OSDOCS-15763:Update the z-stream RNs for 4.18.22

Author: Ted Avery

release_notes/ocp-4-18-release-notes.adoc

@@ -3023,6 +3023,60 @@ This section will continue to be updated over time to provide notes on enhanceme
 For any {product-title} release, always review the instructions on xref:../updating/updating_a_cluster/updating-cluster-web-console.adoc#updating-cluster-web-console[updating your cluster] properly.
 ====
 
+// 4.18.22
+[id="ocp-4-18-22_{context}"]
+=== RHSA-2025:13325 - {product-title} {product-version}.22 bug fix and security update
+
+Issued: 13 August 2025
+
+{product-title} release {product-version}.22 is now available. The list of bug fixes that are included in the update is documented in the link:https://access.redhat.com/errata/RHSA-2025:13325[RHSA-2025:13325] advisory. The RPM packages that are included in the update are provided by the link:https://access.redhat.com/errata/RHBA-2025:13326[RHBA-2025:13326] advisory.
+
+Space precluded documenting all of the container images for this release in the advisory.
+
+You can view the container images in this release by running the following command:
+
+[source,terminal]
+----
+$ oc adm release info 4.18.22 --pullspecs
+----
+
+[id="ocp-4-18-22-enhancements_{context}"]
+==== Enhancements
+
+* The readiness probes for the API server (`/readyz` endpoint) have been modified to exclude `etcd` checks. This modification prevents client connections from being closed if `etcd` is temporarily unavailable. As a result, `etcd` will be ready again before a client connection times out, enabling the client connections to persist through a brief `etcd` unavailability. This persistence minimizes temporary API server outages. (link:https://issues.redhat.com/browse/OCPBUGS-49749[OCPBUGS-49749])
+
+[id="ocp-4-18-22-known-issues_{context}"]
+==== Known issues
+
+* Stale Source Network Address Translations (SNATs) or routing policies might occur in the following circumstances:
+** You are upgrading from 4.17 to 4.18 during an update of the OVN-Kubernetes image.
+** During the upgrade, if a pod on another system that was selected by an egress IP was deleted when the `ovnkube-node` pod was not running. (link:https://issues.redhat.com/browse/OCPBUGS-59531[OCPBUGS-59531])
+
+[id="ocp-4-18-22-bug-fixes_{context}"]
+==== Bug fixes
+
+* Before this update, destroying a cluster in the unsupported region `mx-central-1` caused the destroyer to fail to find a partition and not exit. As a consequence, you could not destroy an {product-title} cluster in the `mx-central-1`region due to constant error reporting. With this release, the destroyer does not report errors for the unsupported region `mx-central-1`, which enables the successful destruction of a cluster. (link:https://issues.redhat.com/browse/OCPBUGS-56177[OCPBUGS-56177])
+
+* Before this update, combined specification and status updates lists triggered unnecessary firmware upgrades, which caused system downtime. With this release, a firmware upgrade optimization skips unnecessary firmware upgrades. (link:https://issues.redhat.com/browse/OCPBUGS-56766[OCPBUGS-56766])
+
+* Before this update, the `console-telemetry` plugin received a `Forbidden` error due to using the wrong API endpoint for tracking usage. As a consequence, the `Forbidden error in console-telemetry-plugin usage tracking` error occurred. With this release, the `console-telemetry` plugin posts usage data to `/api/metrics/usage` instead of `/metrics/usage`. As a result, the `console-telemetry`plugin does not receive a `Forbidden` error, which ensures accurate usage tracking. (link:https://issues.redhat.com/browse/OCPBUGS-58364[OCPBUGS-58364])
+
+* Before this update, the installer failed when {aws-first} credentials were not found and the survey was attempting to list all {aws-short} regions preventing users from creating the install-config. With this release, the installer no longer fails when {aws-short} credentials are not set, allow users to input them during the survey. (link:https://issues.redhat.com/browse/OCPBUGS-59155[OCPBUGS-59155])
+
+* Before this update, when a `HostedCluster` was configured with a proxy URL such as http://user:pass@host, the authentication header was not getting forwarded by the konnectivity proxy to the user proxy, failing authentication. With this release, the proper authentication header is sent when a user and password is specified in the proxy URL. (link:https://issues.redhat.com/browse/OCPBUGS-59503[OCPBUGS-59503])
+
+* Before this update, the `oc-mirror`did not detect Helm Chart images that used an aliased sub-chart. As a consequence, the Helm Chart images were missing after mirroring. With this release, the `oc-mirror`detects and mirrors Helm Chart images with an aliased sub-chart. (link:https://issues.redhat.com/browse/OCPBUGS-59798[OCPBUGS-59798])
+
+* Before this update, worker scale-up jobs that used Podman v5 with the `container-tools` module for `netavark` failed due to denial of the Open Container Initiative (OCI) permission when writing `devices.allow` with `crun`. As a consequence, the container scaling jobs failed. With this release, the `netavark` dependency for Podman is disabled, and `runc` runtime is used instead. As a result, worker scale-up jobs are now successful. (link:https://issues.redhat.com/browse/OCPBUGS-59843[OCPBUGS-59843])
+
+* Before this update, when you cloned a .tar file with zero length, the `oc-mirror` ran indefinitely due to an empty archive file. As a consequence, no progress occurred when you mirrored a 0-byte .tar file. With this release, 0-byte tar files are detected and reported as errors, which prevents the `oc-mirror` from hanging. (link:https://issues.redhat.com/browse/OCPBUGS-59864[OCPBUGS-59864])
+
+* Before this update, in multi-zone clusters with only a single worker per zone, if the Monitoring Operator's Prometheus pods were scheduled to nodes that reboot back-to-back and both reboots took longer than 15 minutes to return to service, the Monitoring Operator might have degraded. With this release, the time-out has been extended to 20 minutes to prevent the Monitoring Operator from entering a degraded state on common cluster topologies. Clusters where the two nodes with Prometheus pods reboot back-to-back and take more than 20 minutes might still report a degraded state until the second node and Prometheus pod return to a normal state.(link:https://issues.redhat.com/browse/OCPBUGS-59962[OCPBUGS-59962])
+
+[id="ocp-4-18-22-updating_{context}"]
+==== Updating
+To update an {product-title} 4.18 cluster to this latest release, see xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI].
+
 // 4.18.21
 [id="ocp-4-18-21_{context}"]
 === RHSA-2025:11677 - {product-title} {product-version}.21 bug fix and security update
@@ -3059,7 +3113,7 @@ $ oc adm release info 4.18.21 --pullspecs
 
 * Before this update, when you ran the oc-mirror v2 disk-to-mirror workflow without valid mirror tar files, the returned error messages did not correctly identify the problem. With this release, the oc-mirror v2 workflow returns an error message that states `no tar archives matching "mirror_[0-9]{6}\.tar" found in "<directory>"`. (link:https://issues.redhat.com/browse/OCPBUGS-59235[OCPBUGS-59235])
 
- * Before this update, when a Machine Set was scaled down and had reached its minimum size, the Cluster Autoscaler could leave the last remaining node with a no schedule taint that prevented use of a node. This issue was caused by a counting error in the Cluster Autoscaler. With this release, the counting error has been fixed so that the Cluster Autoscaler works as expected when a Machine Set is scaled down and has reached its minimum size. (link:https://issues.redhat.com/browse/OCPBUGS-59260[OCPBUGS-59260])
+* Before this update, when a Machine Set was scaled down and had reached its minimum size, the Cluster Autoscaler could leave the last remaining node with a no schedule taint that prevented use of a node. This issue was caused by a counting error in the Cluster Autoscaler. With this release, the counting error has been fixed so that the Cluster Autoscaler works as expected when a Machine Set is scaled down and has reached its minimum size. (link:https://issues.redhat.com/browse/OCPBUGS-59260[OCPBUGS-59260])
 
 * Before this update, bundle unpack jobs did not inherit control-plane tolerances from the catalog-operator that created them. As a consequence, the bundle unpack jobs ran on only worker nodes. If no worker nodes were available due to taints, then admins are unable to install or upgrade Operators on the cluster. With this release, control-plane tolerations are adopted for bundle unpack jobs so that the jobs are executed on primary nodes as part of the control plane. (link:https://issues.redhat.com/browse/OCPBUGS-59421[OCPBUGS-59421])