Merge pull request #100751 from wgabor0427/wgabor-os-api-server

OSDOCAS-15028 added Openshift API server RNs

Author: lpettyjo

release_notes/ocp-4-20-release-notes.adoc

@@ -1022,9 +1022,9 @@ The {secrets-store-operator} version 4.20 is now based on the upstream v1.5.2 re
 [id="ocp-release-notes-storage-vol-populators_{context}"]
 ==== Volume populators are generally available
 
-The volume populators feature allows you to create pre-populated volumes. 
+The volume populators feature allows you to create pre-populated volumes.
 
-{product-title} 4.20 introduces a new field `dataSourceRef` for volume populator functionality that expands the objects that can be used as a data source for pre-population of volumes, from only persistent volume claims (PVC) and snapshots, to any appropriate custom resource (CR). 
+{product-title} 4.20 introduces a new field `dataSourceRef` for volume populator functionality that expands the objects that can be used as a data source for pre-population of volumes, from only persistent volume claims (PVC) and snapshots, to any appropriate custom resource (CR).
 
 {product-title} now ships `volume-data-source-validator`, which reports events on PVCs that use a volume populator without a corresponding `VolumePopulator` instance. Previous {product-title} versions did not require `VolumePopulator` instances, so if you are upgrading from 4.12, or later, you might receive events about unregistered populators. If you installed `volume-data-source-validator` yourself previously, you can remove your version.
 
@@ -1074,7 +1074,7 @@ For more information about One Zone, see xref:../storage/container_storage_inter
 Certain operations of a volume can cause pod startup delays, which might cause pod timeouts.
 
 *fsGroup:*
-For volumes with many files, pod startup timeouts can occur because, by default, {product-title} recursively changes ownership and permissions for the contents of each volume to match the `fsGroup` specified in a pod’s `securityContext` when that volume is mounted. This can be time consuming, slowing pod startup. You can use the `fsGroupChangePolicy` parameter inside a `securityContext` to control the way that {product-title} checks and manages ownership and permissions for a volume. 
+For volumes with many files, pod startup timeouts can occur because, by default, {product-title} recursively changes ownership and permissions for the contents of each volume to match the `fsGroup` specified in a pod’s `securityContext` when that volume is mounted. This can be time consuming, slowing pod startup. You can use the `fsGroupChangePolicy` parameter inside a `securityContext` to control the way that {product-title} checks and manages ownership and permissions for a volume.
 
 Changing this parameter at the pod level was introduced in {product-title} 4.10. In 4.20, you can set this parameter at the namespace level, in addition to the pod level, as a generally available feature.
 
@@ -1088,7 +1088,7 @@ ReadWriteOncePod (RWOP) persistent volumes use the SELinux mount feature by defa
 ReadWriteOnce (RWO) and ReadWriteMany (RWX) volumes use recursive relabeling by default. Mount option for RWO/RWX was introduced in {product-title} 4.17 as a Developer Preview feature, but is now supported in 4.20 as a Technology Preview feature.
 
 [IMPORTANT]
-====	
+====
 In a future {product-title} version, RWO and RWX volumes will use mount option by default.
 ====
 
@@ -1138,11 +1138,11 @@ To view the revised procedure, see xref:../storage/container_storage_interface/p
 
 ==== Support for custom application icons in the Import flow
 
-Before this update, the *Container image* form flow provided only a limited set of predefined icons for applications.  
+Before this update, the *Container image* form flow provided only a limited set of predefined icons for applications.
 
-With this update, you can add custom icons when you import applications through the *Container image* form. For existing applications, apply the `app.openshift.io/custom-icon` annotation to add a custom icon to the corresponding *Topology* node.  
+With this update, you can add custom icons when you import applications through the *Container image* form. For existing applications, apply the `app.openshift.io/custom-icon` annotation to add a custom icon to the corresponding *Topology* node.
 
-As a result, you can better identify applications in the *Topology* view and organize your projects more clearly.  
+As a result, you can better identify applications in the *Topology* view and organize your projects more clearly.
 
 [id="ocp-release-notable-technical-changes_{context}"]
 == Notable technical changes
@@ -1969,6 +1969,13 @@ With this release, the warning message no longer appears in the `metrics-server`
 
 * Before this update, `oc-mirror` did not check the availability of the specific {product-title} version, and caused it to continue with non-existent versions. As a consequence, users assumed that the mirroring was successful because no error messages were received. With this release, `oc-mirror` returns an error when a non-existent {product-title} version is specified, in addition to a reason for the issue. As a result, users are aware of unavailable versions and can take appropriate action. (link:https://issues.redhat.com/browse/OCPBUGS-51157[OCPBUGS-51157])
 
+[id="ocp-release-note-openshift-api-server-bug-fixes_{context}"]
+=== OpenShift API Server
+
+* Before this update, on a cluster upgraded from {product-title} 4.16, or earlier, there might be previously generated image pull secrets that cannot be deleted due to the presence of the `openshift.io/legacy-token` finalizer, if the internal Image Registry was removed. With this release, the issue no longer occurs. (link:https://issues.redhat.com/browse/OCPBUGS-52193[OCPBUGS-52193])
+
+* Before this update, deleting an `istag` resource with the `--dry-run=server` option unintentionally caused actual deletion of the image from the server. This unexpected deletion occurred due to the `dry-run` option being implemented incorrectly in the `oc delete istag` command. With this release, the `dry-run` option is wired to the 'oc delete istag' command. As a result, the accidental deletion of image objects is prevented and the `istag` object remains intact when using the `--dry-run=server` option. (link:https://issues.redhat.com/browse/OCPBUGS-35855[OCPBUGS-35855])
+
 [id="ocp-release-note-oc-cli-bug-fixes_{context}"]
 === OpenShift CLI (oc)
 
@@ -2798,7 +2805,7 @@ When upgrading to {product-title} 4.20, clusters are unaffected until you opt in
 +
 [NOTE]
 ====
-Existing {product-title} 4.19 clusters are unaffected until you explicitly enable user namespaces, which is a Technology Preview feature in {product-title} 4.19. 
+Existing {product-title} 4.19 clusters are unaffected until you explicitly enable user namespaces, which is a Technology Preview feature in {product-title} 4.19.
 ====
 
 * When installing a cluster on {azure-short}, if you set any of the `compute.platform.azure.identity.type`, `controlplane.platform.azure.identity.type`, or `platform.azure.defaultMachinePlatform.identity.type` field values to `None`, your cluster is unable to pull images from the Azure Container Registry.