Fix perm errors with selinux enabled #134
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: derekwaynecarr If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
size/S
|
there are other perm errors i am still seeing on etcd machine, working my way through them |
|
/assign @crawford |
|
@derekwaynecarr Once you've tracked down all of the issues, can you also bump the hardcoded AMI in the release repo? |
|
@crawford - i am unable to resolve issues i see on the etcd0 machine, but this fixes the master0 so would like to merge this and do the rest as follow-on. WDYT? |
|
@derekwaynecarr Sounds good. I'm close to opening a PR that removes the etcd nodes altogether, so it might be easier to see if my change is adequate. |
|
@derekwaynecarr Can you cherry-pick 11dcec2 onto this? That'll bring in all of your changes to the operators. |
This includes the fixes needed to work with SELinux.
derekwaynecarr
force-pushed
the
fix-selinux
branch
from
586ff2b
to
06ceaee
Compare
openshift-ci-robot
added
size/M
|
@crawford -- all set, i do not see selinux errors on etcd0 as well. |
|
The e2e-aws error was: Maybe that was a flake? /retest |
|
@derekwaynecarr: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Similar route-gateway issue this time: |
|
Hmm, just tried these patches here, and I still see the following denials on |
|
Fixing checkpointer and others in this PR (other repo)
coreos-inc/tectonic-operators#440 (comment)
…On Wed, Aug 22, 2018 at 5:20 PM Jonathan Lebon ***@***.***> wrote:
Hmm, just tried these patches here, and I still see the following denials
on master0:
Aug 22 21:16:12 test1-master-0 kernel: type=1400 audit(1534972572.365:3): avc: denied { write } for pid=2978 comm="checkpoint" name="lock" dev="tmpfs" ino=7219 scontext=system_u:system_r:container_t:s0:c5,c64 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
Aug 22 21:16:12 test1-master-0 kernel: type=1400 audit(1534972572.375:4): avc: denied { add_name } for pid=2978 comm="checkpoint" name="pod-checkpointer.lock" scontext=system_u:system_r:container_t:s0:c5,c64 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
Aug 22 21:16:12 test1-master-0 kernel: type=1400 audit(1534972572.386:5): avc: denied { create } for pid=2978 comm="checkpoint" name="pod-checkpointer.lock" scontext=system_u:system_r:container_t:s0:c5,c64 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
Aug 22 21:16:12 test1-master-0 kernel: type=1400 audit(1534972572.400:6): avc: denied { read write open } for pid=2978 comm="checkpoint" path="/run/lock/pod-checkpointer.lock" dev="tmpfs" ino=50756 scontext=system_u:system_r:container_t:s0:c5,c64 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
Aug 22 21:16:12 test1-master-0 kernel: type=1400 audit(1534972572.419:7): avc: denied { lock } for pid=2978 comm="checkpoint" path="/run/lock/pod-checkpointer.lock" dev="tmpfs" ino=50756 scontext=system_u:system_r:container_t:s0:c5,c64 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
Aug 22 21:16:17 test1-master-0 kernel: type=1400 audit(1534972577.192:8): avc: denied { read } for pid=2863 comm="hypershift" name="ca-bundle.crt" dev="dm-0" ino=6447543 scontext=system_u:system_r:container_t:s0:c569,c810 tcontext=system_u:object_r:cert_t:s0 tclass=lnk_file
Aug 22 21:16:17 test1-master-0 kernel: type=1400 audit(1534972577.210:9): avc: denied { read } for pid=2863 comm="hypershift" name="certs" dev="dm-0" ino=6447541 scontext=system_u:system_r:container_t:s0:c569,c810 tcontext=system_u:object_r:cert_t:s0 tclass=dir
Aug 22 21:16:17 test1-master-0 kernel: type=1400 audit(1534972577.215:10): avc: denied { read } for pid=2863 comm="hypershift" name="Makefile" dev="dm-0" ino=6447542 scontext=system_u:system_r:container_t:s0:c569,c810 tcontext=system_u:object_r:cert_t:s0 tclass=file
Aug 22 21:16:17 test1-master-0 kernel: type=1400 audit(1534972577.220:11): avc: denied { open } for pid=2863 comm="hypershift" path="/etc/pki/tls/certs/Makefile" dev="dm-0" ino=6447542 scontext=system_u:system_r:container_t:s0:c569,c810 tcontext=system_u:object_r:cert_t:s0 tclass=file
Aug 22 21:16:20 test1-master-0 kernel: type=1400 audit(1534972580.174:12): avc: denied { read write } for pid=3169 comm="checkpoint" name="pod-checkpointer.lock" dev="tmpfs" ino=50756 scontext=system_u:system_r:container_t:s0:c76,c248 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
Aug 22 21:16:20 test1-master-0 kernel: type=1400 audit(1534972580.186:13): avc: denied { open } for pid=3169 comm="checkpoint" path="/run/lock/pod-checkpointer.lock" dev="tmpfs" ino=50756 scontext=system_u:system_r:container_t:s0:c76,c248 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
Aug 22 21:16:20 test1-master-0 kernel: type=1400 audit(1534972580.203:14): avc: denied { lock } for pid=3169 comm="checkpoint" path="/run/lock/pod-checkpointer.lock" dev="tmpfs" ino=50756 scontext=system_u:system_r:container_t:s0:c76,c248 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#134 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AF8dbD_fk48_EggsWp8HqX9wRh4RtZ-Jks5uTcr_gaJpZM4V-OEG>
.
|
|
Merged via #151 (which added some more e2e-aws fixes on top of this branch). |
wking
added a commit
to wking/openshift-installer
that referenced
this pull request
Aug 24, 2018
Like we did in bootkube.sh in 0fa4eb1 (Fix perm errors with selinux enabled, 2018-08-15, openshift#134). This gives us permission to access the mounted volume when SELinux is enabled (docs in [1]). I've also normalized these invocations for consistency between the various hack/ scripts: * Adding slash separators to put each option on its own line, excepting the final command being run in the container. This makes the long commands slightly easier to skim. It will also make it easier to track down motivation for an option with 'git blame', because commits touching options on other lines won't clutter the blame. * Use long-form options (-v -> --volume, etc.). This makes the options a bit more accessible to newcomers, and now that each option is on it's own line we have plenty of space. * Dropped single quotes from 'TRUE'. There are no shell-sensitive characters in TRUE, so there's no need to quote it. * Use ${PWD} consistently. It's in POSIX [2], so there's no need to execute a pwd process to get this value. [1]: https://github.com/containers/libpod/blame/v0.8.3/docs/podman-run.1.md#L628 [2]: http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03
wking
added a commit
to wking/openshift-installer
that referenced
this pull request
Aug 24, 2018
Like we did in bootkube.sh in 0fa4eb1 (Fix perm errors with selinux enabled, 2018-08-15, openshift#134). This gives us permission to access the mounted volume when SELinux is enabled (docs in [1]). I've also normalized these invocations for consistency between the various hack/ scripts: * Adding slash separators to put each option on its own line, excepting the final command being run in the container. This makes the long commands slightly easier to skim. It will also make it easier to track down motivation for an option with 'git blame', because commits touching options on other lines won't clutter the blame. * Use long-form options (-v -> --volume, etc.). This makes the options a bit more accessible to newcomers, and now that each option is on it's own line we have plenty of space. * Dropped single quotes from 'TRUE'. There are no shell-sensitive characters in TRUE, so there's no need to quote it. * Use ${PWD} consistently. It's in POSIX [2], so there's no need to execute a pwd process to get this value. * Drop -t. None of these commands should need a pseudoterminal. [1]: https://github.com/containers/libpod/blame/v0.8.3/docs/podman-run.1.md#L628 [2]: http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03
wking
added a commit
to wking/openshift-installer
that referenced
this pull request
Aug 24, 2018
Like we did in bootkube.sh in 0fa4eb1 (Fix perm errors with selinux enabled, 2018-08-15, openshift#134). This gives us permission to access the mounted volume when SELinux is enabled (docs in [1]). I've also normalized these invocations for consistency between the various hack/ scripts: * Adding slash separators to put each option on its own line, excepting the final command being run in the container. This makes the long commands slightly easier to skim. It will also make it easier to track down motivation for an option with 'git blame', because commits touching options on other lines won't clutter the blame. * Use long-form options (-v -> --volume, etc.). This makes the options a bit more accessible to newcomers, and now that each option is on it's own line we have plenty of space. * Dropped single quotes from 'TRUE'. There are no shell-sensitive characters in TRUE, so there's no need to quote it. * Use ${PWD} consistently. It's in POSIX [2], so there's no need to execute a pwd process to get this value. * Drop -t. None of these commands should need a pseudoterminal. * Drop explicit rw --volume options. They're the default [3]. [1]: https://github.com/containers/libpod/blame/v0.8.3/docs/podman-run.1.md#L628 [2]: http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03 [3]: https://github.com/containers/libpod/blame/v0.8.3/docs/podman-run.1.md#L646
wking
added a commit
to wking/openshift-installer
that referenced
this pull request
Aug 27, 2018
Like we did in bootkube.sh in 0fa4eb1 (Fix perm errors with selinux enabled, 2018-08-15, openshift#134). This gives us permission to access the mounted volume when SELinux is enabled (docs in [1]). I've also normalized these invocations for consistency between the various hack/ scripts: * Adding slash separators to put each option on its own line, excepting the final command being run in the container. This makes the long commands slightly easier to skim. It will also make it easier to track down motivation for an option with 'git blame', because commits touching options on other lines won't clutter the blame. * Use long-form options (-v -> --volume, etc.). This makes the options a bit more accessible to newcomers, and now that each option is on it's own line we have plenty of space. * Dropped single quotes from 'TRUE'. There are no shell-sensitive characters in TRUE, so there's no need to quote it. * Use ${PWD} consistently. It's in POSIX [2], so there's no need to execute a pwd process to get this value. * Drop -t. None of these commands should need a pseudoterminal. * Drop explicit rw --volume options. They're the default [3]. [1]: https://github.com/containers/libpod/blame/v0.8.3/docs/podman-run.1.md#L628 [2]: http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03 [3]: https://github.com/containers/libpod/blame/v0.8.3/docs/podman-run.1.md#L646
wking
added a commit
to wking/openshift-installer
that referenced
this pull request
Aug 28, 2018
Like we did in bootkube.sh in 0fa4eb1 (Fix perm errors with selinux enabled, 2018-08-15, openshift#134). This gives us permission to access the mounted volume when SELinux is enabled (docs in [1]). I've also normalized these invocations for consistency between the various hack/ scripts: * Adding slash separators to put each option on its own line, excepting the final command being run in the container. This makes the long commands slightly easier to skim. It will also make it easier to track down motivation for an option with 'git blame', because commits touching options on other lines won't clutter the blame. * Use long-form options (-v -> --volume, etc.). This makes the options a bit more accessible to newcomers, and now that each option is on it's own line we have plenty of space. * Dropped single quotes from 'TRUE'. There are no shell-sensitive characters in TRUE, so there's no need to quote it. * Use ${PWD} consistently. It's in POSIX [2], so there's no need to execute a pwd process to get this value. * Drop -t. None of these commands should need a pseudoterminal. * Drop explicit rw --volume options. They're the default [3]. [1]: https://github.com/containers/libpod/blame/v0.8.3/docs/podman-run.1.md#L628 [2]: http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03 [3]: https://github.com/containers/libpod/blame/v0.8.3/docs/podman-run.1.md#L646
wking
added a commit
to wking/openshift-installer
that referenced
this pull request
Feb 28, 2019
…-release:4.0.0-0.6
Clayton pushed 4.0.0-0.nightly-2019-02-27-213933 to
quay.io/openshift-release-dev/ocp-release:4.0.0-0.6. Extracting the
associated RHCOS build:
$ oc adm release info --pullspecs quay.io/openshift-release-dev/ocp-release:4.0.0-0.6 | grep machine-os-content
machine-os-content registry.svc.ci.openshift.org/ocp/4.0-art-latest-2019-02-27-213933@sha256:1262533e31a427917f94babeef2774c98373409897863ae742ff04120f32f79b
$ oc image info registry.svc.ci.openshift.org/ocp/4.0-art-latest-2019-02-26-125216@sha256:1262533e31a427917f94babeef2774c98373409897863ae742ff04120f32f79b | grep version
version=47.330
that's the same machine-os-content image referenced from 4.0.0-0.5,
which we used for installer v0.13.0.
Renaming OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE gets us CI testing
of the pinned release despite openshift/release@60007df2 (Use
RELEASE_IMAGE_LATEST for CVO payload, 2018-10-03,
openshift/release#1793).
Also comment out regions which this particular RHCOS build wasn't
pushed to, leaving only:
$ curl -s https://releases-rhcos.svc.ci.openshift.org/storage/releases/maipo/47.330/meta.json | jq -r '.amis[] | .name'
ap-northeast-1
ap-northeast-2
ap-south-1
ap-southeast-1
ap-southeast-2
ca-central-1
eu-central-1
eu-west-1
eu-west-2
eu-west-3
sa-east-1
us-east-1
us-east-2
us-west-1
us-west-2
I'd initially expected to export the pinning environment variables in
release.sh, but I've put them in build.sh here because our continuous
integration tests use build.sh directly and don't go through
release.sh.
Using the slick, new change-log generator from [1], here's everything
that changed in the update payload:
$ oc adm release info --changelog ~/.local/lib/go/src --changes-from quay.io/openshift-release-dev/ocp-release:4.0.0-0.5 quay.io/openshift-release-dev/ocp-release:4.0.0-0.6
# 4.0.0-0.6
Created: 2019-02-28 20:40:11 +0000 UTC
Image Digest: `sha256:5ce3d05da3bfa3d0310684f5ac53d98d66a904d25f2e55c2442705b628560962`
Promoted from registry.svc.ci.openshift.org/ocp/release:4.0.0-0.nightly-2019-02-27-213933
## Changes from 4.0.0-0.5
### Components
* Kubernetes 1.12.4
### New images
* [pod](https://github.com/openshift/images) git [2f60da39](openshift/images@2f60da3) `sha256:c0d602467dfe0299ce577ba568a9ef5fb9b0864bac6455604258e7f5986d3509`
### Rebuilt images without code change
* [cloud-credential-operator](https://github.com/openshift/cloud-credential-operator) git [01bbf372](openshift/cloud-credential-operator@01bbf37) `sha256:f87be09923a5cb081722634d2e0c3d0a5633ea2c23da651398d4e915ad9f73b0`
* [cluster-autoscaler](https://github.com/openshift/kubernetes-autoscaler) git [d8a4a304](openshift/kubernetes-autoscaler@d8a4a30) `sha256:955413b82cf8054ce149bc05c18297a8abe9c59f9d0034989f08086ae6c71fa6`
* [cluster-autoscaler-operator](https://github.com/openshift/cluster-autoscaler-operator) git [73c46659](openshift/cluster-autoscaler-operator@73c4665) `sha256:756e813fce04841993c8060d08a5684c173cbfb61a090ae67cb1558d76a0336e`
* [cluster-bootstrap](https://github.com/openshift/cluster-bootstrap) git [05a5c8e6](openshift/cluster-bootstrap@05a5c8e) `sha256:dbdd90da7d256e8d49e4e21cb0bdef618c79d83f539049f89f3e3af5dbc77e0f`
* [cluster-config-operator](https://github.com/openshift/cluster-config-operator) git [aa1805e7](openshift/cluster-config-operator@aa1805e) `sha256:773d3355e6365237501d4eb70d58cd0633feb541d4b6f23d6a5f7b41fd6ad2f5`
* [cluster-dns-operator](https://github.com/openshift/cluster-dns-operator) git [ffb04ae9](openshift/cluster-dns-operator@ffb04ae) `sha256:ca15f98cc1f61440f87950773329e1fdf58e73e591638f18c43384ad4f8f84da`
* [cluster-machine-approver](https://github.com/openshift/cluster-machine-approver) git [2fbc6a6b](openshift/cluster-machine-approver@2fbc6a6) `sha256:a66af3b1f4ae98257ab600d54f8c94f3a4136f85863bbe0fa7c5dba65c5aea46`
* [cluster-node-tuned](https://github.com/openshift/openshift-tuned) git [278ee72d](openshift/openshift-tuned@278ee72) `sha256:ad71743cc50a6f07eba013b496beab9ec817603b07fd3f5c022fffbf400e4f4b`
* [cluster-node-tuning-operator](https://github.com/openshift/cluster-node-tuning-operator) git [b5c14deb](openshift/cluster-node-tuning-operator@b5c14de) `sha256:e61d1fdb7ad9f5fed870e917a1bc8fac9ccede6e4426d31678876bcb5896b000`
* [cluster-openshift-controller-manager-operator](https://github.com/openshift/cluster-openshift-controller-manager-operator) git [3f79b51b](openshift/cluster-openshift-controller-manager-operator@3f79b51) `sha256:8f3b40b4dd29186975c900e41b1a94ce511478eeea653b89a065257a62bf3ae9`
* [cluster-svcat-apiserver-operator](https://github.com/openshift/cluster-svcat-apiserver-operator) git [547648cb](openshift/cluster-svcat-apiserver-operator@547648c) `sha256:e7c9323b91dbb11e044d5a1277d1e29d106d92627a6c32bd0368616e0bcf631a`
* [cluster-svcat-controller-manager-operator](https://github.com/openshift/cluster-svcat-controller-manager-operator) git [9261f420](openshift/cluster-svcat-controller-manager-operator@9261f42) `sha256:097a429eda2306fcd49e14e4f5db8ec3a09a90fa29ebdbc98cc519511ab6fb5b`
* [cluster-version-operator](https://github.com/openshift/cluster-version-operator) git [70c0232e](openshift/cluster-version-operator@70c0232) `sha256:7d59edff68300e13f0b9e56d2f2bc1af7f0051a9fbc76cc208239137ac10f782`
* [configmap-reloader](https://github.com/openshift/configmap-reload) git [3c2f8572](openshift/configmap-reload@3c2f857) `sha256:32360c79d8d8d54cea03675c24f9d0a69877a2f2e16b949ca1d97440b8f45220`
* [console-operator](https://github.com/openshift/console-operator) git [32ed7c03](openshift/console-operator@32ed7c0) `sha256:f8c07cb72dc8aa931bbfabca9b4133f3b93bc96da59e95110ceb8c64f3efc755`
* [container-networking-plugins-supported](https://github.com/openshift/ose-containernetworking-plugins) git [f6a58dce](openshift/ose-containernetworking-plugins@f6a58dc) `sha256:c6434441fa9cc96428385574578c41e9bc833b6db9557df1dd627411d9372bf4`
* [container-networking-plugins-unsupported](https://github.com/openshift/ose-containernetworking-plugins) git [f6a58dce](openshift/ose-containernetworking-plugins@f6a58dc) `sha256:bb589cf71d4f41977ec329cf808cdb956d5eedfc604e36b98cfd0bacce513ffc`
* [coredns](https://github.com/openshift/coredns) git [fbcb8252](openshift/coredns@fbcb825) `sha256:2f1812a95e153a40ce607de9b3ace7cae5bee67467a44a64672dac54e47f2a66`
* [docker-builder](https://github.com/openshift/builder) git [1a77d837](openshift/builder@1a77d83) `sha256:27062ab2c62869e5ffeca234e97863334633241089a5d822a19350f16945fbcb`
* [etcd](https://github.com/openshift/etcd) git [a0e62b48](openshift/etcd@a0e62b4) `sha256:e4e9677d004f8f93d4f084739b4502c2957c6620d633e1fdb379c33243c684fa`
* [grafana](https://github.com/openshift/grafana) git [58efe0eb](openshift/grafana@58efe0e) `sha256:548abcc50ccb8bb17e6be2baf050062a60fc5ea0ca5d6c59ebcb8286fc9eb043`
* [haproxy-router](https://github.com/openshift/router) git [2c33f47f](openshift/router@2c33f47) `sha256:c899b557e4ee2ea7fdbe5c37b5f4f6e9f9748a39119130fa930d9497464bd957`
* [k8s-prometheus-adapter](https://github.com/openshift/k8s-prometheus-adapter) git [815fa76b](openshift/k8s-prometheus-adapter@815fa76) `sha256:772c1b40b21ccaa9ffcb5556a1228578526a141b230e8ac0afe19f14404fdffc`
* [kube-rbac-proxy](https://github.com/openshift/kube-rbac-proxy) git [3f271e09](openshift/kube-rbac-proxy@3f271e0) `sha256:b6de05167ecab0472279cdc430105fac4b97fb2c43d854e1c1aa470d20a36572`
* [kube-state-metrics](https://github.com/openshift/kube-state-metrics) git [2ab51c9f](openshift/kube-state-metrics@2ab51c9) `sha256:611c800c052de692c84d89da504d9f386d3dcab59cbbcaf6a26023756bc863a0`
* [libvirt-machine-controllers](https://github.com/openshift/cluster-api-provider-libvirt) git [7ff8b08f](openshift/cluster-api-provider-libvirt@7ff8b08) `sha256:6ab8749886ec26d45853c0e7ade3c1faaf6b36e09ba2b8a55f66c6cc25052832`
* [multus-cni](https://github.com/openshift/ose-multus-cni) git [61f9e088](https://github.com/openshift/ose-multus-cni/commit/61f9e0886370ea5f6093ed61d4cfefc6dadef582) `sha256:e3f87811d22751e7f06863e7a1407652af781e32e614c8535f63d744e923ea5c`
* [oauth-proxy](https://github.com/openshift/oauth-proxy) git [b771960b](openshift/oauth-proxy@b771960) `sha256:093a2ac687849e91671ce906054685a4c193dfbed27ebb977302f2e09ad856dc`
* [openstack-machine-controllers](https://github.com/openshift/cluster-api-provider-openstack) git [c2d845b](openshift/cluster-api-provider-openstack@c2d845b) `sha256:f9c321de068d977d5b4adf8f697c5b15f870ccf24ad3e19989b129e744a352a7`
* [operator-registry](https://github.com/operator-framework/operator-registry) git [0531400c](operator-framework/operator-registry@0531400) `sha256:730f3b504cccf07e72282caf60dc12f4e7655d7aacf0374d710c3f27125f7008`
* [prom-label-proxy](https://github.com/openshift/prom-label-proxy) git [46423f9d](openshift/prom-label-proxy@46423f9) `sha256:3235ad5e22b6f560d447266e0ecb2e5655fda7c0ab5c1021d8d3a4202f04d2ca`
* [prometheus](https://github.com/openshift/prometheus) git [6e5fb5dc](openshift/prometheus@6e5fb5d) `sha256:013455905e4a6313f8c471ba5f99962ec097a9cecee3e22bdff3e87061efad57`
* [prometheus-alertmanager](https://github.com/openshift/prometheus-alertmanager) git [4617d550](openshift/prometheus-alertmanager@4617d55) `sha256:54512a6cf25cf3baf7fed0b01a1d4786d952d93f662578398cad0d06c9e4e951`
* [prometheus-config-reloader](https://github.com/openshift/prometheus-operator) git [f8a0aa17](openshift/prometheus-operator@f8a0aa1) `sha256:244fc5f1a4a0aa983067331c762a04a6939407b4396ae0e86a1dd1519e42bb5d`
* [prometheus-node-exporter](https://github.com/openshift/node_exporter) git [f248b582](openshift/node_exporter@f248b58) `sha256:390e5e1b3f3c401a0fea307d6f9295c7ff7d23b4b27fa0eb8f4017bd86d7252c`
* [prometheus-operator](https://github.com/openshift/prometheus-operator) git [f8a0aa17](openshift/prometheus-operator@f8a0aa1) `sha256:6e697dcaa19e03bded1edf5770fb19c0d2cd8739885e79723e898824ce3cd8f5`
* [service-catalog](https://github.com/openshift/service-catalog) git [b24ffd6f](openshift/service-catalog@b24ffd6) `sha256:85ea2924810ced0a66d414adb63445a90d61ab5318808859790b1d4b7decfea6`
* [service-serving-cert-signer](https://github.com/openshift/service-serving-cert-signer) git [30924216](openshift/service-serving-cert-signer@3092421) `sha256:7f89db559ffbd3bf609489e228f959a032d68dd78ae083be72c9048ef0c35064`
* [telemeter](https://github.com/openshift/telemeter) git [e12aabe4](openshift/telemeter@e12aabe) `sha256:fd518d2c056d4ab8a89d80888e0a96445be41f747bfc5f93aa51c7177cf92b92`
### [aws-machine-controllers](https://github.com/openshift/cluster-api-provider-aws)
* client: add cluster-api-provider-aws to UserAgent for AWS API calls [openshift#167](openshift/cluster-api-provider-aws#167)
* Drop the yaml unmarshalling [openshift#155](openshift/cluster-api-provider-aws#155)
* [Full changelog](openshift/cluster-api-provider-aws@46f4852...c0c3b9e)
### [cli, deployer, hyperkube, hypershift, node, tests](https://github.com/openshift/ose)
* Build OSTree using baked SELinux policy [#22081](https://github.com/openshift/ose/pull/22081)
* NodeName was being cleared for `oc debug node/X` instead of set [#22086](https://github.com/openshift/ose/pull/22086)
* UPSTREAM: 73894: Print the involved object in the event table [#22039](https://github.com/openshift/ose/pull/22039)
* Publish CRD openapi [#22045](https://github.com/openshift/ose/pull/22045)
* UPSTREAM: 00000: wait for CRD discovery to be successful once before [#22149](https://github.com/openshift/ose/pull/22149)
* `oc adm release info --changelog` should clone if necessary [#22148](https://github.com/openshift/ose/pull/22148)
* [Full changelog](openshift/ose@c547bc3...0cbcfc5)
### [cluster-authentication-operator](https://github.com/openshift/cluster-authentication-operator)
* Add redeploy on serving cert and operator pod template change [openshift#75](openshift/cluster-authentication-operator#75)
* Create the service before waiting for serving certs [openshift#84](openshift/cluster-authentication-operator#84)
* [Full changelog](openshift/cluster-authentication-operator@78dd53b...35879ec)
### [cluster-image-registry-operator](https://github.com/openshift/cluster-image-registry-operator)
* Enable subresource status [openshift#209](openshift/cluster-image-registry-operator#209)
* Add ReadOnly flag [openshift#210](openshift/cluster-image-registry-operator#210)
* do not setup ownerrefs for clusterscoped/cross-namespace objects [openshift#215](openshift/cluster-image-registry-operator#215)
* s3: include operator version in UserAgent for AWS API calls [openshift#212](openshift/cluster-image-registry-operator#212)
* [Full changelog](openshift/cluster-image-registry-operator@0780074...8060048)
### [cluster-ingress-operator](https://github.com/openshift/cluster-ingress-operator)
* Adds info log msg indicating ns/secret used by DNSManager [openshift#134](openshift/cluster-ingress-operator#134)
* Introduce certificate controller [openshift#140](openshift/cluster-ingress-operator#140)
* [Full changelog](openshift/cluster-ingress-operator@1b4fa5a...09d14db)
### [cluster-kube-apiserver-operator](https://github.com/openshift/cluster-kube-apiserver-operator)
* bump(*): fix installer pod shutdown and rolebinding [openshift#307](openshift/cluster-kube-apiserver-operator#307)
* bump to fix early status [openshift#309](openshift/cluster-kube-apiserver-operator#309)
* [Full changelog](openshift/cluster-kube-apiserver-operator@4016927...fa75c05)
### [cluster-kube-controller-manager-operator](https://github.com/openshift/cluster-kube-controller-manager-operator)
* bump(*): fix installer pod shutdown and rolebinding [openshift#183](openshift/cluster-kube-controller-manager-operator#183)
* bump to fix empty status [openshift#184](openshift/cluster-kube-controller-manager-operator#184)
* [Full changelog](openshift/cluster-kube-controller-manager-operator@95f5f32...53ff6d8)
### [cluster-kube-scheduler-operator](https://github.com/openshift/cluster-kube-scheduler-operator)
* Rotate kubeconfig [openshift#62](openshift/cluster-kube-scheduler-operator#62)
* Don't pass nil function pointer to NewConfigObserver [openshift#65](openshift/cluster-kube-scheduler-operator#65)
* [Full changelog](openshift/cluster-kube-scheduler-operator@50848b4...7066c96)
### [cluster-monitoring-operator](https://github.com/openshift/cluster-monitoring-operator)
* *: Clean test invocation and documenation [openshift#267](openshift/cluster-monitoring-operator#267)
* pkg/operator: fix progressing state of cluster operator [openshift#268](openshift/cluster-monitoring-operator#268)
* jsonnet/main.jsonnet: Bump Prometheus to v2.7.1 [openshift#246](openshift/cluster-monitoring-operator#246)
* OWNERS: Remove ironcladlou [openshift#204](openshift/cluster-monitoring-operator#204)
* test/e2e: Refactor framework setup & wait for query logic [openshift#265](openshift/cluster-monitoring-operator#265)
* jsonnet: Update dependencies [openshift#269](openshift/cluster-monitoring-operator#269)
* [Full changelog](openshift/cluster-monitoring-operator@94b701f...3609aea)
### [cluster-network-operator](https://github.com/openshift/cluster-network-operator)
* Update to be able to track both DaemonSets and Deployments [openshift#102](openshift/cluster-network-operator#102)
* openshift-sdn: more service-catalog netnamespace fixes [openshift#108](openshift/cluster-network-operator#108)
* [Full changelog](openshift/cluster-network-operator@9db4d03...15204e6)
### [cluster-openshift-apiserver-operator](https://github.com/openshift/cluster-openshift-apiserver-operator)
* bump to fix status reporting [openshift#157](openshift/cluster-openshift-apiserver-operator#157)
* [Full changelog](openshift/cluster-openshift-apiserver-operator@1ce6ac7...0a65fe4)
### [cluster-samples-operator](https://github.com/openshift/cluster-samples-operator)
* use pumped up rate limiter, shave 30 seconds from startup creates [openshift#113](openshift/cluster-samples-operator#113)
* [Full changelog](openshift/cluster-samples-operator@4726068...f001324)
### [cluster-storage-operator](https://github.com/openshift/cluster-storage-operator)
* WaitForFirstConsumer in AWS StorageClass [openshift#12](openshift/cluster-storage-operator#12)
* [Full changelog](openshift/cluster-storage-operator@dc42489...b850242)
### [console](https://github.com/openshift/console)
* Add back OAuth configuration link in kubeadmin notifier [openshift#1202](openshift/console#1202)
* Normalize display of <ResourceIcon> across browsers, platforms [openshift#1210](openshift/console#1210)
* Add margin spacing so event info doesn't run together before truncating [openshift#1170](openshift/console#1170)
* [Full changelog](openshift/console@a0b75bc...d10fb8b)
### [docker-registry](https://github.com/openshift/image-registry)
* Bump k8s and OpenShift, use new docker-distribution branch [openshift#165](openshift/image-registry#165)
* [Full changelog](openshift/image-registry@75a1fbe...afcc7da)
### [installer](https://github.com/openshift/installer)
* data: route53 A records with SimplePolicy should not use health check [openshift#1308](openshift#1308)
* bootkube.sh: do not hide problems with render [openshift#1274](openshift#1274)
* data/bootstrap/files/usr/local/bin/bootkube: etcdctl from release image [openshift#1315](openshift#1315)
* pkg/types/validation: Drop v1beta1 backwards compat hack [openshift#1251](openshift#1251)
* pkg/asset/tls: self-sign etcd-client-ca [openshift#1267](openshift#1267)
* pkg/asset/tls: self-sign aggregator-ca [openshift#1275](openshift#1275)
* pkg/types/validation/installconfig: Drop nominal v1beta2 support [openshift#1319](openshift#1319)
* Removing unused/deprecated security groups and ports. Updated AWS doc [openshift#1306](openshift#1306)
* [Full changelog](openshift/installer@0208204...563f71f)
### [jenkins, jenkins-agent-maven, jenkins-agent-nodejs](https://github.com/openshift/jenkins)
* recover from jenkins deps backleveling workflow-durable-task-step fro… [openshift#806](openshift/jenkins#806)
* [Full changelog](openshift/jenkins@2485f9a...e4583ca)
### [machine-api-operator](https://github.com/openshift/machine-api-operator)
* Rename labels from sigs.k8s.io to machine.openshift.io [openshift#213](openshift/machine-api-operator#213)
* Remove clusters.cluster.k8s.io CRD [openshift#225](openshift/machine-api-operator#225)
* MAO: Stop setting statusProgressing=true when resyincing same version [openshift#217](openshift/machine-api-operator#217)
* Generate clientset for machine health check API [openshift#223](openshift/machine-api-operator#223)
* [Full changelog](openshift/machine-api-operator@bf95d7d...34c3424)
### [machine-config-controller, machine-config-daemon, machine-config-operator, machine-config-server, setup-etcd-environment](https://github.com/openshift/machine-config-operator)
* daemon: Only print status if os == RHCOS [openshift#495](openshift/machine-config-operator#495)
* Add pod image to image-references [openshift#500](openshift/machine-config-operator#500)
* pkg/daemon: stash the node object [openshift#464](openshift/machine-config-operator#464)
* Eliminate use of cpu limits [openshift#503](openshift/machine-config-operator#503)
* MCD: add ign validation check for mc.ignconfig [openshift#481](openshift/machine-config-operator#481)
* [Full changelog](openshift/machine-config-operator@875f25e...f0b87fc)
### [operator-lifecycle-manager](https://github.com/operator-framework/operator-lifecycle-manager)
* fix(owners): remove cross-namespace and cluster->namespace ownerrefs [openshift#729](operator-framework/operator-lifecycle-manager#729)
* [Full changelog](operator-framework/operator-lifecycle-manager@1ac9ace...9186781)
### [operator-marketplace](https://github.com/operator-framework/operator-marketplace)
* [opsrc] Do not delete csc during purge [openshift#117](operator-framework/operator-marketplace#117)
* Remove Dependency on Owner References [openshift#118](operator-framework/operator-marketplace#118)
* [Full changelog](operator-framework/operator-marketplace@7b53305...fedd694)
[1]: openshift/origin#22030
EmilienM
pushed a commit
to shiftstack/installer
that referenced
this pull request
Dec 8, 2020
Add EmilienM to the team
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fixes #132