You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
==== No service interruptions for certificate-related issues
66
+
67
+
With this update, self-signed loopback certificates in API servers are prevented from expiring, and ensures a stable and secure connection within Kubernetes 4.16.z. This enhancement backports a solution from a newer version, cherry-picks a specific pull request and applies it to the selected version. This reduces the likelihood of service interruptions due to certificate-related issues, providing a more reliable user experience in Kubernetes 4.16.z deployments.
With this update, the communication flows matrix for {product-title} is enhanced. The feature automatically generates services for open ports 17697 (TCP) and 6080 (TCP) on the primary node, and ensures that all open ports have corresponding endpoint slices. This results in accurate and up-to-date communication flows matrixes, improves the overall security and efficiency of the communication matrix, and provides a more comprehensive and reliable communication matrix for users.
@@ -1511,7 +1524,7 @@ The Red{nbsp}Hat Marketplace is deprecated. Customers who use the partner softwa
1511
1524
1512
1525
* Previously, in certain configurations, the kubelet `podresources` API might have reported memory that was assigned to both active and terminated pods, instead of reporting memory assigned to active pods only. As a consequence, this inaccurate reporting might have affected workload placement by the NUMA-aware scheduler.
1513
1526
+
1514
-
With this release, kubelet no longer reports resources for terminated pods, which results in accurate workload placement by the NUMA-aware scheduler. (link:https://issues.redhat.com/browse/OCPBUGS-56785[OCPBUGS-56785)
1527
+
With this release, kubelet no longer reports resources for terminated pods, which results in accurate workload placement by the NUMA-aware scheduler. (link:https://issues.redhat.com/browse/OCPBUGS-56785[OCPBUGS-56785])
1515
1528
1516
1529
//Telco Edge / TALO
1517
1530
//Telco Edge / ZTP
@@ -1520,6 +1533,21 @@ With this release, kubelet no longer reports resources for terminated pods, whic
* Before this update, concurrent map iteration and kube-apiserver validation caused crashes. As a consequence, API server disruptions and `list watch` storms occurred. With this release, the concurrent map iteration and validation issue is resolved. As a result, API server crashes are prevented, and cluster stability is improved. (link:https://issues.redhat.com/browse/OCPBUGS-61347[OCPBUGS-61347])
1537
+
1538
+
* Before this update, the resource quantity and `IntOrString` fields validation cost were incorrectly calculated due to improper consideration of maximum field length in the Common Expression Language (CEL) validation. As a consequence, users encountered validation errors due to incorrect string length consideration in CEL validation. With this release, CEL validation correctly accounts for the maximum length of `IntOrString fields`. As a result, users can submit valid resource requests without CEL validation errors. (link:https://issues.redhat.com/browse/OCPBUGS-59756[OCPBUGS-59756])
1539
+
1540
+
* Before this update, the `node-system-admin-signer` validity was limited to one year and was not extended or refreshed at 2.5 years. This issue prevented issuing the `node-system-admin-client` for two years. With this release, the `node-system-admin-signer` validity is extended to three years, and issuing the `node-system-admin-client` for a two-year period is enabled. (link:https://issues.redhat.com/browse/OCPBUGS-59527[OCPBUGS-59527])
1541
+
1542
+
* Before this update, a cluster installation failure occurred on {ibm-title} and {azure-first} systems due to incompatibility with the `ShortCertRotation` feature gate. As a consequence, the cluster installation failed, and caused nodes to remain offline. With this release, the fix removes the `ShortCertRotation` feature gate during a cluster installation on {ibm-title} and {azure-first} systems. As a result, cluster installations are successful on these platforms. (link:https://issues.redhat.com/browse/OCPBUGS-57202[OCPBUGS-57202])
1543
+
1544
+
* Before this update, the `admissionregistration.k8s.io/v1beta1` API was served incorrectly in {product-title} version 4.17, despite being intended for deprecation and removal. This led to dependency issues for users. With this release, the deprecated API filter is registered for a phased removal, and requires administrative acknowledgment for upgrades. As a result, users do not encounter deprecated API errors in {product-title} version 4.20, and the system stability is improved. (link:https://issues.redhat.com/browse/OCPBUGS-55465[OCPBUGS-55465])
1545
+
1546
+
* Before this update, the certificate rotation controller copied and rewrote all of their changes, and caused excessive event spamming. As a consequence, users experienced excessive event spamming and potential etcd overload. With this release, the certificate rotation controller conflict is resolved, and reduces excessive event spamming. As a result, excessive event spamming in the certificate rotation controller is resolved, reduces the load on etcd, and improves the system stability.(link:https://issues.redhat.com/browse/OCPBUGS-55217[OCPBUGS-55217])
1547
+
1548
+
* Before this update, user secrets were logged in audit logs after enabling `WriteRequestBodies` profile settings. As a consequence, sensitive data was visible in the audit log. With this release, the `MachineConfig` object is removed from the audit log response, and prevents user secrets from being logged. As a result, secrets and credentials do not appear in audit logs. (link:https://issues.redhat.com/browse/OCPBUGS-52466[OCPBUGS-52466])
1549
+
1550
+
* Before this update, testing Operator conditions using synthesized methods instead of deploying and scheduling pods by using the deployment controller caused incorrect test results. As a consequence, users experienced test failures due to the incorrect use of synthesized conditions instead of real pod creation. With this release, the Kubernetes deployment controller is used for testing Operator conditions, and improves pod deployment reliability. (link:https://issues.redhat.com/browse/OCPBUGS-43777[OCPBUGS-43777])
0 commit comments