k #2849  
HOSTEDCP-1046 : Add IDMS to the list of valid config manifests #2837 OCPBUGS-17059 : Add volume mode to kubevirt root volume api #2860 Update RHTAP references (main) #2832  
OCPBUGS-16809 : Configured IgnitionProxy to support IPv4 and IPv6 #2850 OCPBUGS-14163 : Fixed ETCD to work in Ipv6 and Dual stack envs #2846 HOSTEDCP-1112 : Add config to set creation frequency of RHTAP PRs #2838 HOSTEDCP-1020 : Remove name as a persistent flag required field #2836 OCPBUGS-16232 : skip z-stream version check when upgrade is forced #2823 OCPBUGS-16033 : ClusterNetwork’s HostPrefix validation for dual stack #2795 OCPBUGS-14783 : Fix NetworkPolicy to work over IPv4 and IPv6 #2704 Revert “HOSTEDCP-710: Make ImageContentSource immutable” #2829  
Update RHTAP references (main) #2814  
HOSTEDCP-1062 : Make CAPI pod selector backward compatible #2825 HOSTEDCP-1093 : Add default flags to HCP create cluster CLI cmd #2802 Revert “HOSTEDCP-1094: e2e autoscaler balancing similar node groups” #2828  
HOSTEDCP-1090 : Use statically configured haproxy for router #2778 HOSTEDCP-1046 : Allow HCP Specification to Support ICSP & IDMS #2720 HOSTEDCP-710 : Make ImageContentSource immutable #2815 OCPBUGS-11835 : Add missing probes to two services #2430 HOSTEDCP-1094 : e2e autoscaler balancing similar node groups #2808 OCPBUGS-16113 : unshare ignition-server reconciliation between HO and CPO #2817 OCPBUGS-11939 : Fix additional issues with OCPBUGS-11939 #2804 OCPBUGS-16135 : fix deletion bug when hostedzone is already deleted #2811 OCPBUGS-14862 Improve clarity around hypershift operator permissions #2782  
HOSTEDCP-1062 : Management kas policy #2796 Revert “HOSTEDCP-1062: Add management cluster KAS network policy” #2793  
HOSTEDCP-1020 : Add pullSecret & NodePool replica flags to HCP CLI #2774 HOSTEDCP-1101 : Add snyk-secret HO RHTAP scripts #2788 OCPBUGS-15991 : use ignition-proxy Service to populate ignitionEndpoint with strategy NodePort #2787 OCPBUGS-15769 : Include hypershift specific labels to be ignored by similar autoscaler groups #2784 Add management cluster KAS network policy #2717  
HOSTEDCP-1019 : Add create cluster for Agent for HCP CLI #2754 CNV-30407 : KubeVirt Platform: Support NetworkInterfaceMultiQueue #2760 HOSTEDCP-1030 : Add destroy cluster for Agent for HCP CLI #2756 OCPBUGS-15594 : Get valid arch image for cluster-config-operator #2753 kubevirt: Annotate VMs to be live migratable #2772  
Revert “Merge pull request #2770 from dharaneeshvrd/upgrade-capi-ibmcloud #2776  
MULTIARCH-3684 : PowerVS - Upgrade capi to use v1beta2 APIs #2770 OCPBUGS-14862 : Reject VPCE Connections during VPCE Service cleanup #2700 Update RHTAP references #2768  
HOSTEDCP-1023 : Add create NodePool for Agent for HCP CLI #2755 HOSTEDCP-1061 : Implement dedicated request serving nodes for HostedClusters #2722 OCPBUGS-15769 : Set –balance-similar-node-groups for autoscaler #2769 Leader election config update. #2282  
OCPBUGS-15723 : Let getMachinesForNodePool return machines ordered by creation Timestamp #2766 Fix KAS HealthCheck for non DNS-Based ingress points in LB service #2765  
Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible #2741  
Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible in /hack/tools #2740  
Bump google.golang.org/protobuf from 1.29.0 to 1.29.1 in /hack/tools #2737  
OCPBUGS-12208 ensureExists pullSecret resource reconciliation strategy #2732  
Bump github.com/coreos/ignition/v2 from 2.10.1 to 2.14.0 #2739  
Bump github.com/docker/docker from 23.0.1+incompatible to 23.0.3+incompatible in /hack/tools #2738  
Remove hardcoded AWS CI References #2742  
TRT-1118 : Remove DisableStrictZoneCheck from AWS CCM config #2757 Update RHTAP references #2750  
add OWNERS for new ci-tooling area label #2743  
Add production cli (hcp) to dockerfile #2747  
feat: Enable priority class override #2661  
test/e2e: retry configmap create in etcd chaos tests #2746  
OCPBUGS-14578 : Set allocate-node-cidrs to false in the cluster-kube-controller-manager #2731 Revert “HOSTEDCP-1016: Validate publishing strategies” #2733  
HOSTEDCP-1027 : Add Create kubeconfig for HCP CLI #2719 HOSTEDCP-1016 : Validate publishing strategies #2651 KubeVirt Platform documentation for Advanced Storage Configurations and External Infrastructure #2712  
Follow up to PR comments on #2642 #2690  
HOSTEDCP-1067 : Add dependabot dependency management #2708 HOSTEDCP-1073 : enforce blocked rollout of HCP #2726 Revert “HOSTEDCP-967: [Re-revert] Disable v1alpha1 and conversion webhook by default” #2705  
Remove –service-publishing-strategy from production cli #2721  
HOSTEDCP-1024 : Add Create NodePool for KubeVirt for HCP CLI #2718 HOSTEDCP-1032 : e2e: ensure default PSA policy is not privileged #2714 HOSTEDCP-1031 : Add Destroy Cluster Cmd for KubeVirt for HCP CLI #2673 Expose annotation to allow release image overrides #2595  
HOSTEDCP-1060 : add ignition-server proxy #2668 OCPBUGS-14637 : Check OwningIngressController also in Labels #2706 HOSTEDCP-1020 : Add Create Cluster for KubeVirt for HCP CLI #2672 properly handle user CA bundle not existing #2703  
OCPBUGS-15168 : fix(oauth): Do not proxy IBM Cloud IAM endpoints #2699 OCPBUGS-14859 : Skip AWS resource deletion for ‘Unknown’ OIDC state #2691 Whitelist access from virt-launchers to NodeIP if NodePort ServicePublishingStrategy is used #2688  
OCPBUGS-13829 : cpo: oauth: honor AccessTokenInactivityTimeout #2693 Update NodePool docs to include data propagation #2687  
HOSTEDCP-1008 : Add NodePoolTransitionSeconds metric #2631 HOSTEDCP-967 : [Re-revert] Disable v1alpha1 and conversion webhook by default #2685 Make NodePool arch input immutable #2689  
Update autocaler RBAC to accomodate machinepools support added upstream #2663  
Enforce Immutability of some KubeVirt Platform Values #2654  
CNV-24818 : Add fsGroup support to kubevirt-csi-driver #2563 Let payload provider render feature gate yaml #2664  
OCPBUGS-14633 : Check for OPENSHIFT_IMG_OVERRIDES before using #2660 HOSTEDCP-965 : Add impersonate feature to the CLI and document HC dump procedure #2653 OCPBUGS-11882 : Annotate HCP pods with the safe-to-evict-local-volume CA annotation #2647 Update RHTAP references #2657  
Disable nodepool replace upgrade test #2665  
OCPBUGS-14784 : Honor global ingress configuration LoadBalancer type on AWS #2669 OCPBUGS-14620 : Set DisableStrictZoneCheck = true in the AWS Cloud Provider config #2659 HOSTEDCP-992 : refactor ignition-server reconcilation #2662 Minor fix in KAS LB HealthCheck #2656  
HOSTEDCP-1036 : Create Makefile path to create productized CLI #2633 Extend np test timeout for KubeVirt platform #2655  
HOSTEDCP-1003 : Set AWS conditions only for AWS platform #2604 Remove alsologtostderr flag form CAP* #2648  
OCPBUGS-14575 : Check for IDMS only if mgmt cluster has req API #2650 Network isolation of VirtualMachines for KubeVirt provider #2622  
OCPBUGS-14428 : remove OLM alerts from the HCCO #2636 KubeVirt Openstack image annotation override #2629  
Red Hat Trusted App Pipeline update hypershift-operator-main #2638  
Red Hat Trusted App Pipeline purge hypershift-azjx #2635  
cli: Add release-stream flag #2644  
OCPBUGS-13547 : Pass payload-version to MCS and MCC #2643 KubeVirt: Handle deletion of the cache DV on an edge case #2620  
OCPBUGS-14087 : Enable HCCO to reconcile over the OperatorHub’s disableAllDefaultSources object #2632 HOSTEDCP-1009 : Allow external-dns image to be set in install cli #2623 Ensure FeatureGate is copied from cluster to MCO render source #2581  
OCPBUGS-12972 : Use different ports for MCS in the ignition provider #2628 hypershift dump: use random local port for kas port-forwarding #2625  
OCPBUGS-11939 : Initialize RegistryOverrides w/ mgmt cluster ICSP #2437 Revert “Merge pull request #2596 from muraee/disable-valpha1” #2627  
Add ‘Creating Arm NodePools Through the API’ Section #2587  
HOSTEDCP-967 : Disable v1alpha1 and conversion webhook by default #2596 OCPBUGS-13113 : Add ClusterUpgradeDuration metric #2566 chore(deps): update rhtap references #2612  
OCPBU-609 : agent infrastructure docs #2618 OCPBUGS-14169 : Remove external-dns –events flag #2616 OCPBUGS-13970 : Reconcile oauthDeployment annotations even if kubeadmin secret is not found #2593 cmd: infra: aws: retry on AuthorizeSecurityGroup failure #2605  
Fix dump for Kubevirt #2589  
Kubevirt CSI StorageClass mapping API #2528  
Remove Arm e2e test #2591  
HOSTEDCP-947 : Set ETCD Storage Size as immutable field and equalised the default size among both api versions #2588 OCPBUGS-13735 : Fixed revoking some permissions to CAPI Manager Clusterrole #2586 HOSTEDCP-445 : Add script to migrate hosted control plane #2598 Use newly introduced KubeVirt Platform rhcos Image #2576  
OCPBUGS-13168 : Include default ingress CA in root CA bundle #2584 HOSTEDCP-975 : Add new grafana panels for nodepools SLOs #2592 HOSTEDCP-926 : Send metric when HO/CPO decide to skip cloud resource deletion #2531 Update RHTAP references #2420  
OCPBUGS-13897 : Use cluster-config-operator to render featuregate status on KAS bootstrap #2585 HOSTEDCP-975 : Add cluster_name label to nodepools metrics #2580 Fix broken tests for non-aws platforms #2577  
Updated secret permissions for openshift-route-controller-manager #2575  
HOSTEDCP-987 : Update go version and dependencies in /hack/tools/go.mod #2551 remove flags set by CI env var #2521  
HOSTEDCP-975 : Add NodePool DeletionDuration and InitialRolloutDuration metrics #2558 ARMOCP-412 : Add ARM nodepool to AWS x86 Hosted Cluster #1594 OCPBUGS-11939 : Fix minor codebase nits #2502 control-plane-operator/controllers/hostedcontrolplane: Align reconcileCloudControllerManager error strings #2500  
HOSTEDCP-960 : Add e2e to validate HC/NP conditions expected status #2482 HOSTEDCP-830 : Update auto scaler role to get and list agentmachinetemplates #2564 HOSTEDCP-445 : Included how to fix image-registry clusteroperator after a disaster recovery migration #2481 OCPBUGS-13547 : Pass release image version to MCO bootstrap via –payload-version #2572 Cache KubeVirt Boot Image #1918  
contrib: ci: increase HC quota in clusters namespace #2547  
HOSTEDCP-996 : CLI: enable guest cluster dump for private clusters #2571 MULTIARCH-3205 : Support IBM COS as storage for PowerVS in image registry operator #2207 fix nil deref in DefaultWorkerSecurityGroupID check #2573  
remove unused OLM catalog rollout code #2568  
OCPBUGS-13034 : Cluster-api SA can’t create events #2565 ACM-4277 : docs: Add L2Advertisement CR to the Handling Ingress section in the agent docs #2470 HOSTEDCP-947 : Increases default etcd PV size to 8Gi #2549 Add a new e2e option for the ETCD storage class #2560  
Red Hat Trusted App Pipeline update hypershift-azjx #2555  
HOSTEDCP-975 : Revised nodePoolSize metric and added AvailableReplicasMetric #2532 OCPBUGS-11383 : Sync proxy TrustedCA to guest cluster #2550 Removed unused KMS permissions for nodePool role #2456  
Lock down kubevirt csi storageclass mappings #2534  
OCPBUGS-13021 : Add internal/external elb tags to subnets #2541 HOSTEDCP-918 : Add validation for NodePool security Group condition when using default SG #2498 HOSTEDCP-981 : Minor updates to Getting Started & Contribute pages #2527 OCPBUGS-13111 : Fix errors from HCP controller removeServiceCAAnnotationAndSecret() #2513 Stop triggering rollout on labels/taint change #2533  
Validate HO private platform input #2536  
OCPBUGS-13021 : Health check load balancers only on public clusters #2535 OCPBUGS-13309 : set FeatureGate global config #2543 Add audit-log-maxbackup setting for openshift-api-server #2509  
OCPBUGS-11894 : Let the aws endpoint to use the hypershift owned SG #2475 HOSTEDCP-980 : Include HostedClusterDegraded in hypershift_hostedclusters_failure_conditions metric #2523 HOSTEDCP-788 : Configurable SRE MetricsSet #2505 OCPBUGS-13112 : Add timeout to KAS health check client #2522 HOSTEDCP-978 : Bump openshift/api version and fixed KCM flags (k8s 1.27) #2519 OCPBUGS-7841 : Account for expectedState == false when capturing hostedClustersWithFailureCondition #2507 OCPBUGS-11719 : Ensure ingress controllers are removed before load balancers #2444 Fixed assignment to entry in nil map #2508  
Add new –featuregate-manifest to /usr/bin/cluster-config-operator render #2506  
ACM-5116 : Increase KubeVirt default Mem and Root Volume Sizes #2471 HOSTEDCP-937 : New metric to expose Hypershift operator info #2443 HOSTEDCP-969 : Consolidate labels for metrics #2494 HOSTEDCP-969 : Move proxy, silence alerts and limited support metrics into HC controller #2489 HOSTEDCP-969 : Only track available metric once #2479 OCPBUGS-11738 : Delete kubeadmin secret when an idp is defined #2452 Add PollImmediate for e2e metrics to avoid race with prom scrape interval #2483  
HOSTEDCP-969 : Move HC creation metrics #2477 OCPBUGS-12153 : fix(hcco): Get OLM CatalogSource images from defined map #2454 HOSTEDCP-917 : Add publicAndPrivate <-> Private e2e test #2383 add hyperv1.SilenceClusterAlertsLabel to HostedCluster on deletion #2476  
HOSTEDCP-969 : Move guest cluster resource deletion metric #2463 OCPBUGS-11450 : Pass OPENSHIFT_RELEASE_IMAGE env variable to CNO #2384 HOSTEDCP-972 : Add pre-commit command to Make file #2465 HOSTEDCP-969 : Move cluster deletion duration metric into controller #2459 Fix kubevirt csi daemonset reconcile loop #2466  
Fixes loop between HC controller and pod security label syncer #2460  
docs: update OIDC bucket create with bucket policy #2461  
OCPBUGS-11946 : Add new OCP 4.13 storage admission plugin #2445 OCPBUGS-11773 : remove ACL for aws bucket #2423 OCPBUGS-7841 : Set metrics to 0 when needed to keep time series honest #2440 OCPBUGS-11930 : Clean up existing VPC endpoint connections #2438 Revert “Add validation for default Security Group conditions during N… #2453  
HOSTEDCP-918 : Add validation for default Security Group conditions during NodePool upgrade test #2342 OCPBUGS-11649 : Always requeue AWSEndpointService controllers #2424 Add IBMers as reviewers #2436  
e2e: Cleanup shared OIDC provider on SIGTERM #2435  
HOSTEDCP-950 : Fix haproxy image name in ignition server #2441 OCPBUGS-7091 : Restart kube-scheduler when its configuration changes #2421 OCPBUGS-11749 : Add pod security labels to hcp namespace #2415 HOSTEDCP-950 : Validate release payload images #2368 kubevirt: Block metadata server egress #2399  
Bring latest MCO API #2434  
Relax MCO API strict decoding #2433  
docs: update OIDC s3 bucket creation procedure #2425  
json export for a common grafana dashboard for SLOs #2422  
Enable monitoring for hypershift namespace #2419  
MULTIARCH-3449 : set priority class for cloud controller manager pod for PowerVS #2390 Fixes HCCO reconcile error for kubevirt csi driver #2259  
Add monitoring label to HCP namespace #2393  
Update tekton references #2308  
add OWNERS for new area labels #2414  
fix typo #2411  
HOSTEDCP-807 : Requeue HCP always #2408 OCPBUGS-11640 : Update HostedCluster oauthCallbackURLTemplate #2400 e2e: Fixed idp test conflict error on HosterCluster update #2389  
dump: Store guest worker node logs and increase kubevirt logs verbosity #2317  
HOSTEDCP-568 : Update Konnectiviy socks5 proxy for IBM exception #2366 OCPBUGS-11442 : properly reconcile with user specified changes for in proxy configuration #2382 Updated kubevirt docs #2318  
OCPBUGS-11439 : allow z-stream upgrade even if CVO Upgradeable is false #2381 HOSTEDCP-954 : Remove ec2:ReleaseAddress #2379 HOSTEDCP-802 : add cli flag to enable upgrade type #2367 e2e: Fix oauth idp e2e test #2377  
HOSTEDCP-951 : Let install apply to aggregate errors #2372 Revert “Create a second scheme that always registers prometheusoperatorv1 GVKs” #2374  
HOSTEDCP-807 : Check KAS loadbalancer health #2264 e2e: fix for non-AWS platform #2360  
HOSTEDCP-445 : Fix the storage ClusterOperator during a DR migration #2358 HOSTEDCP-850 : Fix nodepool autoscaler logic #2354 support/releaseinfo/pod_provider: Drop unused legacy PodProvider #2341  
Fix nodepool upgrade e2e test #2359  
HOSTEDCP-806 : Fix ValidAWSKMSConfig condition #2322 HOSTEDCP-939 : Setup shared OIDC provider for e2e clusters #2335 OCPBUGS-10227 : Preserve false status of ValidAWSIdentityProvider condition #2344 ACM-4615 get pull secret instead of dockerconfigjson from mce credentials #2338  
Slo alerts #2049  
HOSTEDCP-943 : Add hypershift_hosted_cluster_transition_seconds histogram #2348 HOSTEDCP-944 : Add more expectedHCConditionStates metrics #2347 OCPBUGS-10227 : Create new EC2 client for AWS identity provider health check #2346 OCPBUGS-10823 ensure well known public domains do not get proxied on image imports #2321  
SDA-8609 : No more specifying the scrape interval at servicemonitors & podmonitors level #2327 OCPBUGS-10807 : Pass runAsUser to CNO so it can run its managed services with proper security context #2319 Appstudio update hypershift-azjx #2332  
Revert “cpo: cno: follow image name change in release payload” #2345  
support/supportedversion: Include the problematic version strings in error messages #2334  
OCPBUGS-10864 : fix external APIServer address selection based on endpointAccess #2328 OCPBUGS-8073 : Do not proxy when guest cluster resolution fails #2261 MULTIARCH-3028 : handle PowerVS instance which goes to failed state during infra create and destroy process. #2088 HOSTEDCP-938 : Added PSA default profile to RunTimeDefault in operator deployment #2333 HOSTEDCP-934 : Validate PublishingStrategyMapping #2324 OCPBUGS-7091 : Honor scheduler profile in HostedCluster configuration #2330 HOSTEDCP-736 : Docs on how we handle aws permissions #2311 Add support for external infra clusters in KubeVirt platform #2017  
Create a second scheme that always registers prometheusoperatorv1 GVKs #2292  
OCPBUGS-10504 : Deletion of the VPCEnpoint on conflicting service names #2290 HOSTEDCP-801 : Expose external DNS for private cluster endpoints #2286 HOSTEDCP-903 : Propagate AWSEndpointService conditions #2278 Appstudio update hypershift-azjx #2287  
OCPBUGS-8691 : Add storage operators perms. to watch HostedControlPlane #2301 OCPBUGS-10423 : Add validation for taint.value in nodePool #2298 HOSTEDCP-839 : Audit log sidecars for openshift-apiserver and openshift-oauth-apiserver #2232 Route to kubevirt VMs using infra id as service label selector #2092  
Force controleplane upgrade always #2288  
HOSTEDCP-900 : Modified AWSPrivateLinkController and AWSEndpointServiceController to respect PausedUntil spec field #2265 HOSTEDCP-919 : Clean up and API doc #2280 HOSTEDCP-688 : E2E Test NodePool Upgrade #2256 HOSTEDCP-445 : Documented the possible issues found during a HostedCluster migration #2276 OCPBUGS-10227 : Ensure identity provider health check condition is persisted and remove awsendpoint control plane finalizer if invalid aws creds #2281 OCPBUGS-8040 : Switch NTO metrics auth to certs generated by HCP controller #2050 OCPBUGS-8381 : Use appropriate serving certificate for OAuth #2279 HOSTEDCP-501 : Added detailed documentation about Hypershift release process #2272 HOSTEDCP-919 : Add AWS cloud controller manager #2271 Update PowerVS prereq doc with install and authorization details #2172  
Remove webhook validation #2217  
HOSTEDCP-809 : Clone CA key/cert to TLS key/cert #2246 Refactor e2e nodepool tests #2228  
Update HCP version in capi cluster ref #2119  
Validate etcd KMS config #2174  
OCPBUGS-8421 : fix API documentation for audit webhook field #2258 Add a debug section to the Node Tuning docs #2254  
Destroy cloud resources by default #2224  
Add e2e test for identity providers #2166  
HOSTEDCP-638 : Add latest ocp supported info to -v command for cli and operator #2233 OCPBUGS-8231 : Fix cleanup of volumes on cluster deletion #2243 fix(cpo): Delete multus validatingwebhookconfiguration on CNO init #2231  
add pull-secret to imagePullSecrets for NTO, CNO, and olm-collect-profiles #2248  
Update images and hypershift operator to 4.14 #2249  
And 5 elided commits (e.g. from squash or rebase merges) 
Full changelog  
OCPBUGS-59791 : [IBM VPC] set offlineExpansion to false in e2e test manifest #151 OCPBUGS-36071 : CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 #122 OCPBUGS-25657 : Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #104 OCPBUGS-23078 : CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #91 OCPBUGS-21339 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #81 OCPBUGS-18105 : [IBM VPC] failed provisioning volume in proxy cluster #74 OCPBUGS-16654 : Revert revert “STOR-1065: Rename node-driver-registrar… #69 OCPBUGS-16571 : Bump library-go to remove dependency on goproxy #71 OCPBUGS-16783 : Chore: Update OWNERS #70 Revert “STOR-1065: Rename node-driver-registrar RBAC and Rework sidecar bindings to bind common ClusterRoles” #68  
STOR-1065 : Rename node-driver-registrar RBAC and Rework sidecar bindings to bind common ClusterRoles #64 OCPBUGS-14824 : Bump ibm-vpc-block-csi-driver-operator library-go #65 OCPBUGS-12614 , STOR-1168 : Bump common libraries #57 Updating ose-ibm-vpc-block-csi-driver-operator images to be consistent with ART #56  
Updating ose-ibm-vpc-block-csi-driver-operator images to be consistent with ART #55  
Updating ose-ibm-vpc-block-csi-driver-operator images to be consistent with ART #54  
OCPBUGS-8683 : Add management workloads annotations #53 Updating ose-ibm-vpc-block-csi-driver-operator images to be consistent with ART #52  
Full changelog  
OCPBUGS-56065 : tech debt: rework vendor patches #50 OCPBUGS-53539 : bump github.com/golang-jwt/jwt/v4 to v4.5.2 #46 OCPBUGS-36011 : CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 #42 OCPBUGS-21451 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #27 OCPBUGS-12510 : UPSTREAM: 20: Bump (golang.org/x/net): to address CVE-2022-41723 #23 Updating ibm-vpc-node-label-updater images to be consistent with ART #22  
Updating ibm-vpc-node-label-updater images to be consistent with ART #21  
Updating ibm-vpc-node-label-updater images to be consistent with ART #20  
Updating ibm-vpc-node-label-updater images to be consistent with ART #19  
Full changelog  
Update documentation #783  
update DVO metrics example in the sample archive #777  
OCPBUGS-14270 : Revert “Implement periodic gathering as a job in tech … #785 And 67 elided commits (e.g. from squash or rebase merges) 
Full changelog  
Binary should be compiled on rhel9 #89  
Updating ironic-rhcos-downloader images to be consistent with ART #88  
Updating ironic-rhcos-downloader images to be consistent with ART #87  
Updating ironic-rhcos-downloader images to be consistent with ART #86  
Updating ironic-rhcos-downloader images to be consistent with ART #85  
Full changelog  
OCPBUGS-30414 : update unit tests in egress/dns-proxy #173 OCPBUGS-10176 : 15143307: Updating openshift-enterprise-keepalived-ipfailover images to be consistent with ART #132 OCPBUGS-10163 : Updating openshift-enterprise-egress-router images to be consistent with ART #131 OCPBUGS-10181 : 15143312: Updating openshift-enterprise-egress-dns-proxy images to be consistent with ART #133 NE-1304 : container builds: switch to haproxy26 package #141 OCPBUGS-11385 : Removed chroot setting #137 egress: update owners #139  
OCPBUGS-11595 : Revert “[NE-1267] container builds: switch to haproxy26 package” #138 egress/dns-proxy/Dockerfile: switch to haproxy26 package #136  
OCPBUGS-10003 : Revert “bump RHEL8 egress-dns-proxy image to haproxy26” #134 Updating ose-egress-http-proxy images to be consistent with ART #130  
Updating openshift-enterprise-base-rhel9 images to be consistent with ART #129  
Updating openshift-enterprise-base images to be consistent with ART #128  
Full changelog  
NO-JIRA: Add DOWNSTREAM_OWNERS (release 4-14). #229  
bump(*): vendor bump to sync with kubernetes fork #198  
OCPBUGS-10153 : Updating ose-kube-storage-version-migrator images to be consistent with ART #194 Full changelog  
OCPBUGS-23866 : deps,  bump opentelemetry #38 OCPBUGS-21174 : Bump golang.org/x/net to v0.18.0 #37 OCPBUGS-30861 : Bump golang.org/x/net to v0.18.0 #36 OCPBUGS-19020 : Auto sync upstream 2023 09 15 20 36 #26 Auto sync upstream 2023 05 15 20 44 #22  
Updating ose-kubevirt-cloud-controller-manager images to be consistent with ART #21  
Updating ose-kubevirt-cloud-controller-manager images to be consistent with ART #20  
Updating ose-kubevirt-cloud-controller-manager images to be consistent with ART #19  
Updating ose-kubevirt-cloud-controller-manager images to be consistent with ART #18  
Full changelog  
OCPBUGS-19926 : [release-4.14] Don’t force use of virtio console #269 OCPBUGS-18338 : Fix CI by running tests natively by default #261 Updating ose-libvirt-machine-controllers images to be consistent with ART #259  
Updating ose-libvirt-machine-controllers images to be consistent with ART #258  
Updating ose-libvirt-machine-controllers images to be consistent with ART #257  
Updating ose-libvirt-machine-controllers images to be consistent with ART #254  
Remove myself (frobware) from OWNERS #253  
refactor: replace github.com/ghodss/yaml with sigs.k8s.io/yaml #252  
Full changelog  
OCPBUGS-57341 : Do not enable on-prem-resolv-prepender.path for UPI #5114 OCPBUGS-43743 : Soften haproxy timeout for kubeapi probe #4664 OCPBUGS-54228 : Update ObservedGeneration in KubeletConfig #4950 OCPBUGS-50631 : Add clarification to invalid maxUnavailable alert #4848 OCPBUGS-48801 : Wait for all subcontrollers #4808 OCPBUGS-46057 : Remove trailing periods from AWS provided hostnames #4747 OCPBUGS-45271 : Post upgrading from 4.14 to 4.15.36, the observedGeneration count increased tremendously #4725 OCPBUGS-42111 : Do not use ‘restart’ for ‘oneshot’ service #4622 MCO-1278 : Backport Telemetry to 4.14 #4672 OCPBUGS-43981 : Panic seen in CI job for MCC pod #4671 OCPBUGS-43980 : MCPs report wrong number of nodes when we move nodes from one custom MCP to another custom MCP #4673 OCPBUGS-37552 : On-Prem resolv prepender to watch for NM changes #4500 OCPBUGS-35322 : Decrease logs of haproxy #4405 OCPBUGS-32258 : Log network service output to console #4320 OCPBUGS-38371 : Revert “MCD-pull: run after network-online.target in Azure” #4526 OCPBUGS-37769 : Move StartLimitIntervalSec to Unit section #4521 OCPBUGS-30794 : Mount /run/nodeip-configuration into coredns containers #4253 OCPBUGS-37483 : Remove weights from ingress check script #4485 OCPBUGS-37738 : Openshift uncordoned compute-node that was intentionally cordoned #4502 OCPBUGS-36915 : Use NM’s dns-change event for resolv.conf #4473 OCPBUGS-37223 : Copy RHEL9 binaries used in HCP #4479 OCPBUGS-36776 : daemon: Handle correctly OS Version for 4.1 and 4.2 bootimages #4463 OCPBUGS-36593 : MCD-pull: run after network-online.target in Azure #4456 OCPBUGS-36356 : daemon/update: disable systemd unit before overwriting #4447 OCPBUGS-32472 : Delete state files on reboot only #4331 OCPBUGS-33590 : ovs-configure: fix vlan_parent calculation #4361 OCPBUGS-34716 : If multiple hostnames are returned, use the first one for the Node name #4385 OCPBUGS-17658 : Controller pod is spamming unknown field “spec.dns.spec.platform” message #4383 OCPBUGS-33643 : Don’t error if the certs.d dir doesn’t exist yet #4362 OCPBUGS-32341 : Remove the condition for checking the multiple ovs-if-br-ex profiles #4325 OCPBUGS-27030 : Log network service output to console #4114 : OCPBUGS-31731: kubelet: restorecon necessary files on kubelet’s prestart #4307  
OCPBUGS-32260 : fix: resources were in the wrong indentation level #4322 OCPBUGS-27108 : Add \n in cert_writer for old cert methods and skip cloudCA validation #4117 OCPBUGS-31487 : Prevent OVS-configuration to run before kdump #4291 OCPBUGS-29400 : Run resolv-prepender entirely async #4182 OCPBUGS-31681 : make verify should use MCO’s kube version #4305 OCPBUGS-30992 : add preferredduringscheduling annotation to kube-rbac-proxy-crio #4266 OCPBUGS-30872 : add static pods for rbacproxy #4258 OCPBUGS-30107 : annotate on-prem static pods for workload partitioning #4230 OCPBUGS-30225 : set nodeStatusReportFrequency #4242 OCPBUGS-29290 : AWS: Always persist the existing node name on 4.14 #4215 OCPBUGS-20039 : Add v6-primary dual stack support to VSphere UPI #3956 OCPBUGS-29457 : Add existing kubeletconfig/ctrcfg mc-name-suffix annotation #4187 OCPBUGS-26072 : Fix bootstrap with NTO Operator and duplicate MachineConfigs #4098 OCPBUGS-28379 : fix nodeStatusUpdateFrequency #4149 OCPBUGS-28384 : daemon: allow the user to override drains on IR changes #4150 OCPBUGS-27759 : Add Image Credential Provider flags for Kubelet on AWS #4144 [OCP 4.14] OCPBUGS-24660: daemon: Add support for new nmstate logic #4066  
OCPBUGS-27178 : use *resource.Quantity to not automatically set 0 #4121 OCPBUGS-23089 : Don’t retry node-ip show in resolv-prepender #4022 OCPBUGS-27362 : Fix typo in AWS node env unit #4131 OCPBUGS-26500 : crio: drop automatic image cleanup on upgrades #4105 OCPBUGS-26559 : Azure Run ovs-configuration.service before dnsmasq.service #4109 OCPBUGS-26551 : kubelet: fix kubelet labels #4107 OCPBUGS-24596 : [release-4.14] execute cert related processes to ensure proper rotation #4063 OCPBUGS-24397 : gcp-routes: don’t exit on crictl failures #4056 OCPBUGS-20554 : Ensure gcp-routes hack for internalLB hairpin traffic works for SGW #3973 OCPBUGS-23474 : Use shorter IP label for keepalived VIP #4041 OCPBUGS-23208 : workaround nmstate bug by configuring ipv{4,6} addresses #4031 OCPBUGS-22275 : support icsp and idms objects #3995 OCPBUGS-22391 : Require a hostname override for AWS #4001 OCPBUGS-20418 : Introduce kubelet-dependencies.target and firstboot-osupdate.target #3967 OCPBUGS-20051 : Support to append the duplicate kernel arguments to the rendered MC #3957 OCPBUGS-21065 : Update library-go and k8s dependencies to latest version #3994 OCPBUGS-20025 : Consider ingress VIPs when selecting node IP #3951 OCPBUGS-21841 : CRI-O: Use 127.0.0.1 for stream server with random port #3984 OCPBUGS-20358 : dashboard should detect unknown and not ready for not ready dashboard #3966 OCPBUGS-19657 : After dual-stack conversion reconcile IPFamilies #3934 OCPBUGS-19430 : [release-4.14] resolv-prepender: avoid pulling baremetalRuntimeCfgImage again if it … #3925 OCPBUGS-19703 : Internal Registry Secrets merge causing excessive API calls #3941 OCPBUGS-19662 : fix merged image registry CA behavior #3937 OCPBUGS-19701 : Remove dependency on k8s.io/kubernetes packages #3940 OCPBUGS-19344 : Ignore invoking nbctl calls if its SDN #3928 OCPBUGS-19535 : daemon: always use podman cp to copy extensions container content #3932 OCPBUGS-19357 : install: Recreate and delayed default ServiceAccount deletion #3920 OCPBUGS-9972 : Fix azure routes hack for ovnk pods towards internalLB on master nodes in SGW mode #3878 OCPBUGS-18442 : MCO is degraded if not install image registry operator #3901 OCPBUGS-18097 : ensure cconfig is not updated too frequently #3891 OCPBUGS-18086 : Quiet controller noisiness #3886 OCPBUGS-16035 : daemon: create /etc/systemd/network directory on node #3883 Revert “fix nodeStatusUpdateFrequency” #3887  
OCPBUGS-17787 : Fix sysctl breaking dots in paths #3870 OCPBUGS-16733 : on-prem: run resolv-prepender on NM reapply event #3827 OCPBUGS-15583 : fix nodeStatusUpdateFrequency #3784 OCPBUGS-17810 : temporarily remove cert observability fields, add storageversionmigration for machineconfigpools,controllerconfig #3866 OCPBUGS-11832 : SSHkeys fails to write on upgrade to 4.13.rc3 #3810 MCO-564 : Make MCD aware of on-cluster builds #3848 MCO 566: MCO 662 Wire up productionalized BuildController in Machine OS Builder binary and choosing backend image builder #3861  
MCO-605 : MCO-550: Remove Certificates from MachineConfig #3787 MCO-573 : Wire up security/trust/pull secrets between rpm-ostree and internal registry #3806 OCPBUGS-17701 : daemon: igmore mounting MCD pod content when target is “/” #3860 mcs: Use certwatcher #3744  
MCO-729 : BuildController should allow cluster admins to provide a custom Dockerfile #3847 MCO-564 : Make NodeController aware of BuildController #3817 OCPBUGS-17568 : Agent-based install process the container machine-config-controller will be oom #3862 OPNET-343 : Restore node-ip for kubelet in dual-stack vSphere #3859 OCPBUGS-17683 replace .. with : on registry CA file paths #3854  
operator: remove metrics related log #3855  
MCO-565 : MCO-568: MCO-659: MCO-660 On-cluster build opt-in function, building machine-os-builder stub, RBAC and service acct inclusions. Deletes deployment rather than scale down to 0 without label #3834 MCO-588 : Update ignition spec to 3.4, disallow ignition KernelArguments for now #3814 OCPBUGS-17433 : Sync featuregate controller during the node config controller sync #3846 OCPBUGS-8938 : OCPBUGS-15202: MCO-555: kube-rbac-proxy addition #3663 MCO-654 : forcefile should always trigger an OS update #3790 OCPBUGS-14945 : add HostToContainer propagation to all hostPath volume mounts #3792 MCO-532 : Finish lease type migration #3842 OCPBUGS-13825 : The machine-config-controller pod restart in SNO+1 causing daemonsets to restart #3838 OCPBUGS-14965 : Run hostnamectl with systemd-run #3746 install: Fix dash-to-hyhen for 04_kube_rbac_proxy_config.yaml prefix #3837  
OCPNODE-1714 : files: add skip_mount_home to storage.conf #3777 OCPBUGS-16227 : make sure sshKey are not emptied out on firstboot #3829 daemon: Two minor fixes for reexec #3835  
daemon: Remove even more dead legacy OS update code #3820  
MCO-552 : implement the ability for the MCO to handle image registry certificates #3770 OCPBUGS-17156 : daemon: Always replace binary #3832 Revert “daemon: Make binary writing idempotent” #3831  
OCPBUGS-16921 : daemon: Make binary writing idempotent #3825 Revert “MCO-565: MCO-568: MCO-659: MCO-660 On-cluster build opt-in function, building machine-os-builder stub, RBAC and service acct inclusions” #3830  
Revert “ add Passwd to bootstrap served ignition” #3828  
OCPBUGS-15367 : The kubeconfig copied on to each node has 644 permissions #3808 MCO-597 : Remove the MCO’s dependency on journal reads #3822 fix certExpiry description #3823  
OCPBUGS-16227 : add Passwd to bootstrap served ignition #3811 MCO-565 : MCO-568: MCO-659: MCO-660 On-cluster build opt-in function, building machine-os-builder stub, RBAC and service acct inclusions #3763 OCPNODE-1717 : Make cgroupsv2 default in OCP-4.14 #3789 OCPNODE-1655 : Apply node-cluster dashboard as a config map #3708 MCO-607 : MCO-237: Keep track of certs in ControllerConfigStatus #3756 MCO-687 : Fix metrics e2e test #3813 MCO-585 : MCO-569: MCO-563: MCO-586: Introduces BuildController #3731 MCO MCO-424: daemon: Remove old legacy OS update path #3583  
MGMT-14843 : ovs-configuration service should copy the statically configured address even if the method isn’t manual. #3774 OCPBUGS-16128 : daemon: Copy matching binary to host, re-exec with it #3799 MCO-596 : Deprecate the login monitor #3791 kubevirt: Configure IPv6 arp proxy default gw #3780  
operator: Stop mounting /etc/kubernetes/ca.crt #3730  
OCPBUGS-15613 : Soften grep pattern for ingress default router #3775 Bug OCPBUGS-15233: OpenStack: fix IPv6 configuration #3785  
OCPBUGS-11997 : Prevent NM from unsetting the hostname #3794 add wasm extension #3776  
set MCO namespace on all events #3767  
OpenStack: restrict IPv6 configuration #3781  
Update 0000_90_machine-config-operator_01_prometheus-rules.yaml #3779  
OCPBUGS-14674 : set pool alert back to zero in more default scenarios. #3733 OCPBUGS-10115 : update image to use golang-1.20 #3766 OCPBUGS-15728 : Fix machine config drifts when deploying with platform external #3773 faq: Talk about “no enabled repositories” #3772  
OCPBUGS-14185 : change the message annotation to description #3721 OKD-174 : Dockerfile: OKD: Reenable extensions image on SCOS #3741 OCPBUGS-15575 : Dockerfile: pin to nmstate-2.2.9 #3769 OCPBUGS-10924 : Switch default SA to machine-config-operator #3740 trivial: Fix namespace for kube api server operator #3762  
OCPBUGS-8403 Deleting SSH keys / password hashes should not degrade MachineConfigPool / node #3606  
OWNERS: Update onwer list #3761  
OCPBUGS-4820 : Controller version mismatch causing degradation during upgrades #3738 MCO-640 : Move all log functions to klog #3734 OCPBUGS-14399 : Minor fix to support protectKernelDefaults field in Kubelet Config #3736 MCO-595 : Remove MCO’s pending config workflow #3700 OCPCLOUD-2010 : Re-vendor api and library-go for external platform support #3745 bootstrap: Clarify that “root ca” is really “MCS CA” #3728  
add ipsec extension #3726  
OpenStack: configure ipv6 addresses #3705  
OCPBUGS-13656 : MCO-632: Update kube deps to 1.27.2 #3735 OCPBUGS-14612 : Improve logging for IPI deployments #3725 OCPBUGS-4370 : Add label to VIP via keepalived #3683 OCPBUGS-14793 : Allow userfaultfd syscall to be used by unprivileged users #3724 OCPBUGS-14272 : Race condition in TestMCDRotatesCertsOnPausedPool #3718 OCPBUGS-13547 : [OCPCLOUD-2034] Update Library-go and API for new featuregate changes #3688 OCPBUGS-2177 : MCO-634: add support for a node pool hierarchy #3505 OCPBUGS-13860 : Fix missing apiVersion and kind fields for embedded resources #3713 OCPBUGS-3176 : Disable global ipv4 and ipv6 forwarding for OVN deployments #3676 OCPBUGS-8447 : MCO-496: Support ignition versions 3.3 + 3.4 but keep version 3.2 as default #3576 OCPBUGS-13547 : Use payload-version flag to set release version consistently across components #3701 OCPBUGS-12885 : daemon: stop using nmstatectl persist-nic-names --inspect on el9 #3685 OCPBUGS-11304 : daemon: event only on actual OS updates #3695 OCPBUGS-11652 : kubelet: add enableSystemLogQuery #3645 OCPBUGS-12980 : daemon: write certs in firstboot-complete path #3694 OCPBUGS-11670 : mcc_drain_err metric should not be served for removed nodes #3689 OCPBUGS-12456 : fix duplicate RotateKubeletServerCertificate setting #3686 OCPBUGS-12951 : daemon: Don’t traverse /run/ostree/auth.json symlink #3691 OCPBUGS-11702 , OCPBUGS-4476 : keepalived/ingress: change healthcheck script #3441 OCPBUGS-11992 : ControllerConfig’s Proxy field should not be marked as embedded resource #3682 OCPBUGS-11162 : Do not trigger openshift-azure-routes/openshift-alibaba-routes service based on file existence #3643 OCPBUGS-10235 : Add quotes to variable with -z #3679 OCPBUGS-11280 : Fixing forcedns dispatcher script permission issue for assisted sno rhel9 upgrade #3648 OCPBUGS-7836 : The MCD has a non-functional pivot command that should be removed #3666 Test Revert “Block RHCOS gcp-routes service on both masters and workers” #3672  
Accomodate ART limitation in parsing [[]] bash #3669  
Block RHCOS gcp-routes service on both masters and workers #3619  
OCPBUGS-10787 : Persist static IP addressed NIC names from rhel8 #3650 OCPBUGS-5356 : changed error handling so no runtime error #3651 OCPBUGS-4877 : End the operator’s “unknown field” logspam by marking controllerconfig embedded fields as embedded so they validate #3662 MCO-407 : add support for operator metrics #3537 Updating openshift-proxy-pull-test images to be consistent with ART #3593  
OCPBUGS-4122 : Do not add deep nested scope to atomic transport #3653 OCPBUGS-10414 : Fix regex dot in coredns config file #3626 OCPBUGS-11092 : daemon: write certificate in OnceFrom and HyperShift #3654 remove container runtime flag #3640  
OCPBUGS-4963 : Enable base nodeip-configuration for vsphere upi #3460 configure-ovs: would not retry on some errors #3625  
OCPBUGS-10598 : Splitting NetworkManager-onprem.conf.yaml to 2 files: #3620 OCPBUGS-10379 : configure-ovs: support UUID in vlan.parent #3623 OCPBUGS-8676 : Fix kubelet.service node-ip for v6-primary dual-stack #3592 getPoolsForNode: Use constant MachineConfigPoolWorker instead of “worker” string #3635  
MCO-423 : Adds OS image override test #3558 OCPBUGS-9969 : daemon: Drop duplicate --authfile used in run #3611 OCPBUGS-8446 : MCO-503: daemon: have a special path to sync in certs #3575 OCPBUGS-7559 : Remove hard requirement for the afterburn from early-running aws-related services #3585 Removing jstuever from OWNERS_ALIASES #3554  
OCPBUGS-8113 : daemon: Only switchkernel if we are doing an OS update or kernel change #3600 OCPBUGS-9685 : daemon: Always remove pending deployment before we do updates #3599 Make OKD/SCOS Dockerfile regexes match again after rhel-coreos image name change #3597  
Switch to rhel-coreos (9) #3596  
OCPBUGS-8113 : daemon: Make switchKernel less stateful #3580 OCPBUGS-8523 : Revert “daemon: Temporarily copy auth file with more open perms on FCOS” #3591 Update library go to promote AWS CCM to out of tree #3590  
machineconfigpool: Clarify status.configuration description #3371  
daemon: Remove noisy log message #3588  
OCPBUGS-5872 : Wrap podman commands in a while loop #3581 configure-ovs: permanent retry on failure #3544  
OCPNODE-1495 : Default the cgroup version to “v1” via base template controller #3563 OCPBUGS-1662 : mcd_update_state metric should have a single time-series per node #3571 Full changelog  
OCPBUGS-54171 : Change rhcos release browser url #59 Force rebuild of CI image #31  
Fix condition check for logging #29  
Force updating main rhcos image to version 414.92.202303281555-0 #28  
Updating ose-machine-os-images images to be consistent with ART #26  
Full changelog  
OCPBUGS-58763 : Bump github.com/golang/glog to v1.2.4 #105 OCPBUGS-42048 : Update owners #91 OCPBUGS-21372 : Update go.mod for CVE-2023-39325 [Release-4.14] #71 OCPBUGS-12640 : Bump golang.org/x/net from 0.0.0-20211209124913-491a49abca63 to 0.7.0 #67 Updating ose-multus-admission-controller images to be consistent with ART #65  
Updating ose-multus-admission-controller images to be consistent with ART #64  
Updating ose-multus-admission-controller images to be consistent with ART #62  
Updating ose-multus-admission-controller images to be consistent with ART #57  
Full changelog  
OCPBUGS-48160 : [backport 4.14] Adds a wait to account for the possiblity of a not ready unix socket #262 OCPBUGS-35578 : Update owners file #243 OCPBUGS-33478 : Fix CNI cache update function to prevent nil access #232 OCPBUGS-26331 : Fix SAST scan issues for multus-cni-container [4.14] #220 OCPBUGS-21099 : Update go.mod for CVE-2023-39325 [Release-4.14] #194 OCPBUGS-19860 : Multus annotation permissions: Certificate duration should be configurable [backport 4.14] #192 OCPBUGS-19679 : Move chroot from multus main process to its child processes #189 OCPBUGS-19375 : Per node certification cherry-pick #185 OCPBUGS-19074 : Performance and efficiency improvements in daemon/server mode #181 Use container base image’s /etc/os-release to copy multus binary #179  
Change /usr/src/multus-cni/bin to rhel8 based one #178  
Cherry pick upstream fix #177  
Upstream sync 202308 #176  
This change introduces wait to generate config until API is ready #175  
Upstream sync to 202307, 99c4481 #168  
Add rhel9 binary for multus #173  
OCPBUGS-13815 : Fix multus to support CNI plugin which does not create interface #162 OCPBUGS-12519 : Bump golang.org/x/net from 0.1.0 to 0.7.0 (#1039) #160 Updating multus-cni images to be consistent with ART #159  
Updating multus-cni images to be consistent with ART #158  
Updating multus-cni images to be consistent with ART #157  
Updating multus-cni images to be consistent with ART #148  
Multus entrypoint should regenerate kubeconfig if secret changes #153  
Full changelog  
Update owners (#62) #62  
Update vendor package (#40) #40  
OCPBUGS-21454 : Update go.mod for CVE-2023-39325 (#33) #33 OCPBUGS-974 : Sync upstream (#30) #30 Updating multus-networkpolicy images to be consistent with ART (#27) #27  
Updating multus-networkpolicy images to be consistent with ART (#26) #26  
Updating multus-networkpolicy images to be consistent with ART (#25) #25  
Updating multus-networkpolicy images to be consistent with ART (#24) #24  
Full changelog  
OCPBUGS-42049 : [release-4.15]Update owners #60 15393552: Updating ose-multus-route-override-cni images to be consistent with ART #47  
15393552: Updating ose-multus-route-override-cni images to be consistent with ART #45  
Revert ART changes to fix rhel9 base binary #44  
Updating ose-multus-route-override-cni images to be consistent with ART #43  
Fix Dockerfile to use rhel9 #42  
Updating ose-multus-route-override-cni images to be consistent with ART #41  
Add rhel9 binary #40  
Updating ose-multus-route-override-cni images to be consistent with ART #36  
Updating ose-multus-route-override-cni images to be consistent with ART #35  
Updating ose-multus-route-override-cni images to be consistent with ART #34  
Updating ose-multus-route-override-cni images to be consistent with ART #33  
Full changelog  
OCPBUGS-55620 : Fixes leftover podref issue #367 OCPBUGS-42047 : Update owners #311 OCPBUGS-37815 , OCPBUGS-37817 : [release-4.14] align api calls timeout and skip pods marked for deletion #309 OCPBUGS-36722 : Return previous IP allocation for add cmd #296 OCPBUGS-35263 : Use IP to identify orphaned allocation to be deleted #289 OCPBUGS-27858 : Enable reconciler configuration 4.14 #240 OCPBUGS-26553 : Cherry pick fix assignment 4.14 #230 OCPBUGS-21518 : update golang.org/x/net to v0.17.0 #207 Bug 16002 : Change default binary to RHEL8 image #172 OCPBUGS-15905 : Denormalize IP name before checking if pod is alive [Backport 4.14] #167 Bug 16136 : Introduce entrypoint.sh to call ip-control-loop based on RHEL ver #147 Downstream sync july23 #137  
Updating ose-multus-whereabouts-ipam-cni images to be consistent with ART #150  
Updating ose-multus-whereabouts-ipam-cni images to be consistent with ART #149  
Updating ose-multus-whereabouts-ipam-cni images to be consistent with ART #148  
Updating ose-multus-whereabouts-ipam-cni images to be consistent with ART #146  
Updating ose-multus-whereabouts-ipam-cni images to be consistent with ART #143  
Updating ose-multus-whereabouts-ipam-cni images to be consistent with ART #142  
Updating ose-multus-whereabouts-ipam-cni images to be consistent with ART #141  
Restores RHEL specific binary copy and updates to rhel9/8 #140  
Updating ose-multus-whereabouts-ipam-cni images to be consistent with ART #136  
Updating ose-multus-whereabouts-ipam-cni images to be consistent with ART #130  
Updating ose-multus-whereabouts-ipam-cni images to be consistent with ART #129  
Updating ose-multus-whereabouts-ipam-cni images to be consistent with ART #128  
OCPBUGS-11324 : respect requested allocation range when exluding ranges [backport 4.14] #121 Upstream sync 2023 03 29 #119  
Updating ose-multus-whereabouts-ipam-cni images to be consistent with ART #115  
Full changelog  
OCPBUGS-42971 : Collect etcd object count #457 OCPBUGS-48084 : Update owners #475 OCPBUGS-48058 : Support gathering IPsec data #472 OCPBUGS-43058 : [Backport 4.14] Multus is now a Pod and will be captured by normal #451 OCPBUGS-20429 : Revert “Add must gather script for network observability” #391 OCPBUGS-20354 : Removed workload partitioning annotation from ppc script #388 Use oc get daemonset to identify the NTO image #378  
OCPBUGS-17907 : Revert “Added gathering script for SNOs with workload partitioning” #376 Split gather_network_logs into basics and extras #375  
Added gathering script for SNOs with workload partitioning #373  
Add csi-proxy logs collection in must-gather for Windows nodes #374  
SDN-3687 : Support gathering DBs for OVNK-Interconnect mode #370 Collect information relevant to PerformanceProfile and low latency tuning #345  
gather_network_logs: multus: Fix typo in error redirection #371  
Collect leases.coordination.k8s.io from each namesapce #366  
Create a generic “get_operator_ns” util function #368  
Assert that only one subscription exists #367  
MCO-608 : Gather MCO’s on-disk configs from degraded nodes #361 Gather ostree related bits #353  
OCPBUGS-14984 : Collect Mellanox firmware information #365 OCPBUGS-14025 : Add gather_vsphere #363 NETOBSERV-987 : Add must gather script for network observability #357 Updating ose-must-gather images to be consistent with ART #358  
OCPBUGS-10798 : Gather CSIStorageCapacity objects #356 OCPBUGS-11147 : network_logs: Gather multus resource yamls for namespaces #354 Updating ose-must-gather images to be consistent with ART #352  
Full changelog  
Add rhel9 binary #57  
Updating ose-network-interface-bond-cni images to be consistent with ART #54  
OCPBUGS-12327 : Updating ose-network-interface-bond-cni images to be consistent with ART #52 Updating ose-network-interface-bond-cni images to be consistent with ART #51  
Updating ose-network-interface-bond-cni images to be consistent with ART #50  
OCPBUGS-11190 : Ignore missing links during delete command #48 Update owners file #46  
Align with upstream 14-04-2023 #45  
Updating ose-network-interface-bond-cni images to be consistent with ART #44  
Full changelog  
OCPBUGS-58778 : Bump github.com/golang/glog to v1.2.4 (#115) #115 OCPBUGS-60394 : Replace e2e test image (#128) #128 swtich golint install method (#127) #127  
Correct 4.16 owners file (#100) #100  
Added METRIC_TEST_IMAGE var (#88) #88  
Update the k8s dependencies to 1.27.7 (#82) #82  
OCPBUGS-16594 : Update the dependencies to 0.27 (#79) #79 Revert “Remove e2e tests that consistently fail in 4.13 (#65)” (#76) #65  
Updating ose-network-metrics-daemon images to be consistent with ART (#73) #73  
Updating ose-network-metrics-daemon images to be consistent with ART (#72) #72  
Updating ose-network-metrics-daemon images to be consistent with ART (#71) #71  
Updating ose-network-metrics-daemon images to be consistent with ART (#70) #70  
Full changelog  
OCPBUGS-31862 : replace wireshark with wireshark-cli #122 OCPBUGS-22172 : Move commands to the function to avoid them being executed on -h. #94 OCPBUGS-20520 : Update scripts in network-tools to reflect the changes in IC model #92 ovn-db-run-locally: gracefully handle non-clustered dbs #84  
Updating ose-network-tools images to be consistent with ART #81  
Updating ose-network-tools images to be consistent with ART #78  
Updating ose-network-tools images to be consistent with ART #76  
Full changelog  
changes the owners file (#1013) #1013  
OCPBUGS-48513 : e2e: use same version of crane as in go.mod (#1023) #1023 Bump version to include v5.11.0 of go-git (#822) #822  
Fix to ensure operator not found error exits with correct status (#797) #797  
OCPBUGS-28871 : Capability to override default channel (#749) (#790) #749 OCPBUGS-19429 : Fix cross EUS channel upgrade path calculation (#769) #769 OCPBUGS-23327 : Fix MirrorToDisk of oci catalogs in hidden folders (#766) #766 skipping prune failure if manifest not found (#735) #735  
OCPBUGS-21472 : fix: CVE-2023-39325 (#711) #711 Fixes HTTP 401 issues when several catalogs are being mirrored and need to be rendered using operator-registry (#704) (#706) #704  
Fix OCPBUGS-17546: pod catalogsource generated by oc-mirror will crashloopBackOff randomly (#699) #699  
OCPBUGS-17545 : Improve extracting opm binary from catalogs (#676) #676 OCPBUGS-7465 : Fix 401 Unauthorized due to stale auth token (#678) #678 Fix OCPBUGS-14402 - case where catalog is on a mirror from registries.conf (#682) #682  
OCPBUGS-17998 : fix: ICSP with incorrect mirror path (#681) #681 OCPBUGS-17714 : Ensure errors are nil before closing registry to avoid… (#680) #680 CFE-825 : As a oc-mirror user, I would like mirrored operator catalogs to have valid caches (#651) #651 CFE-902 feat: removes go workspace due to incompatibility on ART builds (#672) #672  
CFE-902 feat: adds go workspace to support multi-module (#670) #670  
add go.mod files to testdata directories (#669) #669  
fixing oc-mirror version when run from read-only fs (#660) #660  
Make local storage port configurable via command line (#668) #668  
Fix unit tests for local storage collector implementation (#667) #667  
CFE-904 : Create AdditionalImage Collector implem. based on registry as localStore (#666) #666 v2 initial commit (#664) #664  
OCPBUGS-13871 docs: changes the help message for oci-registries-config flag (#663) #663  
OCPBUGS-11754 : add cleanup of /tmp directories (#655) #655 CFE-875 : Unlock MirrorToDisk and DiskToMirror workflows for local oci catalogs (#662) #662 Fix OCPBUGS-15329 - OCI index found, but accept header does not support OCI indexes (#658) #658  
Enable mirroring of the multi release image (#657) #657  
revendor to the latest oc (#656) #656  
Replacing the hard coded path with graphDataMountPath (#585) #585  
CFE-859 : Removing flag use-oci-feature starting release-4.14 (#622) #622 CFE-783 : A variety of changes needed for correct operation with multi architecture catalogs (#611) #611 MULTIARCH-3440 : refine multiarch support for test-unit and test-e2e using dockerfile and add ppc64le build to Makefile (#624) #624 Add ImageSetConfig examples (#610) #610  
OCPBUGS-13871 : fix: changes on help info content (#653) #653 OCPBUGS-588 : minVersion in ImageSetConfiguration seems to be ignored (#603) #603 Fix OCPBUGS-14194 (#649) #649  
Fix OCPBUGS-14402 (#652) #652  
OCPBUGS-13332 : Create rfc 1035 compliant catalog source name (#636) #636 fix validateMapping OCPBUGS-13962 (#640) #640  
adds Jeremy Peterson to OWNERS file (#644) #644  
Chore: Remove Ross from OWNERS (#639) #639  
OCPBUGS-13762 : make addRelatedImageToMapping multithreaded (#638) #638 Fix OCPBUGS-11840: ParseImageReference supports cases where both tag and digest are present in a ref (#633) #633  
OCPBUGS-11922 : paths not needed in ICSPBuilder interface (#634) #634 OCPBUGS-11910 , OCPBUGS-11922 : Limit the nested repository path while mirroring the images (#623) #623 CFE-658 : Implementation of filtering by channel for OCI catalog (#627) #627 OCPBUGS-4959 : oc-mirror error on second synchronisation with no change (#605) #605 Deprecate –use-oci-feature in favor of –include-local-oci-catalogs (#620) #620  
Updating oc-mirror-plugin images to be consistent with ART (#619) #619  
Update OWNERS for CFE team (#614) #614  
Revert adding ‘–cache-dir /tmp/cache’ to catalog images (#613) #613  
OCPBUGS-11371 : fix: skips bundles with ‘skips’ field on head bundle (#608) #608 fix: work around OCPBUGS-6741 by explicitly setting –cache-dir (#604) #604  
OCPBUGS-2633 : Fix  (#601) #601 OCPBUGS-7845 fix: changes the way the version is shown (#599) #599  
OCPBUGS-10348 fix: changes to include the registry path (#600) #600  
OCPBUGS-1060 fix: changes confusing error message (#598) #598  
Fix OCPBUGS-8156: Upgrade to containerd v1.6.18 (#593) #593  
Bugfix check imagesetconfig for valid oci protocol when oci feature is used (#573) #573  
Remove “unsupported” wording from info on console (#577) #577  
Fix OCPBUGS-5168: Upgrade helm.sh/helm/v3 to v3.11.2 fixing CVE-2022-23526 and CVE-2022-23525 (#580) #580  
OCPBUGS-10051 : fix: remove catalog reference from ImageContentSourcePolicy.yaml (#586) #586 Updating oc-mirror-plugin images to be consistent with ART (#575) #575  
Bugfix for destination registry nested paths length (#572) #572  
fix extract dir for cincinnati-graph-data container (#582) #582  
OCPBUGS-8216 : fix: remove an unecessary error message (#579) #579 docs: add information about unsupported scenario (#574) #574  
Full changelog  
: OCPBUGS-27680,OCPBUGS-27595: UPSTREAM: <carry>: Update go-git to v5.11.0 #73  
OCPBUGS-23358 : [release-4.14] Address http2 vulnerability #53 OCPBUGS-21379 : Bump golang.org/x/net from 0.15.0 to 0.17.0 #39 OCPBUGS-16793 : openshift/Dockerfile: exclude unpack binary from FIPS build overrides #33 Rename downstream overlay from service-ca-operator to openshift #32  
UPSTREAM: <carry>: add manifests to image #31  
Makefile,manifests: Add skeleton of default rukpak resources #18  
Introduce barebones build and unit testing GH actions #14  
Skeleton - k8s provisioner #7  
update README to include latest APIs #5  
Introduce a sanity github action check #3  
Init API defs #1  
Add barebones OWNERS file #2  
And 464 elided commits (e.g. from squash or rebase merges) 
Full changelog  
OCPBUGS-57940 : Set node-pullsecrets volume to read-only to protect image pull credentials #398 OCPBUGS-56951 : Empty proxy variables are causing issues during the build #386 OCPBUGS-48480 : Add team members to the OWNERS file #360 NO-JIRA: cleanup root and app OWNERS #349  
OCPBUGS-32869 : replaces deprecated square/go-jose wtih go-jose/go-jose #342 OCPBUGS-41951 : Add adambkaplan as approver #334 [release 4.14] OCPBUGS-33288: Update opentelemetry dependency #295  
OCPBUGS-28950 : Replace ‘coreydaley’ with ‘sayan-biswas’ in OWNERS file #286 OCPBUGS-18980 : Disable Build and DeploymentConfig Informers if their caps are disabled #271 use constant controller names #265  
OCPBUGS-16071 : Updating Kubernetes and other associated dependencies #263 update runtime-utils for idms migrations #243  
OCPBUGS-14461 : Kubernetes 0.27 #261 Updating ose-openshift-controller-manager images to be consistent with ART #260  
Updating ose-openshift-controller-manager images to be consistent with ART #259  
Updating ose-openshift-controller-manager images to be consistent with ART #258  
Updating ose-openshift-controller-manager images to be consistent with ART #253  
OCPBUGS-10588 : mount build.Spec.Source.ConfigMaps for custom builder images #254 Add Divyanshu Agrawal as a reviewer #256  
Full changelog  
OCPBUGS-35337 : Correct out-of-bounds check #173 OCPBUGS-34792 : Make Cinder CSI Driver Topology feature configurable #162 OCPBUGS-25657 : Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #153 OCPBUGS-26460 , OCPBUGS-26461 : [release-4.14] CVE-2023-45142,CVE-2023-47108: bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.46.1 #156 OCPBUGS-23078 : CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #142 OCPBUGS-21573 : CVE-2023-44487: bump golang.org/x/net to v0.17.0 #135 STOR-1436 : Restart openstack-cinder-csi-driver-controller Pods if metrics-serving-cert changed #128 Remove Dockerfile.rhel7 #126  
Configure User Agent #123  
OCPBUGS-16654 : Revert revert “STOR-1065: Rework sidecar bindings to b… #119 OCPBUGS-16783 : Chore: Update OWNERS and OWNERS_ALIASES #121 OCPBUGS-16526 : Bump library-go to remove dependency on goproxy #122 OCPBUGS-16678 : Fix SCC admission failure race during initial deployment #120 Revert “STOR-1065: Rework sidecar bindings to bind common ClusterRoles” #118  
STOR-1065 : Rework sidecar bindings to bind common ClusterRoles #117 OCPBUGS-14824 : Bump cinder-csi-driver-operator library-go #116 STOR-1168 : Bump common libraries #115 Updating ose-openstack-cinder-csi-driver-operator images to be consistent with ART #113  
OCPBUGS-12651 : Bump golang.org/x/net@v0.9.0 #114 Updating ose-openstack-cinder-csi-driver-operator images to be consistent with ART #112  
Updating ose-openstack-cinder-csi-driver-operator images to be consistent with ART #111  
OSASINFRA-3000 Prefer a Cinder CSI-specific config map #82  
OCPBUGS-8683 : Add management workloads annotations #109 Updating ose-openstack-cinder-csi-driver-operator images to be consistent with ART #108  
Full changelog  
OCPBUGS-32428 : Ensure portSecurity is correctly set in the Instance Ports #109 OCPBUGS-23202 : Don’t build InstanceSpec during delete operations #95 Bug OCPBUGS-18806: Set controller’s SyncPeriod to 1 hour #81  
Bump CAPO to match branch release-0.7 #80  
Configure User Agent #75  
Update README #77  
OCPBUGS-16586 : Bump goproxy #74 Rework how we build the container image #76  
go.mod: Upgrade Gophercloud to v1.5.0 #73  
OSASINFRA-3063 : Bump CAPO to v0.7.2 #72 Updating ose-machine-api-provider-openstack images to be consistent with ART #70  
Updating ose-machine-api-provider-openstack images to be consistent with ART #69  
Updating ose-machine-api-provider-openstack images to be consistent with ART #68  
OCPBUGS-8687 : machineset_controller: Stop caching clouds credentials #63 OCPBUGS-2153 : Use TenantID if ProjectID is empty #61 Updating ose-machine-api-provider-openstack images to be consistent with ART #60  
Full changelog  
OCPBUGS-61469 : [release-4.14] Add NetworkPolicy as a supported kind #1052 OCPBUGS-61390 : [4.14] e2e stability fixes #1085 OCPBUGS-46927 , OCPBUGS-46934 , OCPBUGS-47314 : x/net bump to v0.34.0 [release-4.14] #941 OCPBUGS-46595 : CRD upgrade existing CR validation fix (#3442) #921 OCPBUGS-45080 : SSA for Services and ClusterRoleBindings #905 OCPBUGS-42828 : add optional schema migrations; default to olm.bundle.object instead of olm.csv.metadata #878 OCPBUGS-41872 : Fix e2e flake: upgrade CRD with deprecated version #865 OCPBUGS-42150 : (fix) registry pods do not come up again after node failure (#3366) #872 OCPBUGS-42017 : adds paginating lister for evaluating CRs’ upgrade fitness versus new CRDs. #869 OCPBUGS-38544 : (fix) Resolver: list CatSrc using client, instead of referring to registry-server cache (#3349) #842 OCPBUGS-36949 : [CARRY] perform operator apiService certificate validity checks directly #821 OCPBUGS-37016 : Bump github.com/containers/image/v5 #824 OCPBUGS-36452 : Can’t install operator on 4.15 after uninstalling it on a prior version #811 OCPBUGS-31969 , OCPBUGS-31970 : UPSTREAM: <carry>: update golang.org/x/net for CVE-2023-45288 #787 OCPBUGS-35230 : Unblock CI #771 OCPBUGS-33356 : UPSTREAM: <carry>: bump go-jose #743 OCPBUGS-30775 : [4.14] bump grpc to 1.60.1, reconnect idle connections (#3147) #715 OCPBUGS-29192 : [release-4.14]: Clear (existing) error cond from Subscription, once error resolved #686 OCPBUGS-29194 : Retry failing unpack jobs #689 NO-ISSUE: [release-4.14] Backport e2e fixes to 4.14 #674  
OCPBUGS-27314 : Don’t sync namespaces that have no subscriptions #675 OCPBUGS-27565 , OCPBUGS-27570 , OCPBUGS-27650 , OCPBUGS-27655 : bump go-git/v5 to 5.11.0 #677 OCPBUGS-27485 : [CARRY] SSC RBAC #665 OCPBUGS-22538 : bump otelhttp to 44.0 for api #647 OCPBUGS-22538 : otelhttp bump [release-4.14] #632 OCPBUGS-20829 : [releaser-4.14] Fix apiserver vulnerability #608 OCPBUGS-23212 : Do not derive installplan.spec.clusterServiceNames from bundle IDs #607 OCPBUGS-18904 : [release-4.14] Improve Leader Election Hand Off #605 OCPBUGS-23508 : [release-4.14] Use generated namespaces in e2e tests #614 OCPBUGS-20400 : Add OLMConfig API to control package server sync interval [release-4.14] #582 OCPBUGS-19789 : Backport OCPBUGS-14698: Rename ClusterRoles created by OperatorGroups [release-4.14] #566 OCPBUGS-22134 : [release-4.14] Bump golang.org/x/net to v0.17.0 #587 OCPBUGS-17950 : Make packageserver wakeup interval configurable #555 scripts/bumper: automate pushing changes and creating PRs #550  
OCPBUGS-17157 : scripts: add a Go-based bumper, sync upstream #534 Add ncdc to DOWNSTREAM_OWNERS #539  
OPRUN-3022 : Add support for make verify to sync script #537 Add tmshort to owners #535  
fix the manifests generation #533  
Sync 2023 08 04 #532  
OCPBUGS-17157 : sync #531 OCPBUGS-17157 : operator-registry: cherry-pick to be up-to-date #526 OCPBUGS-17157 : cmd/package-server-manager: add pprof endpoints #527 OPRUN-3021 : Improve README #529 OPRUN-2913 : Sync api, operator-registry, operator-lifecycle-manager downstream #510 OPRUN-2913 : Add DOWNSTREAM_OWNERS #520 OCPBUGS-10178 : Updating operator-lifecycle-manager images to be consistent with ART #470 Allow cpb to be statically compiled / exempt from FIPS compliance #511  
update verification script to work across non-standard bash location #505  
OCPBUGS-13128 : Retry initialization error conditions (#2979) #502 Updating operator-registry images to be consistent with ART #495  
OCPBUGS-13526 : fix dynamic conversion webhook #490 OPRUN-2995 : Remove dependency on cluster policy controller in favor of hardcoding #498 OPRUN-2941 : update cluster-policy-controller dependency #494 OCPBUGS-13789 : downstream y-streams-for-all semver template changes. #489 OCPBUGS-1684 : Optimize certificate generation #486 METAL-575 : Revert “Mutate service monitor manifests to include tlsConfig cert an… #478 OPRUN-2892 : Update service-monitor tls config #368 OCPBUGS-6016 : UpdateStrategy RegistryPoll with nil Interval #468 OCPBUGS-7910 : Sort channels in lexicographical order in Packagemanifestst (#2925) #476 OCPBUGS-7431 : Registry Pod Controller Flag #460 Update sync script #472  
OPECO-2737 : Veneer template rename #461 fix pop_candidate script #467  
Updating operator-registry images to be consistent with ART #469  
OPECO-2646 : exclude bundles with olm.deprecated property when rendering #463 Full changelog  
15143237: Updating ose-ovirt-machine-controllers images to be consistent with ART #174  
Full changelog  
OCPBUGS-36095 : Fix CVE-2024-6104 by updating http-retryable to 0.7.7 #90 OCPBUGS-33637 : Fix CVE2023-45288 by bumping x/net to v0.24.0 - 4.14 #81 OCPBUGS-25980 : Rebase with upstream: Fix snyk code issue: Path Traversal #72 OCPBUGS-24713 : synk: ignore vendor dir #60 OCPBUGS-21112 : CVE-2023-39325 - Update net dependencies - 4.14 #51 cherry-pick: Improve delete device failure logs in driver node #48  
OCPBUGS-17309 : Updated golang.org/x/net/html dependency. #43 Rebase with upstream: v0.4.0 changes #42  
Rebase: upgrading go modules #40  
Rebase with upstream: reduce multipathd usage (OCPBUGS-16878) #39  
Rebase with upstream: removed panic and some cleanup #38  
Rebase with upstream #37  
Package device-mapper-multipath added #36  
Merging upstream code with downstream #33  
OCPBUGS-12922 : Updated net dependencies #29 OCPBUGS-12716 : Updating ose-powervs-block-csi-driver images to be consistent with ART #30 Updating ose-powervs-block-csi-driver images to be consistent with ART #26  
Full changelog  
OCPBUGS-25657 : Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #58 OCPBUGS-25715 : snyk: ignore vendor dir #60 OCPBUGS-23078 : CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #48 OCPBUGS-21203 : CVE-2023-39325 - Update net dependencies - 4.14 #40 Update OWNERS add yussufsh #44  
STOR-1438 : Restart controller Pods if metrics-serving-cert changed #36 OCPBUGS-16531 : Upgraded openshift/library-go to remove indirect references to goproxy. #35 OCPBUGS-16654 : Rename sidecar binding RBACs #32 OCPBUGS-16783 : Chore: Update OWNERS #33 STOR-1065 : Rework sidecar bindings to bind common ClusterRoles #31 OCPBUGS-14824 : Bump ibm-powervs-block-csi-driver-operator library-go #30 OCPBUGS-12925 : Updated net dependencies #26 Updating ose-powervs-block-csi-driver-operator images to be consistent with ART #25  
Updating ose-powervs-block-csi-driver-operator images to be consistent with ART #24  
Updating ose-powervs-block-csi-driver-operator images to be consistent with ART #23  
Adding storage team to OWNERS so they can perform lib-go updates. #21  
OCPBUGS-8683 : Add management workloads annotations #20 Updating ose-powervs-block-csi-driver-operator images to be consistent with ART #19  
Full changelog  
OCPBUGS-36105 : UPSTREAM: <carry>: Fix go-retryablehttp CVE 4.14 #75 OCPBUGS-24727 : UPSTREAM: <carry>: snyk code scan exclude vendor directory #54 OCPBUGS-21299 : CVE-2023-39325 - Update net dependencies - 4.14 #45 UPSTREAM: <carry>: Add check for valid Power VS instance id #42  
Manual rebase to k8s 1.27 and go 1.20 #40  
Revert images golang 1.18 #38  
Updating ose-powervs-cloud-controller-manager images to be consistent with ART #37  
Revert build_image to the one currently specified in release repo #36  
OCPBUGS-12921 : Updated net dependencies #33 Updating ose-powervs-cloud-controller-manager images to be consistent with ART #31  
Updating ose-powervs-cloud-controller-manager images to be consistent with ART #30  
Full changelog  
Bump openshift/prom-label-proxy to v0.7.0 #356  
OCPBUGS-12293 : Update 4.14 prom-label-proxy image to be consistent with ART #355 Updating prom-label-proxy images to be consistent with ART #353  
Full changelog  
OCPBUGS-43670 : fix(discovery): Handle cache.DeletedFinalStateUnknown … #239 OCPBUGS-22531 : bump otel dependencies #183 OCPBUGS-21262 : update golang.org/x/net to v0.17.0 [4.14] #176 Bump openshift/prometheus to v2.46.0 #167  
Bump openshift/prometheus to v2.45.0 #166  
Bump openshift/prometheus to v2.44.0 #164  
Dockerfile.ocp: update note about UI assets after switching to embed #165  
OCPBUGS-12996 : Add missing assets after manual merge #162 OCPBUGS-12825 : Updating golang-github-prometheus-prometheus images to be consistent with ART #160 Bump openshift/prometheus to v2.43.0 #158  
Updating golang-github-prometheus-prometheus images to be consistent with ART #156  
Full changelog  
OCPBUGS-30015 : fix: convert continue field between v1beta1 and v1alpha1 #279 OCPBUGS-20881 : fix: disable HTTP2 connections by default #253 OCPBUGS-20881 : Bump golang.org/x/net to v0.17.0 #247 Bump openshift/prometheus-operator to v0.67.1 #240  
Bump openshift/prometheus-operator to v0.67.0 #239  
OCPBUGS-14466 : bump openshift/prometheus-operator to v0.66.0 #236 OCPBUGS-14033 : cmd/prometheus-config-reloader: add SIGTERM handler #234 OCPBUGS-1626 : [bot] Bump openshift/prometheus-operator to v0.65.1 #233 OCPBUGS-12324 : Update 4.14 prometheus-config-reloader image to be consistent with ART #230 Updating prometheus-operator images to be consistent with ART #229  
Updating prometheus-config-reloader images to be consistent with ART #227  
Updating prometheus-operator-admission-webhook images to be consistent with ART #226  
Updating prometheus-config-reloader images to be consistent with ART #225  
OCPBUGS-10109 : Updating openshift-state-metrics images to be consistent with ART #221 OCPBUGS-10137 : Updating openshift-state-metrics images to be consistent with ART #222 Updating prometheus-operator images to be consistent with ART #220  
Full changelog  
OCPBUGS-21162 : (4.14) upgrade golang.org/x/net to v0.17.0 #134 Bump openshift/node_exporter to v1.6.1 #130  
OCPBUGS-12714 : Bump openshift/node_exporter to v1.6.0 #129 OCPBUGS-12507 : Upgrade golang.org/x/net to v0.10.0 to fix the CVE #128 Updating golang-github-prometheus-node_exporter images to be consistent with ART #122  
Updating golang-github-prometheus-node_exporter images to be consistent with ART #120  
Full changelog  
OCPBUGS-21576 : bump(k8s,openshift) to address CVE-2023-44487 [4.14] #34 refactor route controller manager to use library-go server and ControlerCommand for generic setup #28  
add dummy flags needed for a switch to library-go server and ControlerCommand #29  
Revert “[WRKLDS-730] refactor route controller manager to use library-go server and ControlerCommand for generic setup” #25  
refactor route controller manager to use library-go server and ControlerCommand for generic setup #22  
WRKLDS-700 : bump(k8s) to v0.27.1 #21 Updating ose-route-controller-manager images to be consistent with ART #19  
Updating ose-route-controller-manager images to be consistent with ART #18  
Updating ose-route-controller-manager images to be consistent with ART #17  
Full changelog  
OCPBUGS-34830 : fix issuer check during JWT authentication 4.14 #539 OCPBUGS-32888 : update gopkg.in/square/go-jose.v2 to fix CVE-2024-28180 #535 OCPBUGS-22647 : go.mod: bump go.opentelemetry.io/contrib/instrumentation/net/http/ote… #494 OCPBUGS-21349 : [release-4.14]: Bump golang.org/x/net to v0.17.0 #484 OCPBUGS-16397 : Nutanix OCP cluster telemetry data “host_type” shows “virt-unknown” #474 chore: bump github.com/prometheus/prometheus to v0.45.0 #475  
: fix mtls secret generation #473  
Revert wrong cert name change of #455 #472  
: add secret for external mtls connection #470  
MON-3230 : Add TLS auth to telemeter-client #455 jsonnet: Add config to support rhelemeter #468  
Improve debug roundtripper logs #467  
Fix integration test documentation #461  
Fix path benchmark #466  
Add RHEL POC server #465  
OCPBUGS-12345 : tools: update to golangci-lint v1.51 #464 OCPBUGS-12678 : Update golang.org/x/net to lastest version #462 add thibaultmg in OWNERS file #459  
Update OWNERS #456  
Use receive handler logger #450  
OCPBUGS-10169 : Updating telemeter images to be consistent with ART #452 Filter noisy logs from TCP probes #453  
Add douglascamata as reviewer and approver #454  
Full changelog  
OCPBUGS-61233 : images/tests: Remove rteval #30208 OCPBUGS-55747 : [build] Ensure Git Clone Does Not Run Privileged #29758 OCPBUGS-54770 : Fix egress firewall tests by updating the URL from docs.openshift.com to redhat.com #29665 OCPBUGS-52583 : Use payload pullspec for image info test #29591 OCPBUGS-51363 : Disable:Broken for [sig-builds][Feature:Builds][Slow] can use private repositories as build input build using an HTTP token should be able to clone source code via an HTTP token #29567 OCPBUGS-51044 : Add/remove team members to the OWNERS file for Builds #29554 OCPBUGS-44107 : Adjust createDNSPod() to support hypershift dual-stack test #29256 OCPBUGS-39137 : Bump timeout for the pod-network-service endpoints check #29062 OCPBUGS-38365 : add Proxy config #28998 OCPBUGS-36800 : Removes dependency on samples operator images #28952 #28775 FIX [release-4.14] OCPBUGS-33367: monitor test fix to wait before connecting to a non-existent dns on PowerVS and IBMCloud platforms #28792  
#28745 FIX [release-4.14] OCPBUGS-33022: update egressFWTestE2E image which contains ping binary #28899  
OCPBUGS-36464 : test/extended: skip etcd leader change check on hypershift #28921 OCPBUGS-35475 : Use centos7 tag instead of latest for cmd images tests #28881 OCPBUGS-33417 : Provide SCC access via RBAC #28806 OCPBUGS-33563 : Adjust the method of get the apiServer (release-4.14) #28763 OCPBUGS-29970 : Do not assume there is just a single kubelet systemd service #28620 OCPNODE-2101 : add kube-rbac-proxy-crio toleration change #28647 OCPBUGS-29928 : Only extract node role from properly formatted node-role label #28616 OCPBUGS-29182 : updated timeout to 3 seconds to account for network timing issues #28578 OCPBUGS-29034 : Replace ‘coreydaley’ with ‘sayan-biswas’ #28574 OCPBUGS-26044 : Adding test case for when exceed openshift.io/image-tags will ban to … #28493 OCPBUGS-21774 : backport #28316 to 4.14 release #28335 Revert “[release-4.14] OCPBUGS-22720: Use Centos 8 Stream mysql image in tests” #28368  
OCPBUGS-23042 : tolerate AWS edge nodes on monitor tests #28387 OCPBUGS-23145 : Bump watch requests for cluster-baremetal-operator #28385 trt-1340: backport exact and disable monitor tests options to 4.14 #28391  
OCPBUGS-19923 : Updating parameters for build timing PushImage test #28291 OCPBUGS-22411 : fix: increase upper bounds for samples operator #28356 OCPBUGS-22720 : Use Centos 8 Stream mysql image in tests #28365 OCPBUGS-22389 : Remove all docker.io images due to access denied #28355 OCPBUGS-21774 : backport https://github.com/openshift/origin/pull/28238  to 4.14 release #28333 Revert #28304 “OCPBUGS-20308: Backport PR 28295 and 28238” #28314  
OCPBUGS-20308 : Backport PR 28295 and 28238 #28304 OCPBUGS-19903 : kubevirt: add live migration tests #28281 wait for the service to have endpoints before starting pollers #28279  
some monitor tests only function on disruptive tests #28287  
OCPBUGS-19718 : rteval #28276 OCPBUGS-19547 : fix: add rteval to the test image #28269 TRT-1244 : Bump aws-ovn upgradeDurationLimits to 130 #28265 OCPBUGS-19061 : Remove duplicate connection type from disruption name #28260 USHIFT-1590 : skip failing invariants in MicroShift #28193 Revert “created persistent volume claims can not exceed the limitation” #28232  
Revert “in-cluster disruption: ensure that only one monitor is started in cluster” #28230  
created persistent volume claims can not exceed the limitation #28224  
Revert “Fail on APIs removed in the next release” #28227  
OCPBUGS-13158 : in-cluster disruption: ensure that only one monitor is started in cluster #28081 Fail on APIs removed in the next release #27561  
Service invariant #28202  
prevent secondary errors reported in prior steps #28221  
OCPBUGS-17477 : requestheader: wait for only 3 oauth-servers to be available #28161 [test/extended/networking] Rename ovnkube containers #28219  
Reduce usage of dcs #28212  
Do not fail etcd storage path test for GVRs that are not served. #28214  
move graceful shutdown to monitor test #28201  
move PDBUnhealthyPodEvictionPolicy from TP to beta #28206  
if no openshift-tests image can be auto-detected or specified, skip it #28207  
allow failures for tests intentionally producing failures #28211  
fix *-to-host sampler failure calculation #28209  
skip test with intermittent serial problems #28208  
point host network, network disruption at the kubelet #28191  
migrate some watching code to monitortests #28188  
fail if no sampler output is found for the poller #28198  
Fix possibility of intervals without from/to by requiring when we Build() #28182  
OCPBUGS-17497 : Skip invariant load balancer test for None platform #28180 tolerate cluster without clusterversion #28197  
select poller image from payload #28194  
AUTH-409 : bump o/k for the updated PSa labels #28192 Fixes openshift-tests dry-run failure asking for KUBERNETES_MASTER #28165  
TRT-930 : Update test to support 2 release query_results.json #28149 add e2e non-functional test for required-scc SCCs #28142  
Add a test to flake if we see NetworkManager log “too many netlink events” #28098  
OCPBUGS-16615 : Making prometheus telemetry test flake #28181 update watch-endpoint-slices to usable shape #28184  
add comments requested in review #28186  
rebrand invariant tests as monitor tests #28185  
basic setup of podNetwork disruption tests #28179  
start the watch-endpoint-slice command #28169  
stop sampling when we stop #28178  
run start and collect in parallel #28174  
only close node ready if the node was not ready before #28170  
make monitor command separately runnable #28168  
OCPBUGS-15726 : add tests for openapi v3 #28129 fix microshift fix that broke all disruption #28175  
Add stlaz and p0lyn0mial to OWNERS #28166  
OCPBUGS-15726 : Revert “temporarily disable oc explain tests until openapi/v3 is working” #28155 Add some tests for event interval generation #28163  
USHIFT-1464 : skip TestFrontProxy for MicroShift #28064 upgrade distribution to v3 #27958  
Skip external service monitoring invariant for microshift #28160  
Refactor e2e-test intervals to use the new locator builder #28099  
OCPBUGS-16166 : Update to Kubernetes 1.27.4 #28147 Remove obsolete buildanalyzer tool #28158  
Bug OCPBUGS-17483: Skip invariant load balancer test for OpenStack #28154  
be sure the exit code fails when the invariant tests fail #28152  
OCPBUGS-17351 : Skip some invariants in microshift #28136 OCPBUGS-16166 : disable 2 tests in preparation to land k8s 1.27.4 #28148 Fix kubevirt test flake caused by pod name collision #28153  
move the discovery filtering into suite filtering instead of post filtering #28145  
move remaining disruption tests to invariants #28144  
Disable EgressIP test termporarily due to OVN-K bug #28146  
Bug OCPBUGS-6778: Correct condition for rejecting connection #27876  
USHIFT-1484 : skip prometheus alerts for MicroShift #28070 remove unnecessary global modification from upgrade #28143  
OCPBUGS-16615 : Moving Prometheus reporting telemetry to serial jobs #28138 OCPBUGS-15568 : Set quota wait timeout to 1 minute #28071 rough package alignment #28131  
return calculated intervals #28141  
move existing invariant tests #28130  
remove extraneous layering for the monitor #28127  
Fix ClusterOperator tests that can only report failures #28120  
properly categorize the stop and start intervals #28139  
MON-1960 : Remove exceptions for alert annotations #28118 Revert invariant and other refactors #28133  
Remove exception on KubeSchedulerDown runbook #28126  
expedient engineering: inject intervals into recorded events from out… #28128  
Add Fabio and remove Stefan from image approvers #28125  
separate the run, run-upgrade, and run-test #28121  
Remove enabling multinetwork policy #28116  
OCPVE-292 : OCPVE-293: OCPVE-294: feat: added a realtime latency test suite #28110 Update image mirroring instructions to handle uncompressed layers #28101  
protect against nil panic on unassigned disruption adapter #28123  
fix: workload partitioning - added more error handling for retry attempts #28111  
Revert “adds legacy disruption to invariant tests” #28117  
adds legacy disruption to invariant tests #28104  
refactor command line start for openshift-tests #28107  
oauth requestheaders: gather oauth-server logs as admin #28114  
Automated - Update synthetic test data #28108  
SDN-4042 : Increase total upgrade time on OVN platforms #28074 Update image stream test to create a manifest list image by default #28017  
Adjust interval builder before we continue porting #28109  
Put times in UTC to allow local testing; use asserts where we can #28091  
feat: make data gathering more robust #28102  
remove suite hook configuration and make information flow one-way #28090  
USHIFT-1463 : add [apigroup] annotation to skip tests for MicroShift #28061 OCPVE-318 : feat: add node validation for workload partitioning #28056 Unrevert pull request #28069 from dgoodwin/interval-builder #28095  
Disruption reverts #28093  
AUTH-401 : test/e/authorization/pod_security_admission: add e2e test for pinning SCCs #28092 fix logic – If error, return current time; else return log line time #28084  
add interface for future invariant tests #28077  
Interval Building Phase 1 #28069  
create a recorder interface that separates monitoring from recording #28080  
remove unnecessary options and make monitor act like controller #28079  
Fix retrieval of virt-launcher pod of the guest node #28082  
Fix usage of priviliged pods in sig-kubevirt test cases #28078  
trt-1150: move lock so prevent multiple file updates in single commit #28065  
finish scrubbing out sampler #28076  
Automated - Update synthetic test data #28072  
MON-3280 : enable etcd metrics check again #28049 OCPBUGS-13158 : Run new tests which monitors in-cluster API server disruption as daemonsets on masters/workers #27909 fix: add missing namespaces to exclude list #28060  
Update S2i Image tests for removing nodejs 14 ubi8 eol #28058  
only close intervals if they are open #28059  
USHIFT-704 : skip [sig-cli] whoami result with console for MicroShift #28005 ignore machine api capability #28052  
ODC-7333 : Add consolesamples to the exception list of CRDs without a status #28057 Handle partial discovery results in DoesApiResourceExist. #28047  
Remove audit id from sample err #28043  
Remove sampler #27960  
ODC-7333 : Add consolesamples to the list of console resources that all users should have read access #28045 OCPBUGS-15893 : Update permission to incl. watch for helmchartrepositories for console users #28044 Automated - Update synthetic test data #28014  
increase cloud-credential-operator watch since we added a self-clusteroperator watch #28046  
OCPBUGS-15291 : Update broken dc tests due to deprecation warning #28041 Enable Azure platform check in external cloud provider test #27776  
update pathological event namespace label to be unambiguous #28038  
multinetpolicy: use RetryOnConflict to reduce flakes #28035  
USHIFT-1379 : skip must-gather tests for MicroShift #28015 Provide more detailed information when extracting binary fails #28034  
test: extended: deployment: use correct apigroup for imagestreamtags #27689  
Add logs in clusterquota test for more verbosity #28032  
OCPBUGS-15500 : Avoid panic attempting to process interval logs #28012 Add test checking nodes are in proper read state before upgrade #28028  
trt-1030: 80s for service lb under test #28004  
OCPBUGS-15835 : remove references to registry.centos.org #28029 OCPVE-379 : fix: avoid checking resources for BestEffort pods #28006 OCPBUGS-15568 : Increase clusterquota wait timeout from 10 to 30 seconds #28026 OCPBUGS-15558 : retry promql a few times to mask i/o timeouts #28010 AUTH-377 : Add oauth-server redirect URI validation e2e tests #27922 temporarily disable oc explain tests until openapi/v3 is working properly #28022  
USHIFT-647 : skip non-existing resources from security.openshift.io #27897 trt-1117: Test for update lease errors #28020  
print out deployment for incorrectly scheduled pods #28011  
OCPBUGS-14425 : Skip CCM upgradable condition on AlibabaCloud #27967 Update “verify that nodes have no unexpected reboots” test #28016  
allow cluster-config-operator to manage featuregate upgrade block #28009  
add a networking alert for OVNKubernetesResourceRetryFailure #28008  
add debugging info for cluster not ready to upgrade #28007  
OCPVE-378 : feat: remove skip, allow check on all platforms regardless #27911 Report external binary usage #28000  
Changing the severity of “missing runbook_url annotation for critical alerts” test case from flaky to failure #27987  
disruption refinement for availability, not latency. #28003  
TRT-1097 : add KubeMemoryOvercommit to specific test so that the general test doesn’t fail #28002 OCPBUGS-11652 : Enable oc adm node-logs #27992 skip reboot test when machineconfigs not in target cluster #27999  
OCPBUGS-15291 : [sig-cli] oc idle: get a dc name through labels instead of parsing oc create output #27998 Automated - Update synthetic test data #27995  
Flake ci-cluster-network-liveness and new backend disruption failures to avoid payload rejections #27990  
verifies number of node reboots even for HA #27994  
OCPBUGS-13379 : machines: add a test which verifies number of node reboots #27993 strip operator framework from resource watch and fix bugs #27972  
Fix panic in loki upload #27991  
Replace dashes in locator keys for upload to loki, add namespace label when possible #27983  
Automated - Update synthetic test data #27982  
Update kubevirt LB connectivity tests to work with AWS ELB #27978  
STOR-1263 : Bump (openshift/kubernetes): to get openshift/kubernetes#1595 #27970 add shutdown interval for apiserver from events #27919  
Update expected name for OVN acl logging test #27974  
Updated pathological events #27942  
new disruption backend #27838  
OCPBUGS-14667 : Revert “MON-3213: Changing the severity of “missing runbook_url annotation for critical alerts” test case from flaky to failure” #27969 MON-3213 : Changing the severity of “missing runbook_url annotation for critical alerts” test case from flaky to failure #27933 push intervals to loki #27930  
USHIFT-1300 : Avoid getting cluster state for TEST_PROVIDER env var #27964 hard monitor.Event message creation #27946  
ETCD-425 : restore test should validate state #27921 OCPBUGS-14338 : test/extended/prometheus: increase telemetry series threshold #27959 Running tests using external binary #27570  
OCPBUGS-14321 : Increase timeout in sysctl allowlist test #27955 remove legacy recovery tests #27917  
OCPBUGS-13649 : add tests for ClusterResourceQuota: count should work for all resources #27934 MON-3219 : Clear missing summary/description annotation test case exception #27944 OCPBUGS-13788 : 2x Revert “test/extended: Add MultiNetworkPolicy IPv4/IPv6 test cases” #27926 #27927 OCPBUGS-14125 : Move from registry.centos.org to quay.io #27945 LoadBalancer network connectivity test cases for HyperShift+KubeVirt #27931  
Revert “Add coverage for GET verb and websocket handshake to SCC exec tests.” #27943  
update the PDB resource to point to resource, not kind #27938  
fix oc explain status and spec verification #27937  
Add coverage for GET verb and websocket handshake to SCC exec tests. #27836  
test/extended/prometheus: fix test with enabled telemetry #27915  
bump(k8s.io/kubernetes) #27935  
Automated - Update synthetic test data #27920  
Change oc annotate cli test output check string #27932  
Migrate set-image.sh to go based test #27863  
STOR-1263 : Rebase 1.27.1 #27894 Update etcd team lead #27928  
Revert “test/extended: Add MultiNetworkPolicy IPv4/IPv6 test cases” #27926  
trt-1032: update upperbounds based on recent failures #27923  
OCPBUGS-6586 : oc idle: increase wait timeouts to 60 sec #27913 test/extended: Add MultiNetworkPolicy IPv4/IPv6 test cases #27795  
Mark ErrorReconcilingNode macAddress not found as known and with existing BZ #27918  
OCPBUGS-13366 : ignore repeated TopologyAwareHintsDisabled events #27916 OCPBUGS-13372 : Add missing error check in sysctl allowlist test #27914 trt-900: log risk-analysis errors but don’t pass back up #27898  
Automated - Update synthetic test data #27908  
OCPBUGS-5943 : Revert “ignore repeated TopologyAwareHintsDisabled events” #27815 Reactivate netpol tests #26775  
Adjust thresholds for reasonable upgrade durations #27905  
Fix up the chart so the “Not” column is lined up #27886  
Automated - Update synthetic test data #27861  
OCPBUGS-12447 : Add intervals and test for ovs-vswitchd unreasonably long poll interval #27889 WRKLDS-665 : Enable [sig-scheduling] SchedulerPreemption [Serial] validates pod disruption condition is added to the preempted pod [Suite:openshift/conformance/serial] #27874 TRT-856 : DNS and disruption overlap test #27826 OCPBUGS-11944 : use tokenrequest from lib-go #27883 CCO-367 : Allow CCO to be Upgradeable=False when credentialsMode=Manual #27887 add anonymous cert detection test case #27890  
Render html from monitor #27853  
PSa podspec exporter e2e: don’t specifically add seccompProfile to the podspec #27756  
ETCD-417 : add a new basic etcd backup/restore test #27875 test/extended: cpu-partitioning: skip cluster infrastructure for Hypershift #27884  
OCPNODE-1257 : feat: remove custom node wait logic for upstream framework call #27882 Add (optional) dual-stack tests to the CNI certification test suite #27807  
Trt-945 detect master node updates #27851  
Updating openshift-enterprise-tests images to be consistent with ART #27793  
Move selfsubjectreviews RBAC rule to the right place #27873  
Add git retry to run resource watch #27865  
Update ETCD storage data for k8s 1.27 #27871  
OCPBUGS-11652 : disable oc adm node-logs #27867 NE-1243 : Validate TCP DNS local endpoint preference as well as UDP. #27791 Add selfsubjectreviews RBAC rules #27866  
ETCD-399 : Add recovery suite to openshift-test cli #27869 add specific test for failing cgroups path #27852  
not rely on deterministic pod names in oc debug tests #27842  
Revert “TRT-889: Temp flake all azure disruption” #27843  
add wait for ingress to be responsive before beginning upgrade #27857  
Allow cluster daemonsets to use maxSurge #27819  
retry getting the URL for routes until we succeed #27854  
bump timeout #27849  
OCPBUGS-11215 : fix: add namespace annotation helper for egress cni test #27834 negative filtering #27829  
OCPBUGS-11072 : Add test for Egress Firewall node selector #27824 upkeep: updated query results #27835  
Revert “Make unidle test more strict” #27833  
OTA-824 : test/extended/cli/admin: Test ‘oc adm release extract –file image-references …’ #27822 STOR-1272 : DisableSC test should ignore in-tree storage classes #27814 add apiserver availability timeline events #27828  
OCPBUGS-9831 : Make unidle test more strict #27673 remove runresourcewatch git lock file on failure #27820  
Improve the disruptive suite description #27823  
OpenStack: Restore in-tree cinder provisioner tests #27789  
Add Divyanshu Agrawal as a reviewer #27821  
Enable AWS platform check in external cloud provider test #27777  
OCPBUGS-10824 : fix: add poll to get deployment status and avoid false positive #27818 Add a test case checking for cluster upgradeability #27806  
Gather more interesting etcd pod logs for issues we’re debugging #27816  
Strip ANSI control characters from junits #27801  
Automated - Update synthetic test data #27703  
move IsTechPreviewNoUpgrade function to exutil and reuse everywhere #27787  
Mark previous pathological events so they get added to spyglass charts #27743  
CNF-5652 : Add cpu partitioning tests #27770 Revert “Revert “Add vlan/macvlan/ipvlan incontainer master tests”” #27775  
Separate pathological event tests for all known namespaces #27774  
Scan etcd logs for dropped internal raft messages #27798  
Add intervals, synthetic test, and charting for etcd “slow fdatasync” pod log messages #27772  
OCPBUGS-8092 : Fix mounted volume expansion tests #27782 Specify Audit-ID to identify disruption requests in api audit logs #27780  
TRT-889 : Temp flake all azure disruption #27781 OCPBUGS-8483 : Revert “Switch to readyz path for health probes on Azure” #27771 WRKLDS-657 : add test for UnhealthyPodEvictionPolicy for PDBs #27768 Enable vSphere platform check in external cloud provider test #27638  
Realtime Kernel Tests #27751  
OCPBUGS-8310 : Bump to 1.26.2 #27764 And 7 elided commits (e.g. from squash or rebase merges) 
Full changelog  
Source code for this page located on github