Back to index
4.19.0-0.nightly-2024-11-26-110308
Download the installer for your operating system or run
oc adm release extract --tools registry.ci.openshift.org/ocp/release:4.19.0-0.nightly-2024-11-26-110308
Team Approvals:
Tests:
- Blocking jobs
- Informing jobs
Loading changelog, this may take a while ...
Created: 2024-11-26 11:09:09 +0000 UTC
Image Digest: sha256:5e6e321fb8e2458f99cb270380a6053e5c3be8bc1475f837e4fc4a94fcc5c1d3
Components
FeatureGate Changes
FeatureGate |
Default Hypershift |
Default SelfManagedHA |
DevPreviewNoUpgrade Hypershift |
DevPreviewNoUpgrade SelfManagedHA |
TechPreviewNoUpgrade Hypershift |
TechPreviewNoUpgrade SelfManagedHA |
CPMSMachineNamePrefix (0 tests) |
Unconditional (Changed) |
Unconditional (Changed) |
Unconditional (Changed) |
Unconditional (Changed) |
Unconditional (Changed) |
Unconditional (Changed) |
VSphereHostVMGroupZonal (0 tests) |
Unconditional (Changed) |
Unconditional (Changed) |
Unconditional (Changed) |
Unconditional (Changed) |
Unconditional (Changed) |
Unconditional (Changed) |
AdditionalRoutingCapabilities (0 tests) |
Disabled (Changed) |
Disabled (Changed) |
Enabled |
Enabled |
Enabled |
Enabled |
CSIDriverSharedResource (0 tests) |
|
|
Enabled (New) |
Enabled (New) |
Enabled (New) |
Enabled (New) |
Rebuilt images without code change
- OCPBUGS-43764: Revendor to a patched k/k with our prefer-local-DNS hack #638
- SDN-4925: Revendor k/k to upstream 1.30.3 (for kube-proxy) #630
- OCPBUGS-34279: ART sync and golang 1.22 update #629
- OCPBUGS-34279: Updating kube-proxy-container image to be consistent with ART for 4.17 #623
- OCPBUGS-26084: Fix scan issue #622
- OCPBUGS-30431: CVE-2024-24786: bump pkg golang protobuf #620
- SDN-4404: Kube 1.29 bump #618
- SDN-4114: Do per-pod MCS/metadata blocking with nftables rather than iptables #581
- NO-JIRA: Update README to note that openshift-sdn is deprecated #611
- NO-JIRA: Move sdn to RHEL9 base image #598
- OCPBUGS-25740: Updating ose-node-container image to be consistent with ART for 4.16 #599
- OCPBUGS-23666: Add Snyk file to exclude directories on scan #604
- OCPBUGS-25779: Updating kube-proxy-container image to be consistent with ART for 4.16 #600
- SDN-4179: Metrics: Add metric for multicast enabled netnamespaces #603
- OCPBUGS-25015: Updating kube-proxy-container image to be consistent with ART #596
- OCPBUGS-25036: Use openshift-clients rpm rather than cli image #593
- OCPBUGS-22077: update x/net to v0.17.0 #585
- OCPBUGS-16788: Create IPAM files with 0600 permissions #584
- SDN-4123: rebase sdn to kube 1.28.3 #580
- OCPBUGS-18785: Controller: add flag for node name #578
- OCPBUGS-19143: Updating kube-proxy images to be consistent with ART #575
- OCPBUGS-19103: Updating ose-sdn images to be consistent with ART #574
- Collect pod operation latency metrics properly #576
- Live migration: Add flows that allow openshift-sdn to connect to ovnkube #569
- OCPBUGS-17316: CVE-2023-3978: golang.org/x/net/html: Cross site scripting #571
- OCPBUGS-16790: Change the permission of 80-openshift-network.conf to 600 #570
- Dockerfile changes to build both rhel8 and rhel9 binaries #559
- SDN-3900: rebase to 1.27.1 #555
- OCPBUGS-12644: CVE-2022-41723 golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding #538
- OCPBUGS-3176: Enable IP Forwarding if disabled #549
- OCPBUGS-13975: fix possible concurrent map read/write #546
- OCPBUGS-13717: Use the ovsver build arg to infer the openvswitch short version number #534
- Updating kube-proxy images to be consistent with ART #531
- Updating ose-sdn images to be consistent with ART #530
- OCPBUGS-12233: CVE-2018-17419 ose-node-container: dns: Denial of Service (DoS) #535
- OCPBUGS-12435: EgressNetworkPolicy DNS resolution does not fall back to TCP #532
- Change fedora image to use latest upstream #523
- Updating kube-proxy images to be consistent with ART #516
- OCPBUGS-1370: save and delete the old egress network policy #525
- Updating ose-sdn images to be consistent with ART #514
- OCPBUGS-9985: Prefer local TCP endpoint for cluster DNS service #518
- OCPBUGS-8007: Fix race in Egress IP Tracker start #515
- Drop non-conntrack-based Service support #507
- SDN-3635: OSDN kube 1.26.0 rebase 2nd attempt #510
- Revert “SDN-3635: OSDN kube 1.26.0 rebase” #508
- SDN-3635: OSDN kube 1.26.0 rebase #504
- OCPBUGS-6714: Initialize egress node monitoring struct with previous reachability status #503
- OCPBUGS-5842: Add /usr/bin/oc to image #495
- OCPBUGS-4133: rebase kube to kube 1.25.4 #498
- Add Tim R and remove Casey from OWNERS #493
- Handle race condition to setup default vnid flows #490
- iptables: use container iptables, not host’s #496
- Update for 4.13 / go 1.19, including gofmt updates #481
- OCPBUGS-95: Retry IP re-assignment on failure #480
- OCPBUGS-95: Add node egress IP assignment resync #463
- Bug 2050230: pass ResourceVersion:0 for kube List() calls #471
- OCPBUGS-69: Generate egress ip metrics for sdn node #470
- OCPBUGS-1533: rebase to kube 1.25.1 #458
- OCPBUGS-256: fix network policy egress #459
- Bug 2104953: rebase to 1.24, take 2 #450
- Enable EgressIP on OpenStack #447
- Bug 2081562: setup network policy rules during pod creation to fix postStart hook #439
- Updating kube-proxy images to be consistent with ART #448
- Bug 2101622: Revert ‘kube 1.24 rebase’; master #442
- Bug 2079958: Add TopologyAwareHints support in kube-proxy. #426
- Bug 2089350: kube 1.24 rebase #440
- Bug 2067865: Bump prometheus/client_golang to 1.11.1 #432
- Updating kube-proxy images to be consistent with ART #429
- Updating ose-sdn images to be consistent with ART #427
- Bug 2052332: use pods cache during reattach processing #411
- Bug 2016534: Exclude the default drop bit from egress IP VNID #428
- Bug 2016534: Masquerade in cluster traffic that is marked for egress IP #423
- Bug 2063123: Remove node-tainting for too-small MTU #417
- Bug 2050230: Use pagination when listing Netnamespaces #419
- Bug 2062558: egressip: Continue to process other nodes if a node is not ready #418
- Add unit tests for vxlan no track ip table rule #401
- Bug 2061919: Fix releasing egress IP in cloud environments #409
- Bug 2061916: mixed ingress and egress policies can result in half-isolated pods #408
- Bug 2060553: another fix for mixed ingress and egress policies #406
- Bug 2050230: Use pagination when listing resources #400
- Bug 2060553: Separate the allPodsSelected into egress and ingress #404
- Rebase SDN k8 1.23.4 #399
- clean up OWNERS #392
- Updating ose-sdn images to be consistent with ART #396
- Updating kube-proxy images to be consistent with ART #397
- move to-be-deleted userspace proxy code into sdn tree #393
- Bug 2043802: Fix CloudPrivateIPConfig enqueueing during egressip reassignment #395
- Bug 2038793: Use the kubeClient instead of the informer cache to fetch nodes for egress IP validation. #389
- Bug 2039294: SDN controller metrics cannot be scraped by prometheus #388
- Bug 2035439: Use cloud egress network config for verifying egress IP in cloud environment #387
- Bug 2036622: Fix CloudPrivateIPConfig sync on sdn-controller restart #386
- Handle MTU migration #381
- Fix flaky check for capacity test for egress IP, and better doc blocs #383
- Egress IP on public clouds #365
- Block Alibaba metadata service IP #380
- Adding
--platform-type
argument #379
- NetworkPolicy ipblock except, port ranges #374
- adding network policy egress to openshift-sdn #372
- Bug 2024880: [EgressIP] move
ct(commit)
action from OVS group to flow #373
- NP updates preparing for egress support #350
- update for ART #369
- WIP: Metrics: Add server for Egress IP/firewall #358
- Run clearInitialNodeNetworkUnavailableCondition earlier #364
- Add documentation about proxying/unidling #361
- Bug 2008987: Remove locking from EgressIPTracker.Ping #359
- Replace utilruntime.HandleError() with klog.Errorf() #356
- Updating kube-proxy images to be consistent with ART #351
- Bug 2003859: Fix up event recorder usage (again) #349
- resync proxy startup code with upstream #352
- remove a bunch of dead/useless code #345
- Updating ose-sdn images to be consistent with ART #344
- Bug 1966521: proxy: don’t re-check every userspace proxy rule on every change #342
- Fix Dockerfile.fedora #333
- README minor improvements #336
- Bug 1958390: improve SDN’s OVS healthcheck and logging #306
- Bug 1985336: Disable conntrack for vxlan traffic #335
- Bug 1991551: update usage of Events for 1.22 rebase #332
- Bug 1991565: misc cleanup #331
- Bug 1989122: rebase to sdn-4.9-kubernetes-1.22.0-rc.0 #325
- Bug 1984683: use new default leader election values to handle apiserver rollout on SNO #328
- Bug 1989122: Fix hybrid proxier with EndpointSlice #329
- Updating ose-sdn images to be consistent with ART #319
- proxy: filter/delegate EndpointSlices as well as Endpoints #296
- Updating kube-proxy images to be consistent with ART #321
- print signal received by the signal handler #323
- Bug 1942122: when assigning and releasing egressIP try more than once before failing #316
- Bug 1971808: fix local-with-fallback #320
- Remove Valadas from owners #283
- fix a race condition in networkpolicy_test.go #312
- Updating .ci-operator.yaml
build_root_image
from openshift/release #317
- Bug 1948436: remove vxlan_monitor and OVS packet stat parsing #311
- Bug 1959711: Reverse table order for egress IP and egress network policy set up #299
- Bug 1953257: Fix invalid egress IP assignments in sdn-controller #295
- Bug 1960284: Bump openshift/kubernetes for “local-with-fallback” #310
- Bug 1964625: NETID duplicate check is only required in NetworkPolicy Mode #307
- Bug 1964059: rebase to latest sdn-4.8-kubernetes-1.21.1 #305
- Bug 1928851: prevent manually creating netns with existing NetID #294
- Bug 1879077: ValidateMTU: check only the interface that holds the node ip #289
- Bug 1952079: Revendor kubernetes to sdn-4.8-kubernetes-1.21.0-rc.0 #267
- Bug 1953530: Fix flaky unit test
TestEgressCIDRAllocation
#293
- Bug 1948999: Remove check enforcing single egress IP for automatic assignment #287
- Bug 1952079: Don’t require EndpointSlice to be disabled #290
- egress IP traffic load-balancing #277
- Add a unit test to ensure we don’t change flows without changing ruleVersion #276
- Fix multiple race conditions in networkpolicy_test.go #282
- Add a networkpolicy test with empty namespaceSelector #278
- Bug 1926931: Fix incorrect unmonitoring of egress nodes #275
- Support allow-from-router feature using openshift-host-network namespace #262
- Bug 1933711: EgressDNS: Keep short lived records at most 30s #263
- Bug 1910378: networkpolicy: pass traffic through NAT to handle possible tuple collisions #269
- Bug 1924527: CVE-2021-3121 gogo/protobuf lacks certain index validation #260
- Bug 1919737: Prefer local endpoint for cluster DNS service #254
- Bug 1850060: Make DNS queries for egress network policy async #251
- Be less melodramatic when restarting due to OVS restart #248
- Bug 1903414: Do not use egressIP on reply packets #236
- Updating ose-sdn builder & base images to be consistent with ART #245
- Updating kube-proxy builder & base images to be consistent with ART #246
- Bug 1905761: Fix empty egress policy connectivity #239
- Bug 1915027: Fix MCS-blocking iptables rules #243
- Bug 1914284: Don’t try to generate NetworkPolicy flows for non-pod-network pods #240
- Bug 1905761: Fix IP list for empty Egress network policy #233
- Bug 1906844: Handle unsupported EndpointSlice and EndpointSliceProxying feature gates #230
- update to kube 1.20 #227
- Bug 1897073: Don’t throw an error for control plane VNID #220
- Bug 1896958: NetworkPolicy performance (pod caching) #226
- Make binaries not stripped #221
- sdn: update to OVS 2.13 #162
- Dockerfile: add tcpdump for debugging #201
- Bug 1892376: Ignore if netns is already deleted while deleting ns #214
- Modifications for klog v2. #207
- Bug 1890130: fix pod creation deadlock #209
- Owners: Remove Phil from reviewers #208
- Bug 1878845: Fix ruleversion #204
- Run metrics when using standalone kube-proxy #202
- Updating ose-sdn builder & base images to be consistent with ART #199
- Updating kube-proxy builder & base images to be consistent with ART #200
- Allow running openshift-sdn with standalone kube-proxy #198
- update egress dns code for dual-stack… #164
- Add documentation to openshift/sdn #185
- Bug 1882071: Fix bug in reflector not recovering from “Too large resource version” #196
- Bug 1877794: Emit a warning and ignore if empty cidr is passed to kubeproxy #194
- Bug 1878163: Updating images/sdn/Dockerfile.rhel baseimages to mach ocp-build-data config #192
- Bug 1878163: Updating images/kube-proxy/Dockerfile.rhel baseimages to mach ocp-build-data config #193
- Bug 1762580: Enable conntrack for ovs-multitenant unless userspace proxy #189
- Bug 1856144: bump golang.org/x/text to v0.3.3 #184
- Bug 1878731: vxlan_monitor_test: fix flake #186
- Bug 1848478: Invalid egressCIDR value causes sdn pods to fail on startup #169
- Bug 1871732: Fix nodeInformer call in EgressIPManager. #175
- Bug 1872080: Updating images/kube-proxy/Dockerfile.rhel baseimages to mach ocp-build-data config #176
- Bug 1872080: Updating images/sdn/Dockerfile.rhel baseimages to mach ocp-build-data config #177
- Bug 1859451: Add NodeInformer to EgressIP #171
- Bug 1857743: Port stuck open when ep deleted before svc in unidling mode #172
- Remove unused packages from Dockerfile #165
- Retry all OVS executions, not only transactions #159
- Add support for –may-exist when adding the bridge in sdn #158
- Bug 1851182: Retry commiting OVS transactions in case of failure #153
- build-image-sdn-test: Make binaries debuggable #142
- kube-proxy use node-ip to detect the IP family #152
- OWNERS: sync to CNO #151
- Bug 1824203: Fix egressVXLANMonitor and egressIPTracker deadlock #139
- Bug 1826339: vendor: bump our k8s vendor #138
- Bug 1832153: Upstream v1.18.2 rebase #136
- Bug 1825355: node/vnids: Correctly handle case where NetNamespace watch is far behind #134
- Bug 1824203: Make egressVXLANMonitor updates channel buffered #132
- Bug 1822351: Fix hybrid proxier for iptables.Monitor #127
- Bug 1812052: Update HACKING.md rebase to use go modules #117
- Bug 1816394: handle pod updates correctly in networkpolicy #124
- OWNERS: add bugzilla info #125
- Drop –url-only-kubeconfig, require –node-name / –node-ip #121
- Bug 1813846: handle default-deny rule properely #122
- Add –node-name and –node-ip flags to openshift-sdn-node #120
- proxy: It should be possible to enable the profiling endpoint #119
- Bug 1811739: Fix kube_proxy metrics #114
- Do not check err, but ok for K8S_POD_NAMESPACE and K8S_POD_NAME #107
- Bug 1810505: Pass -w to iptables when adding anti-metadata-server rules #115
- Bug 1804178: Revert excessive proxy logging #106
- Bug 1803149: Rebase SDN to kubernetes 1.17.2 #108
- Bug 1801357: Migrate from glide to go modules #102
- Bug 1796157: Fix handling of VNID 0 with NetworkPolicy #103
- Bug 1794022: Update deps, including informer fix #93
- Add rcarrillocruz as approver #97
- Bug 1787488: Clean up stale egress IP iptables rules on startup #88
- Bug 1790440: Fix reinitialization of deny-all NetworkPolicy state on restart #96
- Drop old separate node/controller images #86
- Bug 1780387: host-local plugin should be built and executed within container #82
- Bug 1782847: sdn: undo debug logging #84
- proxy: add handler with same ResyncPeriod as shared informer. #79
- slightly improve logging #57
- Remove some gratuitous CIDR unparsing and reparsing #76
- how to do a Kubernetes rebase #32
- Additional event logging for add/delete/update informer events #70
- Add IPv6 support and multiple CIDR support to SubnetAllocator #66
- Bug 1768926: Ignore unsupported NetworkPolicy rules, rather than treating them as errors #69
- Simplify CNI plugin build, copy updated rules to images/sdn/ #67
- client: Use protobuf for SDN clients #64
- sdn-cni-plugin built without openssl and cgo #62
- UPSTREAM 83911: Fix DeltaFIFO Replace method #60
- Create a merged node/master image #59
- Fix pod startup reattach/kill loop #58
- Remove watching Endpoints of Headless Services #54
- Bug 1760103: Adjust SDN setup so AlreadySetUp check will fail on a half-set-up node #52
- Bug 1753216: Clean up egress IPs on startup #51
- Make DNS querying more efficient by querying once per dns name #48
- Bug 1751458: Fix parsing of IFLA_GRE_COLLECT_METADATA #49
- Add support for IPBlocks #26
- glide.yaml cleanup #41
- update OWNERS #46
- further NetworkPolicy caching fixes #42
- Bump dependencies and assorted code fixes for Kubernetes 1.16 #38
- Bug 1752636: networkpolicy: add a namespaceSelector cache #36
- Bug 1751954: images: disable cgo #34
- Bug 1745028: adding support for undefined port in networkpolicy definition #31
- Remove one layer of proxy wrapping #29
- Do not cache egressLink details #27
- Stop building CNI loopback and host-local plugins #24
- Bug 1740741: Initializing runningPods on SDN bootup for 4.x #20
- add LICENSE #22
- proxy: add a bit more logging around proxy type and sync status #23
- Bug 1700431: Pass egress IP packets to conntrack #19
- Dockerfiles: verify that packages are installed #21
- Drop accidentally not-dropped duplicate iptables scripts #18
- Unidling: minimize iptables lock contention #8
- iptables: partial #13 revert, skip masq in chain #17
- Add kube-proxy image #14
- Untaint node on startup if node is tainted and MTU is ok #11
- Allow DNS port when performing iptables filtering on cloud provider metadata IP #12
- Bug 1726045: skip OPENSHIFT-MASQ for traffic already marked for masquerade #13
- switch to SDN only fork of k/k #10
- Initial README #9
- Route to SDN irrespective if macvlan mode is used or not #6
- Add arping to openshift-sdn image #7
- trigger CI #5
- Fix Makefile and .gitignore #4
- prime repo #2
- Drop –config support from openshift-sdn #23205
- sdn: suppress misleading OVS healthcheck log messages #23229
- Taint node if default interface MTU is less than configured #22571
- Fix openshift-sdn –proxy-config parsing #23217
- More SDN staging #23193
- Full changelog
Source code for this page located on github