Skip to content

v3.11.0

Latest
Compare
Choose a tag to compare
@smarterclayton smarterclayton released this 11 Oct 15:53
· 11284 commits to master since this release
0cbc58b

This is the 3.11 release of OpenShift Origin.

Backwards Compatibility

  • auth: The auth reconcile command is now deprecated as its functionality is part of the server #20177
    • The CLI command is now identical to the upstream auth reconcile and no longer updates roles
  • auth: The cluster-reader RBAC role is now an aggregated role to simplify adding new permissions #20279
  • cli: oc patch is now consistent with the kubectl patch command #20665
  • cli: oc types is now deprecated - use oc api-resources instead #21000
  • security: If the scheduler.alpha.kubernetes.io/node-selector annotion is set on a namespace, openshift.io/node-selector is now ignored #21058
  • server: The openshift start node functionality and openshift start have been removed - the Kubelet must now be started directly #20344, #20717
    • By using the Kubelet directly we make nodes easier to manage and more consistent with the upstream.
    • Future releases will remove other parts of openshift start master.

Changes

Roadmap for the v3.11 release

v3.11.0 (2018-10-10) Full Changelog

API

  • build: Allow dashes to be used in the environment variable names in builds #20738
  • image: Return information about image layers that are associated with an image stream to improve registry performance #19969, #20643
  • security: Promote sysctl annotations to fields in SecurityContextConstraints #20151

Component updates

  • Updated to Kubernetes v1.11.0-62-gd4cacc0 + patches
    • 62943: set updated replicas in statefulsets #20347
    • 64378: Don't reset global timeout on each for loop iteration #20452
    • 64426: Clean up fake mounters. #20117
    • 64447: Add block volume support to internal provisioners #20058
    • 64541: Add more kubectl auth reconcile flags #20281
    • 64860:checkLimitsForResolvConf for the pod create and update events instead of checking period #20070
    • 64879: Add block volume support to Cinder volume plugin #20270
    • 64896: kubectl: wait for all errors and successes on podEviction #20452
    • 65189: fix paths w shortcuts when copying from pods #20034
    • 65189: revert: fix paths w shortcuts when copying from pods" #20075
    • 65226: Put all the node address cloud provider retrival complex logic into cloudResourceSyncManager #20615
    • 65238: fix scheduler port boundary to match detection #20033
    • 65326: fix printer check to tolerate vendoring #20033
    • 65329: make builder tolerant of restmapper failures when it doesn't need the answer #20033
    • 65367: make sure delete waiting doesn't re-evaluate the resource lists #20033
    • 65368: legacy api endpoints only support v1 ever #20033
    • 65370: delete should tolerate a failed wait because of missing verbs #20033
    • 65377: special-case templates get.go #20033
    • 65447: Resolve potential devicePath symlink when MapVolume #20117
    • 65480: allow enabling kubelet serving certificate rotation via flag #20033
    • 65486: show type differences in reflect diff #20033
    • 65488: flatten nested lists for flatten in visitor #20033
    • 65489: kubectl convert should not double wrap output in nested lists #20033
    • 65547: Honor custom transport dialer #20033
    • 65549: Fix flexvolume in containerized kubelets #20358
    • 65587: Revert "certs: only append locally discovered addresses when we got none from the cloudprovider" #20033
    • 65686: fix kubectl create priorityclass failure bug #20624
    • 65700: Update output format so that it matches actual accepted values #20139
    • 65705: Block volumes should have empty FSType #20327
    • 65711: make template printers a recommended printer #20257
    • 65715: fail on rbac resources of non-v1 versions in reconcile #20177
    • 65786: update --template printer defaulting #20257
    • 65856: only need to ignore resources that match discovery conditions #20242
    • 65899: use self-signed cert fixtures in integration test servers #20309
    • 65904: track schemes by name for error reporting #20242
    • 65906: Improve multi-authorizer errors #20379
    • 65908: switch delete strategy to background deletion #20274
    • 65987: Add region label to dynamic provisioned cinder PVs #20418
    • 66008: Convert TestServerRunWithSNI to subtests to isolate flake #20302
    • 66085: fix updateJob scheduling of resync #20763
    • 66136: make delete waits match on UID #20305
    • 66172: Reverting commit #56600 as GCE PD is allocated in chunks of GiB inste... #20418
    • 66225: add support for "success" output for edit command #20589
    • 66225: update testcase for edit #20589
    • 66249: fill in normal restmapping info with the legacy guess #20392
    • 66324: Fixing E2E tests for disk resizing #20418
    • 66350: Start cloudResourceSyncsManager before getNodeAnyWay (initializeModules) to avoid kubelet getting stuck in retrieving node addresses from a cloudprovider #20615
    • 66352: update logs cmd to deal w external versions #20343
    • 66397: Fix upper limit on m5/c5 instance typesn #20439
    • 66398: fix logs command to be generic for all resources again #20514
    • 66403: indicate which scheme has conflicting data #20372
    • 66406: Send correct headers for pod printing #20437
    • 66406: tolerate missing column headers in server-side print output #20437
    • 66464: Avoid overflowing int64 in RoundUpSize and return error if overflow int #20418
    • 66519: switch attach to use external objs #20514
    • 66725: update exit code to 0 if patch not needed #20456
    • 66779: add methods to apimachinery to easy unit testing #20471
    • 66835: cloudprovider: aws: return true on existence check for stopped instances #20663
    • 66837: fix panic fake SAR client expansion #20491
    • 66929: add logging to find offending transports #20554
    • 66931: Use the passed-in streams in kubectl top #20529
    • 66932: Include unavailable apiservices in discovery response #20635
    • 67024: add CancelRequest to discovery round-tripper #20554
    • 67033: expose default LogsForObject consumeRequest func #20550
    • 67093: improve config file modification time #20566
    • 67094:Fix incorrect reporting of total request including current pod in the resource allocation priority function. #20603
    • 67094:Ouput volumes (total capacity and requests) too along with cpu and memory when the feature BalanceAttachedNodeVolumes is used. #20603
    • 67097: Ignore EIO error in unmount path #20866
    • 67236: fix azure disk create failure due to sdk upgrade #20662
    • 67316: Adds tests for --all-containers=true #20684
    • 67399: update patch to work with --local and avoid extra requests #20642
    • 67399: update patch to work with --local and avoid extra requests #20665
    • 67433: allow failed discovery on initial quota controller start #20635
    • 67433: allow failed discovery on initial quota controller start #20693
    • 67493: Tolerate nil input in GetValueFromIntOrPercent #20532
    • 67615: attach: Move the AttachFunc default function to the initializer #20697
    • 67698: Fix NameFromCommandArgs when passing command after -- #20730
    • 67822: Remove provisioner config from log message. #20756
    • 67835: Tests that use CheckTestingNSDeletedExcept must be serial #18816
    • 67896: expose generic storage factory primitives #20777
    • 67957: Size http2 buffers to allow concurrent streams #20783
    • 68007: Orphan DaemonSet when deleting with --cascade option set #20793
    • 68008: apiserver: forward panic in WithTimeout filter #20979
    • 68563: fix scheduler crash when Prioritize Map function failed #21194
    • 68678: tighten maximum retry loop for aggregate api availability #21012
    • 68680: Fix chown on distributed flex volumes (like gluster) #21070
    • : Node selector aware DS controller should not process openshift-io/node-selector if scheduler.alpha.kubernetes.io/node-selector is set. #21058
    • : Coerce string->int, empty object -> slice for backwards compatibility #20164
    • : Ensure perFSGroup quanity is positive #20564
    • : Expose ns lifecyle admission list of allowed resources #20242
    • : Gracefully handle empty volume-config file #20154
    • : oc patches on kubectl #20721
    • : patch in a non-standard location for apiservices #20578
    • : rewrite unstructured objects on the CLI to avoid oapi #20033
    • : simplify kube-controller-manager patches #20954
    • : switch back to use ugorji/go - decode to signed integers #20033
    • : tidy up oc patches and ensure we never print a non-groupified object #20385
    • : GCE load balancer unit test is flaky #20230
    • : Remove influxdb dependency until the next rebase #18816
    • : carry old printers until we update #20033
    • : carry old printers until we update #20257
    • : Fix cloud provider vsphere data race #20033
    • : Increase loglevel for health check #20616
    • : Make auth reconcile work with backlevel versions until ansible updates #20033
    • : vSphere test has race conditions, disable #20231

Features

  • build: Support ConfigMaps as sources in build definitions - allows you to have config from the build #19655, #20064
  • cli: Add oc image append which can add a new layer or change metadata on a Docker image against a remote registry #20027
  • cli: Add oc image extract to extract all or part of an image to disk from any platform #20466
  • cli: Support SSPI (Kerberos authentication) on Windows for the command line #11371
  • cli: Include the kubectl binary in release output #20932, #20958, #20900
  • network: Support automatic and highly available egress IPs for applications #19578, #20485, #21085, #20258, #20500
  • router: Support for mutual TLS authentication between the router and service backends. #19891, #20476
  • router: Allow HAProxy to dynamically change backends without requiring a reload #19073, #20559, #20557, #20630, #20646

Bugs

  • auth: Add namespaced servicebrokers, serviceclasses and serviceplans to admin/edit/view ClusterRoles #20852
  • auth: Update GitLab IDP to support OIDC #19997
  • auth: Use the upstream RBAC roles for reconciliation #20638
  • build: Ensure OOMKilled reason from pods are reported on build status #20297
  • build: Move deployer and build binaries into oc #20011 #20008
  • build: Remove false alarm warning for repo binary input on oc start-build #20100
  • cli: Allow patching configapi using oc patch #20642
  • cli: Honor 'oc edit' output format #20589
  • cli: accept --kubeconfig like kubectl #20721
  • cluster: Cluster quota controller tolerate inaccessible api resources #20693
  • deploy: Be tolerant on deployment decode and strict on encode to prevent incorrect fields #20185
  • deploy: Fix printing DC replicas #21017
  • dns: Restore graceful shutdown of DNS server #21021
  • image: Deprecate oc import-image legacy path using annotations #19673
  • image: Image stream imports longer than 30s should not fail #20419
  • image: Log image changes on verify-image-signature without --save #19976
  • image: Prune images in parallel #19468
  • image: Reuse existing imagestreams with new-app #20052
  • migrate: Ignore resources that cannot be listed and updated #21075
  • network: Bug 1614660 - Network diagnostic will auto detect runtime #20647
  • network: Show EgressCIDRs in "oc get hostsubnets" #20486
  • network: Update egress IPs when node changes IP #20393
  • node: Set FileCheckFrequency default properly #20158
  • route: Fix issue where routes are not cleaned up when a namespace label is deleted or updated. #20579
  • router: Bug 1618563 - Use the TCP balance scheme if configured before falling back to the default router load balancing algo #20702
  • router: Fix weight logic for A/B testing #19893
  • router: HAProxy ip whitelist exceeding max config arguments that haproxy allows. #20357
  • router: Router metrics sometimes fails to detect HTTP/1 connections #21043
  • service-catalog: use K8s NamespaceLifecycle admission controller #20673
  • test: Enable a large chunk of upstream e2e tests that were accidentally not being run #18816

Release SHA256 Checksums

The latest artifacts are always located at https://artifacts-openshift-release-3-11.svc.ci.openshift.org/zips/

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  CHECKSUM
4b0f07428ba854174c58d2e38287e5402964c9a9355f6c359d1242efd0990da3  openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz
9bfcd70df56d902b2cd39dea06e73f4c5451ef9e2ad0e8d6d5b27a92af8503fc  openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz
75d58500aec1a2cee9473dfa826c81199669dbc0f49806e31a13626b5e4cfcf0  openshift-origin-client-tools-v3.11.0-0cbc58b-mac.zip
cdb84cc0000d0f0983120f903b2cad7114527ce2a9c4eb1988986eda7b877bfa  openshift-origin-client-tools-v3.11.0-0cbc58b-windows.zip