Conformance test suite for OpenShift

Overview

Origin Kubernetes

Go Report Card GoDoc Licensed under Apache License version 2.0

This repo was previously the core Kubernetes tracking repo for OKD, and where OpenShift's hyperkube and openshift-test binaries were maintained. As of July 2020, the purpose and maintenance strategy of the repo varies by branch.

Maintenance of master and release-x.x branches for 4.6 and above

These branches no longer include the code required to produce hyperkube binaries, and are limited to maintaining the openshift-tests binary. Responsibility for maintaining hyperkube has transitioned to the openshift/kubernetes repo.

Backports and carries against upstream should be proposed to openshift/kubernetes. If changes merged to openshift/kubernetes need to land in origin, it will be necessary to follow up with a PR to origin that bumps the vendoring.

Branch names are correlated across the 2 repositories such that changes merged to a given branch in openshift/kubernetes should be vendored into the same branch in origin (e.g. master in openshift/kubernetes is vendored into master in origin).

NOTE: Vendoring of the master and release-x.x branches of openshift/kubernetes into the equivalent branches in origin is intended to be temporary. At some point in the near future, origin will switch to vendoring origin-specific branches (e.g origin-4.6-kubernetes-1.19.2) to minimize the scope of backports and carries that need to be considered in the context of openshift/kubernetes rebases.

Test annotation rules

Test annotation rules are used to label e2e tests so that they can be filtered or skipped. For example, rules can be defined that match kube e2e tests that are known to be incompatible with openshift and label those tests to be skipped.

Maintenance of test annotation rules is split between the openshift/kubernetes and origin repos to ensure that PRs proposed to openshift/kubernetes can be validated against the set of kube e2e tests known to be compatible with openshift.

Test annotation rules for kubernetes e2e tests are maintained in:

https://github.com/openshift/kubernetes/blob/master/openshift-hack/e2e/annotate/rules.go

Test annotation rules for openshift e2e tests are maintained in:

https://github.com/openshift/origin/blob/master/test/extended/util/annotate/rules.go

Origin vendors the kube rules and applies both the kube and openshift rules to the set of tests included in the openshift-tests binary.

In order to update test annotation rules for kube e2e tests, it will be necessary to:

  • Update rules.go in openshift/kubernetes
  • Bump the version of openshift/kubernetes vendored in origin

Vendoring from openshift/kubernetes

These origin branches vendor k8s.io/kubernetes and some of its staging repos (e.g. k8s.io/api) from our openshift/kubernetes fork. Upstream staging repos are used where possible, but some tests depends on functionality that is only present in the fork.

When a change has merged to an openshift/kubernetes branch that needs to be vendored into the same branch in origin, the hack/update-kube-vendor.sh helper script simplifies updating the go module configuration for all dependencies sourced from openshift/kubernetes for that branch. The script requires either the name of a branch or a SHA from openshift/kubernetes:

$ hack/update-kube-vendor.sh <openshift/kubernetes branch name or SHA>

The script also supports performing a fake bump to validate an as-yet unmerged change to openshift/kubernetes. This can be accomplished by supplying the name of a fork repo as the second argument to the script:

$ hack/update-kube-vendor.sh <branch name or SHA> github.com/myname/kubernetes

Once the script has executed, the vendoring changes will need to be committed and proposed to the repo.

Working around '410 Gone' error

If the script returns '410 Gone' as per the error that follows, it may be that the golang checksum server does not yet know about the target SHA.

go: k8s.io/[email protected] (replaced by github.com/openshift/[email protected]): verifying go.mod: g
ithub.com/openshift/[email protected]/go.mod: reading https://sum.golang.org/lookup/github.com/openshif
t/[email protected]: 410 Gone
        server response: not found:

The workaround is to set GOSUMDB=off to disable the checksum database for the vendoring update:

$ GOSUMDB=off hack/update-kube-vendor.sh <branch name or SHA>

Maintenance of release-4.5, release-4.4 and release-4.3

Releases prior to 4.6 continue to maintain hyperkube in the origin repo in the release-4.x branches. Persistent carries and backports for those branches should continue to be submitted directly to origin. openshift/kubernetes is not involved except for rebases.

End-to-End (e2e) and Extended Tests

End to end tests (e2e) should verify a long set of flows in the product as a user would see them. Two e2e tests should not overlap more than 10% of function and are not intended to test error conditions in detail. The project examples should be driven by e2e tests. e2e tests can also test external components working together.

All e2e tests are compiled into the openshift-tests binary. To build the test binary, run make.

To run a specific test, or an entire suite of tests, read test/extended/README for more information.

Updating external examples

hack/update-external-example.sh will pull down example files from external repositories and deposit them under the examples directory. Run this script if you need to refresh an example file, or add a new one. See the script and examples/quickstarts/README.md for more details.

Comments
  • Bug 1939542: UPSTREAM: 100678: apf: exempt probes /healthz /livez /readyz

    Bug 1939542: UPSTREAM: 100678: apf: exempt probes /healthz /livez /readyz

    What type of PR is this?

    /kind bug

    What this PR does / why we need it:

    Add a FlowSchema that exempts the following probes from any user:

    • /readyz
    • /livez
    • /healthz

    Which issue(s) this PR fixes:

    Special notes for your reviewer:

    Does this PR introduce a user-facing change?

    NONE
    

    Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

    
    
    kind/bug approved lgtm vendor-update do-not-merge/hold bugzilla/invalid-bug bugzilla/severity-high 
    opened by tkashem 2500
  • [infra] openshift-origin-bot synchronization issues

    [infra] openshift-origin-bot synchronization issues

    This is an issue tracker for openshift-origin-bot. The bot will report any errors that happened during synchronization under this issue.

    (this is not a bug, just a placeholder for the bot to log errors)

    area/infrastructure sig/master 
    opened by mfojtik 2500
  • [release-3.11] Bug 1760807: Revert #25463 regression in pod affinity check

    [release-3.11] Bug 1760807: Revert #25463 regression in pod affinity check

    #25463 tried addressing additional bugs that were uncovered when fixing this parent issue, and apparently regressed earlier fixes. This reverts that pr

    /priority important-soon /kind regression

    approved lgtm priority/important-soon bugzilla/valid-bug cherry-pick-approved bugzilla/severity-low 
    opened by damemi 730
  • [release-3.11] Bug 1745898: handle pod updates correctly in networkpolicy

    [release-3.11] Bug 1745898: handle pod updates correctly in networkpolicy

    currently if there are two network policies in a namespace that match an incoming pod refreshNetworkPolicies() will only call updateNetworkPolicy() on one of them. UpdateNetworkPolicy calls parseNetworkPolicy which updates the network policy object.

    removing the break in refreshNetworkPolicies() will cause updateNetworkPolicy() to be run against all changed networkpolicies which will ensure that all changed policies get successfully updated.

    also updated the unit tests to expose this issue, so that this issue won't be exposed again.

    4.5BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1816394 4.4BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1816392 4.3BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1816390 4.2BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1816389 4.1BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1816388 3.11BZ:https://bugzilla.redhat.com/show_bug.cgi?id=1745898

    approved lgtm bugzilla/valid-bug 
    opened by JacobTanenbaum 650
  • Allow TechPreviewNoUpgrade alerts when running on a TechPreview cluster

    Allow TechPreviewNoUpgrade alerts when running on a TechPreview cluster

    As a part of https://github.com/openshift/release/pull/19845, we are trying to add TechPreview periodic jobs as release informing jobs.

    To enable this, we need to make sure that the tests pass when the cluster is healthy and only valid failures are reported. Today, two tests fail because of the presence of a TechPreviewNoUpgrade alert created by kube-apiserver when a TechPreviewNoUpgrade feature gate is present. Eg https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_release/19845/rehearse-19845-periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-techpreview-parallel/1425432301084348416

    To allow these tests to pass, we must allow the TechPreviewNoUpgrade alert when the feature gate is present.

    approved lgtm bugzilla/valid-bug 
    opened by JoelSpeed 461
  • Bug 1872726: [3.11] Upstream: 89160: Remove potentially unhealthy symlink only for dead containers

    Bug 1872726: [3.11] Upstream: 89160: Remove potentially unhealthy symlink only for dead containers

    Cherry-pick of https://github.com/openshift/origin/pull/24926 addressing: https://bugzilla.redhat.com/show_bug.cgi?id=1823406#c15

    As the discussion over #52172 showed, there is race condition between the container log rotation and the kubelet GC which may result in the loss of symlink.

    Here is how container log rotation works (see containerLogManager#rotateLatestLog):

    rename current log to rotated log file whose filename contains current timestamp (fmt.Sprintf("%s.%s", log, timestamp))
    reopen the container log
    if #2 fails, rename rotated log file back to container log
    

    There is small but indeterministic amount of time during which log file doesn't exist (between steps #1 and #2, between #1 and #3). Hence the symlink may be deemed unhealthy during that period.

    This PR resorts to runtimeService.ContainerStatus() to check whether the container corresponding to the potentially unhealthy symlink is alive or not. The symlink would only be removed for dead containers.

    approved lgtm bugzilla/valid-bug bugzilla/severity-high 
    opened by haircommander 414
  • test/extended/cli/mustgather: Separate gather_audit_logs test

    test/extended/cli/mustgather: Separate gather_audit_logs test

    openshift/must-gather#143 is removing these from the default gather, because they're mostly useful for internal debugging, less useful in end-user bug reports, and can run to hundreds of megabytes. But we still want to ensure that they work as expected when they are explicitly requested. This commit pulls the audit-log checks out of the test-case for the generic invocation. And it adds a new test case with those checks after an explict gather_audit_logs request.

    CC @deads2k, @sanchezl, @sferich888, @soltysh

    approved lgtm size/L do-not-merge/hold 
    opened by wking 405
  • Bug 2069201: Check resolv.conf file existence

    Bug 2069201: Check resolv.conf file existence

    This fix parses the dnsRecursiveResolvConf node-config file only if it exists on the node, otherwise ignore parsing it.

    Signed-off-by: Periyasamy Palanisamy [email protected]

    approved lgtm ok-to-test bugzilla/valid-bug bugzilla/severity-high 
    opened by pperiyasamy 389
  • [release-4.1] Bug 1816388: handle pod updates correctly in networkpolicy

    [release-4.1] Bug 1816388: handle pod updates correctly in networkpolicy

    currently if there are two network policies in a namespace that match an incoming pod refreshNetworkPolicies() will only call updateNetworkPolicy() on one of them. UpdateNetworkPolicy calls parseNetworkPolicy which updates the network policy object.

    removing the break in refreshNetworkPolicies() will cause updateNetworkPolicy() to be run against all changed networkpolicies which will ensure that all changed policies get successfully updated.

    also updated the unit tests to expose this issue, so that this issue won't be exposed again.

    4.5BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1816394 4.4BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1816392 4.3BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1816390 4.2BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1816389 4.1BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1816388

    approved lgtm bugzilla/valid-bug cherry-pick-approved bugzilla/severity-urgent 
    opened by JacobTanenbaum 365
  • Requesting for a Good-First-Issue label on this repository

    Requesting for a Good-First-Issue label on this repository

    I am writing this on behalf of myself and for sure someone out there who really needs this. All the newbie contributors out there really Needs a good-first-issue label to work on and get their hand used to this repository, so they can contribute further to this open-source project.

    opened by Avinash-Acharya 0
  • Automated - Update synthetic test data

    Automated - Update synthetic test data

    alerts Information

    There were (15) added jobs and (0) were removed.

    disruptions Information

    There were (0) added jobs and (28) were removed.

    Comparisons were above allowed leeway of 30.00%

    Note: For P99, disruptions had 52 jobs increased and 66 jobs decreased.

    Click To Show Table

    | Name | Release | From | Arch | Network | Platform | Topology | Job Results | P95 | P95 % Increase | P99 | P99 % Increase | | ---- | ------- | ---- | ---- | ------- | -------- |--------- | ----------- | --- | -------------- | --- | -------------- | | ingress-to-console-reused-connections | 4.13 | | amd64 | ovn | vsphere | ha | 352 | 3.45s| 72.50% | 20.49s | 339.70% | ingress-to-oauth-server-reused-connections | 4.13 | 4.13 | amd64 | ovn | aws | ha | 623 | 4s| 33.33% | 6s | 50.00% | ingress-to-oauth-server-reused-connections | 4.13 | 4.12 | amd64 | sdn | aws | ha | 203 | 2s| 100.00% | 6.45s | 61.25% | oauth-api-reused-connections | 4.13 | 4.12 | amd64 | sdn | azure | ha | 572 | 3s| 50.00% | 10.58s | 90.29% | openshift-api-new-connections | 4.13 | | arm64 | ovn | aws | ha | 202 | 0s| 0.00% | 2s | 100.00% | cache-oauth-api-new-connections | 4.13 | 4.13 | amd64 | ovn | azure | ha | 351 | 1s| 0.00% | 7.5s | 45.35% | ingress-to-oauth-server-reused-connections | 4.13 | 4.13 | amd64 | sdn | aws | ha | 369 | 0s| 0.00% | 1.32s | 36.08% | openshift-api-new-connections | 4.13 | | amd64 | sdn | ovirt | ha | 125 | 57s| 0.00% | 1m52.24s | 476.48% | cache-kube-api-new-connections | 4.13 | | amd64 | sdn | ovirt | ha | 125 | 53.4s| 0.00% | 1m49.24s | 461.07% | oauth-api-new-connections | 4.13 | 4.13 | amd64 | sdn | aws | ha | 369 | 0s| 0.00% | 1.32s | 32.00% | openshift-api-new-connections | 4.13 | 4.12 | amd64 | ovn | gcp | ha | 424 | 5s| 0.00% | 8.77s | 46.17% | kube-api-reused-connections | 4.13 | 4.12 | amd64 | sdn | azure | ha | 572 | 2s| 0.00% | 5s | 66.67% | cache-oauth-api-new-connections | 4.13 | | amd64 | sdn | ovirt | ha | 125 | 58.4s| 0.00% | 1m48s | 443.26% | ingress-to-oauth-server-new-connections | 4.13 | | amd64 | sdn | ovirt | ha | 125 | 33s| 0.00% | 48.52s | 413.98% | openshift-api-new-connections | 4.13 | | amd64 | ovn | aws | ha | 510 | 0s| 0.00% | 2s | 100.00% | ingress-to-oauth-server-new-connections | 4.13 | 4.13 | amd64 | sdn | aws | ha | 369 | 2s| 0.00% | 5s | 66.67% | kube-api-new-connections | 4.13 | | amd64 | ovn | vsphere | ha | 352 | 0s| 0.00% | 2.98s | 198.00% | ingress-to-oauth-server-new-connections | 4.13 | | arm64 | ovn | aws | ha | 202 | 1s| 0.00% | 4s | 33.33% | kube-api-new-connections | 4.13 | | amd64 | sdn | ovirt | ha | 125 | 58.8s| 0.00% | 1m52.48s | 477.71% | cache-oauth-api-reused-connections | 4.13 | | amd64 | sdn | ovirt | ha | 125 | 55.8s| 0.00% | 1m47.28s | 809.15% | openshift-api-reused-connections | 4.13 | | amd64 | sdn | ovirt | ha | 125 | 58s| 0.00% | 1m52s | 493.22% | ingress-to-console-reused-connections | 4.13 | | amd64 | sdn | ovirt | ha | 125 | 34s| 0.00% | 49.52s | 402.74% | ingress-to-console-reused-connections | 4.13 | | arm64 | ovn | aws | ha | 202 | 0s| 0.00% | 4s | 33.33% | ingress-to-console-reused-connections | 4.13 | | amd64 | ovn | aws | ha | 510 | 0s| 0.00% | 4s | 33.33% | cache-kube-api-reused-connections | 4.13 | | amd64 | sdn | ovirt | ha | 125 | 48s| 0.00% | 1m44.72s | 745.20% | ingress-to-oauth-server-new-connections | 4.13 | | amd64 | sdn | metal | ha | 151 | 0s| 0.00% | 1s | 354.55% | cache-openshift-api-new-connections | 4.13 | | arm64 | ovn | aws | ha | 202 | 0s| 0.00% | 2s | 100.00% | cache-oauth-api-reused-connections | 4.13 | 4.12 | amd64 | sdn | azure | ha | 572 | 2s| 0.00% | 7.45s | 86.25% | cache-openshift-api-new-connections | 4.13 | 4.13 | amd64 | sdn | aws | ha | 369 | 0s| 0.00% | 2s | 100.00% | cache-oauth-api-new-connections | 4.13 | 4.13 | amd64 | ovn | aws | ha | 623 | 1s| 0.00% | 4s | 33.33% | cache-kube-api-reused-connections | 4.13 | | amd64 | ovn | vsphere | ha | 352 | 0s| 0.00% | 1s | 51.52% | oauth-api-new-connections | 4.13 | | amd64 | sdn | ovirt | ha | 125 | 1m1s| 0.00% | 1m52.72s | 478.94% | cache-openshift-api-new-connections | 4.13 | | amd64 | sdn | ovirt | ha | 125 | 54s| 0.00% | 1m48s | 454.70% | oauth-api-reused-connections | 4.13 | | amd64 | sdn | ovirt | ha | 125 | 59.2s| 0.00% | 1m51.52s | 490.68% | cache-oauth-api-new-connections | 4.13 | | amd64 | ovn | vsphere | ha | 352 | 0s| 0.00% | 2.98s | 49.00% | cache-openshift-api-new-connections | 4.13 | | amd64 | ovn | aws | ha | 510 | 0s| 0.00% | 2s | 100.00% | cache-openshift-api-reused-connections | 4.13 | | amd64 | sdn | ovirt | ha | 125 | 48.8s| 0.00% | 1m44.96s | 747.13% | cache-openshift-api-new-connections | 4.13 | 4.12 | amd64 | ovn | gcp | ha | 424 | 4s| 0.00% | 8.77s | 54.13% | ingress-to-console-reused-connections | 4.13 | 4.13 | amd64 | sdn | aws | ha | 369 | 1s| 0.00% | 2.32s | 132.00% | cache-kube-api-reused-connections | 4.13 | 4.13 | amd64 | ovn | azure | ha | 351 | 1s| 0.00% | 2s | 100.00% | cache-oauth-api-new-connections | 4.13 | 4.12 | amd64 | ovn | gcp | ha | 424 | 4s| 0.00% | 8.77s | 31.09% | oauth-api-new-connections | 4.13 | 4.13 | amd64 | ovn | azure | ha | 351 | 1s| 0.00% | 8.5s | 37.99% | cache-oauth-api-new-connections | 4.13 | 4.12 | amd64 | sdn | aws | ha | 203 | 0s| 0.00% | 1.45s | 33.03% | cache-oauth-api-reused-connections | 4.13 | | amd64 | sdn | azure | ha | 195 | 0s| 0.00% | 2s | 100.00% | cache-kube-api-new-connections | 4.13 | | amd64 | ovn | vsphere | ha | 352 | 1s| 0.00% | 4s | 100.00% | oauth-api-new-connections | 4.13 | | amd64 | ovn | vsphere | ha | 352 | 0s| 0.00% | 2.98s | 49.00% | ingress-to-oauth-server-reused-connections | 4.13 | | amd64 | sdn | ovirt | ha | 125 | 31.8s| 0.00% | 46.28s | 390.25% | cache-openshift-api-new-connections | 4.13 | 4.13 | amd64 | ovn | azure | ha | 351 | 1s| 0.00% | 6.5s | 116.67% | ingress-to-oauth-server-new-connections | 4.13 | | amd64 | ovn | aws | ha | 510 | 1s| 0.00% | 4s | 33.33% | ingress-to-console-new-connections | 4.13 | | amd64 | ovn | vsphere | ha | 352 | 5s| 0.00% | 19.47s | 125.35% | kube-api-reused-connections | 4.13 | | amd64 | sdn | ovirt | ha | 125 | 56.6s| 0.00% | 1m49.84s | 616.04% | ingress-to-console-new-connections | 4.13 | | amd64 | sdn | ovirt | ha | 125 | 34.8s| 0.00% | 52.52s | 376.16%

    Missing Data

    Note: Jobs that are missing from the new data set but were present in the previous dataset.

    Click To Show Table

    | Name | Release | From | Arch | Network | Platform | Topology | Job Results | P95 | P95 % Increase | P99 | P99 % Increase | | ---- | ------- | ---- | ---- | ------- | -------- |--------- | ----------- | --- | -------------- | --- | -------------- | | service-load-balancer-with-pdb-new-connections | 4.13 | 4.12 | amd64 | sdn | aws | ha | 0 | 0s| 0.00% | 0s | 0.00% | service-load-balancer-with-pdb-reused-connections | 4.13 | 4.13 | amd64 | ovn | aws | ha | 0 | 0s| 0.00% | 0s | 0.00% | image-registry-reused-connections | 4.13 | 4.12 | amd64 | ovn | aws | ha | 0 | 0s| 0.00% | 0s | 0.00% | image-registry-reused-connections | 4.13 | 4.12 | amd64 | sdn | aws | ha | 0 | 0s| 0.00% | 0s | 0.00% | image-registry-reused-connections | 4.13 | 4.12 | amd64 | ovn | gcp | ha | 0 | 0s| 0.00% | 0s | 0.00% | image-registry-reused-connections | 4.13 | 4.13 | amd64 | ovn | aws | ha | 0 | 0s| 0.00% | 0s | 0.00% | image-registry-new-connections | 4.13 | 4.12 | amd64 | sdn | azure | ha | 0 | 0s| 0.00% | 0s | 0.00% | service-load-balancer-with-pdb-reused-connections | 4.13 | 4.12 | amd64 | sdn | aws | ha | 0 | 0s| 0.00% | 0s | 0.00% | image-registry-reused-connections | 4.13 | 4.13 | amd64 | sdn | aws | ha | 0 | 0s| 0.00% | 0s | 0.00% | service-load-balancer-with-pdb-reused-connections | 4.13 | 4.13 | amd64 | ovn | azure | ha | 0 | 0s| 0.00% | 0s | 0.00% | image-registry-reused-connections | 4.13 | 4.13 | amd64 | ovn | azure | ha | 0 | 0s| 0.00% | 0s | 0.00% | service-load-balancer-with-pdb-new-connections | 4.13 | 4.13 | amd64 | ovn | azure | ha | 0 | 0s| 0.00% | 0s | 0.00% | service-load-balancer-with-pdb-reused-connections | 4.13 | 4.13 | amd64 | sdn | aws | ha | 0 | 0s| 0.00% | 0s | 0.00% | image-registry-new-connections | 4.13 | 4.12 | amd64 | ovn | gcp | ha | 0 | 0s| 0.00% | 0s | 0.00% | image-registry-new-connections | 4.13 | 4.13 | amd64 | sdn | aws | ha | 0 | 0s| 0.00% | 0s | 0.00% | image-registry-new-connections | 4.13 | 4.13 | amd64 | ovn | aws | ha | 0 | 0s| 0.00% | 0s | 0.00% | image-registry-new-connections | 4.13 | 4.12 | amd64 | ovn | aws | ha | 0 | 0s| 0.00% | 0s | 0.00% | image-registry-new-connections | 4.13 | 4.12 | amd64 | sdn | aws | ha | 0 | 0s| 0.00% | 0s | 0.00% | service-load-balancer-with-pdb-new-connections | 4.13 | 4.13 | amd64 | ovn | aws | ha | 0 | 0s| 0.00% | 0s | 0.00% | service-load-balancer-with-pdb-new-connections | 4.13 | 4.12 | amd64 | ovn | gcp | ha | 0 | 0s| 0.00% | 0s | 0.00% | service-load-balancer-with-pdb-reused-connections | 4.13 | 4.12 | amd64 | sdn | azure | ha | 0 | 0s| 0.00% | 0s | 0.00% | service-load-balancer-with-pdb-new-connections | 4.13 | 4.13 | amd64 | sdn | aws | ha | 0 | 0s| 0.00% | 0s | 0.00% | service-load-balancer-with-pdb-reused-connections | 4.13 | 4.12 | amd64 | ovn | aws | ha | 0 | 0s| 0.00% | 0s | 0.00% | service-load-balancer-with-pdb-new-connections | 4.13 | 4.12 | amd64 | ovn | aws | ha | 0 | 0s| 0.00% | 0s | 0.00% | service-load-balancer-with-pdb-new-connections | 4.13 | 4.12 | amd64 | sdn | azure | ha | 0 | 0s| 0.00% | 0s | 0.00% | image-registry-new-connections | 4.13 | 4.13 | amd64 | ovn | azure | ha | 0 | 0s| 0.00% | 0s | 0.00% | image-registry-reused-connections | 4.13 | 4.12 | amd64 | sdn | azure | ha | 0 | 0s| 0.00% | 0s | 0.00% | service-load-balancer-with-pdb-reused-connections | 4.13 | 4.12 | amd64 | ovn | gcp | ha | 0 | 0s| 0.00% | 0s | 0.00%

    /cc @dgoodwin
    opened by openshift-bot 2
  • Allow baremetal tests to run on GCP platform

    Allow baremetal tests to run on GCP platform

    Metal3 pods can now be deployed on GCP platform. Baremetal hosts can be booted only via virtual media. We only check for the presence of the metal3 pod to verify the baremetal deployment is available in GCP too.

    do-not-merge/hold 
    opened by elfosardo 1
  • Add Event intervals for Startup Probe failures

    Add Event intervals for Startup Probe failures

    TRT-724

    The kubelet logs contain the startup probe errors. We extract them (similar to how the readiness probe events were extracted) so they will be represented in the event Intervals and the Interval charts.

    Sample output:

    • Startup probes occur just before a container goes to Ready state. You can see them in this chart for pods (e.g., redhat-operators-5nk4h) that are in the openshift-marketplace namespace.
    • For the node logs of this job, we see 4 Startup Probe events which show up in the chart. Note that both log line cases (output=" and output=<) are represented:
    $ grep 5nk4h ip-10-0-149-44.us-west-2.compute.internal-journal.log|grep '"Probe failed" probeType="Startup"'
    Dec 15 14:35:33.232637 ip-10-0-149-44 kubenswrapper[2416]: I1215 14:35:33.209265    2416 prober.go:114] "Probe failed" probeType="Startup" pod="openshift-marketplace/redhat-operators-5nk4h" podUID=b2e47f45-5d77-47c8-94c9-dfbdab5c1834 containerName="registry-server" probeResult=failure output="command timed out"
    Dec 15 14:35:43.223691 ip-10-0-149-44 kubenswrapper[2416]: I1215 14:35:43.222242    2416 prober.go:114] "Probe failed" probeType="Startup" pod="openshift-marketplace/redhat-operators-5nk4h" podUID=b2e47f45-5d77-47c8-94c9-dfbdab5c1834 containerName="registry-server" probeResult=failure output="command timed out"
    Dec 15 14:35:53.047639 ip-10-0-149-44 kubenswrapper[2416]: I1215 14:35:53.042936    2416 prober.go:114] "Probe failed" probeType="Startup" pod="openshift-marketplace/redhat-operators-5nk4h" podUID=b2e47f45-5d77-47c8-94c9-dfbdab5c1834 containerName="registry-server" probeResult=failure output=<
    Dec 15 14:36:03.233780 ip-10-0-149-44 kubenswrapper[2416]: I1215 14:36:03.233339    2416 prober.go:114] "Probe failed" probeType="Startup" pod="openshift-marketplace/redhat-operators-5nk4h" podUID=b2e47f45-5d77-47c8-94c9-dfbdab5c1834 containerName="registry-server" probeResult=failure output="command timed out"
    
    Screen Shot 2022-12-15 at 10 31 23 AM

    NOTE: the case where the log ends with output=< is for multi-line output. I purposely did not add the logic to capture the text in the multiline output. If we feel like this info is valuable in the future, we may pursue this.

    lgtm 
    opened by DennisPeriquet 3
Releases(v3.11.0)
  • v3.11.0(Oct 11, 2018)

    This is the 3.11 release of OpenShift Origin.

    Backwards Compatibility

    • auth: The auth reconcile command is now deprecated as its functionality is part of the server #20177
      • The CLI command is now identical to the upstream auth reconcile and no longer updates roles
    • auth: The cluster-reader RBAC role is now an aggregated role to simplify adding new permissions #20279
    • cli: oc patch is now consistent with the kubectl patch command #20665
    • cli: oc types is now deprecated - use oc api-resources instead #21000
    • security: If the scheduler.alpha.kubernetes.io/node-selector annotion is set on a namespace, openshift.io/node-selector is now ignored #21058
    • server: The openshift start node functionality and openshift start have been removed - the Kubelet must now be started directly #20344, #20717
      • By using the Kubelet directly we make nodes easier to manage and more consistent with the upstream.
      • Future releases will remove other parts of openshift start master.

    Changes

    Roadmap for the v3.11 release

    v3.11.0 (2018-10-10) Full Changelog

    API

    • build: Allow dashes to be used in the environment variable names in builds #20738
    • image: Return information about image layers that are associated with an image stream to improve registry performance #19969, #20643
    • security: Promote sysctl annotations to fields in SecurityContextConstraints #20151

    Component updates

    • Updated to Kubernetes v1.11.0-62-gd4cacc0 + patches
      • 62943: set updated replicas in statefulsets #20347
      • 64378: Don't reset global timeout on each for loop iteration #20452
      • 64426: Clean up fake mounters. #20117
      • 64447: Add block volume support to internal provisioners #20058
      • 64541: Add more kubectl auth reconcile flags #20281
      • 64860:checkLimitsForResolvConf for the pod create and update events instead of checking period #20070
      • 64879: Add block volume support to Cinder volume plugin #20270
      • 64896: kubectl: wait for all errors and successes on podEviction #20452
      • 65189: fix paths w shortcuts when copying from pods #20034
      • 65189: revert: fix paths w shortcuts when copying from pods" #20075
      • 65226: Put all the node address cloud provider retrival complex logic into cloudResourceSyncManager #20615
      • 65238: fix scheduler port boundary to match detection #20033
      • 65326: fix printer check to tolerate vendoring #20033
      • 65329: make builder tolerant of restmapper failures when it doesn't need the answer #20033
      • 65367: make sure delete waiting doesn't re-evaluate the resource lists #20033
      • 65368: legacy api endpoints only support v1 ever #20033
      • 65370: delete should tolerate a failed wait because of missing verbs #20033
      • 65377: special-case templates get.go #20033
      • 65447: Resolve potential devicePath symlink when MapVolume #20117
      • 65480: allow enabling kubelet serving certificate rotation via flag #20033
      • 65486: show type differences in reflect diff #20033
      • 65488: flatten nested lists for flatten in visitor #20033
      • 65489: kubectl convert should not double wrap output in nested lists #20033
      • 65547: Honor custom transport dialer #20033
      • 65549: Fix flexvolume in containerized kubelets #20358
      • 65587: Revert "certs: only append locally discovered addresses when we got none from the cloudprovider" #20033
      • 65686: fix kubectl create priorityclass failure bug #20624
      • 65700: Update output format so that it matches actual accepted values #20139
      • 65705: Block volumes should have empty FSType #20327
      • 65711: make template printers a recommended printer #20257
      • 65715: fail on rbac resources of non-v1 versions in reconcile #20177
      • 65786: update --template printer defaulting #20257
      • 65856: only need to ignore resources that match discovery conditions #20242
      • 65899: use self-signed cert fixtures in integration test servers #20309
      • 65904: track schemes by name for error reporting #20242
      • 65906: Improve multi-authorizer errors #20379
      • 65908: switch delete strategy to background deletion #20274
      • 65987: Add region label to dynamic provisioned cinder PVs #20418
      • 66008: Convert TestServerRunWithSNI to subtests to isolate flake #20302
      • 66085: fix updateJob scheduling of resync #20763
      • 66136: make delete waits match on UID #20305
      • 66172: Reverting commit #56600 as GCE PD is allocated in chunks of GiB inste... #20418
      • 66225: add support for "success" output for edit command #20589
      • 66225: update testcase for edit #20589
      • 66249: fill in normal restmapping info with the legacy guess #20392
      • 66324: Fixing E2E tests for disk resizing #20418
      • 66350: Start cloudResourceSyncsManager before getNodeAnyWay (initializeModules) to avoid kubelet getting stuck in retrieving node addresses from a cloudprovider #20615
      • 66352: update logs cmd to deal w external versions #20343
      • 66397: Fix upper limit on m5/c5 instance typesn #20439
      • 66398: fix logs command to be generic for all resources again #20514
      • 66403: indicate which scheme has conflicting data #20372
      • 66406: Send correct headers for pod printing #20437
      • 66406: tolerate missing column headers in server-side print output #20437
      • 66464: Avoid overflowing int64 in RoundUpSize and return error if overflow int #20418
      • 66519: switch attach to use external objs #20514
      • 66725: update exit code to 0 if patch not needed #20456
      • 66779: add methods to apimachinery to easy unit testing #20471
      • 66835: cloudprovider: aws: return true on existence check for stopped instances #20663
      • 66837: fix panic fake SAR client expansion #20491
      • 66929: add logging to find offending transports #20554
      • 66931: Use the passed-in streams in kubectl top #20529
      • 66932: Include unavailable apiservices in discovery response #20635
      • 67024: add CancelRequest to discovery round-tripper #20554
      • 67033: expose default LogsForObject consumeRequest func #20550
      • 67093: improve config file modification time #20566
      • 67094:Fix incorrect reporting of total request including current pod in the resource allocation priority function. #20603
      • 67094:Ouput volumes (total capacity and requests) too along with cpu and memory when the feature BalanceAttachedNodeVolumes is used. #20603
      • 67097: Ignore EIO error in unmount path #20866
      • 67236: fix azure disk create failure due to sdk upgrade #20662
      • 67316: Adds tests for --all-containers=true #20684
      • 67399: update patch to work with --local and avoid extra requests #20642
      • 67399: update patch to work with --local and avoid extra requests #20665
      • 67433: allow failed discovery on initial quota controller start #20635
      • 67433: allow failed discovery on initial quota controller start #20693
      • 67493: Tolerate nil input in GetValueFromIntOrPercent #20532
      • 67615: attach: Move the AttachFunc default function to the initializer #20697
      • 67698: Fix NameFromCommandArgs when passing command after -- #20730
      • 67822: Remove provisioner config from log message. #20756
      • 67835: Tests that use CheckTestingNSDeletedExcept must be serial #18816
      • 67896: expose generic storage factory primitives #20777
      • 67957: Size http2 buffers to allow concurrent streams #20783
      • 68007: Orphan DaemonSet when deleting with --cascade option set #20793
      • 68008: apiserver: forward panic in WithTimeout filter #20979
      • 68563: fix scheduler crash when Prioritize Map function failed #21194
      • 68678: tighten maximum retry loop for aggregate api availability #21012
      • 68680: Fix chown on distributed flex volumes (like gluster) #21070
      • : Node selector aware DS controller should not process openshift-io/node-selector if scheduler.alpha.kubernetes.io/node-selector is set. #21058
      • : Coerce string->int, empty object -> slice for backwards compatibility #20164
      • : Ensure perFSGroup quanity is positive #20564
      • : Expose ns lifecyle admission list of allowed resources #20242
      • : Gracefully handle empty volume-config file #20154
      • : oc patches on kubectl #20721
      • : patch in a non-standard location for apiservices #20578
      • : rewrite unstructured objects on the CLI to avoid oapi #20033
      • : simplify kube-controller-manager patches #20954
      • : switch back to use ugorji/go - decode to signed integers #20033
      • : tidy up oc patches and ensure we never print a non-groupified object #20385
      • : GCE load balancer unit test is flaky #20230
      • : Remove influxdb dependency until the next rebase #18816
      • : carry old printers until we update #20033
      • : carry old printers until we update #20257
      • : Fix cloud provider vsphere data race #20033
      • : Increase loglevel for health check #20616
      • : Make auth reconcile work with backlevel versions until ansible updates #20033
      • : vSphere test has race conditions, disable #20231

    Features

    • build: Support ConfigMaps as sources in build definitions - allows you to have config from the build #19655, #20064
    • cli: Add oc image append which can add a new layer or change metadata on a Docker image against a remote registry #20027
    • cli: Add oc image extract to extract all or part of an image to disk from any platform #20466
    • cli: Support SSPI (Kerberos authentication) on Windows for the command line #11371
    • cli: Include the kubectl binary in release output #20932, #20958, #20900
    • network: Support automatic and highly available egress IPs for applications #19578, #20485, #21085, #20258, #20500
    • router: Support for mutual TLS authentication between the router and service backends. #19891, #20476
    • router: Allow HAProxy to dynamically change backends without requiring a reload #19073, #20559, #20557, #20630, #20646

    Bugs

    • auth: Add namespaced servicebrokers, serviceclasses and serviceplans to admin/edit/view ClusterRoles #20852
    • auth: Update GitLab IDP to support OIDC #19997
    • auth: Use the upstream RBAC roles for reconciliation #20638
    • build: Ensure OOMKilled reason from pods are reported on build status #20297
    • build: Move deployer and build binaries into oc #20011 #20008
    • build: Remove false alarm warning for repo binary input on oc start-build #20100
    • cli: Allow patching configapi using oc patch #20642
    • cli: Honor 'oc edit' output format #20589
    • cli: accept --kubeconfig like kubectl #20721
    • cluster: Cluster quota controller tolerate inaccessible api resources #20693
    • deploy: Be tolerant on deployment decode and strict on encode to prevent incorrect fields #20185
    • deploy: Fix printing DC replicas #21017
    • dns: Restore graceful shutdown of DNS server #21021
    • image: Deprecate oc import-image legacy path using annotations #19673
    • image: Image stream imports longer than 30s should not fail #20419
    • image: Log image changes on verify-image-signature without --save #19976
    • image: Prune images in parallel #19468
    • image: Reuse existing imagestreams with new-app #20052
    • migrate: Ignore resources that cannot be listed and updated #21075
    • network: Bug 1614660 - Network diagnostic will auto detect runtime #20647
    • network: Show EgressCIDRs in "oc get hostsubnets" #20486
    • network: Update egress IPs when node changes IP #20393
    • node: Set FileCheckFrequency default properly #20158
    • route: Fix issue where routes are not cleaned up when a namespace label is deleted or updated. #20579
    • router: Bug 1618563 - Use the TCP balance scheme if configured before falling back to the default router load balancing algo #20702
    • router: Fix weight logic for A/B testing #19893
    • router: HAProxy ip whitelist exceeding max config arguments that haproxy allows. #20357
    • router: Router metrics sometimes fails to detect HTTP/1 connections #21043
    • service-catalog: use K8s NamespaceLifecycle admission controller #20673
    • test: Enable a large chunk of upstream e2e tests that were accidentally not being run #18816

    Release SHA256 Checksums

    The latest artifacts are always located at https://artifacts-openshift-release-3-11.svc.ci.openshift.org/zips/

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  CHECKSUM
    4b0f07428ba854174c58d2e38287e5402964c9a9355f6c359d1242efd0990da3  openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz
    9bfcd70df56d902b2cd39dea06e73f4c5451ef9e2ad0e8d6d5b27a92af8503fc  openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz
    75d58500aec1a2cee9473dfa826c81199669dbc0f49806e31a13626b5e4cfcf0  openshift-origin-client-tools-v3.11.0-0cbc58b-mac.zip
    cdb84cc0000d0f0983120f903b2cad7114527ce2a9c4eb1988986eda7b877bfa  openshift-origin-client-tools-v3.11.0-0cbc58b-windows.zip
    
    Source code(tar.gz)
    Source code(zip)
    CHECKSUM(575 bytes)
    openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz(53.88 MB)
    openshift-origin-client-tools-v3.11.0-0cbc58b-mac.zip(53.27 MB)
    openshift-origin-client-tools-v3.11.0-0cbc58b-windows.zip(53.58 MB)
    openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz(217.49 MB)
  • v3.10.0(Aug 3, 2018)

    This is the official release of OpenShift Origin v3.10.

    Changes

    Roadmap for the v3.10 release

    v3.10.0 (2018-08-02) Full Changelog

    Component updates

    • Updates to Kubernetes
      • 62085: Fix incorrect atomic counter usage #20206
      • 62943: Set updated replicas on stateful set status #20350
      • 64658: Avoid leading gRPC connections in CSI #20111
      • 64882: Prevent deleted pods from sometimes leaving mounts #20111
      • 64971: Ensure mutating admission webhooks correctly remove fields #20509
      • 65223: Correctly detect inaccessible AWS encryption key #20072
      • 65226: Store the latest cloud provider node addresses on the node #20369
      • 65339: Prevent leak of a cached pod definition in the scheduler #20071
      • 66350: Prevent kubelet from becoming stuck retrieving node addresses from a cloud provider #20369

    Bugs

    • router: [release-3.10] Allow egress-router to connect to cluster service network for DNS, etc. #20102
    • diagnostics: Fix default image paths used in network diagnostics #20116
    • volumes: Bind mount /etc/origin/kubelet-plugins for flex volumes #20153
    • node: Honor --kubelet-preferred-address-types #20183
    • apiserver: Use in-process loopback client config from Kube #20207
    • image: Install ceph-common in control plane so RBD provisioner can find disks #20222
    • build: Fix an issue where COPY --from would not work on multi-stage image builds #20256
    • console: Change logo, favicon, name on login page #20528

    Artifacts

    • Images are published to the Docker Hub as openshift/origin-*:v3.10.0.
    • RPMs are available via the provided origin.repo file

    Release SHA256 Checksums

    0f54235127884309d19b23e8e64e347f783efd6b5a94b49bfc4d0bf472efb5b8  ./openshift-origin-client-tools-v3.10.0-dd10d17-linux-64bit.tar.gz
    6973aebb7b553866f8971c8ca324dd5b79204e2a59c5234cde6fb1b5deb4c7a9  ./openshift-origin-server-v3.10.0-dd10d17-linux-64bit.tar.gz
    ae847e3ae278b9420342e651305d34f1ed806b55a23874fc47595a57874e30c6  ./openshift-origin-client-tools-v3.10.0-dd10d17-mac.zip
    c1b33aa535b88898d0622e0af2aa673bb814c354fb438c21c18155afc51acf87  ./openshift-origin-client-tools-v3.10.0-dd10d17-windows.zip
    23083baadc7b82b6a3998016b795497d9c33327e1985a3b37181cf0e6200d29a  ./CHECKSUM
    
    Source code(tar.gz)
    Source code(zip)
    CHECKSUM(711 bytes)
    openshift-origin-client-tools-v3.10.0-dd10d17-linux-64bit.tar.gz(24.08 MB)
    openshift-origin-client-tools-v3.10.0-dd10d17-mac.zip(23.81 MB)
    openshift-origin-client-tools-v3.10.0-dd10d17-windows.zip(23.94 MB)
    openshift-origin-server-v3.10.0-dd10d17-linux-64bit.tar.gz(181.45 MB)
    origin.repo(177 bytes)
  • v3.10.0-rc.0(Jun 20, 2018)

    This is the first release candidate of OpenShift Origin 3.10.

    Backwards Compatibility

    • Moving from legacy API resources (/oapi) to group resources
      • The server process endpoint now creates resources in the new group APIs (*.openshift.io) #19458
      • The RBAC bootstrap policy file is now saved as rbac.authorization.k8s.io/v1 resources #19756
    • Configuration changes
      • The disabledFeatures configuration item has been removed from master config #19070
      • Master configuration no longer requires the deprecated clusterNetworkCIDR/hostSubnetLength fields to be set in networkConfig #18669
      • Some node default values have changed #19190
        • Remove the default pods-per-core setting of 10, which makes nodes default to 250 pods total.
        • The certificate signing controller defaults to creating certs with a 1 year expiration (a7bd9d6f5f)
    • rbac: Project editors can no longer create or update daemonsets, which prevents tenants from impacting cluster stability #18971
    • Metrics for the template instance broker have changed #19133
    • Moved or deleted content #19262
      • The examples/ directory has been cleaned up
      • The v1 federation implementation has been removed as it did not graduate to beta.
      • The node.service systemd file has been removed from hte RPMS, along with the master services (2113900746)
    • Changes to OpenShift images #19509
      • As we prepare to split the OpenShift API server into multiple binaries, several new images have been created:
        • openshift/origin-hypershift - A new hypershift binary that launches OpenShift specific components
        • openshift/origin-hyperkube - The Kubernetes hyperkube binary
        • openshift/origin-cli - The OpenShift CLI oc
        • openshift/origin-tests - The extended test suite for OpenShift
      • Some existing images have been renamed
        • openshift/origin is now openshift/origin-control-plane
        • openshift/node is now openshift/origin-node
      • The openshift/openvswitch image has been folded into openshift/origin-node
      • A new binary openshift-node-config takes a node-config.yaml file and converts it to kubelet arguments in the openshift/origin-node image
    • CLI changes
      • Some client-side deletion support has been removed in favor of the controller-driven deletion mechanisms #19616
      • oc export is deprecated and oc get --export should be used instead.
    • The router has separate liveness and readiness probes for use with upstream load balancers #19009
    • XFS quota for emptyDir volumes is now configured via a config file in the volume directory #19533
    • Changes to oc cluster up
      • The cluster launched by oc cluster up is now launched as a set of individual processes running in images, instead of the previous single large container. This more closely mimics real production environments.
      • Docker machine support in oc cluster up has been removed
      • oc cluster up now only supports launching a cluster of the same version as the oc binary.

    Changes

    Roadmap for the v3.10 release

    v3.10.0-rc.0 (2018-06-19) Full Changelog

    API

    Ingress support

    In order to better adapt ingress objects to routes, a new controller has been added to OpenShift that maps Kubernetes Ingress objects (in their v1beta1 form) to OpenShift Routes automatically. This allows the HAProxy router to report status, perform host overrides, support multi-tenant protection on hostnames, and securely manage Ingress secrets.

    The controller converts each Ingress rule into its own route, as long as the rule has a hostname or TLS hostname. Any referenced secrets are copied into the final Route and kept up to date. If a generated route is deleted it will be recreated by the controller. Once a route is created, any annotations or route specific fields will not be altered unless the route is deleted (such as weighted service backends). A route with a TLS endpoint will be set to Reencrypt termination, but that may be changed after creation.

    The router process itself no longer needs to watch Ingress or Secret resources.

    • router: Replace router support for ingress with an ingress-to-route controller #18658

    Other changes

    • Image signature annotations are ignored #19037
    • Explicitly prohibit spec updates to imagestreamtag resources which are not a spec tag. #18532

    Component updates

    • Updated to Kubernetes v1.10.0-47-gb81c8f8 + patches
      • 42873: add kubectl api-resources command #19884
      • 54530: api: validate container phase transitions #18791
      • 57202: Fix format string in describers #18810
      • 58972: Fix job's backoff limit for restart policy OnFailure #19672
      • 59170: Fix kubelet PVC stale metrics #18637
      • 59301: dockershim: don't check pod IP in StopPodSandbox #18425
      • 59316: Exit if no client cert is available for 5m #18430
      • 59365: Fix StatefulSet set-based selector bug #18797
      • 59931: do not delete node in openstack, if those still exist in cloudprovider #19038
      • 60289: fix freespace for image GC #18767
      • 60342: Fix nested volume mounts for read-only API data volumes #18766
      • 60455: removes custom scalers from kubectl #19275
      • 60490: Volume deletion should be idempotent #18856
      • 60632: Add volumemetrics for ISCSI Plugin #19842
      • 60654: notify systemd on kubelet start #18886
      • 60978: Fix use of "-w" flag to iptables-restore #18919
      • 61287: provide easy methods for direct kubeconfig loading from bytes #18956
      • 61294: Fix cpu cfs quota flag with pod cgroups #19028
      • 61378: --force only takes effect when --grace-period=0 #19213
      • 61459: etcd client add dial timeout #19953
      • 61480: Allow sockets to be mounted in subpath #19329
      • 61790: make reapers tolerate 404s on scaling down #19275
      • 61808: Ensure -o yaml populates kind/apiVersion #19137
      • 61949: Tolerate 406 mime-type errors attempting to load new openapi schema #19137
      • 61962: Avoid data races in unit tests #19137
      • 61985: Restore show-kind function when printing multiple kinds #19137
      • 62074: Narrow interface consumed by scale client #19137
      • 62114: removes job scaler, continued #19275
      • 62146: Fix daemon-set-controller bootstrap RBAC policy #19517
      • 62152: Keep node.kubeconfig correct during rotation #19857
      • 62196: Remove need for server connections for dry-run create #19137
      • 62199: Make priority rest mapper handle partial discovery results #19137
      • 62234: Handle partial group and resource responses consistently #19137
      • 62254: Add name output and verb filtering to api-resources #19884
      • 62336: add statefulset scaling permission to admins, editors, and viewers #19275
      • 62394: Revert "git: Use VolumeHost.GetExec() to execute stuff in volume plugins" #19359
      • 62416: kuberuntime: logs: reduce logging level on waitLogs msg #19334
      • 62461: allow higher burst for discovery #19327
      • 62462: Private mount propagation #19364
      • 62469: stop defaulting kubeconfig to http://localhost:8080 #19335
      • 62543: Timeout on instances.NodeAddresses cloud provider request #19733
      • 62572: Prevent virtual infinite loop in volume controller #19371
      • 62584: Make x-kubernetes-print-column print handling opt-in #19352
      • 62668: add metrics to cinder volume #19444
      • 62733: Set a default request timeout for discovery client #19471
      • 62744: Fix kubectl describe cronjob #19391
      • 62827: fix csi data race in csi_attacher_test.go #19508
      • 62874: dockershim/sandbox: clean up pod network even if SetUpPod() failed #19576
      • 62913: make a simple dynamic client that is easy to use #19515
      • 62914: kubelet: fix flake in TestUpdateExistingNodeStatusTimeout #19453
      • 63086: Fix discovery default timeout test #19471
      • 63160: kubelet: logs: do not wait when following terminated container #19545
      • 63169: Remove unnecessary dependencies on api/core/v1 #19509
      • 63177: kubectl takes a dependency on the controllers #19509
      • 63295: Fixed CSI volume detach when the volume is already detached #19816
      • 63303: Return attach error to A/D controller #19816
      • 63321: kubelet: force filterContainerID to empty string when removeAll is true #19580
      • 63339: kubelet: volume: do not create event on mount success #19625
      • 63349: Decorate function not called on Create #19602
      • 63403: don't block creation on lack of delete powers #19404
      • 63416: Retry certificate approval on conflict errors #19770
      • 63417: Panic when map string bool flag has no value #19620
      • 63421: Cache preferred resources, use in kubectl resource name autocomplete (single commit) #19884
      • 63490: default the ignorenotfound for delete when selecting objects #19616
      • 63650: Never clean backoff in job controller #19672
      • 63716: Add InstallPathHandler which allows for more then one path to be associated with health checking. #19009
      • 63831: Always track kubelet -> API connections #19638
      • 63831: Close all kubelet->API connections on heartbeat failure #19638
      • 63848: Deflake discovery timeout test #19714
      • 63875: make TestGetServerGroupsWithTimeout more reliable #19723
      • 63903: Revert "Openstack: register metadata.hostname as node name" #19730
      • 63903: Revert "Specify DHCP domain for hostname" #19730
      • 63903: Revert "Split out the hostname when default dhcp_domain is used in nova.conf" #19730
      • 63926: Avoid unnecessary calls to the cloud provider #19742
      • 63966: kubectl: fix Flatten() when used without Latest() #19747
      • 63977: pkg: kubelet: remote: increase grpc client default size #19774
      • 64026: Enable SELinux relabeling in CSI volumes #19816
      • 64028: Tolarate negative values when calculating job scale progress #19765
      • 64443: services must listen on port 443 for aggregation #19866
      • 64516: Fix error message to be consistent with others #19884
      • 64573: remove extra "../" when copying from pod to local #19898
      • 64797: Handle deleted DaemonSet properly #19927
      • 64855: Fix setup of ephemeral storage #19939
      • 64883: Fix up legacy printer table adapter #19934
      • 64916: improve memory footprint of daemonset simulate #19956
      • 64946: log healthz check #19952
      • 64969: volume: decrease memory allocations for debugging messages #19960
      • 65001: Quiet verbose apiserver logs #19970
      • 65009: daemon: add custom node indexer #19980
      • 65027: Use actual etcd client for /healthz/etcd checks #19992
      • 65063: Re-use private key after failed CSR #20000
      • : Add PSP review to /oapi Resources #19542
      • : Remove write permissions on daemonsets from Kubernetes bootstrap policy #18971
      • : XFS quota for emptyDir volumes #19533
      • : add RawConfig to factory for commands modifying raw kubeconfig files #19343
      • : aggregator to proxy oapi to apps.openshift.io server #18652
      • : allow injecting printers #19137
      • : allow oc kubeconfig loading to have our flags and errors #19335
      • : change config file location and restore perFSGroup to quantity #19773
      • : controller-manager patches for recycler #18887
      • : disable local storage isolation feature gate #19323
      • : enable critical pod support by default #19104
      • : filter daemonset nodes by namespace node selectors #18989
      • : inject new parameter for image resolution into kubectl set image #19348
      • : pods in openshift-* namespace can be marked critical #19104
      • : rewrite unstructured objects on the CLI to avoid oapi #19327
      • : avoid contacting server for restmappings in local mode #19996
      • : make RootFsInfo error non-fatal on start #19137
      • : stop wrapping --sort-by value in {} #19777
    • Other patches

    Features

    Multi-stage Docker image build support

    Builds using the Dockerfile build strategy can now build multi-stage Docker images. The from field continues to target the last image stage in the Dockerfile, but the new as attribute on imageSources allows other stages to be replaced with triggered images.

    • Support multi-stage dockerbuilds via imagebuilder #18741, #19494

    Support external OAuth token authenticators

    OpenShift can now be configured to delegate login flows to a remote OAuth capable endpoint like Keycloak. This allows a central Keycloak server to authenticate multiple clusters. See the documentation for more details about configuring this option.

    • auth: Add option to configure an external OAuth server #18969
    • auth: Support WebhookTokenAuthenticators for using external servers as token authenticators #18868

    Other Features

    • auth: Add oc adm prune role command to clean up rolebindings that are not bound to valid roles #19619
    • cli: Add server-side column printer support for openshift objects #19934
    • clusterup: Add --enable=automation-service-broker #19409
    • image: Parallelize image mirroring and reuse mounted layers #19017
    • migrate: Allow storage migration to be performed in parallel #19691
    • registry: Both internal and external hostnames for the registry should be in docker pull secrets #19838
    • router: Make updating status on the router optional #17420
    • router: Prometheus should scrape the router by default #18254
    • router: Support for DNS names in egress routes #15409
    • router: Perform real backoff when contending for writes from the router #18686
    • router: Make router conflict detection work even during initial informer sync #19706
    • router: Allow only a subset of routes from specific domains to be overriden by the hostname-template #19418
    • router: Allow egress-router to connect to its own node IP for DNS #19885
    • server: Expose api-versions and api-resources in oc #19884
    • template: Allow TemplateInstances to create arbitrary resources, including CRDs #19396

    Bugs

    • build: Retry retrieving build logs in some cases #19695
    • cert: Order x509 certificate subjects to prevent a Golang / GNUTLS incompatibility #18837
    • cli: Support quay.io pushing in oc image mirror #19016
    • cli: Correct oc scale error handling #19275
    • cli: Improve validation for oc set volume #19169
    • cli: Fix incorrect oc run default option #19712
    • cli: Dots should be allowed in environment variable names passed to oc new-app #19688
    • diagnostic: Replace usage of brctl with /sbin/ip #19929
    • jenkins: Adjust jenkins template setting to account for effects of constrained default max heap #18832
    • network: Fix handleDeleteSubnet() to release network from subnet allocator #18801
    • network: Fix egressip handling when a NetNamespac is updated #18808
    • network: The NetworkCheck diagnostic did not use the correct config file #18709
    • network: Allow configurable CNI bin dir in openshift SDN #18464
    • network: Correctly report initial NodeNetworkUnavailable condition #18758
    • network: Allow subnet allocator to handle changes to the subnet values #18999
    • network: Prevent incorrect deletion of HostSubnet OVS flows #19080
    • network: Make changing egress network policy rules more efficient #19346
    • network: Print out errors that occur when using macvlan and a namespace cannot be retrieved #19491
    • network: Remove openvswitch check from UnitStatus diagnostic #19572
    • network: Use a real OVS transaction when changing network configuration on the host #19393
    • network: Use a go-native DNS library instead of dig command for dns resolution in egress network policy #19805
    • network: Do not throw spurious error when minTTL=0 for the domain in egress network policy #19950
    • network: Remove the node from dnsmasq config when shutting down #19987
    • network: Get lowest TTL from the DNS resolution chain for egress DNS #19982
    • node: Fix to pass quoted unsafe strings (with characters like *,<,%) correctly to kubelet #19951
    • registry: Update docker config secret to support the future location of the registry service #19514
    • registry: Make docker registry service controller check all secrets #19788
    • router: When a router is reloaded after a batch of route/ingress changes are committed, haproxy sometimes fail to reload #18587
    • router: Some route status updates were being lost #19018
    • router: Combine backend map files to fix path based routing #18840
    • router: Wildcard routes should not take precedence over sub-routes #19076
    • router: Some routes were being rejected incorrectly when NAMESPACE_LABELS was set #19330
    • router: The router can forget routes when routes are created and deleted in rapid succession #19175
    • router: Unidle in router should ignore headless services #19416
    • router: Allow Prometheus to get metrics from the router #19318
    • security: Correctly handle legacy PodSecurityPolicyReview resources #19542
    • server: Improve performance of the SDN controller by using shared caches #18911
    • server: Move range allocation to an internal API as rangeallocations.security.openshift.io #19277
    • server: Set etcd DialTimeout, fix etcd start order in all-in-one #19953
    • server: When etcd is down, avoid pathological healthz behaviors #19992
    • service-catalog: Start API and controller pods with log verbosity = 3 #19135

    Release SHA256 Checksums

    f876258c9a6221637a84e35ff68e9af96c2f2013eb9ae41ea33abd9286aa045c  ./openshift-origin-client-tools-v3.10.0-rc.0-c20e215-linux-64bit.tar.gz
    dcb414712e8ae08146634d0c18720476e7afd024aa100bd2246d064de6658664  ./openshift-origin-server-v3.10.0-rc.0-c20e215-linux-64bit.tar.gz
    872e0b58684af5d17b41a0585c50b41d09fbefa449d80927ba91252ac998deb3  ./openshift-origin-client-tools-v3.10.0-rc.0-c20e215-mac.zip
    25eef2fc0401209e3b5d40239827c023f463cdafeb06f81f1a6a0af9deaa1d25  ./openshift-origin-client-tools-v3.10.0-rc.0-c20e215-windows.zip
    1c21ba58ee0f7fc8b55e9d84099632ec970051adc3744a294a10bcd3aefcfe21  ./CHECKSUM
    
    Source code(tar.gz)
    Source code(zip)
    CHECKSUM(736 bytes)
    openshift-origin-client-tools-v3.10.0-rc.0-c20e215-linux-64bit.tar.gz(24.10 MB)
    openshift-origin-client-tools-v3.10.0-rc.0-c20e215-mac.zip(23.82 MB)
    openshift-origin-client-tools-v3.10.0-rc.0-c20e215-windows.zip(23.95 MB)
    openshift-origin-server-v3.10.0-rc.0-c20e215-linux-64bit.tar.gz(181.49 MB)
  • v3.9.0(Mar 30, 2018)

    This is the official feature release of OpenShift Origin.

    Changes

    Roadmap for the v3.9 release

    v3.9.0 (2018-03-30) Full Changelog

    Component updates

    • Updates to Kubernetes
      • 51042: Allow passing request-timeout from NewRequest all the way down #13701
      • 52324: Fix bug on kubelet failure to umount mount points. #18225
      • 54530: api: validate container phase transitions #18792
      • 56164: Split out a KUBE-EXTERNAL-SERVICES chain so we don't have to run KUBE-SERVICES from INPUT #18754
      • 56288: Add list of pods that use a volume to multiattach events #18290
      • 56315: Record volumeID in GlusterFS PV spec UPSTREAM: 56823: Add volID based delete() and resize() if volID is available in pv spec UPSTREAM: 57516: Add custom volume name based on SC parameter UPSTREAM: 58513: Add Namespace to glusterfs custom volume names UPSTREAM: 58626: Use correct pv annotation to fetch volume ID #18326
      • 56432: e2e: test containers projected volume updates should not exit #18387
      • 56846: Fix Cinder detach problems #18140
      • 56872: Fix event generation #18442
      • 57202: Fix format string in describers #18853
      • 57336: Abstract some duplicated code in the iptables proxier #18754
      • 57461: Don't create no-op iptables rules for services with no endpoints #18754
      • 57480: Fix build and test errors from etcd 3.2.13 upgrade #18731
      • 57854: fix bug of swallowing missing merge key error #18331
      • 57967: Fixed TearDown of NFS with root squash. #18154
      • 58177: Redesign and implement volume reconstruction work #18554
      • 58316: set fsGroup by securityContext.fsGroup in azure file #18526
      • 58375: Recheck if transformed data is stale when doing live lookup during update #18530
      • 58415: Improve messaging on resize #18509
      • 58439: Fix loading structured admission plugin config #18529
      • 58439: Surface error loading admission plugin config #18529
      • 58522: Clean up error messages for pre-bound PVCs #18284
      • 58533: add suggestion to describe pod for container names #18178
      • 58574: fixing array out of bound by checking initContainers instead of containers #18403
      • 58617: Make ExpandVolumeDevice() idempotent if existing volume capacity meets the requested size #18432
      • 58685: Fill size attribute for the OpenStack V3 API volumes #18237
      • 58720: Ensure that the runtime mounts RO volumes read-only #18255
      • 58739: Don't bind PVs and PVCs with different access modes #18284
      • 58753: Fix kubectl explain for cronjobs #18268
      • 58794: Resize mounted volumes #18421
      • 58930: Don't wait for certificate rotation on Kubelet start #18322
      • 58955: pkg: kubelet: do not assume anything about images names #18340
      • 58977: Fix pod sandbox privilege. #18820
      • 58991: restore original object on apply err #18337
      • 58994: Race condition between listener and client in remote_runtime_test #18409
      • 59170: Fix kubelet PVC stale metrics #18787
      • 59279: nodelifecycle: set OutOfDisk unknown on node timeout #18417
      • 59297: Improve error returned when fetching container logs during pod termination #18515
      • 59350: Do not recycle volumes that are used by pods #18552
      • 59365: Fix StatefulSet set-based selector bug #18824
      • 59386: Scheduler - not able to read from config file if configmap is not found #18475
      • 59449: Fix to register priority function ResourceLimitsPriority correctly. #18503
      • 59506: fix --watch on multiple requests #18514
      • 59569: Do not ignore errors from EC2::DescribeVolume in DetachDisk #18544
      • 59767: kubelet: check for illegal phase transition #18585
      • 59873: Fix DownwardAPI refresh race #18636
      • 59923: Rework volume manager log levels #18636
      • 60299: apiserver: fix testing etcd config for etcd 3.2.16 #18731
      • 60301: Fix Deployment with Recreate strategy not to wait on Pods in terminal phase #18760
      • 60306: Only run connection-rejecting rules on new connections #18754
      • 60342: Fix nested volume mounts for read-only API data volumes #18789
      • 60430: don't use storage cache during apiserver unit test #18731
      • 60457: tests: e2e: empty msg from channel other than stdout should be non-fatal #18755
      • 60490: Volume deletion should be idempotent #18878
      • 61045: subpath fixes #18957
      • 61107: Add atomic writer subpath e2e tests #18957
      • 61107: Detect backsteps correctly in base path detection #18957
      • 61193: bugfix(mount): lstat with abs path of parent instead of '/..' #18985
      • : Remove write permissions on daemonsets from Kubernetes bootstrap policy #18977
      • : Short-circuit HPA oapi/v1.DC #18380
      • : hack in working autoscale reference for oc autoscale #18376
      • : hack out the oapi for restmapping resources when more than one is present #18377
      • : patch the upstream SA token controller and use it #18508
    • Updates to docker/distribution

    Features

    FEATURE DESCRIPTION

    PARAGRAPH

    • DESCRIPTION #PR

    Other Features

    • build: Issue 17941: Add oc new-build --push-secret option #18477
    • deploy: Add support for deployments in oc status #18439, #18579

    Bugs

    • auth: Change Header used for impersonation scopes to match upstream #18378
    • auth: Deprecate some policy commands #18102
    • build: Adjust newapp/newbuild error messages (arg classification vs. actual … #18272
    • build: Fix BuildConfigInstantiateFailed warning when lastVersion == 0 #17146
    • cli: Add infos count to oc status #18422
    • cli: Suppress project list on login if you have access to greater than 50 projects #18706
    • diagnostic: Add an AppCreate diagnostic #16658
    • diagnostic: AggregatedLogging ClusterRoleBindings false negative fix #18888
    • diagnostic: Fix AnalyzeLogs to provide more clear debug message #18654
    • image: Fix annotation trigger to reconcile on container image change #18513
    • image: Preserve namespace on imagestreams server-side export #18487
    • image: Prevent scheduled importer of images from advancing too quickly #18604
    • image: Retry import without authentication if we get 401 error for public images #18012
    • migrate: Add migrate command for legacy HPAs #18854
    • network: Fix reassignment of egress IP after removal #18720
    • network: Deal with auto-egress-ip mark conflicting with kube-proxy's masqueradeBit #18121
    • network: Do not allow 'default' project to be isolated using 'oc adm pod-network' #18687
    • network: Don't try to delete (nonexistent) OVS flows for headless/external services #18890
    • network: Fix CNI IPAM data dir #18863
    • network: Fix handleDeleteSubnet() to release network from subnet allocator #18819
    • newapp: --source-image should count as a source input for new-app #18631
    • node: Move pod-namespace calls out of process to prevent races between Go threads #18355
    • node: Restart console container when config changes #18411
    • node: Support --write-flags on openshift start node to support moving directly to kubelet #18322
    • oauth: Enable osin internal error logging #18505
    • router: Make oadm router and registry resiliant to missing client for use in scripts #18546
    • router: Updating route TLS configuration will be possible with 'create' permissions on custom-host #18312
    • security: ClusterResourceOverride plugin should not set CPU or memory minimums below the namespace quota minimum #18553
    • server: Bug 1538389 - Allow node IP change to update Host IP in HostSubnet resource #18281
    • server: Correctly handle newlines in serial files #18405
    • server: Wait for lease acquisition that indicates the controllers and scheduler have successfully started #18338
    • template: Make sure we can unbind a deleted templateinstance #18452

    Release SHA256 Checksums

    6ed2fb1579b14b4557e4450a807c97cd1b68a6c727cd1e12deedc5512907222e  ./openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz
    a616d50c0974d4b3d1f12f227883afa7e70028fe78c874fc233eb3466ee12fdf  ./openshift-origin-server-v3.9.0-191fece-linux-64bit.tar.gz
    32bdd9464866c8e93d8cf4a3a7718b0bc9fa0f2881f045b97997fa014b52a40b  ./openshift-origin-client-tools-v3.9.0-191fece-mac.zip
    705eb110587fdbd244fbb0f93146a643b24295cfe2410ff9fe67a0e880912663  ./openshift-origin-client-tools-v3.9.0-191fece-windows.zip
    
    Source code(tar.gz)
    Source code(zip)
    CHECKSUM(629 bytes)
    openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz(42.11 MB)
    openshift-origin-client-tools-v3.9.0-191fece-mac.zip(40.57 MB)
    openshift-origin-client-tools-v3.9.0-191fece-windows.zip(40.81 MB)
    openshift-origin-server-v3.9.0-191fece-linux-64bit.tar.gz(150.39 MB)
  • v3.7.2(Mar 16, 2018)

    This is a patch release of OpenShift Origin.

    Changes

    v3.7.2 (2018-03-16) Full Changelog

    Component updates

    • Updates to Kubernetes
      • 49624: Add daemonset to all categories #18478
      • 53690: Fix hpa scaling above max replicas w/ scaleUpLimit #18216
      • 54701: Refactor reconcileAutoscaler method in hpa #18216
      • 55631: Parse and return the last line in the log even if it is partial #17546
      • 57422: Rework method of updating atomic-updated data volumes #18167
      • 57967: Fixed TearDown of NFS with root squash. #18954
      • 58301: Limit all category to apps group for ds/deployment/replicaset #18478
      • 58572: Automated cherry pick of #58547: Send correct resource version for delete events from watch #18246
      • 58720: Ensure that the runtime mounts RO volumes read-only #18954
      • 60342: Fix nested volume mounts for read-only API data volumes #18954
      • 61047: Lock subPath volumes #18954
      • 61109: Detect backsteps correctly in base path detection #18954
      • 61196: bugfix(mount): lstat with abs path of parent instead of '/..' #18954
      • Revert "UPSTREAM: 53916: update .dockercfg data to config.json format" #18062

    Bugs

    • auth: Fix issues with oc adm migrate authorization #18221
    • migrate: handle NotFound via resource matching and during conflicts #18287
    • server: Include proto swagger document in discovery #18309
    • server: Don't expose oapi types as 'all' #18478
    • deployments: Correctly trigger DC trigger reconciliation on image change release #18524
    • build: Correctly set selinux labels for build containers #17546

    Release SHA256 Checksums

    abc89f025524eb205e433622e59843b09d2304cc913534c4ed8af627da238624  ./openshift-origin-client-tools-v3.7.2-282e43f-linux-64bit.tar.gz
    74933671b886f790dbf83edfba25a522851244c37a586dc491a39ebf30ece893  ./openshift-origin-server-v3.7.2-282e43f-linux-64bit.tar.gz
    8ae2f51cdde5c76a33add98c64efc30f11f5c0fbd1dacc5ae5d0f147b96f7d18  ./openshift-origin-client-tools-v3.7.2-282e43f-mac.zip
    45e525b751d7659e05adfbd005851cdeb769df511cfe38f5e45c0dfed854e784  ./openshift-origin-client-tools-v3.7.2-282e43f-windows.zip
    
    Source code(tar.gz)
    Source code(zip)
    CHECKSUM(629 bytes)
    openshift-origin-client-tools-v3.7.2-282e43f-linux-64bit.tar.gz(38.52 MB)
    openshift-origin-client-tools-v3.7.2-282e43f-mac.zip(38.17 MB)
    openshift-origin-client-tools-v3.7.2-282e43f-windows.zip(38.43 MB)
    openshift-origin-server-v3.7.2-282e43f-linux-64bit.tar.gz(132.54 MB)
  • v3.9.0-alpha.3(Feb 8, 2018)

    This is a feature release of OpenShift Origin.

    Backwards Compatibility

    • TODO

    Changes

    Roadmap for the v3.9 release

    v3.9.0-alpha.3 (2018-01-23) Full Changelog

    API

    • TODO

    Component updates

    • Updated to Kubernetes v1.9.1-57-ga0ce1bc657 + patches
      • 49312: allow the /version endpoint to pass through #17576
      • 49885: Ignore UDP metrics in kubelet #17106
      • 50390: Admit sysctls for other runtime. #17274
      • 50673: Azure - Use cloud environment to instantiate storage client #17052
      • 52260: fix azure disk mounter issue #17052
      • 53135: Fixed counting of unbound PVCs towards limit of attached volumes #17442
      • 53576: Revert "Validate if service has duplicate targetPort" #17115
      • 53989: Remove repeated random string generations in scheduler volume predicate #17442
      • 54410: Cpu manager reconcile loop - restore state #18055
      • 54459: fix azure storage account num exhausting issue #17052
      • 54597: kubelet: check for illegal container state transition #17514
      • 54607: fix azure pv crash due to volumeSource.ReadOnly value nil #17052
      • 55248: increase iptables max wait from 2 seconds to 5 (fix) #17115
      • 55316: Make StatefulSet report an event when recreating failed pod #18060
      • 55631: Parse and return the last line in the log even if it is partial #17198
      • 55641: dockershim: remove corrupt checkpoints immediately upon detection #17299
      • 55703: use full gopath for externalTypes #17115
      • 55704: Return original error instead of negotiation one #17115
      • 55772: Only attempt to construct GC informers for watchable resources #17115
      • 55796: Correct ConstructVolumeSpec() #17423
      • 55974: Allow constructing spdy executor from existing transports #17115
      • 55974: Allow constructing spdy executor from existing transports #17391
      • 56045: Fix getting logs from daemonset #17405
      • 56191: CPU Manager panics on state initialization error #18055
      • 56356: Wait for controllerrevision informer to sync on statefulset controller startup #17513
      • 56408: admission: do not leak admission plugin config types outside of the plugin #18111
      • 56503: MustRunAsNonRoot should reject a pod if it has non-numeric USER #17512
      • 56506: kubelet: include runtime error in event on CreatePodSandbox failure #18002
      • 56687: kube-apiserver: enable admissionregistration v1beta1 api by default #17576
      • 56864: pick pod-selector changes from #56864 #17616
      • 56971: LimitRange ignores objects previously marked for deletion #17978
      • 57099: increase the podLogTimeout for downward volume test #17627
      • 57107: Check ns setup error during e2e #17576
      • 57148: expose special storage locations #17576
      • 57149: make quota reusable #17576
      • 57150: allow convert to default on a per object basis #17576
      • 57211: Process cluster-scoped owners correctly #17820
      • 57214: Remove mutation from pvc validation #17876
      • 57247: cpumanager: Propagate error up instead panic #18051
      • 57276: Fix vsphere cloudprovider naming #17961
      • 57349: add watch to requirements for quota-able resources #17863
      • 57993: Add volumemetrics for glusterfs plugin #18091
      • 58018: make controller port exposure optional #18003
      • 58107: Fix quota controller worker deadlock #18080
      • 58302: uniquify resource lock identities #18100
      • : add flag for running bare kube-controller-manager #18100
      • : add our immortal namespaces directly to admission plugin #17914
      • : allow controller context injection to share informers #17115
      • : allow injection of controller context function #18003
      • : allow injection of controller context function #18097
      • : allow multiple containers to union for swagger #17115
      • : disable failing etcd test for old level #17391
      • : exclude some origin resources from quota #17576
      • : keep set working on internal types #17576
      • : make wiring in kubeproxy easy until we sort out config #17576
      • : patch scheduler to apply defaults. drop once we run separate scheduler #17576
      • : switch apply to use the legacyscheme so our types can be handled #17576
      • : switch back to use encode/json to avoid serialization errors #17115
      • : switch back to use ugorji/go to avoid deserialization errors #17768
      • : add back PrintSuccess. remove when printing is fixed #17576
      • : disable flaky InitFederation unit test #17115
      • : enable beta APIs by default. fixed by several pulls upstream #17576
      • : etcd testing #17115
      • : remove usage of bad transport since only GKE routes #17576
      • : run hack/copy-kube-artifacts.sh #17115
      • : skip controller metric error, drop once we run in a separate process #17576
      • : skip scheduler configz error, drop once we run in a separate process #17576
      • : stop adding federation to hyperkube one release early #17663
      • revert: 9176245: : allow controller context injection to share informers #17861
      • revert: cf235c2: UPSTREAM: : switch apply to use the legacyscheme so our types can be handled #17885
    • Updated to Docker distribution v2.6.0-rc.1-210-g00b6b84 + patches
      • docker/distribution: 2382: Don't double add scopes #17115
      • docker/distribution: 2384: Fallback to GET for manifest #17115
      • docker/distribution: 2402: Allow manifest specification #17115
      • docker/distribution: 2402: Allow manifest specification #18078

    Features

    • TODO

    Bugs

    • build: Fixed the wrong name of building image. According to the implementati… #17050
      • Fixed the wrong name of building image. According to the implementation and running behavior. the building image is openshift/origin-release (215b3d8503)
    • auth: Allow registry-admin to manage RBAC roles and bindings #17247
      • Allow registry-admin to manage RBAC roles/bindings (6fe994484c) force-merge: Fix push-release e6b20e1089
    • cli: Improve the documentation for oc rollout #17081
      • Since the 'oc deploy' is deprecated. It is better for providing usage 'oc set trigger'. Forgetting the 'oc deploy'. (cdfe840ed8)
    • cli: oc set probe err message improvements #17107
      • move error cause to top of err message (1acd699f4b)
    • image: don't create output imagestrem if already exists with newapp #16843
      • don't create output imagestrem if already exists with newapp; better circular tag detection (697ee8ec31)
    • auth: Improve the oc auth subcommands CLI example #17270
      • Improve the oc auth subcommands CLI example usage: Replaced the kubectl to oc (d379c0971a)
    • Fix parse error for multiple OPTIONS to run node #17212
      • Remove double quotations from docker env to run node (335053ad5f)
      • Handle OPTIONS as additional argments (549f5404ba)
    • make assetconfig a top level type #17310
      • make assetconfig a top level type (15baffae01)
      • generated (72eaf22331)
    • Trivial fix to do fewer allocations in OVS healthcheck #17313
      • Avoid parsing the whole dump-flows output in the OVS health check (67a57a380f)
    • image: Add python 3.6 S2I image to examples #17281
      • Add python 3.6 S2I image (d4a8e611dc)
    • image: Imagestream tag exclude from pruning #16580
      • Add new option to exclude imagestream tag from pruning by regular expression (b70983dc1a)
    • cluster: clusterup add .skip_pv marker #16631
      • add skip_pv marker to skip PV creation (7f448c0609)
    • router: Router: Changed default resource resync interval from 10mins to 30mins #17012
      • Router: Changed default resource resync interval from 10mins to 30mins (172349c590)
      • Fix project sync interval in router (5e20571814)
    • build: remove kubectl from openshift (but not oc) #17305
      • remove kubectl from openshift (but not oc) (41f361a843)
      • try to modify the build scripts and not turn purple (163e2e7286)
      • generated (08de059118)
    • cluster: Limit fail-on-swap override to cluster-up #17385
      • Revert "interesting: restore ability to start with swap on by default" (97ab350878)
      • set fail-swap-on to false for cluster up (d8265d0fed)
    • server: Remove overwrite_bootstrappolicy and pkg/cmd/server/admin/legacyetcd #17336
      • remove pkg/cmd/server/admin/overwrite_bootstrappolicy.go and pkg/cmd/server/admin/legacyetcd (a9ea2dd103)
      • update generated docs (011b1ca0e7)
    • switch to hyperkube and remove renames #17369
      • switch to hyperkube (1116e0579e)
      • generated (57a5bef52e)
    • security: admission_test.go(TestAdmit): compare SecurityContexts instead of particular members #17296
      • admission_test.go(testSCCAdmission): print test case name when test fails. (df809c46da)
      • admission_test.go(TestAdmit): eliminate duplicated code by using existing method. (c634e11e4b)
      • admission_test.go(TestAdmit): split to TestAdmitSuccess and TestAdmitFailure. (d935b126bf)
      • admission_test.go(TestAdmitFailure): reduce code by (enchancing and) using existing function. (f51843c57d)
      • admission_test.go(setupClientSet): extract function. (072358ba21)
      • admission_test.go(createSCCLister): extract function. (d1895e0b4b)
      • admission_test.go: rename variable to better describe its type. (0cdb8b10f9)
      • admission_test.go(createSCCListerAndIndexer): introduce and use function. (ae97160820)
      • admission_test.go(saExactSCC): extract function. (e8a9047b9b)
      • admission_test.go(saSCC): extract function. (4eaeda2bf0)
      • admission_test.go(TestAdmitSuccess): compare SecurityContexts instead of particular members. (0ea1b367dc)
      • admission_test.go(testSCCAdmission): modify to signalize about errors. (0016cebb7a)
      • admission_test.go(TestAdmitSuccess): remove hardcoded SELinux level. (268aea6fb5)
    • switch the easy admission plugins to external types #17288
      • switch easy admission plugins to external clients (b4427a01af)
      • switch to external user client (faf4959d36)
    • pkg/security/OWNERS: add simo5 to the list of approvers #17406
      • pkg/security/OWNERS: add simo5 to the list of approvers. (2c0ee8396f)
    • image: remove openshift cli and friends #17396
      • remove openshift cli and friends (3018938ae1)
      • generated (a29bc3a6e0)
      • update dind image (d6b88e28f6)
    • cluster: Gate fail-swap-on flag with a version check #17410
      • Revert "set fail-swap-on to false for cluster up" (5bb0613cf5)
      • Make "openshift start node --write-config" tolerate swap on (2b69c32325)
    • server: switch to glide #17391
      • glide.yaml (9e214041e9)
      • use script to link to staging folder for patches (e373c53cd2)
      • update openapi generation script to exclude dir (7a98e50587)
      • minor completion changes (50b62dca86)
      • prevent k8s.io/kubernetes/cmd since we didn't run them before (9fa7abdbbd)
    • fix multiarch import tests #17437
      • disable multiarch import tests (2dbe4f4a07)
    • template: Add provisioner template for local storage #16538
      • Rename "local storage" to "HostPath storage" example (263877632b)
      • Add template for local storage (276079c743)
    • image: Change imagestreamtag sorting #17430
      • Sort istags alphabetically during schema conversion (0f6440d25f)
      • Version prefix matters when sorting tags names (691009b518)
    • server: Switch to use .DeepCopy() instead of kapi.Scheme.DeepCopy() #17444
      • replace usage of kapi.Scheme.DeepCopy() with .DeepCopy() (4f70f5dbea)
      • interesting: switch image change reactor to use runtime.Object (d4859926e1)
      • replace usage of kapi.Scheme.Copy() with .DeepCopy() (0b49deb753)
    • test: Extend the e2e suite to a broader range of tests #17417
      • Extend the e2e suite to a broader range of tests (67cf6cff92)
      • Networking tests should be better at picking targets (e02c56bf8f)
      • Reduce the required timing on build tests to account for overlay (a9bab2d8ea)
    • cli: Begin moving pkgs w/ deps on pkg/oc #17332
      • break dep on pkg/oc - generator/generator.go (9fd5519808)
    • Update prometheus to 2.0.0 GA #17039
      • Update prometheus to rc2 (b5918211e2)
    • server: Switch to openshift/api #17477
      • add openshift api dependency (5aaa00b76e)
      • move-package script (b50591130a)
      • generated move results (9d41cbeead)
      • manual prep for move (e491d07b86)
      • update register files (d4db27aeba)
      • update generation script (662468e1a6)
      • update manual conversion references (4023e66bcc)
      • move helper to single point of use (e825c5fda8)
      • adjust to new client (95cac057d0)
      • react to gopkg.in/ldap.v2 bump (8f5944f7cc)
      • something happened to the openshift proto definitions (0d7864facc)
      • generated (6b0e2c4339)
    • remove openshift infra command #17482
      • remove openshift infra command (28f86851a6)
      • generated (0a63dd8565)
    • node: Add test to guard unset fields in deployer pod #17471
      • add test to guard for new pod fields in deployer controller (9084edff0f)
    • node, syscontainer: drop /var/lib/docker mount point #15115
      • node, syscontainer: replace /var/lib/docker mount point (20ffe24610)
      • node, syscontainer: umount everything under /var/lib/docker/containers (d14bce040b)
    • build: set selinux labels on build docker containers when running pods in crio #17094
      • setup selinux labels for build containers (bce732a137) force-merge: Adding OS_GIT_PATCH to rpm env 354df72d3e
    • hack: hack/lib/init.sh: minor shell and readme improvement #17501
      • hack/lib/init.sh: minor shell and readme improvement (644ad02f77)
    • image: install ceph luminous package in centos7 based image #17350
      • install ceph luminous package in centos7 based image (9f08ce61ac)
      • use centos SIG storage repo (b7fde7b439)
    • deploy: apps: extend extended tests to better check for deployer invariants and enable back the old check #16998
      • Fixup variable names in DC controller (086cc82723)
      • Make deployment test reproducible when randomness is involved (705e69b39b)
      • Add asynchronous deployer pod invariant checker for every test (020235fbab)
      • Enable back the old check for multiple deployer pods temporarily disabled in https://github.com/openshift/origin/pull/16956 (62b1cbc65a)
      • Add some test to stress test deployer pod invariants (ba495e5dcb)
    • cli: move "openshift ex" -> "oc ex" #17486
      • move "openshift ex" -> "oc ex" (4bdb0bd467)
      • update tests (28887fac79)
      • update completions/docs (7c3a54e85b)
    • server: pick pull 17473: stop adding beta admission config to default master configs #17516
      • stop adding beta admission config to default master configs (d2ee0d319d)
      • patch master option tweaks (93ddeaed5c)
    • template: break dep on clientcmd in pkgs outside pkg oc #17357
      • break dependencies on pkg/cmd/util/clientcmd (6bb3e85e6d)
      • move admin template cmds -> pkg/oc/admin (41e9a84142)
      • move main client configuration to pkg/client/config (14a5503225)
      • break remaining deps on pkg/oc (213f9a83fc)
    • deploy: Fix DC reaper to deal with invalid resource name. #17492
      • Fix DC reaper to deal with invalid resource name. (It was deleting all RCs because apimachinery .AsSelector() ignores errors and returns MatchAll selector in that case.) (b75bee47df)
      • Fix TestWaitForRunningDeploymentSuccess race (f6f37ad8c4)
    • Exclude myself from most of the OWNERS files #17557
      • Exclude myself from most of the OWNERS files. (086bd45d54)
      • Exclude legionus and tiran from OWNERS as well. (29d91f0ebb)
    • prevent references from origin to oc #17536
    • prevent references from origin to oc (c1c963681a)
    • auth: Infrastructure changes for token timeouts #17614
      • Remove duplicate Origin authenticator interfaces (b638188e44)
      • Add OAuth token and user validator interface (10d7f6a124)
      • Wire up OAuth shared informer (5b379e3550)
      • Allow authenticator to return post start hooks (f27d9470a7)
    • cluster: cluster up support for N-1 clusters #17338
      • switch to template-service-broker binary (9776370136)
      • cluster up support for N-1 clusters (758e387f3e)
    • deploy: Remove journald limits #17597
      • Drop changing journald limits, now that ansible owns that piece (3906907192)
      • Bring back deployment e2e commented out due to journald limitting problem (e13aa42744)
    • auth: Fail fast when request to /.well-known/oauth-authorization-server fails #17606
      • Fail fast when request to /.well-known/oauth-authorization-server fails. (51e0dafa85)
    • Introduce custom Grafana for openshift prometheus. #17037
      • Introduce custome Grafana for openshift prometheus. (ca061f2eb7)
    • deploy: Fix deploymentconfig scale #17587
      • Fix scale subresource type for apps.openshift.io/deploymentconfigs/scale (cc424f5f74)
      • Fix deployment config UpdateScale (b948af9dd3)
    • build: adjust bld prometheus ext test for concurrent tests, cross namespace … #17635
      • adjust bld prometheus ext test for concurrent tests, cross namespace builds (bc923a241d)
    • node: sdn: make pod operation metrics more useful and collectable #17250
      • sdn: make pod operation metrics more useful and collectable (d61ffa1787)
      • sdn: handle error from JSON marshal at pod setup (caf5f73f59)
    • fix prometheus readme: bld phase/reason conversion to all lower case … #17809
      • fix prometheus readme: bld phase/reason conversion to all lower case was reverted (f1194fd93e)
    • deploy: re-enable deployment test #17751
      • Revert "increase DC hook timeouts. indicates pod start latency problem and flakes end-to-end" (0ac41089e6)
      • re-enable deployment test (56ac0bfb78)
    • cluster: diagnostics: minor fixes #17772
      • diagnostics: correctly use cluster-context if specified (428abd8cd5)
      • diagnostics README: correct package and command (8c714166ee)
      • diagnostics: in-pod command now openshift-diagnostics (357071f892)
    • auth: NetworkPolicy RBAC fixes #17549
      • Update OpenShift roles for networking.k8s.io (98b52bf70a)
    • sync prometheus ext tests running in parallel #17717
      • account for already exist race with prometheus ext tests (9b9f68d47c)
    • router: re-enable router metrics test #17753
      • re-enable router metrics test (f6b0568c3d)
    • Workaround for broken quota admission test #17830
      • Fix quota admission test (93e0508eb1)
    • Restore ugorji json decoding with type coercion #17768
      • Add compatibility test for (shudder) string->int and {}->[] coercion (a8b819ca8e)
    • Allow the configuration of individual controllers #17572
      • allow configuring enabled and disabled openshift controllerS (a5743a7c56)
      • generated (171d733825)
    • test: tweak failing-dc e2e test with sleep so docker have time to get the hook container logs #17746
      • add sleep to failing-dc fixture so docker have time to gather logs from hook container (6ace95d132)
    • build: Update gitignore for vendored build output files #17848
      • Add the output directories for incubators to .gitignore (70400f6e5b)
    • hack: UPSTREAM: 57214: Remove mutation from pvc validation #17876
      • fake godeps.json to make hack/cherry-pick.sh work (adc532606f)
    • server: Add origin types kubectl scheme #17885
      • Add origin types to the kubectl scheme (e65306cbd0)
      • centralize legacy installation into core api group (ec8902bb2d)
    • hack: hack/update-dep.sh proof #17810
      • move crio to point of use in builders (bd0d189cc7)
      • glide (8a012cf097)
    • cluster: Remove hardcoded fields for parameter substitution configuration in Cluster Loader #17072
      • Remove hardcoded fields for Cluster Loader parameters (3bef3a2c3b)
    • cli: Add --selector, --pod-selector flags oc adm drain #17616
      • update completions (9f492834de)
    • Update swagger spec generation #17688
      • Update swagger spec generation (804b77911c)
      • Generated changes (b60a6d0b7c)
    • deploy: Fix race in extended deployments test #17889
      • Fix race in extended deployments test "should deal with cancellation after deployer pod succeeded" (84cdf4083f)
    • Fix SDN exponential backoff timeouts #17739
    • Fix SDN exponential backoff timeouts (ac0793cf07)
    • Moved getLocalSubnet() from node/sdn_controller.go to node/subnets.go (2603e1f1f2)
    • run openshift and kube controllers on different leases #17861
    • run openshift and kube controllers on different leases (766a973a53)
    • image: Add labels column to oc get images --show-labels output #17846
      • print labels for images (340502b371)
      • add tests for image labels (aea4040bce)
    • server: Changing API flow description #17960
      • Add make update-deps target to be compatible with other openshfit repos (b3c019e406)
      • Add an API change section (e7260c51e9)
    • Update glide again #17962
      • glide.yaml (c8f77db97c)
      • minimal roundtripping change (a95f6dc9a1)
      • generated (4503dca05a)
    • Rebase service catalog to v0.1.3 #17378
      • Squashed 'cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/' changes from 3064247d05..d969acde90 (cedd00ca00)
    • build: move builder images to use external apis #17699
      • clean up import verifier error (b27d4b4860)
      • move builder image code to v1 apis (66c9d91d68)
    • security: SCC admission plugin: extract name to a constant #17856
      • PSP admission plugin: extract name to a constant and a couple minor improvements. (710951221c)
    • security: Improve the process of pod updates by preferring non-mutating SCCs and reducing pod mutations #16934
      • SecurityContextConstraints: do not mutate nil privileged field to false. (5b2b98f300)
      • SecurityContextConstraints: only set runAsNonRoot when runAsUser is nil. (014f66d83c)
      • SecurityContextConstraints: avoid unnecessary mutation of container capabilities. (2e79df04d2)
      • SecurityContextConstraints: avoid unnecessary mutation of supplemental groups. (1b41ef74d6)
      • SecurityContextConstraints: pass effective capabilities to validation interface. (098d16090e)
      • SecurityContextConstraints: limit validation to provided groups. (abd601c5da)
      • SecurityContextConstraints: pass effective selinux options to validate. (b5a84975d8)
      • SecurityContextConstraints: pass effective runAsNonRoot and runAsUser to user validation interface. (3d4c343700)
      • Add unit tests for RunAsUser.MustRunAsRange strategy. (d07223bfa8)
      • SecurityContextConstraints: avoid unnecessary securitycontext mutation. (f4d81e2d4a)
      • Security Context Constraints: prefer non-mutating SCC on update. (de94214c7e)
    • node: skip docker ping check when using fake docker #17979
      • node: use a warning instead of fatal when docker ping fails (ca5ca9c1d5)
    • router: Fix indentation in egress-router.sh #18001
      • fix indentation (8622953665)
    • Split prometheus alerting rules, add new automated recording rules #17553
      • Split prometheus alerting rules, add new automated recording rules (db29c1cdff)
      • Limit some high cardinality metrics by default (3287329878)
      • Add a standalone prometheus example (ba373cab38)
    • Add proper error message to OVS health check #17890
      • Add proper error message to alreadySetup (ca87845a2a)
      • Fix error message (fd3af25001)
      • Fix error messages (179cef67dd)
    • build: run jenkins java builds in memory constrained pods #17832
      • run jenkins maven build in memory constrained pod (e986a9e5b9)
      • run jenkings gradle build in memory constrained pod (447f326c13)
    • server: re-enable openapi aggregation #17899
      • re-enable openapi aggregation (e0476c3279)
      • generated (9b4169977f)
    • test: Implement a way to time out tokens based on (in)activity #17640
      • Introduce inactivity timeout tracking for access tokens (59a803b6e1)
      • Generated files (aa34658d96)
      • Add integration test to check token timeouts (0ed56a99ef)
      • Fix timeout validator unit test flakes (83811da294)
    • cluster: Adding synchronization and other features to extended test cluster loader. #17894
      • Adding synchronization and other features to extended test's cluster loader. (dd2366b840)
    • node: Fix passing container to pod logs from dc #18017
      • cli: pass container name to log options for dc (97a6d827ec)
      • apps: pass container and previous correctly for pod logs (502be6417e)
    • cluster: Support web console image for cluster up #17575
      • Support web console image for cluster up (caba0dcc70)
      • Tag origin-web-console image for e2e tests (27041dd3f3)
    • network: Remove numerous "Provided subnet doesn't belong to network" when configured with multiple subnets #17973
      • fix github issue 17475 (659a4ae95f)
    • Rebase to 1.9.1 #18003
      • update glide.yaml (0a67e968d8)
      • update to handle audit changes (2dd2187690)
      • generated (729452083a)
    • stop special casing creation for ns lifecycle admission #17914
      • stop special casing creation for ns lifecycle admission (de77da5af0)
    • add proxy for the webconsole #17862
      • add proxy for the webconsole (7e44f156eb)
      • remove webconsole from openshift (c1c520d343)
    • cli: Fix segv error for usage error of oc set env command #17932
      • Fix segv error for usage error of set env (95e7a0a54b)
    • ex: dockergc: various fixes #17479
      • ex: docekrgc: remove BindForOutput flags (bcb8d75866)
      • ex: dockergc: fix typo in error message (cffdd1ef44)
      • ex: dockergc: use glog (329b4d0465)
      • ex: dockergc: add dry-run mode (45c72bde19)
      • ex: dockergc: fix use of contexts (6a1ddee68f)
      • ex: dockergc: make gc pass failure non-fatal (3547f938b8)
    • router: Bump router to haprox18 #18053
      • Bump the haproxy version to 1.8 (d0aa7769df)
      • router- Temporarily add centos paas sig 3.8 (53762de42e)
    • auth: Revert back to the "normal" apiserver authentication #15739
      • Revert "disable TSB client cert and front proxy auth until aggregation is on by default" (7b09621490)
    • dind-ovn: use golang binaries instead of python ones #17541
      • With upstream PR: https://github.com/openvswitch/ovn-kubernetes/pull/173, this PR will obsolete the python binaries (except gateway helper) (7697cb9020)
      • reflect the new install procedure as in https://github.com/openvswitch/ovn-kubernetes/pull/192 (96d39c4388)
    • auth: apps: Fix dc triggers reconciliation on image change and do not deploy DCs with empty image #17539
      • Add test to verify we don't deploy unspecified images in DC (d9dcac54dd)
      • Never deploy unspecified images in DC (f0913b262a)
      • Fix DC image reactor to reconcile on DC dc.Spec.Template.Spec.Containers changes (cda584a510)
    • cli: bug 1470374 - oc new-app behaviour #17457
      • Add "no git installed" logic for oc new-app syntax (4113dc567e)
    • router: Pull haproxy from the right place #18066
      • Allow haproxy from CentOs (90a1310cc9)
    • auth: remove oauth server dependency from most integration tests #18067
      • remove dead code (6232b9b361)
      • remove oauth server dependency from most integration tests (5371880316)
    • cluster: Cluster capacity rebase to kubernetes 1.9 #18088
      • Cluster capacity vendor update for kube 1.9. (64c9fe2a1d)
      • Cluster-capacity code update for kube 1.9. (408fb77748)
    • server: Use webconsole.config.openshift.io/v1 API group #18056
      • Use WebConsoleConfiguration API group (0ac3f9d73e)
    • template: Improve ISSUE_TEMPLATE.md #18027
      • .github/ISSUE_TEMPLATE.md: improve. (232751e4d6)
    • cli: fix -o panic oc rollback #18040
      • fix -o panic oc rollback (6a9c123ae2)
      • update completions (5428dd7173)
    • patch controllers for storage #18097
      • inject an informer factory override for kube controllers to minimize impact (33febceaf3)
    • Resolve admission plugin config files #12321
      • Move server config test data to fixtures (ec516d277a)
      • Apply defaults to server config testdata (516aea9f08)
      • Make admission plugin config a pointer (73c3201eef)
      • Resolve relative admission plugin config file locations (bdfc2e1a0d)
    • Clean Prometheus example #17992
      • Clean prometheus example. Add proxy for alertmanager (45eb81afd0)
    • tolerate discovery and errors better #17195
      • allow error and partial result for legacy discovery (8233cb6b34)
    • cli: Deprecate oc secrets subcomands #18093
      • Deprecate oc secrets subcomands (5046e19f71)
      • Generated files (2a562fca2b)
    • image: Add image-streams and update db-templates #17922
      • Add image-streams and update db-templates. (9d12ad6efd)
    • add wiring for running bare kube-controller-manager #18100
      • make use of the patched kubecontroller manager in openshift (bd48fc8441)
    • image: oc image mirror was accidentally broken during dependency updating #18078
      • Fix oc image mirror post rebase changes (4ec0e5e1fa)
      • Update glide.yaml to point to docker distribution branch (729d5f58c9)
    • web: from 721cde05fe8c386935adc209638700b2476dd228^..721cde05fe8c386935adc209638700b2476dd228
      • registry: Rebase 1.8.1 #17115
      • server: Switch to openshift/api #17477
      • network: rebase 1.9.0 beta.1 #17576
      • Update swagger spec generation #17688
      • Update glide again #17962
      • server: re-enable openapi aggregation #17899
      • Rebase to 1.9.1 #18003

    Release SHA256 Checksums

    aaf1b7115b83105e9acd8687ff5cb43c698a9a7fcd8e6515860303e1e8bd10a0  ./openshift-origin-client-tools-v3.9.0-alpha.3-78ddc10-linux-64bit.tar.gz
    619ca9350fa70116e7c4544c2be30c544346d054e2f457e3fdd0cab4f7c01996  ./openshift-origin-server-v3.9.0-alpha.3-78ddc10-linux-64bit.tar.gz
    b03bcc33ede03632d97158555157800aabbc11bf005a5c88633eb252ad71ef8f  ./openshift-origin-client-tools-v3.9.0-alpha.3-78ddc10-mac.zip
    cc8744074ea4ac0cb746b4f1289c1d88b7cc56ec1239d0411dfed780e1d14e93  ./openshift-origin-client-tools-v3.9.0-alpha.3-78ddc10-windows.zip
    
    Source code(tar.gz)
    Source code(zip)
    CHECKSUM(669 bytes)
    openshift-origin-client-tools-v3.9.0-alpha.3-78ddc10-linux-64bit.tar.gz(41.74 MB)
    openshift-origin-client-tools-v3.9.0-alpha.3-78ddc10-mac.zip(40.22 MB)
    openshift-origin-client-tools-v3.9.0-alpha.3-78ddc10-windows.zip(40.45 MB)
    openshift-origin-server-v3.9.0-alpha.3-78ddc10-linux-64bit.tar.gz(180.72 MB)
  • v3.7.1(Jan 16, 2018)

    This is a patch release of OpenShift Origin.

    Changes

    v3.7.1 (2018-01-16) Full Changelog

    Component updates

    • Updates to Kubernetes
      • 51634: Revert to using isolated PID namespaces in Docker #17722
      • 55641: dockershim: remove corrupt checkpoints immediately upon detection #17302
      • 56356: Wait for controllerrevision informer to sync on statefulset controller startup #17620
      • 56503: MustRunAsNonRoot should reject a pod if it has non-numeric USER #17686
      • 57211: Process cluster-scoped owners correctly #17818
      • Allow controller context injection to share informers #17855
    • Updates to Docker distribution
      • docker/distribution: 2140: Add 'ca-central-1' region for registry S3 storage driver #17585

    Bugs

    • deploy: Fix deployment config scale subresource #17517#17599
    • oauth: Make client authorizations tolerant of UID changes (4800340563)
    • router: Fix example certificates used in router tests #17959
    • server: Fix panic on controllers start #17855

    Release SHA256 Checksums

    56e9dbff7e5e4ade1e92cc10ff1bd1ae2789ec400be0d8a5b2177fd6c465af21  ./openshift-origin-client-tools-v3.7.1-ab0f056-linux-64bit.tar.gz
    bd783fe128fac2f2dd117a23a4c1d9d1b0a8313e2bdb433f640c3b23df7eb8f8  ./openshift-origin-server-v3.7.1-ab0f056-linux-64bit.tar.gz
    e2cdad103485580166e4aef14e111551439c2c18a1ed77376b16808755b363ea  ./openshift-origin-client-tools-v3.7.1-ab0f056-mac.zip
    dc228416bc07bf96ea6ecca431004bfc1182af0c0b0be7834fceda5e8a663b3e  ./openshift-origin-client-tools-v3.7.1-ab0f056-windows.zip
    
    Source code(tar.gz)
    Source code(zip)
    CHECKSUM(629 bytes)
    openshift-origin-client-tools-v3.7.1-ab0f056-linux-64bit.tar.gz(38.50 MB)
    openshift-origin-client-tools-v3.7.1-ab0f056-mac.zip(38.17 MB)
    openshift-origin-client-tools-v3.7.1-ab0f056-windows.zip(38.43 MB)
    openshift-origin-server-v3.7.1-ab0f056-linux-64bit.tar.gz(132.48 MB)
  • v3.7.0(Nov 29, 2017)

    This is the official 3.7 release of OpenShift Origin.

    Changes

    Roadmap for the v3.7 release

    v3.7.0 (2017-11-29) Full Changelog

    API

    • SecurityContextConstraints can't be patched because an empty array is returned by the server #17185
      • OpenShift now always returns an empty array for the users, groups, and subjects fields on SecurityContextConstraints
    • Merge imagestreamtag list on strategy merge patch correctly #17091
      • Image stream spec tags were not correctly merged when strategic merge patches were used. This is now fixed.
    • DeploymentConfig replicas field is now correctly marked as optional in the API spec #17035

    Component updates

    • Updates to Kubernetes
      • 48813: maxinflight handler should let panicrecovery handler call NewLogged #17048
      • 49128: add svc and netpol to discovery #17454
      • 49885: Ignore UDP metrics in kubelet #17303
      • 54597: kubelet: check for illegal container state transition #17051
      • 54763: make iptables wait flag generic; increase the max wait time from 2 seconds to 5 seconds #17062
      • 54812: Allow override of cluster level (default, whitelist) tolerations by namespace level empty (default, whitelist) tolerations. #17116
      • 54828: trigger endpoint update on pod deletion #17120
      • 54921: rename metric reflector_xx_last_resource_version #17173
      • 54979: Certificate store handles rel path incorrectly #17135
      • 55028: kubelet: dockershim: remove orphaned checkpoint files #17175
      • 55248: increase iptables max wait from 2 seconds to 5 (fix) #17222
      • 56221: log errors while trying to GC resources #17426
      • 56223: ensure that network policy can be GC'd #17426
      • drop: fix for bz1507257 hacked from upstream PR47850, drop these changes in favour of that PR because this one does not carry the entire dependent chain. Conflicts were removed manually. #17097

    Bugs

    • build: Adding sample Jenkins Pipeline #16880
    • build: Allow image trigger controller to create custom builds #17108
    • cli: Return error when long-form service account name is used with oc policy #17061
    • image: Correctly dereference ImageStreamTags #16821
    • image: Signature import now correctly falls back to (in)secure transport #17202
    • login: Preserve errors correctly when certain errors happen in login #17138
    • migrate: Correctly handle NotFound errors during migration #17080
    • network: Validate node IP is local during sdn node initialization #17043
    • network: fix a segfault with cidr addresses and correct the creation of cluster network object #17076
    • network: Fix up destination MAC of auto-egress-ip packets #17099
    • network: Network component should refresh certificates if they expire #17135
    • network: Avoid parsing the whole dump-flows output in the OVS health check #17333
    • network: Allow assign-macvlan annotation to specify an interface #17383
    • router: Change the router reload suppression so that it doesn't block updates #17049
    • router: Fix the suppress health checks when only one backing service logic #17077, #17155
    • rpm: Move master config ghosts to /etc/origin/master/ #15163
    • server: Fix panic during openshift controller options initialization #17127
    • template: Fix duplicate timeout directive #17030
    • template: Add template.openshift.io/bindable annotation, default is true #17215
    • template: Add app label to example templates #17224
    • web: Rework nav to remove :hover selectors to address bugs, inconsistencies #2388
    • web: Fix bug where secondary nav items truncate in IE11 #2390
    • web: Adjust h1 margins so page header border aligns with left nav item #2389
    • web: Allow EnvFrom Prefix #2377
    • web: Reveal and hide secrets #2378
    • web: Bump container terminal to v2.1.1 to fix refresh when disconnect / re-connect #2398
    • web: Add resourceVersion as a secondary sort for events #2395
    • web: Update membership filter to use MEMBERSHIP_WHITELIST in Constants.js #2402
    • web: Preserve newlines in broker status messages #2401
    • web: Bug 1507753 - Make config page and environment tab actions consistent #2404
    • web: Check 'auth' field when displaying .dockercfg config #2392
    • web: Inform the user when no projects to select templates from #2399
    • web: Fix bugzilla 15077030 where deleting a rolebinding for a serviceaccount can delete additional rolebindings for serviceaccounts from another namespace #2406
    • web: Update plan info on service instance update #2409
    • web: Fix adding role to service account where namespace is sometimes missed #2411
    • web: Show ProvisionCallFailed in notification drawer #2413
    • web: Correctly merge env edits after background upates #2407
    • web: Follow-on updates from @jennyhaines https://github.com/openshift/origin-web-console/issues/2362#issuecomment-339710253 #2400
    • web: Fix missing RolloutCancelled event in notification drawer #2412
    • web: Fix for adding non-builder templates to a project #2424
    • web: Use label-editor for PVC labels #2423
    • web: Fix vertical alignment of "View Details" link #2425
    • web: Bug 1505281 - Improve import YAML results message #2426
    • web: Fix bug where wrong next steps message can be displayed #2429
    • web: Remove breadcrumbs from catalog, create, and next-steps pages #2431
    • web: Fix bug where custom img icons don't appear in catalog cards #2432
    • web: Fix bugs with headings #2437
    • web: Fix for create project dialog in projects list for mobile. #2444
    • web: Fix broken route links #2445
    • web: Update help text on CA inputs #2443
    • web: Don't wrap "Clear Filter" text #2439
    • web: Should not display the 'Reveal Secret' link when secrets without 'data' field #2448
    • web: Wizard fixes for iPhone #2451
    • web: Fix problems with env valueFrom for DC hooks #2461
    • web: Check for 'auths' field for both dockerconfig secrets types #2463
    • web: Allow editing service instances again if previous update failed #2466
    • web: Update catalog subcategory styles #2467
    • web: Handle null secret values #2465
    • web: Correctly disable Deploy button #2471
    • web: Bug 1510346 - Don't let users copy empty secret value #2478
    • web: Correct ProjectNameTaken error handling in deployImage, processTemplate, and fromFile wizards #2473
    • web: Add ProvisionedSuccessfully even to notification drawer #2480
    • web: Fix envFrom validation regex #2486
    • web: Show idled state in collapsed overview rows #2487

    Release Binaries

    Binary artifacts are located here: https://gcsweb-ci.svc.ci.openshift.org/gcs/origin-ci-test/branch-logs/origin/v3.7.0/builds/test_branch_origin_cross/1032/artifacts/zips/

    573e39965633671aac08d68f57d66ff182fb646649523914f0a60debb6515eba  ./openshift-origin-client-tools-v3.7.0-7ed6862-linux-64bit.tar.gz
    cfbd89b0bc5068e940daa9eff2af84be2458a4dd38b4c8ed363b04f204f06a54  ./openshift-origin-server-v3.7.0-7ed6862-linux-64bit.tar.gz
    7b00cf3535e9b5a33c30a143bdb5621fe49f73aee63c77ff4a7f8d0212be4f0a  ./openshift-origin-client-tools-v3.7.0-7ed6862-mac.zip
    3b61b29940844d5744bea1a8c0d34fb47c0817e94b1ef154f2fe33014962742b  ./openshift-origin-client-tools-v3.7.0-7ed6862-windows.zip
    c0bfff74ed1db6d67887b5bd7883c600151d62608a2360b695ce21394874362f  ./openshift-origin-image-v3.7.0-7ed6862-linux-64bit.tar.gz
    c813a073e0a10e55b02ac9aaf02f2647d761180a327691765a58a25676a3d4c8  ./CHECKSUM
    

    RPMs are published here: https://gcsweb-ci.svc.ci.openshift.org/gcs/origin-ci-test/branch-logs/origin/v3.7.0/builds/test_branch_origin_extended_conformance_gce/2001/artifacts/rpms/

    Source code(tar.gz)
    Source code(zip)
    CHECKSUM(706 bytes)
    openshift-origin-client-tools-v3.7.0-7ed6862-linux-64bit.tar.gz(38.50 MB)
    openshift-origin-client-tools-v3.7.0-7ed6862-mac.zip(38.17 MB)
    openshift-origin-client-tools-v3.7.0-7ed6862-windows.zip(38.42 MB)
    openshift-origin-image-v3.7.0-7ed6862-linux-64bit.tar.gz(76.64 MB)
    openshift-origin-server-v3.7.0-7ed6862-linux-64bit.tar.gz(132.46 MB)
  • v3.7.0-rc.0(Oct 27, 2017)

    v3.7.0-rc.0

    This is a feature release of OpenShift Origin.

    Changes

    Roadmap for the v3.7 release

    v3.7.0-rc.0 (2017-10-27) Full Changelog

    API

    • Images
      • The imagestream spec.dockerImageRepository field is now deprecated #16181
    • Routes
      • Support additional field selectors on routes #16305
    • Builds
      • API docs should show the right return value for build instantiate and build instantiatebinary #16157
      • The experimental extended builds feature has been removed in favor of the existing ability to chain builds with image sources #16811

    Component updates

    • Updated to Kubernetes v1.7.6-166-ga08f5eeb62 + patches
      • 45345: Support "fstype" parameter in dynamically provisioned PVs #16232
      • 45611: remove use of printf semantics for view-last-applied cmd #16983
      • 47599: Rerun init containers when the pod needs to be restarted #16865
      • 47806: kubelet: fix inconsistent display of terminated pod IPs by using events instead #16464
      • 47806: kubelet: fix inconsistent display of terminated pod IPs by using events instead #16615
      • 48033: Refactor and simplify generic printer for unknown objects #16892
      • 48226: Log get PVC/PV errors in MaxPD predicate only at high verbosity. #16329
      • 48502: Add a refreshing discovery client #16215
      • 48524: fix udp service blackhole problem when number of backends changes from 0 to non-0 #16328
      • 48583: Record 429 and timeout errors to prometheus #16266
      • 48584: Move event type #16865
      • 48589: When faild create pod sandbox record event. #16865
      • 48605: support json output for log backend of advanced audit #16128
      • 48612: Warn if cluster ID is missing for AWS #16331
      • 48709: glusterfs: retry without auto_unmount only when it's not supported #15199
      • 48757: Fix flaky test in reconciler_test #16871
      • 48940: support fc volume attach and detach #15437
      • 48970: Recreate pod sandbox when the sandbox does not have an IP address. #16865
      • 49016: PV controller: resync informers manually #16965
      • 49025: fix NodePort test on baremetal installs #15766
      • 49127: Make definite mount timeout for glusterfs volume mount #15199
      • 49133: add controller permissions to set blockOwnerDeletion #16182
      • 49142: Slow-start batch pod creation of rs, rc, ds, jobs #16111
      • 49215: Require Cluster ID for AWS #16331
      • 49219: Use case-insensitive header keys for --requestheader-group-headers. #16186
      • 49416: FC volume plugin: remove block device at DetachDisk #16236
      • 49420: Fix c-m crash while verifying attached volumes #15433
      • 49475: Fixed glusterfs mount options #15199
      • 49638: Remove default binding of system:node role to system:nodes group #14227
      • 49640: Run mount in its own systemd scope #15725
      • 49899: Update the client cert used by the kubelet on expiry #16571
      • 50036: Bring volume operation metrics #16490, #16615
      • 50094: apimachinery: remove pre-apigroups import path logic #15955
      • 50258: Add token cache component #14916
      • 50258: Add token group adder component #14916
      • 50258: Add union token authenticator #14916
      • 50258: Simplify bearer token auth chain, cache successful authentications #14916
      • 50334: Support iscsi volume attach and detach #16299
      • 50350: Wait for container cleanup before deletion #16865
      • 50476: fix the webhook unit test; the server cert needs to have a valid CN; fix a fuzzer #16861
      • 50583: Make endpoints controller update based on semantic equality #16889
      • 50843: FlexVolume: Add ability to control 'SupportsSELinux' during driver's init phase #16174
      • 51035: Show events when describing service accounts #13621, #16615
      • 51119: Allow audit to log authorization failures #16128
      • 51148: Enable finalizers independent of GC enablement #16105
      • 51199: Makes Hostname and Subdomain fields of v1.PodSpec settable when empty and updates the StatefulSet controller to set them when empty #16722
      • 51448: Add PVCRef to VolumeStats #16205
      • 51473: Fix cAdvisor prometheus metrics #16048
      • 51534: update scheduler to return structured errors instead of process exit #16015
      • 51535: allow disabling the scheduler port #16015
      • 51553: Expose PVC metrics via kubelet prometheus #16205
      • 51633: update GC controller to wait until controllers have been initialized #16617
      • 51636: add reconcile command to kubectl auth #16104
      • 51638: allow to generate extended methods in client-go #16019
      • 51644: do not update init containers status if terminated #16244
      • 51705: Address panic in TestCancelAndReadd #16077
      • 51727: ensure all unstructured resources #16082
      • 51728: Enable CRI-O stats from cAdvisor #16441
      • 51750: output <none> for colums not found #17023
      • 51782: A policy with 0 rules should return an error #16128
      • 51796: Fix pod and node names switched around in error message. #16392, #16615
      • 51803: make url parsing in apiserver configurable #16110
      • 51932: fix format of forbidden messages #16110
      • 51972: ProducesObject should only update the returned API object resource documentation #16157
      • 51972: ProducesObject should only update the returned API object resource documentation #16615
      • 52030: Fill in creationtimestamp in audit events #16128
      • 52073: Fix cross-build #16441
      • 52092: Fix resource quota controller panic (Drop in 1.8) #16241
      • 52112: Allow watch cache disablement per type #16398, #16615
      • 52127: Fix deployment timeout reporting #16277
      • 52168: Fix incorrect status msg in podautoscaler #16664
      • 52221: Always populate volume status from node #16384
      • 52297: Use cAdvisor constant for crio imagefs #16441
      • 52344: Do not log spam image pull backoff #16302
      • 52440: add --dry-run option -> oadm <drain,cordon,uncordon> #16333
      • 52503: Get fallback termination msg from docker when using journald log driver #16912
      • 52515: Clarify predicates name to clean confusing. #16778
      • 52515: changes to upstream commits to fix unit test errors with 3.7. #16778
      • 52545: use specified discovery information if possible #16722
      • 52597: Support flag round tripping #16270
      • 52602: etcd3 store: retry w/live object on conflict #16722
      • 52604: Use separate client for node status loop #16722
      • 52673: default service resolver for webhook admission #16861
      • 52675: Fix FC WaitForAttach not mounting a volume #16483, #16615
      • 52687: Refactoring and improvements for iSCSI and FC storage plugins #16483, #16615
      • 52691: FC plugin: Return target wwn + lun at GetVolumeName() #16483, #16615
      • 52775: Fix panic in ControllerManager when GCE external loadbalancer healthcheck is nil #16722
      • 52823: Third party resources should not be part of conformance #16722
      • 52864: dockershim: fine-tune network-ready handling on sandbox teardown and removal #16602
      • 52864: dockershim: fine-tune network-ready handling on sandbox teardown and removal #16615
      • 52947: Preserve leading and trailing slashes on proxy subpaths #16722
      • 53037: Verify client cert before reusing existing bootstrap #16571
      • 53069: Align imagefs eviction defaults with image gc defaults #16565, #16615
      • 53135: Fixed counting of unbound PVCs towards limit of attached volumes. #16718
      • 53167: Do not GC exited containers in running pods #16896
      • 53233: Remove containers from deleted pods once containers have exited #16913
      • 53299: Correct APIGroup for RoleBindingBuilder Subjects #16722
      • 53318: create separate transports for liveness and readiness probes #16615, #16633
      • 53332: Ignore pods for quota that exceed deletion grace period #16722
      • 53401: Fix spam of multiattach errors in event logs #16681
      • 53442: add nested encoder and decoder to admission config #16682
      • 53446: kubelet: add latency metrics to network plugin manager #16696
      • 53457: Ignore notFound when deleting firewall #16722
      • 53464: output empty creationTimestamps as null #16665
      • 53606: implement ApproximatePodTemplateObject upstream #16379
      • 53682: Use proper locks when updating desired state #16791
      • 53720: Optimize random string generator to avoid multiple locks. This is a modified version of the upstream 53720, as SafeEncodeString function does not exist in 3.7. #16864
      • 53731: Use locks in fake dbus #16740
      • 53753: Reduce log spam in qos container manager #16840
      • 53793: User separate client for leader election in scheduler 1.7 PR is https://github.com/kubernetes/kubernetes/pull/53884 #16864
      • 53823: allow fail close webhook admission #16861
      • 53831: Fix volume reconciler test flake #16871
      • 53857: kubelet sync pod throws more detailed events #16865
      • 53896: decode admission responses into a fresh object #16861
      • 53916: update .dockercfg data to config.json format #16868
      • 53989: Remove repeated random string generations in scheduler volume predicate #16864
      • 54257: Use GetByKey() in typeLister_NonNamespacedGet #16986
      • 54308: The garbage collector creates too many pods #16978
      • 54593: Removed containers are not always waiting #17042
      • : Fix to avoid REST API calls at log level 2. #15934
      • : allow a filter function on admission registration #16639
      • : allow controller context injection to share informers #16089
      • : increase timeout in TestCancelAndReadd even more #16411
      • : openapi generation for createNamespacedDeploymentConfigRollback duplication problem #16615
      • : update namespace lifecycle to allow review APIs #16603
      • : update namespace lifecycle to allow review APIs #16615
      • : Adapt etcd testing util to v3.2.1 #16615
      • : Adapt etcd testing util to v3.2.8 #16730
      • : Fix gc test until 1.8 #16453
      • : Fix result type in fake clientset generator #16100
      • : add debugging to NodePort test #15766
      • : aggregate openapi through servers. 1.8 should fix tthis for CRD #16615
      • : drop in 1.9 rebase. Shims enough admission webhook to work without modifying api #16861
      • : generated updates #16615
      • UPSTREAM: : handle kube-gen rename #16288
      • UPSTREAM: : rename generators to match upstream #16288
      • revert: bc8249cc6f35fabffff5ccf4e13978ff9a6a2e32: "UPSTREAM: : allow PV controller recycler template override" #16139
      • revert: dcb5eef2d8a6d14816d8d1f767f0d0016b84dcdf: "UPSTREAM: : hack out portworx to avoid double proto registration" #15862
    • Service catalog updated to v0.1.0 #17027
      • Squashed 'cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/' changes from aa27078754..510060232e (ee4ff3f3c4)
      • catalog: handle change to single catalog binary (de7f4c1890)
    • Updated to Docker distribution v2.6.2-7-g729840c + patches
      • docker/distribution: 2299: Fix signalling Wait in regulator.enter #15694
      • docker/distribution: 2382: Don't double add scopes #14471
      • docker/distribution: 2384: Fallback to GET for manifest #14471
      • docker/distribution: 2402: Allow manifest specification #14471
      • docker/distribution: : Azure dependencies #16615
      • docker/distribution: : Revert "disable manifest list registration" #16322
      • docker/distribution: : add README.md to docker/distribution/vendor #15694
      • docker/distribution: : custom routes/auth #15694
      • docker/distribution: : disable manifest list registration #16319
    • Other notable dependency changes

    Features

    • apps: Add prometheus metrics for deployment configs #14796
    • auth: Node admission/authorization #14227
    • auth: Per-client access token expiration #14784
    • auth: Advanced audit as tech preview in origin #16128
    • auth: Report events when service account OAuth is incorrectly configured and clients can't log in #13621
    • cli: Add --sub-path opt to oc set-volume #16459
    • cri-o: enable build pods to tolerate running on crio while talking to docker #16491
      • setup crio networking for build containers (57a4f0d070)
    • cri-o: Disable hostports when CRI-O is used #16463
    • dns: The DNS subsystem should manage keeping dnsmasq in sync #16740
    • examples: Add an example Helm Tiller template #16339
    • image: Controller for automatic image signature import #16293
    • image: Support manifest list import with linux/amd64 platform #16322
    • metrics: Add Prometheus metrics for TemplateInstance controller #16455
    • metrics: Prometheus alerts for openshift build subsystem #16495
    • network: Support multiple CIDR addresses for the pod SDN #14558
    • network: Semi-automatic egress IP #16561, #16659
    • node: Simplify node bootstraping, allow central configuration of nodes, and enable automatic certificate rotation for nodes #16571
    • node: Allow openshift start node to launch the Kubelet directly, instead of running in process #16270
    • registry: Sync images from one image stream to another registry #14471
    • registry: Report the public pull spec for image streams #15853
    • route: Route creation with oc new-app #16396
    • route: Use an annotation to provide a route cookie #16454
    • router: Add a simple NGiNX router based template #13840
    • security: Add AllowedFlexVolumes to manage a whitelist of allowed flexvolumes drivers #15558
    • security: Make SCC with less capabilities more restrictive. #14825
    • security: Modify "sudoer" group and "privileged" SCC to seamlessly work together #16213

    Bugs

    • apps: Deployment config stuck in the new state should respect timeoutSeconds #17000
    • apps: Remove generic deployment config trigger controller #14910
    • auth: Add controller permissions to set blockOwnerDeletion #16182
    • auth: Add short TTL cache to token authentication #14916
    • auth: Add the --rolebinding-name option to rolebinding commands #14868
    • auth: Initialize the server from Kube namespaced roles and bindings #16517
    • auth: Switch to using the upstream RBAC reconcile command #16104
    • auth: Update RoleBindingRestriction admission to handle RBAC #16163
    • auth: Use the upstream authorization filters #16110
    • build: Check for pending, not running, state in next build start tests #16924
    • build: Disallow @ character in secret identification URL patterns, so that people don't mistakenly try to add URL patterns of the form username@hostname/path #13282
    • build: Enforce context timeout on build log streaming #15944
    • build: Ensure user supplied labels override existing image labels during builds #16700
    • catalog: Enable asynchronous deprovision in template service broker #16815
    • catalog: Ensure RBAC for service-catalog-controller to be consistent #16440
    • cli: Append labels when --show-labels is passed to oc get users #16053
    • cli: Create config.json formatted Docker secrets instead of the older .dockercfg format #16868
    • cli: Do a better job printing objects we don't understand in get #16892
    • cli: Don't fail if secrets/ is passed to oc secrets #17004
    • cli: Ensure StatefulSets work with oc logs commands #16652
    • cli: Lemove usage of legacy client in oc describers #16041
    • cli: Prevent oc rollout panic when resource given is not a deployment config #16438
    • cli: oc debug should not fail if the user doesn't have access to the node #17028
    • cli: oc debug should use the deployment pod template if 0 replicas exist #16379
    • cli: oc new-app should not time out while using a proxy #16187
    • cli: add --output & --dry-run options to oc adm policy sub-commands #16218
    • client: Allow to extend generated clients with custom verbs #16019
    • cluster: Enable webhook admission in an alpha state #16861
    • cluster: Fix "No log available from 'origin' container" #17006
    • deploy: Make deployments minReadySeconds test more tolerant to infrastructure issues #16061
    • diagnostic: Bug 1481147: Fix default pod image for network diagnostics #16439
    • hack: Break release into pieces, build images in parallel #16047
    • hack: Make focus and skip a lot easier to use in extended tests #15915
    • hack: Prepare for static deep-copy in 3.8 rebase #16469
    • hack: Remove build docker volume if OS_BUILD_ENV_CLEAN_BUILD_VOLUME is set #16073
    • image: Align imagefs eviction defaults with image gc defaults #16565
    • image: Correct missing sizes for manifest schema 1 images #16325
    • image: Create template-service-broker subpackage and image #16638
    • image: Ensure image pruning only updates a given image stream once during pruning, and handle account errors #16717
    • image: Improve basic image secret handling when secrets point to http port 80 or https port 443 #15945
    • image: Pruning should keep layers referenced by other images #16656
    • image: Set error when we receive unknown schema for the stored image metadata #16319
    • image: Update to use external clients where possible, be more consistent with other storage #16170
    • image: update Apache image stream naming, Apache QuickStart, and add Ruby 2 #16214
    • ldap: Use groupUIDNameMapping for LDAP sync/prune with Openshift groups #16071
    • network: Add development support for ovn-kubernetes network plugin #15756
    • network: Fix UDP service blackhole problem when number of endpoints changes from 0 to non-0 #16328
    • network: Fix defaulting of legacy ClusterNetwork fields #16897
    • network: Fix some diagnostic error handling (NetworkCheck and DiagnosticPod) #16848
    • network: Health check the OVS process and restart if it dies #16742
    • network: Improve egress IP reliability #16866
    • network: Only start the SDN controller if an openshift network plugin is configured #16060
    • network: Rename pkg/sdn to pkg/network, for consistency with its API #16057
    • network: Split networking out from node initialization into its own package #16269
    • network: Switch to a go library for managing node IP calls via netlink for better performance #15834
    • node: System containers need to initialize dnsmasq #16378
    • oauth: Add some basic HTTP headers to OSIN provided pages #17010
    • perf: Disable the watch cache for resources that do not need it, to save memory in production #16398
    • perf: Reduce excessive memory allocation in common authz operations #16986
    • registry: Docker registry hard prune should fix layer links #17020
    • registry: Use a privileged client in registry instead of user client when getting or creating signatures #16353
    • router: Do not include accept-proxy in port list when using proxy protocol and syn eater #16444
    • router: Fix filter namespaces in template router #15916
    • router: Replaced event queue based watching resources in router with shared informers #16315
    • run scheduler by wiring up to a command #16015
    • security: Modify nonroot, hostaccess, and hostmount-anyuid SCCs to drop some capabilities #16436
    • security: Validate pod's volumes only once in security constraints and also fix field path in the error message #16006
    • server: Move remaining storage to separate API servers #16172
    • server: Require cluster ID for AWS #16331
    • server: Split up SDN master/node/proxy/CNI code #15781
    • storage: Enable Portworx Storage Driver #15862
    • template: Add NODE_SELECTOR parameter on TSB template #16539
    • test: Correctly parse nested go tests #16817
    • test: Enable many more tests #16453
    • test: Wait longer for healthz during integration tests #16040
    • web: Patternfly vertical navigation and project bar #1932
    • web: Make sure there's always a menu item for the current project #2003
    • web: Add track by to notification drawer #1988
    • web: Removing table-hover from tables to address inconsistency in hover color #2011
    • web: Fix for landing page bug where .landing wasn't positioned correctly #2000
    • web: Bug 1488288 - Fix pods link on monitoring page #2006
    • web: Not allowing creation date to wrap to eliminate bug #2012
    • web: Add 'Select from Project' wizard to allow project templates/images to be imported #1966
    • web: Still show instance details when provision in progress #2019
    • web: Fix hamburger menu at mobile for pages with no project bar #2017
    • web: Support binding parameters #1987
    • web: Fix excessively large notification blank state message #2023
    • web: Updating dependencies to resolve various bugs #2025
    • web: Add the ability to add a secret to an application #2021
    • web: Use relative URL for Browse Catalog link #2027
    • web: Remove independent scroll from events sidebar Fixes https://github.com/openshift/origin-web-console/issues/2004 Fixes https://github.com/openshift/origin-web-console/issues/2028 #2033
    • web: Use create project popup rather than the create-project page #2035
    • web: Add 'Select from Project' option in the 'Add to Project' dropdown #2041
    • web: Warn when secret keys are not valid env var names #2039
    • web: Bug 1490680 - Correctly prompt on unsaved changes for Edit YAML #2051
    • web: Remove incorrect warning when deleting build config #2052
    • web: Do not disable filter input for importing a template from a project #2054
    • web: Wait for project bar visibility #2053
    • web: Avoid runtime error for some dockerconfigjson secrets #2057
    • web: Allow the user to select containers when adding a secret to an application #2058
    • web: Make sure project bar always appears on page load #2064
    • web: Fix for created date not wrapping well with "Add to Application" button #2067
    • web: Ensure kve does not render on browser builds if no envs to show #1970
    • web: Add error message for invalid mount paths when adding secrets to an application #2075
    • web: Adopt new service catalog resource names #2048
    • web: Bug fix for import modal having scrollbar on landing page #2080
    • web: Bug 1491495 - Allow decimals in some number inputs #2074
    • web: Add track by to overview service instance row #2090
    • web: Show creation timestamp in binding delete dialog #2092
    • web: Don't show "Applications" as step label when pod presets are disabled #2093
    • web: Enable new landing page experience by default #2078
    • web: "Add to Application" for config maps #2094
    • web: File path input should always be readonly #2101
    • web: Fix case: "View All Projects" #2104
    • web: Add quick command to help dropdown #1788
    • web: Updates for Service Instance & Bindings #1906
    • web: Make close notification link accessible #2106
    • web: Show consistent status messages for deleted instances and bindings #2112
    • web: Remove alpha prefix from service catalog properties #2113
    • web: Let administrators disable "Copy Login Command" #2107
    • web: Disable clicking number to go to results step #2110
    • web: Bug 1492949 - Don't prompt for project processing template from YAML #2115
    • web: Add internal notifications to notification drawer #2001
    • web: Quota Notifications #2116
    • web: Copy login command shouldn't be wrapped in quotes #2135
    • web: Don't link to secret if binding isn't ready #2138
    • web: Fixes bug where h3 have unwanted border and padding in resource-service-bindings overlays #2139
    • web: Changing overlay layout to a single column #2127
    • web: List serviceclasses as a cluster-scoped resource #2140
    • web: Updates to service instance page, show failed bindings #2141
    • web: Show application kind when add to application dropdown is open #2136
    • web: Show "binding" as type in delete dialog #2143
    • web: Fix deployment empty state message when multiple ICT #2146
    • web: Fix to correctly show binding name in bindings list #2147
    • web: Making display of errors for service rows consistent with others #2148
    • web: Fix binding ready logic #2154
    • web: Don't show parameters step when bind has no parameters #2152
    • web: Bug 1495491 - Show events tab on build config page #2168
    • web: Bug 1495460 - Fix build config source namespace #2169
    • web: Delete bindings when deleting a service instance #2150
    • web: Overview instance row improvements #2174
    • web: Bug 1496396 - Don't warn on navigate when YAML isn't changed #2178
    • web: Support EnvFrom in the Env Editors #2133
    • web: Update DeploymentConfig controller to use getPreferredVersion #2164
    • web: Fixes bug where required field indicator was misaligned in deploy image overlay #2188
    • web: Bug 1496687 - Consistent binding names #2187
    • web: Add space on right for when log-view-output has vertical scroll. This prevents horizontal scrollbar. Fixes https://github.com/openshift/origin-web-console/issues/2189 #2193
    • web: Don't let users accidentally and permanently dismiss router hostname message #2194
    • web: Making next steps/results messaging consistent #2184
    • web: Match section headings to design specs #2195
    • web: Let users remove an envFrom entry for a deleted secret #2196
    • web: EnvFrom Issue Updates #2198
    • web: Improving display of results status messages and removing orphaned tasks directive #2209
    • web: Remove tasks.js reference from index.html #2212
    • web: Temporarily disable integration tests #2210
    • web: Don't show "Service Instance" in Other Resources list #2199
    • web: EnvFrom Copy Fixes #2211
    • web: Do not show "Show Annotations" link when there are none #2214
    • web: Set form definition for bind parameters when creating a binding. #2215
    • web: Bug 1498897 - Don't break if quota status is not set #2216
    • web: Re-enable integration tests #2220
    • web: Fixes unnecessary scrollbar when there's a quota status alert and... #2223
    • web: Correctly hide/show quota notifications per project #2222
    • web: Fix problem where UI appears unresponsive while waiting for websocket update #1959
    • web: Fix bug deleting bindings for service instance #2230
    • web: Adopt service catalog API changes #2155
    • web: Fix preferred version for service bindings #2233
    • web: Add SVG icons #2208
    • web: Adding doc and support links to template info panel #2231
    • web: Vertically align close and kebab icons in notification drawer Match kebab and close icon default color Fixes https://github.com/openshift/origin-web-console/issues/2218 #2229
    • web: Fixes issue where create/fromimage SVG icons can get quite large #2245
    • web: Bug 1496687: Consistent binding names #2247
    • web: Implement truncate-long-text for service class description and long description Fixes https://github.com/openshift/origin-web-console/issues/2072 #2224
    • web: Adopt more service catalog API changes #2235
    • web: Bug 1501015 - Don't load service class more than once #2256
    • web: Bug 1501849 - Fix show/hide annotations label #2261
    • web: Update PHP and MySQL icons #2262
    • web: add "overwrite" option to attachPVC view #2176
    • web: Adding vendor to info screens, adding docUrl and supportUrl to info screens that lacked it #2243
    • web: Adding default message if no description is provided #2264
    • web: Revert "add "overwrite" option to attachPVC view" #2263
    • web: Special case some humanized reasons codes #2266
    • web: Improve role select when editing membership #2265
    • web: Disable service-instance delete link when already schedulaed for deletion #2234
    • web: Should not be able to add the same secret or config map to an application twice #2249
    • web: Bug 1502914 - Compact empty envFrom entries #2275
    • web: Fix issues with bindings widget for service instances #2273
    • web: Fix bug where sidebar bg color doesn't extend to bottom at mobile #2279
    • web: Replacing empty tables with empty state message #2259
    • web: Fix issue 2272: Show hidden roles checkbox isnt functioning properly #2281
    • web: Mount path is not required for envFrom #2305
    • web: Update pending states to use hourglass - adds icon for Pod Initializing #2308
    • web: Bug 1504001 - Fix tooltip over entire dialog #2306
    • web: Remove icon from Select from Project empty states for consistency #2311
    • web: Don't set propagationPolicy when deleting bindings #2314
    • web: EnvFrom Config Map and Secret Link #2201
    • web: Allow unlimited websockets on Edge - also fix leaking websockets on monitoring page #2315
    • web: Service instance details configuration and edit #2237
    • web: Bug 1504511 - Remember template values when clicking back #2322
    • web: Update template annotations #2304
    • web: Fix pending message for service instances on overview #2328
    • web: Add product icons for service catalog #2313
    • web: Fix issue 2293: click on read notification focus bug #2299
    • web: Consistent cursor style for instance failed tooltip #2333
    • web: Bug 1505289 - Fix visible expression in HPA error message #2334
    • web: Do not show binding parameters on the overview page #2326
    • web: Update storage filter empty state to new standard #2341
    • web: Add grouping to Select from Project #2336
    • web: Fix runtime error opening Import YAML dialog #2342
    • web: Fix issue #2302: marking all notifications read can resurrect cleared notifications #2346
    • web: Membership updates to correct broken layouts when multiple roles assigned. Overall code cleanup Fixes https://github.com/openshift/origin-web-console/issues/1219 #2344
    • web: Fix bug where blank space appears in dc config page #2351
    • web: Add alt text for left nav in mini-mode Fixes #2294 Replaces #2309 #2359
    • web: Environment From Fix Drag & Order Display #2238
    • web: Preselect current project in 'Select from Project' #2361
    • web: Handle displaying parameters when secrets are not available. #2355
    • web: Use correct HTTP status from failed DataService.list #2360
    • web: Do not allow updating to plans that have been removed #2369
    • web: Bug 1506153 - Use query param serviceExternalName #2375
    • web: Added 'no projects and cant create' empty state to process-template, deploy-image, and from-file #2296
    • web: Adopt renamed service external name properties #2347
    • web: Only transition vertical nav if project bar exists #2381

    Release SHA256 Checksums

    e35e53b42a00e4d04305ec55c94b623135d3ac236c999c00765703161da23769  ./openshift-origin-client-tools-v3.7.0-rc.0-e92d5c5-linux-64bit.tar.gz
    a0ef9d9ab37079fb1a69e1e2283c7288fbc940867283230ff03ac77e17fffb5c  ./openshift-origin-server-v3.7.0-rc.0-e92d5c5-linux-64bit.tar.gz
    0f1ec8ad4e84a207e54d526c27daa73bd066f75f14d8f735377132da04acb959  ./openshift-origin-client-tools-v3.7.0-rc.0-e92d5c5-mac.zip
    9447a3684700a4a5a1a95dd52f51a31c6972eb5bf10c4eea40cb9162acc89477  ./openshift-origin-client-tools-v3.7.0-rc.0-e92d5c5-windows.zip
    
    Source code(tar.gz)
    Source code(zip)
    CHECKSUM(654 bytes)
    openshift-origin-client-tools-v3.7.0-rc.0-e92d5c5-linux-64bit.tar.gz(38.47 MB)
    openshift-origin-client-tools-v3.7.0-rc.0-e92d5c5-mac.zip(38.15 MB)
    openshift-origin-client-tools-v3.7.0-rc.0-e92d5c5-windows.zip(38.39 MB)
    openshift-origin-image-v3.7.0-rc.0-e92d5c5-linux-64bit.tar.gz(77.17 MB)
    openshift-origin-server-v3.7.0-rc.0-e92d5c5-linux-64bit.tar.gz(132.45 MB)
  • v3.6.1(Oct 25, 2017)

    This is a patch release of OpenShift Origin.

    Changes

    v3.6.1 (2017-10-25) Full Changelog

    Component updates

    • Updates to Kubernetes
      • 45352: Pod (Anti)affinity shouldn't be respected across namespaces. #16016
      • 45743: partial pick of 45743 to fix config groupversion defaults #16976
      • 46236: Support sandbox images from private registries #15880
      • 47731: Use endpoints informer for the endpoint controller. #16575
      • 47788: Get rid of 30s ResyncPeriod in endpoint controller. #16575
      • 49724: skip WaitForAttachAndMount for terminated pods in syncPod #15534
      • 49992: Correctly handle empty watch event cache #15616
      • 50258: Add token cache component #15662
      • 50258: Add token group adder component #15662
      • 50258: Add union token authenticator #15662
      • 50258: Simplify bearer token auth chain, cache successful authentications #15662
      • 50583: Make endpoints controller update based on semantic equality #16890
      • 50934: Skip non-update endpoint updates #15889
      • 51144: Fix unready endpoints bug introduced in #50934 #15889
      • 53753: Reduce log spam in qos container manager #16841

    Bugs

    • Skip goversioninfo when it is not installed #15550
    • Add back origin-sdn-ovs #15542
    • print typed podlist for correct serialization #15519
    • make the router integration tests run as part of test-end-to-end #15778
    • Properly handle errors in policy listing #15762
    • Image policy is resolving images on replica sets by default #15867
    • Mark subjectaccessreview/resourceaccessreview as root-scoped #15714
    • Disable RBAC create commands #15618
    • extended: Skip test instead of failing #16126
    • Add short ttl cache to token authenticator on success #15662
    • make oc adm create-bootstrap-project-template compatible w 1.5 cluster #16207
    • Disable TestImageStreamImportDockerHub integration test to unblock the queue #16336
    • Retry image stream updates when pruning images #16138
    • Updating docker --build-arg test due to docker code change #16541

    Release SHA256 Checksums

    922afb7a5642040ea7a6b780cd68eb1d15533b6376b503351a4c38a452338d11  ./openshift-origin-client-tools-v3.6.1-008f2d5-linux-64bit.tar.gz
    47d0167e0b496b3a64249e40a91513af998fba7d4ba725454e74a8203024ebd8  ./openshift-origin-server-v3.6.1-008f2d5-linux-64bit.tar.gz
    b7ecd27a0e3821868255898ef0ab47dfe0e5e371da6a58b0cbadd687e8dccca0  ./openshift-origin-client-tools-v3.6.1-008f2d5-mac.zip
    2a970aec5709f572faa02e877ea33d68e23407e2ec6e39ddc3683077814f6031  ./openshift-origin-client-tools-v3.6.1-008f2d5-windows.zip
    62a71b1d94abbf34936a021e56881db981634dcfed83bd8ab4052d19a31fd0d4  ./CHECKSUM
    
    Source code(tar.gz)
    Source code(zip)
    CHECKSUM(706 bytes)
    openshift-origin-client-tools-v3.6.1-008f2d5-linux-64bit.tar.gz(34.76 MB)
    openshift-origin-client-tools-v3.6.1-008f2d5-mac.zip(33.78 MB)
    openshift-origin-client-tools-v3.6.1-008f2d5-windows.zip(33.97 MB)
    openshift-origin-image-v3.6.1-008f2d5-linux-64bit.tar.gz(70.04 MB)
    openshift-origin-server-v3.6.1-008f2d5-linux-64bit.tar.gz(108.30 MB)
Owner
OpenShift
The developer and operations friendly Kubernetes distro
OpenShift
GreenMail is an open source, intuitive and easy-to-use test suite of email servers for testing purposes.

GreenMail GreenMail is an open source, intuitive and easy-to-use test suite of email servers for testing purposes. Supports SMTP, POP3, IMAP with SSL

null 529 Dec 28, 2022
A suite of software tools and services created to support activity planning and sequencing needs of missions with modeling, simulation, scheduling and validation capabilities

Aerie A suite of software tools and services created to support activity planning and sequencing needs of missions with modeling, simulation, scheduli

NASA Advanced Multi-Mission Operations System 31 Jan 3, 2023
Auto-Unit-Test-Case-Generator automatically generates high-level code-coverage JUnit test suites for Java, widely used within the ANT Group.

中文README传送门 What is Auto-Unit-Test-Case-Generator Auto-Unit-Test-Case-Generator generates JUnit test suites for Java class just as its name. During te

TRaaS 108 Dec 22, 2022
Test-Driven Security

Test-Driven Security Run tests ./gradlew test References Spring Security test support https://docs.spring.io/spring-security/site/docs/current/referen

Eleftheria Stein-Kousathana 60 Oct 11, 2022
Integration Test Framework for Paper!

MiniTestFramework Integration Test Framework for Paper! Usage Install plugin Create Test Structure /test create <filename.testname> [width] Build cont

MiniDigger | Martin 12 Nov 25, 2022
An examples of creating test records in the database with Spring Boot + Spring Data + JPA usage.

Spring Boot + JPA — Clear Tests An examples of creating test records in the database with Spring Boot + Spring Data + JPA usage. Check out the article

Semyon Kirekov 8 Nov 24, 2022
CVE-2021-44228 - Apache log4j RCE quick test

Build ./build.sh Start log4j RCE Server ./start-log4j-rce-server.sh Test Run java -cp log4j-rce-1.0-SNAPSHOT-all.jar log4j Check if you get logs in ha

Jeffrey Li 3 Feb 1, 2022
Test case to check if the Log4Shell/CVE-2021-44228 hotfix will raise any unexpected exceptions

Log4Shell Hotfix Side Effect Test Case I wanted to know if any ClassNotFoundException or similar unexpected exception is raised when one applies the C

Malte S. Stretz 3 Nov 9, 2022
MessageEngine by afkvido. Alpha test is the most updated but may contain many bugs

MessageEngine Alpha Alpha Testing This is the most frequently updated, fresh, and potentially most glitchy version of MessageEngine. This version will

gemsvidø 3 Feb 7, 2022
Tzatziki - Decathlon library to ease and promote Test Driven Development of Java microservices!

Tzatziki Steps Library This project is a collection of ready-to-use Cucumber steps making it easy to TDD Java microservices by focusing on an outside-

Decathlon 32 Dec 15, 2022
Trust-java - Test Results Verification library for Java

TRUST - Test Results Verification library for Java The TRUST's primary goal is to provide the simple way of different test results verification. Gener

Serhii Shymkiv 2 Nov 19, 2017
A unit testing library for varying test data.

Burst A unit testing library for varying test data. DEPRECATED: Burst remains stable and functional, but you should check out TestParameterInjector fr

Square 464 Oct 9, 2022
This project will help to test the Log4j CVE-2021-44228 vulnerability.

Log4j-JNDIServer This project will help to test the Log4j CVE-2021-44228/CVE-2021-45046 vulnerabilities. Installation and Building Load the project on

Immunity, Inc 9 Jun 30, 2022
Connection Pool Test Setup

Connection Pool Test Setup Setup to test the behavior of http connection pools with the following setup server-apache apache server with proxy-pass to

Johannes Wendig 1 Jan 21, 2022
Test assignment for the course from MTS.Teta Java Middle Developer. 2022

Сервис по планированию задач Список фичей: Пользователь может добавлять, удалять, закрывать и заново открывать задачи Названия задач должны быть уника

Semyon Kirekov 7 Nov 1, 2022
Android PackageInstaller API silent update test app

Android PackageInstaller API silent update test app

南宫雪珊 45 Dec 13, 2022
Set of project to test how fast is compilation on your computer

Бенчмарк сборки Android проектов Репозиторий содержит несколько проектов, для которые необходимо запустить тесты и зарепортить их результаты Методика

Android Broadcast 3 Jul 29, 2022
Section B of Assignment 1. Setup project and collaborate on GitHub by writing test fixtures.

Task Each member (including the team leader) should create a branch (use student number as the branch name) and include a small program in the branch

Quinn Frost 1 Apr 6, 2022
Spring Boot Rest API unit test with Junit 5, Mockito, Maven

Spring Boot Rest API unit testing with Junit 5, Mockito, Maven Apply Spring Boot @WebMvcTest for Rest Controller Unit Test with JUnit 5 and Mockito. F

null 19 Dec 22, 2022