Pre-release

v1.5.0-alpha.1

@smarterclayton smarterclayton released this Dec 29, 2016 · 267 commits to master since this release

This is a feature development release leading up to v1.5.0. It is immediately prior to rebasing onto Kubernetes 1.5.

SHA256 Checksums

9ba0b123fe9792cdde76b0ed7f65cfc631f8db54942afb5eb6408c1d9935cc83  openshift-origin-client-tools-v1.5.0-alpha.1+71d3fa9-linux-32bit.tar.gz
a8ea8a13bfdfa113cd18d32ccc08d4cd9bc7b583d39921c8202570e4dba1f712  openshift-origin-client-tools-v1.5.0-alpha.1+71d3fa9-linux-64bit.tar.gz
1a4244cc8ebd28d17b55534baf96ed74a3f9d4bcbaf92dcb83f2513aa93f0e8a  openshift-origin-client-tools-v1.5.0-alpha.1+71d3fa9-mac.zip
b167afefa2adc7d8d2269bb70ba8b0be06e29f9d2607f617b0d7b82c2dd83405  openshift-origin-client-tools-v1.5.0-alpha.1+71d3fa9-windows.zip
ec05350dc06889dca456d70252e3cb969aa6ce7ac8b873c02fac453ffd5f815f  openshift-origin-server-v1.5.0-alpha.1+71d3fa9-linux-64bit.tar.gz

Downloads

Latest release

v1.3.2

@smarterclayton smarterclayton released this Dec 12, 2016 · 2308 commits to master since this release

This is a patch release to Origin v1.3.x containing stability and security fixes.

Bugs

v1.3.2 (2016-12-12)
Full Changelog

  • Fix AWS attach / detach logic for volumes #12024
  • Cluster resource quotas were not properly recording their status, leading to inaccurate quota info #12067

Release SHA256 Checksums

321789dca301a45aef8643ff62a9622601946af5ee2504986314da8373368d0c  openshift-origin-client-tools-v1.3.2-ac1d579-mac.zip
ed6c77bd870bb70a474a435b74475090e0b1d17f837e4156b442a1176d634e6d  openshift-origin-client-tools-v1.3.2-ac1d579-linux-32bit.tar.gz
73f175a5aba04aaca3f873ca24631f246931dc5d9904d50bc4a7153988d121b1  openshift-origin-client-tools-v1.3.2-ac1d579-linux-64bit.tar.gz
d80e290db8e17a2e319bdf2aa4717d5fc3d57d8ebf0959dd17025de6b9c78261  openshift-origin-client-tools-v1.3.2-ac1d579-windows.zip
a1049820c3cca7ffaf7fe1e8b7913eddea09ae705b4e8e8f42072abeb46085de  openshift-origin-image-v1.3.2-ac1d579-linux-64bit.tar.gz
d84852af7cc8c2de21b566286667c7850415d23f1d007e612c73c04f276c8bc4  openshift-origin-server-v1.3.2-ac1d579-linux-64bit.tar.gz

Downloads

Pre-release

v1.4.0-rc1

@smarterclayton smarterclayton released this Nov 19, 2016 · 884 commits to master since this release

This is the first release candidate for OpenShift Origin v1.4.0.

Features

Release roadmap
v1.4.0-rc1 (2016-11-19)
Full Changelog

Release SHA256 Checksums

71b854fdc5e80f97afa8e20c4f138eff3dc8c3acb4a8dae6c6bac14fa93270ef  openshift-origin-client-tools-v1.4.0-rc1.b4e0954-linux-32bit.tar.gz
8b51c0c3db20101740590075a63540fefe7a4f797fdb832974c6f61bac8bd901  openshift-origin-client-tools-v1.4.0-rc1.b4e0954-linux-64bit.tar.gz
f59ffa513316e050746afdc79b59ebffcdf6d95996b44269f64e2e6cad3f352c  openshift-origin-client-tools-v1.4.0-rc1.b4e0954-mac.zip
4c0f109a2229a5927d9333cc0bf523dc11c5848d51aa799f5934822193bbc690  openshift-origin-client-tools-v1.4.0-rc1.b4e0954-windows.zip
574185a6a19bb0ef02dd15d6c6aac1e08d89106725bcd39d8fa85297fe7c8528  openshift-origin-server-v1.4.0-rc1.b4e0954-linux-64bit.tar.gz

Downloads

Pre-release

v1.5.0-alpha.0

@smarterclayton smarterclayton released this Nov 19, 2016 · 808 commits to master since this release

This is the first alpha release for OpenShift v1.5.0.

Features

Release roadmap
v1.5.0-alpha.0 (2016-11-19)
Full Changelog

Release SHA256 Checksum

8d1559c5f1b6b33a45d2c0e81e7d0d4389a2a4f6ebf825c029d5c1c434ceb6f3  openshift-origin-client-tools-v1.5.0-alpha.0+3b2bbe5-linux-32bit.tar.gz
1c45409e742e67466fca0b66eed98f4e5672acbcdb11817b5014f1f7830ed463  openshift-origin-client-tools-v1.5.0-alpha.0+3b2bbe5-linux-64bit.tar.gz
de65010e78e11f43ca422dc25dbe9e2f9613ef4ccdaaaefc6572262635f4146c  openshift-origin-client-tools-v1.5.0-alpha.0+3b2bbe5-mac.zip
bd100144ec2ef6c6fa46544ada421b2ee89a6363f494b32525a9b8eecfecc278  openshift-origin-client-tools-v1.5.0-alpha.0+3b2bbe5-windows.zip
0585066a9fe5a9240b119d83b6585558a7de02a59bee81db5ece581a78abf833  openshift-origin-server-v1.5.0-alpha.0+3b2bbe5-linux-64bit.tar.gz

Downloads

Pre-release

v1.4.0-alpha.1

@smarterclayton smarterclayton released this Nov 4, 2016 · 1088 commits to master since this release

This is the final alpha for Origin 1.4.

Backwards Compatibility

Features

Release roadmap
v1.4.0-alpha.1 (2016-11-03)
Full Changelog

API Changes and backwards compatibility notes

  • PATCH is allowed in CORS requests #11700
  • Authorization checks like SubjectAccessReview may now be performed on non-existent namespaces #11321
  • Webhooks that are in error now return a JSON status body with their response with extended information about the failure #11077
  • The permissions required to proxy a node have changed #11228
  • Deployment behavior with automatic=false has changed in 1.4 #11223
  • Remove updatePercent from deployments #11090
  • The CLI has removed support for passing comma-separated template parameters through --param/--value - the flag must be specified multiple times to pass multiple parameters #11539

Upstream

Update Kubernetes to v1.4.0 + patches

  • 1.4.x Cherry picks #11709
  • 35285: Remove stale volumes if endpoint/svc creation fails. #11722
  • 35082: Wait for all pods to be running before checking PDB status #11714
  • 33014: Report the image digest in pod status when available #11674
  • 34434: Print valid json/yaml output in kubectl set image #11664
  • 34298: Fix potential panic in namespace controller #11632
  • 30836: Fix dynamic provisioning for vSphere #11598
  • 35608: Update PodAntiAffinity to ignore calls to subresources #11578
  • 34997: Fix kube vsphere.kerneltime #11574
  • 35420: Remove Job also from .status.active for Replace strategy #11523
  • 32593: Audit test fails to take into account timezone #11505
  • 31607: Add kubectl describe storageclass #11481
  • 30145: Add PVC storage to Limit Range #11396
  • 32084: Do not allow creation of GCE PDs in unmanaged zones #11369
  • 32077: Do not report warning event when an unknown provisioner is requested #11368
  • 32662: Change the default volume type of GlusterFS provisioner #11367
  • 35206: Update default run func for cmds containing sub-commands #11362
  • 27714: Send recycle events from pod to pv. #11259
  • 34763: Log warning on invalid --output-version #11239
  • 34028: Add --dry-run option to kubectl create sub-commands #11238
  • 33958: Add global timeout flag #11104
  • 34010: Match GroupVersionKind against specific version #11286
  • 34020: Allow empty annotation values #11210
  • 33464: Fix cache expiration check #11088
  • 33319: Add nodeport option when creating NodePort service #11059

Features

  • sysctl support in runtime and via SecurityConstraintContexts #11195

  • Rules review endpoint for other users #11172

  • SCC check API: REST #11075

  • Support non-string template parameter substitution #11421

  • Enable jenkins autoprovisioning #11065

  • Fix OAuth redirect ref in Jenkins service account #11681

  • F5 should be able to integrate into the openshift-sdn directly #11181

  • Provide vxlan integration options to the router cmd line #11677
  • Fix a problem with F5 node watches #11742

  • Verify all certificates used by the router #11218

  • Change router to use a certificate list/map file for stronger validation of user certificates #11217
  • Allow wildcards to be supported in routers #11550

  • Allow compression to optionally be enabled for all routes #11469

  • Convert openshift-sdn to a CNI plugin #11082

  • network: Fix join/isolate project network under CNI #11679
  • sdn: miscellaneous fixes after the CNI merge #11613
  • network: fix single-tenant pod setup and leave docker0 around #11588

  • Make rollout and rollback more in line with upstream Kubernetes in the CLI #11655

  • oc: add -o revision in rollout latest #11357
  • oc: deprecate 'deploy --latest' in favor of 'rollout latest --again' #11287

  • Convey conditions about deployments, replication controllers, deployment configs, and replica sets on the API objects for better user comprehension of problems #11214

  • deploy: Set condition reason correctly for new RCs #11609
  • deploy: add conditions when creating replication controllers #11412

  • Add Ceph RBD and Gluster provisioners #11460

  • Support specifying StorageClass while creating volumes with oc set volume #11451

  • Add 'oc set resources' #11384

  • Admins can now default build pod annotations and node selectors #11380

  • Add option to install logging components to oc cluster up #11343

  • Add oc cluster status for helpful info about a recent cluster #11171

  • Add option to oc whoami to print the server url #11180

  • Switch nodes to enable pods-per-core as the primary constraint, and increase max pods #11174

Console Features

Managing project membership

An important feature for people that want to collaborate within the same projects, the new membership management interface lets you add and remove roles to users, groups, and service accounts within your project.

membership

Project administrators have access to view and modify the project’s membership. Membership management is the only difference between an admin and an editor in the default OpenShift roles. Cluster administrators can add a description to any role to provide extra information for end users about what that role actually allows.

Creating and Adding Secrets for Build and Deployment Configurations

Prior to 1.4 it was very difficult to set up a build against a private git repository from the web console. Previously you had to Import YAML/JSON to create your secret and then edit your build’s YAML to make it use that secret.

Now you can expand the advanced build options, create a user/password or SSH key based secret and tell the build to use that when cloning your source. Already have your secret created in that project? You can pick any of your existing ones too.

new-app-git-secrets

While we were making private git repository connections easier to set up, we figured we should improve setting up push and pull against private image registries as well. The build configuration editor lets you set up a push or pull secret in case the image you are building from or the image stream you are pushing to is on a secure registry. Similarly the new deployment configuration editor allows you to specify a pull secret.

Editor for deployment configuration strategy, hooks, and secrets

We’ve had a GUI editor for build configurations for a few releases now, but now we’ve added one for deployment configurations too. From the new editor you can:

  • Switch your deployment strategy
  • Tweak advanced deployment settings like the maximum number of pods that can be unavailable during - the deployment
  • Add, edit, or remove deployment lifecycle hooks
  • Change the image being deployed
  • Set a pull secret for the registry your image is being pulled from
  • Add, edit, or remove environment variables for the pods that will be deployed

dc-editor

Many of the existing editing actions we supported still exist as separate actions, such as editing health checks, or configuring different resource limits. If you want to make a number of changes without triggering a deployment for each change, you can now Pause your deployment, make all the changes you want, and then Resume it. Pausing will prevent any deployment from happening no matter whether it was automatically or manually triggered.

Organization of Add to Project Catalog / Customizable Categories

Our existing “Add to Project” catalog could become quite cluttered when dealing with builder images with many versions, or lots of templates with slight differences. In the past we had focused on minimizing the number of clicks to getting you to something running, but now we’ve focused on helping you find what you are actually looking for. The main catalog page now only contains high level categories “Languages” and “Technologies” and underneath those are sub-categories, such as “Java” or “Data Stores”. Diving into one of those you’ll find re-designed tiles for builder images and templates. Different versions of the same builder image now all roll-up to the same tile with the semantically latest version automatically selected. We have also taken a hard look at all of our out of the box images and templates and focused on providing better display names, descriptions, and categorization.

catalog-reorg

Don’t like our categories? Now you can customize the categories and subcategories as much as you want.

Filtering and Sorting the Project List

We have a class of users for OpenShift that manage many projects on behalf of a larger set of developers. To make things easier for people with a large number of projects, the project list now has a text filter on name, display name, description, and project creator. It also allows sorting on several of these attributes.

project-list-filter-sort

Quota Warnings

User working within quota constraints had a hard time before knowing when they had run out of quota unless they went to check the Quota page. We wanted to add some checks for the most common scenarios where we people have problems with quota. You’ll now get quota warnings:

  • On the overview - this is a generic warning if anything in your quota is at its limit
  • On the overview pod count visualizations - when we think you are unable to reach your scale target due to quota
  • If you try to create something and we know you are out of quota for that resource
  • If you try to create something and we think it will cause you to exceed quota for a resource

Bookmarkable Page States

Sometimes the little things can make all the difference. Have you been annoyed that you couldn’t send someone straight to the log tab for a pod? Now you can! Tab selection, label filters, and several other options that change page state are now persisted to the URL throughout the console. You can bookmark and share with others.

Support for new and beta Kubernetes features

Create storage using storage classes

  • If your cluster admin sets up storage classes, then they will be available for you to pick from in the “Create Storage” page.

Deployments and ReplicaSets

  • Will fit in seamlessly on the overview alongside your existing Deployment Configurations
  • Will appear on the Applications -> Deployments page
  • Support many of the actions we already supported for Deployment Configurations (excluding the new editor)

Roll-up of PetSet pods on the Overview

  • A PetSet’s pods will roll up into a single card with a pod count visualization like the other controllers
  • You’ll be able to see metrics on the overview for the pods in the petset

Bugs

  • admin: Allow oadm prune * to work against a single namespace #11249
  • admin: Make node evacuate command aware of replica set and daemon set #11284
  • audit: Switch to use upstream audit handler #11192
  • auth: Use custom transport for GitLab OAuth communication #11693
  • bootstrap: Add additional warning for oc cluster up not being able to access port 8443 #11597
  • bootstrap: Bind socat to 127.0.0.1 when using it on OS X #11139
  • bootstrap: Display warning instead of error if ports 80/443 in use #11600
  • bootstrap: Do not re-initialize a cluster that already has been initialized #11146
  • bootstrap: Lack of IPv6 should not prevent oc cluster up from starting a container #11219
  • bootstrap: Remove temporary files when creating a new cluster #11157
  • builds: Allow labels to be set when building images #11209
  • builds: Delete temporary secret data as soon as possible in builds #11116
  • builds: If the input image cannot be found, immediately fail the build #11398
  • cli: Add bash completion for pod name to oc exec #11329
  • cli: Clean up command descriptions (1/2) #11608
  • cli: Clean up command descriptions (2/2) #11684
  • cli: Ensure volumes worked correctly when used with oc apply and strategic merge patches #11062
  • cli: Improve oc start-build --follow to behave more predictably #11119
  • cli: Improve exec and attach error messages #11549
  • cli: Improve export for deployment configs #11529
  • cli: Improve oc help global options hint #11703
  • cli: Set the BASIC or SSH secret type with oc secrets new-* #11222
  • cli: Support for the --local flag in set deployment-hooks #11395
  • cli: Update short description for rollout #11657
  • cli: Validate inputs to 'oc run' for better user feedback #11635
  • cli: oadm manage-node --list-pods should return a single list of pods for scripting #11216
  • cli: oc env should be able to return a list of items post-mutation #11379
  • cli: oc login must ignore some SSL cert errors when --insecure #11145
  • cli: oc project should work against a Kubernetes server directly #11120
  • cli: fix oc whoami --show-server output #11697
  • cloud: Initialize cloud provider in node #11620
  • cloud: Make service controller startup failure non-fatal on unsupported platforms #11648
  • deploy: Correct updating lastTransitionTime in deployment conditions #11665
  • deploy: Default maxSurge/maxUnavailable separately #11678
  • deploy: Make deployment triggers more performant with lower latency by avoiding unnecessary work #11501
  • deploy: When instantiating a deployment, ensure it doesn't error if no changes occurred #11500
  • diagnostics: Test more pod to pod connectivity test combinations #11717
  • doc: Improved API docs for role bindings API #11344
  • doc: oc cluster up doc update #11624
  • extended: deployment with multiple containers using a single ICT #11221
  • extended: move deployment fixtures in separate directory #11212
  • images: Add the Jenkins v2 imagestreams to the default list #11360
  • images: Adds display name to image streams, updates PostgreSQL link #11619
  • images: Ensure multi-segment image names are properly handled on image import and tagging #11173
  • images: Improve out-of-the-box template and image stream metadata #11540
  • ipfailover: Allow the iptables chain that will accept multicast connections to be configured #11327
  • jenkins: Autoprovisioning is re-enabled #11543
  • network: Ensure that veth TX queue length is always set to non-zero to enable QoS #11126
  • network: Fix EgressNetworkPolicy match-all-IPs special case #11673
  • network: Fix creation of macvlan interfaces #11663
  • network: Release subnet leases upon hostsubnet delete #11628
  • newapp: Improve oc new-app output for better readability #11220
  • newapp: Validate non-numeric EXPOSE directive when strategy wasn't specified #11687
  • newapp: oc new-app --search should not require docker hub access #11436
  • perf: Improve reliability dockercfg secret creation by using shared caches #11394
  • perf: Use a cache of layer sizes to reduce stats calls in the registry #11558
  • perf: Use service account informer in podsecuritypolicyreview #11612
  • projects: Log project request failures #11226
  • projects: Only pay attention to origin types in project lifecycle admission #11627
  • quota: ClusterResourceQuota was reporting incorrect values #11595
  • reliability: Enable PodDistruptionBudget #11187
  • router: Allow http for edge teminated routes with wildcard policy. #11760
  • security: Control who can set the owner ref field on objects #11397
  • security: Restrict who can use custom builds by default #11411
  • security: Test x509 intermediates correctly #11307
  • server: Require TLS 1.2 by default for clients #11495
  • server: Warn if no login IDPs have been configured #11235
  • volumes: Allow pv controller to recycle pvs, watch recycler pod events #11731
  • volumes: Ensure meta info is loaded before removing a PV #11737

Release SHA256 Checksums

3001b9b00861567c9fbef99766e5a9af729477fae93c392818ad3fab6d4713dd  openshift-origin-client-tools-v1.4.0-alpha.1+f189ede-linux-32bit.tar.gz
59a59c21cf7631cf4f32a38eb96d661e73b0fa08c4d996735f5e339911731d8f  openshift-origin-client-tools-v1.4.0-alpha.1.f189ede-linux-64bit.tar.gz
00741baa06b62b40153472b25992a4f9a12b5f2a97ad72430bcab36177898145  openshift-origin-client-tools-v1.4.0-alpha.1.f189ede-mac.zip
92a7da5bcd7f9f095bd053a6e28a140f84f0301b452ec62b568cd5c0e8ddb254  openshift-origin-client-tools-v1.4.0-alpha.1.f189ede-windows.zip
229bd998bcb22871a0c2b0cc6ae5688324d79ed998cff922df5f73c35ca06861  openshift-origin-server-v1.4.0-alpha.1.f189ede-linux-64bit.tar.gz

Downloads

v1.2.2

@smarterclayton smarterclayton released this Oct 18, 2016 · 5746 commits to master since this release

This is a patch release to Origin v1.2.x containing a security related fix. All users are recommended to upgrade to v1.2.2 who are on v1.2.x.

Bugs

v1.2.2 (2016-08-18)
Full Changelog

  • Intermediate CA certificates were being improperly checked for authorization (CVE-2016-7075) #11413

Release SHA256 Checksums

4b2321ffe2dc2ca74651532b77fa1ebca9865de173790aedcdd0ecad2831d4a1  openshift-origin-client-tools-v1.2.2-565691c-linux-32bit.tar.gz
d957b439a9194ccf01c48973449b84495649fadecc00c34a49ca6fd38b6c96a0  openshift-origin-client-tools-v1.2.2-565691c-linux-64bit.tar.gz
f06415c6ca879a500441225c8c353cabe2f2d668fc71588263e2b1673f4447fc  openshift-origin-client-tools-v1.2.2-565691c-mac.zip
feb64928d83ab542b3d5b164f3d5784bfdaf570ea5093721a8489b1575bc0d87  openshift-origin-client-tools-v1.2.2-565691c-windows.zip
f431fcf03a6ae9aa9a6800f00050e571481ee71fe0821dea1ca405d1e5b4f76a  openshift-origin-server-v1.2.2-565691c-linux-64bit.tar.gz

Downloads

v1.3.1

@smarterclayton smarterclayton released this Oct 14, 2016 · 2308 commits to master since this release

UPDATED: Mac client tools have been rebuilt on top of Go 1.7 to fix various issues related to the OS X Sierra update.

This is a patch release to Origin v1.3.x containing a security related fix. All users are recommended to upgrade to v1.3.1 who are on v1.3.0.

Bugs

v1.3.1 (2016-08-14)
Full Changelog

  • Intermediate CA certificates were being improperly checked for authorization (CVE-2016-7075) #11308
  • Tolerate caching delays when checking permissions for newly created namespaces #10932
  • Properly default client rate limiting in controllers - very low values were being defaulted #10930
  • Some non-resource URLs were being denied for the cluster infrastructure roles #10933
  • Annotations used in cluster resource quota were not being properly validated #10929
  • oc login should ignore some SSL related errors when using --insecure #11179
  • Some roles should have access to the node's /spec endpoint #11047
  • Fixed oc segfault seen in macOS Sierra (10.12) #11085

Release SHA256 Checksums

72ab655a7e5068bba654b774ef614715a7baba011e7305f6796bda829d59192e  openshift-origin-client-tools-v1.3.1-dad658de7465ba8a234a4fb40b5b446a45a4cee1-linux-32bit.tar.gz
2e25d7da6748562f10138a7616a7c027c3025086e08b42355978aebfed4da718  openshift-origin-client-tools-v1.3.1-dad658de7465ba8a234a4fb40b5b446a45a4cee1-linux-64bit.tar.gz
252ee8a1ff8a455a9b55aff82f6980dbf28bd75b601414765b4f06f6c1ec370e  openshift-origin-client-tools-v1.3.1-2748423-mac.zip
b90bc1249e7407717b0a0d7f92248ed6926ae0cd27d8fd038e054b866fa84baf  openshift-origin-client-tools-v1.3.1-dad658de7465ba8a234a4fb40b5b446a45a4cee1-windows.zip
ba5b9b1af3af19b7e4a01179e4a8af61486deeac6870c4cadfaf733322bc7181  openshift-origin-server-v1.3.1-dad658de7465ba8a234a4fb40b5b446a45a4cee1-linux-64bit.tar.gz

Downloads

Pre-release

v1.4.0-alpha.0

@smarterclayton smarterclayton released this Sep 16, 2016 · 2228 commits to master since this release

This is Origin v1.3.0 rebased onto Kube v1.4.0-beta.3

Components

Kubernetes

Downloads

v1.3.0

@smarterclayton smarterclayton released this Sep 16, 2016 · 2308 commits to master since this release

This is OpenShift Origin 1.3.0!

Backwards Compatibility

Please see alpha.0 -> rc1 release notes for a full description of backwards compatibility changes.

  • v1beta3 in storage is no longer supported - please see the release notes for a migration guide
  • This is the last release that will support v1.0.0 API backwards compatibility, specifically:
    • The Service field spec.portalIP will no longer be returned in 1.4.0
    • The Pod field status.hostIP will no longer be returned in 1.4.0

Features

Release roadmap
v1.3.0 (2016-09-15)
Full Changelog
RC Changelog

Blog post coming soon - please see alpha.1, alpha.2, alpha.3, rc1 for more!

Bugs

  • router: Properly clean up deleted routes in the router #10855
  • cli: oc process was not properly handling parameter values with = in them #10880
  • storage: Ensure the master side attach-detach function works successfully #10892
  • quota: Ensure that the cluster resource quota annotation selector works for long annotation values #10896

Release SHA256 Checksums

05c83a3337ab995bad24b7359b876a3d2d3bdbdf09cc40949835c52d2fc0c659  openshift-origin-client-tools-v1.3.0-3ab7af3d097b57f933eccef684a714f2368804e7-linux-32bit.tar.gz
0d3b632fae9bc2747caee2dae7970865097a4bc1d83b84afb31de1c05b356054  openshift-origin-client-tools-v1.3.0-3ab7af3d097b57f933eccef684a714f2368804e7-linux-64bit.tar.gz
d47e36b6337af1622649311c965ddd6f0bf0d14d600ccf67376e2f0c4d4484b5  openshift-origin-client-tools-v1.3.0-3ab7af3d097b57f933eccef684a714f2368804e7-mac.zip
f678e16339adcf5967a8bac7c540572cc3fab7c0b2596f927dc8ff6ec269a6c6  openshift-origin-client-tools-v1.3.0-3ab7af3d097b57f933eccef684a714f2368804e7-windows.zip
fcdeeb5bed5faa606ec024b7b1e7c9d3e3303f8cb21df70c5a4da1b20340609c  openshift-origin-image-v1.3.0-3ab7af3d097b57f933eccef684a714f2368804e7-linux-64bit.tar.gz
cadb7408c45be8c19dde30c82e59f21cec1ba4f23f07131f9a6c8c20b22c3f73  openshift-origin-server-v1.3.0-3ab7af3d097b57f933eccef684a714f2368804e7-linux-64bit.tar.gz

Downloads

Pre-release

v1.3.0-rc1

@smarterclayton smarterclayton released this Sep 7, 2016 · 2324 commits to master since this release

This is release candidate 1 of OpenShift Origin 1.3.0.

Backwards Compatibility

  • HAProxy router template format has changed
    • As part of the expanded features added to the HAProxy router in 1.3, a configuration file format change was necessary to the internal structure used by the router config template (the haproxy.config.template) file. Instructions for adapting to the new format are located here
  • Jenkins auto-deployment has been disabled - see #10260 for more

API Changes

  • Networking
    • Many of the network API objects have much stricter validation. #10466
  • Routes
    • All backends in a route may be set to have zero weight, which means no traffic should be sent to that backend. #10428

Component updates

  • Updated to Kubernetes 1.3.5 + patches
    • 32000: Update node status instead of node in kubelet #10790
    • 31730: Fixes for attach-detach controller enablement on existing nodes #10748
    • 30690: Don't bind pre-bound pvc & pv if size request not satisfied #10522
    • 31627: make deep copy of quota objects before mutations #10704
    • 31396: Fixed integer overflow bug in rate limiter #10646
    • 31047: Close websocket stream when client closes #10550
    • 25308: fix rollout nil panic issue #10543
    • 29093: Fix panic race in scheduler cache from 28886 #10518
    • 30839: queueActionLocked requires write lock #10504
    • 30624: Node controller deletePod return true if there are pods pending deletion #10503
    • 30731: Always return command output for exec probes and kubelet RunInContainer #10494
    • 30796: Quota usage checking ignores unrelated resources #10493
    • 28234: Make sure --record=false is acknowledged when passed to commands #10486
    • 30736: Close websocket watch when client closes #10475
    • 29639:<drop>: Fix default resource limits (node allocatable) for downward api volumes and env vars #10467
    • 27541: Attach init container #10427
    • 30510: Endpoint controller logs errors during behavior #10415
    • 30626: prevent RC hotloop on denied pods #10414
    • 30533: Validate involvedObject.Namespace matches event.Namespace #10392
    • 30313: remove duplicate errors from aggregate error outputs #10317
    • 29212: hpa: ignore scale targets whose replica count is 0 #10305
    • 29982: Fix PVC.Status.Capacity and AccessModes after binding #10268
    • 30162: return err on oc run --image with invalid value #10250
    • 31446: fix delay establishing log streaming connection #10617
    • 31353: fix duplicate validation/field/errors #10613
    • Additional bulk picks #10247, #10385, #10541
  • Updated Docker distribution
    • Fix pushing to GCS storage #10640

Features

v1.3.0-rc1 (2016-08-07)
Full Changelog

Add setting and viewing route weights from the CLI

The A/B route balancing feature now has a CLI command to manage it oc set route-backends and route weights show up in the oc get and oc describe commands for the route.
Routes may have one or more optional backend services with weights controlling how much traffic flows to each service. Traffic is assigned proportional to the combined weights
of each backend. A weight of zero means that the backend will receive no traffic. If all weights are zero the route will not send traffic to any backends.

You can bulk set route backends by specifying their name and weight:

$ oc set route-backends myroute prod=99 canary=1

Which will send 99% of traffic to the prod service and 1% to the canary service. If the service does not exist no traffic will be sent. You can keep the service listed as
a backend but not send traffic to it by specifying weight 0:

$ oc set route-backends myroute prod=1 canary=0

See the help for more advanced incremental adjustments (--adjust canary=+10%).

  • Add CLI support for routes with multiple backends #10551.

Support bare-metal, highly available IPs for services

For users deploying onto bare metal without a cloud provider, access to highly available TCP load balancing can be difficult. OpenShift 1.3 extends the supported ip-failover
router HA solution to also enable HA Kube services with failover. Administrators would configure HA router nodes and then ensure that a block of IPs is routed to those nodes
in the IP failover configuration. That block would then be configured in the OpenShift master-config.yaml:

networkConfig:
  ingressIPNetworkCIDR: 172.46.0.0/16

This is the default behavior, and can be disabled by setting the value equal to 0.0.0.0/32. When a service of type=LoadBalancer is created, a new IP would be assigned to the
service and traffic would flow to that service. Note that running with a cloud provider disables this feature since the providers native service load balancer is used.

  • Support network ingress on arbitrary IPs #9454
  • Add a default ingress ip range #10500

Image Policy API

Image policy allows you to manage which images are allowed to run on the cluster and perform resolution of image tags to image digests on demand (to lock the executed version).
Policy allows:

  • Block images outside of the integrated registry from being used in pods
  • Require the presence of an annotation on the underlying image (not settable by end users) to run the image
  • Allow integrators to perform security scans of images and then block the image from being executed on the platform.

The default configuration will block images that are annotated in the internal registry - if the annotation images.openshift.io/deny-execution is set on an image referenced
by a pod to true, OpenShift will prevent that image from being run. This can be used by an external scanner to block certain images from being used.

See the image policy documentation for more on configuring policy.

  • Add image policy enforcement #8995

Build integrations with the cluster more easily

The new oc observe command is an experimental tool for reacting to changes in your Kubernetes cluster and building scripted interactions. It allows you to easily
get notified of changes to a particular resource type (like services, deployments, namespaces, persistent volumes) and invoke a command.

For example, if you want to send an email to your admin every time a node stops being reachable, create a script that takes

$ cat mail.sh
#!/bin/sh
if [[ $2 != 'False' ]]; then
  touch "/tmp/ready/$1"
  exit 0
fi
if [[ -f "/tmp/ready/$1" ]]; then
  echo mail -s "$1 went DOWN!" admin@mycompany.com "We're down at $(datetime)"
fi
rm "/tmp/ready/$1"

$ oc observe node -a '{{ range .status.conditions }}{{ if eq .type "Ready" }}{{ .status }}{{ end }}{{ end }}' --output gotemplate -- ./mail.sh

Whenever a node transitions from having condition Ready with status True to status False, an email will be sent to your admin. See the oc observe help for
more suggestions and explanation of how observe can help you build simple integrations.

You can get observe as a Docker image via docker pull openshift/observe:latest - the oc observe command is the entrypoint and you can bind mount a kubeconfig file
to /root/.kube/config.

Improve the OAuth Grant page

OpenShift embeds a full featured OAuth server for managing access to cluster resources. The OAuth authorization grant page has been improved to describe the scopes being
requested, the impact those scopes might have, and to warn users of any potential security risks. In addition, the grant page now allows the user to select which scopes
to grant.

screen shot 2016-08-12 at 11 50 40 am

  • Improve OAuth Grant page and allow partial scope approval #10321

Other Features

  • project: Respect scope rules in list/watch projects #10252
  • cli: Improve oc describe imagestream #10405

Bugs

  • admin: Add a command to separate projects when multi-tenant SDN is on - oadm pod-network isolate-projects #10365
  • admin: Ignore negative value of grace-period passed to oadm manage-node #10350
  • admin: Recognize gzipped empty layer when marking parents in oadm top images #10293
  • admin: Return directly if no pods found when evacuating #10447
  • bootstrap: Better support containerization on some Docker platforms in oc cluster up #10571
  • builds: Avoid temporary delays in processing builds due to improper use of cache code #10581
  • builds: Avoid using bsdtar for extraction during build #10364
  • builds: Commit information not being properly output into build logs #10515
  • builds: Don't perform pod deletion management for pipeline builds #10370
  • builds: Ensure temporary files are closed if Docker 'DownloadFromContainer' fails #10325
  • builds: Show namespace for custom strategy bc #10340
  • builds: Validate CustomStrategy early #10480
  • cli: Add oc describe help suggestion to cmds with --container option #10469
  • cli: Add a line break when no events in describe #10653
  • cli: Add new-app support for detecting .net apps #10463
  • cli: Allow --raw URL to retrieve authenticated URLs from a server with oc get #10542
  • cli: Avoid failures during scaling by fetching objects up front #10684
  • cli: Better describe oc tag -d #10597
  • cli: Deprecate --list option from volumes cmd #10457
  • cli: Display an error when git is not available and --from-repo is requested in oc start-build #10397
  • cli: Fix oc extract usage message for the --keys flag #10614
  • cli: Fix oc project|projects when in cluster config #10521
  • cli: Improve oc set env key-value pair matching for environment variables #10619
  • cli: Improving circular dependency checking for new-build #10067
  • cli: New app example improvements #10534
  • cli: Project labels should be visible from oc get #10329
  • cli: Remain in the current project at login if possible #10378
  • cli: Return error in oc set env RESOURCE when no env args are provided #10485
  • cli: Show restart count warnings only for latest deployment #10440
  • cli: Suggest use of oc get bc on oc start-build error output #10720
  • cli: Support init containers in 'oc debug' #10578
  • cli: Tagging images across namespaces with oc tag was importing from the wrong location #10510
  • cli: oc extract should default to current directory #10468
  • cli: oc should not fail negotiating API versions against Kubernetes #10824
  • deploy: Don't reprocess configs on stream updates yet #10744
  • deploy: Emit event when cancelling a deployment #10590
  • deploy: React to image stream changes more quickly during deployment processing #10456
  • deploy: Retry conflicts when updating RC faster #10507
  • deploy: Some image change triggers were not being matched on deployments #10444
  • deploy: Wait for deployer pod to be running before getting logs #10560
  • deploy: remove top level generator pkg #10502
  • examples: Fix pre-deploy hook args on cakephp example #10572
  • gitserver: Fix gitserver build config search #10576
  • idling: Add previous-scale annotation for idled resources #10421
  • idling: Clarify idle error and usage output #10492
  • idling: Don't health-check idled services #10420
  • idling: Ensure only endpoints are specified in oc idle #10335
  • idling: Handle deleted services correctly without erroring out #10648
  • images: Make import image more efficient #10244
  • images: Sometimes tags are not updated when running oc tag to referenced tags #10708
  • ipfailover: Fix range expansion on VRRP addresses #10498
  • ipfailover: Stop using node selector as ipfailover label #10388
  • jenkins: Add specific roles and permissions for access to the Jenkins console #10649
  • jenkins: Fix autoprovision enabled field name #10612
  • jenkins: Increase readiness timeout #10593
  • network: Allow startup to continue even if nodes don't have EgressNetworkPolicy list permission #10358
  • network: Clear kubelet-created initial NetworkUnavailable condition on GCE #10545
  • network: Disabling idling should not turn off the service proxy #10667
  • network: Periodically sync k8s iptables rules #10465
  • network: Re-setup SDN on startup if ClusterNetworkCIDR changes #10569
  • network: Regenerate proxy iptables rules on EgressNetworkPolicy change #10652
  • network: Revert SDN automatic mode detection #10751
  • network: SDN plugin name names were missed #10432
  • policy: Allow registry-admin and registry-editor to create serviceaccounts #10443
  • policy: Block setting ownerReferences and finalizers #10464
  • policy: Reconcile non-resource-urls #10785
  • project: Clean up requested project if there are errors creating template items #10577
  • quota: Properly enforce image stream counts #10517
  • registry: Handle older configuration files without erroring out on upgrade #10673
  • registry: Login via token to the registry should use HTTP header info for redirection #10418
  • registry: Properly reuse service clusterIP in oadm registry #10496
  • registry: Properly serve the manifest configuration blob for images #10805
  • registry: servingCert was not handled properly in oadm registry #10442
  • router: Allowed 'true' for the DROP_SYN_DURING_RESTART variable #10514
  • router: Enable secure cookie for secure-only edge routes #10573
  • router: Extend DDOS protection to reencrypt and passthrough routes #10513
  • router: Properly remove duplicates from routers #10747
  • router: Set X-Forwarded-For headers for reencrypt routes. #10318
  • router: Update the default certificate and allow for better replacement #10345
  • router: Use annotations for tuning route healthcheck intervals #10342
  • rpm: Build RPM using the build scripts #10398
  • rpm: Make build spec file platform independent #10695
  • s2i: Increase default timeout for operations against Docker #10675
  • server: Add quota controller metrics #10307
  • server: Call out config validation warnings more clearly #10461
  • volume: Recycler pod was failing to recycle processes #10454

  • Lots of code cleanup PRs, thanks to all who helped! #10591, #10589, #10583, #10557, #10547, #10446, #10433, #10409, #10408, #10399, #10372

Release SHA256 Checksums

a9be9890fbfa491bb05fa659f6f98685a29f41eb5fd6a7c74d0bf959c7eb6502  openshift-origin-client-tools-v1.3.0-rc1-ac0bb1bf6a629e0c262f04636b8cf2916b16098c-linux-32bit.tar.gz
bfd20d7332e38db6f52fb941c339206aafb8dc259715ced97bdd32a693637d94  openshift-origin-client-tools-v1.3.0-rc1-ac0bb1bf6a629e0c262f04636b8cf2916b16098c-linux-64bit.tar.gz
257bff09d85a6eb440368f1cb23f689d6fd0131303697797eb737b18d3bbafa5  openshift-origin-client-tools-v1.3.0-rc1-ac0bb1bf6a629e0c262f04636b8cf2916b16098c-mac.zip
45f6f9060d1f1813a8aab2e6e2af40fb5dc7d2afe537f2d640636b12d9c42d3f  openshift-origin-client-tools-v1.3.0-rc1-ac0bb1bf6a629e0c262f04636b8cf2916b16098c-windows.zip
e7878e14b9160bf108a951b5f635958fed9244de085eba40fd68f51e7210e918  openshift-origin-server-v1.3.0-rc1-ac0bb1bf6a629e0c262f04636b8cf2916b16098c-linux-64bit.tar.gz

Downloads