@smarterclayton smarterclayton released this Aug 3, 2018 · 970 commits to master since this release

Assets 8

This is the official release of OpenShift Origin v3.10.

Changes

Roadmap for the v3.10 release

v3.10.0 (2018-08-02) Full Changelog

Component updates

  • Updates to Kubernetes
    • 62085: Fix incorrect atomic counter usage #20206
    • 62943: Set updated replicas on stateful set status #20350
    • 64658: Avoid leading gRPC connections in CSI #20111
    • 64882: Prevent deleted pods from sometimes leaving mounts #20111
    • 64971: Ensure mutating admission webhooks correctly remove fields #20509
    • 65223: Correctly detect inaccessible AWS encryption key #20072
    • 65226: Store the latest cloud provider node addresses on the node #20369
    • 65339: Prevent leak of a cached pod definition in the scheduler #20071
    • 66350: Prevent kubelet from becoming stuck retrieving node addresses from a cloud provider #20369

Bugs

  • router: [release-3.10] Allow egress-router to connect to cluster service network for DNS, etc. #20102
  • diagnostics: Fix default image paths used in network diagnostics #20116
  • volumes: Bind mount /etc/origin/kubelet-plugins for flex volumes #20153
  • node: Honor --kubelet-preferred-address-types #20183
  • apiserver: Use in-process loopback client config from Kube #20207
  • image: Install ceph-common in control plane so RBD provisioner can find disks #20222
  • build: Fix an issue where COPY --from would not work on multi-stage image builds #20256
  • console: Change logo, favicon, name on login page #20528

Artifacts

  • Images are published to the Docker Hub as openshift/origin-*:v3.10.0.
  • RPMs are available via the provided origin.repo file

Release SHA256 Checksums

0f54235127884309d19b23e8e64e347f783efd6b5a94b49bfc4d0bf472efb5b8  ./openshift-origin-client-tools-v3.10.0-dd10d17-linux-64bit.tar.gz
6973aebb7b553866f8971c8ca324dd5b79204e2a59c5234cde6fb1b5deb4c7a9  ./openshift-origin-server-v3.10.0-dd10d17-linux-64bit.tar.gz
ae847e3ae278b9420342e651305d34f1ed806b55a23874fc47595a57874e30c6  ./openshift-origin-client-tools-v3.10.0-dd10d17-mac.zip
c1b33aa535b88898d0622e0af2aa673bb814c354fb438c21c18155afc51acf87  ./openshift-origin-client-tools-v3.10.0-dd10d17-windows.zip
23083baadc7b82b6a3998016b795497d9c33327e1985a3b37181cf0e6200d29a  ./CHECKSUM
Pre-release
Pre-release

@smarterclayton smarterclayton released this Jun 20, 2018 · 970 commits to master since this release

Assets 7

This is the first release candidate of OpenShift Origin 3.10.

Backwards Compatibility

  • Moving from legacy API resources (/oapi) to group resources
    • The server process endpoint now creates resources in the new group APIs (*.openshift.io) #19458
    • The RBAC bootstrap policy file is now saved as rbac.authorization.k8s.io/v1 resources #19756
  • Configuration changes
    • The disabledFeatures configuration item has been removed from master config #19070
    • Master configuration no longer requires the deprecated clusterNetworkCIDR/hostSubnetLength fields to be set in networkConfig #18669
    • Some node default values have changed #19190
      • Remove the default pods-per-core setting of 10, which makes nodes default to 250 pods total.
      • The certificate signing controller defaults to creating certs with a 1 year expiration (a7bd9d6)
  • rbac: Project editors can no longer create or update daemonsets, which prevents tenants from impacting cluster stability #18971
  • Metrics for the template instance broker have changed #19133
  • Moved or deleted content #19262
    • The examples/ directory has been cleaned up
    • The v1 federation implementation has been removed as it did not graduate to beta.
    • The node.service systemd file has been removed from hte RPMS, along with the master services (2113900)
  • Changes to OpenShift images #19509
    • As we prepare to split the OpenShift API server into multiple binaries, several new images have been created:
      • openshift/origin-hypershift - A new hypershift binary that launches OpenShift specific components
      • openshift/origin-hyperkube - The Kubernetes hyperkube binary
      • openshift/origin-cli - The OpenShift CLI oc
      • openshift/origin-tests - The extended test suite for OpenShift
    • Some existing images have been renamed
      • openshift/origin is now openshift/origin-control-plane
      • openshift/node is now openshift/origin-node
    • The openshift/openvswitch image has been folded into openshift/origin-node
    • A new binary openshift-node-config takes a node-config.yaml file and converts it to kubelet arguments in the openshift/origin-node image
  • CLI changes
    • Some client-side deletion support has been removed in favor of the controller-driven deletion mechanisms #19616
    • oc export is deprecated and oc get --export should be used instead.
  • The router has separate liveness and readiness probes for use with upstream load balancers #19009
  • XFS quota for emptyDir volumes is now configured via a config file in the volume directory #19533
  • Changes to oc cluster up
    • The cluster launched by oc cluster up is now launched as a set of individual processes running in images, instead
      of the previous single large container. This more closely mimics real production environments.
    • Docker machine support in oc cluster up has been removed
    • oc cluster up now only supports launching a cluster of the same version as the oc binary.

Changes

Roadmap for the v3.10 release

v3.10.0-rc.0 (2018-06-19) Full Changelog

API

Ingress support

In order to better adapt ingress objects to routes, a new controller has been added to OpenShift that
maps Kubernetes Ingress objects (in their v1beta1 form) to OpenShift Routes automatically. This
allows the HAProxy router to report status, perform host overrides, support multi-tenant protection on
hostnames, and securely manage Ingress secrets.

The controller converts each Ingress rule into its own route, as long as the rule has a hostname or TLS
hostname. Any referenced secrets are copied into the final Route and kept up to date. If a generated route
is deleted it will be recreated by the controller. Once a route is created, any annotations or route
specific fields will not be altered unless the route is deleted (such as weighted service backends). A
route with a TLS endpoint will be set to Reencrypt termination, but that may be changed after creation.

The router process itself no longer needs to watch Ingress or Secret resources.

  • router: Replace router support for ingress with an ingress-to-route controller #18658

Other changes

  • Image signature annotations are ignored #19037
  • Explicitly prohibit spec updates to imagestreamtag resources which are not a spec tag. #18532

Component updates

  • Updated to Kubernetes v1.10.0-47-gb81c8f8 + patches
    • 42873: add kubectl api-resources command #19884
    • 54530: api: validate container phase transitions #18791
    • 57202: Fix format string in describers #18810
    • 58972: Fix job's backoff limit for restart policy OnFailure #19672
    • 59170: Fix kubelet PVC stale metrics #18637
    • 59301: dockershim: don't check pod IP in StopPodSandbox #18425
    • 59316: Exit if no client cert is available for 5m #18430
    • 59365: Fix StatefulSet set-based selector bug #18797
    • 59931: do not delete node in openstack, if those still exist in cloudprovider #19038
    • 60289: fix freespace for image GC #18767
    • 60342: Fix nested volume mounts for read-only API data volumes #18766
    • 60455: removes custom scalers from kubectl #19275
    • 60490: Volume deletion should be idempotent #18856
    • 60632: Add volumemetrics for ISCSI Plugin #19842
    • 60654: notify systemd on kubelet start #18886
    • 60978: Fix use of "-w" flag to iptables-restore #18919
    • 61287: provide easy methods for direct kubeconfig loading from bytes #18956
    • 61294: Fix cpu cfs quota flag with pod cgroups #19028
    • 61378: --force only takes effect when --grace-period=0 #19213
    • 61459: etcd client add dial timeout #19953
    • 61480: Allow sockets to be mounted in subpath #19329
    • 61790: make reapers tolerate 404s on scaling down #19275
    • 61808: Ensure -o yaml populates kind/apiVersion #19137
    • 61949: Tolerate 406 mime-type errors attempting to load new openapi schema #19137
    • 61962: Avoid data races in unit tests #19137
    • 61985: Restore show-kind function when printing multiple kinds #19137
    • 62074: Narrow interface consumed by scale client #19137
    • 62114: removes job scaler, continued #19275
    • 62146: Fix daemon-set-controller bootstrap RBAC policy #19517
    • 62152: Keep node.kubeconfig correct during rotation #19857
    • 62196: Remove need for server connections for dry-run create #19137
    • 62199: Make priority rest mapper handle partial discovery results #19137
    • 62234: Handle partial group and resource responses consistently #19137
    • 62254: Add name output and verb filtering to api-resources #19884
    • 62336: add statefulset scaling permission to admins, editors, and viewers #19275
    • 62394: Revert "git: Use VolumeHost.GetExec() to execute stuff in volume plugins" #19359
    • 62416: kuberuntime: logs: reduce logging level on waitLogs msg #19334
    • 62461: allow higher burst for discovery #19327
    • 62462: Private mount propagation #19364
    • 62469: stop defaulting kubeconfig to http://localhost:8080 #19335
    • 62543: Timeout on instances.NodeAddresses cloud provider request #19733
    • 62572: Prevent virtual infinite loop in volume controller #19371
    • 62584: Make x-kubernetes-print-column print handling opt-in #19352
    • 62668: add metrics to cinder volume #19444
    • 62733: Set a default request timeout for discovery client #19471
    • 62744: Fix kubectl describe cronjob #19391
    • 62827: fix csi data race in csi_attacher_test.go #19508
    • 62874: dockershim/sandbox: clean up pod network even if SetUpPod() failed #19576
    • 62913: make a simple dynamic client that is easy to use #19515
    • 62914: kubelet: fix flake in TestUpdateExistingNodeStatusTimeout #19453
    • 63086: Fix discovery default timeout test #19471
    • 63160: kubelet: logs: do not wait when following terminated container #19545
    • 63169: Remove unnecessary dependencies on api/core/v1 #19509
    • 63177: kubectl takes a dependency on the controllers #19509
    • 63295: Fixed CSI volume detach when the volume is already detached #19816
    • 63303: Return attach error to A/D controller #19816
    • 63321: kubelet: force filterContainerID to empty string when removeAll is true #19580
    • 63339: kubelet: volume: do not create event on mount success #19625
    • 63349: Decorate function not called on Create #19602
    • 63403: don't block creation on lack of delete powers #19404
    • 63416: Retry certificate approval on conflict errors #19770
    • 63417: Panic when map string bool flag has no value #19620
    • 63421: Cache preferred resources, use in kubectl resource name autocomplete (single commit) #19884
    • 63490: default the ignorenotfound for delete when selecting objects #19616
    • 63650: Never clean backoff in job controller #19672
    • 63716: Add InstallPathHandler which allows for more then one path to be associated with health checking. #19009
    • 63831: Always track kubelet -> API connections #19638
    • 63831: Close all kubelet->API connections on heartbeat failure #19638
    • 63848: Deflake discovery timeout test #19714
    • 63875: make TestGetServerGroupsWithTimeout more reliable #19723
    • 63903: Revert "Openstack: register metadata.hostname as node name" #19730
    • 63903: Revert "Specify DHCP domain for hostname" #19730
    • 63903: Revert "Split out the hostname when default dhcp_domain is used in nova.conf" #19730
    • 63926: Avoid unnecessary calls to the cloud provider #19742
    • 63966: kubectl: fix Flatten() when used without Latest() #19747
    • 63977: pkg: kubelet: remote: increase grpc client default size #19774
    • 64026: Enable SELinux relabeling in CSI volumes #19816
    • 64028: Tolarate negative values when calculating job scale progress #19765
    • 64443: services must listen on port 443 for aggregation #19866
    • 64516: Fix error message to be consistent with others #19884
    • 64573: remove extra "../" when copying from pod to local #19898
    • 64797: Handle deleted DaemonSet properly #19927
    • 64855: Fix setup of ephemeral storage #19939
    • 64883: Fix up legacy printer table adapter #19934
    • 64916: improve memory footprint of daemonset simulate #19956
    • 64946: log healthz check #19952
    • 64969: volume: decrease memory allocations for debugging messages #19960
    • 65001: Quiet verbose apiserver logs #19970
    • 65009: daemon: add custom node indexer #19980
    • 65027: Use actual etcd client for /healthz/etcd checks #19992
    • 65063: Re-use private key after failed CSR #20000
    • : Add PSP review to /oapi Resources #19542
    • : Remove write permissions on daemonsets from Kubernetes bootstrap policy #18971
    • : XFS quota for emptyDir volumes #19533
    • : add RawConfig to factory for commands modifying raw kubeconfig files #19343
    • : aggregator to proxy oapi to apps.openshift.io server #18652
    • : allow injecting printers #19137
    • : allow oc kubeconfig loading to have our flags and errors #19335
    • : change config file location and restore perFSGroup to quantity #19773
    • : controller-manager patches for recycler #18887
    • : disable local storage isolation feature gate #19323
    • : enable critical pod support by default #19104
    • : filter daemonset nodes by namespace node selectors #18989
    • : inject new parameter for image resolution into kubectl set image #19348
    • : pods in openshift-* namespace can be marked critical #19104
    • : rewrite unstructured objects on the CLI to avoid oapi #19327
    • : avoid contacting server for restmappings in local mode #19996
    • : make RootFsInfo error non-fatal on start #19137
    • : stop wrapping --sort-by value in {} #19777
  • Other patches

Features

Multi-stage Docker image build support

Builds using the Dockerfile build strategy can now build multi-stage Docker images. The from field continues to target
the last image stage in the Dockerfile, but the new as attribute on imageSources allows other stages to be replaced
with triggered images.

  • Support multi-stage dockerbuilds via imagebuilder #18741, #19494

Support external OAuth token authenticators

OpenShift can now be configured to delegate login flows to a remote OAuth capable endpoint like Keycloak. This allows
a central Keycloak server to authenticate multiple clusters. See the documentation for more details about configuring
this option.

  • auth: Add option to configure an external OAuth server #18969
  • auth: Support WebhookTokenAuthenticators for using external servers as token authenticators #18868

Other Features

  • auth: Add oc adm prune role command to clean up rolebindings that are not bound to valid roles #19619
  • cli: Add server-side column printer support for openshift objects #19934
  • clusterup: Add --enable=automation-service-broker #19409
  • image: Parallelize image mirroring and reuse mounted layers #19017
  • migrate: Allow storage migration to be performed in parallel #19691
  • registry: Both internal and external hostnames for the registry should be in docker pull secrets #19838
  • router: Make updating status on the router optional #17420
  • router: Prometheus should scrape the router by default #18254
  • router: Support for DNS names in egress routes #15409
  • router: Perform real backoff when contending for writes from the router #18686
  • router: Make router conflict detection work even during initial informer sync #19706
  • router: Allow only a subset of routes from specific domains to be overriden by the hostname-template #19418
  • router: Allow egress-router to connect to its own node IP for DNS #19885
  • server: Expose api-versions and api-resources in oc #19884
  • template: Allow TemplateInstances to create arbitrary resources, including CRDs #19396

Bugs

  • build: Retry retrieving build logs in some cases #19695
  • cert: Order x509 certificate subjects to prevent a Golang / GNUTLS incompatibility #18837
  • cli: Support quay.io pushing in oc image mirror #19016
  • cli: Correct oc scale error handling #19275
  • cli: Improve validation for oc set volume #19169
  • cli: Fix incorrect oc run default option #19712
  • cli: Dots should be allowed in environment variable names passed to oc new-app #19688
  • diagnostic: Replace usage of brctl with /sbin/ip #19929
  • jenkins: Adjust jenkins template setting to account for effects of constrained default max heap #18832
  • network: Fix handleDeleteSubnet() to release network from subnet allocator #18801
  • network: Fix egressip handling when a NetNamespac is updated #18808
  • network: The NetworkCheck diagnostic did not use the correct config file #18709
  • network: Allow configurable CNI bin dir in openshift SDN #18464
  • network: Correctly report initial NodeNetworkUnavailable condition #18758
  • network: Allow subnet allocator to handle changes to the subnet values #18999
  • network: Prevent incorrect deletion of HostSubnet OVS flows #19080
  • network: Make changing egress network policy rules more efficient #19346
  • network: Print out errors that occur when using macvlan and a namespace cannot be retrieved #19491
  • network: Remove openvswitch check from UnitStatus diagnostic #19572
  • network: Use a real OVS transaction when changing network configuration on the host #19393
  • network: Use a go-native DNS library instead of dig command for dns resolution in egress network policy #19805
  • network: Do not throw spurious error when minTTL=0 for the domain in egress network policy #19950
  • network: Remove the node from dnsmasq config when shutting down #19987
  • network: Get lowest TTL from the DNS resolution chain for egress DNS #19982
  • node: Fix to pass quoted unsafe strings (with characters like *,<,%) correctly to kubelet #19951
  • registry: Update docker config secret to support the future location of the registry service #19514
  • registry: Make docker registry service controller check all secrets #19788
  • router: When a router is reloaded after a batch of route/ingress changes are committed, haproxy sometimes fail to reload #18587
  • router: Some route status updates were being lost #19018
  • router: Combine backend map files to fix path based routing #18840
  • router: Wildcard routes should not take precedence over sub-routes #19076
  • router: Some routes were being rejected incorrectly when NAMESPACE_LABELS was set #19330
  • router: The router can forget routes when routes are created and deleted in rapid succession #19175
  • router: Unidle in router should ignore headless services #19416
  • router: Allow Prometheus to get metrics from the router #19318
  • security: Correctly handle legacy PodSecurityPolicyReview resources #19542
  • server: Improve performance of the SDN controller by using shared caches #18911
  • server: Move range allocation to an internal API as rangeallocations.security.openshift.io #19277
  • server: Set etcd DialTimeout, fix etcd start order in all-in-one #19953
  • server: When etcd is down, avoid pathological healthz behaviors #19992
  • service-catalog: Start API and controller pods with log verbosity = 3 #19135

Release SHA256 Checksums

f876258c9a6221637a84e35ff68e9af96c2f2013eb9ae41ea33abd9286aa045c  ./openshift-origin-client-tools-v3.10.0-rc.0-c20e215-linux-64bit.tar.gz
dcb414712e8ae08146634d0c18720476e7afd024aa100bd2246d064de6658664  ./openshift-origin-server-v3.10.0-rc.0-c20e215-linux-64bit.tar.gz
872e0b58684af5d17b41a0585c50b41d09fbefa449d80927ba91252ac998deb3  ./openshift-origin-client-tools-v3.10.0-rc.0-c20e215-mac.zip
25eef2fc0401209e3b5d40239827c023f463cdafeb06f81f1a6a0af9deaa1d25  ./openshift-origin-client-tools-v3.10.0-rc.0-c20e215-windows.zip
1c21ba58ee0f7fc8b55e9d84099632ec970051adc3744a294a10bcd3aefcfe21  ./CHECKSUM

@smarterclayton smarterclayton released this Mar 30, 2018 · 2443 commits to master since this release

Assets 7

This is the official feature release of OpenShift Origin.

Changes

Roadmap for the v3.9 release

v3.9.0 (2018-03-30) Full Changelog

Component updates

  • Updates to Kubernetes
    • 51042: Allow passing request-timeout from NewRequest all the way down #13701
    • 52324: Fix bug on kubelet failure to umount mount points. #18225
    • 54530: api: validate container phase transitions #18792
    • 56164: Split out a KUBE-EXTERNAL-SERVICES chain so we don't have to run KUBE-SERVICES from INPUT #18754
    • 56288: Add list of pods that use a volume to multiattach events #18290
    • 56315: Record volumeID in GlusterFS PV spec UPSTREAM: 56823: Add volID based delete() and resize() if volID is available in pv spec UPSTREAM: 57516: Add custom volume name based on SC parameter UPSTREAM: 58513: Add Namespace to glusterfs custom volume names UPSTREAM: 58626: Use correct pv annotation to fetch volume ID #18326
    • 56432: e2e: test containers projected volume updates should not exit #18387
    • 56846: Fix Cinder detach problems #18140
    • 56872: Fix event generation #18442
    • 57202: Fix format string in describers #18853
    • 57336: Abstract some duplicated code in the iptables proxier #18754
    • 57461: Don't create no-op iptables rules for services with no endpoints #18754
    • 57480: Fix build and test errors from etcd 3.2.13 upgrade #18731
    • 57854: fix bug of swallowing missing merge key error #18331
    • 57967: Fixed TearDown of NFS with root squash. #18154
    • 58177: Redesign and implement volume reconstruction work #18554
    • 58316: set fsGroup by securityContext.fsGroup in azure file #18526
    • 58375: Recheck if transformed data is stale when doing live lookup during update #18530
    • 58415: Improve messaging on resize #18509
    • 58439: Fix loading structured admission plugin config #18529
    • 58439: Surface error loading admission plugin config #18529
    • 58522: Clean up error messages for pre-bound PVCs #18284
    • 58533: add suggestion to describe pod for container names #18178
    • 58574: fixing array out of bound by checking initContainers instead of containers #18403
    • 58617: Make ExpandVolumeDevice() idempotent if existing volume capacity meets the requested size #18432
    • 58685: Fill size attribute for the OpenStack V3 API volumes #18237
    • 58720: Ensure that the runtime mounts RO volumes read-only #18255
    • 58739: Don't bind PVs and PVCs with different access modes #18284
    • 58753: Fix kubectl explain for cronjobs #18268
    • 58794: Resize mounted volumes #18421
    • 58930: Don't wait for certificate rotation on Kubelet start #18322
    • 58955: pkg: kubelet: do not assume anything about images names #18340
    • 58977: Fix pod sandbox privilege. #18820
    • 58991: restore original object on apply err #18337
    • 58994: Race condition between listener and client in remote_runtime_test #18409
    • 59170: Fix kubelet PVC stale metrics #18787
    • 59279: nodelifecycle: set OutOfDisk unknown on node timeout #18417
    • 59297: Improve error returned when fetching container logs during pod termination #18515
    • 59350: Do not recycle volumes that are used by pods #18552
    • 59365: Fix StatefulSet set-based selector bug #18824
    • 59386: Scheduler - not able to read from config file if configmap is not found #18475
    • 59449: Fix to register priority function ResourceLimitsPriority correctly. #18503
    • 59506: fix --watch on multiple requests #18514
    • 59569: Do not ignore errors from EC2::DescribeVolume in DetachDisk #18544
    • 59767: kubelet: check for illegal phase transition #18585
    • 59873: Fix DownwardAPI refresh race #18636
    • 59923: Rework volume manager log levels #18636
    • 60299: apiserver: fix testing etcd config for etcd 3.2.16 #18731
    • 60301: Fix Deployment with Recreate strategy not to wait on Pods in terminal phase #18760
    • 60306: Only run connection-rejecting rules on new connections #18754
    • 60342: Fix nested volume mounts for read-only API data volumes #18789
    • 60430: don't use storage cache during apiserver unit test #18731
    • 60457: tests: e2e: empty msg from channel other than stdout should be non-fatal #18755
    • 60490: Volume deletion should be idempotent #18878
    • 61045: subpath fixes #18957
    • 61107: Add atomic writer subpath e2e tests #18957
    • 61107: Detect backsteps correctly in base path detection #18957
    • 61193: bugfix(mount): lstat with abs path of parent instead of '/..' #18985
    • : Remove write permissions on daemonsets from Kubernetes bootstrap policy #18977
    • : Short-circuit HPA oapi/v1.DC #18380
    • : hack in working autoscale reference for oc autoscale #18376
    • : hack out the oapi for restmapping resources when more than one is present #18377
    • : patch the upstream SA token controller and use it #18508
  • Updates to docker/distribution

Features

FEATURE DESCRIPTION

PARAGRAPH

  • DESCRIPTION #PR

Other Features

  • build: Issue 17941: Add oc new-build --push-secret option #18477
  • deploy: Add support for deployments in oc status #18439, #18579

Bugs

  • auth: Change Header used for impersonation scopes to match upstream #18378
  • auth: Deprecate some policy commands #18102
  • build: Adjust newapp/newbuild error messages (arg classification vs. actual … #18272
  • build: Fix BuildConfigInstantiateFailed warning when lastVersion == 0 #17146
  • cli: Add infos count to oc status #18422
  • cli: Suppress project list on login if you have access to greater than 50 projects #18706
  • diagnostic: Add an AppCreate diagnostic #16658
  • diagnostic: AggregatedLogging ClusterRoleBindings false negative fix #18888
  • diagnostic: Fix AnalyzeLogs to provide more clear debug message #18654
  • image: Fix annotation trigger to reconcile on container image change #18513
  • image: Preserve namespace on imagestreams server-side export #18487
  • image: Prevent scheduled importer of images from advancing too quickly #18604
  • image: Retry import without authentication if we get 401 error for public images #18012
  • migrate: Add migrate command for legacy HPAs #18854
  • network: Fix reassignment of egress IP after removal #18720
  • network: Deal with auto-egress-ip mark conflicting with kube-proxy's masqueradeBit #18121
  • network: Do not allow 'default' project to be isolated using 'oc adm pod-network' #18687
  • network: Don't try to delete (nonexistent) OVS flows for headless/external services #18890
  • network: Fix CNI IPAM data dir #18863
  • network: Fix handleDeleteSubnet() to release network from subnet allocator #18819
  • newapp: --source-image should count as a source input for new-app #18631
  • node: Move pod-namespace calls out of process to prevent races between Go threads #18355
  • node: Restart console container when config changes #18411
  • node: Support --write-flags on openshift start node to support moving directly to kubelet #18322
  • oauth: Enable osin internal error logging #18505
  • router: Make oadm router and registry resiliant to missing client for use in scripts #18546
  • router: Updating route TLS configuration will be possible with 'create' permissions on custom-host #18312
  • security: ClusterResourceOverride plugin should not set CPU or memory minimums below the namespace quota minimum #18553
  • server: Bug 1538389 - Allow node IP change to update Host IP in HostSubnet resource #18281
  • server: Correctly handle newlines in serial files #18405
  • server: Wait for lease acquisition that indicates the controllers and scheduler have successfully started #18338
  • template: Make sure we can unbind a deleted templateinstance #18452

Release SHA256 Checksums

6ed2fb1579b14b4557e4450a807c97cd1b68a6c727cd1e12deedc5512907222e  ./openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz
a616d50c0974d4b3d1f12f227883afa7e70028fe78c874fc233eb3466ee12fdf  ./openshift-origin-server-v3.9.0-191fece-linux-64bit.tar.gz
32bdd9464866c8e93d8cf4a3a7718b0bc9fa0f2881f045b97997fa014b52a40b  ./openshift-origin-client-tools-v3.9.0-191fece-mac.zip
705eb110587fdbd244fbb0f93146a643b24295cfe2410ff9fe67a0e880912663  ./openshift-origin-client-tools-v3.9.0-191fece-windows.zip

@smarterclayton smarterclayton released this Mar 16, 2018 · 4075 commits to master since this release

Assets 7

This is a patch release of OpenShift Origin.

Changes

v3.7.2 (2018-03-16) Full Changelog

Component updates

  • Updates to Kubernetes
    • 49624: Add daemonset to all categories #18478
    • 53690: Fix hpa scaling above max replicas w/ scaleUpLimit #18216
    • 54701: Refactor reconcileAutoscaler method in hpa #18216
    • 55631: Parse and return the last line in the log even if it is partial #17546
    • 57422: Rework method of updating atomic-updated data volumes #18167
    • 57967: Fixed TearDown of NFS with root squash. #18954
    • 58301: Limit all category to apps group for ds/deployment/replicaset #18478
    • 58572: Automated cherry pick of #58547: Send correct resource version for delete events from watch #18246
    • 58720: Ensure that the runtime mounts RO volumes read-only #18954
    • 60342: Fix nested volume mounts for read-only API data volumes #18954
    • 61047: Lock subPath volumes #18954
    • 61109: Detect backsteps correctly in base path detection #18954
    • 61196: bugfix(mount): lstat with abs path of parent instead of '/..' #18954
    • Revert "UPSTREAM: 53916: update .dockercfg data to config.json format" #18062

Bugs

  • auth: Fix issues with oc adm migrate authorization #18221
  • migrate: handle NotFound via resource matching and during conflicts #18287
  • server: Include proto swagger document in discovery #18309
  • server: Don't expose oapi types as 'all' #18478
  • deployments: Correctly trigger DC trigger reconciliation on image change release #18524
  • build: Correctly set selinux labels for build containers #17546

Release SHA256 Checksums

abc89f025524eb205e433622e59843b09d2304cc913534c4ed8af627da238624  ./openshift-origin-client-tools-v3.7.2-282e43f-linux-64bit.tar.gz
74933671b886f790dbf83edfba25a522851244c37a586dc491a39ebf30ece893  ./openshift-origin-server-v3.7.2-282e43f-linux-64bit.tar.gz
8ae2f51cdde5c76a33add98c64efc30f11f5c0fbd1dacc5ae5d0f147b96f7d18  ./openshift-origin-client-tools-v3.7.2-282e43f-mac.zip
45e525b751d7659e05adfbd005851cdeb769df511cfe38f5e45c0dfed854e784  ./openshift-origin-client-tools-v3.7.2-282e43f-windows.zip
Mar 13, 2018
Pre-release
Pre-release

@smarterclayton smarterclayton released this Feb 8, 2018 · 3168 commits to master since this release

Assets 7

This is a feature release of OpenShift Origin.

Backwards Compatibility

  • TODO

Changes

Roadmap for the v3.9 release

v3.9.0-alpha.3 (2018-01-23) Full Changelog

API

  • TODO

Component updates

  • Updated to Kubernetes v1.9.1-57-ga0ce1bc657 + patches
    • 49312: allow the /version endpoint to pass through #17576
    • 49885: Ignore UDP metrics in kubelet #17106
    • 50390: Admit sysctls for other runtime. #17274
    • 50673: Azure - Use cloud environment to instantiate storage client #17052
    • 52260: fix azure disk mounter issue #17052
    • 53135: Fixed counting of unbound PVCs towards limit of attached volumes #17442
    • 53576: Revert "Validate if service has duplicate targetPort" #17115
    • 53989: Remove repeated random string generations in scheduler volume predicate #17442
    • 54410: Cpu manager reconcile loop - restore state #18055
    • 54459: fix azure storage account num exhausting issue #17052
    • 54597: kubelet: check for illegal container state transition #17514
    • 54607: fix azure pv crash due to volumeSource.ReadOnly value nil #17052
    • 55248: increase iptables max wait from 2 seconds to 5 (fix) #17115
    • 55316: Make StatefulSet report an event when recreating failed pod #18060
    • 55631: Parse and return the last line in the log even if it is partial #17198
    • 55641: dockershim: remove corrupt checkpoints immediately upon detection #17299
    • 55703: use full gopath for externalTypes #17115
    • 55704: Return original error instead of negotiation one #17115
    • 55772: Only attempt to construct GC informers for watchable resources #17115
    • 55796: Correct ConstructVolumeSpec() #17423
    • 55974: Allow constructing spdy executor from existing transports #17115
    • 55974: Allow constructing spdy executor from existing transports #17391
    • 56045: Fix getting logs from daemonset #17405
    • 56191: CPU Manager panics on state initialization error #18055
    • 56356: Wait for controllerrevision informer to sync on statefulset controller startup #17513
    • 56408: admission: do not leak admission plugin config types outside of the plugin #18111
    • 56503: MustRunAsNonRoot should reject a pod if it has non-numeric USER #17512
    • 56506: kubelet: include runtime error in event on CreatePodSandbox failure #18002
    • 56687: kube-apiserver: enable admissionregistration v1beta1 api by default #17576
    • 56864: pick pod-selector changes from #56864 #17616
    • 56971: LimitRange ignores objects previously marked for deletion #17978
    • 57099: increase the podLogTimeout for downward volume test #17627
    • 57107: Check ns setup error during e2e #17576
    • 57148: expose special storage locations #17576
    • 57149: make quota reusable #17576
    • 57150: allow convert to default on a per object basis #17576
    • 57211: Process cluster-scoped owners correctly #17820
    • 57214: Remove mutation from pvc validation #17876
    • 57247: cpumanager: Propagate error up instead panic #18051
    • 57276: Fix vsphere cloudprovider naming #17961
    • 57349: add watch to requirements for quota-able resources #17863
    • 57993: Add volumemetrics for glusterfs plugin #18091
    • 58018: make controller port exposure optional #18003
    • 58107: Fix quota controller worker deadlock #18080
    • 58302: uniquify resource lock identities #18100
    • : add flag for running bare kube-controller-manager #18100
    • : add our immortal namespaces directly to admission plugin #17914
    • : allow controller context injection to share informers #17115
    • : allow injection of controller context function #18003
    • : allow injection of controller context function #18097
    • : allow multiple containers to union for swagger #17115
    • : disable failing etcd test for old level #17391
    • : exclude some origin resources from quota #17576
    • : keep set working on internal types #17576
    • : make wiring in kubeproxy easy until we sort out config #17576
    • : patch scheduler to apply defaults. drop once we run separate scheduler #17576
    • : switch apply to use the legacyscheme so our types can be handled #17576
    • : switch back to use encode/json to avoid serialization errors #17115
    • : switch back to use ugorji/go to avoid deserialization errors #17768
    • : add back PrintSuccess. remove when printing is fixed #17576
    • : disable flaky InitFederation unit test #17115
    • : enable beta APIs by default. fixed by several pulls upstream #17576
    • : etcd testing #17115
    • : remove usage of bad transport since only GKE routes #17576
    • : run hack/copy-kube-artifacts.sh #17115
    • : skip controller metric error, drop once we run in a separate process #17576
    • : skip scheduler configz error, drop once we run in a separate process #17576
    • : stop adding federation to hyperkube one release early #17663
    • revert: 9176245: : allow controller context injection to share informers #17861
    • revert: cf235c2: UPSTREAM: : switch apply to use the legacyscheme so our types can be handled #17885
  • Updated to Docker distribution v2.6.0-rc.1-210-g00b6b84 + patches
    • docker/distribution: 2382: Don't double add scopes #17115
    • docker/distribution: 2384: Fallback to GET for manifest #17115
    • docker/distribution: 2402: Allow manifest specification #17115
    • docker/distribution: 2402: Allow manifest specification #18078

Features

  • TODO

Bugs

  • build: Fixed the wrong name of building image. According to the implementati… #17050
    • Fixed the wrong name of building image. According to the implementation and running behavior. the building image is openshift/origin-release (215b3d8)
  • auth: Allow registry-admin to manage RBAC roles and bindings #17247
    • Allow registry-admin to manage RBAC roles/bindings (6fe9944)
      force-merge: Fix push-release e6b20e1
  • cli: Improve the documentation for oc rollout #17081
    • Since the 'oc deploy' is deprecated. It is better for providing usage 'oc set trigger'. Forgetting the 'oc deploy'. (cdfe840)
  • cli: oc set probe err message improvements #17107
    • move error cause to top of err message (1acd699)
  • image: don't create output imagestrem if already exists with newapp #16843
    • don't create output imagestrem if already exists with newapp; better circular tag detection (697ee8e)
  • auth: Improve the oc auth subcommands CLI example #17270
    • Improve the oc auth subcommands CLI example usage: Replaced the kubectl to oc (d379c09)
  • Fix parse error for multiple OPTIONS to run node #17212
    • Remove double quotations from docker env to run node (335053a)
    • Handle OPTIONS as additional argments (549f540)
  • make assetconfig a top level type #17310
  • Trivial fix to do fewer allocations in OVS healthcheck #17313
    • Avoid parsing the whole dump-flows output in the OVS health check (67a57a3)
  • image: Add python 3.6 S2I image to examples #17281
    • Add python 3.6 S2I image (d4a8e61)
  • image: Imagestream tag exclude from pruning #16580
    • Add new option to exclude imagestream tag from pruning by regular expression (b70983d)
  • cluster: clusterup add .skip_pv marker #16631
    • add skip_pv marker to skip PV creation (7f448c0)
  • router: Router: Changed default resource resync interval from 10mins to 30mins #17012
    • Router: Changed default resource resync interval from 10mins to 30mins (172349c)
    • Fix project sync interval in router (5e20571)
  • build: remove kubectl from openshift (but not oc) #17305
    • remove kubectl from openshift (but not oc) (41f361a)
    • try to modify the build scripts and not turn purple (163e2e7)
    • generated (08de059)
  • cluster: Limit fail-on-swap override to cluster-up #17385
    • Revert "interesting: restore ability to start with swap on by default" (97ab350)
    • set fail-swap-on to false for cluster up (d8265d0)
  • server: Remove overwrite_bootstrappolicy and pkg/cmd/server/admin/legacyetcd #17336
    • remove pkg/cmd/server/admin/overwrite_bootstrappolicy.go and pkg/cmd/server/admin/legacyetcd (a9ea2dd)
    • update generated docs (011b1ca)
  • switch to hyperkube and remove renames #17369
  • security: admission_test.go(TestAdmit): compare SecurityContexts instead of particular members #17296
    • admission_test.go(testSCCAdmission): print test case name when test fails. (df809c4)
    • admission_test.go(TestAdmit): eliminate duplicated code by using existing method. (c634e11)
    • admission_test.go(TestAdmit): split to TestAdmitSuccess and TestAdmitFailure. (d935b12)
    • admission_test.go(TestAdmitFailure): reduce code by (enchancing and) using existing function. (f51843c)
    • admission_test.go(setupClientSet): extract function. (072358b)
    • admission_test.go(createSCCLister): extract function. (d1895e0)
    • admission_test.go: rename variable to better describe its type. (0cdb8b1)
    • admission_test.go(createSCCListerAndIndexer): introduce and use function. (ae97160)
    • admission_test.go(saExactSCC): extract function. (e8a9047)
    • admission_test.go(saSCC): extract function. (4eaeda2)
    • admission_test.go(TestAdmitSuccess): compare SecurityContexts instead of particular members. (0ea1b36)
    • admission_test.go(testSCCAdmission): modify to signalize about errors. (0016ceb)
    • admission_test.go(TestAdmitSuccess): remove hardcoded SELinux level. (268aea6)
  • switch the easy admission plugins to external types #17288
    • switch easy admission plugins to external clients (b4427a0)
    • switch to external user client (faf4959)
  • pkg/security/OWNERS: add simo5 to the list of approvers #17406
    • pkg/security/OWNERS: add simo5 to the list of approvers. (2c0ee83)
  • image: remove openshift cli and friends #17396
  • cluster: Gate fail-swap-on flag with a version check #17410
    • Revert "set fail-swap-on to false for cluster up" (5bb0613)
    • Make "openshift start node --write-config" tolerate swap on (2b69c32)
  • server: switch to glide #17391
    • glide.yaml (9e21404)
    • use script to link to staging folder for patches (e373c53)
    • update openapi generation script to exclude dir (7a98e50)
    • minor completion changes (50b62dc)
    • prevent k8s.io/kubernetes/cmd since we didn't run them before (9fa7abd)
  • fix multiarch import tests #17437
    • disable multiarch import tests (2dbe4f4)
  • template: Add provisioner template for local storage #16538
    • Rename "local storage" to "HostPath storage" example (2638776)
    • Add template for local storage (276079c)
  • image: Change imagestreamtag sorting #17430
    • Sort istags alphabetically during schema conversion (0f6440d)
    • Version prefix matters when sorting tags names (691009b)
  • server: Switch to use .DeepCopy() instead of kapi.Scheme.DeepCopy() #17444
    • replace usage of kapi.Scheme.DeepCopy() with .DeepCopy() (4f70f5d)
    • interesting: switch image change reactor to use runtime.Object (d485992)
    • replace usage of kapi.Scheme.Copy() with .DeepCopy() (0b49deb)
  • test: Extend the e2e suite to a broader range of tests #17417
    • Extend the e2e suite to a broader range of tests (67cf6cf)
    • Networking tests should be better at picking targets (e02c56b)
    • Reduce the required timing on build tests to account for overlay (a9bab2d)
  • cli: Begin moving pkgs w/ deps on pkg/oc #17332
    • break dep on pkg/oc - generator/generator.go (9fd5519)
  • Update prometheus to 2.0.0 GA #17039
    • Update prometheus to rc2 (b591821)
  • server: Switch to openshift/api #17477
    • add openshift api dependency (5aaa00b)
    • move-package script (b505911)
    • generated move results (9d41cbe)
    • manual prep for move (e491d07)
    • update register files (d4db27a)
    • update generation script (662468e)
    • update manual conversion references (4023e66)
    • move helper to single point of use (e825c5f)
    • adjust to new client (95cac05)
    • react to gopkg.in/ldap.v2 bump (8f5944f)
    • something happened to the openshift proto definitions (0d7864f)
    • generated (6b0e2c4)
  • remove openshift infra command #17482
  • node: Add test to guard unset fields in deployer pod #17471
    • add test to guard for new pod fields in deployer controller (9084edf)
  • node, syscontainer: drop /var/lib/docker mount point #15115
    • node, syscontainer: replace /var/lib/docker mount point (20ffe24)
    • node, syscontainer: umount everything under /var/lib/docker/containers (d14bce0)
  • build: set selinux labels on build docker containers when running pods in crio #17094
    • setup selinux labels for build containers (bce732a)
      force-merge: Adding OS_GIT_PATCH to rpm env 354df72
  • hack: hack/lib/init.sh: minor shell and readme improvement #17501
    • hack/lib/init.sh: minor shell and readme improvement (644ad02)
  • image: install ceph luminous package in centos7 based image #17350
    • install ceph luminous package in centos7 based image (9f08ce6)
    • use centos SIG storage repo (b7fde7b)
  • deploy: apps: extend extended tests to better check for deployer invariants and enable back the old check #16998
    • Fixup variable names in DC controller (086cc82)
    • Make deployment test reproducible when randomness is involved (705e69b)
    • Add asynchronous deployer pod invariant checker for every test (020235f)
    • Enable back the old check for multiple deployer pods temporarily disabled in #16956 (62b1cbc)
    • Add some test to stress test deployer pod invariants (ba495e5)
  • cli: move "openshift ex" -> "oc ex" #17486
  • server: pick pull 17473: stop adding beta admission config to default master configs #17516
    • stop adding beta admission config to default master configs (d2ee0d3)
    • patch master option tweaks (93ddeae)
  • template: break dep on clientcmd in pkgs outside pkg oc #17357
    • break dependencies on pkg/cmd/util/clientcmd (6bb3e85)
    • move admin template cmds -> pkg/oc/admin (41e9a84)
    • move main client configuration to pkg/client/config (14a5503)
    • break remaining deps on pkg/oc (213f9a8)
  • deploy: Fix DC reaper to deal with invalid resource name. #17492
    • Fix DC reaper to deal with invalid resource name. (It was deleting all RCs because apimachinery .AsSelector() ignores errors and returns MatchAll selector in that case.) (b75bee4)
    • Fix TestWaitForRunningDeploymentSuccess race (f6f37ad)
  • Exclude myself from most of the OWNERS files #17557
    • Exclude myself from most of the OWNERS files. (086bd45)
    • Exclude legionus and tiran from OWNERS as well. (29d91f0)
  • prevent references from origin to oc #17536
  • prevent references from origin to oc (c1c9636)
  • auth: Infrastructure changes for token timeouts #17614
    • Remove duplicate Origin authenticator interfaces (b638188)
    • Add OAuth token and user validator interface (10d7f6a)
    • Wire up OAuth shared informer (5b379e3)
    • Allow authenticator to return post start hooks (f27d947)
  • cluster: cluster up support for N-1 clusters #17338
    • switch to template-service-broker binary (9776370)
    • cluster up support for N-1 clusters (758e387)
  • deploy: Remove journald limits #17597
    • Drop changing journald limits, now that ansible owns that piece (3906907)
    • Bring back deployment e2e commented out due to journald limitting problem (e13aa42)
  • auth: Fail fast when request to /.well-known/oauth-authorization-server fails #17606
    • Fail fast when request to /.well-known/oauth-authorization-server fails. (51e0daf)
  • Introduce custom Grafana for openshift prometheus. #17037
    • Introduce custome Grafana for openshift prometheus. (ca061f2)
  • deploy: Fix deploymentconfig scale #17587
    • Fix scale subresource type for apps.openshift.io/deploymentconfigs/scale (cc424f5)
    • Fix deployment config UpdateScale (b948af9)
  • build: adjust bld prometheus ext test for concurrent tests, cross namespace … #17635
    • adjust bld prometheus ext test for concurrent tests, cross namespace builds (bc923a2)
  • node: sdn: make pod operation metrics more useful and collectable #17250
    • sdn: make pod operation metrics more useful and collectable (d61ffa1)
    • sdn: handle error from JSON marshal at pod setup (caf5f73)
  • fix prometheus readme: bld phase/reason conversion to all lower case … #17809
    • fix prometheus readme: bld phase/reason conversion to all lower case was reverted (f1194fd)
  • deploy: re-enable deployment test #17751
    • Revert "increase DC hook timeouts. indicates pod start latency problem and flakes end-to-end" (0ac4108)
    • re-enable deployment test (56ac0bf)
  • cluster: diagnostics: minor fixes #17772
    • diagnostics: correctly use cluster-context if specified (428abd8)
    • diagnostics README: correct package and command (8c71416)
    • diagnostics: in-pod command now openshift-diagnostics (357071f)
  • auth: NetworkPolicy RBAC fixes #17549
    • Update OpenShift roles for networking.k8s.io (98b52bf)
  • sync prometheus ext tests running in parallel #17717
    • account for already exist race with prometheus ext tests (9b9f68d)
  • router: re-enable router metrics test #17753
    • re-enable router metrics test (f6b0568)
  • Workaround for broken quota admission test #17830
    • Fix quota admission test (93e0508)
  • Restore ugorji json decoding with type coercion #17768
    • Add compatibility test for (shudder) string->int and {}->[] coercion (a8b819c)
  • Allow the configuration of individual controllers #17572
    • allow configuring enabled and disabled openshift controllerS (a5743a7)
    • generated (171d733)
  • test: tweak failing-dc e2e test with sleep so docker have time to get the hook container logs #17746
    • add sleep to failing-dc fixture so docker have time to gather logs from hook container (6ace95d)
  • build: Update gitignore for vendored build output files #17848
    • Add the output directories for incubators to .gitignore (70400f6)
  • hack: UPSTREAM: 57214: Remove mutation from pvc validation #17876
    • fake godeps.json to make hack/cherry-pick.sh work (adc5326)
  • server: Add origin types kubectl scheme #17885
    • Add origin types to the kubectl scheme (e65306c)
    • centralize legacy installation into core api group (ec8902b)
  • hack: hack/update-dep.sh proof #17810
  • cluster: Remove hardcoded fields for parameter substitution configuration in Cluster Loader #17072
    • Remove hardcoded fields for Cluster Loader parameters (3bef3a2)
  • cli: Add --selector, --pod-selector flags oc adm drain #17616
  • Update swagger spec generation #17688
    • Update swagger spec generation (804b779)
    • Generated changes (b60a6d0)
  • deploy: Fix race in extended deployments test #17889
    • Fix race in extended deployments test "should deal with cancellation after deployer pod succeeded" (84cdf40)
  • Fix SDN exponential backoff timeouts #17739
  • Fix SDN exponential backoff timeouts (ac0793c)
  • Moved getLocalSubnet() from node/sdn_controller.go to node/subnets.go (2603e1f)
  • run openshift and kube controllers on different leases #17861
  • run openshift and kube controllers on different leases (766a973)
  • image: Add labels column to oc get images --show-labels output #17846
    • print labels for images (340502b)
    • add tests for image labels (aea4040)
  • server: Changing API flow description #17960
    • Add make update-deps target to be compatible with other openshfit repos (b3c019e)
    • Add an API change section (e7260c5)
  • Update glide again #17962
  • Rebase service catalog to v0.1.3 #17378
    • Squashed 'cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/' changes from 3064247d05..d969acde90 (cedd00c)
  • build: move builder images to use external apis #17699
    • clean up import verifier error (b27d4b4)
    • move builder image code to v1 apis (66c9d91)
  • security: SCC admission plugin: extract name to a constant #17856
    • PSP admission plugin: extract name to a constant and a couple minor improvements. (7109512)
  • security: Improve the process of pod updates by preferring non-mutating SCCs and reducing pod mutations #16934
    • SecurityContextConstraints: do not mutate nil privileged field to false. (5b2b98f)
    • SecurityContextConstraints: only set runAsNonRoot when runAsUser is nil. (014f66d)
    • SecurityContextConstraints: avoid unnecessary mutation of container capabilities. (2e79df0)
    • SecurityContextConstraints: avoid unnecessary mutation of supplemental groups. (1b41ef7)
    • SecurityContextConstraints: pass effective capabilities to validation interface. (098d160)
    • SecurityContextConstraints: limit validation to provided groups. (abd601c)
    • SecurityContextConstraints: pass effective selinux options to validate. (b5a8497)
    • SecurityContextConstraints: pass effective runAsNonRoot and runAsUser to user validation interface. (3d4c343)
    • Add unit tests for RunAsUser.MustRunAsRange strategy. (d07223b)
    • SecurityContextConstraints: avoid unnecessary securitycontext mutation. (f4d81e2)
    • Security Context Constraints: prefer non-mutating SCC on update. (de94214)
  • node: skip docker ping check when using fake docker #17979
    • node: use a warning instead of fatal when docker ping fails (ca5ca9c)
  • router: Fix indentation in egress-router.sh #18001
  • Split prometheus alerting rules, add new automated recording rules #17553
    • Split prometheus alerting rules, add new automated recording rules (db29c1c)
    • Limit some high cardinality metrics by default (3287329)
    • Add a standalone prometheus example (ba373ca)
  • Add proper error message to OVS health check #17890
    • Add proper error message to alreadySetup (ca87845)
    • Fix error message (fd3af25)
    • Fix error messages (179cef6)
  • build: run jenkins java builds in memory constrained pods #17832
    • run jenkins maven build in memory constrained pod (e986a9e)
    • run jenkings gradle build in memory constrained pod (447f326)
  • server: re-enable openapi aggregation #17899
  • test: Implement a way to time out tokens based on (in)activity #17640
    • Introduce inactivity timeout tracking for access tokens (59a803b)
    • Generated files (aa34658)
    • Add integration test to check token timeouts (0ed56a9)
    • Fix timeout validator unit test flakes (83811da)
  • cluster: Adding synchronization and other features to extended test cluster loader. #17894
    • Adding synchronization and other features to extended test's cluster loader. (dd2366b)
  • node: Fix passing container to pod logs from dc #18017
    • cli: pass container name to log options for dc (97a6d82)
    • apps: pass container and previous correctly for pod logs (502be64)
  • cluster: Support web console image for cluster up #17575
    • Support web console image for cluster up (caba0dc)
    • Tag origin-web-console image for e2e tests (27041dd)
  • network: Remove numerous "Provided subnet doesn't belong to network" when configured with multiple subnets #17973
  • Rebase to 1.9.1 #18003
  • stop special casing creation for ns lifecycle admission #17914
    • stop special casing creation for ns lifecycle admission (de77da5)
  • add proxy for the webconsole #17862
    • add proxy for the webconsole (7e44f15)
    • remove webconsole from openshift (c1c520d)
  • cli: Fix segv error for usage error of oc set env command #17932
    • Fix segv error for usage error of set env (95e7a0a)
  • ex: dockergc: various fixes #17479
    • ex: docekrgc: remove BindForOutput flags (bcb8d75)
    • ex: dockergc: fix typo in error message (cffdd1e)
    • ex: dockergc: use glog (329b4d0)
    • ex: dockergc: add dry-run mode (45c72bd)
    • ex: dockergc: fix use of contexts (6a1ddee)
    • ex: dockergc: make gc pass failure non-fatal (3547f93)
  • router: Bump router to haprox18 #18053
    • Bump the haproxy version to 1.8 (d0aa776)
    • router- Temporarily add centos paas sig 3.8 (53762de)
  • auth: Revert back to the "normal" apiserver authentication #15739
    • Revert "disable TSB client cert and front proxy auth until aggregation is on by default" (7b09621)
  • dind-ovn: use golang binaries instead of python ones #17541
  • auth: apps: Fix dc triggers reconciliation on image change and do not deploy DCs with empty image #17539
    • Add test to verify we don't deploy unspecified images in DC (d9dcac5)
    • Never deploy unspecified images in DC (f0913b2)
    • Fix DC image reactor to reconcile on DC dc.Spec.Template.Spec.Containers changes (cda584a)
  • cli: bug 1470374 - oc new-app behaviour #17457
    • Add "no git installed" logic for oc new-app syntax (4113dc5)
  • router: Pull haproxy from the right place #18066
    • Allow haproxy from CentOs (90a1310)
  • auth: remove oauth server dependency from most integration tests #18067
    • remove dead code (6232b9b)
    • remove oauth server dependency from most integration tests (5371880)
  • cluster: Cluster capacity rebase to kubernetes 1.9 #18088
    • Cluster capacity vendor update for kube 1.9. (64c9fe2)
    • Cluster-capacity code update for kube 1.9. (408fb77)
  • server: Use webconsole.config.openshift.io/v1 API group #18056
    • Use WebConsoleConfiguration API group (0ac3f9d)
  • template: Improve ISSUE_TEMPLATE.md #18027
    • .github/ISSUE_TEMPLATE.md: improve. (232751e)
  • cli: fix -o panic oc rollback #18040
  • patch controllers for storage #18097
    • inject an informer factory override for kube controllers to minimize impact (33febce)
  • Resolve admission plugin config files #12321
    • Move server config test data to fixtures (ec516d2)
    • Apply defaults to server config testdata (516aea9)
    • Make admission plugin config a pointer (73c3201)
    • Resolve relative admission plugin config file locations (bdfc2e1)
  • Clean Prometheus example #17992
    • Clean prometheus example. Add proxy for alertmanager (45eb81a)
  • tolerate discovery and errors better #17195
    • allow error and partial result for legacy discovery (8233cb6)
  • cli: Deprecate oc secrets subcomands #18093
  • image: Add image-streams and update db-templates #17922
    • Add image-streams and update db-templates. (9d12ad6)
  • add wiring for running bare kube-controller-manager #18100
    • make use of the patched kubecontroller manager in openshift (bd48fc8)
  • image: oc image mirror was accidentally broken during dependency updating #18078
    • Fix oc image mirror post rebase changes (4ec0e5e)
    • Update glide.yaml to point to docker distribution branch (729d5f5)
  • web: from 721cde05fe8c386935adc209638700b2476dd228^..721cde05fe8c386935adc209638700b2476dd228
    • registry: Rebase 1.8.1 #17115
    • server: Switch to openshift/api #17477
    • network: rebase 1.9.0 beta.1 #17576
    • Update swagger spec generation #17688
    • Update glide again #17962
    • server: re-enable openapi aggregation #17899
    • Rebase to 1.9.1 #18003

Release SHA256 Checksums

aaf1b7115b83105e9acd8687ff5cb43c698a9a7fcd8e6515860303e1e8bd10a0  ./openshift-origin-client-tools-v3.9.0-alpha.3-78ddc10-linux-64bit.tar.gz
619ca9350fa70116e7c4544c2be30c544346d054e2f457e3fdd0cab4f7c01996  ./openshift-origin-server-v3.9.0-alpha.3-78ddc10-linux-64bit.tar.gz
b03bcc33ede03632d97158555157800aabbc11bf005a5c88633eb252ad71ef8f  ./openshift-origin-client-tools-v3.9.0-alpha.3-78ddc10-mac.zip
cc8744074ea4ac0cb746b4f1289c1d88b7cc56ec1239d0411dfed780e1d14e93  ./openshift-origin-client-tools-v3.9.0-alpha.3-78ddc10-windows.zip

@smarterclayton smarterclayton released this Jan 16, 2018 · 4075 commits to master since this release

Assets 7

This is a patch release of OpenShift Origin.

Changes

v3.7.1 (2018-01-16) Full Changelog

Component updates

  • Updates to Kubernetes
    • 51634: Revert to using isolated PID namespaces in Docker #17722
    • 55641: dockershim: remove corrupt checkpoints immediately upon detection #17302
    • 56356: Wait for controllerrevision informer to sync on statefulset controller startup #17620
    • 56503: MustRunAsNonRoot should reject a pod if it has non-numeric USER #17686
    • 57211: Process cluster-scoped owners correctly #17818
    • Allow controller context injection to share informers #17855
  • Updates to Docker distribution
    • docker/distribution: 2140: Add 'ca-central-1' region for registry S3 storage driver #17585

Bugs

  • deploy: Fix deployment config scale subresource #17517#17599
  • oauth: Make client authorizations tolerant of UID changes (4800340)
  • router: Fix example certificates used in router tests #17959
  • server: Fix panic on controllers start #17855

Release SHA256 Checksums

56e9dbff7e5e4ade1e92cc10ff1bd1ae2789ec400be0d8a5b2177fd6c465af21  ./openshift-origin-client-tools-v3.7.1-ab0f056-linux-64bit.tar.gz
bd783fe128fac2f2dd117a23a4c1d9d1b0a8313e2bdb433f640c3b23df7eb8f8  ./openshift-origin-server-v3.7.1-ab0f056-linux-64bit.tar.gz
e2cdad103485580166e4aef14e111551439c2c18a1ed77376b16808755b363ea  ./openshift-origin-client-tools-v3.7.1-ab0f056-mac.zip
dc228416bc07bf96ea6ecca431004bfc1182af0c0b0be7834fceda5e8a663b3e  ./openshift-origin-client-tools-v3.7.1-ab0f056-windows.zip