Back to index

Download installer and client with:

oc adm release extract --tools quay.io/okd/scos-release:4.12.0-0.okd-scos-2023-02-14-060109

Team Approvals:

No tests for this release

---

Changes from 4.12.0-0.okd-scos-2022-12-02-083740

Created: 2023-02-14 10:29:38 +0000 UTC

Image Digest: sha256:968a5b06be2095ef337aaf4f5d951292875dd538b6e76d5cee826f3a6cd307d1

Release 4.12.0-0.okd-scos-2023-02-14-060109 was created from registry.ci.openshift.org/origin/release-scos:4.12.0-0.okd-scos-2023-02-14-060109

Components

• Kubernetes upgraded from 1.25.2 to 1.25.4
• CentOS Stream CoreOS upgraded from 412.9.202211241749-0 to 412.9.202302091303-0 (diff)

Rebuilt images without code change

• aws-cloud-controller-manager git 7fb891f4 sha256:50ea9a028607b3ddf1dddc830c8be18b52d002f157ee04a61e6eb18076ed4e6d
• centos-stream-coreos-9 sha256:d5eefa3fd604488fd5d0bb0a02c781641867eda582c679b760b62d4b07c40e21
• cluster-bootstrap git f22d1c60 sha256:871159555d4988b4dd8f53cb5b35e12d886c4658a5c542e45be94b1546afbf31
• gcp-cloud-controller-manager git 8d208a7f sha256:47462c9653c96e184ec3ceee9e627c8b4db93fe6ea1cb3f5c7c093269f0b903e
• ibm-cloud-controller-manager git e5f25fc6 sha256:f121d1a92998c17ea4b2fe4094257166646543db0af617498c86b4e3768f7e06
• ironic-machine-os-downloader git a580a447 sha256:09155bac04a5d52c90f4173881a6f2351654bc52ef7632a8e46088e1d96383ad
• machine-os-content sha256:d5eefa3fd604488fd5d0bb0a02c781641867eda582c679b760b62d4b07c40e21
• prometheus git c749fdb4 sha256:91e7d68b28aa00e209065604b2b9ac1400671d9102581e8b49b37726acd7b6e4
• vsphere-cloud-controller-manager git e993e31f sha256:add848b3f260994a7438af7bc2ca1fa7930efa48d75c5ff455fbc046b2dc72d6

agent-installer-api-server

• MGMT-13192: dualstack SNO cluster fails to complete - getting error In dual stack installation we should set dhcp,dhcp6 kargs in order to wait for ipv6 address when node comes after reboot (#4914) #4914
• MGMT-12863: Assisted Spoke install-config does not generate icsp with multiple mirror to entries (#4748) #4748
• MGMT-12635: Add icsp-file support for all oc commands (#4684) (#4700) #4684
• Full changelog

agent-installer-csr-approver, agent-installer-orchestrator

• Remove jira tickets prefix requirements (#595) #595
• Full changelog

alibaba-cloud-csi-driver

• Updating ose-alibaba-cloud-csi-driver images to be consistent with ART #17
• OCPBUGS-6493: UPSTREAM: 682: fix gofmt #22
• Full changelog

aws-ebs-csi-driver-operator

• OCPBUGS-4251: Add HyperShift specific priorityClass #170
• OCPBUGS-4527: hypershift: use correct kubeconfig secret #171
• Full changelog

baremetal-installer, installer, installer-artifacts

• OCPBUGS-6807: Check platform baremetal settings against default values #6815
• OCPBUGS-7103: Set the configured proxy settings for agent installer #6830
• OCPBUGS-7131: bootstrap: set 0644 mode for registries.conf #6804
• OCPBUGS-5960: bump RHCOS 4.12 bootimage metadata #6791
• OCPBUGS-5996: vsphere: set default resource pool when missing failure domain topology #6781
• OCPBUGS-5667: CVE-2021-4238: goutils: update for randomness fix #6764
• OCPBUGS-5782: CVE-2021-4235: Denial of Service in go-yaml #6769
• OCPBUGS-6052: validate additional confidential VM types #6785
• OCPBUGS-4895: Set ip=dhcp,dhcp6 for master nodes on dualstack #6706
• OCPBUGS-6015: fail to create install-config.yaml as apiVIP and ingress VIP are not in machine networks #6783
• OCPBUGS-5844: Update FCOS to latest 37.20221127.3.0 stable #6773
• OCPBUGS-5764: Expose Azure useImageGallery parameter in the MachineSets() call #6753
• OCPBUGS-4460: hold bootkube service until bootstrap has pivoted #6661
• OCPBUGS-5513: Update Azure SDK to v63.1.0+incompatible [release-4.12] #6751
• OCPBUGS-4649: Report agent installation problems on the console #6680
• OCPBUGS-5455: Remove order dependency for agent CLI string #6748
• OCPBUGS-4962: Improve error reporting from agent wait-for install-complete #6742
• OCPBUGS-4886: Switch back to gp2 ebs volume type for bootstrap instance #6705
• OCPBUGS-5190: baremetal: Extra time for provisioning interface #6732
• OCPBUGS-4943: Wait longer for VM to obtain IP from DHCP in PowerVS #6709
• OCPBUGS-3899: [Alibaba] fix the creation of public record #6605
• OCPBUGS-4962: Wait longer for baremetal #6713
• OCPBUGS-5035: ose-installer-container: vault: insufficient certificate revocation list checking #6722
• OCPBUGS-4869: aws: destroy: delete ELB listeners #6702
• OCPBUGS-5019: OpenStack: Force JSON content-type in Swift object listing #6718
• OCPBUGS-2997: bump RHCOS 4.12 bootimage metadata #6704
• OCPBUGS-3890: IBMCloud: Confirm Zones and BYON Subnets #6603
• OCPBUGS-3639: Azure: Set appropriate architecture for gen v1 image #6588
• OCPBUGS-4698: Check nmstateconfig content in agent-config.yaml #6687
• OCPBUGS-4547: out-of-bounds read in golang.org/x/text/language leads to DoS #6650
• OCPBUGS-4660: Fix missing debug messages when getting baseISO #6682
• Alibaba: add the tags of the machine nodes #6667
• image: Updating installer images to be consistent with ART #6658
• OCPBUGS-4506: Enable CVO unmanage overrides in bootstrap-in-place installations #6664
• OCPBUGS-4457: Fix return value from execute() #6659
• OCPBUGS-4342: data: azurerm: restore RHCOS SA access configuration #6645
• Full changelog

baremetal-runtimecfg

• OCPBUGS-5743: If primary ip address was already created no need to choose new ip #214
• Full changelog

cli, cli-artifacts, deployer, tools

• OCPBUGS-6600: Fix kube version from 1.24.1 to 1.25.2 #1327
• Full changelog

cloud-network-config-controller

• Bug OCPBUGS-5156: Add ApplicationSecurityGroups to InterfaceIPConfiguration #92
• OCPBUGS-4783: OpenStack: Support multi AZ environments #88
• OCPBUGS-4784: OpenStack: Only return egressIPConfiguration for first InternalIP #89
• Full changelog

cluster-authentication-operator

• OCPBUGS-3841: update apf configuration to use v1beta2 #591
• Full changelog

cluster-baremetal-operator

• OCPBUGS-5072: delete ironic-proxy/image-cache when not needed #317
• OCPBUGS-4696: Do not fail the reconciler when no master Machines exist #314
• Full changelog

cluster-capi-controllers

• OCPCLOUD-2742: Merge https://github.com/kubernetes-sigs/cluster-api:v1.8.4 into master #225
• OCPCLOUD-2703: OWNERS: update subcomponent #223
• OCPBUGS-39516: Updating ose-cluster-api-container image to be consistent with ART for 4.18 #222
• NO-JIRA: Update OWNERS #211
• OCPCLOUD-2625: Merge https://github.com/kubernetes-sigs/cluster-api:v1.7.2 (a5898a2) into master #210
• OCPBUGS-34133: Updating ose-cluster-api-container image to be consistent with ART for 4.17 #208
• OCPBUGS-33170: All containers must fallback to logs on error #207
• OCPBUGS-30480: Merge https://github.com/kubernetes-sigs/cluster-api:v1.6.4 (36c0e55) into master #203
• NO-JIRA: Merge https://github.com/kubernetes-sigs/cluster-api:v1.6.2 (da795db) into master #199
• OCPBUGS-30586: fix e2e tests on release branches #200
• OCPCLOUD-2517: openshift: promote core CAPI IPAM CRDs to GA #197
• OCPBUGS-29519: openshift: add CustomNoUpgrade annotation value to feature-set #196
• OCPBUGS-29476: openshift: generate separate manifest for core CAPI CRDs #195
• OCPBUGS-26111: add snyk file #194
• OCPCLOUD-2449: Merge https://github.com/kubernetes-sigs/cluster-api:v1.6.0 (14efefe) into master #192
• NO-JIRA: e2e: add openstack testing script #193
• OCPBUGS-25586: Updating ose-cluster-api-container image to be consistent with ART #191
• OCPBUGS-25000: Updating ose-cluster-api-container image to be consistent with ART #190
• OCPCLOUD-2255: Update manifests-gen tool #189
• OCPCLOUD-2257: Use manifests generation tool from provider repo #179
• Update OWNERS #183
• OCPBUGS-21645: Bump golang.org/x/net to v0.17.0 #182
• OCPBUGS-17286, OCPCLOUD-2222: Merge https://github.com/kubernetes-sigs/cluster-api:v1.5.2 (3290c5a) into master #181
• OCPBUGS-19109: Updating ose-cluster-api images to be consistent with ART #180
• OCPBUGS-6354, OCPBUGS-6372: Merge https://github.com/kubernetes-sigs/cluster-api:v1.4.2 (7b92ce4) into master #175
• Make openshift/e2e-tests.sh executable #178
• OCPCLOUD-2121: Add openshift/e2e-tests for CAPI E2E testing #177
• Updating ose-cluster-api images to be consistent with ART #174
• Updating ose-cluster-api images to be consistent with ART #170
• Add enxebre approvers #171
• Merge https://github.com/kubernetes-sigs/cluster-api:release-1.3 (eb18352) into master #167
• Sync OWNERS file #168
• Updating ose-cluster-api images to be consistent with ART #165
• Merge https://github.com/kubernetes-sigs/cluster-api:main into master #163
• UPSTREAM: <carry>: bump build root image to golang-1.19 #164
• Full changelog

cluster-capi-operator

• Bug 2116686: OCPBUGS-5155: Add provider webhook #96
• Full changelog

cluster-cloud-controller-manager-operator

• OCPBUGS-5142: Try to limit groups for the REST mapper discovery #212
• Full changelog

cluster-config-operator

• OCPBUGS-4544: Revert “Increase verbosity level to track probe timeouts” #275
• Full changelog

cluster-control-plane-machine-set-operator

• OCPBUGS-5820: Deduplicate Failure Domains for the CPMS #160
• Backport e2e/integration testing #161
• golangci-lint: fix header year linting #163
• OCPBUGS-5401: Reverts “Reverts “Add logic to handle extra updated machines in a single index + minor fixes”” #158
• OCPBUGS-4847: Fix stale cache issue on createMachine #151
• Full changelog

cluster-csi-snapshot-controller-operator

• OCPBUGS-4526: hypershift: use correct kubeconfig secret for csi-snapshot-controller #138
• OCPBUGS-4251: Add HyperShift specific priorityClass #135
• Full changelog

cluster-etcd-operator

• OCPBUGS-6898: updating library-go for CVE-2022-41717 #998
• OCPBUGS-5762: should not scale-down when all members are healthy #984
• OCPBUGS-4743: only allow TLS1.²⁄₁.3 ciphersuites in etcd and CEO #971
• OCPBUGS-3841: update apf configuration to use v1beta2 #965
• Full changelog

cluster-image-registry-operator

• MULTIARCH-5164: Update powervs-utils regions to include us-south and tor #1157
• IR-490: manifests: add pvc related alerts to prometheus rules #1147
• HOSTEDCP-1994: Add filewatcher for Azure client certificate authentication #1155
• HOSTEDCP-2019: Use Client Cert Auth for ARO HCP deployments #1131
• OCPBUGS-43508: fix proxy config and leader election test flakes #1140
• OCPBUGS-38667: pkg/operator: wait for image registry config object cache sync #1138
• OCPBUGS-42732: pkg/storage/azure: also check for auth failure error code on deletion #1129
• CFE-1129: Added AWS TAGS reconciliation #1121
• OCPBUGS-42514: azureclient: stop validating credentials when creating the client #1127
• OCPBUGS-42196: pkg/storage/azure: use cluster-api tag key to discover vnet #1120
• OCPBUGS-42106: Continuous pull-secret updates / slow initialization on build01 (test platform infrastructure) #1122
• OCPBUGS-42004: Set the Managed Identity client ID #1116
• OCPBUGS-39485: Updating ose-cluster-image-registry-operator-container image to be consistent with ART for 4.18 #1113
• OCPBUGS-37543: Avoid Shared Access Key usage for Azure Storage Account when using Managed Identity based auth #1095
• MULTIARCH-4971: Sync ImageStreamImportMode setting in the image config status #1090
• OCPBUGS-38842: pkg/resource: invoke update-ca-trust extract with –output #1096
• OCPBUGS-37543: Revert “Merge pull request #1087 from rajdeepc2792/rajdeepc2792/ARO-9391” #1093
• ARO-9391, OCPBUGS-37543: Avoid Shared Access Key usage for Azure Storage Account when using Managed Identity based auth #1087
• OCPBUGS-38287: bump gophercloud to latest v2 #1086
• IR-467: Enable MSI override for ARO HCP #1082
• SPLAT-1721: Remove alibaba #1077
• IR-471: Removing featuregate for chunkSizeMiB config #1073
• Revert “IR-467: Enable Azure MSI authentication” #1079
• IR-467: Enable Azure MSI authentication #1020
• OCPBUGS-37207: Power VS: Check endpoints against lower case strings #1076
• IR-471: Adding additional validation #1074
• OCPBUGS-36038: go.*,vendor: bump go-retryablehttp #1063
• IR-477: pkg/operator: deactivate azure path fix job #1061
• IR-471: Exposing chunksize variable to utilize docker registry config #1060
• OCPBUGS-34107: Updating ose-cluster-image-registry-operator-container image to be consistent with ART for 4.17 #1045
• OCPBUGS-34399: Update rbac for featuregate #1056
• OCPBUGS-33453: add SAR capability to image-registry #1046
• CFE-962: Refactor code to mock GCP tag service for UTs #1027
• OCPBUGS-34399: Revert “Merge pull request #1026 from deepsm007/expose-chunksize” #1052
• OCPBUGS-34399: Exposing chunksize variable to utilize docker registry config #1026
• OCPBUGS-34107: Updating ose-cluster-image-registry-operator-container image to be consistent with ART for 4.17 #1040
• OCPBUGS-32710: pkg/storage/s3: use force path style in favour of virtual hosted style config #1028
• OCPBUGS-33149: azure-path-fix: get client secret from k8s secret #1029
• OCPBUGS-33868: Bump openshift api, client-go & library-go #1036
• OCPBUGS-33172: azurepathfix: check if platform status is nil before accessing it #1030
• OCPBUGS-32491: Power VS: Add support for Power VS endpoint overrides #1024
• OCPBUGS-29559: Apply hypershift cluster-profile for ibm-cloud-managed #999
• OCPBUGS-32328: azure-path-fix: support auth via account key (without clientID) #1021
• OCPBUGS-30484: bump indirect google protobuf dependency #1015
• NO-JIRA: remove bparees from owners #1019
• OCPBUGS-29233: bump aws-sdk-go from v1.44 to v1.50 #1012
• AUTH-482: set required-scc for openshift workloads #1008
• NO-JIRA: bump golangci-lint to v1.56.2 #1013
• OCPBUGS-29932: cmd/move-blobs: log and exit 1 on error instead of panic #1006
• OCPBUGS-29637: azurepathfix: fix stack hub, government and workload identity setup #1003
• OCPBUGS-29003: move azure storage blobs from docker back into /docker #998
• NO-JIRA: Add hack/local-dev.sh #996
• OCPBUGS-28225: pkg/storage/s3: enable bucket key on encryption settings #993
• OCPBUGS-28230: add FallbackToLogsOnError for easier debugging #992
• NO-JIRA: build(deps): bump golang.org/x/oauth2 from 0.8.0 to 0.16.0 #989
• OCPBUGS-26767: MULTIARCH-4074: PowerVS: update supported regions #987
• IR-409: build(deps): bump github.com/IBM/platform-services-go-sdk from 0.18.15 to 0.55.0 #974
• OCPBUGS-24997: Updating ose-cluster-image-registry-operator-container image to be consistent with ART #979
• IR-410: build(deps): bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1263 to 1.62.637 #980
• OCPBUGS-11624: manifests/02-rbac.yaml: stop using wild cards #964
• OCPBUGS-24649: add private endpoint permissions to Azure credentials request #971
• OCPBUGS-24997: Updating ose-cluster-image-registry-operator-container image to be consistent with ART #975
• IR-412: IBMCloud: Add support for endpoint overrides #955
• CCO-248: Revert “Merge pull request #965 from jstuever/TRT-1368” #967
• OCPVE-790: annotate credentials request manifests #959
• OCPBUGS-24161: Updating ose-cluster-image-registry-operator-container image to be consistent with ART #966
• TRT-1368: Revert “Merge pull request #935 from flavianmissi/CCO-248” #965
• IR-366, IR-367, IR-411: allow users to configure private storage accounts in Azure #930
• IR-408: request individual permissions for gcs #935
• OCPBUGS-2889: accept user/pass OR application credentials on Swift UPI secret #924
• IR-406, OCPBUGS-21853: bump k8s and openshift packages #936
• OCPBUGS-21853: disable http2 for metrics endpoint #938
• OCPBUGS-18969: move pruner role creation from openshift-apiserver #925
• OCPBUGS-19262: Updating ose-cluster-image-registry-operator images to be consistent with ART #918
• OCPBUGS-18469: increase storage account key cache expiration #912
• OCPBUGS-17060: use Recreate on operator deployment #908
• OCPBUGS-18103: check if response is nil before using it #909
• OCPVE-632: add capability annotations to manifests #856
• OCPBUGS-17882: Add rbac permission IDMS, ITMS #891
• TRT-1193: Revert “IR-373: remove node-ca daemon” #899
• CFE-846: Add user defined tags to the GCP buckets created #873
• IR-373: remove node-ca daemon #867
• build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.4 #877
• build(deps): bump the k8s-dependencies group with 1 update #895
• IR-363: Update Azure Credentials Request manifest of the Cluster Image Registry Operator to use new API field for requesting permissions #890
• build(deps): bump github.com/prometheus/common from 0.37.0 to 0.44.0 #878
• CFE-682: Add user defined labels to the GCP buckets created #872
• CFE-682: Update openshift/api package to latest version #887
• IR-390: Make a configmap for MCO to consume CAs #880
• build(deps): bump github.com/aws/aws-sdk-go from 1.44.291 to 1.44.298 #879
• build(deps): bump golang.org/x/net from 0.8.0 to 0.11.0 #871
• build(deps): bump github.com/aliyun/aliyun-oss-go-sdk from 2.1.10+incompatible to 2.2.7+incompatible #869
• .github/dependabot.yml: group certain dependencies #865
• IR-389: bump aws-sdk-go #860
• .github: configure dependabot #861
• IR-369, IR-370: support Azure workload identity #857
• OCPBUGS-12132: Updating ose-cluster-image-registry-operator images to be consistent with ART #854
• Updating ose-cluster-image-registry-operator images to be consistent with ART #849
• OCPBUGS-8224: fix storage selection on IBM cloud #847
• OCPBUGS-6797: Add nil validation for IBM Cloud and Power VS infrastructure status in ibmcos #845
• MULTIARCH-3212: Use IBM COS as storage backend for PowerVS #843
• OCPBUGS-6621: bump aws-sdk-go #844
• Add UserTags while creating Azure Storage Account #829
• IR-341: bump openshift/api #828
• IR-270: allow registry to create image objects #823
• OCPBUGS-6175: OpenStack: Add support for Proxy #833
• IR-308: Add support for External platform #825
• OCPBUGS-4090: swift: Retry connecting to OpenStack #819
• IR-311: storage: azure: use azidentity with an adapter #807
• Bug 2065166: Remove roles/iam.serviceAccountUser role #824
• Updating ose-cluster-image-registry-operator images to be consistent with ART #821
• IR-314: Bump dependencies #816
• Add config for golangci-lint and fix errors #820
• hack/test-go.sh: generate coverage reports #818
• OCPBUGS-3974: check for nil pointer before dereferencing #814
• Bug 2066388: Add example for s3.regionEndpoint #815
• OCPBUGS-2941: Bump gophercloud #808
• add myself to OWNERS #809
• Full changelog

cluster-ingress-operator

• OSASINFRA-3642: openstack: support setting external LB floating IP #1147
• HOSTEDCP-2031: Use Client Certificate Authentication for ARO HCP deployments #1151
• OCPBUGS-43412: Bump to k8s.io v0.31.1 (and deps) #1156
• NE-1716: Bump Gateway API to v1.0.0 and OSSM to v2.6 #1163
• CFE-1134: Watch infrastructure and update AWS tags #1148
• OCPBUGS-43033: e2e/ingress_dns: support both private & public #1153
• OCPBUGS-37932: Always log AWS service endpoints #1137
• OCPBUGS-36340: Retry IngressController and Route updates in E2E tests #1116
• OCPBUGS-42004: Set the MI client ID for the ARO HCP override #1144
• AUTH-482: set required-scc for openshift workloads #1031
• OCPBUGS-36044: Bump IBM/go-sdk-core to v5.17.4 #1120
• OCPBUGS-41527: Add tolerations to survive scheduler taint manager e2e tests on workers #1143
• OCPBUGS-41112: Updating ose-cluster-ingress-operator-container image to be consistent with ART for 4.18 #1140
• OCPBUGS-39151: Add Missing Scope Change Instructions #1135
• OCPBUGS-38871: ingress: deployment: explicitly set DeploymentStrategy in SingleReplica case #1134
• OCPBUGS-37491: Ingress operator status not degraded when canary route fails #1125
• OCPBUGS-38217: Clear LB Status Parameters on LB Type Change #1126
• OCPBUGS-34418: Allow router pods to use the “restricted” SCC #1064
• OCPBUGS-38441: Resolve DNS Resolution CI Flakes in Subnets and EIP E2E #1127
• OCPBUGS-38079: Bump controller-runtime to v0.18.4 #1122
• NE-1798: API bump for promotion of eipAllocation from feature gates to GA. #1118
• NE-1688: Enable Azure MSI authentication for ARO HCP #1119
• NE-1674: Add LB EIP Allocation for AWS #1109
• NE-1531: Fix Initialization of NLB Status Parameters #1114
• NE-1531: AWS Subnet Selection #1046
• NE-1273: Add a watch to the ingress operator so it will recreate the gwapi crds #1106
• OCPBUGS-37627: Fix getRouteHost error handling #1110
• NE-1208: Gateway API E2E Testing #1023
• OCPBUGS-31664: Fix SyncLoadBalancerFailed status message of IngressController #1102
• OCPBUGS-36465: Delete and recreate canary route to clear spec.host #1095
• OCPBUGS-34413: Refine logging for accurate infra CR status updates #1103
• OCPBUGS-35342: Add e2e test for connect timeout #1084
• NO-JIRA: Add grzpiotrowski to OWNERS #1090
• NO-JIRA: addowner-Thealisyed #1091
• OCPBUGS-35356: Retry IngressController updates in router status E2E #1085
• OCPBUGS-9037: Change Canary to use passthrough route #978
• OCPBUGS-35368: Add Regexp Anchor to TestAll #1087
• OCPBUGS-23221: internalServiceChanged: Fix target port logic #1052
• OCPBUGS-34262: Updating ose-cluster-ingress-operator-container image to be consistent with ART for 4.17 #1067
• NE-1400: Bump to OSSM 2.5 and Gateway API v0.6.2 CRDs #1018
• OCPBUGS-33792: Bump openshift/library-go to resolve NewPrometheusClient E2E failures #1054
• OCPBUGS-32887: Allow operator to update Route spec.subdomain #1047
• OCPBUGS-32942: Bump controller-runtime to v0.17.3 #1050
• OCPBUGS-28673: implement connect timeout tuning option #1035
• NE-1317: manifests - add ingress capability annotation #950
• OCPBUGS-32371: Bump openshift/api, and update CRD generation #1045
• OCPBUGS-25193: Add vnet subnet read and join permission for azure #1029
• OCPBUGS-30834: Update to go 1.21 #1040
• OCPBUGS-31722: Use centos7 tag for quay.io/centos7/httpd-24-centos7 image #1037
• OCPBUGS-3522: Include recent errors in canary checks fail #865
• OCPBUGS-30091: TestHostNetworkPortBinding: Delete t.Parallel() #1032
• CFE-987: Use RouterExternalCertificate feature gate for adding ROUTER_ENABLE_EXTERNAL_CERTIFICATE env var to the router pods #1017
• CORS-2317: Add Ingress LB IPs to Infra CR and set DNS unmanaged when BYO DNS is enabled #1016
• OCPBUGS-28596: Updating ose-cluster-ingress-operator-container image to be consistent with ART for 4.16 #1020
• OCPBUGS-28230: add FallbackToLogsOnError for easier debugging #1019
• NE-1490: update to go v1.20 #1012
• OCPBUGS-15253: Include namespace in prometheus alerts IngressWithoutClassName and UnmanagedRoutes #980
• CCO-249: Replace GCP role with explicit permissions #844
• OCPBUGS-25006: Updating ose-cluster-ingress-operator-container image to be consistent with ART #1006
• OCPBUGS-24531: Revert “ OCPBUGS-24531 Skip CI for scope change until OCPBUGS-24044 is resolved” #1011
• OCPBUGS-24531: Revert “Merge pull request #1007 from candita/OCPBUGS-24531-SkipScopeChangeTest” and add changes to skip test only for Azure and GCP #1008
• OCPBUGS-24531: Skip CI for scope change until OCPBUGS-24044 is resolved #1007
• OCPVE-780: annotate credentials request manifests #995
• OCPBUGS-23742: Bump controller-runtime to v0.16.3 #1001
• NE-1402: Add service endpoint override capability to IBM DNS provider #990
• OCPBUGS-16762: Revert “OCPBUGS-16762: Bump openshift/api for container.maxLength fix” #982
• OCPBUGS-14994: Don’t add clientca-configmap finalizer if deleting #948
• OCPBUGS-22020: Bump golang.org/x/net for CVE-2023-44487 #985
• OCPBUGS-21803: test/e2e: Add test case for 2000000 maxConnections #983
• OCPBUGS-20192: Require non-readonly filesystem in router container #981
• OCPBUGS-16762: Bump openshift/api for container.maxLength fix #979
• OCPBUGS-3541: Don’t create route metrics for ingress controllers that are not admitted #869
• OCPBUGS-18248: Prevent GatewayClass from getting recreated #975
• OCPBUGS-19268: Updating ose-cluster-ingress-operator images to be consistent with ART #977
• OCPBUGS-15900: TestMTLSWithCRLs: only try to parse HTTP status code from curl output when stdout is long enough. #973
• OCPBUGS-3356: E2E test for cookie length truncation #871
• OCPBUGS-15978: Check public DNS zone when reporting status #967
• OCPBUGS-17359: test/e2e: Don’t use openshift/origin-node #970
• NE-1140, NE-1145: Set/delete HTTP request/response headers via IngressController API #872
• OCPBUGS-16089: Set spec.subdomain on the canary route #965
• OCPBUGS-14995: desiredRouterDeployment: Set HostPort if needed #947
• OCPBUGS-10875: gateway-service-dns: Set DNS policy appropriately #934
• NE-1244: Use permissions instead of the “Contributor” role in Azure CredentialsRequest #929
• OCPBUGS-12790: README: Fix Bugzilla link #968
• RFE-3007: Expose option-contstats as an unsupported option #887
• NE-1189: Refactor Test_desiredLoadBalancerService #886
• NE-1187: Use t.Run for table-driven tests #884
• NE-1183: Rename unit tests for specific functions #880
• NE-1269: Replace bindata using embed #905
• RFE-3765: Allow Ingress to Modify the HAProxy Log Length when using a Sidecar #900
• OCPBUGS-9274: canary: Tolerate infra node NoExecute taint #932
• OCPBUGS-7546: Allow only 1 disruption with 3 replicas #931
• OCPBUGS-15100: Fix previous attempt of adding a missing trailing dot to hostname #956
• OCPBUGS-14396: Set controller-runtime logger to a null logger for E2E #946
• OCPBUGS-14998: Only use RoleARN for Route53 API #951
• OCPBUGS-15100: Create valid DNS names for Gateway API on GCP #949
• OCPBUGS-13106: Add ingress controller status logging on waitForIngressControllerCondition #924
• OCPBUGS-13190: Avoid spurious updates for internalTrafficPolicy #927
• OCPBUGS-13810: Update TestAWSELBConnectionIdleTimeout to not use wildcard DNS record #944
• NE-1294: Add support for AWS shared VPC in another account #928
• CCO-318: Enable Azure Workload Identity authentication. #906
• OCPBUGS-6661, OCPBUGS-9464: Move mTLS CRL handling into the router, and fix accidental duplication of CRLs #939
• OCPBUGS-13963: Bump vendors k8s libraries to 0.27.2 #936
• Revert “OCPBUGS-6661, OCPBUGS-9464: Move mTLS CRL handling into the router, and fix accidental duplication of CRLs” #938
• OCPBUGS-6661, OCPBUGS-9464: Move mTLS CRL handling into the router, and fix accidental duplication of CRLs #930
• OCPBUGS-5478: add UBI based Dockerfile #925
• CCO-318: Read feature gates for future usage #908
• OCPBUGS-12913: Deflake TestRouterCompressionOperation #920
• OCPBUGS-6784: bump controller-runtime to fix the multi namespace cache indexing #913
• OCPBUGS-12579: Address CVE-2022-41723 #915
• OCPBUGS-12790: Replace Bugzilla link with Red Hat Issue Tracker #916
• OCPBUGS-10714: gatewayclass: Update for OSSM 2.4 API change #901
• OCPBUGS-10189: Updating ose-cluster-ingress-operator images to be consistent with ART #898
• OCPBUGS-10846: Fix TestClientTLS flakes #904
• NE-1184: Test_desiredHttpErrorCodeConfigMap: Kill dead code and fix format #881
• OCPBUGS-4054: configurable-route: Don’t use NewKindWithCache #860
• NE-1186: Test_getRR: Fix typo: “excepted” → “expected” #883
• CORS-2467: dns: azure: use azidentity with an adapter #846
• NE-1105: Add support for Gateway API #890
• OCPBUGS-7424: Bump vendored k8s libraries to 1.26.1 #888
• CFE-679: Add user defined tags to the created DNS resources #874
• OCPBUGS-6247: Updating ose-cluster-ingress-operator images to be consistent with ART #862
• CORS-2072: GCP - Parse Zone ID with a project ID embedded #855
• NE-1092: Add proxy protocol support for IBMCloud loadbalancers #812
• OCPBUGS-6384: Address CVE-2022-41717 #876
• OCPBUGS-4827: Add missing AWS permission for ListTagsForResources #868
• OCPBUGS-6701: Avoid spurious updates for scope in IngressClass #879
• OCPBUGS-6698: Fix conflict error message in ensureNodePortService #877
• OCPBUGS-6700: updateIngressClass: Fix log message #878
• NE-1124: Add support for External platform to CIO #873
• OCPBUGS-4573: Target metrics port by name in internal service #864
• OCPBUGS-434: Absorb PodsScheduled condition into MinAvailable #854
• OCPBUGS-4759: Do not manage DNS for an ingresscontroller with domain mismatch in GCP #866
• OCPBUGS-4703: Replace liveness-grace-period-seconds annotation #863
• OCPBUGS-3404: Bump openshift/api for matchExpressions doc fix #856
• OPNET-133: Support remote worker #858
• OCPBUGS-1725: Ingress controller should not have affinity policy in single-replica clusters #810
• OCPBUGS-1807: Fix bad handleSingleNode4Dot11Upgrade log message #808
• Full changelog

cluster-kube-apiserver-operator

• API-1835: migrate static pod fallback to ssa #1765
• API-1835: migrate startup monitor conditon to ssa #1764
• STOR-2078: Enable VolumesAttributesClass API in kube-apiserver #1761
• API-1835: migrate the installer controller to SSA #1756
• NO-JIRA: Update “deprecated API in use” alert expressions for 1.31. #1750
• OCPBUGS-42083: Don’t rollout revision until three etcd endpoints are listed #1743
• WRKLDS-1449: bump(k8s): update k8s.io/* dependencies to v1.31.1 #1722
• API-1835: update to use the latest revision controller #1747
• API-1835: operator client update #1737
• WRKLDS-1449: cleanup flag validation after they have been added to the installer #1736
• NO-JIRA: Re-apply “certrotationcontroller: set AutoRegenerateAfterOfflineExpiry for generated certificates” #1665
• create CRDs from openshift/api #1735
• OCPBUGS-41778: increase kube-apiserver failureThreshold #1732
• OCPBUGS-41173: Updating ose-cluster-kube-apiserver-operator-container image to be consistent with ART for 4.18 #1730
• NO-JIRA: Bump library-go to add audit logs about events #1723
• OCPBUGS-41257: introduce –operand-kubernetes-version flag and resolve API group versions accordingly #1731
• OCPBUGS-38335: Bump library-go #1721
• NO-JIRA: nodekubeconfigcontroller: set ownership component for node kubeconfigs #1704
• AUTH-521: add disabled syncer as reason to CFE for PSA #1686
• NO-JIRA: update library-go #1703
• OCPEDGE-1102: Revert high cpu usage alert description #1680
• OCPEDGE-902: add SNO control plane high cpu usage alert #1676
• OCPBUGS-34782: manifests: add ownership annotation for kubelet-bootstrap-kubeconfig #1694
• OCPBUGS-34544: Disable PersistentVolumeLabel admission plugin #1693
• OCPBUGS-34800: Update APIRemovedInNextReleaseInUse for kube 1.30 / ocp 4.17 #1697
• OCPBUGS-33963: Create one-shot migrations for the flowcontrol group. #1689
• API-1783: bump(k8s): update k8s version to v1.30.0 #1666
• OCPBUGS-33522: add a controller that reconciles SCCs’ volumes #1675
• NO-ISSUE: Revert “add SNO control plane high cpu usage alert” #1674
• OCPBUGS-33184: Fix incorrect name for hostmount-anyuid SCC ClusterRole #1671
• OCPEDGE-902: add SNO control plane high cpu usage alert #1660
• WRKLDS-1015: tolerate node-role.kubernetes.io/control-plane:NoExecute #1664
• OCPBUGS-22969: Use v1 for flowcontrol API #1577
• OCPBUGS-31384: use RotatedSigningCASecret controller in update only mode #1659
• NO-ISSUE: Revert “certrotationcontroller: set AutoRegenerateAfterOfflineExpiry for generated certificates #1661
• NO-JIRA: certrotationcontroller: set AutoRegenerateAfterOfflineExpiry #1652
• OCPBUGS-30119: certrotation: Bump library-go to latest master #1651
• OCPCLOUD-2514: External CCM should no longer rely on feature gate access #1649
• OCPBUGS-25894: operator: stop removing kube-apiserver-slos asset #1642
• NO-JIRA: extend node-system-admin-client validity to 2 years #1618
• OBSDA-553: add provider name to cluster_infrastructure_provider when external platform #1638
• AUTH-481: Add PSa labels to openshift-kube-apiserver-operator namespace #1637
• OCPBUGS-27842: Add sno section to alert description #1633
• NO-JIRA: Add Vu and Vadim to OWNERS #1634
• OCPBUGS-24005: when skipping a webhook check because of missing CA log the name of the webhook #1632
• NO-JIRA: Add ownership for the admin kubeconfig #1584
• OCPBUGS-18939: manifest: drop slo latency metrics in favor of sli #1546
• NO-ISSUE: prevent update status conflicts #1621
• OCPBUGS-21846: sync(library-go): revision_controller: update last revision only when a revision is completely rendered #1619
• OCPBUGS-14496: manifests: fix the scope of the TechPreviewNoUpgrade alert #1512
• OCPBUGS-24907: Updating ose-cluster-kube-apiserver-operator-container image to be consistent with ART #1606
• OCPNODE-1892: Rebase 1.29.0 #1608
• OCPBUGS-24005: webhookcontroller: report when a webhook resource is missing a caBundle provided by the service-ca-operator #1587
• TRT-1420: revert #1586 #1596 #1607
• OCPNODE-1890: Bump k8s api to v0.29.0 #1586
• OCPNODE-1892: Set flag to skip setting cloud-provider=external #1596
• OCPBUGS-24701: ignore vendor folder in SAST scan #1599
• AUTH-442: psa cluster fleet evaluation #1588
• OCPBUGS-24213: Annotate managed certs #1568
• OCPBUGS-23796: use AlwaysAllow UnhealthyPodEvictionPolicy option #1579
• OCPBUGS-21836: use external load balancer url for jwks-uri #1578
• manifests: set owning component for TLS artifacts #1583
• OCPBUGS-19160: Updating ose-cluster-kube-apiserver-operator images to be consistent with ART #1550
• OCPBUGS-20331: manifests/0000_90_kube-apiserver-operator_04_servicemonitor-apiserver: Rename to kube-apiserver-performance-recording-rules #1566
• OCPBUGS-20331: manifests: rename API performance dashboard #1565
• OCPBUGS-21729: bump library-go to include switch to HTTP/1.1 #1567
• Update required GV for ValidatingAdmissionPolicy gate. #1561
• Update “deprecated API in use” alert expressions for 1.28. #1562
• bump(openshift/client-go,library-go) #1560
• OCPBUGS-16794: installerpod: change pod manifest mode to 0600 #1557
• OCPBUGS-19024: remove featuregate upgradeable controller that moved to cluster-config-operator #1547
• OCPBUGS-18247: manifests: don’t include recording rules when Console capability is not enabled #1542
• OCPBUGS-15504: manifest: remove kube-apiserver PrometheusRule #1543
• Bump openshift/* libs #1549
• Update to Kubernetes 1.28.2 #1548
• STOR-1425: Update to Kubernetes 1.28.1 #1534
• OCPBUGS-17436: Unrevert 1536 and 1538. #1541
• Reverts DynamicResourceAllocation enablement on techpreview #1540
• OCPBUGS-17436: Enable DynamicResourceAllocation API in kube-apiserver #1538
• Set runtime-config in lockstep with feature-gates, if needed. #1536
• bump(api) #1535
• OCPBUGS-16511: bump(*): vendor update #1529
• OCPBUGS-16511: remove dependency on typed prometheus client #1527
• OCPBUGS-13635: make webhook connection failure a warning in log #1526
• OCPBUGS-15489: manifests: add new PrometheusRule for recording rules #1521
• certrotation: rotate kube-apiserver-to-kubelet-signer when 80% of validity is over #1523
• OCPBUGS-13946: do not use one second timeout when asserting a webhook connection #1510
• OCPBUGS-14008: Enable “send-retry-after-while-not-ready-once” on SNO #1500
• update probes for best practices and consistency #1516
• api_performance_dashboard: show apiserver_longrunning_requests metric #1518
• allow greater timeout for etcd health check #1517
• api_performance_dashboard: show apiserver_request_total instead of apiserver_dropped_requests #1520
• OCPBUGS-8404: pkg/operator/configobserver: check that the serving certificate refer… #1482
• OCPBUGS-3986: dashboard: use recording rules for most metrics #1484
• OCPBUGS-14940: api_performance_dashboard: show apiserver_longrunning_requests metric #1511
• OCPBUGS-13946: degraded_webhook.go x509: certificate signed by unknown authority #1503
• OCPBUGS-14323: Change manifest directory permissions #1505
• OCPBUGS-13547: Remove featureset flag and use only the manifest #1491
• OCPBUGS-13303: pkg/operator/startupmonitor: skip openshift-apiserver readiness check… #1492
• OCPBUGS-14038: Update APIRemovedInNextRelease alerts #1497
• STOR-1263: Bump k8s 1.27 #1469
• read featureset from the manifests #1490
• Read feature manifest #1488
• Cover featuregate access errors in PSA configobserver unit tests. #1486
• switch to featuregates via the API #1485
• OCPBUGS-10831: pod security: use v1 api #1481
• OCPBUGS-11361: Revert “Merge pull request #1474 from benluddy/oapi-bump” #1477
• Bump dependency on openshift/api. #1474
• Updating ose-cluster-kube-apiserver-operator images to be consistent with ART #1460
• OCPBUGS-10713: PSA Violation alert: add ocp_namespace label #1435
• OCPBUGS-10039: update openshift/api to include aesgcm provider in the default apiserver schema #1462
• OCPBUGS-10577: update apf configuration to use v1beta3 #1413
• OCPBUGS-8711: API-1509: Enable AES-GCM encryption #1449
• OCPBUGS-8478: Disable TestBoundTokenSignerController #1455
• STOR-1051: Allow CSI inline volumes in all SCCs #1434
• WRKLDS-705: Bump openshift/api to enable DynamicResourceAllocation through TechPreviewNoUpgrade #1447
• bump(api) #1444
• bump(*) #1442
• Update OWNERS to remove/replace adambkaplan #1438
• OCPBUGS-5873: dashboard: use apiserver_storage_objects metric #1432
• API-1520: Update SLO alerts based on upstream improvements #1431
• WRKLDS-649: Guard pod set readiness probe endpoint explicitly #1437
• update APIRemovedInNextRelease alerts #1436
• OCPBUGS-6202: Updating ose-cluster-kube-apiserver-operator images to be consistent with ART #1415
• OCPBUGS-6258: bump(k8s): 1.26.1 #1433
• increase audit log size to contain an entire upgrade+e2e run #1430
• OCPBUGS-3985: enable pod security admission for techpreview #1403
• OCPBUGS-272: Remove duplicate find word in error msg for degraded webhook #1428
• Fix typo in PodSecurityViolation alert’s description #1391
• make the bootstrap kube-apiserver honor cluster-wide featuregates #1419
• remove use of deprecated klog flags #1427
• Revert “drop log-file flag removed in 1.26” #1425
• make api team approver #1377
• drop log-file flag removed in 1.26 #1420
• bump(api) #1418
• Drop flags removed in k8s 1.26 #1417
• OCPBUGS-3041: guard controller: set an explicit hostname to avoid name collisions #1410
• STOR-829: Enable CSIInlineVolumeSecurity admission plugin #1385
• OCPBUGS-3985: update for featureset rendering #1409
• OCPBUGS-3929: update apf configuration to use v1beta2 #1408
• bootstrap-kube-apiserver: specify resources.requests #1398
• OCPBUGS-1601: CVE-2022-3259: enable HSTS for kube-apiserver #1392
• Bug 2100429: Allow ephemeral volumes in all SCCs #1380
• Full changelog

cluster-kube-controller-manager-operator

• OCPBUGS-4478: Sync library go 4.12 #676
• OCPBUGS-4766: limit cluster-policy-controller RBAC permissions #675
• OCPBUGS-4681: remove unnecessary RBAC #674
• Full changelog

cluster-kube-scheduler-operator

• OCPBUGS-4478: Sync library go 4.12 #452
• Full changelog

cluster-kube-storage-version-migrator-operator

• NO-JIRA: operator/starter.go: don’t report an error on shutdown #117
• OCPBUGS-41169: Updating ose-cluster-kube-storage-version-migrator-operator-container image to be consistent with ART for 4.18 #116
• NO-JIRA: bump(*) #113
• OCPBUGS-34306: Updating ose-cluster-kube-storage-version-migrator-operator-container image to be consistent with ART for 4.17 #110
• OCPBUGS-34306: Updating ose-cluster-kube-storage-version-migrator-operator-container image to be consistent with ART for 4.17 #109
• AUTH-482: set required-scc for openshift workloads #107
• OCPBUGS-29567: Apply hypershift cluster-profile for ibm-cloud-managed #106
• OCPBUGS-27930: Updating ose-cluster-kube-storage-version-migrator-operator-container image to be consistent with ART for 4.16 #103
• OCPBUGS-24989: Updating ose-cluster-kube-storage-version-migrator-operator-container image to be consistent with ART #101
• OCPBUGS-21738: bump library-go to include switch to HTTP/1.1 #95
• OCPBUGS-19253: Updating ose-cluster-kube-storage-version-migrator-operator images to be consistent with ART #94
• Revert “specify master node selector on migrator pod” #93
• OCPBUGS-17170: specify master node selector on migrator pod #92
• OCPBUGS-16513: bump(*): update to 1.27.1 #91
• Fix operator doc in README #90
• Updating ose-cluster-kube-storage-version-migrator-operator images to be consistent with ART #89
• OCPBUGS-6240: Updating ose-cluster-kube-storage-version-migrator-operator images to be consistent with ART #87
• Full changelog

cluster-machine-approver

• OCPCLOUD-2736: Update to k8s 1.31 #240
• OCPCLOUD-2703: OWNERS: update subcomponent #239
• OCPBUGS-39526: Updating ose-cluster-machine-approver-container image to be consistent with ART for 4.18 #238
• OCPBUGS-36871: Client internal DNS checks should be case insensitive #237
• NO-JIRA: Update OWNERS #236
• OCPCLOUD-2602: Update dependencies to Kube 1.30 #235
• OCPBUGS-34138: Updating ose-cluster-machine-approver-container image to be consistent with ART for 4.17 #232
• OCPBUGS-33644: check for machine crd before listing machines #231
• OCPBUGS-29568: Apply hypershift cluster-profile for ibm-cloud-managed #229
• OCPBUGS-28230: add FallbackToLogsOnError for easier debugging #227
• OCPBUGS-26116: Add Snyk file to exclude vendor directory on scan #225
• OCPCLOUD-2417: Update to kube 1.29 and controller-runtime 0.17.0 #224
• OCPBUGS-23544: Increase concurrent reconciles to 10 #222
• OCPBUGS-25582: Updating ose-cluster-machine-approver-container image to be consistent with ART #223
• OCPBUGS-24985: Updating ose-cluster-machine-approver-container image to be consistent with ART #218
• OCPBUGS-24154: Updating ose-cluster-machine-approver-container image to be consistent with ART #217
• OCPCLOUD-2277: Ensure Cluster Machine Approver metrics are only available via HTTPS #211
• OCPBUGS-21594: Filter non node CSRs in metrics #208
• OCPBUGS-21793: Bump x/net package to v0.17.0 #204
• Update OWNERS #205
• OCPBUGS-19250: Updating ose-cluster-machine-approver images to be consistent with ART #201
• OCPCLOUD-2181: Update K8s dependencies to 1.28 #203
• OCPBUGS-17090: Set logger for controller runtime #200
• OCPBUGS-18338: Fix CI by running tests natively by default #199
• OCPBUGS-16156: check if machine api present #198
• handle situation when machine CRD is not present #191
• OCPCLOUD-2044: Update to Kubernetes 1.27 deps #195
• OCPBUGS-10171: Go 1.20 bump with fixed unit tests #194
• OCPBUGS-11225: Update node client allowed usages #189
• OCPBUGS-11225: Update isNodeClientCert to allow for new key usages #186
• OCPBUGS-11225: approver: fix ECDSA approvals in 1.27 #184
• Update TLS Bootstrapping doc links in README #182
• Updating ose-cluster-machine-approver images to be consistent with ART #180
• Update OWNERS #179
• : Update tooling for CMA #178
• OCPCLOUD-1805: Port to ginkgo v2 #176
• Updating ose-cluster-machine-approver images to be consistent with ART #174
• Update OWNERS #177
• Full changelog

cluster-monitoring-operator

• OCPBUGS-4363: Fixed TargetDown expression to join on the proper label #1833
• OCPBUGS-4488: Fixes externalURL field for Prometheus and Alertmanager #1840
• OCPBUGS-4627: compute doc link in PVC not configured message #1844
• OCPBUGS-4489: Increase startupProbe for prometheus #1841
• OCPBUGS-4431: add alert KubePodNotScheduled to group openshift-kubernetes.rules #1837
• Full changelog

cluster-network-operator

• OCPBUGS-4778: Fix handling of deployment and statefulset updates #1663
• OCPBUGS-4238: HyperShift: Co-locate OVN-Kubernetes master with other hcp pods #1645
• OCPBUGS-6494: OVN-Kubernetes: Stop sorting master node addresses, ignore readiness checks for redundant NB/SB #1691
• OCPBUGS-3461: CNI binary copy should account for the possibility of symlinks [backport 4.12] #1615
• OCPBUGS-4856: Disable the drop-icmp container ‘oc’ pprof webserver on Azure #1666
• OCPBUGS-4686: Revert “Remove references to the hosts kubeconfig” #1660
• OCPBUGS-4183: Fix default disable-udp-aggregation value on s390x #1661
• OCPBUGS-4637: Support RHOBS monitoring for HyperShift #1652
• Full changelog

cluster-node-tuning-operator

• E2E: Network stack Pinning tests (#533) #533
• Run node selector tests only if we 2 non Performanceworker nodes (#554) #554
• skip multiple ranges test if cores < 20 and use core as key to delete cpu siblings (#543) #543
• pao: latency-tests: read test log directly from pod (#547) #547
• Add authentication to the /metrics endpoint (#553) #553
• Update NTO images to be consistent with ART (#557) #557
• OCPBUGS-5021: [release-4.12] Fix two irqbalance tests - smp affinity vs online (#530) #530
• Remove trailing space from test name (#546) #546
• Fix default hard eviction threshold when PCC is applied (#520) #520
• Full changelog

cluster-openshift-apiserver-operator

• OCPBUGS-3293: routes/status resources can leak sensitive data, exclude it from audit #512
• OCPBUGS-3841: update apf configuration to use v1beta2 #507
• Full changelog

cluster-openshift-controller-manager-operator

• OCPBUGS-4803: [release-4.12] Correct go file formatting for go1.19 with gofmt #275
• OCPBUGS-3841: update apf configuration to use v1beta2 #271
• Full changelog

cluster-policy-controller

• OCPBUGS-5786: clusterquotareconciliation: do not sync quota monitor cache with no monitors registered #95
• Full changelog

cluster-samples-operator

• OCPBUGS-7208: When setting allowedRegistries urls the openshift-samples operator is degraded #489
• OCPBUGS-4599: Bump k8s master #479
• OCPBUGS-4407: Update Cluster Sample Operator dependencies and libraries for OCP 4.13 #478
• Full changelog

cluster-version-operator

• OCPBUGS-5879: Set upgradeability check throttling period to 2m #884
• OCPBUGS-5083: pkg/payload/precondition: Do not claim warnings would have blocked #878
• Full changelog

console

• OCPBUGS-6913: PipelineRun task status overlaps status text #12516
• OCPBUGS-6766: Fix to provide an option to delete all app resources on delete-resource modal for D/DC/KSVC #12491
• OCPBUGS-6969: Added translation to Last used in resource type dropdown #12521
• OCPBUGS-6764: Add Git Repository (PAC) showed empty permission content and non-working help link until a git url is entered #12490
• OCPBUGS-4281: Do not disable metrics when auth is disabled #12323
• OCPBUGS-6669: Do not show UpdateInProgress when status is Failing #12473
• OCPBUGS-5093: Fix to show correct help texts for each git repo status error code #12389
• OCPBUGS-6085: Editing Pipeline in the ocp console should show correct information #12452
• OCPBUGS-6758: Add RBAC check on Create a Project link in all-namespaces pages #12489
• OCPBUGS-6755: Remove refs-heads from the branch name for Repository pipelineRun row #12487
• OCPBUGS-6743: Fix react warning when open console, add missing keys in navigation #12484
• OCPBUGS-5875: Don’t proxy CORS response headers #12276
• OCPBUGS-6678: fix run-time error on Cluster Settings when availableUp… #12476
• OCPBUGS-4633: Monitoring: Fix alert descriptions with duplicate resources #12352
• OCPBUGS-5303: display ‘Control plane is hosted’ alert only when isCl… #12409
• OCPBUGS-5263: only show upgrade details if cluster not externally man… #12404
• OCPBUGS-5444: Change vSphere connection health status icon #12415
• OCPBUGS-4960: Fix that topology sidebar actions shows outdated data (Edit Pod Count, Edit labels, Edit annotations, etc.) #12378
• OCPBUGS-5003: fixed node maintenance plugin route configuration for BareMetalNodesPage #12381
• OCPBUGS-5185: Add DevSandbox specific telemetry config (to allow these cluster to enforce cluster type and opt-out) #12393
• OCPBUGS-5191: add support for version v1beta1 for knativeServing and knativeEventing #12395
• OCPBUGS-4897: Pan nodes into view if all nodes are not visible on load #12370
• OCPBUGS-4013: fix number spinner input #12288
• “OCPBUGS-4512: Fix navsection bug” #12340
• OCPBUGS-4458: fix issue where node debug terminal doesn’t load #12338
• Full changelog

console-operator

• OCPBUGS-6921: Recover ConsoleNotificationSync after being degraded #728
• Full changelog

container-networking-plugins

• OCPBUGS-5289: Adds vlan path substitution fix to address tuning regression for runtime config #71
• Full changelog

csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager

• OCPBUGS-6591: Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.25 into release-4.12 #174
• OCPBUGS-6064: Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.25 into release-4.12 #172
• Bug OCPBUGS-5403: Make sure LB status is updated immediately #164
• Full changelog

csi-driver-manila-operator

• OCPBUGS-6599: Address CVE-2022-41717 #166
• Full changelog

csi-driver-nfs

• OCPBUGS-6590: Address CVE-2022-41717 #105
• Full changelog

docker-builder

• Updating openshift-enterprise-builder images to be consistent with ART #315
• OCPBUGS-4779: [release-4.12] Update to go1.19 #321
• Full changelog

docker-registry

• OCPBUGS-4678: Bump aws-sdk-go to v1.44.145 #357
• Full changelog

driver-toolkit

• Adding rpm-build to the Dockerfile (#117) #117
• Full changelog

etcd

• OCPBUGS-5761: UPSTREAM:<carry>: etcdserver: process the scenaro of the last WAL rec… #176
• OCPBUGS-3100: Rebase openshift/etcd 4.12 onto v3.5.6 #169
• Full changelog

gcp-machine-controllers

• OCPBUGS-4504: refactor restartPolicyToBool function #28
• OCPBUGS-4499: Set sync period for Machine controller #25
• Full changelog

hyperkube, pod

• OCPBUGS-5490: remove in-tree volume limits test now that CSIMigration is GA #1449
• OCPBUGS-4808: Apply shared defaulters to CRD-based routes. #1441
• OCPBUGS-4366: Update to 1.25.4 #1434
• Full changelog

hypershift

• Skip destroyAWSDefaultSecurityGroup if not AWS #2168
• Create default security group for AWS clusters #2162
• AUTH-323: pki: split out konnectivity certs from the rootCA #2156
• fix(ibmcloud): Initialize image registry config on creates and bad config #2104
• fix(cpo): Allow KAS profiling disablement #2122
• reduce ignition server scope #2140
• OpenID add support for groups claim in the config #2129
• fix(cpo): Restart registry operator on annotation #2121
• Fix CAPA crd generation #2120
• Set k8s.io/kubernetes dependency to v0.23.3 #2118
• fix(cpo): Separate RBAC for NTO + CNO #2112
• Merge main up to db7c22ae into ‘release-4.12’ #2101
• Merge main into release-4.12 branch #2053
• Release 4.12 rebase latest #2047
• Fix OpenID OAuth config parsing #2029
• Fast foward release-4.12 to main #2003
• OCPBUGS-5133: Reinstate hosted cluster configuration propagation #1981
• Remove CAPA command from deployment #1970
• Fast forward release-4.12 to main #1964
• Remove CAPI manager container command path #1969
• v1beta1: add missing S3 publishing strategy type #1968
• Fast forward ‘release-4.12’ branch to ‘main’ #1932
• Full changelog

insights-operator

• OCPBUGS-5976: operators gatherer - handle ingresscontroller relatedObject & simplify (#714) (#719) #714
• OCPBUGS-5348: do not periodically update Available clusteroperator co… (#710) #710
• do not get disabled rules (#706) (#713) #706
• OCPBUGS-3377: fix: storage/ceph path structure (#691) (#697) #691
• Full changelog

ironic

• OCPBUGS-5143: Adding dosfstools and util-linux tools to ironic-image #341
• OCPBUGS-5100: Configure Ironic iLO driver to use web server #339
• OCPBUGS-4789: Update packages versions with latest available #335
• OCPBUGS-4840: Handle a different error code for missing TransferProtocolType #334
• Bug OCPBUGS-2052: Fix setting boot related attributes #324
• OCPBUGS-4479: fix: Add support for OKD/SCOS #329
• OCPBUGS-4311: Remove RDO distribution configuration (finally fixes #46) #327
• OCPBUGS-4097: Workaround for long time gap between operations in recent idrac #322
• OCPBUGS-3111: Don’t save OS_ prefixed variables #310
• Bug OCPBUGS-3479: Improve resiliency of eTag handling #315
• Full changelog

ironic-agent

• OCPBUGS-5067: make coreos-installer output available in the logs #66
• Full changelog

kube-proxy, sdn

• OCPBUGS-7227: Update for 4.12 / go 1.19, including gofmt updates #482
• OCPBUGS-4486: Add node egress IP assignment resync #487
• OCPBUGS-4422: pass ResourceVersion:0 for kube List() calls #473
• Full changelog

kubevirt-csi-driver

• Updating ose-kubevirt-csi-driver-rhel8 images to be consistent with ART #12
• Full changelog

machine-api-operator

• OCPBUGS-5413: Append annotations from machine template spec to the node #1104
• OCPBUGS-5117: [release-4.12] Allow to use machine.openshift.io API in provider specs #1086
• OCPBUGS-5417: machine-api-termination-handler: run DaemonSet only on Linux #1105
• Full changelog

machine-config-operator

• OCPBUGS-6045: There are not enough logs in case “oc extract” is stuck in mco first boot #3503
• OCPBUGS-6973: configure-ovs: optionally generate configuration in /run #3532
• OCPBUGS-6779: baremetal: clean state generated by NM when run by dracut #3521
• OCPBUGS-7241: controller: default overwrite to true for files #3546
• OCPBUGS-6997: Fix 4.12 art images #3535
• OCPBUGS-6805: Only check image type if we are sure there is work that needs to be done #3526
• OCPBUGS-5999: 4.12 - remove goutils from dependency tree #3496
• OCPBUGS-6179: controller: don’t render new MC until base MCs update #3506
• OCPBUGS-5743: Mount /run/nodeip-configuration into keepalived containers #3479
• OCPBUGS-5384: daemon: Explicitly pull image before running #3475
• OCPBUGS-3311: [alicloud] provider ID not being set for kubelet #3457
• OCPBUGS-4805: Do not allow empty system reserved values #3453
• OCPBUGS-4667: vsphere: check that /etc/hostname is not empty #3452
• OCPBUGS-4091: NM resolv prepender: correct permissions for systemd resolved config #3442
• Full changelog

machine-image-customization-controller

• OCPBUGS-5655: Update dependencies #76
• Full changelog

multus-whereabouts-ipam-cni

• OCPBUGS-3941: Backport Excluded ranges bug (#282) #103
• Full changelog

oc-mirror

• OCPBUGS-6703: fix: adds logic that searches for the correct name when using a heads… (#554) #554
• Updating oc-mirror-plugin images to be consistent with ART (#515) #515
• OCPBUGS-5253: Fix: fixes issues encountered by QE (#543) #543
• OCPBUGS-5253: fix: Missing ‘ImageContentSourcePolicy’ and ‘CatalogSou… (#542) #542
• OCPBUGS-4516: fix: oc-mirror does not work as expected relative path for OCI format copy (#532) #532
• OCPBUGS-4365: Fix cases where namespace or subnamespace may be empty (#530) #530
• OCPBUGS-4414: fix (#528) #528
• Full changelog

openshift-state-metrics

• OCPBUGS-41159: Updating openshift-state-metrics-container image to be consistent with ART for 4.18 #118
• OCPBUGS-34298: Updating openshift-state-metrics-container image to be consistent with ART for 4.17 #117
• OCPBUGS-34298: Updating openshift-state-metrics-container image to be consistent with ART for 4.17 #116
• MON-3878: Remove deprectated logtostderr #114
• OCPBUGS-24878: Updating openshift-state-metrics-container image to be consistent with ART #112
• MON-3530: Update OWNERS #110
• OCPBUGS-23649: bump dependencies #109
• OCPBUGS-21754: bump x/net to v0.17.0 #103
• Update Dockerfile to remove the maintainer tag #98
• OCPBUGS-19120: Updating openshift-state-metrics images to be consistent with ART #102
• OCPBUGS-12538: bump x/net to v0.7.0 #101
• OCPBUGS-6343: address CVE-2022-41717 #100
• OCPBUGS-12305: Update 4.14 openshift-state-metrics image to be consistent with ART #97
• OCPBUGS-10076: Updating openshift-state-metrics images to be consistent with ART #95
• Updating openshift-state-metrics images to be consistent with ART #92
• Full changelog

openstack-machine-api-provider

• OCPBUGS-7155: Address CVE-2022-41717 #55
• Full changelog

operator-lifecycle-manager, operator-registry

• OCPBUGS-6260: Catalog, fatal error: concurrent map read and map write #440
• OCPBUGS-7025: Set ImagePullPolicy of bundle unpacker to “IfNotPresent” for image digests #439
• OCPBUGS-3881: Default to legacy psa settings #426
• OCPBUGS-4951: Bump go and k8s #424
• Full changelog

operator-marketplace

• OCPBUGS-5466: Default CatalogSource aren’t always reverted to default settings #504
• OCPBUGS-6232: Updating marketplace-operator images to be consistent with ART #493
• OCPBUGS-6323: Upgrade golang/x/net to v0.4.0 to fix CVE-2022-41717 #505
• OCPBUGS-5423: Remove PSA audit and warnings #502
• OCPBUGS-5423: Run Default CatalogSource in Restricted mode #498
• OCPBUGS-4873: Add audit-version and warn-version labels #495
• Remove duplicate gprcPodConfig field in defaults #496
• OCPBUGS-4758: Unenforce PSA Restrictions #491
• Full changelog

ovirt-machine-controllers

• OCPBUGS-6309: Fix swapped CPU socket and thread mapping #173
• Full changelog

ovn-kubernetes, ovn-kubernetes-microshift

• OCPBUGS-7230: Delete IGMP Groups when deleting stale chassis #1516
• OCPBUGS-3399: Drop in-cluster traffic towards svcCIDR at wrong port #1490
• OCPBUGS-6961: update base image of Dockerfile #1504
• OCPBUGS-6823: [release-4.12] Fix Egress FW ACL rules in dualstack mode #1500
• OCPBUGS-4862: Correct the deletion of noHostSubnet nodes #1470
• OCPBUGS-298: ovnkube-trace: run ovn-sbctl and ovn-trace with –no-leader-only #1489
• OCPBUGS-5841: ovnkube-node: Existing management port check #1475
• OCPBUGS-6812: [release-4.12] Ensure loadbalancer cleanup doesn’t fail #1497
• OCPBUGS-298: Bump OVN to 22.09.0-54 #1488
• OCPBUGS-5923: [release-4.12] Fix egress firewall to allow inbound connections in both gw modes #1477
• OCPBUGS-5046: [release-4.12] egressip: fix test data race accessing podAssignment cache #1467
• OCPBUGS-3651: downstream windows fixes #1384
• OCPBUGS-4533: Move check_pkt_larger to gateway router ports #1420
• OCPBUGS-3651: [release-4.12] cherry-pick hybrid overlay fixes from master branch #1460
• Bug OCPBUGS-4383: Don’t log in iterateRetryResources when there are no retry entries #1413
• OCPBUGS-4098: [release-4.12] egress ip: Skip mgmt ports that cannot have assignable IP addresses #1429
• OCPBUGS-4884: [release-4.12] Fixes scenario where deleted + completed pods may leak #1451
• OCPBUGS-4835: [4.12] Fix address set cleanup: only delete address sets owned by given object. #1446
• OCPBUGS-4760: [4.12] Avoid duplicate transactions and minimize handlers with empty namespace selectors #1439
• OCPBUGS-4286: Fix delete equivalent acls #1406
• OCPBUGS-3378: Set the node as reachable only when it is being added as an egressip node #1402
• OCPBUGS-4503: Support LB Session Affinity TimeOut #1427
• OCPBUGS-4503: [release-4.12] Dockerfile: bump OVN to 22.09.0-25 #1425
• Bug OCPBUGS-4379: apply retry logic to ovnk-node controllers #1411
• OCPBUGS-4361: Bp ovnkube trace changes #1408
• OCPBUGS-4505: pods: deleteLogicalPort should not fail when node is gone #1419
• OCPBUGS-4453: Set NODAD flag on masquerade address #1416
• [Release 4.12] OCPBUGS-3397: Avoid Remetric pods #1399
• OCPBUGS-3390: Handle k8s watcher restart scenario #1359
• OCPBUGS-3798: [4.12] Dockerfile: bump regular image to OVS 2.17.0-62 #1409
• Full changelog

powervs-block-csi-driver

• Update OWNERS component to Multi-Arch #24
• Full changelog

powervs-block-csi-driver-operator

• Update OWNERS component to Multi-Arch #16
• Full changelog

powervs-cloud-controller-manager

• Updated OWNERS component to Multi-Arch #29
• Full changelog

powervs-machine-controllers

• Update OWNERS #39
• Full changelog

tests

• OCPBUGS-7285: extended: security: do not explicitly set api audience on token request #27716
• OCPBUGS-6850: [release-4.12] upgrade/adminack: guarantee one admin ack check post-upgrade #27684
• OCPBUGS-5493: Use cluster network MTU for bond interfaces #27637
• OCPBUGS-5490: Fix intervalcreation incorrect year unit test bug #27668
• OCPBUGS-5130: run resourcewatch fixes #27625
• OCPBUGS-4836: 1sec #27610
• OCPBUGS-4503: Unskip service session affinity tests #27598
• OCPBUGS-4851: Add Kuryr exception to “pods should successfully create sandboxes” test #27611
• OCPBUGS-4407: Nginx 1.18 images will reach EOL in November 2022 #27599
• OCPBUGS-2927: [release-4.12] Bump kubernetes to latest release-4.12 #27588
• Full changelog

thanos

• Updating thanos images to be consistent with ART #101
• Full changelog

vsphere-csi-driver, vsphere-csi-driver-syncer

• OCPBUGS-6936: fix for nil user session (#1859) #57
• Full changelog

vsphere-csi-driver-operator

• OCPBUGS-4609: Add multiple datacenters support #123
• Full changelog

vsphere-problem-detector

• OCPBUGS-5509: Add a count of zonal volumes #97
• OCPBUGS-3442: Lets remove datastore length checks for now #92
• Full changelog

---

View changelog in Markdown or change previous release: 4.18.0-0.okd-scos-2024-11-21-0211394.18.0-0.okd-scos-2024-11-20-1411384.18.0-0.okd-scos-2024-11-20-0209584.18.0-0.okd-scos-2024-11-19-1409574.18.0-0.okd-scos-2024-11-19-0209564.18.0-0.okd-scos-2024-11-18-140955───4.17.0-0.okd-scos-2024-11-20-2214034.17.0-0.okd-scos-2024-11-20-1014034.17.0-0.okd-scos-2024-11-19-2214034.17.0-0.okd-scos-2024-11-19-1014034.17.0-0.okd-scos-2024-11-18-2214034.17.0-0.okd-scos-2024-11-18-101403───4.16.0-0.okd-scos-2024-11-21-0014434.16.0-0.okd-scos-2024-11-20-1214434.16.0-0.okd-scos-2024-11-20-0014434.16.0-0.okd-scos-2024-11-19-1214434.16.0-0.okd-scos-2024-11-19-0014434.16.0-0.okd-scos-2024-11-18-121443───4.15.0-0.okd-scos-2024-05-13-2236094.15.0-0.okd-scos-2024-04-25-1837084.15.0-0.okd-scos-2024-04-25-0637084.15.0-0.okd-scos-2024-04-24-1837084.15.0-0.okd-scos-2024-04-24-0637084.15.0-0.okd-scos-2024-01-18-1035224.15.0-0.okd-scos-2024-01-17-2235214.15.0-0.okd-scos-2024-01-17-1035204.15.0-0.okd-scos-2024-01-16-223519───4.15.0-0.okd-2024-11-14-2031284.15.0-0.okd-2024-11-09-0406444.15.0-0.okd-2024-11-08-1606444.15.0-0.okd-2024-11-05-1344204.15.0-0.okd-2024-11-05-0144204.15.0-0.okd-2024-03-27-1109014.15.0-0.okd-2024-03-26-2309014.15.0-0.okd-2024-03-23-1640104.15.0-0.okd-2024-03-23-0440104.15.0-0.okd-2024-03-22-164010───4.17.0-okd-scos.ec.34.17.0-okd-scos.ec.24.17.0-okd-scos.ec.14.17.0-okd-scos.ec.04.17.0-0.okd-scos-2024-09-30-1017394.17.0-0.okd-scos-2024-09-26-2248284.17.0-0.okd-scos-2024-09-24-1048284.17.0-0.okd-scos-2024-08-21-100712───4.15.0-0.okd-2024-03-10-0101164.15.0-0.okd-2024-02-23-1634104.15.0-0.okd-2024-02-10-0355344.15.0-0.okd-2024-01-27-070424

Source code for this page located on github