- openshift/origin
Release notes
This is the 3.11 release of OpenShift Origin.
Backwards Compatibility
- auth: The
auth reconcile
command is now deprecated as its functionality is part of the server #20177- The CLI command is now identical to the upstream auth reconcile and no longer updates roles
- auth: The
cluster-reader
RBAC role is now an aggregated role to simplify adding new permissions #20279 - cli:
oc patch
is now consistent with thekubectl patch command
#20665 - cli:
oc types
is now deprecated - useoc api-resources
instead #21000 - security: If the
scheduler.alpha.kubernetes.io/node-selector
annotion is set on a namespace,openshift.io/node-selector
is now ignored #21058 - server: The
openshift start node
functionality andopenshift start
have been removed - the Kubelet must now be started directly #20344, #20717- By using the Kubelet directly we make nodes easier to manage and more consistent with the upstream.
- Future releases will remove other parts of
openshift start master
.
Changes
v3.11.0 (2018-10-10) Full Changelog
API
- build: Allow dashes to be used in the environment variable names in builds #20738
- image: Return information about image layers that are associated with an image stream to improve registry performance #19969, #20643
- security: Promote sysctl annotations to fields in SecurityContextConstraints #20151
Component updates
- Updated to Kubernetes v1.11.0-62-gd4cacc0 + patches
- 62943: set updated replicas in statefulsets #20347
- 64378: Don't reset global timeout on each for loop iteration #20452
- 64426: Clean up fake mounters. #20117
- 64447: Add block volume support to internal provisioners #20058
- 64541: Add more kubectl auth reconcile flags #20281
- 64860:checkLimitsForResolvConf for the pod create and update events instead of checking period #20070
- 64879: Add block volume support to Cinder volume plugin #20270
- 64896: kubectl: wait for all errors and successes on podEviction #20452
- 65189: fix paths w shortcuts when copying from pods #20034
- 65189: revert: fix paths w shortcuts when copying from pods" #20075
- 65226: Put all the node address cloud provider retrival complex logic into cloudResourceSyncManager #20615
- 65238: fix scheduler port boundary to match detection #20033
- 65326: fix printer check to tolerate vendoring #20033
- 65329: make builder tolerant of restmapper failures when it doesn't need the answer #20033
- 65367: make sure delete waiting doesn't re-evaluate the resource lists #20033
- 65368: legacy api endpoints only support v1 ever #20033
- 65370: delete should tolerate a failed wait because of missing verbs #20033
- 65377: special-case templates get.go #20033
- 65447: Resolve potential devicePath symlink when MapVolume #20117
- 65480: allow enabling kubelet serving certificate rotation via flag #20033
- 65486: show type differences in reflect diff #20033
- 65488: flatten nested lists for flatten in visitor #20033
- 65489: kubectl convert should not double wrap output in nested lists #20033
- 65547: Honor custom transport dialer #20033
- 65549: Fix flexvolume in containerized kubelets #20358
- 65587: Revert "certs: only append locally discovered addresses when we got none from the cloudprovider" #20033
- 65686: fix
kubectl create priorityclass
failure bug #20624 - 65700: Update output format so that it matches actual accepted values #20139
- 65705: Block volumes should have empty FSType #20327
- 65711: make template printers a recommended printer #20257
- 65715: fail on rbac resources of non-v1 versions in reconcile #20177
- 65786: update --template printer defaulting #20257
- 65856: only need to ignore resources that match discovery conditions #20242
- 65899: use self-signed cert fixtures in integration test servers #20309
- 65904: track schemes by name for error reporting #20242
- 65906: Improve multi-authorizer errors #20379
- 65908: switch delete strategy to background deletion #20274
- 65987: Add region label to dynamic provisioned cinder PVs #20418
- 66008: Convert TestServerRunWithSNI to subtests to isolate flake #20302
- 66085: fix updateJob scheduling of resync #20763
- 66136: make delete waits match on UID #20305
- 66172: Reverting commit #56600 as GCE PD is allocated in chunks of GiB inste... #20418
- 66225: add support for "success" output for edit command #20589
- 66225: update testcase for edit #20589
- 66249: fill in normal restmapping info with the legacy guess #20392
- 66324: Fixing E2E tests for disk resizing #20418
- 66350: Start cloudResourceSyncsManager before getNodeAnyWay (initializeModules) to avoid kubelet getting stuck in retrieving node addresses from a cloudprovider #20615
- 66352: update logs cmd to deal w external versions #20343
- 66397: Fix upper limit on m5/c5 instance typesn #20439
- 66398: fix logs command to be generic for all resources again #20514
- 66403: indicate which scheme has conflicting data #20372
- 66406: Send correct headers for pod printing #20437
- 66406: tolerate missing column headers in server-side print output #20437
- 66464: Avoid overflowing int64 in RoundUpSize and return error if overflow int #20418
- 66519: switch attach to use external objs #20514
- 66725: update exit code to 0 if patch not needed #20456
- 66779: add methods to apimachinery to easy unit testing #20471
- 66835: cloudprovider: aws: return true on existence check for stopped instances #20663
- 66837: fix panic fake SAR client expansion #20491
- 66929: add logging to find offending transports #20554
- 66931: Use the passed-in streams in kubectl top #20529
- 66932: Include unavailable apiservices in discovery response #20635
- 67024: add CancelRequest to discovery round-tripper #20554
- 67033: expose default LogsForObject consumeRequest func #20550
- 67093: improve config file modification time #20566
- 67094:Fix incorrect reporting of total request including current pod in the resource allocation priority function. #20603
- 67094:Ouput volumes (total capacity and requests) too along with cpu and memory when the feature BalanceAttachedNodeVolumes is used. #20603
- 67097: Ignore EIO error in unmount path #20866
- 67236: fix azure disk create failure due to sdk upgrade #20662
- 67316: Adds tests for --all-containers=true #20684
- 67399: update patch to work with --local and avoid extra requests #20642
- 67399: update patch to work with --local and avoid extra requests #20665
- 67433: allow failed discovery on initial quota controller start #20635
- 67433: allow failed discovery on initial quota controller start #20693
- 67493: Tolerate nil input in GetValueFromIntOrPercent #20532
- 67615: attach: Move the AttachFunc default function to the initializer #20697
- 67698: Fix NameFromCommandArgs when passing command after -- #20730
- 67822: Remove provisioner config from log message. #20756
- 67835: Tests that use CheckTestingNSDeletedExcept must be serial #18816
- 67896: expose generic storage factory primitives #20777
- 67957: Size http2 buffers to allow concurrent streams #20783
- 68007: Orphan DaemonSet when deleting with --cascade option set #20793
- 68008: apiserver: forward panic in WithTimeout filter #20979
- 68563: fix scheduler crash when Prioritize Map function failed #21194
- 68678: tighten maximum retry loop for aggregate api availability #21012
- 68680: Fix chown on distributed flex volumes (like gluster) #21070
- <carry>: Node selector aware DS controller should not process openshift-io/node-selector if scheduler.alpha.kubernetes.io/node-selector is set. #21058
- <carry>: Coerce string->int, empty object -> slice for backwards compatibility #20164
- <carry>: Ensure perFSGroup quanity is positive #20564
- <carry>: Expose ns lifecyle admission list of allowed resources #20242
- <carry>: Gracefully handle empty volume-config file #20154
- <carry>: oc patches on kubectl #20721
- <carry>: patch in a non-standard location for apiservices #20578
- <carry>: rewrite unstructured objects on the CLI to avoid oapi #20033
- <carry>: simplify kube-controller-manager patches #20954
- <carry>: switch back to use ugorji/go - decode to signed integers #20033
- <carry>: tidy up oc patches and ensure we never print a non-groupified object #20385
- <drop>: GCE load balancer unit test is flaky #20230
- <drop>: Remove influxdb dependency until the next rebase #18816
- <drop>: carry old printers until we update #20033
- <drop>: carry old printers until we update #20257
- <drop>: Fix cloud provider vsphere data race #20033
- <drop>: Increase loglevel for health check #20616
- <drop>: Make auth reconcile work with backlevel versions until ansible updates #20033
- <drop>: vSphere test has race conditions, disable #20231
Features
- build: Support ConfigMaps as sources in build definitions - allows you to have config from the build #19655, #20064
- cli: Add
oc image append
which can add a new layer or change metadata on a Docker image against a remote registry #20027 - cli: Add
oc image extract
to extract all or part of an image to disk from any platform #20466 - cli: Support SSPI (Kerberos authentication) on Windows for the command line #11371
- cli: Include the
kubectl
binary in release output #20932, #20958, #20900 - network: Support automatic and highly available egress IPs for applications #19578, #20485, #21085, #20258, #20500
- router: Support for mutual TLS authentication between the router and service backends. #19891, #20476
- router: Allow HAProxy to dynamically change backends without requiring a reload #19073, #20559, #20557, #20630, #20646
Bugs
- auth: Add namespaced servicebrokers, serviceclasses and serviceplans to admin/edit/view ClusterRoles #20852
- auth: Update GitLab IDP to support OIDC #19997
- auth: Use the upstream RBAC roles for reconciliation #20638
- build: Ensure OOMKilled reason from pods are reported on build status #20297
- build: Move deployer and build binaries into oc #20011 #20008
- build: Remove false alarm warning for repo binary input on
oc start-build
#20100 - cli: Allow patching configapi using oc patch #20642
- cli: Honor 'oc edit' output format #20589
- cli: accept --kubeconfig like kubectl #20721
- cluster: Cluster quota controller tolerate inaccessible api resources #20693
- deploy: Be tolerant on deployment decode and strict on encode to prevent incorrect fields #20185
- deploy: Fix printing DC replicas #21017
- dns: Restore graceful shutdown of DNS server #21021
- image: Deprecate
oc import-image
legacy path using annotations #19673 - image: Image stream imports longer than 30s should not fail #20419
- image: Log image changes on verify-image-signature without --save #19976
- image: Prune images in parallel #19468
- image: Reuse existing imagestreams with new-app #20052
- migrate: Ignore resources that cannot be listed and updated #21075
- network: Bug 1614660 - Network diagnostic will auto detect runtime #20647
- network: Show EgressCIDRs in "oc get hostsubnets" #20486
- network: Update egress IPs when node changes IP #20393
- node: Set FileCheckFrequency default properly #20158
- route: Fix issue where routes are not cleaned up when a namespace label is deleted or updated. #20579
- router: Bug 1618563 - Use the TCP balance scheme if configured before falling back to the default router load balancing algo #20702
- router: Fix weight logic for A/B testing #19893
- router: HAProxy ip whitelist exceeding max config arguments that haproxy allows. #20357
- router: Router metrics sometimes fails to detect HTTP/1 connections #21043
- service-catalog: use K8s NamespaceLifecycle admission controller #20673
- test: Enable a large chunk of upstream e2e tests that were accidentally not being run #18816
Release SHA256 Checksums
The latest artifacts are always located at https://artifacts-openshift-release-3-11.svc.ci.openshift.org/zips/
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 CHECKSUM 4b0f07428ba854174c58d2e38287e5402964c9a9355f6c359d1242efd0990da3 openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz 9bfcd70df56d902b2cd39dea06e73f4c5451ef9e2ad0e8d6d5b27a92af8503fc openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz 75d58500aec1a2cee9473dfa826c81199669dbc0f49806e31a13626b5e4cfcf0 openshift-origin-client-tools-v3.11.0-0cbc58b-mac.zip cdb84cc0000d0f0983120f903b2cad7114527ce2a9c4eb1988986eda7b877bfa openshift-origin-client-tools-v3.11.0-0cbc58b-windows.zip
- auth: The