Back to index
4.8.0-0.ci-2023-07-15-003738 Download the installer for your operating system or run
oc adm release extract --tools registry.ci.openshift.org/ocp/release:4.8.0-0.ci-2023-07-15-003738 Tests:
Blocking jobs Informing jobsupgrade-minor Failed periodic-ci-openshift-release-master-ci-4.8-upgrade-from-stable-4.7-e2e-aws-upgrade Upgrades from:
Upgrades to:
Loading changelog, this may take a while ...
Created: 2023-07-15 00:37:45 +0000 UTC
Image Digest: sha256:1aedaeb3b17a4600fe5e9f5201a75e0d20409113b1dad51ac01f8a54f7963ebf
Components
New images
Rebuilt images without code change
OCPBUGS-24975 : Updating ose-cluster-bootstrap-container image to be consistent with ART #103 OCPBUGS-24975 : Updating ose-cluster-bootstrap-container image to be consistent with ART #102 OCPBUGS-19235 : Updating ose-cluster-bootstrap images to be consistent with ART #100 OCPBUGS-16504 : bump(*): vendor update #99 Updating ose-cluster-bootstrap images to be consistent with ART #88
Updating ose-cluster-bootstrap images to be consistent with ART #82
OCPBUGS-3505 : Waiting for 2 masters in HA mode case #71 OCPBUGS-6234 : Bump dependencies and image #74 Add API team to reviewers #75
Add API team to the OWNERS #73
Bug 2006945 : extend hardcoded restmapper for cluster-bootstrap to avoid crashlooping bootstrap kube-apiserver #64 update golang version #65
Full changelog
OCPBUGS-28230 : enforce termination message policy on all platform pods #2354 Revert #2330 “SDN-4726: Block upgrade for openshift-sdn” #2356
SDN-4434 : Network diagnostics scheduling #2339 SDN-4726 : Block upgrade for openshift-sdn #2330 SDN-4114 : Add iptables-alerter daemonset #2329 OCPBUGS-31528 : infraconfig: handle vSphere UPI by not updating any fields #2327 SDN-4163 : Improved prometheus rule for ipsec metric #2346 OCPBUGS-32402 : Fix wait logic for IPsec certificate signing request #2342 SDN-4688 : ANP: Add RBAC for cluster-manager #2338 OCPBUGS-32347 : Improve IPsec MachineConfig readiness check #2341 SDN-4163 : Add ipsec state to telemetry #2270 OCPBUGS-22969 : Use v1 for flowcontrol API #2095 OCPBUGS-28230 : enforce termination message policy on all platform pods #2340 SDN-4519 : Configure CNO as per new API changes for join and transit switch subnet #2318 OCPBUGS-28230 : enforce termination message policy on all platform pods #2334 NP-956 : Remove managed cluster checking for live migration #2321 OCPBUGS-26408 : automountServiceAccountToken:false hosted CP pods #2306 SDN-4596 : Update (B)ANP CRDs; prepare for GA #2328 SDN-4500 : Add write permission for EgressQoS status #2319 SDN-4607 : Allow HyperShift ability to set ConfigMap through env var #2309 OCPBUGS-22995 : Tighten the permissions on whereabouts.conf #2106 OCPBUGS-24690 : Fully disable network-node-identity on ROKS #2313 SDN-4598 : Set runAsUser to env variable if it is set #2307 OCPBUGS-30103 : ensure local networking deployments within hypershift use the client side load balancer to be resilient to control plane node failures #2288 OCPBUGS-30831 : Updating cluster-network-operator-container image to be consistent with ART for 4.16 #2308 OCPBUGS-30299 : Fix managed cluster detection on ARO #2299 OPNET-358 , OPNET-360 : Allow VIP mutation in Infra CR #2130 OCPBUGS-29288 : Ensure proper deprecation for the default field manager #2274 OCPBUGS-24380 , OCPBUGS-24381 , OCPBUGS-24382 : Update APBExternalRoute, EgressFirewall, EgressQoS permissions for ovnkube pods #2262 OCPBUGS-25764 : memory-trim-on-compaction is enabled by default #2260 OCPBUGS-23788 : Only allow valid values for gatewayConfig.ipForwarding #2127 OCPBUGS-29341 : Run dhcp-daemon pods as system-node-critical priority #2280 OCPBUGS-24690 : Disable network-node-identity on ROKS #2197 OCPBUGS-26492 : Not set CNO to degraded if API server returns conflict error #2192 OCPBUGS-24214 : Add ownership annotations #2120 OCPBUGS-24601 : Add minReadySeconds to network-node-identity #2151 OCPBUGS-29305 : ipsec: fix openssl typo #2269 OCPBUGS-28920 : Update ingressconfig_controller to use field Manager #2259 NO-JIRA: Remove ILB from CNCC #2182
OCPBUGS-27222 : Fix CloudPrivateIPConfig CRD in common #2249 OCPBUGS-24976 : Updating cluster-network-operator-container image to be consistent with ART for 4.16 #2233 OCPBUGS-28676 : Remove libreswan rpm existence checks #2238 OCPBUGS-29099 : Add hostNetwork:true to cni-sysctl-allowlist ds #2237 OCPBUGS-24436 : Add probes to node-network-identity #2148 OCPBUGS-24299 : network-node-identity mounts secrets with mode 0640 #2142 OCPBUGS-28230 : add FallbackToLogsOnError for easier debugging #2224 NP-874 , OCPBUGS-27222 : Bump openshift API #2246 OCPBUGS-24383 : Limit write permissions for egressservices #2171 NP-903 : Only allows live migration on standalone managed clusters #2236 OCPBUGS-19551 : ovnkube: simplify northd threading and SNO templating #2234 OCPBUGS-24976 : Updating cluster-network-operator-container image to be consistent with ART #2156 OCPBUGS-25079 : Prevent NoRunningOvnControlPlane alert getting fired continuously #2208 NO-JIRA: add kyrtapz as reviewer and approver #2226
OCPBUGS-27823 : Not update migration conditions when any MCP is updating #2213 OCPBUGS-26986 : Add ConfigMap mount to the whereabouts-reconciler #2209 SDN-3708 : Support configurable masquerade subnet in ovn-k #1807 OCPBUGS-26952 : Deploy CNO IPsec MC even if user already have one #2201 OCPBUGS-27264 : Only reconcile on Node updates with Label changes #2206 NO-JIRA: Fix jira component info #2199
SDN-4166 : Enable N-S IPsec #2191 OCPBUGS-24379 : Remove egressip write permissions from ovn-kubernetes-node #2170 OCPBUGS-24635 : network node identity: tolarate all taints #2153 OCPBUGS-25207 : Render IPsec MachineConfig after cluster settles with MachineConfigs #2187 OCPBUGS-25688 : remove microshift folder, since CNO doesn’t manage it #2173 OCPBUGS-25669 : Update ovn-k managed control-plane RBAC #2169 OCPBUGS-25760 : Keep the live migration annotation consistant with the enhancement doc #2179 OCPBUGS-19635 : OVN-K in SNO deployment mode: fix Lease override for CM #2070 SDN-4227 : Use specific permissions for CNCC in GCP #2069 OCPBUGS-24693 : HyperShift, network-node-identity: Check the deployment in the management cluster #2166 OCPBUGS-24176 : Ignore invalid PEM blocks #2178 OCPBUGS-25337 : Avoid removal of ipsec-host daemonset when node is NotReady #2161 HOSTEDCP-1308 : remove service account token mount in cloud-network-con… #2165 OCPBUGS-23729 : Set replicas of Multus admission controller according to Hypershift ControllerAvailabilityPolicy #2159 OCPBUGS-24036 : remove all managed fields used by old manager #2114 OCPBUGS-23199 : add env var in whereabouts-reconciler daemonset #2160 OCPBUGS-19830 : fix whereabouts conformance test failures #2103 OCPBUGS-24650 , SDN-4308 : Set enable-multi-external-gateway flag in ovnkube.conf #2149 OCPBUGS-19817 , SDN-4162 : Upgrade IPsec with single daemonset pod #2087 NP-615 : Live migration #2091 OCPBUGS-23161 : Set logging for controller-runtime #2129 SDN-4061 : Remove interconnect upgrade logic, single-zone YAMLs and everything related to OVNK centralized architecture #2101 OCPVE-779 : Annotate credentials request manifests #2105 NP-615 : Bump github.com/openshift/api #2138 SDN-4308 : Update status merge for APBRoute and EgressFirewall. #2132 OCPBUGS-22710 : Add apbroute/status patch rights for ovnkube-node to update status #2139 NETOBSERV-1047 : Add a cluster monitoring dashboard for ovn #1871 OCPBUGS-21924 : Bump library-go #2082 SDN-4101 : Remove HyperShift API dependency, Bump kubernetes dependencies #2128 NO ISSUE: add ownership of the proxy-ca #2111
OCPBUGS-22869 : hypershift, hosted clusters: enable multi-homing and multi-net features #2113 OCPBUGS-23082 : set automountServiceAccountToken to false for hypershift managed network-node-identity deploy #2100 OCPBUGS-21924 : Bump golang.org/x/net to v0.17.0 #2068 OCPBUGS-18088 , OCPBUGS-18089 : ovnkube: container scripts cleanup [v2] #2060 OCPBUGS-11179 : change CNO to use custom ServiceAccount #2084 two replicas for CM instead of 3 #2052
OCPBUGS-15817 : Egress router: request at least 100 milliCPU #2077 OCPBUGS-18785 : SDN controller manifest: add node name from downward kapi to sdn controller #2047 OCPBUGS-19370 : Added HCP label to CNO pods #2048 OCPBUGS-15220 : Add zone node preference to multus-admission-controller #1795 multinetworkpolicy: allow Neighbor Discovery Protocol traffic #2010
OCPBUGS-18569 : hypershift: adjust backoff on infrastructure name retry #1986 OCPBUGS-20533 : Revisit cipher suits for multus-admission-controller’s rbac-proxy #2074 OCPBUGS-10652 : ovnkube: disable conntrack on hybrid overlay VXLAN ports #1819 Make APB External Route namespace selector mandatory for a dynamic hop #1929
OCPBUGS-20519 : hosted cluster upgrade failure from 4.13 stable to 4.14 #2065 Revert “Merge pull request #2037 from dcbw/db-script-cleanup” #2058
OCPBUGS-18392 : notify when /etc/openvswitch path changes #1989 OCPBUGS-18088 , OCPBUGS-18089 : ovnkube: container scripts cleanup #2037 Remove ability to deploy with Kuryr #2056
OCPBUGS-20104 : Don’t run network node identity as root #2051 OCPBUGS-20076 : Multus should determine kubeconfig path #2049 Revert Kuryr MTU fixes #2038
Fix MTU miscalculation #1778
OCPBUGS-19918 : get ipsecStatus from host daemonset #2042 Network metrics daemon: change priority class to openshift-user-critical #2044
OCPBUGS-14819 : HyperShift: Use the local konnectivity proxy when checking proxy readiness #1985 OCPBUGS-19861 : Multus per-node certificates should have 24h duration #2039 OCPBUGS-19418 : Relax conditions to get IC upgrade started #2018 OCPBUGS-18396 : Fix config status MTU migration not being updated #2021 OCPBUGS-19705 : Use port 9108 for ovnkube-control-plane metrics #2031 OCPBUGS-19715 : Do not enable node admission webhook if the CNI is not OVN-Kubernetes #2030 OCPBUGS-17391 : remove prestop hooks for northd, sbdbd and nbdb #1978 OCPBUGS-19625 : Multus per-node certificate request #2009 OCPBUGS-19377 : Kuryr: Fix deriving MTU from previous config #2007 OCPBUGS-19648 : Network identity: node-specific certificate in ovnkube-node, admission webhook #1983 OCPBUGS-19550 : multus: set MULTUS_NODE_NAME to filter pods to local node #2020 OCPBUGS-19018 : use $CPE_NAME to find the OS major version #2003 OCPBUGS-19494 : ipsec: remove preStop from host #2015 OCPBUGS-18114 : Update node selector in various YAMLs #1845 Limit OVN-Kubernetes permissions #1982
OCPBUGS-18892 : make ipsec.service required #1999 OCPBUGS-19236 : Updating cluster-network-operator images to be consistent with ART #2006 separate libovsdblogs from main ovnkube-master logs #1938
OCPBUGS-15201 : Disable weak SSH cipher suites #1981 OCPBUGS-18676 : ovnkube: set northd backoff-interval and use a single thread to save CPU #1990 OCPBUGS-17380 : ipsec: fix oopsy from 2e3fc8e7a0 #1996 OCPBUGS-18517 : Kuryr: Set MTU on Bootstrap, not Render phase #1988 OCPBUGS-18135 : IBMCloud specific: patch out management workload for dataplane component thats needed for bootstrapping #1955 move IPsec to host #1849
OCPBUGS-17916 : Fix IC configmap lookup in pod_status.go #1954 OCPBUGS-17677 : [Azure]CNCC failed to assign egressIP to NIC for Azure Workload Identity Cluster #1980 OCPBUGS-18363 : Add ‘/etc/cni/multus/net.d’ into volumemount in multus pod #1979 OCPBUGS-18175 : Fix bond-cni’s default directory in multus manifest #1953 OCPBUGS-17782 , SDN-3664 : Join ovnkube-controller and ovnkube-node container for multizone setup #1971 OCPBUGS-16051 , OCPBUGS-3176 : Enables IP Forwarding config in CNO #1952 OCPBUGS-17257 : CVE-2023-3978: golang.org/x/net/html: Cross site scripting #1935 OCPBUGS-17677 : [Azure] Add granular permission for assigning egressIP to NIC to Azure CredentialsRequest for workload identity. #1949 OCPBUGS-17964 : ovn-k, managed: Align join subnet configuration #1962 SDN-4024 : Add ANP Feature Gate #1859 SDN-4057 : hypershift: Allow ovnkube-master and ovnkube-node to have different images #1942 Remove certificatesigningrequests/update permission from ovnkubenode #1934
Add rolling update for managed ovnkube-control-plane #1944
IC & openshift + hypershift #1874
OCPBUGS-16019 : prevent creation of multiple cni-sysctl-allowlist-ds pods #1904 OCPBUGS-10765 : make MAXLOGFILES a real variable and work for self-hosted #1931 Multus thick plugin support #1915
OVN-Kubernetes ipsec: create the CSR with a random name #1928
CCO-294 : Switch azure credentials request to use explicit permissions #1922 OVN-Kubernetes: Add status subresource permissions for setting labels and annotations #1896
SDN-3223 : Use encapsulation=true for IBM Cloud #1800 Bug 16136 : change whereabouts ip reconciler exec #1890 Add OpenStack platform to list of allowed dual-stack clusters #1697
OCPBUGS-15945 : Stop using utilruntime.PanicHandlers to handle reconciliation panics #1893 HOSTEDCP-1063 : allow webhooks in hosted clusters to reach multus-admission-controller service #1879 OCPBUGS-15961 : FIPS related CNO changes #1901 OCPBUGS-10765 : Revert “Revert “OCPBUGS-10765: Remove oldest ovn acl log files when f… #1876 ovn-k: Configure dns service namespace and name #1912
OCPBUGS-15544 : Enable multi-external-gateway feature by default for managed and hosted clusters #1887 OCPBUGS-15918 : Skip rendering 0.0.0.0/0 for cluster proxy status #1903 Change rhel7/8 to rhel8/9 #1870
Enable EgressService controller #1848
Edited multus-admission-controller deployment config to not add autom… #1767
OCPBUGS-15794 : fix: add missing annotation for workload partitioning #1866 OCPBUGS-15544 : Add adminpolicybasedexternalroutes rights for ovnkube-node. #1867 Revert “Remove oldest ovn acl log files when file limit exceeded” #1873 #1873
OCPBUGS-10765 : Remove oldest ovn acl log files when file limit exceeded #1868 kube-proxy config overriding updates #1831
OCPBUGS-15282 : Add release version annotation to whereabouts-reconciler #1851 CCO-356 : Add Infrastructures permission to CNCC cluster role #1843 Add multi-networkpolicies support for OVN #1796
Add support for AdminPolicyBasedExternalRoute CRD and controller’s RBAC #1765
OCPBUGS-15138 : Add kubernetes.io/os nodeSelector to wherebouts reconciler DS #1841 OCPBUGS-14988 , SDN-3901 : Rebase to kube 1.27 #1826 CCO-358 : Manifest changes necessary to support Azure Workload Identity #1755 OCPBUGS-14714 : Do not rely on ControlPlaneTopology do determine if running in HyperShift #1835 OCPBUGS-11882 : Added another volume to safe-to-evict-local-volume annotation #1830 OCPBUGS-14833 : Fixes lint issues #1834 OCPBUGS-14384 : Remove nodeSelector for architecture in whereabouts daemonset #1828 OCPBUGS-11882 : Added safe-to-evict annotation to ovnkube-master and multus admission controller components #1822 OCPBUGS-13922 : Revert “Do not set the operator as available before updating the network config” #1818 OCPBUGS-11448 : add Hypershift release-image annotation to multus #1770 OCPBUGS-10937 : multus-admission-controller mounts secret with mode 0640 #1752 OCPBUGS-13219 : Use IfNotPresent instead of Always in OVNK upgrades pre-puller #1803 OCPBUGS-5027 : Make the operator degraded on panic #1786 OCPBUGS-12856 : Support Device Plugin Resources For Smart NIC and DPU Hosts #1721 Updating cluster-network-operator images to be consistent with ART #1790
OCPBUGS-11565 : High API requests due to allowlist and operconfig reconcilers running too often #1788 OCPBUGS-8070 : Depreciate legacy field manager #1763 OCPBUGS-11550 : AUTH: update cluster-reader to include k8s.ovn.org #1791 OCPBUGS-10009 : HyperShift: Support HostedControlPlane node selector #1736 OCPBUGS-11046 : fix reconciliation process of the allowlist controller #1792 OCPBUGS-1341 : Enhance check controller to remove old check objects #1649 OCPBUGS-11046 : Fix allowlist ds template #1773 OCPBUGS-10647 : multus-admission-controller should not run as root under Hypershift #1745 OCPBUGS-9174 : The cluster-readers group should be able to get net-attach-defs #1343 Updating cluster-network-operator images to be consistent with ART #1768
OCPBUGS-9964 : Split out konnectivity certs #1734 SDN-3444 : Add runbook url for SBDB connectivity alert #1553 OCPBUGS-7777 : use –template instead of -a for ‘oc observe’ #1760 Fix tier label, privileged, HOSTNAME/NODENAME in whereabouts reconciler #1735
OCPBUGS-10433 : Hypershift: Add RollingUpdate parameters to multus-admission-controller #1740 ovn-kube: move back to unsuffixed RHEL9 images #1747
Updating cluster-network-operator images to be consistent with ART #1732
OCPBUGS-10649 : HyperShift: Add POD_NAME env to ovnkube-node #1748 OCPBUGS-10031 : operConfig reconcile can return nil error on failure #1744 Set OVN-K north/south bound stale alerts severity to critical #1668
OCPBUGS-8707 : Point libreswan to proper nss location #1727 Whereabouts should implement the reconciliation controller #1693
add/update some UTs around clusternetwork change #1725
OCPBUGS-9931 : Enable configuration of node healthz server on ovnkube #1715 OCPBUGS-8692 : HyperShift: Set affinity, tolerations and co-location for all hcp resources created by CNO #1728 Cno 4.13 kubernetes 1.26 #1708
use annotation on the daemonset to update hybrid overlay #1709
Remove the ovn-kind-cno.sh script #1710
SDN-3597 : OVN-K alerts: add OVS overflow alerts #1630 SDN-3730 : OVN IC: migrate master alerts to cluster manager #1716 Allow cidr expansion #1707
Enables nodeSelector to be used in egress firewall rule #1720
Add ovnk alert for resource retry failure #1674
OCPBUGS-6730 , SDN-3221 : ovn-kubernetes: use RHEL9-based images #1712 OCPBUGS-4343 : update apf configuration to use v1beta3 #1633 Jira OCPBUGS-7774: Print RawCNIConfig in its string representation #1718
OCPBUGS-6235 : Updating cluster-network-operator images to be consistent with ART #1656 Allow updates to pods #1717
OCPBUGS-5559 : add default noProxy config for Azure #1672 always create env.sh when run_vs_existing_cluster #1711
OCPBUGS-7354 : Revert “Revert “OCPBUGS-5842: Use pods oc vs host”” #1714 ovn-k, multi-homing: enable the feature #1699
Revert “OCPBUGS-5842: Use pods oc vs host” #1713
OCPBUGS-5842 : Use pods oc vs host #1681 OCPBUGS-4417 : Added missing API field podref to OverlappingRangeIPReservation CRD #1677 OCPBUGS-6651 : HyperShift: Add .hypershift.local to no proxy list #1692 OCPBUGS-6651 : HyperShift: Do not use proxy for internal routes #1694 remove TLS_RSA_WITH_AES_128_CBC_SHA256 cipher #1680
ovn-kubernetes: Allow node_mgmt_port_netdev_flags for non-DPU modes #1676
OCPBUGS-3272 : Unhealthy Readiness Probe failing ci #1665 OCPBUGS-5306 : ovn-kubernetes: ignore NB/SB readiness checks and dbchecker when not RAFT member #1673 OCPBUGS-5802 : Update github.com/Masterminds/sprig to v3 #1679 OCPBUGS-5306 : OVN-Kubernetes: Stop sorting master node addresses #1675 Allow SDN migration from Kuryr to OVNKubernetes #1639
update ‘make install.tools’ for golangci-lint #1670
Fix CNO crashing when Kuryr without MTU is set #1669
OCPBUGS-2947 : Disable the drop-icmp container ‘oc’ pprof webserver on Azure #1607 OCPBUGS-4350 : Fix handling of deployment and statefulset updates #1648 OCPBUGS-2532 : Fix default disable-udp-aggregation value on s390x #1655 Fix info log formatting #1650
Support RHOBS monitoring for HyperShift #1644
OCPBUGS-3916 : SDN alerts: Add $labels.node to SDNPodNotRady metric #1637 The allowlist daemonset should set a priority class. #1647
Bug OCPBUGS-736: Kuryr: If set use MTU from Config for svc net #1586
OCPBUGS-3883 : HyperShift: Co-locate OVN-Kubernetes master with other hcp pods #1627 OCPBUGS-2532 : Disable UDP aggregation on s390x #1629 Jira OCPBUGS-3777: IPsec: Fix broken counter++ expression #1623
OCPBUGS-3114 : HyperShift: Do not accept empty infrastructure name #1611 HyperShift: Fix typo in control-plane-component label value #1626
Remove references to the hosts kubeconfig #1612
OCPBUGS-3744 : SDN: /var/run mount cleanup #1625 OCPBUGS-3460 : CNI binary copy should account for the possibility of symlinks #1614 OCPBUGS-2598 : ipsec: Run ovs-monitor-ipsec in the foreground and change probes #1606 SDN-3508 : HyperShift: Render cncc with proxy settings of the management cluster #1577 NP-607 : update microshift ovnk manifests #1589 Bug 1896533 : moved SetDegraded call out of object loop to process all items first #1600 OCPBUGS-2362 : Prefer oldest nodes, harden new alerts and revert setting new OVN-K alerts to info #1579 fixed typo in comment #1597
Jira OCPBUGS-1736: Always set PROXY variables for CNCC #1576
Remove the allow_ra sysctl for ipv4 from default systl whitelist #1590
SDN-2591 : allow hybrid overlay to be enabled post install #1584 SDN-3515 : HyperShift: multus admission controller: expose metrics over HTTPs #1583 rebase to k8s v1.25.0 #1571
Bug OCPBUGS-2328: Fix for index out of range error #1588
Add sysctl whitelist controller #1573
Kuryr: Add missing keystoneauth options #1581
OCPBUGS-1341 : Set owner reference for pod network connectivity check #1566 ovn-k, managed: pass join-subnet to control-plane #1582
OCPBUGS-1083 : Move OVNK alert level to info #1564 Pass enable-udp-aggregation=true to ovn-kubernetes #1533
OCPBUGS-1038 : Multus IPAM detection should honor conflists #1570 egress_ip: remove redundant config #1568
OCPBUGS-1515 : Use custom uint128 type when validating v6InternalSubnet #1561 SDN-3283 : HyperShift: Use a socks-proxy in ovnkube-master to allow for node heath checks #1539 Bug: OCPBUGS-736: Kuryr: Use machine net MTU to create service net #1545
Migrate Egress IP configuration during SDN migration and rollback #1536
Allow empty vSphere status field in VIP sync #1558
microshift: update ovnk manifests #1552
Add ovn-kubernetes-microshift to image-stream #1556
Migrate Multicast configuration during SDN migration and rollback #1543
OVN-K: add patch/update service permissions to controller #1554
Add controller to synchronize the API and Ingress VIP fields #1519
Bug SDN-3458: HyperShift: Differentiate resources deployed by different CNO instances in status manager #1541
OVN-K alerts: first tranche #1526
SDN-3432 : Add alert for OVNKubernetesControllerDisconnectedSouthboundDatabase #1548 Add vSphere platform to allow dual-stack cluster #1518
OKD-49 : Adds support for scos to multus #1544 Bug 1894268 : Allow users to specify ovnkube join subnet #1508 Bug OCPBUGS-917: Add EgressQoS DstCIDR format validation #1492
Multus admission controller: Wait for token in Hypershift #1546
Use fixed name for creating EgressFirewall CRs #1540
Migrate Egress Firewall Configuration during SDN migration and Rollback #1534
hypershift: set multus controller priority appropriate for hosted clusters #1538
Bug 2094068 : Add northboundstale alert runbook #1482 microshift: compact ovn databases periodically #1537
Hypershift: Allow configuring hostname and labels on the route #1531
Multus admission controller changes for hypershift #1516
HyperShift: Move CNCC to the controll-plane namespace #1525
Bug OCPBUGS-216: Kuryr: Bump timeoutSeconds for livenessProbe #1528
Add missing runbook links for OVN-kubernetes alerts #1523
Bug 2103680 : avoid overrriding disableNetworkDiagnostics on reconciliation #1527 Render CRDs for both OSDN and OVNK during migration #1521
Configure ignored namespaces into multus-admission-controller #1515
Add microshift ovnk manifests #1517
Bug 2116982 : multus-admission-controller SNO number of replicas #1524 Enable the cloud-network-config-controller for OpenStack #1505
multi-networkpolicy: Enable on SR-IOV networks #1443
Updating cluster-network-operator images to be consistent with ART #1507
Add configmap list/watch rights to cloud-network-config-controller #1511
The Multus admission controller should run as a deployment #1514
Bug 2108232 : Revert “Bug 2085089: Pass enable-udp-aggregation=true to ovn-kubernetes” #1510 Bug 2100601 : Update CNO to config EgressIP timeout for ovnk #1498 Bug 2060079 : Enhance sensitivity of SDN alert NodeProxyApplySlow #1491 Bug 2103590 : Add init container to ensure that Status.podIP is set before postStart hooks run #1503 remove @squeed from owners #1497
Bug 2085089 : Pass enable-udp-aggregation=true to ovn-kubernetes #1489 Bug 2089681 : Disable EgressIP reachability check in hypershift deployments #1485 Bug 2084062 : Make northd probe interval default to 10 seconds #1494 Bug 2100079 : Update sdn-controller perms for “configmapsleases” leaderelection #1496 Bug 2099357 : k8s 1.24 bump: add RBAC coordination leases for ovn-k master #1490 Bug 2094071 : Add southboundStale alert runbook #1481 Bug 2095772 : bindata: managed: reduce memory requests to align with observed usage #1479 Bug 2095756 : client: register types during init, not later #1483 Bug 2090336 : Multus should log at a verbose log level (without a logfile) #1474 Bug 2092047 : cncc: add RBAC coordination.k8s.io leases #1461 Bug 2089805 : Enable config duration for OVN-Kubernetes #1455 Bug 2090437 : Bump CNO to k8s 1.24 #1459 Bug 2073452 : Copying CNI binaries should be an atomic operation. #1472 Bug 2092495 : ovn: use up to 4 northd threads in non-SNO clusters #1471 Bug 2091167 : incorrectly setting rbac role for certificatesigningrequests #1463 Revert “Copying CNI binaries should be an atomic operation.” #1466
Bug 2073452 : Copying CNI binaries should be an atomic operation. #1462 Bug 2076776 : remove patch permissions from ovnkube-node service account #1450 Bug 2089968 : ensures type: Directory for multus host paths #1453 Bug 2090343 : [temporary] Adds multus debug logging #1456 Bug 2087942 : bump to go 1.18, lint improvements #1451 Bug 2086461 : Hypershift: Also add default for Azure mtu #1454 Bug 2086461 : AWS: Use hardcoded MTU to speed up cluster creation #1441 Bug 2087556 : Fix rendering DPU manifests #1448 Bug 2086506 : hypershift: respect statefulset when upgrading ovnk #1447 Bug 2087135 : Fixing Hypershift nodeport flow #1440 Bug 2086544 : Stop passing hosted cluster token as a parameter to ovnkube-master #1446 Bug 2086437 : Enable EgressQoS controller #1430 Bug 2086143 : Status controller: use a label, rather than watching all objects #1431 Bug 2082235 : manifests: Add in service, service-cert, and ServiceMonitor #1433 Bug 2023295 : Cleanup CNO relatedObjects #1432 Bug 2079422 : Bump PodDisruptionBudget to v1 #1427 Re-reconcile network on configmap, stop watching all configmaps in proxy controllers #1416
hypershift: add ovnkube-node-proxy container in ovnkube-node ds #1408
Hypershift: enable TLS for ovnkube-master metrics #1423
Add gm metric record to use for telemetry exposure #1425
Revert “ovn: reduce SB<->ovn-controller inactivity probe to 30 seconds” #1428
Bug 2082611 : Limit Kuryr pods permissions #1367 Bug 2076877 : Bump FlowScema apiVersion to v1beta2 #1419 bindata/network-diagnostics, cloud-network-config-controller: comply to restricted pod security level #1406
Remove ObjectMeta.ClusterName usage #1421
Hypershift: Fix ovnkube-master priority class and set resource requests on token-minter #1420
add more sysctls to the multus allowlist #1411
ovn: fix northd preStop command handling #1414
Add control-plane-component label to ovnkube-master for hypershift #1422
Add link to runbook urls #1417
Hypershift: Copy all CNO conditions to HostedControlPlane status #1415
ovn: reduce SB<->ovn-controller inactivity probe to 30 seconds #1412
Bug 2075475 : Add default-route field to egress-router k8s.v1.cni.cncf.io/networks #1390 OCPVE-106 Customize rollout strategy to fix SNO upgrade #1392
Bug 2080255 : SDN: Re-add list/watch/get permissions for nodes needed for EgressIP #1409 Bug 2071859 : Switch dnsPolicy to Default for OVN hostNetwork pods #1395 Revert “Revert ipsec: Allow enablement/disablement at runtime” #1384
ovnkube: export OVS metrics along with OVN metrics #1393
Bug 2078910 : Correct runbook_url field location within schema #1396 Adds dougbtv to owners as approver and reviewer #1397
Bug 2072215 : Make the use of the ip-reconciler cronjob opt-in by detecting IPAM type usage #1369 ovn-kube hypershift: fix pipefailure that prevents HA startup #1394
Bug 2063123 : Drop Node update permission for sdn-node #1350 OVN-K alert: Increase severity and add runbook_url for NoRunningOvnMa… #1327
Remove Kuryr mutating DNS webhook #1363
raise the alert NoOvnMasterLeader to critical and add the runbook url #1328
Bug 2072710 : Make northd probe interval default to 10 seconds #1386 hypershift: get control plane replicas from hcp #1385
Bug 2072766 : Reserve port TCP/9104 for cluster-network-operator #1378 Multus: split pod/status rbac #1340
add runbook link for NodeWithoutOVNKubeNodePodRunning and V4SubnetAll… #1366
OVN: remove detecing db_ip via kapi #1368
Hypershift: Respect publishing strategy of OVN southbound database service #1349
Proxyconfig: Add a knob for Hypershift to enable proxying internal apiserver address #1381
Bug 1983056 : Kuryr: Update CRD from upstream #1360 hypershift: disable TLS for ovnk master metrics #1382
hypershift: enable publishNotReadyAddress explicitly for ovnk-master service #1372
Bug 2070047 : Bump max value of hist quantile for kuryr_cni_request_duration #1359 Don’t return err with empty relatedClusterObject annotation #1379
hypershift: enable ovnk-master metrics in management cluster #1374
Use (un)setProgressing for pod status update #1376
Use the hosted cluster token explicitly #1370
HyperShift: Watch StatefulSets in the management cluster #1364
Exclude openshift-kube-apiserver and openshift-apiserver service/endpoints from connectivity checks in hypershift #1375
Run ovnkube-master statefulset pods in parallel #1361
Add ibm-cloud-managed annotations to 02-cncc-credentials.yaml, this is required in HyperShift #1358
Add ipsec daemonset for hypershift managed cluster #1356
Add statefulset in status manager #1345
hypershift ovnk route status #1341
Add tuning cni sysctl allowlist to nodes #1347
Bug 2058368 : move enable memory trimming to readiness prob #1365 Add ovnkube-node initContainer to make sure sbdb is up before running other containers #1354
Vendor: pull in hypershift #1346
Hypershift: Use token minter instead of a kubeconfig in ovn-kubernetes master #1344
Add an option to define the client name for in-cluster config #1342
Add ovnkube manifests for hypershift #1329
network, bootstrap: don’t get apiserver from the environment #1339
Fix MTU detection for multi path default routes #1338
Multi cluster support in CNO #1319
Fix golang image version in Dockerfile #1330
Remove empty selector from the mtu prober job. #1331
Switch to server-side apply #1304
Probe MTU from a Job, rather than directly in the CNO #1313
Bug 2058368 : Move memory-trimming-on-compaction out of dbchecker to nbdb/sbdb #1320 Fix group for CVO override used for running CNO locally #1314
Bug 2058671 : ip reconciler: auto clean failed jobs #1318 Bug 2037721 : Do not apply OVN-Kubernetes PodDisruptionBudget on single-node clusters #1307 ovn: stop spawning the ovn-nbctl daemon #1315
Bug 1944264 : ovnkube: gracefully terminate databases from preStop #1312 Bug 2044227 : Add rolling update strategy for Kuryr-CNI. #1311 Bug 2032559 : Block DualStack migration for unsupported cluster types #1257 Bug 2010361 : SDN alerts: conform to monitoring team style guide #1248 Update project owners #1309
Bug 2048575 : The Whereabouts ip-reconciler should use api-int load balancer #1302 Bug 2048793 : Kuryr: Decrease vif_annotation_timeout #1293 Bug 2049613 : Use a separate configmap for mtu migration config to avoid pod restart #1299 Fix bond cni source directory path #1295
Updating cluster-network-operator images to be consistent with ART #1294
Bug 2041546 : ovn-kubernetes: set RAFT election timer at RAFT cluster creation time #1282 Bug 2034484 : Upgrade library-go version #1247 Bug 2042796 : whereabouts, reconciler: disable retries on failure #1290 Bug 2039345 : Verify against mininimal IPv6 MTU value for clusters with IPv6 networks #1276 Bug 2034155 : Adds back –disable-snat-multiple-gws #1254 Bug 2039321 : SDN: Expose controller metrics for collection #1250 clean up OWNERS #1287
Bug 2041989 : no CredentialsRequests in ibm-cloud-managed #1280 Bug 2035459 : modify cluster-network-features for OpenshiftSDN #1251 Bug 1896533 : Nonexistent Namespaces Degradation logging message #1128 Bug 2038732 : Add egress* patch credentials for ovnkube-master #1285 Bug 2041329 : cncc: add serviceAccountNames to CredentialsRequests #1283 Bug 2010663 : OVN-K alerts: conform to monitoring team style guide #1246 Bug 2021191 : Project admins should be able to list net-attach-defs in their namespaces #1226 BUG 2034413: cncc: create Cloud CredentialsRequest in /manifests #1277
Bug 2034460 : cncc: handle advanced AWS and Azure configurations #1275 Bug 2034153 : Fix MTU migration verification for OpenShiftSDN #1259 Bug 1943363 : ovn: try to gracefully terminate ovn-northd #1221 Bug 2018093 : Kuryr: Add resource requests for pods #1269 Bug 2036861 : multitenant - Add openshift-kube-apiserver-operator to global namespaces #1272 Bug 2035093 : Cloud network config controller: Fix for Hypershift #1268 Bug 2034398 : Whereabouts CRD should include a “podref” field. #1262 Bug 2034517 : watch and apply changes of the ovs-flows-config configmap #1231 Bug 2034322 : Move infrastructure bootstrap to its own package #1261 Bug 2033422 : bootstrapOVNGatewayConfig should only be called once #1258 Add MTU migration support for OVNKubernetes and OpenshiftSDN #1241
Cloud network config controller - CNO deployment #1112
Bug 2022144 : sbdb and nbdb containers leave pid around if they restarted or crashed #1256 OVN-K alerts: Fix incorrect metric name reference #1237
Pod networking on DPU host in Infra and Tenant clusters #1249
OVN-K: Enable OVN metrics to be consumed by ServiceMonitor #1236
Bump openshift/build-machinery-go #1253
SDN 2316: Use GatewayConfig in OVN-K to set gateway modes #1209
Add CNI to DPU and enable Kube-Proxy on DPU #1220
NETOBSERV-31 : Expose CNI type features as a config-map #1204 Bump openshift/api module #1242
The ip-reconciler should not restart on failures. #1238
SDN: Do not tolerate a controller failure during upgrade #1213
Set upgrade strategy on kube-proxy #1214
openshift-sdn/daemonset: Mount /host/opt/cni/bin at /host-cni-bin #1172
Specific SDN controller alert #1206
update for ART #1233
bindata/network: specify pod-security levels via labels not annotations #1224
Add bond-cni #1205
Bug 1961509 : DHCP Daemon should have memory and CPU limits set #1218 Add ip6tables NOTRACK rules for udp/6081 #1222
Bug 1962206 : DHCP daemon should have maxunavailable for upgrade strategy #1219 Bug 1976399 : Raft election timer: move the logic to ovndbchecker #1161 Bug 2009078 : Remove NetworkPodsCrashLooping alert for ovn-kubernetes #1212 Bug 1914053 : whereabouts: add ip-reconciler cronjob #1207 Add Kuryr to be able to create events objects. #1210
fix a typo in a field name #1208
podsecurity: enforce privileged for network namespaces #1203
Bug 1988483 : OVN drop icmp frag from other nodes on Azure cluster #1132 Bug 1985486 : Use proxy to connect to OSP cloud #1173 Updating cluster-network-operator images to be consistent with ART #1198
Bug 2003676 : Restrict serving SDN metrics to loopback only #1197 Bug 2002713 : Add millisecond resolution to OVN logs #1196 Bug 1939435 : proxyconfig - accept IPv6 address literals for noProxy #1191 Bug 1986061 : Monitor openshift-network-diagnostics namespace #1190 Bug 1960101 : Fix update-codegen hack, pull in changes from openshift/api, bump k8.io deps to v0.22.1 #1140 Bug 1997050 : Fix panic with unknown networks #1188 Bug 1998508 : Fix the install-time “waiting for other operators” statuses #1192 Bug 1990631 : ovnkube: use ovn-nbctl daemon monitor mode to restart and log issues #1182 Bug 1914398 : Changed pod user to non-root #1124 Bug 1991551 : allow sdn (and others) to use new events.k8s.io API #1177 Bug 1989246 : use new default leader election values to handle apiserver rollout on SNO #1175 Bug 1992507 : Use prometheus rule annotations comply with the OpenShift alerting guidelines #1181 Bug 1989734 : Whereabouts should have RBAC for leases #1174 Bug 1984049 : Slow OVN Recovery on SNO #1159 Bug 1990725 : Add missing node name into KuryrSDNPodNotReady Alert #1176 Bug 1987019 : Support external control plane topology #1158 Docs: add architecture overview, remove outdated HACKING guide. #1078
Remove valadas from owners #1081
Bug 1989122 : let openshift-sdn use EndpointSliceProxying #1166 Updating cluster-network-operator images to be consistent with ART #1136
Bug 1981055 : ovnkube-master handle 60 seconds downtime of API server gracefully in SNO #1154 Bug 1985033 : Make inactivity_probe configurable #1165 Bug 1984449 : Change to use mountPath: /host #1160 Bug 1961757 : ovnkube: set ovn-controller lflow cache limit to 1GB #1147 Revert: Add env variable OVS_SYS_LOG_LEVEL for ovn nodes to setup ovs syslog level #1163
Bug 1981975 : Update service network status to reflect dual stack entries #1155 Bug 1970985 : SDN-1955: Add pre-puller ds to reduce upgrade downtime #1141 Bug 1961811 : Add a newline between user CAs and system CAs #1156 OVNKube: check if br-ex1 is available and pass it as a parameter #1152
Make egress IP and ICNI mutually exclusive when bootstrapping OVN-kube #1145
Bug 1970129 : Add env variable OVS_SYS_LOG_LEVEL for ovn nodes to setup ovs syslog level #1142 Add alerts for issues with load balancers/ports. #1148
Include alerts for critical lbs #1146
Removing old kuryr-kubernetes CRDs #989
Bug 1962951 : enable ovs column diffs feature #1101 Bug 1975016 : Kuryr: Store OpenStack credentials in a secret #1139 Add JacobTanenbaum to list of approvers #1099
Updating .ci-operator.yaml build_root_image from openshift/release #1130
Full changelog
Revert PAO and later changes #330
Bug 2017427 : tuned: add timeout and restarts #282 Makefile cleanup, replace yq with yaml-patch from openshift/build-machinery-go #274
Bug 2016988 : openshift profile: fix malformed patch #283 Bug 2013321 : TuneD: workaround for high CPU utilization of [scheduler] plug-in. #278 RBAC: tighten the rules and remove unnecessary listers. #276
podsecurity: enforce privileged for openshift-cluster-node-tuning-operator namespace #275
Updating cluster-node-tuning-operator images to be consistent with ART #273
Bug 2004508 : TuneD: Revert the ConfigParser changes. #271 Updating cluster-node-tuning-operator images to be consistent with ART #270
OWNERS: updating based on team changes. #269
e2e tests: s/plugin/plug-in/ and TuneD renaming #253
Bug 1998247 : Reload when deps of recommended profile change. #267 Bug 1997486 : Ship the latest TuneD and stalld. #265 Bug 1994891 : Fix e2e tests after the recent 1.22.0 bump #264 Bug 1992560 : monitoring: comply with OpenShift alerting guidelines #263 Bug 1994891 : Bump vendor dependencies to k8s 1.22.0 #261 Bug 1985739 : Move OpenShift profile to TuneD. #258 Bug 1986477 : Handle kube-apiserver disruption more gracefully. #256 scheduler: new option cgroup_ps_blacklist #250
Address a race in the stalld e2e test. #249
IBM Cloud manifest profile patch for operator deployment #252
Ship the latest TuneD, adjust default Tuned CR. #245
Updating to the latest stalld v1.13.0. #246
openshift-tuned event-driven change processing #243
Adjusting the OWNERS file due to team changes. #244
Updating to the latest stalld v1.12.0. #242
Bug 1974277 : Fix conditional order for setting net device param. #239 Bug 1973154 : Switch back to NTO-shipped stalld. #236 Updating cluster-node-tuning-operator images to be consistent with ART #235
More precise description of MCP matching. #219
Updating .ci-operator.yaml build_root_image from openshift/release #234
Full changelog
SO-121 : Syncing the library for only S2i Samples for OCP 4.16 #543 Revert “SO-121: Resync Libray for 4.16” #542
SO-121 : Resync Libray for 4.16 #540 OCPBUGS-31303 : bump K8s version to 29.2 #536 AUTH-482 : set required-scc for openshift workloads #535 OCPBUGS-26992 : Align builder and base for Dockerfile.okd with Dockerfile #531 OCPBUGS-28230 : add FallbackToLogsOnError for easier debugging #532 OCPBUGS-24787 : Updating ose-cluster-samples-operator-container image to be consistent with ART #530 OCPBUGS-24787 : Updating ose-cluster-samples-operator-container image to be consistent with ART #527 SO-119 : Fix mariadb import url in OKD #525 SO-118 : Bumping the K8s to 28.2 and golang to 1.20 #524 SO-117 : Library Sync for OCP release 4.15 #522 OCPBUGS-22225 : Sync library to remove invalid dockerhub references for OKD #519 Use latest tag for network-tools imagestream #518
OCPBUGS-18857 : Updating ose-cluster-samples-operator images to be consistent with ART #517 manifests: Drop explicit runlevel from CRD manifest #515
OCPBUGS-16435 : Bump k8 to v0.27.2 for ocp 4.14 #514 OCPBUGS-16403 : Update Cluster Sample Operator dependencies and libraries for OCP 4.14 #511 reconcile status when clusteroperator changes #510
OCPBUGS-15754 : Update Jenkins and Jenkins Agent Base image versions #504 OCPBUGS-14491 : Updating to use Jenkins 4.13 images #502 OCPBUGS-12775 : Update Cluster Sample Operator dependencies and libraaies for OCP 4.14 #500 Updating ose-cluster-samples-operator images to be consistent with ART #499
OCPBUGS-10910 : Add network tools imagestreams #495 Updating ose-cluster-samples-operator images to be consistent with ART #493
Fix jira component #494
update Jenkins to use v4.12 imagestreams #491
OCPBUGS-855 : When setting allowedRegistries urls the openshift-samples operator is degraded #487 OCPBUGS-6811 : Update Cluster Sample Operator dependencies and libraries for OCP 4.13 #485 Change importMode to preserveOriginal for Openshift imagestreams #482
OCPBUGS-6579 : update sample imagestreams with latest 4.11 image using specific image tag reference #483 OCPBUGS-4357 : Bump k8s master #476 OCPBUGS-4166 : Update Cluster Sample Operator dependencies and libraries for OCP 4.13 #474 OCPBUGS-3426 : Update Cluster Sample Operator dependencies and libraries for OCP 4.12 #471 Updating ose-cluster-samples-operator images to be consistent with ART #470
Updating ose-cluster-samples-operator images to be consistent with ART #465
Add client certificate and key to service monitor #464
Updating ose-cluster-samples-operator images to be consistent with ART #435
Bug 2086086 : Update Cluster Sample Operator dependencies and libraries for OCP 4.11 #433 update jenkins CPaaS image refs prior to 4.11 GA #432
Bug 2086086 : Update Cluster Sample Operator dependencies and libraries for OCP 4.11 #431 Bug 2095256 : Samples Owner needs to be Updated #429 Bug 2086086 : Update Cluster Sample Operator dependencies and libraries for OCP 4.11 #428 AUTH-133 : manifests/deployment: comply to restricted pod security level #425 Updating ose-cluster-samples-operator images to be consistent with ART #426
JNKS-289 : pull in jenkins imagestream updates (add back maven/nodejs streams) #422 Jira SO-19: Make sure template and imagestream api version is groupified #420
JNKS-287 : remove imagestream manifest refs; remove override of jenkins images with payload images #416 Bug 2010364 : OpenShift Alerting Rules Style-Guide Compliance #419 Bug 2067823 : Taking care of CVE-2022-21698 #418 Bug 2064610 : Remove duplicate v1 from cakephp-mysql templates #417 manifests: Add capability.openshift.io/name #414
Updating ose-cluster-samples-operator images to be consistent with ART #412
Bug 2027745 : Allowing ImageStream creation when config registry empty #406 Bug 2033720 : Synching SSO library #411 upd rhel7 Dockerfile in case still used for rhel7 worker nodes #410
Bug 2033720 : Bump k8 dependencies to v0.23.1 #409 Bug 2033720 : Library synchronization for OCP 4.10 #408 Bug 2027745 : Move openshift build-machinery-go dependency #407 Update OWNERS #402
Remove single node prod cluster profile annotation as it is not used #405
Bug 2007757 : Including Template in must-gather related objects. #399 Bug 2006947 : fix proxy portion of tbr inaccessible check #397 Updating ose-cluster-samples-operator images to be consistent with ART #396
Bug 2002368 : acccount for image api returning invalid on imagestream create based on allowed/blocked registry settings #394 Bug 2003683 : fix recently introduced panic when conflict errors occur #395 Bug 1993840 : more avoiding immediate degraded on intermittent API errors #391 Updating ose-cluster-samples-operator images to be consistent with ART #390
add david peraza as approver, clean up reviewers #389
BUILD-298 : Bump k8s to 1.22.1 #388 Bug 1993840 : avoid immediate degraded on intermittent API errors; set reason/message when Available=false #387 Bug 1995386 : don’t return err in wait.Poll on net.DialTimeout err; tweak time intervals #386 Bug 1990140 : add connection with timeout in TBR accessibility check to expedite ‘disconnected’ mode #384 Bug 1990988 : Refreshing samples for OCP 4.9 #381 Bug 1975539 : delete hello-openshift in payload imagestream via CVO annotation #380 Updating ose-cluster-samples-operator images to be consistent with ART #378
Updating .ci-operator.yaml build_root_image from openshift/release #377
Full changelog
NO-JIRA: UPSTREAM: <carry>: Revert create readyz event for kubeapi server #1957
OCPBUGS-20097 : Migrate tools image to RHEL9 #1954 OCPBUGS-32296 : Bump K8s api to 1.29.4 #1947 OCPBUGS-22301 : UPSTREAM: <carry>: Fix garbage-collection for CRDs. #1811 OCPBUGS-26440 : UPSTREAM: <carry>: create readyz event for kubeapi server #1914 UPSTREAM: <carry>: OCPEDGE-807: add support for cpu limits into management workloads #1902
CFE-910 : RouteExternalCertificate validation in openshift-kube-apiserver custom resource validator #1904 NO-JIRA: UPSTREAM: <carry>: featureset validation moved to CEL #1944
CFE-910 : bump library-go #1941 OCPBUGS-11933 : UPSTREAM: <drop>: bump apiserver-library-go #1910 OCPBUGS-31663 : UPSTREAM: <carry>: add management workload check for guaranteed qos #1928 OCPBUGS-30957 : Use the right feature gate when updating uncertain … #1919 OCPBUGS-31384 : UPSTREAM: <carry>: allow type mutation for specific secrets #1932 OCPNODE-1886 : Bump k8s 1.29.3 #1925 OCPBUGS-31384 : UPSTREAM: <carry>: allow type mutation for specific secrets #1929 OCPBUGS-31384 : UPSTREAM: <carry>: allow type mutation for specific secrets #1924 OCPBUGS-30767 : UPSTREAM: 124110: retry policy creation for CRD type checking E2E test #1922 OCPBUILD-13 : UPSTREAM: <carry>: fix [sig-auth] ServiceAccounts no secret-based service account token should be auto-generated #1909 CFE-910 : [o/k-apis] Add context to ObjectValidator; Consume FeatureGate(s) in kube-apiserver #1852 UPSTREAM: <carry>: OCPBUGS-29520: fix cpu manager cpuset check #1892
OCPBUGS-30954 : Set up CEL IP/CIDR library from 4.14 onwards #1911 OCPBUGS-24481 : Enable SELinux tests #1908 MCO-392 : openshift-hack/images/os: delete #1805 OCPBUGS-23900 : UPSTREAM: 123512: system:kube-scheduler: extend the RBAC with pods/finalizers #1900 OCPBUGS-10996 : Fix race condition between resizer and kubelet #1899 OCPBUGS-29437 : Upstream: <carry>: RPM: Split apiserver, scheduler, k-c-m, kubelet into subpackages #1882 OCPNODE-1892 : Bump k8s to 1.29.2 #1888 NO-JIRA: Clean carry patches #1880
OCPBUGS-29435 : UPSTREAM: 123165: Add AudienceMatchPolicy and support multiple audien… #1881 CORS-3191 : Add Dockerfile to buld kube-apiserver for openshift-install architectures #1872 NO-JIRA: Revert “OCPBUGS-24404: add ignore for SAST scan” #1870
OCPBUGS-24404 : UPSTREAM <carry>: use snyk file #1871 OCPBUGS-26058 : UPSTREAM: <carry>: watch-termination: termination.log file with restricted permissions #1841 OCPBUGS-16760 : permanently disable NodeLogQuery e2e test #1792 OCPNODE-1892 : Bump k8s to 1.29.1 #1858 OCPNODE-1892 : Switch to golang 1.21 #1845 OCPBUGS-24606 : UPSTREAM: <carry>: Update management webhook pod admission logic #1821 OCPNODE-1892 : UPSTREAM: <carry>: update test rules #1849 OCPBUGS-17249 : UPSTREAM: <carry>: openshift-kube-apiserver: pod .spec.nodeName should not override project node selector in podNodeEnvironment admission plugin #1787 OCPNODE-1892 : UPSTREAM: 122683: Use v1beta1 endpoints when cleaning up ValidatingAdmissionPolicies #1848 OCPBUGS-23896 : Fix device uncertain errors on reboot #1829 OCPBUGS-24404 : add ignore for SAST scan #1824 AUTH-439 : loosen authentication.spec.type validation #1770 OCPNODE-1892 : UPSTREAM: 122643: Add a new neverTerminate job behavior just for upgrade #1846 OCPBUGS-26067 : Backport CEL IP and CIDR validations #1828 OCPNODE-1892 : Bump k8s api to 1.29.0 #1840 OCPNODE-1895 : temporarily disable reporting e2e text bugs #1836 OCPNODE-1892 : Rebase 1.29.0 #1815 CNF-8809 : admission: add new admission for handling shared cpus request #1799 CNF-8326 : advertise shared cpus for mixed cpus feature #1795 OCPBUGS-23565 : Update to kubernetes 1.28.4 #1806 OCPBUGS-23073 : .spec.numberOfUsersToReport is not correctly applied in some circumstances #1794 OCPBUGS-22724 : UPSTREAM: 121881: Use golang library instead of mklink #1800 OCPBUGS-16922 : Remove skip flag for e2e tests related to AdmissionWebhookMatchConditions #1790 Update REBASE.openshift.md #1788
STOR-1278 : Fixes for SELinux mount context metrics #1771 Update to Kubernetes v1.28.3 #1776
openshift-hack: Fix sporadic 141 errors in build-rpms #1769
UPSTREAM: <carry>: support for both icsp and idms objects #1685
OCPBUGS-21584 : UPSTREAM: 121128: [CVE-2023-39325] .: bump golang.org/x/net to v0.17.0 #1757 Do not allow nodes to set forbidden openshift labels #1735
OCPBUGS-20096 : bump pause image to RHEL9 #1734 Revert #1731 “Revert #1703 “Update builder & base images”” #1732
Revert #1703 “Update builder & base images” #1731
Update builder & base images #1703
UPSTREAM: <drop>: bump(openshift/client-go,library-go,apiserver-library-go) #1726
OCPBUGS-19666 : kubelet/cm: use MkdirAll when creating cpuset to ignore file exists error #1724 OCPBUGS-17534 : UPSTREAM: <carry>: vendor: bump cadvisor and runc to 1.1.9 #1711 UPSTREAM: 120817: e2e: bootstrap vsphere tests earlier #1714
OCPBUGS-19452 : UPSTREAM: 119317: change rolling update logic to exclude sunsetting nodes #1716 Update to new openshift/* dependencies #1704
STOR-1425 : Update to Kubernetes 1.28.1 #1646 OCPBUGS-16080 : UPSTREAM: <carry>: watch-termination: termination.log file #1638 UPSTREAM: <carry>: disable test removed in 1.28 #1698
<carry>: Export cpu stats of ovs.slice via prometheus #1686
OCPBUGS-17654 : cm: reorder setting of sched_load_balance for sandbox slice #1665 OCPBUGS-18608 : UPSTREAM: <carry>: Force using host go always and use host libriaries #1688 OCPBUGS-18149 : UPSTREAM: <carry>: retry etcd Unavailable errors #1681 OCPBUGS-18149 : UPSTREAM: <carry>: retry etcd Unavailable errors #1676 OCPBUGS-14301 : UPSTREAM: 117245: Fix TopologyAwareHint not working when zone label is added after Node creation #1673 OCPBUGS-14301 : UPSTREAM: 117249,118189: fix TopologyCache crashes #1668 OCPBUGS-7415 : grant user:full scope to self-SARs #1493 UPSTREAM: 118280: Set all PSa labels in tests #1663
OCPBUGS-17119 : UPSTREAM: <drop>: bump apiserver-library-go for updated required-scc errors #1661 OCPBUGS-15726 : UPSTREAM: <carry>: merge v3 openapi discovery and specs for special groups #1654 OCPBUGS-16166 : Update to Kubernetes 1.27.4 #1660 Update to Kubernetes 1.27.4 #1653
OCPBUGS-15726 : UPSTREAM: 118879: make apiservices.apiregistration.k8s.io discoverabl… #1630 OCPBUGS-16166 : Update to Kubernetes 1.27.4 #1645 OCPBUGS-15726 : UPSTREAM: 118881: fix openapi/v3 non local apiservices aggregation #1629 UPSTREAM: <drop>: hack/update-vendor.sh #1634
UPSTREAM: 119107: Stop using deprecated API #1624
OCPBUGS-13392 : UPSTREAM: 118915: remove legacy NetworkPolicy tests #1623 UPSTREAM: <drop>: update openshift/api,openshift/apiserver-library-go #1621
UPSTREAM: <carry>: when only this kube-apiserver can fulfill the kube… #1616
Update to Kubernetes 1.27.3 #1609
UPSTREAM: <carry>: STOR-1270: Admission plugin to deny deletion of storages.operator.openshift.io #1550
OCPBUGS-7181 : UPSTREAM: <drop>: bump apiserver-library-go #1605 STOR-1263 : Add csimock tests #1595 OCPBUGS-4053 : UPSTREAM: 118383: bump cadvisor for upstream patch 3301 #1594 Update test wrapper to match new k8s #1584
STOR-1263 : Bump to k8s 1.27.2 #1583 cherry-pick: #117785 from k/k - disable external IPs on e2e net tests #1581 UPSTREAM: 117893: When expecting pods count only active ones #1577
OCPBUGS-13854 : UPSTREAM: 117371: kubelet: Don’t reference the pod manager interface directly from components #1578 OCPBUGS-11652 : UPSTREAM: <carry>: Extend NodeLogQuery feature #1579 OCPBUGS-13148 : kubelet/cm: disable cpu load balancing on slices when using static cpu manager policy #1573 UPSTREAM: <carry>: move test rules from origin #1574
OCPBUGS-11143 : Azure: move to kube-proxy LB probes, don’t detach masters when unready #1569 OCPBUGS-10048 : UPSTREAM: <carry>: add conditional shutdown response header #1555 OCPBUGS-2474 : UPSTREAM: 116995: kubelet: Ensure pods that have not started track pendingUpdate #1561 STOR-1263 : Update to Kubernetes 1.27.1 #1558 OCPBUGS-10829 : UPSTREAM: 117310: kube-aggregator: correctly use client-go TLS cache with custom dialer #1548 UPSTREAM: <carry>: add shutdown annotation to response header #1537
UPSTREAM: <carry>: OCPNODE-1548,OCPNODE-1584: disable load balancing on created cgroups when managed is enabled #1518
Add wrapper which will allow running o/k tests as external binary in origin #1485
OCPBUGS-7267 : More fixes to SCC PSa extractor #1482 OCPBUGS-10048 : UPSTREAM: 115328: apiserver: annotate early (server not ready) and late (during shutdown) requests #1456 OCPBUGS-8220 : CSI Inline Volume admission plugin does not log object name correctly #1499 OCPBUGS-8092 : Fix mounted volume expansion tests #1498 UPSTREAM: <carry>: update rebase doc #1464
Bump to k8s 1.26.2 #1494
AUTH-336 : UPSTREAM: <carry>: PSa metrics: unset ocp_namespace on non-platform n… #1489 Bump to k8s 1.26.1 #1479
OCPBUGS-7267 : add SeccompProfile to Pod and Container accessors/mutators #1490 UPSTREAM: <drop>: OCPBUGS-5991: Kube APIServer panics in admission controller #1488
CNF-5901 : admission hook change for workload partition on all clusters #1312 UPSTREAM: 113799: tests: network: Prefer internal IPs first #1446
UPSTREAM: 115863: Remove global framework variable #1480
UPSTREAM: <carry>: add new approvers #1458
OCPBUGS-7555 : UPSTREAM: <carry>: add default kubelet sysctls within rpm #1475 AUTH-336 : UPSTREAM: <carry>: PSa metrics: log platform namespaces in audit denies #1454 add icsp validation: reject one of icsp idms.itms resources #1310
UPSTREAM: 114027: make GetSubnetPrefix IP family agnostic #1469
disable tests dependent on StackDriver #1466
UPSTREAM: 115484: Don’t explicitly set image version in tests #1465
UPSTREAM: 114994: kubelet: fix readiness probes with pod termination #1450
OCPBUGS-6030 : Rebase onto kube v1.26 #1432 Fix the mutated PodSpec extractor for warns if no SCC matches #1453
OCPBUGS-4900 : remove in-tree volume limits test now that CSIMigration is GA #1448 OCPBUGS-4658 : Apply shared defaulters to CRD-based routes. #1440 OCPBUGS-4657 : Bump library-go. #1431 UPSTREAM: <carry>: make the PSA workload admission warnings honor the… #1393
UPSTREAM: <carry>: Ensure balanced brackets in annotated test names #1410
STOR-829 : Add CSIInlineVolumeSecurity admission plugin #1384 OCPBUGS-3501 : UPSTREAM: <carry>: Add host assignment plugin for CRD-based routes. #1419 UPSTREAM: <drop>: Bump openshift/api. #1424
OCPBUGS-3499 : UPSTREAM: <carry>: Add validation plugin for CRD-based route parity. #1416 Bug 2117374 : UPSTREAM: <drop>: update apiserver-library-go to add message about wo… #1395 Bug OCPBUGS-2991: Disable expansion in SC, if driver does not support it #1402
OCPBUGS-3093 : Tag AWS security groups at creation #1411 UPSTREAM: <drop>: Bump library-go. #1406
OCPBUGS-2946 : Revert: 1340: tag AWS security group at creation #1401 OCPBUGS-3084 : UPSTREAM: 113481: kubelet: fix pod log line corruption when using timestamps and long lines #1404 OCPBUGS-2774 : UPSTREAM: 112807 Fix Load balancer services with xTP local #1400 UPSTREAM: 113208: Set default test timeouts first, only then modify the required ones #1396
UPSTREAM: <carry>: Bug 2098054: tag AWS security group at creation #1340
UPSTREAM: 113135: Wait for pod not running or gone in storage tests #1394
Bump to k8s 1.25.2 #1380
Bug 2041317 : Fix replica calculation at start of HPA scaling policy period #1391 UPSTREAM: <carry>: allow annotating with a specific suite #1388
k8s 1.25.0 #1360
UPSTREAM: <carry>: Dockerfile: use centos:stream9 #1366
OCPBUGS-718 : UPSTREAM: 112267: aws: skip health rules if they are a subnet of the client rule #1358 UPSTREAM: <carry>: optionally enable retry after until apiserver is ready #1346
UPSTREAM: 110639: endpointslices: node missing on Pod scenario #1359
UPSTREAM: <carry>: Update kubensenter to use exec instead of subprocess #1350
UPSTREAM: 110039: Add readinessProbe to aggregated api service test #1307
Bug 2118318 : UPSTREAM: 110939: don’t quota events.k8s.io events by default #1344 UPSTREAM: 111789: Update Netpol e2e tests to use framework CreateName… #1349
UPSTREAM: <carry>: Skip session affinity timeout tests #1339
Bug 2117569 : UPSTREAM: 110888: feat: fix a bug thaat not all event be ignored by gc controller #1338 Add kubensenter to the openshift RPM #1327
UPSTREAM: 111306: Make scheduling e2e tests run PSa-restricted pods #1333
trt-393: add plugin name to caches not synchronized error #1330
Bug 2102383 : UPSTREAM: 89885: Fix panic in openstack.InstanceExistsByProviderID() #1315 Bug 2088606 : Overly loose admission check when configuring UpstreamResolvers or ForwardPlugin #1247 Bug 2081194 : UPSTREAM: <carry>: update list of deprecated apis #1091 Bug 2082773 : Fix resizing of ephemeral volumes #1296 UPSTREAM: <carry>: Remove reserved CPUs from default set #1295
Bug 2094012 : UPSTREAM: 110652: fix: –chunk-size with selector returns missing result #1303 Bug 2063414 : UPSTREAM: 109441: kubelet: parseResolvConf: Handle “search .” #1283 Bug 2086519 : get SCC admission default securityContext.runAsNonRoot to true on positive UIDs #1290 Bug 2078778 : UPSTREAM: 110408: apiserver: printers should use int64 #1288 Bug 2089933 : Backport 110191 Re-enable Kubelet Pod Readiness Probes on Termination and Pod probes should be handled by pod worker #1285 Bug 2087685 : Worker Latency Profiles: Config node object validation for extreme profile transition #1287 Bug 2065749 : UPSTREAM: 109103: cpu/memory manager containerMap memory leak #1229 Bug 2094954 : UPSTREAM: 110258: Fix pod eviction ip #1282 UPSTREAM: <carry>: provide unique reason for pod probe event during t… #1281
Bug 2086092 : UPSTREAM: 108284: fix: exclude non-ready nodes and deleted nodes from azure load balancers #1261 Fixes probe readiness shutdowns #1269
Bug 2086092 : update kube to v1.24.0 #1252 Bug 2086519 : UPSTREAM: <carry>: e2e-framework: don’t autosync PodSecurity labels #1268 Bug 2062459 : Identify if there are multiple schedulers running #1251 Bug 2075621 : UPSTREAM: 109487: Disable JobTrackingWithFinalizers due to unresolved bug #1243 Bug 1999325 : Backport 107821 and 107831 #1225 UPSTREAM: 109283: test/e2e/*: use restricted policy by default, default existing tests to privileged #1238
Bug 2051985 : UPSTREAM: <carry>: An APIRequestCount without dots in the name can cause a panic #1172 Bug 2066865 : Skip azure topology tests #1230 UPSTREAM: 106454: test/e2e: fix e2e tests for restricted policy #1227
Revert “UPSTREAM: <carry>: Unskip OCP SDN related tests” #1228
bump apiserver-library-go #1218
UPSTREAM: <carry>: update list of deprecated apis #1204
UPSTREAM: 106454: test/e2e: fix e2e tests for restricted policy #1226
Bug 1957668 : UPSTREAM: <carry>: use console-public config map for console redirect #1110 UPSTREAM: 106454: test/e2e: fix e2e tests for restricted policy #1212
Bug 2022507 : Backport 108366: OutofCpu Fixes #1199 Bug 1945329 : enable should drop INVALID conntrack entries test #897 Bug 2063938 : UPSTREAM: <carry>: use hardcoded rest mapper from library-go #1215 Bug 2062459 : Generate event when cache update is failed #1210 UPSTREAM:<carry>:Unskip OCP SDN related tests #1201
Bug 2034958 : enable “Conntrack should be able to preserve UDP traffic when initial… #1197 UPSTREAM: 106454: SQUASH: test/e2e: let e2e tests specify pod security admiss… #1128
Bug 2040715 : UPSTREAM: 108284: fix: exclude non-ready nodes from azure load balancer #1190 UPSTREAM: <drop>: zero-diff to pick up tags for versions #1193
Bug 2040715 : upstream 108149: do not return early in the node informer when there is no change #1184 Bug 2040533 : UPSTREAM: <drop>: Ignore container notfound error while getPodstatuses #1176 Bug 2040533 : UPSTREAM: 107900: Pods that have terminated before starting should not block startup #1157 UPSTREAM: 107847: service REST: Call Decorator(old) on update path #1156
Bug 1979671 : UPSTREAM <carry>: Remove pod warning annotation when workload partitioning is disabled #977 Bug 2044824 : UPSTREAM: 107786: Ensure the execHostnameTest() compares hostnames #1153 Bug 2044347 : bump to k8s 1.23.3 #1145 Bug 2039539 : Revert “UPSTREAM: <drop>: revert upstream PR 106306” #1143 Bug 2041583 : UPSTREAM: <carry>: set correctly static pods CPUs when workload partitioning is disabled #1136 Bug 2040533 : UPSTREAM: 107695: kubelet: fix podstatus not containing pod full name #1140 Bug 2039539 : UPSTREAM: <drop>: revert upstream PR 106306 #1130 Bug 2022824 : Fix the leak of vSphere client sessions #1104 Bug 2042169 : UPSTREAM: <carry>: remove egressnetworkpolicies from gc ignored resources #1123 Bug 2040793 : Fix ordering issues with snapshot e2e #1119 Bug 2038968 : Restore upstream feature gates #1112 Bug 2004542 : UPSTREAM: 89885: SQUASH: Retry fetching clouds.conf #1099 Bug 2041641 : Backport k8s.io/utils fix for a memory leak within the inotify utilities #1122 Bug 2042493 : UPSTREAM 107564: kube-apiserver integration test: allow IPs with leading zeros on the API #1124 Bug 2039414 : UPSTREAM: <carry>: allows for switching KS to talk to Kube API over localhost-squash to other #1121 Bug 2042493 : UPSTREAM: <carry>: Fix conformance and serial tests by stopping node cordoning #1129 Bug 1933144 : hardens the aggregated API e2e tests in an HA setup #1114 Bug 2001442 : empty termination.log file for the kube-apiserver has too permissive mode #1096 Bug 2034705 : UPSTREAM 107136: Don’t log vSphere configuration data in storage e2e tests #1098 Bug 2033751 : fix -rt builds and copy extensions into resulting image #1106 Bug 2033751 : Kube 1.23.0 rebase #1087 Switch to go1.17 #1080
Bug 2021629 : UPSTREAM: <carry>: api request counts for current hour are incorrect #1037 UPSTREAM: 105910: retry PV create in e2e-test on API quota failure #1078
UPSTREAM: <drop>: revert to go1.16 #1079
Updating openshift-enterprise-hyperkube images to be consistent with ART #934
UPSTREAM: <drop>: remove creation of openshift-infra ns and recycler SA #1039
Bug 2008532 : Fix subpath sources check #1065 Bug 2017276 : UPSTREAM: 105934: Don’t guess SELinux support on error #1052 Rebase Automation Script #1040
Updating openshift-enterprise-pod images to be consistent with ART #933
UPSTREAM: <carry>: delay queuing deletion for PV to allow nodes some time to unmount #1062
Bug 1978528 : UPSTREAM: <carry>: bump cadvisor for 2957, 2999 and 2979 upstream patches #1049 Bug 2023779 : Fix patch 104847 #1059 Bug 2022811 : UPSTREAM: 106382: defer close the rotated log open #1051 Bug 2007495 : UPSTREAM: 105213: remove StartedPodsErrorsTotal metrice message #988 Bug 2021936 : Read k8s version from hyperkube Dockerfile #1038 Bug 2002759 : UPSTREAM: <carry>: verify required http2 cipher suites #1022 UPSTREAM: <carry>: update rebase doc #1031
Bug 2000216 : Image policy should mutate DeploymentConfigs, StatefulSets, and new CronJobs #1014 Bug 1970331 : UPSTREAM: <drop>: bump apiserver-library-go #1017 Bug 1990190 : Remove Error Message Check Dynamic PV Tests #1011 Bug 2011513 : kubelet: do not arbitrarily create a podSyncStatus for finished pods #1007 UPSTREAM: <drop>: bump apiserver-library-go #1008
Bug 1997478 : Ensure terminal pods maintain terminal status #999 Bug 2010348 : UPSTREAM: 105352: revert pie build mode #993 UPSTREAM: <carry>: allow SCC to be disabled on a per-namespace basis #984
Bug 2000754 : UPSTREAM: 104865: e2e iperf2 change threshold to 10MBps = 80 Mbps #980 Bug 1965368 : UPSTREAM: <drop>: bump(apiserver-library-go) #971 Remove Error Message for Unsupported Volume Test #905
Add CSI migration feature gates for vSphere and Azure File #961
etcd-client starts retrying transient errors from the etcd cluster #959
UPSTREAM: <carry>: openshift-hack/images/os/Dockerfile: Add io.openshift.build.versions, etc. #963
Bug 2005182 : UPSTREAM: <carry>: update list of deprecated apis to be removed #965 Bug 1999133 : kubelet: Handle UID reuse in pod worker #938 UPSTREAM: <carry>: add control plane to allowed roles #957
UPSTREAM: <drop>: bump openshift, k8s to 1.22.1 #950
Bug 2003269 : UPSTREAM: 104817: kubelet: Rejected pods should be filtered from admission #948 Bugzilla 2001763: UPSTREAM: <carry>: 104437: run etcd healthcheck in the background and… #893
UPSTREAM: 104314: legacy-cloud-providers: aws: Add support for consuming web identity credentials #927
Bug 1996689 : Tighten up RestrictedEndpointsAdmission #899 Bug 1996779 : Fix bug with goroutine capturing loop variable #904 Bug 2000451 : UPSTREAM: <drop>: Disable broken sig-storage test #925 Bug 1994643 : UPSTREAM: 104630: remove server option startup-send-retry-after-until… #922 Bug 1992016 : UPSTREAM: <carry>: add OPENSHIFT_MAX_HOUSEKEEPING_INTERVAL_DURATION and OPENSHIFT_EVICTION_MONITORING_PERIOD_DURATION #909 Bug 1994927 : Revert “Remove Endpoints write access from aggregated edit role” #908 Bug 1997657 : UPSTREAM: 104577: kubelet: Admission must exclude completed pods and avoid races #920 Bug 1948089 : openshift-apiserver should not set Available=False APIServicesAvailable on update #915 Bug 1986003 : Rebase 1.22.1 #916 Bug 1994643 : UPSTREAM: <carry>: sets X-OpenShift-Internal-If-Not-Ready HTTP Header for GC and Namespace controllers #907 Bug 1994643 : UPSTREAM: <carry>: send Retry-After when not ready with a caller opt in #906 Bug 1993980 : UPSTREAM: 104529: [1.22] vendor: bump runc to 1.0.2 #910 Bug 1948089 : openshift-apiserver should not set Available=False APIServicesAvailable on update #903 Bug 1986307 : UPSTREAM: <carry>: re-enable networking tests #885 Bug 1995804 : UPSTREAM: <carry>: rename termination events to use lifecycleSignals #896 Bug 1950993 : UPSTREAM: <drop>: bump cadvisor for 2868 and 2925 upstream patches #892 Bug 1997465 : UPSTREAM: 104466: bump k8s.io/util to get fix for LRU cache #898 Bug 1994643 : UPSTREAM: 104281: send retry-after until the apiserver is ready #889 Bug 1982868 : UPSTREAM: <carry>: admission/managementcpusoverride: cover the roll-back case #877 Bug 1986306 : Kubectl client kubectl wait should ignore not found error with –for=delete #891 Bug 1994643 : UPSTREAM: <carry>: use lifeCycleSignals for isTerminating #887 Bug 1980118 : UPSTREAM: <carry>: drop the warning to use –keep-annotations #860 Bug 1992900 : Fix build with multiple GOFLAGS #886 Bug 1986003 : Bump k8s.io to 1.22.0-rc.0 #862 UPSTREAM: <carry>: prevent the kubecontrollermanager service-ca from getting less secure #853
Bug 1981477 : Do not throw error when we can’t get canonical path #817 UPSTREAM: <carry>: add a way to inject a vulnerable, legacy service-c… #852
produce events for readyz going true #807
UPSTREAM: <drop>: remove the openshift authenticator from the apiserver #822
UPSTREAM: <drop>: bump(apiserver-library-go) #846
UPSTREAM: <carry>: add CSI migration feature gates for GCE PD and Azure Disk #831
UPSTREAM: 103385: Fix Multi-AZ test #837
Bug 1977920 : Ensure scc compatibility with BoundServiceAccountTokenVolume #841 UPSTREAM: 103050: Bug 1975325: Fix NodeAuthenticator tests in dual stack #823
Updating openshift-enterprise-hyperkube images to be consistent with ART #814
Bug 1976379 : UPSTREAM: <carry>: Reject the pod creation when we can not decide the cluster type #832 Updating openshift-enterprise-pod images to be consistent with ART #812
UPSTREAM: <carry>: update rebase doc #824
Bug 1975283 : update Multi-AZ Cluster Volumes test name #825 UPSTREAM: <carry>: update rebase doc #818
UPSTREAM: <carry>: crd: add ClusterOperator condition message table column #810
Bug 1971745 : only chown if non-windows machine with projected volumes #804 Full changelog
OCPBUGS-24791 : Updating golang-github-openshift-oauth-proxy-container image to be consistent with ART #270 OCPBUGS-21718 : go.mod: bump golang.org/x/net to v0.17.0 #266 OCPBUGS-18858 : Updating golang-github-openshift-oauth-proxy images to be consistent with ART #265 OCPBUGS-16459 : bump kube and lib-go to get rid of goproxy dep #260 fix route apiVersion #257
Updating golang-github-openshift-oauth-proxy images to be consistent with ART #251
APPSRE-7970 : Add support for configuring upstream timeout #258 OCPBUGS-14033 : Handle TERM signal gracefully #255 AUTH-373 : add audit-ID headers to TokenReview and SAR requests #252 Update logo #245
fix json examples for –openshift-delegate-urls #203
Use resourceName in Openshift SAR rule #243
Updating golang-github-openshift-oauth-proxy images to be consistent with ART #241
Bug 2026860 : ocp provider: don’t fail client creation if oauth-server cert is not present #238 Golang bump 1.17 #235
Bug 1966298 : Update golang.org/x/net #223 Bug 1986810 : trust the oauth-server when constructing a client to OpenShift #220 Bug 1980235 : deprecate version #218 Updating golang-github-openshift-oauth-proxy images to be consistent with ART #216
Updating .ci-operator.yaml build_root_image from openshift/release #215
Full changelog
OSASINFRA-3437 : Rebase on CAPO v0.10 #305 OCPBUGS-31277 : Updating openstack-cluster-api-controllers-container image to be consistent with ART for 4.16 #301 🐛 Persist API FloatingIP immediately on creation #1831
:bug: Fix patching OpenstackMachine’s immutable spec during reconcile #1819
✨ Add flags for configuring rate limits #1817
:bug: Fix potential panic during instance create #1806
🐛 Revert “Move FloatingIP to Bastion spec” #1783
🌱 Import CAPI v1.6.0 #1780
🌱 Bump version artifacts for release-0.9 #1775
🐛 Verify success of parsing OpenStack cloud cacert #1770
📖 Fix network-related docs for API v1alpha7 #1764
🌱 Remove Containerfile and Dockerfile experimental #1760
🌱 Fix log message typo #1758
🐛 Update e2e testing image of CAPI version from 1.5.0 to 1.5.1 #1754
🐛Fix missing endpoint type in OpenStack endpoint clients configuration #1744
✨remove flavor check to relief restrictions to CPU #1745
⚠️ Move FloatingIP to Bastion spec #1739
⚠️ Bump Go to 1.20.10 #1740
✨ Add ephemeral storage support to the AdditionalBlockDevices #1696
✨ Use kustomize new syntax for patches #1735
✨ Add cache on provider scope #1688
🌱 deps: Bump dependencies #1733
🌱 Enable k8s upgrade in self hosted test #1732
🌱 Use k8s v1.28 in tests #1723
🐛 Don’t remove BYO api server loadbalancer floating IP #1728
🌱 Replace kustomize vars with replacements #1726
🌱 e2e: dump cinder volumes #1722
🌱 Ignore go workspaces #1724
🌱 E2e: Use pre-build node images #1699
✨ Add option to customize private network MTU #1701
:seedling: ci: bump Flatcar tested version #1713
🌱 ci: Several CI fixes #1718
✨ Add server name for the Machine InternalDNS #1715
🌱 Bump devstack image to ubuntu 22.04 #1716
🌱 Add explicit dependency on github.com/golang/mock/mockgen/model #1712
🌱 Allow custom KUBEBUILDER_ASSETS_DIR in tests #1710
🌱 Ignore vendor directories in boilerplate check #1709
🌱 Build setup-envtest in hack/tools #1707
🌱 Bump ginkgo #1705
:sparkles: Additional data volumes for machines #1668
🌱 gitignore: ignore vendor/ directory #1690
🌱 Move webhook CA injection into webhook resource #1686
Update Gophercloud to 1.7.0 #1682
🐛 Only delete all ports when deleting cluster network #1680
:book: Clarify release notes content for releases and pre-releases #1678
🌱 Remove defaulter-gen #1677
:book: doc/development: add devstack notes #1569
🌱 Add test for getOrCreate #1673
Set failure only on instance error when no nodeRef #1637
🌱Fix various issues with CRD generation #1669
✨Allow changing allowAllInClusterTraffic in a deployed cluster #1663
avoid duplicate error event #1655
🌱Bump CAPI to v1.5.1 #1666
🌱Structured logging migration of instance.go, service.go, floatingip.go, and securitygroups.go #1631
Fix v1alpha6 -> v1alpha7 idempotence #1626
🐛 Don’t fail when deleting non-existing port #1660
🐛 Fix panic on delete before cluster is initialised #1657
🐛Fix failing clusterctl upgrade test (second attempt) #1661
🐛Fix failing clusterctl upgrade test #1659
🌱 Bump golangci-lint to 1.54.2 #1652
🐛 fix port cleanup when using CAPO-created cluster network #1651
:bug: Fix Port Leaks #1648
🌱 Update verbosity levels in instance.go #1635
📖 Fix APIVersion to use existing router with OpenStackCluster #1638
🌱 Migrate pkg/cloud/services/networking/network.go and router.go to structured logging #1624
🐛 Fix application credential support in env.rc #1646
🌱Remove APIServerLoadBalancer.Provider Up Conversion #1642
🌱Migrate controllers/openstackcluster_controller.go to structured logging #1630
:seedling: Migrating /pkg/cloud/services/loadbalancer/loadbalancer.go and /controllers/openstackmachine_controller.go to structured logging #1621
✨ Add --version flag #1641
✨ Add support to IPv6 in Machine’s status #1633
🌱 chore: use capo cluster agent for API requests #1614
✨ Update to CAPI 1.5 #1600
🌱 Simplify types of Instance.SecurityGroup and Instance.Networks #1625
remove subnet from the output in kubectl get #1609
:sparkles: Allow Use of Public CAs #1610
:seedling: ci: bump flatcar to latest stable #1607
📖 Add link to book in README #1602
🌱 Add metadata for release 0.8 #1601
⚠️ Update NetworkStatus ready for dual stack #1577
🌱 E2e: Unify machine log collection #1595
🌱 E2e: Bump the tested Kubernetes versions #1594
🌱 E2e: Implement LogCollector interface #1581
✨ Allowing update of OpenstackCluster API server fixed IP #1590
:sparkles: Add additional sec group rule for additionalPorts of LB #1592
do not set failure reason/message when LB not created #1591
🌱 Replace github.com/pkg/errors #1585
🌱 dependencies: Bump Go stdlib #1584
🐛 Fix deadlock #1579
🌱 Bump Kubernetes version used in e2e tests #1571
⚠️ Remove ProjectID from PortOpts #1575
🐛 Always filter cluster subnets by cluster network ID #1572
🌱 E2e: Bump clusterctl upgrade to start from v0.7.2 #1568
:warning: Transform Profile into an interface #1560
🌱 Set provider ID through kubelet in ubuntu templates #1551
⚠️Remove last uses of TenantID and pagination filters #1563
:seedling: Deprecate v1alpha5 #1561
:seedling: bump docker distribution to 2.8.2+incompatible #1562
⚠️ Replace SubnetParam with SubnetFilter #1559
⚠️ Replace SecurityGroupParam with SecurityGroupFilter #1557
🌱Remove unused fields from ExternalNetwork #1555
🌱Remove PortOpts from Network #1550
🌱 Reduce the Bastion status to only fields which are used #1546
⚠️ Remove PortOpts.SecurityGroups #1516
Use dl.k8s.io instead of kubernetes-release bucket #1542
Fix OWNERS_ALIASES syntax error #1543
Update external approvers #1536
⚠️ Remove Networks #1518
Add lentzi90 to cluster-api-openstack-maintainers #1537
⚠️ Remove v1alpha3 and v1alpha4 #1527
Update linter to v1.52.2 #1534
🌱 Remove creation of 2 Events for the same event #1531
🐛 Patch: Backport Provider to v1alpha6 #1530
🐛 Improve env.rc and create_cloud_conf.sh templates #1381
✨ Support propagate uplink status #1481
✨Infer port network from subnet #1519
:seedling: ci: bump flatcar to latest major stable #1524
🌱 bump docker to 20.10.24+incompatible #1525
:warning: flatcar: make external-cloud-provider-flatcar the default one #1522
:seedling: pull cluster-api@v1.4.1 #1521
⚠️ Deprecate In-tree Cloud Provider #1514
🌱 Bump gophercloud to v1.3.0 #1520
:sparkles: Add RouterName for use existing router #1370
Restore APIServerLoadBalancer.Provider on up-conversion #1517
📖 Document removal of OpenStackMachineSpec.Subnet #1515
🌱 Un-pointer PortOpts.SecurityGroups #1511
✨Add Octavia OVN Provider Support #1501
Add dulek to reviewers #1512
⚠️Remove OpenStackMachineSpec.Subnet #1504
🌱 Add fuzzy conversion tests for v1alpha6 #1509
:book: docs/configuration: add Flatcar to OS section #1503
:bug: e2e: refresh packages list before install containerd #1507
:sparkles: templates: add flatcar template #1444
📖 Add documentation for creating local test environments #1500
🐛 fix: allow using multiattach volume types #1498
⚠️ Add v1alpha7 #1497
✨ Support value specs for Ports #1452
fix: fix typo of worker rules and controller rules #1492
🐛 Switch to “4” instead of “ipip” for rules #1489
:bug: Fix Provisioning to Unavailable AZs #1479
🐛 uplift golang and x/net #1482
Fix “internal ip doesn’t exist (yet)” in e2e logs #1474
Remove the resource and machine tickers from e2e tests #1471
Fix boilerplate linter #1473
Download golangci-lint instead of building it #1470
🌱 Bump gophercloud to v1.2.0 #1463
📖 Add documentation about –ca-cert flag #1467
🐛 Return from reconciler after adding finalizer #1464
✨ Add Tags to API-Loadbalancer resources #1457
🐛 Fix Tilt by adding CAPO label in tilt-provider.json #1430
Add e2e remediation tests #1380
🌱 Add e2e self hosted test #1428
Envtest mocks #1236
🌱 Bump ginkgo to v2.7.0 and sync with hack/tools #1460
check flavor and reject CPUs less than 2 #1451
✨ add explicit securitycontext to controller #1461
📖 fix path for taggin and serverMetadata in OpenstackMachineTemplates #1454
✨ Add ca-cert flag to supply a default ca certificate for each requests #1440
🌱 Use newer containerd in e2e tests #1456
🌱 E2e: Use plain ubuntu cloud image #1441
🐛 fix nil-pointer in initial reconciliation loop with empty status field #1445
🌱Add log to provide more info in case error happen #1443
🌱Be more robust when checking gophercloud errors in IsNotFound #1432
🐛 uplift x/net to 0.4.0 #1427
🌱Bump CAPI to v1.3.1 #1424
✨Add lentzi90 to reviewers #1421
:book: Fix spelling errors on docs #1418
🌱 e2e: Change logging to avoid use of By #1417
🌱 Remove It block from clusterctl upgrade #1412
✨ Bump CAPI to v1.3.0 #1406
🌱Release 0.7 patches #1405
🐛 Update Ubuntu, CirrOS & Amphora image #1408
🌱 Add e2e clusterctl upgrade tests #1371
🌱 Bump Gophercloud to v1.1.0 #1402
🌱 scripts: replace apt with apt-get #1401
🌱 Tag current e2e tests as PR-Blocking #1390
🐛 Allow UDP traffic over nodeports #1396
🌱Ensure we capture early devstack logs #1399
🐛 Don’t enable router-ovn service in CI deployments #1400
🐛 Decrease initial backoff for Floating IP operations #1386
🐛 Fix Octavia versions endpoint #1385
🐛 openstackmachine: do not set transient error message and reason #1301
🐛 fix: improve load balancer health checks #1375
🌱 Synchronize versions between Makefile, Containerfile, e2e and go.mod #1369
:book: Add more infomation to run e2e test in locally #1362
Fix accesIPv4 checking #1366
switch version from float to int #1281
🌱 CI: Clean openstack volumes #1364
🌱 Bump CAPI to v1.2.4 #1361
✨ Enable additional linters and metalinter checks. Fix findings #1359
🌱 Remove unnecessary mock import aliases #1357
🐛 Don’t require cinder when not using volumes #1353
🌱 Add the cluster templates back #1354
🌱 Update golangci-lint (v1.46.2 -> v1.50.0), remove deprecated linters #1342
🐛 Don’t require an InstanceSpec for DeleteInstance #1350
ci: Pin to the yoga version of openstackclient #1352
✨ Allow for omitting AZ from control plane nodes #1318
🌱 Group Makefile targets #1343
doc: update calico location #1338
update doc to make it more clear #1335
🐛 fix nilpointer during clusterctl move #1340
update k8s to 1.25 #1330
🌱 remove apricote from reviewers #1333
📖 update README to include Yoga #1331
update devstack release #1329
🌱 add merge strategy markers #1325
🌱 gce-project.sh: loop over all GCP zones during instance creation #1324
:bug: Add security groups to ports only #1319
📖 Update PlantUML version (1.2020.16 -> 1.2022.6) #1321
✨ Conditions for OpenStackMachines #1288
🐛 Fix go1.19 linting errors #1313
🌱 Ensure that python and pip is installed for e2e and conformance tests #1309
not assign floating ip when there are multiple controller nodes #1276
🐛 Update calico manifest for e2e testing #1307
✨ Add re-creation of bastion host on change #1303
e2e test: add more dump output #1304
🐛 Fix conformance tests #1305
refactory sec group code (for additional CNI support) #1299
🌱 Bump CAPI to v1.2.0 #1302
🌱 Set ginkgo.timeout in our kubetest config #1297
🌱 bump to capi v1.2.0-rc.0 #1295
🌱 only reconcile loadbalancer member if machine is control-plane #1294
✨ Enable JSON Logging #1296
replace “4” with “ipip” #1290
✨ Bump to CAPI v1.2.0-beta.1 #1283
🐛 Fix logger arguments #1284
Fix generation of e2e-templates when running conformance tests #1287
📖 add v1alpha6 breaking changes book page #1285
🌱 Generate cluster templates with kustomize #1271
🐛 delete port left over by err openstackmachine #1260
Add Age column for osc/osm #1279
✨ Add v1alpha6 API types #1272
use 1.24 as test env #1277
update doc to reflect latest version, add helm link #1275
nit:make event to log for already associated FIP #1268
📖 Instance create timeout is in minutes #1267
🐛 Make failure domain optional for OpenStackMachine #1263
✨ Feature: restrict API Server LB access via IPs #1247
:sparkles: bump golangci-lint version to v1.46.2 #1258
cleanup: remove used file #1243
Passing security groups by specifying more options in addition to UUIDs on ports #1246
🐛 implement conversion for OpenStackClusterTemplate CRD #1249
refactory test code (reuse existing function) #1194
🏃 Add tests for cluster controller #1199
🐛 remove webhooks for old APIversion v1alpha4 #1240
🌱 Fix ginkgo warnings #1239
🌱 Remove macaptain from cluster-api-openstack-reviewers #1237
move chrischdi to emeritus_approvers #1233
:bug: Fix nil pointer reference during bastion deletion #1231
:seedling: Update RELEASE.md process for release branches #1228
🏃 update PR icon template to match CAPI #1229
📖 allow up to 20 tabs in book #1224
🌱 Add release 0.6.x to metadata.yaml #1226
🐛Don’t set ImageRef on server when booting from volume #1225
🐛Fix conversion of boot from volume images #1223
🐛 always wait for active Loadbalancer after getOrCreate #1200
📖 Document CRD changes from v1alpha4 to v1alpha5 #1216
🐛 controllers/openstackcluster_controller.go fix nil pointer and dump openstack ports #1217
Improve log message #1202
🐛 bump CAPI to v1.1.3 #1209
🏃Remove prankul88 as a reviewer #1213
🏃 Add apricote as a reviewer #1212
📖 replace dead link for cloud.conf details #1211
⚠️ rename v1beta1 to v1alpha5 #1198
address CVE-2022-27191 #1204
✨ Support Application Credential auth #1189
✨Refactor CreateInstance and CreateBastion #1191
⚠️ move loadbalancer opts to struct #1187
🏃 Explain mutability of bastion configuration in CRD #1190
🏃 Enable controller tests #1183
🐛 Install sshuttle using pip instead of from source #1185
🏃 Add Scopes to pass data to services #1178
🐛 Address CVE-2022-21698 #1182
🐛 upgrade golangci-lint for go 1.18 support #1184
✨Export GetFloatingIP #1179
Add unit test for trunk #1172
📖update doc to talk about microversion #1161
🐛 Fix event target of floating ip operations #1177
Fix flaky UT on gate #1175
Remove internal AZ special handling #1168
🐛 Clean up removed AvailabilityZones from OpenStackCluster.status.failureDomains #1165
📖 add info about office hours to README and Book #1167
move CI to xena #1158
🐛 api/v1beta1/openstackmachine_types.go: change errorReason/errorMessage to failureReason/failureMessage #1150
✨Remove FIXME (adjust the comment and code both) #1157
🐛 containerfile: Bump Go version #1156
🏃 devstack: Allow empty private SSH key #1144
Make hidekazuna emeritus #1152
Avoid set failMessage when bastion creation failed #1138
🏃 OWNERS: satisfy the maintainers tool #1123
manager.yaml: enable metrics endpoint #1141
📖 Document external repositories referencing CAPO owners #1142
bump CAPI to v1.1.0 #1137
Add test for trunk feature #1128
🐛Bump CAPI to v1.0.4 #1136
✨ Ensure trunk deletion #1125
✨Service interface load balancer #1119
🐛 Prevent creation of floating IPs when reconcile load balancer in non ACTIVE state #1115
Remove duplicate tags before making API calls #1112
iamemilio resigns as a reviewer #1113
Document running CI devstack on CentOS #1108
✨Cinder AZ and volume type support #1030
✨ improve log entry for ReplaceAllAttributesTags #1110
🐛 Avoid replacing tags when no tags are provided. #1107
Delete trunk on failure #1095
Allow image uuid to be used in instanceSpec #1101
📖nit: update doc to include spec #1102
🐛update log to make it clear (LB member instead of LB) #1104
🐛 loadbalancer service: fix metric name for member list #1097
🏃 Migrate CI to Wallaby #1091
Fail fast without create port at all #1094
🐛 fix loadbalancer service to reconcile all ports instead of returning at the first #1089
Update .golangci.yml #1090
:book: Update documentation according to clusterctl sub command changes #1088
🌱 Standardize api import aliases #1082
Update OWNERS file #1084
🏃Fix generated clouds.yaml for local e2e tests #1069
🏃Add new maintainers and reviewers #1083
:sparkles: Port rework #1059
🏃 Fix SECURITY_CONTACTS #1080
✨ Allow webhook changes to OpenStackCluster.Spec.Bastion #1070
images: use k8s-staging-test-infra/gcb-docker-gcloud #1068
🐛Cleanup ports #1063
:sparkles: Add tags on security groups created by capo #1053
🐛Fix conversion of IdentityRef converting between v1alpha4 and v1beta1 #1066
📖 Update configuration document #1056
✨Add unit tests for compute service #1061
🐛update logic to support more instance state #909
🏃 Delete unused annotation #1057
🐛Fixes for running E2E tests locally against devstack on OpenStack #1048
🏃 Fix conversion-gen in Makefile #1052
📖 Update version support #1055
🏃 Move sbueringer to emeritus maintainers #1058
✨ Bump golangci-lint to 1.43.0 #1042
📖 Update RELEASE document #1051
📖 Fix yaml example #1050
✨ Add v1beta1 API types #1047
🐛Pull Calico from quay.io instead of docker.io #1049
✨ Update CAPI to v1beta1 #1041
✨ Remove ensure kind binary script from repository #1036
🐛 Fix image push in Makefile for image-push jobs #1039
✨E2E error logging improvements #1032
Check trunk support before enabling trunk at port level #1014
✨ Change default branch to “main” #1031
✨ Add tags to portOpts #1027
✨Devstack on openstack and multi-AZ support #1026
🏃 Add unit tests for getOrCreatePort func #1020
Port Tagging Regression #1016
🐛 Fix typo in delete server log #1025
📖 Fix typo in OPENSTACK_CLOUD_CACERT_B64 example #1018
✨ controllers: replace context.TODO with real context objects #1019
🏃update e2e container to latest cluster-api #1010
✨Return all NodeAddresses in OpenStackMachine.Status.Addresses #1004
🏃 Bump calico from v3.18.1 to v3.20.1 #1015
🐛 Don’t make unnecessary REST API calls in getServerNetworks #994
✨Allow update for some param only first time update #1012
✨Add webhook of openstackcluster, no update allowed for now #1006
🏃 Standardize metrics in networking package #1003
:sparkles: Allow clusters without a floating IP for the API server #973
:sparkles: Implement allowAllInClusterTraffic flag #998
🏃 Move deletePorts back to compute package #1002
✨Add InstanceStatus.AvailabilityZone() #992
📖 Add book link to README #996
🏃 Refactor all network client calls into networking package #950
:bug: Add alpha3 Resources to Scheme #985
⚠️ Don’t overwrite openstackcluster.status.network on reconciliation #989
✨Document running E2E tests locally #982
:bug: Fix Conversion from alpha3 to alpha4 #986
✨Enhancements for running E2E tests locally #981
only use loadbalaner reference if needed #978
✨ Allow Trunk configuration at a Port level #934
fix gate lint issue #980
Update flavor usage of e2e test #977
Add gc for error instance’s port #975
:sparkles: Refactor: Don’t use infrav1.Instance internally #971
✨ Cleanup and refactor InstanceExists and DeleteInstance #960
getOrCreatePort: add support to configure port Profile #964
update from v1alpha3 to v1alpha4 in Makefile #970
🏃Return error if instance go error #967
🐛 bump controller-runtime to 0.9.6 to fix webhook tls errors #969
📖Add port security doc #958
📖 Add netlify.toml to publish our book #963
🐛 ignore Conflict status in order to make instance able to detach interface #962
📖Fix broken link #957
🐛 Fix failure to create server with specified tags #924
✨ Apply Port Security to Ports #921
✨ Add webhook readiness and health checks #955
🐛 openstackcluster reconciliation: reset .Status.failureMessage and .Status.FailureReason on success #953
✨ Do not update fip if its already mapped correct #947
✨ Add mock client and 2 tests for networking package #935
📖 improve release documentation #946
✨ Fix Webhook names for OpenStackMachineTemplate and OpenStackCluster #945
✨ Add OpenStackClusterTemplates Type #933
📖 Adjust README.md to fit v0.4.0 and bump k8s to v1.21.3 #944
✨ Add conversion for SecretReference to string #937
🐛 Wait for ports creation in ports e2e test #938
Use the kubernetesversions package of the cluster-api repo again #905
🐛 Remove the ttl flag from sshuttle invocation #941
Revert “reassociate Floating IP if first associate fails” #939
Add failure fields in OpestackCluster status section #893
✨ Add GET gophercloud metrics #932
reassociate Floating IP if first associate fails #930
✨ add description and tag to floating ips #925
🏃 sync linter settings with cluster-api repo and fix findings #923
Rename master to main #928
🏃 use amphora image from GCS in e2e tests #922
✨Update CAPI to v0.4.0 #919
📖 Upgrading a cluster without LBaaS is not supported #915
🐛 Don’t log nil error when AuthInfo is not set #916
🏃 Add test for custom port options feature #908
🐛 fixup release targets and update doc accordingly #903
🐛 Fix doc about external cloud provider #904
Add resource shortNames #894
🐛 fix release staging target #902
✨ Upgrade CAPI to v0.4.0-beta.0 #901
📖 Document custom ports feature #900
:sparkles: add predicates.ResourceIsNotExternallyManaged to cluster controller #897
✨ Add feature to create ports with custom options #876
Fix error logging for OpenStack instance creation #891
🐛 Fix event of associate/disassociate floating IP #880
Add some events related to load balancer #869
honor server group ID parm #881
Add metrics of gophercloud (POST,UPDATE and DELETE) actions #863
🏃 Validate OpenStackMachineTemplate spec.template.spec immutability #872
🏃 Refactor: use Service struct field more #871
Add seanschneeweiss as reviewer #874
Add chrischdi as reviewer #873
🏃 Add some events and refactor related to instance #862
Add more logs for LB creation #867
📖 Add doc related to log level #866
Upgrade to latest CAPI version (2021-05-07) #861
✨ api/v1alpha4 remove obsolete UserDataSecret field #865
✨ Add gophercloud request logs, fix contexts #860
✨ adjust loadbalancer wait.Backoff #853
🐛 Fix polling deleting instance #852
set image param as optional for boot from volume #851
Delete watching Status when deleting #846
bump tests to Kubernetes 1.20.6 #849
Wait for instance delete #845
Cleanup docs changes #838
📖 add documentation about postsubmit and nightly images/manifests #836
📖Add book build process #822
🐛 do not propagate the cloud field to clientconfig.AuthOptions #829
🐛 fix conversion-gen #827
🏃 Refactor/cleanup load balancer related code #835
🏃 Optimize devstack setup on GCP, add a script to setup a devstack on AWS #800
🏃 upgrade to latest CAPI version and upgrade/cleanup some other deps #833
🏃 Refactor: event consistency #828
🐛 fix path of uploaded artifacts #830
🏃 publish nightly artifacts #819
🏃 Reorder function variables #820
🏃 Refactor: Make getLoadBalancerName function #823
📖 Remove note about CI #821
📖 Update supported version of k8s in Readme #818
🏃 Test openstack key in our e2e tests #815
🏃 Remove neutron lbaas support #813
🐛 Delete bastion if basion.enabled=false #817
🏃 Improve ci script patching #812
🏃 Add e2e tests for all flavors #798
fix post-cluster-api-provider-openstack-push-images and add post-submit manifests #811
🐛 Fix configuration.md about bastion #810
🐛 fix post-cluster-api-provider-openstack-push-images #809
🏃 Update golangci-lint and fix most of the linter issues #797
📖 Update links for filing new issue #807
🏃 Remove unused release note section in the PR template #806
🐛 fix conversion gen #805
🏃 Implement conformance test via e2e test framework #782
🏃 Bump ginkgo version #803
🐛 InstanceExists should not do substring search on name #799
🐛 Make conversion-gen output location explicit #802
🏃 update yq commands to support yq V4 #792
🏃 Remove useOctavia from nonha template #795
🏃 Remove disablePortSecurity: false from template #793
🏃 goimports: fix import order, add local-prefix to linter #791
Update development guide #789
🏃 Add todos to PR template #786
✨ pkg/cloud/services/networking/securitygroups.go reimplement reconcilation #773
✨ Update klog dependency to v2 #779
🏃 migrate conformance test to Prow #759
📖 Update configuration doc #781
Initial impl v1alpha4 #748
Add support for failureDomain (AZ) for bastion #757
🐛Remove start.sh and restart.sh #761
Fix gate issue (test failure) #767
🏃 Update OWNERS files #766
Fix a doc typo #762
🏃 Update pull request template to use /hold per default #758
:sparkles: AccessSubnetUUID: we can specify source subnet for access IP address #756
🐛 use APIServerFloatingIP instead of ControlPlaneEndpoint.Host for LB #755
Refactory network functions (router.go==>network.go) #751
📖 improve RELEASE.md #747
Fix clusterctl config command #744
Update sync logic #736
Fix LoadBalancerMember creation #737
🐛 fix rbac aggregation manager role #743
🐛 Pass GOPROXY environment variable to Docker image build #740
🐛 Add NAMESPACE variable in cluster templates. #739
🏃 Revert Merge pull request #725 #733
🏃Remove unnecessary field in manager.yaml #729
Specify –metrics-bind-addr for CAPO manager #725
update openstack provider format from // to /// #727
🏃 Bump CAPI to v0.3.12 #724
🐛Ignore not found error when remove router interface #720
📖 Add instructions to use cluster template with load-balancer #703
Fix ca-file path in env.rc #716
move from 0.3.1 to 0.3.3 in the CI test #686
:bug: Fix domain_name and domain_id usage in env.rc #714
🏃 Refactor loadbalancer package #710
🏃Refactor create, delete instance #711
🏃 Move ncdc to emeritus status #708
:bug: Add SecurityGroup to Loadbalancerport when not using octavia #700
🐛 Fix SecurityGroupInUse error #705
Fix nil pointer error for Network #693
🏃 Add OpenStack version to bug report template #696
📖 fix getting log #697
🐛 Delete spec.disableServerTags of OpenStackCluster #692
✨ Align flag names with upstream Kubernetes components #690
update Make method to avoid mismatch #688
move to capi 0.3.11 #683
Add cluster-template-external-cloud-provider.yaml into release doc #682
Add openstack ussuri into support list #586
Switch CI from U to V release #680
Move log to creating place #673
set openstack cluster status for Bastion #671
📖 Update how to retrieve kubeconfig #677
✨ Add support for Tilt #666
nit: remove duplicate blanks #672
🐛 Fix to delete only automatically created floating IPs #669
fix location for env.rc file #665
Add doc update for boot from volume case #664
Add root volume support (put root volume into instance create param) #662
🐛 Update reference to the latest version of CAPO v0.3.1 #656
Remove USE_PYTHON3 #660
✨ Delete automatically created floating IP when deleting cluster #653
🏃 Cleanup unused variables #657
🏃 Delete spec.kubeadmConfigSpec.ntp.servers in cluster-template-without-lb.yaml #659
🏃 Bump Go to v1.13.15 in conformance pr job #658
🐛 Fix event message about port ID with associate Floating IP #655
Remove unnecessary colon #654
✨ My594 revised #590 #594 wrong parameter for a user provider network #610
📖 Update calico version in documentation #652
Add openStackMachine.Status.Addresses value #648
🏃 Bump CAPI to v0.3.10 #650
✨ Add events deleting resources #645
Add doc for how to move a cluster #630
📖 Update external cloud provider URL #646
Update configuration document #644
🏃 Bump Go to 1.13.15 #640
Add force move of secret cloud config #636
update cluster-api to 0.3.9 #639
Refactor creating/deleting instance #641
Add version into log #638
default concurrent reconcile from 1 to 10 #637
✨ Add bastion host to login the nodes and update non HA template #619
CI: Wget kubernetes binary be quiet #632
📖 Fix Link for external openstack template #629
Add tags to status #617
cleanup keys params #625
nit: update name of get output for openstackmachine #624
🏃 Add CAPO version to github issue template #623
🐛 Fix get openstackcluster to show ENDPOINT value #620
Rename to capoerrors #618
Remove Tag creation for ports and add description for it #596
Add application cred usage #599
switch to no-admin for CI test #606
🐛 Fix e2e test Kubernetes official binaries version #616
🏃 Update template for the external cloud provider #611
update openstack CI test version from T => U #605
✨ Use OpenStack key pair instead of KubeadmConfig spec #607
🏃 e2e test uses official Kubernetes version #613
🏃 Bump Cluster-API to v0.3.8 #615
Update e2e test and document of non lb case #608
✨Add external network discovery #573
nit: replace return with exit #602
📖 Add reference to the external cloud provider doc #600
🐛Update mtu size in Makefile #598
🏃 Add hidekazuna to reviewer #597
✨ Use external cloud provider #595
Add more logs for debug purpose #593
nit: Add default egress rule description #585
Add event for seucrity group #592
report error if security group not exist #583
Add doc tip for floating ip #575
📖 Update Required Configuration #576
🐛 Fix README.md #579
ignore router get return 404 error #571
Add generated security groups automatically #563
🐛 Invoke KUSTOMIZE in release-manifests #569
🐛 Show openstackcluster ENDPOINT #570
update doc about ssh security group #564
Remove APIServerLoadBalancerAdditionalPorts #561
🐛 Fix auto generate security groups #555
Make DisablePortSecurity compatible with platforms not using the port… #560
🏃 Update support for CAPI v0.3.5 #552
🐛 enable managedAPIServerLoadBalancer w/ existing network #548
🐛 Set up OPENSTACK_CLOUD environment variable in env.rc #550
reviewers: remove flaper87 #549
📖 Update Configuration doc #545
Add additional info when error occur #541
🐛 e2e test: switch to -bazel folder because bin folder has been removed #540
🐛 remove docker-build from build test #542
Add availability zone to be used by controller plane #537
🏃 Pr add prow test scripts #539
🐛 Fix updating to Cluster API v0.3.3 #538
🐛 Fix cluster-template.yaml #534
Add 1.18 support into list #536
🏃 Add Stein to v1alpha3 tested version #535
🏃 Add Zuul jobs for e2e conformance tests #491
🐛 use sec groups from the current project, wait for lb from last reconcile #523
🏃 Update to cluster-api v0.3.3, controller-tools v0.2.8 and controller-runtime v0.5.2 #532
✨ Delete router/network/subnet #522
✨ Add ServerGroupID to OpenStackMachineSpec #531
Fix cacert issue #527
avoid basename usage to avoid source action failure #529
Revert “Add kuryr support” #221
Full changelog
OCPBUGS-31419 , OCPBUGS-32461 , SDN-4243 : Downstream Merge 22nd April 2024 #2136 SDN-4458 : Do per-pod MCS/metadata blocking with nftables rather than iptables #1946 SDN-4606 , SDN-4688 : Downstream Merge April 18th 2024 #2132 OCPBUGS-31419 : [DownstreamMerge] 4-16-24 #2129 SDN-4403 : Downstream merge 20240415 #2124 OCPBUGS-25889 , OCPBUGS-29952 , SDN-3931 : Downstream merge 12 04 24 #2120 OCPBUGS-27093 , OCPBUGS-29511 , SDN-4157 : [DownstreamMerge] 4 April 2024 #2110 SDN-4157 : DownstreamMerge 25th march 2024 #2100 OCPBUGS-31557 : Revert “Remove unnecessary rhel8 build layer” #2104 OCPBUGS-24007 : Remove unnecessary rhel8 build layer #2083 OCPBUGS-27821 : [DownstreamMerge] 3-8-24 #2093 OCPBUGS-29350 , OCPBUGS-29389 , SDN-4542 : Downstream Merge 29th Feb 2024 #2089 OCPBUGS-17207 , OCPBUGS-28742 : Downstream Merge 22nd Feb 2024 #2081 OCPBUGS-12876 , OCPBUGS-13665 , OCPBUGS-23519 , OCPBUGS-28724 : Downstream Merge 15th Feb 2024 #2073 OCPBUGS-27093 : Dockerfile: Bump OVN to ovn-23.09.0-112.el9fdp #2066 OCPBUGS-27853 : [DownstreamMerge] 9 Feb 2024 #2063 OCPBUGS-20336 , OCPBUGS-28558 : [DownstreamMerge] 7 Feb 2024 #2057 USHIFT-2256 : updating ovn kubernetes microshift image to golang-1.21 #2051 OCPBUGS-20209 , OCPBUGS-20220 , OCPBUGS-22923 , OCPBUGS-24271 , OCPBUGS-26979 , OCPBUGS-27215 : Downstream Merge 2nd Feb 2024 #2048 OCPBUGS-22221 , OCPBUGS-24219 , OCPBUGS-25670 : Downstream Merge 31st Jan 2024 #2038 OCPBUGS-27933 : Updating ose-ovn-kubernetes-container image to be consistent with ART for 4.16 #2027 OCPBUGS-23430 , OCPBUGS-24363 , OCPBUGS-26023 , OCPBUGS-27211 : [DownstreamMerge] Merge 1-16-24 #2018 OCPBUGS-27285 : Dockerfile: Bump OVS to openvswitch3.1-3.1.0-73.el9fdp #1995 OCPBUGS-25030 : Updating ovn-kubernetes-microshift-container image to be consistent with ART #1979 OCPBUGS-18716 : [DownstreamMerge] 1-5-24 #2010 OCPBUGS-24965 : Updating ose-ovn-kubernetes-base-container image to be consistent with ART #1978 OCPBUGS-25810 : CARRY: Updates owners and adds Surya #2000 OCPBUGS-25032 : Updating ose-ovn-kubernetes-container image to be consistent with ART #1980 OCPBUGS-24055 , OCPBUGS-25394 , SDN-4194 : [DownstreamMerge] 14 Dec 2023 #1990 OCPBUGS-24322 , OCPBUGS-25357 : Dockerfile: Bump OVN to ovn-23.09.0-91.el9fdp #1986 OCPBUGS-22847 : Downstream merge 12-7-23 #1976 NP-618 , OCPBUGS-22847 , SDN-4124 , SDN-4149 , SDN-4150 : [DownstreamMerge] 1 Dec 2023 #1965 OCPBUGS-24014 : Downstream merge 28th November 2023 #1962 OCPBUGS-21773 : Downstream Merge 22nd November 2023 #1958 NHE-805 , OCPBUGS-19050 , OCPBUGS-22691 , OCPBUGS-22767 , SDN-4173 : [DownstreamMerge] 11 November 2023 #1952 OCPBUGS-16634 , OCPBUGS-19635 , OCPBUGS-20210 : Downstream Merge 24th October 2023 #1942 OCPBUGS-11710 : Downstream Merge 18th Oct 2023 #1939 OCPBUGS-15538 , OCPBUGS-19961 : Downstream merge 2023-10-10 #1935 OCPBUGS-14787 : Dockerfile: stop installing CNI plugins RPM #1702 OCPBUGS-19289 : Updating ose-ovn-kubernetes images to be consistent with ART #1884 OCPBUGS-20178 , OCPBUGS-20238 : Downstream merge 2023-10-09 #1931 OCPBUGS-16217 , OCPBUGS-18071 , OCPBUGS-18598 , OCPBUGS-19698 : DownStream Merge 4th October 2023 #1923 OCPBUGS-19900 : DownStream Merge: 29th-September-2023 #1919 OCPBUGS-18317 : DownStream Merge: 28th-September-2023 #1917 OCPBUGS-18162 , OCPBUGS-19792 , OCPBUGS-19836 : [DownstreamMerge] 9-27-23 #1911 OCPBUGS-17455 , OCPBUGS-17641 , OCPBUGS-18352 , OCPBUGS-18549 , OCPBUGS-19456 : [DownstreamMerge] 9-26-23 #1907 OCPBUGS-19013 : Dockerfile: Copy ovnkube-trace file for RHEL8 platform #1887 OCPBUGS-19501 : Add additonal certificate acceptance condition feature in ovnkube-ide… #1895 Add ovnkube-identity binary to the downstream image #1897
OCPBUGS-19288 : Updating ovn-kubernetes-microshift images to be consistent with ART #1883 OCPBUGS-19278 : Updating ovn-kubernetes-base images to be consistent with ART #1882 OCPBUGS-16641 , OCPBUGS-18572 , OCPBUGS-19331 : [DownstreamMerge] 9-18-23 #1885 OCPBUGS-19004 , OCPBUGS-19010 : Dockerfile: bump OVN to ovn23.09-23.09.0-beta.31.el9fdp #1875 OCPBUGS-18895,OCPBUGS-14549,OCPBUGS-18402 [DownstreamMerge] 9-11-23 #1868
OCPBUGS-18467 : Fix OVN SNATing on GR by enabling gateway_mtu on rtoe port of GR #1854 OCPBUGS-14709 , OCPBUGS-16617 , OCPBUGS-18603 : Bump to OVN 23.09 #1842 OCPBUGS-18378 : LGW: Fix the precedence of rules in FORWARD chain #1851 OCPBUGS-17773 : Perf increases to pod deletion #1847 OCPBUGS-17731 : move clearInitialNodeNetworkUnavailableCondition to clustermanager #1839 OCPBUGS-18110 : Fix encap port configuration for remote chassis #1836 OCPBUGS-17406 , OCPBUGS-17844 , OCPBUGS-17970 : [DownstreamMerge] 24 Aug 2023 #1833 OCPBUGS-17867 : CARRY: Removes restriction for ip scope universe on node ips #1822 8-16-23 #1820
OCPBUGS-17666 : Downstream Merge august 15th 2023 #1817 Downstream Merge 2023-8-10 #1813
OCPBUGS-17147 : [DownstreamMerge] 8 Aug 2023 #1803 Downstream Merge 2023-08-03 #1798
8-1-23 #1795
OCPBUGS-16767 , SDN-3507 , SDN-3733 : [DownstreamMerge] 7-27-23 #1789 OCPBUGS-15811 : SDN-3733: Downstream Merge: 25th July 2023 #1784 OCPBUGS-10650 , OCPBUGS-12747 , OCPBUGS-16413 , SDN-3732 , SDN-3733 : [DownstreamMerge] 7-19-23 #1750 Dockerfile: build both RHEL8 and RHEL9 shims #1760
SDN-3733 : [DownstreamMerge] 7-13-23 #1757 11 jul 23 #1752
07 jul 23 #1747
SDN-3993 : [DownstreamMerge] 06 jul 23 #1742 OCPBUGS-14632 : [DownstreamMerge] 30 jun 23 #1729 OCPBUGS-15127 : Dockerfile: bump to ovn 23.03.0-69 (for LB templates) and ovs 3.1.0-32 (upgrade perf) #1710 OCPBUGS-15523 : [DownstreamMerge] 6-27-23 #1726 OCPBUGS-15227 : [DownstreamMerge] 6-21-23 #1718 OCPBUGS-15226 : EgressIP: do not patch the status if the object no longer exists #1717 6-18-2023 #1714
OCPBUGS-14769 , SDN-3885 : Downstream Merge 13th June 2023 #1707 OCPBUGS-10592 , OCPBUGS-10841 , OCPBUGS-11180 , OCPBUGS-12747 , OCPBUGS-1715 , OCPBUGS-4370 , OCPBUGS-4485 , SDN-3733 , SDN-3838 , SDN-3840 : Downstream Merge 6th June 2023 #1697 OCPBUGS-12352 : Updating ovn-kubernetes-base images to be consistent with ART #1700 OCPBUGS-14636 : Fix Downstream Unit Tests #1696 OCPBUGS-12800 , OCPBUGS-13863 , OCPBUGS-14286 , OCPBUGS-14449 , OCPBUGS-4485 , SDN-3555 , SDN-3790 : Downstream Merge 1st June #1692 OCPBUGS-9825 : LoadBalancer Templates Merge Downstream: 25th May 2023 #1683 OCPBUGS-6013 : Call SyncEndpoints from AddService #1671 OCPBUGS-13716 : Use ovsver and ovnver to infer the short version numbers for ovs and ovn #1664 OCPBUGS-12971 : Fix bug that resulted in routes not be restored to a new vnic #1665 OCPBUGS-11567 : Check the status of a pod before trying to get its ip #1663 OCPBUGS-11716 : [release-4.14] Use loadbalancer.Name as client index #1652 OCPBUGS-11534 : Stack migration #1643 Remove no-longer-used rhel9-specific dockerfiles #1635
OCPBUGS-283 , OCPBUGS-3176 : Downstream merge 3rd April 2023 #1626 Updating ovn-kubernetes-microshift images to be consistent with ART #1620
OCPBUGS-6947 : CARRY: use “prefer local” for annotated services #1622 OCPBUGS-10839 , OCPBUGS-10962 : [DownstreamMerge] 28 March 2023 #1611 OCPBUGS-10485 : Bump OVS to 3.1.0-10 #1613 node: small downstream CARRY patch cleanup #1549
OCPBUGS-10889 , OCPBUGS-8473 : Downstream Merge [27-mar-2023] #1608 OCPBUGS-7932 , OCPBUGS-7988 , OCPBUGS-8080 , OCPBUGS-8278 , OCPBUGS-8280 , OCPBUGS-9990 : Downstream Merge [10-mar-2023] #1574 Dockerfiles: copy RHEL-9 bits over top of unused RHEL8 bits #1553
OCPBUGS-10395 : Bump OVN to disable CT flush #1590 Updating ovn-kubernetes-microshift images to be consistent with ART #1576
Updating ose-ovn-kubernetes images to be consistent with ART #1578
Updating ovn-kubernetes-base images to be consistent with ART #1575
OCPBUGS-8222 , OCPBUGS-8397 , OCPBUGS-8464 : [DownstreamMerge] 7 Mar 2023 #1556 OCPBUGS-7952 : Dockerfile: bump to ovn23.03-23.03.0-4.el9fdp for RHEL9 #1554 OCPBUGS-5889 : [DownstreamMerge] 2023-03-03 #1552 Removal of small code delta from upstream #1548
rhel9: bump to ovn23.03-23.03.0-preview.4 #1550
Downstream Merge [March 2nd 2023] #1551
2-28-23 #1546
OCPBUGS-2663, Bug 2091780, OCPBUGS-6739: Downstream merge 2023-02-20 #1533
rhel9: bump to openvswitch3.1-3.1.0-2.el9fdp #1544
OCPBUGS-7296 : Remove ICNIv1 from ovn-kubernetes #1531 Dockerfiles: switch to dnf #1539
iptables package is missing in microshift image #1530
Updating ovn-kubernetes-microshift images to be consistent with ART #1443
rhel9: no longer need to use iptables wrappers #1526
cleanup: drop redundant selinux-policy install in onvkube dockerfiles #1525
iptables: use container iptables, not the host’s #1481
rhel9: oc RPM does the kubectl symlink #1523
rhel9: no longer need python3-pyOpenSSL #1519
rhel9: remove stray oc install #1518
Add RHEL9 image Dockerfiles #1495
Downstream merge 2023-02-07 #1510
OCPBUGS-6953 , OCPBUGS-6955 : [Downstream Merge 6th Feb 2023] #1509 OCPBUGS-4909 : Dockerfile: bump OVN to 22.12.0-18 #1487 Bug 2078222, OCPBUGS-4119, OCPBUGS-5930, OCPBUGS-4425: [DownstreamMerge] 1-31-23 #1496
Bug 2047299, OCPBUGS-2337: [DownstreamMerge] 13 Jan 2023 #1474
Bug 2041746 : Bump OVN to 22.12.0-4 #1468 Bug 2075548 : [DownstreamMerge] 09 Jan 2023 #1466 15 Dec 2022 #1454
Updating ose-ovn-kubernetes images to be consistent with ART #1430
OCPBUGS-4825 : [DownstreamMerge] 12-14-22 #1449 OCPBUGS-4659 : [DownstreamMerge] - 12-12-22 #1437 Updating ovn-kubernetes-base images to be consistent with ART #1431
Fix product build issue with more straight forward bash #1432
OCPBUGS-4502 : Downstream Merge 7th-December-2022 [Support service session affinity timeout] #1418 OCBUGS-4502 : Dockerfile: bump OVN to 22.09.0-25 #1424 Update base image of Dockerfile #1239
OCPBUGS-3739 : [DownstreamMerge] 12-02-22 #1410 OCPBUGS-2319 : [DownstreamMerge] 11-30-22 #1405 OCPBUGS-799 : Bump OVN to 22.09.0-22 #1403 Bug OCPBUGS-1352: [DownstreamMerge] 11-18-22 #1400
Bug 2092567 : [Downstream Merge] 16/11/2022 #1381 OCPBUGS-3797 : [4.13] Dockerfile: bump OVS to 2.17.0-62.el8fdp #1362 OCPBUGS-3292 : downstream windows fixes #1377 Update images to be consistent with ART #1371
Downstream merge 11-08-2022 #1364
EIP: remove downstream’s duplicate node delete test #1358
SDN-3589 : downstream merge 11-02-2022 #1355 OCPBUGS-2770 : Allow empty nexthop in L3GatewayConfig node annotation #1337 OCPBUGS-2569 : Fix netpol races #1323 OCPBUGS-1427 : Ignore non-ready endpoints when processing endpointslices #1330 OCPBUGS-2826 : ovnkube-trace: Fix ofproto/trace for IPv6 #1338 OCPBUGS-1520 : Fixes SNAT-ing Logic for EgressIPs #1331 OCPBUGS-1520 : Prioritize adding events to handlers for shared resources #1333 OCPBUGS-1643 : Add logging verbosity to configuring OVN logs #1324 OCPBUGS-2175 : Allocate Hybrid Overlay IP on node updates too #1319 OCPBUGS-2004 : egress IP: fix log when gRPC connection fails #1304 OCPBUGS-2176 : add endpointSlice informer in master process #1302 OCPBUGS-2085 : CARRY: Dockerfile.base: bump to openvswitch2.17.0-37.4.el8fdp #1298 OCPBUGS-1705 : Don’t use ACL names ever! #1300 Dockerfile: bump to ovn22.09-22.09.0-5.el8fdp #1284
9-23-22 b - dualstack fixed #1289
OCPBUGS-1705 : Trim ACL names according to RFC1123 #1281 OCPBUGS-1553 : Dockerfile: bump to openvswitch2.17.0-37.4.el8fdp #1273 Use iptables-restore to add MCS/metadata blocking in the pod #1262
9-12-22 merge #1267
9-7-22 merge #1264
9-2-22 merge #1263
OCPBUGS-165 : [DownstreamMerge] 8-29-2022 merge #1255 8-25-2022 #1253
revert endpoints #1248
8-8-2022 #1237
Fix ovn version in Dockerfile.base #1236
Introduce ovn-kubernetes-{base|singlenode} images #1213
Bug 2109945 : [Downstream Merge: 04-08-2022] #1231 Bug 2111534 : Downstream Merge: 27-07-2022 #1214 Updating ose-ovn-kubernetes images to be consistent with ART #1174
Bug 2111733 : Bump OVN to 22.06.0-27 #1222 OCPBUGSM-45393 : Bug 2078691: [Downstream Merge] 22-07-2022 #1210 4.12 initial merge from upstream: 7-18-22 #1205
Bug 2106862 : Append the SNAT rule in management chain #1199 Bug 2095444 : EGW: Clean Stale Conntrack Entries #1189 Bug 2106298 : populate sock address for ovndb connection in unix mode #1188 Bug 2100507 : Remove redundant log lines in obj_retry.go #1162 Bug 2097243 : Fix egressips for pods recreated with same name #1169 Bug 2097221 : Dockerfile: bump to ovn22.06-22.06.0-7.el8fdp #1170 Bug 2091238 : Fix Panic in Network Policy deletion #1166 Bug 2100220 : Fix completed pods releasing IP address on update #1158 Bug 2089807 : Release Leader election lock on errors #1167 Bug 2100249 : Revert “Bug 2082599: add upper bound to number of failed attempts” #1161 Bug 2085089 : Add support for enabling UDP packet aggregation on veth interfaces #1129 Bug 2099755 : Add new EgressIP config option “egressip-reachability-total-timeout” #1156 Bug 2073378 : Add node name into egress ip status for the removal #1114 Bug 2079012 : Fix egressIP object deletion if the node is deleted first #1143 Bug 2089392 : Update logging for specific policy when creating it #1145 Bug 2082599 : add upper bound to number of failed attempts #1147 Bug 2094088 : Fixes Updating non-default columns as well as libovsdb fixes for empty values #1146 [release 4.11] Bug 2092579: pods: deleteLogicalPort should not fail if port is already deleted #1123
Bug 2092889 : update all egress ACLs’ direction to “from-lport” #1128 Bug 2089716 : Downstream fix for OVN-Kube node cardinality #1135 Bug 2095113 : Dockerfile: bump to openvswitch2.17-2.17.0-22.el8fdp #1117 Bug 2094039 : egressIP: node retrieval failure is not respected, causes panic #1130 Bug 2093396 : Remove node-tainting for too-small MTU #1127 Bug 2091634 : Use ovs-appctl dpctl/* instead of ovs-dpctl #1118 Bug 2091990 : fix lflow-cache-limit-kb ovs external-id #1116 Bug 2070674 : improve performance of service sync #1110 Bug 2092473 : libovsdb perf backports #1119 Bug 2089930 : Dockerfile: bump OVN to ovn22.06 #1102 Bug 2090843 : addLogicalPort() optimization cherry-picks #1109 Bug 2090537 : OVNDBManager: Retry migrations #1108 Bug 2081069 : Bumps OVN to 22.03.0-37.el8fdp #1100 Bug 2086851 : enable exportloopref linter and fix violations #1092 Bug 2084249 : [DownstreamMerge] 5-12-22 #1090 Bug 2077357 : Bump OVN to ovn22.03-22.03.0-24 #1052 5-4-22 #1081
Bug 2070929 : Downstream Merge: 04-05-2022 #1078 Bug 2079439 : [DownstreamMerge] 4-29-22 #1064 Downstream Merge 25-04-2022 #1050
Bug 2023691 : Downstream merge 2022-04-22 #1049 Bug 2072134 : [DownstreamMerge] 4-18-22 #1040 Dockerfile: bump to OVS 2.17 #1031
Fix gofmt for downstream files #1028
Bug 2026461 : 4-4-22 merge #1010 Bug 2047710 : Bump OVS version to 2.16.0-57.el8fdp #980 Downstream merge 2022-03-22 #1006
Bug 2063321 : [DownstreamMerge] Downstream merge 17-03-2022 #1000 Bug 2060549 : Downstream merge 3-8-22 #989 Bug 2052975 : Downstream merge 07-03-2022 #988 Merge 3-4-22 #987
Bug 2052975 : Bump OVN to ovn-2021-21.12.0-30.el8fdp #982 Bug 2052398 : [DownstreamMerge] 2-25-22 #975 Bump OVS to 2.16.0-53.el8fdp #968
Bug 2048538 : [DownstreamMerge] 2-22-22 #966 Bug 2045577 : Bump OVN to ovn-2021-21.12.0-15.el8fdp #958 Bug 2048538 : [DownstreamMerge] 2-14-22 #956 Bug 2011525 : [DownstreamMerge] Downstream merge 08-02-2022 #947 Update project owners #950
Downstream merge 2-1-22 #940
Bug 2040357 : Dockerfile: bump OVN to ovn-2021-21.12.0-11.el8fdp #902 Bug 2039253 : avoid passing duplicate Flow endpoints to ovs-vsctl #930 Bug 2031926 : Shared gateway: Modification of ClusterIPs shall trigger svc update #924 Bug 2042001 : Adds wait method for ovsdb operations that created named objects #934 Bug 2044303 : Fix update of CloudPrivateIPConfig #923 Bug 2046297 : libovsdb: give connects more time to process than normal transactions #931 Bug 2044680 : libovsdb performance and resource consumption fixes #927 Bug 2017650 : EF: Pull up switch names from cache #908 Bug 2025467 : ETP=local,SGW: Add DNAT rule towards 169.254.169.3 #907 Bug 2043961 : Fix pod-creation-retry #926 Bug 2040540 : Fix String formatting error #904 Clean up OWNERS a bit #919
Bug 2039880 : Metrics: Increase log level for CP recorder #899 Bug 2039099 : EgressIP fixes for 4.10 #917 Bug 2032998 : perf/scale backports #911 Bug 2034577 : Set l3GWConfig.mode correctly #909 Bug 2034155 : Make egressIPs compatible with ICNI #915 Bug 2029742 : egressip: fix usage of clientModel doAfter #910 Bug 2041830 : Fix panic in Hybrid Overlay #913 Bug 2039698 : Hacky way of doing ITP:preferLocal for openshift-dns:default #896 Bug 2039516 : Dockerfile: bump OVN to ovn21.12-21.12.0-25 #883 Bug 2022536 : Validate ExGW Cache and fix cache keys #895 Bug 2031012 : Create iptables NAT rules also for loadbalancer services #888 Bug 2033728 : Dockerfile: bump OVS to 2.16.0-33.el8fdp #833 Merge 21-12-16 #875
Block access to metadata service based on platform type #873
Downstream merge 2021-12-10 #871
21-12-9 #869
Merge 21-12-7 #867
ovn: bump to ovn21.12-21.12.0-24.el8fdp #818
03-12-2021 #863
Bug 2019809 : [DownstreamMerge] 11-29-21 #851 Bug 2009873 : [4.10.0] Avoid stale annotations by re-subscribing to netlink #843 Revert revert #834
Revert “[DownstreamMerge] Fix previous downstream merge” #831
Fix previous downstream merge #812
Bug 2017909 : EgressGW: only return unique elements from getRouteInfosForGateway() #816 Revert #796 and #807 #810
fixup: reduce delta from upstream #807
Merge 2021-10-13 #796
CARRY: go-ovn: prevent deadlock processing Updates during initial DB dump #800
Bug 2016479 : Update iface-id-ver for existing ports #802 Bug 1987445 : Fix gateway routers answer ARP/NDP requests for LoadBalancer/ExternalIP services #793 Bug 2011386 : pods: fix overwriting returned error from defer() #787 Bug 2007443 : bump OVN to ovn21.09-21.09.0-20.el8fdp #784 pods: remove unnecessary LSPGet() calls #781
Bug 1959352 : phase 2 scale improvements #750 ovs: bump to 2.16.0-15.el8fdp #775
Bug 2006325 : Bump OVN to ovn21.09-21.09.0-19.el8fdp #768 Updating ose-ovn-kubernetes images to be consistent with ART #744
Bug 1999261 : filter out KubeAPIAuth when logging CNI requests #742 Bug 2002010 : Fixes skipping pods accidentally in retry #739 Bug 2000057 : panic after EgressFirewall deletion and DNS record expiration #741 Bug 2003195 : Ensure host interfaces are deleted by CNI #738 Fix bad merge on egressip test #732
Bug 2002372 : Fixes misuse of pod annotations during update event #735 Bug 1995335 : Add “iface-id-ver=${POD_UID}” tuple to the external-ids of logical and OVS ports #729 Bug 1903408 : Merge externalTrafficPolicy ONLY #663 Bug 1976399 : DBChecker: reconcile the election timeouts when specified #647 Bug 1998614 : Ensure client handling of canceled/dropped OVSDB monitor #717 Bug 1997438 : egressfirewall not set after upgrade #716 Bug 1998423 : kube master don’t fail trying to cache same GW LRP IPs as already exist #705 Bug 1986946 : Fix ensurePod to call addPodExternalGW only for annotation updates #691 Bug 2000721 : bump OVS userland to openvswitch2.16-2.16.0-6.el8fdp #714 Bug 1999852 : bump OVN to ovn21.09-21.09.0-18.el8fdp #704 Bug 1999138 : Revert “Taint node with NoSchedule effect when ovnkube pod is down” #708 README: Add doc links #669
Bug 1998146 : Fix lb delete during node deletion #698 Bug 1962344 : Use DGP to connect logical switches to the cluster router. #688 Bug 1997270 : bump OVN to ovn21.09-21.09.0-15.el8fdp #685 Bug 1995816 : [4.9] backport “attempting to reduce cardinality in the interest of memory performance” #672 Bug 1997114 : Fixes ensure address set #684 Bug 1994647 : Add quotes around nexthop and dst-ip fields #677 Bug 1973215 : fix reserve joinSwitch LRP IPs #679 Bug 1989615 : Fix GetPortAddresses for HBO #670 Bug 1943334 : Taint node with NoSchedule when ovnkube pod is down #671 Bug 1995330 : Cherry-pick of per-service loadbalancers #666 Bug 1959352 : scale fixes 1 #667 Bug 1978797 : Sync exgw routes on startup #658 Bug 1994069 : bump OVN to ovn21.09-21.09.0-13.el8fdp #659 Bug 1976215 : Fix: sync egress IP for missed events on start-up #655 Bug 1991793 : [4.9] bump OVN to ovn21.09-21.09.0-12.el8fdp #652 Bug 1989694 : Bump OVN to ovn21.09-21.09.0-10.el8fdp #643 Bug 1986440 : Bump OVN to ovn21.09-21.09.0-9.el8fdp #630 Bug 1986443 : Fix pod handler race downstream #628 Bump OVN to ovn21.09-21.09.0-8.el8fdp #621
Bump OVS to openvswitch2.15-2.15.0-28.el8fdp #622
Bug 1985512 : Add v6 management interface address for host network policy #623 Merge 2021-07-21 2nd #619
Merge 2021-07-18 #609
Bug 1973286 : Merge 2021-07-06 #600 Bug 1973813 : 6-21-2021 merge #582 Updating ose-ovn-kubernetes images to be consistent with ART #578
Bug 1972287 : 6-17-21 merge #579 add JacobTanenbaum to the list of approvers #544
Bug 1958375 : Bump OVN to 20.12.0-140.el8fdp #580 Updating .ci-operator.yaml build_root_image from openshift/release #574
Full changelog
MON-3825 : Bump openshift/prometheus to v2.51.2 #200 MON-3825 : Bump openshift/prometheus to v2.51.2 #199 MON-3794 : Bump openshift/prometheus to v2.51.1 #198 MON-3794 : Bump openshift/prometheus to v2.50.1 #196 OCPBUGS-29981 : Updating golang-github-prometheus-prometheus-container image to be consistent with ART for 4.16 #197 MON-3673 : [bot] Bump openshift/prometheus to v2.49.1 #193 MON-3676 : move raptorsun out of reviewer list #194 MON-3673 : Bump Prometheus to v2.49.1 #192 MON-3633 : Bump openshift/prometheus to v2.48.1 #188 OCPBUGS-24745 : Updating golang-github-prometheus-prometheus-container image to be consistent with ART #187 MON-3528 : [bot] Bump openshift/prometheus to v2.48.0 #186 OCPBUGS-22743 : bump Prometheus to 2.48.0 (manual) #185 Bump openshift/prometheus to v2.47.2 #181
Bump openshift/prometheus to v2.47.2 #180
Bump openshift/prometheus to v2.47.2 #179
OCPBUGS-21633 : update golang.org/x/net to v0.17.0 #173 update OWNERS file #172
Bump openshift/prometheus to v2.47.0 #168
OCPBUGS-18846 : Updating golang-github-prometheus-prometheus images to be consistent with ART #169 Bump openshift/prometheus to v2.46.0 #167
Bump openshift/prometheus to v2.45.0 #166
Bump openshift/prometheus to v2.44.0 #164
Dockerfile.ocp: update note about UI assets after switching to embed #165
OCPBUGS-12996 : Add missing assets after manual merge #162 OCPBUGS-12825 : Updating golang-github-prometheus-prometheus images to be consistent with ART #160 Bump openshift/prometheus to v2.43.0 #158
Updating golang-github-prometheus-prometheus images to be consistent with ART #156
Bump openshift/prometheus to v2.42.0 #154
Bump openshift/prometheus to v2.41.0 #153
Bump openshift/prometheus to v2.40.7 #152
Bump openshift/prometheus to v2.40.6 #151
Bump openshift/prometheus to v2.40.5 #150
OCPBUGS-4273 : Bump openshift/prometheus to v2.40.4 #148 OCPBUGS-2873 : fix certificate reloads after rotation #145 Updating golang-github-prometheus-prometheus images to be consistent with ART #147
Revert unwanted downstream patch #144
OCPBUGS-1718 : [bot] Bump openshift/prometheus to v2.39.1 #142 Updating golang-github-prometheus-prometheus images to be consistent with ART #141
Bump openshift/prometheus to v2.38.0 #140
OWNERS: Add myself, and move former team members to emeritus #139
Updating golang-github-prometheus-prometheus images to be consistent with ART #137
Bump openshift/prometheus to v2.37.0 #138
Bug 2099561 : Bump openshift/prometheus to v2.36.2 #136 Bug 2064984 : Update Prometheus to v2.36.1 #133 Updating golang-github-prometheus-prometheus images to be consistent with ART #132
web/ui/.gitignore: unignore generated assets for downstream build #130
Bump openshift/prometheus to v2.35.0 #128
Updates OWNERS file #124
Bump openshift/prometheus to v2.34.0 #123
Bump openshift/prometheus to v2.33.5 #122
Bug 2056802 : scrape: Fix label_limits cache usage #121 Bump openshift/prometheus to v2.33.4 #120
Updating golang-github-prometheus-prometheus images to be consistent with ART #119
Bug 2034192 : [bot] Bump openshift/prometheus to v2.32.1 #117 Don’t use dependabot #115
Bump openshift/prometheus to v2.32.0 #104
Bump openshift/prometheus to v2.31.1 #103
Update scripts/rh-manifest.sh replacing yarn by npm #99
Updating golang-github-prometheus-prometheus images to be consistent with ART #102
OWNERS: cleanup #101
Bump v2.30.3 #98
Bug 1943860 : Bump 2.30.0 #96 Updating golang-github-prometheus-prometheus images to be consistent with ART #94
openshift: Add script to generate rh-manifest.txt #90
Updating golang-github-prometheus-prometheus images to be consistent with ART #93
Bug 1999397 : Bump 2.29.2 #92 Bug 1986243 : bump 2.29 #91 Bug 1934324 : Update to 2.28.1 #89 Updating golang-github-prometheus-prometheus images to be consistent with ART #88
Update OWNERS file to reflect new maintainers #87
Full changelog
MON-3838 : Bump openshift/prometheus-operator to v0.73.2 #286 OCPBUGS-31847 : Bump openshift/prometheus-operator to v0.73.1 #285 MON-3793 : Bump openshift/prometheus-operator to v0.73.0 #284 MON-3771 : Bump openshift/prometheus-operator to v0.72.0 #281 OCPBUGS-29304 : fix: don’t fail metadata transform on unknown types (#6298) #277 OCPBUGS-28251 : fix: convert continue field between v1beta1 and v1alpha1 #275 MON-3689 : Bump openshift/prometheus-operator to v0.71.2 #274 MON-3689 : Bump openshift/prometheus-operator to v0.71.1 #273 MON-3676 : move raptorsun out of reviewer list #272 MON-3661 : Bump openshift/prometheus-operator to v0.71.0 #271 OCPBUGS-26147 : configure Snyk scanner #269 OCPBUGS-25560 : Updating prometheus-config-reloader-container image to be consistent with ART #270 OCPBUGS-24947 : Updating prometheus-operator-admission-webhook-container image to be consistent with ART #266 OCPBUGS-24914 : Updating prometheus-config-reloader-container image to be consistent with ART #268 OCPBUGS-24914 : Updating prometheus-config-reloader-container image to be consistent with ART #265 OCPBUGS-24872 : Updating prometheus-operator-container image to be consistent with ART #264 OCPBUGS-24323 : Bump openshift/prometheus-operator to v0.70.0 #263 OCPBUGS-24126 : Updating prometheus-operator-admission-webhook-container image to be consistent with ART #260 OCPBUGS-24073 : Updating prometheus-operator-container image to be consistent with ART #258 OCPBUGS-24105 : Updating prometheus-config-reloader-container image to be consistent with ART #259 MON-3479 : [bot] Bump openshift/prometheus-operator to v0.69.1 #256 OCPBUGS-18707 : [bot] Bump openshift/prometheus-operator to v0.69.0 #255 OCPBUGS-22946 : fix: remove verbose logging admission-webhook #254 OCPBUGS-21637 : fix: disable HTTP2 connections by default #252 OCPBUGS-21637 : Bump golang.org/x/net to v0.17.0 #246 update OWNERS file #245
OCPBUGS-19108 : Updating prometheus-operator images to be consistent with ART #242 OCPBUGS-19204 : Updating prometheus-operator-admission-webhook images to be consistent with ART #244 OCPBUGS-19174 : Updating prometheus-config-reloader images to be consistent with ART #243 : Bump openshift/prometheus-operator to v0.68.0 #241
Bump openshift/prometheus-operator to v0.67.1 #240
Bump openshift/prometheus-operator to v0.67.0 #239
OCPBUGS-14466 : bump openshift/prometheus-operator to v0.66.0 #236 OCPBUGS-14033 : cmd/prometheus-config-reloader: add SIGTERM handler #234 OCPBUGS-1626 : [bot] Bump openshift/prometheus-operator to v0.65.1 #233 OCPBUGS-12324 : Update 4.14 prometheus-config-reloader image to be consistent with ART #230 Updating prometheus-operator images to be consistent with ART #229
Updating prometheus-config-reloader images to be consistent with ART #227
Updating prometheus-operator-admission-webhook images to be consistent with ART #226
Updating prometheus-config-reloader images to be consistent with ART #225
OCPBUGS-10109 : Updating openshift-state-metrics images to be consistent with ART #221 OCPBUGS-10137 : Updating openshift-state-metrics images to be consistent with ART #222 Updating prometheus-operator images to be consistent with ART #220
OCPBUGS-6055 : [bot] Bump openshift/prometheus-operator to v0.63.0 #216 Bump openshift/prometheus-operator to v0.62.0 #215
Updating prometheus-operator-admission-webhook images to be consistent with ART #214
Updating prometheus-config-reloader images to be consistent with ART #213
Updating prometheus-operator images to be consistent with ART #212
OCPBUGS-2778 : [bot] Bump openshift/prometheus-operator to v0.61.1 #209 Bump openshift/prometheus-operator to v0.60.1 #208
Bump openshift/prometheus-operator to v0.60.0 #207
Updating prometheus-operator-admission-webhook images to be consistent with ART #206
Updating prometheus-config-reloader images to be consistent with ART #205
Bump openshift/prometheus-operator to v0.59.2 #203
Bump openshift/prometheus-operator to v0.59.1 #200
OWNERS: Add myself, and move former team members to emeritus #198
Bump openshift/prometheus-operator to v0.58.0 #197
Updating prometheus-operator-admission-webhook images to be consistent with ART #195
Updating prometheus-config-reloader images to be consistent with ART #194
Updating prometheus-operator images to be consistent with ART #193
Bug 2097716 : pkg/apis/monitoring/v1beta1: fix httpConfig conversion #191 Bug 2091595 : bump to Prometheus operator v0.57.0 #190 Bug 2079679 : pkg/prometheus: fix curl exec probe #189 Revert “Bug 2091595: Bump openshift/prometheus-operator to v0.56.3” #188
Bug 2091595 : Bump openshift/prometheus-operator to v0.56.3 #185 Updating prometheus-operator-admission-webhook images to be consistent with ART #180
Updating prometheus-config-reloader images to be consistent with ART #178
Bug 2084288 : Revert “Bump openshift/prometheus-operator to v0.56.2” #177 Updating prometheus-operator images to be consistent with ART #176
Bump openshift/prometheus-operator to v0.56.2 #174
Revert “Bump openshift/prometheus-operator to v0.56.1” #171
Bump openshift/prometheus-operator to v0.56.1 #170
Add myself to OWNER file #166
Bug 2079679 : Revert “[bot] Bump openshift/prometheus-operator to v0.56.0” #168 Bump openshift/prometheus-operator to v0.56.0 #165
Bump openshift/prometheus-operator to v0.55.1 #164
Bump openshift/prometheus-operator to v0.55.0 #162
Fix typo in admission webhook bin output #163
Add Dockerfile and targets for standalone admission webhook image #160
Standalone webhook server #159
Bump openshift/prometheus-operator to v0.54.1 #158
Updating prometheus-config-reloader images to be consistent with ART #155
Bump openshift/prometheus-operator to v0.54.0 #151
Updating prometheus-operator images to be consistent with ART #154
Bug 2030539 : Address race condition in recreate flow for statefulset #152 Bug 2036717 : [bot] Bump openshift/prometheus-operator to v0.53.1 #147 Bump openshift/prometheus-operator to v0.53.0 #146
Release 0.52 #141
Updating prometheus-config-reloader images to be consistent with ART #144
OWNERS: cleanup #140
Bump v0.51.2 #139
Updating prometheus-operator images to be consistent with ART #136
Bump to v0.50.0 #133
Updating prometheus-config-reloader images to be consistent with ART #135
Updating prometheus-operator images to be consistent with ART #134
Bug 1977435 : Bump prometheus-operator to v0.49.0 #131 Updating prometheus-config-reloader images to be consistent with ART #130
Updating prometheus-operator images to be consistent with ART #129
Update OWNERS file to reflect new maintainers #127
Updating .ci-operator.yaml build_root_image from openshift/release #128
Full changelog
Source code for this page located on github