diff --git a/CHANGELOG.md b/CHANGELOG.md index 86defb0a6b3..9f0eef51611 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,50 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## 0.14.0 - 2019-03-05 + +### Changed + +- A new, long-lived, self-signed certificate authority has been added + to sign kubelet certificate-signing requests. This works around the + current lack of certificate rotation in the machine-config operator. +- Machine(Set) labels have been migrated from + `sigs.k8s.io/cluster-api-...` to `machine.openshift.io`, continuing + the transition begun in 0.13.0. +- On AWS, control-plane nodes are now based on encrypted AMIs. These + AMIs are copied into the target account from unencrypted, public + AMIs provided by Red Hat. To support the copy and post-cluster + cleanup, the installer requires the following additional AWS + credentials: ec2:CopyImage, ec2:DeregisterImage, and + ec2:DeleteSnapshot. 0.14.0 doesn't actually clean up the snapshots + associated with the copied AMIs yet, but we have a fix for that + landed for the next release. In the meantime, you should manually + prune your snapshots after destroying a cluster. +- On AWS, the security-group simplification from 0.13.1 accidentially + removed global SSH access to the bootstrap machine. We've fixed + that with this release. Unfortunately, this release also moves the + bootstrap machine into the same subnet as the first control-plane + node, and since 0.13.0, control-plane nodes are in private subnets. + So SSH access to the bootstrap machine from outside the cluster is + still broken, but we've landed a fix to get it working again in the + next release. In the meantime, you can set up a SSH bastion or + debug pod if you need SSH access to cluster machines. + +- On OpenStack, the Machine(Set)s have been updated to track provider + changes. For example, the `SecurityGroups` schema has changed, as + has the schema for selecting subnets. + +- Several doc and internal cleanups. + +### Fixed + +- On AWS, we now respect the availability zones configured in the + control-plane Machine manifests, which are in turn fed by the + install-config (previously control-plane nodes were always striped + over zones regardless of the configuration). +- On AWS, the credentials-checking logic now uses the standard logger + instead of creating its own custom logger. + ## 0.13.1 - 2019-02-28 ### Changed diff --git a/hack/build.sh b/hack/build.sh index 8b79ed465e6..9316be42eaa 100755 --- a/hack/build.sh +++ b/hack/build.sh @@ -2,6 +2,9 @@ set -ex +RELEASE_IMAGE="${RELEASE_IMAGE:-quay.io/openshift-release-dev/ocp-release:4.0.0-0.7}" +RHCOS_BUILD_NAME="${RELEASE_BUILD_NAME:-47.330}" + # shellcheck disable=SC2068 version() { IFS="."; printf "%03d%03d%03d\\n" $@; unset IFS;} diff --git a/pkg/asset/ignition/bootstrap/bootstrap.go b/pkg/asset/ignition/bootstrap/bootstrap.go index 4773b258b7c..6022bccfceb 100644 --- a/pkg/asset/ignition/bootstrap/bootstrap.go +++ b/pkg/asset/ignition/bootstrap/bootstrap.go @@ -174,7 +174,7 @@ func (a *Bootstrap) getTemplateData(installConfig *types.InstallConfig) (*bootst } releaseImage := defaultReleaseImage - if ri, ok := os.LookupEnv("OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE"); ok && ri != "" { + if ri, ok := os.LookupEnv("_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE"); ok && ri != "" { logrus.Warn("Found override for ReleaseImage. Please be warned, this is not advised") releaseImage = ri } diff --git a/pkg/types/aws/validation/platform.go b/pkg/types/aws/validation/platform.go index f2f2c058867..6ca7eca6873 100644 --- a/pkg/types/aws/validation/platform.go +++ b/pkg/types/aws/validation/platform.go @@ -15,25 +15,25 @@ var ( Regions = map[string]string{ "ap-northeast-1": "Tokyo", "ap-northeast-2": "Seoul", - "ap-northeast-3": "Osaka-Local", + //"ap-northeast-3": "Osaka-Local", "ap-south-1": "Mumbai", "ap-southeast-1": "Singapore", "ap-southeast-2": "Sydney", "ca-central-1": "Central", - "cn-north-1": "Beijing", - "cn-northwest-1": "Ningxia", - "eu-central-1": "Frankfurt", - "eu-north-1": "Stockholm", - "eu-west-1": "Ireland", - "eu-west-2": "London", - "eu-west-3": "Paris", - "sa-east-1": "São Paulo", - "us-east-1": "N. Virginia", - "us-east-2": "Ohio", - "us-gov-east-1": "AWS GovCloud (US-East)", - "us-gov-west-1": "AWS GovCloud (US-West)", - "us-west-1": "N. California", - "us-west-2": "Oregon", + //"cn-north-1": "Beijing", + //"cn-northwest-1": "Ningxia", + "eu-central-1": "Frankfurt", + //"eu-north-1": "Stockholm", + "eu-west-1": "Ireland", + "eu-west-2": "London", + "eu-west-3": "Paris", + "sa-east-1": "São Paulo", + "us-east-1": "N. Virginia", + "us-east-2": "Ohio", + //"us-gov-east-1": "AWS GovCloud (US-East)", + //"us-gov-west-1": "AWS GovCloud (US-West)", + "us-west-1": "N. California", + "us-west-2": "Oregon", } validRegionValues = func() []string { diff --git a/pkg/types/validation/installconfig_test.go b/pkg/types/validation/installconfig_test.go index 29abd40f338..e0428630dbd 100644 --- a/pkg/types/validation/installconfig_test.go +++ b/pkg/types/validation/installconfig_test.go @@ -326,7 +326,7 @@ func TestValidateInstallConfig(t *testing.T) { } return c }(), - expectedError: `^platform\.aws\.region: Unsupported value: "": supported values: "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ca-central-1", "cn-north-1", "cn-northwest-1", "eu-central-1", "eu-north-1", "eu-west-1", "eu-west-2", "eu-west-3", "sa-east-1", "us-east-1", "us-east-2", "us-gov-east-1", "us-gov-west-1", "us-west-1", "us-west-2"$`, + expectedError: `^platform\.aws\.region: Unsupported value: "": supported values: "ap-northeast-1", "ap-northeast-2", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ca-central-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-west-3", "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2"$`, }, { name: "valid libvirt platform",