OSDOCS-18380 created zstream RNs for 4-21-3#107067
Merged
lahinson merged 1 commit intoopenshift:enterprise-4.21from Feb 24, 2026
Merged
OSDOCS-18380 created zstream RNs for 4-21-3#107067lahinson merged 1 commit intoopenshift:enterprise-4.21from
lahinson merged 1 commit intoopenshift:enterprise-4.21from
Conversation
openshift-ci
bot
added
the
size/M
|
🤖 Tue Feb 24 19:52:47 - Prow CI generated the docs preview: |
| [id="zstream-4-21-3-updating_{context}"] | ||
| == Updating | ||
|
|
||
| To update an {product-title} 4.21 cluster to this latest release, see xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI]. No newline at end of file |
Collaborator
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.NoXrefInModules: Do not include xrefs in modules, only assemblies (exception: release notes modules).
wgabor0427
force-pushed
the
OSDOCS-18380
branch
from
767ee6e to
0e61583
Compare
Contributor
Author
|
/label merge-review-needed |
openshift-ci
bot
added
the
merge-review-needed
lahinson
added
merge-review-in-progress
lahinson
reviewed
Feb 24, 2026
Contributor
lahinson
left a comment
lahinson
left a comment
There was a problem hiding this comment.
@wgabor0427 Just a few little things to address. Let me know when you've made your changes, and I'll be happy to merge.
modules/zstream-4-21-3.adoc
Outdated
|
|
||
| * Before this update, the Machine API Provider OpenStack (MAPO) created an event for every single reconcile, even when no significant state changes such as a create, update, or delete had occurred. This event generation led to cluttered event logs, strained system performance, and frequently disrupted monitoring and alerting systems. With this release, the reconcile function has been modified to capture the original `ResourceVersion` and only emit an event when the machine `ResourceVersion` changes. Additionally, the event name was changed from `Reconciled` to `Updated` to better align with other machine API providers. (link:https://issues.redhat.com/browse/OCPBUGS-69644[OCPBUGS-69644]) | ||
|
|
||
| * Before this update, when a HyperShift `HostedCluster` using external Domain Name Service (DNS) domains was updated to remove existing `allowedCIDRBlocks`, the external router `LoadBalancer` service was not updated to reflect this change. This resulted in external clients being able to access the kube-apiserver from any IP address, bypassing the configured Classless Inter-Domain Routing (CIDR) restrictions. With this release, the `LoadBalancerSourceRanges` configuration is not removed from the external kube-apiserver service when `allowedCIDRBlocks` is removed from the `HostedCluster` ensuring consistent security across both internal and external traffic. (link:https://issues.redhat.com/browse/OCPBUGS-71133[OCPBUGS-71133]) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Before this update, when a HyperShift `HostedCluster` using external Domain Name Service (DNS) domains was updated to remove existing `allowedCIDRBlocks`, the external router `LoadBalancer` service was not updated to reflect this change. This resulted in external clients being able to access the kube-apiserver from any IP address, bypassing the configured Classless Inter-Domain Routing (CIDR) restrictions. With this release, the `LoadBalancerSourceRanges` configuration is not removed from the external kube-apiserver service when `allowedCIDRBlocks` is removed from the `HostedCluster` ensuring consistent security across both internal and external traffic. (link:https://issues.redhat.com/browse/OCPBUGS-71133[OCPBUGS-71133]) | |
| * Before this update, when a `HostedCluster` resource using external Domain Name Service (DNS) domains was updated to remove an `allowedCIDRBlocks` configuration, the external router `LoadBalancer` service was not updated to reflect this change. This resulted in external clients being able to access the `kube-apiserver` service from any IP address, bypassing the configured Classless Inter-Domain Routing (CIDR) restrictions. With this release, the `LoadBalancerSourceRanges` configuration is not removed from the external `kube-apiserver` service when the `allowedCIDRBlocks` configuration is removed from the `HostedCluster` resource, ensuring consistent security across both internal and external traffic. (link:https://issues.redhat.com/browse/OCPBUGS-71133[OCPBUGS-71133]) |
modules/zstream-4-21-3.adoc
Outdated
|
|
||
| * Before this update, catalogs rebuilt by `oc-mirror` were only in Open Container Initiative (OCI) format, which created compatibility issues because certain container registries did not accept this specific format. This often resulted in failed image uploads or registry errors during the mirroring process. With this release, the code has been updated to allow for the conversion of the catalog format to one that is accepted by the target container registry. As a result, the conversion of catalog images generated by `oc-mirror` no longer fail. (link:https://issues.redhat.com/browse/OCPBUGS-74981[OCPBUGS-74981]) | ||
|
|
||
| * Before this update, the system failed to correctly parse registry configuration files when the `use-sigstore-attachments parameter` was explicitly set to `false`. These files were misinterpreted as uninitialized. This meant that `oc-mirror` would ignore the existing user-defined setup and generate a new configuration file. With this release, the code has been fixed to recognize an explicit `false` value as a valid user configuration. As a result, `oc-mirror` now properly adheres to the existing user-defined settings, preventing unnecessary file overwrites and ensuring that signature attachment preferences are preserved. (link:https://issues.redhat.com/browse/OCPBUGS-76126[OCPBUGS-76126]) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Before this update, the system failed to correctly parse registry configuration files when the `use-sigstore-attachments parameter` was explicitly set to `false`. These files were misinterpreted as uninitialized. This meant that `oc-mirror` would ignore the existing user-defined setup and generate a new configuration file. With this release, the code has been fixed to recognize an explicit `false` value as a valid user configuration. As a result, `oc-mirror` now properly adheres to the existing user-defined settings, preventing unnecessary file overwrites and ensuring that signature attachment preferences are preserved. (link:https://issues.redhat.com/browse/OCPBUGS-76126[OCPBUGS-76126]) | |
| * Before this update, the system failed to correctly parse registry configuration files when the `use-sigstore-attachments` parameter was explicitly set to `false`. These files were misinterpreted as uninitialized. This meant that the `oc-mirror` plugin would ignore the existing user-defined setup and generate a new configuration file. With this release, the code has been fixed to recognize an explicit `false` value as a valid user configuration. As a result, the `oc-mirror` plugin now properly adheres to the existing user-defined settings, preventing unnecessary file overwrites and ensuring that signature attachment preferences are preserved. (link:https://issues.redhat.com/browse/OCPBUGS-76126[OCPBUGS-76126]) |
modules/zstream-4-21-3.adoc
Outdated
|
|
||
| * Before this update, when a HyperShift `HostedCluster` using external Domain Name Service (DNS) domains was updated to remove existing `allowedCIDRBlocks`, the external router `LoadBalancer` service was not updated to reflect this change. This resulted in external clients being able to access the kube-apiserver from any IP address, bypassing the configured Classless Inter-Domain Routing (CIDR) restrictions. With this release, the `LoadBalancerSourceRanges` configuration is not removed from the external kube-apiserver service when `allowedCIDRBlocks` is removed from the `HostedCluster` ensuring consistent security across both internal and external traffic. (link:https://issues.redhat.com/browse/OCPBUGS-71133[OCPBUGS-71133]) | ||
|
|
||
| * Before this update, catalogs rebuilt by `oc-mirror` were only in Open Container Initiative (OCI) format, which created compatibility issues because certain container registries did not accept this specific format. This often resulted in failed image uploads or registry errors during the mirroring process. With this release, the code has been updated to allow for the conversion of the catalog format to one that is accepted by the target container registry. As a result, the conversion of catalog images generated by `oc-mirror` no longer fail. (link:https://issues.redhat.com/browse/OCPBUGS-74981[OCPBUGS-74981]) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Before this update, catalogs rebuilt by `oc-mirror` were only in Open Container Initiative (OCI) format, which created compatibility issues because certain container registries did not accept this specific format. This often resulted in failed image uploads or registry errors during the mirroring process. With this release, the code has been updated to allow for the conversion of the catalog format to one that is accepted by the target container registry. As a result, the conversion of catalog images generated by `oc-mirror` no longer fail. (link:https://issues.redhat.com/browse/OCPBUGS-74981[OCPBUGS-74981]) | |
| * Before this update, catalogs rebuilt by the `oc-mirror` plugin were only in Open Container Initiative (OCI) format, which created compatibility issues because certain container registries did not accept this specific format. This often resulted in failed image uploads or registry errors during the mirroring process. With this release, the code has been updated to allow for the conversion of the catalog format to one that is accepted by the target container registry. As a result, the conversion of catalog images generated by the `oc-mirror` plugin no longer fail. (link:https://issues.redhat.com/browse/OCPBUGS-74981[OCPBUGS-74981]) |
wgabor0427
force-pushed
the
OSDOCS-18380
branch
from
0e61583 to
5911380
Compare
|
@wgabor0427: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Version(s):
4.21
Issue:
https://issues.redhat.com/browse/OSDOCS-18380
Link to docs preview: https://107067--ocpdocs-pr.netlify.app/openshift-enterprise/latest/release_notes/ocp-4-21-release-notes.html#zstream-4-21-3_release-notes
QE review:
Additional information: