OSDOCS-13815: Documented the 4.17.23 z-stream RNs

dfitzmau · dfitzmau · commit 93352a2ec51a · 2025-04-03T10:35:01.000+01:00
diff --git a/release_notes/ocp-4-17-release-notes.adoc b/release_notes/ocp-4-17-release-notes.adoc
@@ -2879,6 +2879,62 @@ This section will continue to be updated over time to provide notes on enhanceme
 For any {product-title} release, always review the instructions on xref:../updating/updating_a_cluster/updating-cluster-web-console.adoc#updating-cluster-web-console[updating your cluster] properly.
 ====
 
+// 4.17.23
+[id="ocp-4-17-23_{context}"]
+=== RHSA-2025:3297 - {product-title} {product-version}.23 bug fix, and security update advisory
+
+Issued: 03 April 2025
+
+{product-title} release {product-version}.23 is now available. The list of bug fixes that are included in the update is documented in the link:https://access.redhat.com/errata/RHSA-2025:3297[RHSA-2025:3297] advisory. The RPM packages that are included in the update are provided by the link:https://access.redhat.com/errata/RHBA-2025:3299[RHBA-2025:3299] advisory.
+
+Space precluded documenting all of the container images for this release in the advisory.
+
+You can view the container images in this release by running the following command:
+
+[source,terminal]
+----
+$ oc adm release info 4.17.23 --pullspecs
+----
+
+////
+[id="ocp-4-17-23-known-issues_{context}"]
+==== Known issues
+
+* Previously for a cluster that runs on {rh-openstack-first}, if the router and virtual machines (VMs) existed on different compute nodes, the distribution of floating IP (FIP) addresses and virtual IP (VIP) addresses on control plane nodes was impacted. //issues.redhat.com/browse/OCPBUGS-52160
+////
+
+
+[id="ocp-4-17-23-bug-fixes_{context}"]
+==== Bug fixes
+
+* Previously, the Operator Marketplace and the {olm-first} used an older version, v1.24, of the `pod-security.kubernetes.io/` label. With this release, the namespace where Operator Marketplace is deployed now uses the Pod Security Admission (PSA) label marked as `latest`. (link:https://issues.redhat.com/browse/OCPBUGS-53283[*OCPBUGS-53283*]) 
+
+* Previously, the `openshift-install agent create pxe-files` command created temporary directories in `/tmp/agent` and the command did not remove these directories upon command completion. With this release, the command now removes the directories upon completion, so no you do not need to manual deleted the directories. (link:https://issues.redhat.com/browse/OCPBUGS-52961[*OCPBUGS-52961*])
+
+* Previously, a code migration operation failed to process external labels correctly on the *Alert detail* page on the *Administrator perspective* of the web console. These external labels are required to prevent silenced alert notifications from getting added to notification bell icon. Because the *Alert detail* page did not handle external labels correctly, the notification bell provided links to these *Alert detail* pages that generated a `no matching alerts found` message when you clicked on a link. With this release, the *Alert detail* page accepts external labels so clicking on an alert in the notification bell links to the correct *Alert detail* page. (link:https://issues.redhat.com/browse/OCPBUGS-51117[*OCPBUGS-51117*])
+
+* Previously, when you created a cluster that includes the following `kubevirt` CR configuration, you received a `failed to reconcile virt launcher policy: could not determine if <address_name>` is an IPv4 or IPv6 address` error message:
++
+[source,yaml]
+----
+# ...
+- service: APIServer
+    servicePublishingStrategy:
+      type: NodePort
+      nodePort:
+        address: <address_name>
+        port: 305030
+# ...
+----
++
+This error message was generated because network policies were not properly deployed on virtual machine (VM) namespaces. With this release, a fix means that you can add a host name address to the `nodePort.address` configuration of the CR so that network policies can be properly deployed on VMs. (link:https://issues.redhat.com/browse/OCPBUGS-48439[*OCPBUGS-48439*])
+
+* Previously, the Single Root I/O Virtualization (SR-IOV)  network config daemon unbinded network drivers from the physical function (PF) interface instead of unbinding the drivers from the virtual function (VF) interface when SR-IOV was configured with an InfiniBand (IB) type. This unbinding workflow removed the IB interface from the node, and this sitaution made the IB interface non-functional. With this release, a fix to the SR-IOV network config daemon ensures that the IB interface remains functional when it correctly unbinds the VF network interface. Additionally, the SR-IOV Network Operator targets the network drivers of a VF interface instead of the PF interface when configuring SR-IOV with an IB type. (link:https://issues.redhat.com/browse/OCPBUGS-53254[*OCPBUGS-53254*])
+
+[id="ocp-4-17-23-updating_{context}"]
+==== Updating
+To update an {product-title} 4.17 cluster to this latest release, see xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI].
+
 // 4.17.22
 [id="ocp-4-17-22_{context}"]
 === RHSA-2025:3059 - {product-title} {product-version}.22 bug fix, and security update advisory
