v1.3.0-alpha.3
Pre-releaseThis is an alpha feature release towards OpenShift Origin 1.3.0
Backwards Compatibility
- Image Streams
- In order to tag an image from one image stream into another via
oc tag
or the API, you must have permission to pull the image, not just permission to view the source image stream. Runningoadm policy reconcile cluster-roles
will alter default roles so that tagging continues to work as normal.
- In order to tag an image from one image stream into another via
API Changes
- DNS:
- SRV record responses have changed significantly to conform to new features enabled in Kubernetes 1.3. More details in the 1.3 release notes issue. Callers must now explicitly request the port by name and protocol to get the port info (e.g.
dig @server _http._tcp.kubernetes.default.svc.cluster.local
)
- SRV record responses have changed significantly to conform to new features enabled in Kubernetes 1.3. More details in the 1.3 release notes issue. Callers must now explicitly request the port by name and protocol to get the port info (e.g.
- Builds:
- Build Request API should return NotFound if the parent build config does not exist #9763
- Reject ImageStreamTag references on builds and build configs that are not well formed as validation errors #9945
- Support YAML payloads for generic webhooks #10031
- Properly mark secrets field as not required in swagger #10038
- Disallow build config LastVersion from getting smaller - clients will receive a validation error if
status.latestVersion
is a smaller integer than the stored value #9568
- Secrets:
- Secret data may now be specified in string form (rather than base64 encoded) via the new
stringData
map, which is write-only and takes precedence over keys with the same name specified indata
#9663
- Secret data may now be specified in string form (rather than base64 encoded) via the new
- PodSecurityPolicy Review API (alpha)
- The review APIs have been updated to take a
PodTemplateSpec
struct instead of aPodSpec
struct, so that annotations on the pod template can be validated. #10007
- The review APIs have been updated to take a
Component updates
- Updated to Kubernetes 1.3.0 with patch set Origin stable-20160804
- Backported a number of 1.3.x fixes, including a serious regression in parallel pod start performance with #10111
- Updated to Docker distribution 2.4.0 with patch set 5594335
Features
v1.3.0-alpha.3 (2016-08-07)
Full Changelog
PetSets and Init Containers
Kubernetes 1.3 includes two new features in alpha designed for running clustered software: PetSets and init containers. PetSets make it easy to run a consistent set of pods that have individual network identities and are able to have unique persistent volumes. Init containers are run sequentially before the other containers in a pod are started and allow pod authors to read and write volume data, download binaries, wait for other components to start, and other initialization style tasks.
The examples/pets directory contains a number of examples of how to use PetSets. As alpha features, no backwards compatibility in future Kubernetes or OpenShift versions is guaranteed and may change significantly. Please provide feedback on these features.
Improvements to Jenkins
- clean up jenkins master/slave example [#9956](https://github.com//pull/9956) - jenkins: Generate a password for Jenkins [#10163](https://github.com//pull/10163) - jenkins: Use official maven image for slave pods in sample pipeline [#9807](https://github.com//pull/9807) - console: addition of a dedicated Pipelines page ![pipelines_page](https://cloud.githubusercontent.com/assets/1467629/17498811/9c373f7e-5d97-11e6-8502-7e21ff8ec1d0.png) - console: improvements to the pipeline visualization on the Overview ![pipeline_overview](https://cloud.githubusercontent.com/assets/1467629/17498819/aa453c7e-5d97-11e6-88af-a7a033bf93e0.png)Upgrading to Docker Registry 2.4, cross-repository linking, and better usage tooling
This release contains an upgrade to Docker distribution 2.4 which contains many performance and usability improvements, including cross repo mounting when pushing images that already exist in the OpenShift registry. Support for the new schema2 storage format for images is now available, although it must be manually enabled in order to accept images pushed in the schema2 format (to preserve compatibility with older Docker versions).
- registry: Check pull access when tagging imagestreams #10109
- registry: Consider schema v2 layers when pruning #9713
- registry: User can get only blobs he's able to see #9819
- registry: Ensure that download access to registry blobs is controlled by access to the image stream #9593
Bearer token and anonymous access
The registry now supports the the Docker Token Authentication Specification, which enables bearer token authentication and anonymous access. Grant the system:image-puller
role to the system:unauthenticated
group to allow unauthenticated image pulls from a namespace:
oc policy add-role-to-group system:image-puller system:unauthenticated -n mynamespace
- registry: Allow anonymous registry access #9887
Image usage reporting
A new top level administrative command oadm top
has been added to support administrative insight into the images used by the platform. Using oadm top images
will show you information about the top images in use and how much space is in use in your registry. oadm top imagestreams
will show you more detail about the total referenced size of each image stream and the number of layers allocated.
- images: Provide an administrative image usage report tool #9587
$ oadm top imagestreams
NAME STORAGE IMAGES LAYERS
openshift/mongodb 0MiB 0 0
openshift/nodejs 329.84MiB 2 53
openshift/mysql 310.39MiB 2 38
openshift/jenkins 0MiB 0 0
openshift/mariadb 195.33MiB 1 5
openshift/wildfly 1.67GiB 3 87
openshift/python 704.99MiB 4 104
openshift/php 426.87MiB 2 52
openshift/postgresql 0MiB 0 0
openshift/ruby 359.71MiB 3 78
openshift/perl 370.21MiB 2 53
$ oadm top images
NAME IMAGESTREAMTAG PARENTS USAGE METADATA STORAGE
sha256:56f808f1bd2b820df6bef53d959f84bebd77ddd86fa86cef4e402d42a517d861 openshift/perl (latest,5.20) sha256:5a428b5b36d4cd98dce8603d5accb30ff014b7d4fb73c2bb895edda89cabbb3d,sha256:7b5846517492e69b6705c6f6a14f3eb0944bd564369439c539aa57882ea11c00,sha256:851ec2ace8a73a9cc3868edcbff1ac50d5f382d5079b7bfa4e7ff2bb531c171f,sha256:68a27d407fd1ead3b8a9e33aa2054c948ad3a54556d28bb4caaf704a0f651f96,sha256:091120a2f697d36898e3dde6fb5be64d694672111d78a77a340c827626f52f89,sha256:ae121ac0828f1a1ddf3c1c84c67eb663933d60ee73617b8dfa0da5b095f1f9bb,sha256:440bfdfabdd46b5cd18672e7354bf915384047bb074cd429c92db004095f3708,sha256:453d96efdaa1bab5f7d115037235df965a292070a1c6a2af30cb049f5674848e,sha256:e0ccc37251074051bb5d20a86756357bc261b87a6838a552e6304191dffdeed2,sha256:e757c402d95f047f2876e368271e9570b1904366ced49b6333f8a897b368e69d,sha256:a54e1612052715b0d3022c8146ff758bd566455750f1391946648de767a74c5b,sha256:212d8e093d50b44cf8dd3101d22e7efce6293d741a6dc30fced9cd27b70c7c22,sha256:cc561897aa2c64d61fcda5b5149fbd1fca133ceb8cc8ac448859d571a2bdbbd8,sha256:a08759ded47520de300096fea140e9020dc7ae9b7a163ec604baba38c15cd192,sha256:2375b645b83bff8ccf7e61346859cd9a23ac57af6d443b32b6392c1998d14c74,sha256:41da716a93a61a8958d360ac3f70387ece99af3ac4c3ce30dbb735dea41903dc,sha256:e87d875660454595a08287afe8bc121c924d87f93ea1db0f5ac12809d7473bb3,sha256:8c6c4ff3ae64a90ab1535a7ff33e685c63b3d51f7915722292c12e5ccb8f0a7f,sha256:c605bcbb3b290d02a380cf0488effcdbb96fad1fcdd5a1d237fe44237f6d71cd,sha256:e7d7d97f75d94f0b79e68057b1c276c5b8c64d4a1d9a447dd59001521d8720bd,sha256:b58b9ac6edd661668bafab79f10e24e20b4b1df3de77e010bea95cbfa59890cf,sha256:71ea884c14ff11865cec03c443ed9b887d35673e07122e7aea967b75e40b0f42,sha256:8b0055a02328f8d3d9e52112886e6f9272b880eee20ead761e631c3be2d37618,sha256:83c2fd8cc3258f1ec22f26b6f6c573460f43be28f7ab3073b912f7bc8b56d930 yes 276.50MiB
sha256:97caf48a52438d60b567f25d5882c331c7c8d4679618b17b33ee8ec86c7ba5ec test/ruby (latest) sha256:8c6c4ff3ae64a90ab1535a7ff33e685c63b3d51f7915722292c12e5ccb8f0a7f,sha256:212d8e093d50b44cf8dd3101d22e7efce6293d741a6dc30fced9cd27b70c7c22,sha256:e0ccc37251074051bb5d20a86756357bc261b87a6838a552e6304191dffdeed2,sha256:7b5846517492e69b6705c6f6a14f3eb0944bd564369439c539aa57882ea11c00,sha256:c605bcbb3b290d02a380cf0488effcdbb96fad1fcdd5a1d237fe44237f6d71cd,sha256:8b0055a02328f8d3d9e52112886e6f9272b880eee20ead761e631c3be2d37618,sha256:cc561897aa2c64d61fcda5b5149fbd1fca133ceb8cc8ac448859d571a2bdbbd8,sha256:b58b9ac6edd661668bafab79f10e24e20b4b1df3de77e010bea95cbfa59890cf,sha256:56f808f1bd2b820df6bef53d959f84bebd77ddd86fa86cef4e402d42a517d861,sha256:41da716a93a61a8958d360ac3f70387ece99af3ac4c3ce30dbb735dea41903dc,sha256:e7d7d97f75d94f0b79e68057b1c276c5b8c64d4a1d9a447dd59001521d8720bd,sha256:68a27d407fd1ead3b8a9e33aa2054c948ad3a54556d28bb4caaf704a0f651f96,sha256:ae121ac0828f1a1ddf3c1c84c67eb663933d60ee73617b8dfa0da5b095f1f9bb,sha256:453d96efdaa1bab5f7d115037235df965a292070a1c6a2af30cb049f5674848e,sha256:a08759ded47520de300096fea140e9020dc7ae9b7a163ec604baba38c15cd192,sha256:e757c402d95f047f2876e368271e9570b1904366ced49b6333f8a897b368e69d,sha256:091120a2f697d36898e3dde6fb5be64d694672111d78a77a340c827626f52f89,sha256:e87d875660454595a08287afe8bc121c924d87f93ea1db0f5ac12809d7473bb3,sha256:2375b645b83bff8ccf7e61346859cd9a23ac57af6d443b32b6392c1998d14c74,sha256:440bfdfabdd46b5cd18672e7354bf915384047bb074cd429c92db004095f3708,sha256:851ec2ace8a73a9cc3868edcbff1ac50d5f382d5079b7bfa4e7ff2bb531c171f,sha256:83c2fd8cc3258f1ec22f26b6f6c573460f43be28f7ab3073b912f7bc8b56d930,sha256:5a428b5b36d4cd98dce8603d5accb30ff014b7d4fb73c2bb895edda89cabbb3d,sha256:71ea884c14ff11865cec03c443ed9b887d35673e07122e7aea967b75e40b0f42,sha256:a54e1612052715b0d3022c8146ff758bd566455750f1391946648de767a74c5b Deployment: test/ruby-1 yes 156.09MiB
Support all Deployment features on DeploymentConfigs and add the oc rollout
command
Alpha 3 adds a ton of new capabilities onto deployments. As of alpha 3, all options from Kubernetes Deployments are supported on deployment config objects, such as pausing, setting a "wait" period for readiness to stabilize after a deployment, and more information returned in the status of the deployment. In addition, oc rollout (history|pause|resume|undo)
now supports both Kubernetes deployments and OpenShift deployment configs. Over time, oc deploy
will be replaced by subcommands under oc rollout
as Kubernetes deployments gain parity with OpenShift deployments.
Upstream deployments are now enabled for use (in beta) and future releases will add tools for easily converting between them (for when you want deployments that trigger on image changes or deployment hooks).
- deployments: Return API errors on not found imagestreams/deploymentconfigs #9727
- Enabled deployments from Kubernetes as a beta resource - future releases will contain tools for migrating between resources.
- Add paused field in deployment config describer #10159
- deploy: pin retries to a const and forget correctly in the dc loop #9756
- deploy: set gracePeriodSeconds on deployer deletion #9802
- deploy: move cli-related packages in cmd #9692
- deployments: Ensure the test deployment invariant is maintained #9839
- deploy: set gracePeriod on deployer creation rather than when deleting #9854
- Add MinReadySeconds in deployment configs #9852
- deployments: Handle forbidden errors (due to older permissions) in oc rollback #9889
- Remove deployment trigger warning #9894
- Pause the deployment config before deleting #9893
- oc rollout
- deploy: enqueue configs on pod events #9953
- performance
- Enable replicasets and deployments #10136
- deployments: Collapse deployer into deployments controller #9691
- deployments: Specifying an empty initial image will hold the first deployment until an image is tagged #9539
Support resizing remote terminals in the CLI (oc exec|rsh|debug
) and the web console
The exec and attach commands (or more often used with oc rsh
) are now resizable and correctly handle terminal information, which should improve working inside of containers. The web console also allows the terminal to be resized.
- cli: Support terminal resizing for exec/attach/run #9878
seccomp profiles for all containers and allow admin policy on their use
seccomp is a Linux kernel feature that restricts the types of system calls that applications can make. Kubernetes and Docker have added profiles that prohibit access for containers by default and significantly reduce the possibility of new vulnerabilities in the kernel being exploited by malicious containers. OpenShift enables this restrictive policy by default, and administrators can allow less restrictive profiles for highly privileged applications via the SecurityContextConstraint API.
- security: Enable seccomp in SecurityContextConstraints #9715
Extended builds (alpha)
- Extended builds #9813
Support for internal communication using Protobuf and general performance improvements
The Kubernetes and OpenShift APIs now support an alternate serialization format to JSON: Protobuf. Protobuf is a binary format that requires less CPU and memory to encode and decode and offers significant benefits when internal components of the cluster are interacting. Clients may request Protobuf responses by specifying an Accept
HTTP header with the value application/vnd.kubernetes.protobuf
.
$ curl -H "Accept: application/vnd.kubernetes.protobuf" https://localhost:8443/api/v1/pods | hexdump -C
By default, all cluster internal communication will use Protobuf, but it must be enabled via configuration. Instructions for upgrading are described here: openshift/openshift-ansible#2214.
The Protobuf format is considered internal-only at this point and is not recommended for widespread client use.
Other significant performance improvements occurred in this release, including a number of memory usage reductions in the API server and controllers.
Enhancements to the imagebuilder
library
The imagebuilder library for building squashed Dockerfiles has added a secret mount facility that allows builds to mount in secrets for the duration of the build that are not committed into the final Docker image. The --mount SRC:DST
flag is now supported on oc ex dockerbuild
and has the same behavior as docker run -v
. Mount secrets are only supported on Docker 1.10 or newer.
- Allow a mounted repository to be injected into yum #9947
In addition, the library has now been moved to its own GitHub repository at https://github.com/openshift/imagebuilder.
- Switch to using github.com/openshift/imagebuilder #10216
Service Serving Cert Signer (alpha)
If your service needs to serve TLS as TLS enabled, OpenShift can automatically generate and sign a serving certificate that is valid for your service's DNS name. The signing CA certificate is injected into pods, so any pod in the cluster can communicate with your service and confirm that it is properly secured. See openshift/openshift-docs#2324 for details.
Scoped tokens for service accounts that act as OAuth clients
If your service needs to confirm the identity of a user on the OpenShift platform and/or perform actions on their behalf, you can now leverage our OAuth server to request scoped tokens for a user. See https://docs.openshift.org/latest/architecture/additional_concepts/authentication.html#oauth for details.
Support for quota that spans multiple projects and performance improvements (alpha)
If you need to constrain the number of resources that particular user can create, but don't want to restrict individual projects, you can create a new ClusterResourceQuota resource that can select multiple projects based on a labels or annotations. See openshift/openshift-docs#2596 for details.
A number of other performance improvements have been made to quota for clusters with thousands of individual quotas.
- add oc create clusterquota #9588
- project clusterresourcequota into applicable namespaces #9609
- add a clusterquota reconciliation controller #9658
- add project annotation selectors to cluster quota #9757
- make clusterquota/status endpoint #9898
- UPSTREAM: 29133: use a separate queue for initial quota calculation #9915
- perf improvements
- UPSTREAM: 29134: Improve quota controller performance #9937
- cluster quota to namespace mapping controller #9558
- UPSTREAM: 28351: Add support for kubectl create quota command #10054
Allow template authors to provide a post-creation message to end users
Templates now have a message
field that will be displayed to users in the CLI or web console after creating an object from a template. The field will have the same parameterization rules applied as the objects in the template, so you can inject generated fields into a human readable message.
- Adding a field to templates to allow them to deliver a user message w… #9708
- Adding template instructional message to new-app output #9806
Split traffic between multiple backend services from a route
The HAProxy router now supports splitting the traffic coming to a route across multiple back end services via weighting. The web console has been updated to allow users to set the weighting and show balance between them.
The API field for balancing is spec.alternateBackends
on the route and can be an array of 0..3 services to spread traffic across. The weight of the normal backend (the spec.to
field) defaults to 100, and the combined value of all the weights sets the relative proportions of traffic.
- routes: Add A/B definitions to routes #9119
- router: Allow round-robin algorithm as a choice in passthrough/reencrypt #9710
- console: visualization of alternate backends and ability to add and edit multiple backends for a route.
Router enhancements to defend against DDOS attacks
The router has been hardened to provide more protection against DDOS attacks. Administrators can set configuration flags on the router to apply blanket policy on connections across all routes, as well as configure a few routes specifically.
- router: Implement basic DDOS protections in the HAProxy template router #9810
- router: Allow for configurable server side timeouts on routes #9671
- router: Allow rate-limits on the router to be defaulted #10125
Egress Firewalls for namespaces
A new resource EgressNetworkPolicy
has been added which controls how traffic exits a namespace. Administrators can use these as outbound firewalls when using the multi-tenant SDN network. Each rule can be an allow or deny rule, and targets a CIDR. Since policy can only be changed by administrators, you can update your out of the box project template to include a firewall policy that applies to individual namespaces, and then later change to be more permissive.
- Egress firewall support #9227 https://trello.com/c/iH5IjWI8/244-8-basic-egress-firewall
Enable Kerberos authentication in the CLI
oc login
now allows Kerberos authentication against a KDC as a supported authentication mode on Linux.
Web console improvements
- New primary and secondary navigation within a project
- Dedicated monitoring page to follows logs and metrics for your builds/deployments/pods all at once. Includes a collapsable Events sidebar. Includes improved metrics charts for deployments with individual lines per pod (up to 5 pods).
- New page that shows the details for an ImageStreamTag
- Added environment variable editing to the existing Environment tabs.
New supported versions for popular languages
PostgreSQL 9.5, Ruby 2.3, Python 3.5, NodeJS 4, MariaDB 10.1, MongoDB 3.2
- add new SCL version imagestreams #9610
- add nodejs 4 imagestream and bump templates to use latest imagestreams #9823
Generate man
pages for all CLI commands
Man pages have been created for all CLI commands and added to the RPM packaging that include the command help.
- Fix manpage directory structure #9612
- Fix manpage formatting for list items #9659
- Remove deprecated man pages #9694
CentOS PaaS Special Interest Group
OpenShift is involved in the CentOS PaaS SIG and work is ongoing to enable a fast moving build stream in their CI infrastructure. See the QuickStart guide for some initial steps.
- Add Dockerfiles.centos7 and job-id files for CentOS image building #9864
Other Features
- bootstrap:
oc cluster up
now starts the release corresponding to your binary #10022 - builds: Reduce the amount of output displayed by default in builds #9905
- builds: allow
git\_ssl\_no\_verify
env variable in build pods #9875 - cli: Allow multiple include and exclude patterns in
oc rsync
#10146 - cli:
oc new-project --skip-config-write
will not alter the user's config when creating a new project #10057 - cli: Include information about container volume mounts in
oc describe
for all pod based objects #9891 - cli: Display oc and kube server versions as part of oc version #9785
- cli: Display more information about environment variables using the downward API in 'oc env --list' #9718
- cli: Sort
oc projects
alphabetically #9675 - cli: Improve
oc projects
output #9590 - cli: Improve
oc status
output for all build types #9559 - dockercompose: Support the
env\_file
option when importing Docker compose files #9950 - frameworks: Add mirror env var option support for many of the framework images #9754
- images: Sort tags for image streams more consistently in the CLI #9606
- network: Allow CNI network plugins to be used as the node network plugin #9747
- newapp: Allow a template to be passed from STDIN via
oc new-app --template=-
#10149 - newapp: Support namespaced lookups for templates with
oc new-app --template=myns/mytemplate
#10026 - newapp: Allow multiline parameters to be defined on the CLI for templates #9942
- oauth: Control how OAuth grants are performed at a per-client granularity #9616
- server: Allow custom configuration to be passed to the scheduler for setting the default scheduler and failure domains #10064
Bugs
- authn: The node should use the new remote authentication endpoint #9808
- authn: Add debug logging to ldap search bind errors #9706
- authn: Don't fallback to cert when given invalid token #9617
- bootstrap: Support shared volumes for
oc cluster up
on Mac and Windows #10199 - bootstrap: Handle filesystem permissions correctly in
oc cluster up
#10137 - bootstrap: Fix
oc cluster up
for new Docker for Mac beta by using port forwarding #9809 - builds: Run all parallel builds when a serial build finishes #9969
- builds: Handle new "already pushed" messages returned by Docker registries #9966
- builds: When build configs are deleted, exit out earlier in controllers #9828
- builds: Retry failed attempts to create builds on the server more cleanly #9770
- builds: Better s2i and docker push image error messages #9705
- cli: Allow
oc get -w
to correctly watch resources that have not been changed in a long time #10213 - cli:
oc debug
should not return an error if one of the containers in a pod exits (while the others continue) #10175 - cli: Ensure errors that occur during cleanup of
oc debug
are shown #10140 - cli: Fix
oc
to not try to fetch OpenShift API objects when connecting to a Kubernetes server #10062 - cli: On older servers tolerate missing API discovery information #10058
- cli: Better errors on
oc login
when existing kubeconfig file is not writable #9968 - cli:
oc start-build
should allow-F
and-w
for--follow
and--wait
#9963 - cli: Start
oc rsync
daemon in the foreground to prevent zombie processes #9939 - cli:
oc annotate
should allow use of--resource-version
flag with single resource #9917 - cli: Add
--insecure-policy
foroc create route edge
#9890 - cli:
oc debug
should not have 15s timeout #9867 - cli: Enforce
--tty=false
flag for "oc debug" #9637 - cli: Update generic
oc get
error messages to be more explicit when no input #9735 - cli: Don't attempt to rewrite kubeconfig files the user doesn't have access to #9700
- cli: Fix
oc convert
examples #9695 - cli: Fix usage for
oc set probe
andoc debug
#9693 - cli: Reject build requests for binary builds if not providing binary inputs #9679
- cli: Better warning for users when the buildconfig is of type binary #9678
- cli: Ensure client can delete a buildconfig with no associated builds, eve… #9657
- cli: Limit the number of events and deployments displayed in deployment config describer #9633
- cli: Allow
--show-events=false
for build configs and deployment configs #9631 - cli: Note that
oc new-app --env
flag doesn't apply to templates #9583 - cli: Fix
oc set env --overwrite=false
with multiple resources #9552 - dockercompose: Be more careful about relative paths in docker-compose import #9816
- images: Use the new
dockerImageLayers
field of images to speed up pruning images #10012 - ipfailover: Prevent panics if an invalid IP range is passed to the failover image #10204
- metrics: Remove redundant labels in Prometheus metrics #10036
- newapp: Prevent invalid arguments for build type in
oc new-app
#9805 - newapp: Display a warning if Git not installed when creating applications or builds #10226
- newapp: Give applications created from templates an
app
label based on their template name #10192 - newapp: When Git is not available,
oc new-app
should treat directories as inputs for binary builds #10135 - node: Network plugins could report the wrong
podIP
to clients #10141 - node: Report an error if older versions of devicemapper are in use which could lead to data corruption #10227
- quota: Quota was not counting services with multiple nodeports properly #10089
- registry: Set reasonable default resource requests on the registry #9934
- server: Tolerate failures when initializing default cluster roles and policies #10099
- volumes: Ensure that persistent volumes with region and zone labels result in pods being properly scheduled for AWS / GCE #9822
Release SHA256 Checksums
497b48735ff0dfaa247ba9226c37624ca4d6fa48213a16eef9ce230ab10fc7c5 openshift-origin-client-tools-v1.3.0-alpha.3-7998ae4-linux-32bit.tar.gz
fd13badb78951dab9d468c81e16698ef7ac34218324d70e086110ead820e4be9 openshift-origin-client-tools-v1.3.0-alpha.3-7998ae4-linux-64bit.tar.gz
8daa8dfc0e319f8cf4c0c703c01728ee880755ae263a294ade0c2ef63cfcc35b openshift-origin-client-tools-v1.3.0-alpha.3-7998ae4-mac.zip
dbeaf7076d56428b14c6ae60370c391b0d1dd6fb08e42c9040ad9d480d461d8f openshift-origin-client-tools-v1.3.0-alpha.3-7998ae4-windows.zip
a0d23a48194f420265f0a426e438828baca2c657a2bdf55036ce74db5ce98e26 openshift-origin-server-v1.3.0-alpha.3-7998ae4-linux-64bit.tar.gz