v3.9.0-alpha.3
Pre-release
Pre-release
smarterclayton
released this
08 Feb 01:57
·
14637 commits
to master
since this release
This is a feature release of OpenShift Origin.
Backwards Compatibility
- TODO
Changes
v3.9.0-alpha.3 (2018-01-23) Full Changelog
API
- TODO
Component updates
- Updated to Kubernetes v1.9.1-57-ga0ce1bc657 + patches
- 49312: allow the /version endpoint to pass through #17576
- 49885: Ignore UDP metrics in kubelet #17106
- 50390: Admit sysctls for other runtime. #17274
- 50673: Azure - Use cloud environment to instantiate storage client #17052
- 52260: fix azure disk mounter issue #17052
- 53135: Fixed counting of unbound PVCs towards limit of attached volumes #17442
- 53576: Revert "Validate if service has duplicate targetPort" #17115
- 53989: Remove repeated random string generations in scheduler volume predicate #17442
- 54410: Cpu manager reconcile loop - restore state #18055
- 54459: fix azure storage account num exhausting issue #17052
- 54597: kubelet: check for illegal container state transition #17514
- 54607: fix azure pv crash due to volumeSource.ReadOnly value nil #17052
- 55248: increase iptables max wait from 2 seconds to 5 (fix) #17115
- 55316: Make StatefulSet report an event when recreating failed pod #18060
- 55631: Parse and return the last line in the log even if it is partial #17198
- 55641: dockershim: remove corrupt checkpoints immediately upon detection #17299
- 55703: use full gopath for externalTypes #17115
- 55704: Return original error instead of negotiation one #17115
- 55772: Only attempt to construct GC informers for watchable resources #17115
- 55796: Correct ConstructVolumeSpec() #17423
- 55974: Allow constructing spdy executor from existing transports #17115
- 55974: Allow constructing spdy executor from existing transports #17391
- 56045: Fix getting logs from daemonset #17405
- 56191: CPU Manager panics on state initialization error #18055
- 56356: Wait for controllerrevision informer to sync on statefulset controller startup #17513
- 56408: admission: do not leak admission plugin config types outside of the plugin #18111
- 56503: MustRunAsNonRoot should reject a pod if it has non-numeric USER #17512
- 56506: kubelet: include runtime error in event on CreatePodSandbox failure #18002
- 56687: kube-apiserver: enable admissionregistration v1beta1 api by default #17576
- 56864: pick pod-selector changes from #56864 #17616
- 56971: LimitRange ignores objects previously marked for deletion #17978
- 57099: increase the podLogTimeout for downward volume test #17627
- 57107: Check ns setup error during e2e #17576
- 57148: expose special storage locations #17576
- 57149: make quota reusable #17576
- 57150: allow convert to default on a per object basis #17576
- 57211: Process cluster-scoped owners correctly #17820
- 57214: Remove mutation from pvc validation #17876
- 57247: cpumanager: Propagate error up instead panic #18051
- 57276: Fix vsphere cloudprovider naming #17961
- 57349: add watch to requirements for quota-able resources #17863
- 57993: Add volumemetrics for glusterfs plugin #18091
- 58018: make controller port exposure optional #18003
- 58107: Fix quota controller worker deadlock #18080
- 58302: uniquify resource lock identities #18100
- : add flag for running bare kube-controller-manager #18100
- : add our immortal namespaces directly to admission plugin #17914
- : allow controller context injection to share informers #17115
- : allow injection of controller context function #18003
- : allow injection of controller context function #18097
- : allow multiple containers to union for swagger #17115
- : disable failing etcd test for old level #17391
- : exclude some origin resources from quota #17576
- : keep set working on internal types #17576
- : make wiring in kubeproxy easy until we sort out config #17576
- : patch scheduler to apply defaults. drop once we run separate scheduler #17576
- : switch apply to use the legacyscheme so our types can be handled #17576
- : switch back to use encode/json to avoid serialization errors #17115
- : switch back to use ugorji/go to avoid deserialization errors #17768
- : add back PrintSuccess. remove when printing is fixed #17576
- : disable flaky InitFederation unit test #17115
- : enable beta APIs by default. fixed by several pulls upstream #17576
- : etcd testing #17115
- : remove usage of bad transport since only GKE routes #17576
- : run hack/copy-kube-artifacts.sh #17115
- : skip controller metric error, drop once we run in a separate process #17576
- : skip scheduler configz error, drop once we run in a separate process #17576
- : stop adding federation to hyperkube one release early #17663
- revert: 9176245: : allow controller context injection to share informers #17861
- revert: cf235c2: UPSTREAM: : switch apply to use the legacyscheme so our types can be handled #17885
- Updated to Docker distribution v2.6.0-rc.1-210-g00b6b84 + patches
Features
- TODO
Bugs
- build: Fixed the wrong name of building image. According to the implementati… #17050
- Fixed the wrong name of building image. According to the implementation and running behavior. the building image is openshift/origin-release (215b3d8)
- auth: Allow registry-admin to manage RBAC roles and bindings #17247
- cli: Improve the documentation for oc rollout #17081
- Since the 'oc deploy' is deprecated. It is better for providing usage 'oc set trigger'. Forgetting the 'oc deploy'. (cdfe840)
- cli: oc set probe err message improvements #17107
- move error cause to top of err message (1acd699)
- image: don't create output imagestrem if already exists with newapp #16843
- don't create output imagestrem if already exists with newapp; better circular tag detection (697ee8e)
- auth: Improve the oc auth subcommands CLI example #17270
- Improve the
oc auth
subcommands CLI example usage: Replaced thekubectl
tooc
(d379c09)
- Improve the
- Fix parse error for multiple OPTIONS to run node #17212
- make assetconfig a top level type #17310
- Trivial fix to do fewer allocations in OVS healthcheck #17313
- Avoid parsing the whole dump-flows output in the OVS health check (67a57a3)
- image: Add python 3.6 S2I image to examples #17281
- Add python 3.6 S2I image (d4a8e61)
- image: Imagestream tag exclude from pruning #16580
- Add new option to exclude imagestream tag from pruning by regular expression (b70983d)
- cluster: clusterup add .skip_pv marker #16631
- add skip_pv marker to skip PV creation (7f448c0)
- router: Router: Changed default resource resync interval from 10mins to 30mins #17012
- build: remove kubectl from openshift (but not oc) #17305
- cluster: Limit fail-on-swap override to cluster-up #17385
- server: Remove overwrite_bootstrappolicy and pkg/cmd/server/admin/legacyetcd #17336
- switch to hyperkube and remove renames #17369
- security: admission_test.go(TestAdmit): compare SecurityContexts instead of particular members #17296
- admission_test.go(testSCCAdmission): print test case name when test fails. (df809c4)
- admission_test.go(TestAdmit): eliminate duplicated code by using existing method. (c634e11)
- admission_test.go(TestAdmit): split to TestAdmitSuccess and TestAdmitFailure. (d935b12)
- admission_test.go(TestAdmitFailure): reduce code by (enchancing and) using existing function. (f51843c)
- admission_test.go(setupClientSet): extract function. (072358b)
- admission_test.go(createSCCLister): extract function. (d1895e0)
- admission_test.go: rename variable to better describe its type. (0cdb8b1)
- admission_test.go(createSCCListerAndIndexer): introduce and use function. (ae97160)
- admission_test.go(saExactSCC): extract function. (e8a9047)
- admission_test.go(saSCC): extract function. (4eaeda2)
- admission_test.go(TestAdmitSuccess): compare SecurityContexts instead of particular members. (0ea1b36)
- admission_test.go(testSCCAdmission): modify to signalize about errors. (0016ceb)
- admission_test.go(TestAdmitSuccess): remove hardcoded SELinux level. (268aea6)
- switch the easy admission plugins to external types #17288
- pkg/security/OWNERS: add simo5 to the list of approvers #17406
- pkg/security/OWNERS: add simo5 to the list of approvers. (2c0ee83)
- image: remove openshift cli and friends #17396
- cluster: Gate fail-swap-on flag with a version check #17410
- server: switch to glide #17391
- fix multiarch import tests #17437
- disable multiarch import tests (2dbe4f4)
- template: Add provisioner template for local storage #16538
- image: Change imagestreamtag sorting #17430
- server: Switch to use .DeepCopy() instead of kapi.Scheme.DeepCopy() #17444
- test: Extend the e2e suite to a broader range of tests #17417
- cli: Begin moving pkgs w/ deps on pkg/oc #17332
- break dep on pkg/oc - generator/generator.go (9fd5519)
- Update prometheus to 2.0.0 GA #17039
- Update prometheus to rc2 (b591821)
- server: Switch to openshift/api #17477
- add openshift api dependency (5aaa00b)
- move-package script (b505911)
- generated move results (9d41cbe)
- manual prep for move (e491d07)
- update register files (d4db27a)
- update generation script (662468e)
- update manual conversion references (4023e66)
- move helper to single point of use (e825c5f)
- adjust to new client (95cac05)
- react to gopkg.in/ldap.v2 bump (8f5944f)
- something happened to the openshift proto definitions (0d7864f)
- generated (6b0e2c4)
- remove openshift infra command #17482
- node: Add test to guard unset fields in deployer pod #17471
- add test to guard for new pod fields in deployer controller (9084edf)
- node, syscontainer: drop /var/lib/docker mount point #15115
- build: set selinux labels on build docker containers when running pods in crio #17094
- hack: hack/lib/init.sh: minor shell and readme improvement #17501
- hack/lib/init.sh: minor shell and readme improvement (644ad02)
- image: install ceph luminous package in centos7 based image #17350
- deploy: apps: extend extended tests to better check for deployer invariants and enable back the old check #16998
- Fixup variable names in DC controller (086cc82)
- Make deployment test reproducible when randomness is involved (705e69b)
- Add asynchronous deployer pod invariant checker for every test (020235f)
- Enable back the old check for multiple deployer pods temporarily disabled in #16956 (62b1cbc)
- Add some test to stress test deployer pod invariants (ba495e5)
- cli: move "openshift ex" -> "oc ex" #17486
- server: pick pull 17473: stop adding beta admission config to default master configs #17516
- template: break dep on clientcmd in pkgs outside pkg oc #17357
- deploy: Fix DC reaper to deal with invalid resource name. #17492
- Exclude myself from most of the OWNERS files #17557
- prevent references from origin to oc #17536
- prevent references from origin to oc (c1c9636)
- auth: Infrastructure changes for token timeouts #17614
- cluster: cluster up support for N-1 clusters #17338
- deploy: Remove journald limits #17597
- auth: Fail fast when request to /.well-known/oauth-authorization-server fails #17606
- Fail fast when request to /.well-known/oauth-authorization-server fails. (51e0daf)
- Introduce custom Grafana for openshift prometheus. #17037
- Introduce custome Grafana for openshift prometheus. (ca061f2)
- deploy: Fix deploymentconfig scale #17587
- build: adjust bld prometheus ext test for concurrent tests, cross namespace … #17635
- adjust bld prometheus ext test for concurrent tests, cross namespace builds (bc923a2)
- node: sdn: make pod operation metrics more useful and collectable #17250
- fix prometheus readme: bld phase/reason conversion to all lower case … #17809
- fix prometheus readme: bld phase/reason conversion to all lower case was reverted (f1194fd)
- deploy: re-enable deployment test #17751
- cluster: diagnostics: minor fixes #17772
- auth: NetworkPolicy RBAC fixes #17549
- Update OpenShift roles for networking.k8s.io (98b52bf)
- sync prometheus ext tests running in parallel #17717
- account for already exist race with prometheus ext tests (9b9f68d)
- router: re-enable router metrics test #17753
- re-enable router metrics test (f6b0568)
- Workaround for broken quota admission test #17830
- Fix quota admission test (93e0508)
- Restore ugorji json decoding with type coercion #17768
- Add compatibility test for (shudder) string->int and {}->[] coercion (a8b819c)
- Allow the configuration of individual controllers #17572
- test: tweak failing-dc e2e test with sleep so docker have time to get the hook container logs #17746
- add sleep to failing-dc fixture so docker have time to gather logs from hook container (6ace95d)
- build: Update gitignore for vendored build output files #17848
- Add the output directories for incubators to .gitignore (70400f6)
- hack: UPSTREAM: 57214: Remove mutation from pvc validation #17876
- fake godeps.json to make hack/cherry-pick.sh work (adc5326)
- server: Add origin types kubectl scheme #17885
- hack: hack/update-dep.sh proof #17810
- cluster: Remove hardcoded fields for parameter substitution configuration in Cluster Loader #17072
- Remove hardcoded fields for Cluster Loader parameters (3bef3a2)
- cli: Add --selector, --pod-selector flags
oc adm drain
#17616- update completions (9f49283)
- Update swagger spec generation #17688
- deploy: Fix race in extended deployments test #17889
- Fix race in extended deployments test "should deal with cancellation after deployer pod succeeded" (84cdf40)
- Fix SDN exponential backoff timeouts #17739
- Fix SDN exponential backoff timeouts (ac0793c)
- Moved getLocalSubnet() from node/sdn_controller.go to node/subnets.go (2603e1f)
- run openshift and kube controllers on different leases #17861
- run openshift and kube controllers on different leases (766a973)
- image: Add labels column to
oc get images --show-labels
output #17846 - server: Changing API flow description #17960
- Update glide again #17962
- Rebase service catalog to v0.1.3 #17378
- Squashed 'cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/' changes from 3064247d05..d969acde90 (cedd00c)
- build: move builder images to use external apis #17699
- security: SCC admission plugin: extract name to a constant #17856
- PSP admission plugin: extract name to a constant and a couple minor improvements. (7109512)
- security: Improve the process of pod updates by preferring non-mutating SCCs and reducing pod mutations #16934
- SecurityContextConstraints: do not mutate nil privileged field to false. (5b2b98f)
- SecurityContextConstraints: only set runAsNonRoot when runAsUser is nil. (014f66d)
- SecurityContextConstraints: avoid unnecessary mutation of container capabilities. (2e79df0)
- SecurityContextConstraints: avoid unnecessary mutation of supplemental groups. (1b41ef7)
- SecurityContextConstraints: pass effective capabilities to validation interface. (098d160)
- SecurityContextConstraints: limit validation to provided groups. (abd601c)
- SecurityContextConstraints: pass effective selinux options to validate. (b5a8497)
- SecurityContextConstraints: pass effective runAsNonRoot and runAsUser to user validation interface. (3d4c343)
- Add unit tests for RunAsUser.MustRunAsRange strategy. (d07223b)
- SecurityContextConstraints: avoid unnecessary securitycontext mutation. (f4d81e2)
- Security Context Constraints: prefer non-mutating SCC on update. (de94214)
- node: skip docker ping check when using fake docker #17979
- node: use a warning instead of fatal when docker ping fails (ca5ca9c)
- router: Fix indentation in egress-router.sh #18001
- fix indentation (8622953)
- Split prometheus alerting rules, add new automated recording rules #17553
- Add proper error message to OVS health check #17890
- build: run jenkins java builds in memory constrained pods #17832
- server: re-enable openapi aggregation #17899
- test: Implement a way to time out tokens based on (in)activity #17640
- cluster: Adding synchronization and other features to extended test cluster loader. #17894
- Adding synchronization and other features to extended test's cluster loader. (dd2366b)
- node: Fix passing container to pod logs from dc #18017
- cluster: Support web console image for cluster up #17575
- network: Remove numerous "Provided subnet doesn't belong to network" when configured with multiple subnets #17973
- fix github issue 17475 (659a4ae)
- Rebase to 1.9.1 #18003
- stop special casing creation for ns lifecycle admission #17914
- stop special casing creation for ns lifecycle admission (de77da5)
- add proxy for the webconsole #17862
- cli: Fix segv error for usage error of oc set env command #17932
- Fix segv error for usage error of set env (95e7a0a)
- ex: dockergc: various fixes #17479
- router: Bump router to haprox18 #18053
- auth: Revert back to the "normal" apiserver authentication #15739
- Revert "disable TSB client cert and front proxy auth until aggregation is on by default" (7b09621)
- dind-ovn: use golang binaries instead of python ones #17541
- With upstream PR: ovn-kubernetes/ovn-kubernetes#173, this PR will obsolete the python binaries (except gateway helper) (7697cb9)
- reflect the new install procedure as in ovn-kubernetes/ovn-kubernetes#192 (96d39c4)
- auth: apps: Fix dc triggers reconciliation on image change and do not deploy DCs with empty image #17539
- cli: bug 1470374 - oc new-app behaviour #17457
- Add "no git installed" logic for oc new-app syntax (4113dc5)
- router: Pull haproxy from the right place #18066
- Allow haproxy from CentOs (90a1310)
- auth: remove oauth server dependency from most integration tests #18067
- cluster: Cluster capacity rebase to kubernetes 1.9 #18088
- server: Use webconsole.config.openshift.io/v1 API group #18056
- Use WebConsoleConfiguration API group (0ac3f9d)
- template: Improve ISSUE_TEMPLATE.md #18027
- .github/ISSUE_TEMPLATE.md: improve. (232751e)
- cli: fix -o panic oc rollback #18040
- patch controllers for storage #18097
- inject an informer factory override for kube controllers to minimize impact (33febce)
- Resolve admission plugin config files #12321
- Clean Prometheus example #17992
- Clean prometheus example. Add proxy for alertmanager (45eb81a)
- tolerate discovery and errors better #17195
- allow error and partial result for legacy discovery (8233cb6)
- cli: Deprecate oc secrets subcomands #18093
- image: Add image-streams and update db-templates #17922
- Add image-streams and update db-templates. (9d12ad6)
- add wiring for running bare kube-controller-manager #18100
- make use of the patched kubecontroller manager in openshift (bd48fc8)
- image:
oc image mirror
was accidentally broken during dependency updating #18078 - web: from 721cde05fe8c386935adc209638700b2476dd228^..721cde05fe8c386935adc209638700b2476dd228
Release SHA256 Checksums
aaf1b7115b83105e9acd8687ff5cb43c698a9a7fcd8e6515860303e1e8bd10a0 ./openshift-origin-client-tools-v3.9.0-alpha.3-78ddc10-linux-64bit.tar.gz
619ca9350fa70116e7c4544c2be30c544346d054e2f457e3fdd0cab4f7c01996 ./openshift-origin-server-v3.9.0-alpha.3-78ddc10-linux-64bit.tar.gz
b03bcc33ede03632d97158555157800aabbc11bf005a5c88633eb252ad71ef8f ./openshift-origin-client-tools-v3.9.0-alpha.3-78ddc10-mac.zip
cc8744074ea4ac0cb746b4f1289c1d88b7cc56ec1239d0411dfed780e1d14e93 ./openshift-origin-client-tools-v3.9.0-alpha.3-78ddc10-windows.zip