4.10.67

Download the installer for your operating system or run

oc adm release extract --tools quay.io/openshift-release-dev/ocp-release:4.10.67-x86_64

Team Approvals:

Tests:

Blocking jobs
- upgrade Succeeded release-openshift-origin-installer-e2e-aws-upgrade
- upgrade-minor Succeeded release-openshift-origin-installer-e2e-aws-upgrade
Informing jobs
- aws-sdn-upgrade-4.10-micro Succeeded periodic-ci-openshift-release-master-nightly-4.10-e2e-aws-upgrade
- aws-serial Succeeded periodic-ci-openshift-release-master-nightly-4.10-e2e-aws-serial
- gcp-ovn-upgrade-4.10-minor Succeeded periodic-ci-openshift-release-master-ci-4.10-upgrade-from-stable-4.9-e2e-gcp-ovn-upgrade

Upgrades from:

Untested upgrades: 4.10.10, 4.10.11, 4.10.12, 4.10.13, 4.10.14, 4.10.15, 4.10.16, 4.10.17, 4.10.18, 4.10.20, 4.10.21, 4.10.22, 4.10.23, 4.10.24, 4.10.25, 4.10.26, 4.10.27, 4.10.29, 4.10.30, 4.10.31, 4.10.32, 4.10.33, 4.10.34, 4.10.35, 4.10.36, 4.10.37, 4.10.38, 4.10.39, 4.10.40, 4.10.41, 4.10.42, 4.10.43, 4.10.44, 4.10.45, 4.10.46, 4.10.48, 4.10.50, 4.10.51, 4.10.53, 4.10.54, 4.10.55, 4.10.56, 4.10.57, 4.10.58, 4.10.59, 4.10.6, 4.10.60, 4.10.61, 4.10.62, 4.10.63, 4.10.7, 4.10.8, 4.10.9, 4.9.23, 4.9.24, 4.9.25, 4.9.26, 4.9.27, 4.9.28, 4.9.29, 4.9.30, 4.9.31, 4.9.32, 4.9.33, 4.9.34, 4.9.35, 4.9.36, 4.9.37, 4.9.38, 4.9.39, 4.9.40, 4.9.42, 4.9.43, 4.9.44, 4.9.45, 4.9.46, 4.9.48, 4.9.49, 4.9.50, 4.9.51, 4.9.52, 4.9.53, 4.9.54, 4.9.56

Upgrades to:

4.11.59 (changes) - F F S F
4.11.58 (changes) - F F F F S S
4.11.57 (changes) - F F S S S
4.11.56 (changes) - S S S
4.11.55 (changes) - F S S S S S
4.11.53 (changes) - F S F F
4.11.52 (changes) - F S S S
4.11.51 (changes) - F F F F F F S F F F S
4.11.50 (changes) - F F F F F F S S S
4.11.49 (changes) - F F F S S S
4.11.0-0.nightly-2025-08-13-165014 (changes) - F F F F F F F
4.11.0-0.nightly-2024-07-06-014057 (changes) - F F F F S F F
4.11.0-0.nightly-2024-07-01-085547 (changes) - F F F F S F F
4.11.0-0.nightly-2024-04-20-132621 (changes) - F F F F S S S
4.11.0-0.nightly-2024-04-15-123706 (changes) - F F F F S F F
4.11.0-0.nightly-2024-04-15-034627 (changes) - F F F S F F
4.11.0-0.nightly-2024-03-18-165432 (changes) - F F F F S S F
4.11.0-0.nightly-2024-03-12-222930 (changes) - F F F F S F F
4.11.0-0.nightly-2024-01-19-110702 (changes) - F F F S S F S
4.11.0-0.nightly-2024-01-15-022949 (changes) - F F F S S S F
4.11.0-0.nightly-2024-01-10-203533 (changes) - F S F S S
4.11.0-0.ci-2025-08-13-133650 (changes) - F F F F F F F F F
4.11.0-0.ci-2025-08-13-011302 (changes) - F F F F F F F F F
4.11.0-0.ci-2025-08-12-054052 (changes) - F F F F F F F F F
4.11.0-0.ci-2025-08-11-164940 (changes) - F F F F F F F F F
4.11.0-0.ci-2025-07-25-145310 (changes) - F F F F F F F F F
4.11.0-0.ci-2025-07-16-073736 (changes) - F F F F F F F F F
4.11.0-0.ci-2025-07-14-073704 (changes) - F F F F F F F F F
4.11.0-0.ci-2025-06-03-182825 (changes) - F F F F F F F F F
4.11.0-0.ci-2025-05-07-205253 (changes) - F F F F F F F F F
4.11.0-0.ci-2025-04-21-201846 (changes) - F F F F F F F F F
4.11.0-0.ci-2025-04-21-141846 (changes) - F F F F F F F F F
4.11.0-0.ci-2025-04-18-095422 (changes) - F F F F F F F F F
4.11.0-0.ci-2025-04-17-230425 (changes) - F F F F F F F F F
4.11.0-0.ci-2025-04-17-170425 (changes) - F F F F F F
4.11.0-0.ci-2025-04-09-181107 (changes) - F F F F F F F
4.11.0-0.ci-2024-07-01-091038 (changes) - S S S
4.11.0-0.ci-2024-06-07-194400 (changes) - S S F S

Loading changelog, this may take a while ...

Changes from 4.10.4

Created: 2023-08-31 07:31:38 +0000 UTC

Image Digest: sha256:828afb599f68042c213498161977de6c1cc938da4836ae585561af25fd43440b

Release 4.10.67 was created from registry.ci.openshift.org/ocp/release:4.10.0-0.nightly-2023-08-30-093810

Components

Kubernetes upgraded from 1.23.3 to 1.23.17
Red Hat Enterprise Linux CoreOS upgraded from 410.84.202203081640-0 to 410.84.202308291254-0 (diff)

Removed images

cluster-capi-controllers
cluster-capi-operator

Rebuilt images without code change

alibaba-cloud-controller-manager git db2d118a sha256:312a4b947b15edabc317c022e262a5231f36ce9f8815351105540c2ad321f0e7
aws-cloud-controller-manager git d85867fe sha256:f5b099a9816d2c390543a3ab06bdef7126841f5f8b799ebec69624bf91797e64
aws-pod-identity-webhook git 7f9eb87a sha256:50ce420a069da82eff1899d0ec3b5b29110820fd3966cc9138f5a1c2103c9cb5
azure-file-csi-driver-operator git 3807eb37 sha256:4fd33c1f350f9187545446dfd5d01e0eb2558433f93fc028eb0897ceb3517dcf
cluster-openshift-controller-manager-operator git b8b65d15 sha256:3846b76c736b900a530cf24d8fde67ad3b8ee0d09c480cfbacb3d7d566084e00
csi-driver-shared-resource git d06ff18b sha256:79b33d8d432669be87c42b29150185de417ae569aa2a5c00de301879f5d303e3
csi-driver-shared-resource-operator git 662615b3 sha256:36e1bd2796f72d0f39cce1e6f454f3ef49db2c75005e2820e01531df2991c660
csi-external-attacher git 27e71f2b sha256:39649bb03aa094de0f9eb43bb8e83ee7c57c4f6f46ed4031769b817f25cda369
csi-external-provisioner git 31de1e19 sha256:22adff89cbff5d39d7b59c8f3cb1bf2a7d24992e8b969c7bc4b9580ae1b8c4d8
csi-external-resizer git e5934091 sha256:f72c3ae76f8cee44dbef9b700e02e7a1f37f59b35c7451c26e63e8e1226c89b0
csi-external-snapshotter git fe4a0a2f sha256:10bfc3d3baef35ea49f2fa77cda3c981b95922015aca5dfc3b41e92b94e2a616
csi-node-driver-registrar git bb0bd823 sha256:fc822a3e9abe48e5a00b23def1e6fa2a342b97f76cd691d9e08d8eeb2bf923a8
csi-snapshot-controller git fe4a0a2f sha256:240ef7008f5a9ce6fcb5919e0a3c0187d26c6d80dabd07ced45a9119f97ee082
csi-snapshot-validation-webhook git fe4a0a2f sha256:81def31ce08aceade30213bea88f9c1fa8135eec46bfe198901fe7e8e675f971
egress-router-cni git 5c56bc8a sha256:f18000315c49c24d19fa10239b0ea5e53f013abb61c160f28e4e73e87e5f10f6
gcp-cloud-controller-manager git 4dc728d0 sha256:55ae0f1d15a6859a9ccf258f7614208a62cac22731fdfea1d00ec5735fd8483f
gcp-pd-csi-driver git 19e9a57f sha256:2b4117ed8746d138220439bb7764c8b0ae185616af459d108ffc08e7c0c99ca6
ibm-cloud-controller-manager git e3039120 sha256:e41401335fad176bdfd0dd4ce9a2bd4e5bd073b5ef36243234fb7db7e496f028
ibm-vpc-node-label-updater git 7074dfc3 sha256:cc16f0f3305654d3068cf3d119e0ee602cdeae099a37b05b98b92f2ebbd77c4e
ibmcloud-machine-controllers git 7449a94f sha256:00c18b1b0ffe3cfd0a93debdfcafb9d10778b4025e03735068023db2dc1cac62
ironic-hardware-inventory-recorder git 62469223 sha256:0ee90ca5557ce6d361b2ea351cdb7f9b316d907798a3f1f0a075913f3adb67b3
ironic-machine-os-downloader git 81fe2974 sha256:4e47d5cfb1c769813e4f11e03a584a97a7a7be41762502a2dbb2b2b6b04ac59c
ironic-static-ip-manager git 45a1c542 sha256:215819a6fc123661504606a1fb5460e128bf703ff14d32609869bb4e987afd39
k8s-prometheus-adapter git 4052b317 sha256:cd211842b9395936c955f849c77968ed72dbbe489941ff06f8615e56087d5058
keepalived-ipfailover git 5d526c41 sha256:b947770e6fff98858484b21d609000d7a034198ff85bda03ae130ead5e221526
kube-rbac-proxy git 4f198b2b sha256:695eb0e189565eb8ccf06d32f6f06598908d35cdfea88edc0c75560806a037b7
kube-storage-version-migrator git 901a6d22 sha256:cb035bc1ae31bd147032445a180db06b97d86719ef7f751bdd618ad6a6137de8
libvirt-machine-controllers git 3b330b72 sha256:39db70c6ce2e04334ef78b0cb9c042e3e3a1b5efdd2644c8688f397ea0b74f16
machine-os-content sha256:ec0997939fae90b34207a415ea82fe30041d13d98e5d8baa61c8291bfa1ffefb
multus-route-override-cni git 707dd380 sha256:14b7a9fb4bcf45427d950eebf84df5e14d82a0e970cff1744ad67af6f6449701
network-tools git bcfec9c5 sha256:44102cb6046621b34acd3d41350aca88368aa54b6eea61f48b5f5f6387758f97
oauth-proxy git 799d414b sha256:e49589dbfb006cdff570c7e30b065278e1659d708e9e0d6b539c8a86018cdeb1
oauth-server git 245b95f8 sha256:e2891a32f5a3355431c05f38763a1dd8366e811643558d98cf5385720dbd698f
openshift-controller-manager git 2c2d50db sha256:a0a8cfcc3a961142e678a258d8a1beb6980ebc6a5cb6ea7e36211ba83dddff8a
openstack-machine-api-provider git 2401f74d sha256:a0d6d6dd6d23e8d65a3c9a87d702ce579dd913381d93f8519b18e8333a4189ce
operator-marketplace git 80b92ecf sha256:cc3d1698ce9c702e21b493735780b2dbb85eac91ea537e4672a409bade13940c
ovirt-machine-controllers git 35ce9aaf sha256:aecf1fedfb71c991daa26425fa0d5bc21d541f30ae5ce77aa15e010572989d0c
powervs-machine-controllers git c1d68e7b sha256:24f15b8a71ff658020fab02212db2a6f299d74e2eae49570c1c800f02341acd8
prom-label-proxy git 5f4c8992 sha256:6f67682be74d2723c623df09eb8f1a92797f3937f593bc9dac0a6431de8e3545
prometheus-alertmanager git 01339596 sha256:36147358c69327c7803fada4a6bac203bb50e30cda3ac69b36ca9caf3305287f
prometheus-node-exporter git 0eed3102 sha256:cedec3adbd73631b97fdd2379a1b9c978c03b41965101dde488579a49c9cd1c4
service-ca-operator git 1611373e sha256:39cfba4dba3cc9f0f185c5261de3f21abede0e816d28ff233e0ad10f3908465a
vsphere-csi-driver git e310f4d3 sha256:c6dffb74c59059a88c5321689db9d474144ed9b2570fc6eccca8f01bc41c5e0e
vsphere-csi-driver-syncer git e310f4d3 sha256:a03c494a988c01793dc2a8990c963b4839e73557504b0587db3ed50b747dd9cf

alibaba-cloud-csi-driver

OCPBUGS-4123: Add explicit pciutils package #19
Bug 2076671: 4.10: Add a parameter to the schema to automatically increase volume sizes #14
Full changelog

alibaba-disk-csi-driver-operator

Bug 2076671: Auto increase volume size to 20 GiB in the default storage class #28
Full changelog

alibaba-machine-controllers

Updating ose-alibaba-machine-controllers images to be consistent with ART #23
Full changelog

aws-ebs-csi-driver

OCPBUGS-1804: UPSTREAM: 1398: Add resolver to handle custom endpoints #210
Full changelog

aws-ebs-csi-driver-operator

Bug 2077894: Set custom endpoint environment variable if available #154
Full changelog

aws-machine-controllers

Bug 2117557: Fix panic when accessing nil machine annotations map #50
Bug 2109124: Validate unknown regions using AWS API #48
Bug 2083270: Custom DHCP Option Set: empty domain-name is a valid custom domain #37
Full changelog

azure-cloud-controller-manager, azure-cloud-node-manager

bug OCPBUGS-2062: .dockerignore: enable OSBS2 builds #42
Full changelog

azure-disk-csi-driver

Bug 2118392: Update dd table 4.10 #31
Full changelog

azure-disk-csi-driver-operator

OCPBUGS-8020: Adjust client-side QPS, burst and worker threads in provisioner and attacher sidecars #72
Bug 2105304: Increase pod startup timeout in e2e tests #52
Bug 2097439: Only use credentials that are provided by the azure-inject-credential… #50
Full changelog

azure-file-csi-driver

OCPBUGS-2607: remove “replace” directive in go.mod #20
Full changelog

azure-machine-controllers

OCPBUGS-3165: Update azure instance types cache #38
OCPBUGS-930: Ignore unknown Instance types in accelerated networking check #34
Bug 2093275: update getAvailabilitySetName function #23
Full changelog

baremetal-installer, installer, installer-artifacts

OCPBUGS-12751: [Alibaba] update the bandwidth value of EIP #7130
OCPBUGS-14557: openstack: Add netcat to the Installer image #7230
OCPBUGS-537: vSphere - enable steal time accounting #6261
OCPBUGS-5931: destroy/gcp: Disk names are filtered using kubernetes name format #6972
OCPBUGS-5663: CVE-2021-4238: goutils: update for randomness fix #6766
OCPBUGS-2731: OpenStack UPI: Create server group for Computes #6510
OCPBUGS-6697: destroy/gcp: Use min length for destroying disks #6808
OCPBUGS-2743: skip sts credentials check in terraform #6518
OCPBUGS-5112: OpenStack: Force JSON content-type in Swift object listing #6726
OCPBUGS-377: UPI image download govc rate limit failure #6245
OCPBUGS-4160: OpenStack: Force JSON content-type in Swift #6628
OCPBUGS-3743: build: change ppc64le linking mode #6597
Bug 2099604: Remove optional services from permissions check #6507
OCPBUGS-2795: Bump gophercloud #6529
Bug 2101014: Release 4.10 go getter update #6361
OCPBUGS-1737: OpenStack: Lift validation for 14 chars cluster names #6420
OCPBUGS-1936: bump RHCOS 4.10 bootimage metadata #6454
Bug 2107154: Make azure baseDomainResoureGroup optional for private c… #6120
Bug 2112914: Fix validation errors for instance type #6189
Bug 2102363: Dynamic retrieval of GCP Regions for a Project #6059
OCPBUGS-784: Download yq in upi installer containers #6285
Bug 2111258: vsphere installconfig: use full dc path in network validation #6173
OCPBUGS-249: Allow setting bootstrap kubelet ip #6231
Bug 2095319: bump RHCOS 4.10 bootimage metadata #6095
Bug 2099673: Collect whole journal and netstat data #6035
Bug 2097753: Bootstrap timeout increase #6017
Bug 2083632: Delete all the ports from tagged Neutron networks. #5882
Bug 2077904: Fix empty string usage in ValidateForProvisioning #5835
Bug 2045771: bump RHCOS 4.10 bootimage metadata #5932
Bug 2083335: Set rc-manager=unmanaged for on-prem bootstrap #5876
Bug 2084547: update azure arm templates to support customer provided vnet #5892
Bug 2083327: [release-4.10] Add ‘ARG TAGS=“”’ line for each build step #5874
Bug 2076613: [release-4.10] data/data/coreos/fcos.json: update initial FCOS to 35.20220327.3.0 #5820
Bug 2079589: azurestack: stop pinning to Standard_LRS for disk type #5851
Bug 2041765: Update BMO vendor #5705
Bug 2077411: for vsphere ipi add cluster domain to the uploaded vm configs so that 30-local-dns-prepender can use it #5827
Bug 2068948: Update region check for coreos AMIs #5752
Bug 2072135: vsphere: Use Managed Object ID for networks instead of potentially duplicate name. #5773
Bug 2062429: IBMCloud: Missing infra providertype #5693
Bug 2065808: stop considering Mint mode as supported on Azure (#5699) #5717
Bug 2064731: fix(ibmcloud): Properly match regex for DNS destroy #5711
Bug 2051334: Remove non-public AWS regions from list of regions #5624
Bug 2062748: vsphere: Not found TagCategory when destroying ipi cluster #5696
Full changelog

baremetal-machine-controllers

Update OWNERS #179
Bug 2099584: Update BMO vendor to v0.0.0-20211102102625-469cc9bf7fee #174
Full changelog

baremetal-operator

OCPBUGS-11686: allow namespace to continue with terminating when deprovisioning at t… #263
Bug 2061794: [4.10] Only update the HFS status on changes #247
Bug 2069638: Use deep copy/equal for host root device hints #221
Bug 2047930: Move from Available to Preparing if HostFirmwareSettings changed #210
Bug 2100996: Uplift kustomize to v4 to remove go-getter dependency #234
Bug 2097695: Stop treating missing network as fatal error #230
Full changelog

baremetal-runtimecfg

Bug 2084187: Avoid kubernetes node port range #178
Full changelog

cli, cli-artifacts, deployer, tools

OCPBUGS-16060: mcs cert: account for environments that use IP directly #1505
OCPBUGS-16196: reboot: set ignition version to 3.1 #1511
Add extraction for rhel7 oc #1490
Use rhel 8 builder to match the base image #1489
handle the error case of node retrieval while waiting for reboot #1487
bring some cert rotation helpers back into 4.10 [fix unit-tests] #1481
OCPBUGS-10750: pkg/cli/admin/upgrade/channel: Use PATCH instead of POST for spec updates #1379
OCPBUGS-10777: bump repo sclorg/s2i-ruby-container location for newapp test #1383
Bug 2086969: Delete recently created images when –prune-over-size-limit is used #1146
OCPBUGS-3968: set proper pod security ns labels #1293
Bug 2015119: bump(k8s.io/kubectl) to pick up k/k#110764 #1270
OCPBUGS-1788: oc adm logs: generate proper path for static pods #1246
OCPBUGS-1638: Increase default value of cache TTL to 6 hours #1241
Bug 2116526: oc adm inspect: check a resource exists before its inspection #1227
Bug 2106158: remove klog format and update messages for docker config deprecation #1205
Bug 2095584: Backport oc adm catalog mirror –continue-on-error flag #1170
Bug 2084591: [inspect] Add namespace-scoped networking resources to inspect #1133
Bug 2087248: Add the ReleaseAccepted condition to the oc adm upgrade command #1147
Bug 2080151: Remove network CRDs scheme registration #1122
Bug 2084429: Fix project command auto completion #1131
Bug 2077332: pkg/cli/admin/upgrade: Use PATCH instead of POST for spec updates #1114
Bug 2079325: Fix kubectl version to 1.23.0 #1117
Bug 2068763: make sure that we check for resorces and files before picking the simplest path #1098
Bug 2068474: expose –keep-startup flag for oc debug #1097
Bug 2049427: Enhancing the output provided when backup collections are attempted #1056
Bug 2060419: reuse SourceRepository.DetectAuth during argument classification for consistent interaction with private source repositories #1083
Bug 2051267: pkg/cli/admin/upgrade: Mention –allow-explicit-upgrade next step when appropriate #1052
And 2 elided commits (e.g. from squash or rebase merges)
Full changelog

cloud-credential-operator

OCPBUGS-13847: Determine AWS partition based on region for readOnlyAnonUserPolicyTemplate bucket ARN. #541
OCPBUGS-11717: ccoctl: Enable public anon read access to default OIDC S3 bucket #531
OCPBUGS-2802: Backport –credentials-requests-dir for ccoctl gcp delete. #507
OCPBUGS-2884: Make ccoctl use regional STS endpoint by default #504
OCPBUGS-2279: Add ccoctl support to create OIDC endpoint with private S3 bucket #501
Bug 2107276: Make ccoctl work with credentials fetched from gcloud cli defaults #479
And 1 elided commits (e.g. from squash or rebase merges)
Full changelog

cloud-network-config-controller

OCPBUGS-16626: pull project name from subnet uri #119
Bug OCPBUGS-5419: Add ApplicationSecurityGroups to InterfaceIPConfiguration #94
OCPBUGS-2162: Add resolver to handle custom endpoints #67
Bug 2075444: Get subnet information from subnet instead of from network addresses #40
Bug 2076935: azure: default empty environment to AzurePublicCloud #37
Bug 2062133: Fix Azure VNET lookup when the NIC’s subnet is in a different resource group #28
Full changelog

cluster-authentication-operator

Bug 2084054: only ever include certificates in the oauth-serving-cert CM #577
Bug 2060473: e2e: Pin Keycloack to the legacy variant #555
Full changelog

cluster-autoscaler

OCPBUGS-2546: UPSTREAM: <carry>: switched policy for PodDisruptionBudget from v1beta1 to v1 in time for 1.25 #245
Bug 2105110: Have VPA ignore phantom containers named “POD” #236
Full changelog

cluster-autoscaler-operator

Bug 2069095: add leader election flags to autoscaler deployment #243
Full changelog

cluster-baremetal-operator

OCPBUGS-3997: add a workaround for a NetworkManager issue #308
OCPBUGS-1239: do not rely on string “master” to be in BMH names #287
OCPBUGS-1517: [release-4.10] Fix a few papercuts #291
Bug 2101002: Uplift kustomize and BMO to remove go-getter dependency #281
Synchronize OWNERS from master #274
Bug 2091738: Fix interpretation of Deployment Status Conditions #267
Full changelog

cluster-bootstrap

Add API team to the OWNERS #96
Full changelog

cluster-cloud-controller-manager-operator

OCPBUGS-6039: Try to limit groups for the REST mapper discovery #229
Bug 2099499: Backport resourceapply changes for being able to recreate daemonsets/deployments #194
Bug 2079791: Ensure release version is injected into all controller status clients #187
Full changelog

cluster-config-operator

Bug 2072739: [release-4.10] Bump openshift/api to a83e6f8f1d #247
Full changelog

cluster-csi-snapshot-controller-operator

Bug 2062197: Fix race when setting Progressing condition #115
Full changelog

cluster-dns-operator

OCPBUGS-2602: Allow autoscaler to evict DNS pods #350
Full changelog

cluster-etcd-operator

OCPBUGS-10233: increase live/ready timeout and failure thresholds #1026
OCPBUGS-7741: fail early on missing node status envs #1008
OCPBUGS-7827: set default timeouts in etcdcli #1010
OCPBUGS-5425: only allow TLS1.²⁄₁.3 ciphersuites in etcd and CEO #979
OCPBUGS-2940: revisit defrag controller degradation #961
OCPBUGS-2920: update prometheus alerts #956
OCPBUGS-2800: Add niceness to important etcd processes #953
OCPBUGS-1758: fix cert rotation on IP changes #936
Bug 2116624: etcd-metrics container is flooding logs #906
OCPBUGS-200: Exits with a non-zero code in case Etcd backup fails #907
Bug 2108176: Fix etcd minor upgrade backup #892
Bug 2105249: Add etcd pod liveness and readiness probes #880
Bug 2086451: fix races in etcdclient #828
fixing unit test health flakes with tolerance #882
Bug 2105148: fix degraded missing cluster version #878
Bug 2102793: avoid extrapolation in leaderhip alert #870
Bug 2095579: etcdHighNumberOfFailedGRPCRequests alerts with wrong results #850
Bug 2101912: Upping defrag timeout to 1 minute #866
Bug 2095114: cluster-backup.sh script has a conflict to use the ‘/etc/kubernetes/static-pod-certs’ folder if a custom API certificate is defined #848
Bug 2010346: Add summary to etcd alert rules #825
Bug 2088131: remove etcd_perf before restore #836
Bug 2082312: Adding Thomas to reviewers, adding Allen to approvers #817
Bug 2080554: manually disable defrag #809
Bug 2079660: pkg/operator/upgradebackupcontroller: Pivot from Failing to ReleaseAccepted #806
Bug 2055833: Increase IBMCloud VPC heartbeat timeout to 500ms and leader election timeout to 2500ms #794
Bug 2059632: pkg/operator/metriccontroller/fsync_controller: Fix “treshold” -> “thresholds” typos #757
Bug 2076773: Update owners to add new team members #793
Bug 2059347: Fix FSyncController degraded latch #755
Bug 2069825: turn on initial corruption check #771
And 2 elided commits (e.g. from squash or rebase merges)
Full changelog

cluster-image-registry-operator

OCPBUGS-6972: OpenStack: Add support for Proxy #837
OCPBUGS-5974: swift: Retry connecting to OpenStack #832
add myself to OWNERS #838
Bug 2110957: Add progressing condition for node-ca daemon set #791
OCPBUGS-2107: Enable enableHttpsTrafficOnly for Azure storage account #804
Bug 2110957: Use actualDaemonSet for SetDaemonSetGeneration #799
Bug 2115267: Disable dualstack when it is not available #794
Bug 2110963: Bump aws-sdk-go to 1.44.4 #793
Bug 2083242: IR-253: add prometheus rules for image registry operations metrics #786
Bug 2083242: IR-120: Add prometheus rules for image stream tags rules #777
Bug 2083242: IR-120: Implementing metrics for ImageStreams #775
Bug 2084514: Fix cloudfront middleware configuration #780
Bug 2083559: IBMCloud: Add admin permissions to CR #778
Bug 2074050: Deployment annotations, runtimeClassName override and fs policy change #765
Full changelog

cluster-ingress-operator

OCPBUGS-4494: Update CRLs when they expire #861
BUG 2094051: Fix removing custom created service in openshift-ingress with same naming convention #820
Bug 2079034: Add allowPrivilegeEscalation to the router container #748
Bug 2097735: Fix loadBalancerServiceAnnotationsChanged check and update #784
Bug 2100630: Fix flakey logic in haproxy timeout tests #792
Bug 2082161: Delete LoadBalancer-type service finalizer logic #755
BUG 2063283: Disable keepalive for canary probe #719
Bug 2059210: Set Upgradeable=False if default cert has no SAN #710
Full changelog

cluster-kube-apiserver-operator

OCPBUGS-8235: Guard pod set readiness probe endpoint explicitly #1451
OCPBUGS-5345: routes/status resources can leak sensitive data #1421
OCPBUGS-2202: [release-4.10] Wire support for trusted service account issuers #1387
Bug 2060058: superfluous apirequestcount entries in audit log #1327
Bug 2071030: OCP 4.10 should be firing APIRemovedInNextEUSReleaseInUse for APIs removed in 1.25 #1335
Full changelog

cluster-kube-controller-manager-operator

OCPBUGS-8235: Guard pod set readiness probe endpoint explicitly 4.10 #704
OCPBUGS-466: PodDisruptionBudgetAtLimit should not alert when no app/pods exist #648
Bug 2116983: e2e: Fix test pod disruption budget at limit alert #646
Bug 2114587: add runbook urls to KCM-o alerts #645
Full changelog

cluster-kube-scheduler-operator

OCPBUGS-8235: Guard controller: set the readiness probe endpoint explicitly #465
Bug 2089336: Fix bootstrap leader election config #429
Full changelog

cluster-kube-storage-version-migrator-operator

Updating ose-cluster-kube-storage-version-migrator-operator images to be consistent with ART #65
Full changelog

cluster-machine-approver

Updating ose-cluster-machine-approver images to be consistent with ART #168
Bug 2072928: Reconcile recently approved CSRs by other controllers #162
Full changelog

cluster-monitoring-operator

OCPBUGS-11579: jsonnet: Add prometheus container in UWM prometheus asset file #1942
OCPBUGS-10491: Increase startupProbe for prometheus #1920
OCPBUGS-5864: grafana: add the Content-Security-Policy header to requests #1866
OCPBUGS-2623: Fix dashboards having container_fs* metrices in queries #1798
OCPBUGS-2037: Bump Thanos to 0.23.2 #1811
OCPBUGS-450: jsonnet: bump dependencies #1802
OCPBUGS-1446: [release-4.10] Use service ca beta annotation #1778
OCPBUGS-1676: Dedicated kubelet ServiceMonitor for prometheus-adapter #1777
OCPBUGS-924: increase alertmanager’s startupProbe failure threshold #1760
OCPBUGS-579: Give precedence to CMO config map proxy config #1751
Bug 2118303: Adds UWM extrenalLabels from Prometheus to ThanosRuler labels #1742
Bug 2099526: Updates jsonnet dependencies, prom-adapter #1715
Bug 2098505: Backport PR#1692 to release-4.10 #1695
Bug 2083242: IR-254: Collecting registry and image stream usage #1694
Bug 2089806: Refactors CreateRouteIfNotExists to CreateOrUpdateRoute #1677
Bug 2090422: pkg/manifest: Allow retention to be configurable for Thanos-Ruler in UWM #1678
Bug 2090602: Federation for UWM metrics #1657
Bug 2083460: Set timeout across Grafana components #1654
Bug 2077722: Adjust NodeFilesystemSpaceFillingUp thresholds according default kubelet GC behavior #1665
Bug 2075757: UWM: add SAR capabilities to prometheus cluster role #1653
Bug 2075757: use bearer token as fall-back authn method #1641
Bug 2062452: React to changes in clusteroperators #1585
Bug 2060756: Properly deal with an empty console URL #1582
Bug 2058148: jsonnet: Give CMO explicit get permissions for ReplicaSets #1568
Full changelog

cluster-network-operator

OCPBUGS-343: Configure ignored namespaces into multus-admission-controller #1809
OCPBUGS-12795: remove TLS_RSA_WITH_AES_128_CBC_SHA256 cipher #1794
OCPBUGS-11828: Kuryr: Update CRD from upstream #1782
OCPBUGS-64: CNI binary copy should account for the possibility of symlinks [backport 4.10] #1617
OCPBUGS-5955: Backport Added missing API field podref to OverlappingRangeIPReservation CRD #1687
OCPBUGS-6736: Remove nbctl logfile #1587
OCPBUGS-5575: CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be #1682
Bug 2092193: Bump PodDisruptionBudget to v1 #1470
OCPBUGS-4614: ipsec: Run ovs-monitor-ipsec in the foreground and change probes #1651
Jira OCPBUGS-3853: IPsec: Fix broken counter++ expression #1646
Bug 2111588: Enable OVS metrics for ovnk #1599
OCPBUGS-1538: Make northd probe interval default to 10 seconds #1563
Bug OCPBUGS-942: Kuryr: Bump timeoutSeconds for livenessProbe #1550
Bug 2095111: ovn: fix northd preStop command handling #1477
Bug 2083266: Limit Kuryr pods permissions #1435
Bug 2077384: Bump max value of hist quantile for kuryr_cni_request_duration #1388
Bug 2084591: Cleanup CNO relatedObjects #1467
Bug 2085510: OCPVE-106 Customize rollout strategy to fix SNO upgrade #1445
Bug 2078501: [release-4.10] Drop Node update permission for sdn-node #1410
Bug 2058508: Add rolling update strategy for Kuryr-CNI. #1321
Bug 2083593: Add default-route field to egress-router k8s.v1.cni.cncf.io/networks #1436
Bug 2079031: Make the use of the ip-reconciler cronjob opt-in by detecting IPAM type usage [backport 4.10] #1398
Bug 2081149: Reserve port TCP/9104 for cluster-network-operator #1418
Adds dougbtv to owners [release-4.10] #1401
Bug 2058672: ip-reconciler cronjob specification requires hostnetwork, api-int lb usage & proper backoff [backport 4.10] #1322
Bug 2057961: Do not apply OVN-Kubernetes PodDisruptionBudget on single-node clusters #1317
Bug 2052446: Kuryr: Decrease vif_annotation_timeout #1303
Update project owners #1332
Full changelog

cluster-node-tuning-operator

Switch to OS-shipped stalld (#490) #490
e2e: check for tsc=reliable instead of tsc=nowatchdog (#428) #428
Ignore Profile updates triggered by old operands (#357) #357
Full changelog

cluster-openshift-apiserver-operator

OCPBUGS-5345: routes/status resources can leak sensitive data, exclude it from audit #514
[release 4.10] Bug 2109235: openshift-apiserver pods never going NotReady #501
Full changelog

cluster-policy-controller

OCPBUGS-5788: clusterquotareconciliation: do not sync quota monitor cache with no monitors registered #97
Full changelog

cluster-samples-operator

OCPBUGS-2132: openshift template cakephp-mysql-persistent apiVersion for 4.10 #466
Full changelog

cluster-storage-operator

OCPBUGS-691: [release-4.10] correct sc error messages for ibm and alibaba platforms #314
OCPBUGS-286: HTTPS_PROXY ENV missing in some CSI driver operators #311
Bug 2098655: gcp cluster rollback fails due to storage failure #300
Bug 2102242: Add missing ibm cloud annotations to prometheus rbac #293
Bug 2072191: cluster storage operator AWS credentialsrequest lacks KMS privileges #268
Bug 2061483: Incorrect installation of ibmcloud vpc csi driver in IBM… #265
Full changelog

cluster-update-keys

Updating ose-cluster-update-keys images to be consistent with ART #41
Full changelog

cluster-version-operator

OCPBUGS-10814: pkg/cvo/availableupdates: Prioritize conditional risks for largest target version #917
OCPBUGS-233: pkg/cvo/updatepayload: Set ‘readOnlyRootFilesystem: false’ #824
OCPBUGS-235: pkg/clusterconditions/promql: Cap PromQL queries at 5 minutes #825
Bug 2108292: pkg/cvo: retain initial completed update history entry #798
Bug 2094078: pkg/cvo/updatepayload: Guard against ‘rm -fR -whatever’ with ./* #787
Bug 2090150: pkg/cvo/sync_worker.go: Save overrides #782
Bug 2083370: Do not save desired update on load failures #776
Bug 2080058: pkg/cvo/updatepayload: Prune previous payload downloads #769
Bug 2071211: lib/resourcebuilder/batch: Stop waiting on Job deadline exceeded #764
Bug 2064991: pkg/cvo: Separate payload load from payload apply #753
Bug 2052839: pkg/cvo/sync_worker: Use current state, not suggested state, for guarding Initializing->Updating #738
Bug 2053359: Feature gate initialization #740
Full changelog

configmap-reloader

OCPBUGS-6538: go.mod: update github.com/prometheus/client_golang to v1.11.0 #49
Full changelog

console

OCPBUGS-18014: When removing the project owner from the project in GUI, instead of that user, the group (the default group added as project admin through the project template) will be removed. #13100
OCPBUGS-15932: visiting Configurations page returns error Cannot read… #12985
OCPBUGS-13831: Get the Event type value from the latest PLR of the Repository #12833
OCPBUGS-13358: add subject kind dropdown in the project access form #12803
OCPBUGS-8320: Repositories list does not show the running pipelinerun as last pipelinerun #12623
OCPBUGS-12438: Fix that topology sidebar actions shows outdated data (Edit Pod Count, Edit labels, Edit annotations, etc.) #12533
OCPBUGS-7961: fix broken pipeline secret #12607
OCPBUGS-7478: Add RBAC check on Create a Project link in all-namespaces pages #12566
OCPBUGS-12245: disable operator-install-single-namespace.spec.ts to solve CI issues #12752
OCPBUGS-7657: Editing Pipeline in the ocp console should show correct information #12576
OCPBUGS-7787: [4.10.z] Fix kubevirt-console tests #12580
OCPBUGS-6754: Fix for initial showing of topology contents #12486
OCPBUGS-5296: Pan nodes into view if all nodes are not visible on load #12485
OCPBUGS-6690: Fix NPE when displaying CSV with incomplete information #12481
OCPBUGS-5961: add support for version v1beta1 for knativeServing and knativeEventing #12441
OCPBUGS-3485: check that user can patch console operator config in s… #12258
Bug 2105911: Fix create-namespace e2e test with updated 3scale operator #11811
OCPBUGS-3619: Find latest pipeline run without firehose selector #12265
OCPBUGS-3336: Add checks for pods in hpaPodRingLabel #12249
OCPBUGS-2717: Update dependencies to the registry library and devfile parser #12191
OCPBUGS-2781: Fix broken advanced options layout on the add page #12204
OCPBUGS-3161: ‘CatalogSource not found’ in the virtualization #12202
Bug 2072792: Fetch common templates in a different namespace #12163
Bug 2071517: Fix swap usage queries for Top Consumers card in virtualization Overview page #12172
Bug 2090127: Remove nodeSelectorTerms if not defined #12161
Bug 2052469: Filter template list for boot source available #12164
OCPBUGS-2583: attach owner reference to resources created on creating a user to allow garbage collection #12189
OCPBUGS-2894: UI crash when storage class had missing annotation #12220
OCPBUGS-1696: Handle missing BMH for Node gracefully #12129
OCPBUGS-1465: mock call to /api/devfile in e2e #12062
OCPBUGS-2622: Use local test data to mock a devfile registry #12194
OCPBUGS-2523: updates test id for 3scale #12184
Bug 2072790: Regression “Create VM” #12160
OCPBUGS-938: do not show NodesUpdateGroup if there are 0 nodes #12061
Bug 2090127: CNV 20527: Enable boot source select for vm template #12082
Bug 2094074: Remove error on user template with DS #12092
Bug 2054917: Fix template example yaml #12091
Bug 2072790: Select template using also queryParams #12090
OCPBUGS-1759: Show already loaded catalog items after a timeout (3sec) #12106
OCPBUGS-403: fix broken update server link #11974
OCPBUGS-1815: fetch shared resource imagestreams based on labels instance or name #12110
Bug 2107898: Access mode and volume mode with sourceRef will now be taken from default storageclass #11907
OCPBUGS-1828: Fix devfile registry assertion #12112
OCPBUGS-1634: Update registry library dependency to pick up proxy support #12040
Bug 2080389: Link to documentation from the overview page goes to a missing link #11909
OCPBUGS-382: [OSD] ClusterVersion YAML editor should be read only #11922
OCPBUGS-550: Input values in Instantiate Template are disappeared randomly in the developer console #11983
Bug 2077142: Fix Web Terminal availability check to verify operator is installed #11374
Bug 2117642: Backport CI test fix to relase 4.10 #11966
Bug 2117351: fix helm readme bug #11950
Revert “Bug 2100103: Can’t delete rootdisk in customization wizard” #11932
Bug 2114833: Use hostname from provided git url when making git api calls #11924
Bug 2111335: Cannot edit ssh even vm is stopped #11886
Bug 2101412: fix bug where Cluster update modal errors weren’t displa… #11765
Bug 2112910: Fix search redirect #11914
Bug 2100103: Can’t delete rootdisk in customization wizard #11887
Bug 2052444: Unstar RHEL 7 template #11885
Bug 2110536: add z-index to ocs-drawer to make box-shadow visible #11873
Bug 2110938: VM list page crashed #11879
Bug 2063153: Use link to the downstream doc for Sysprep info #11772
Bug 2108193: update icons for eventSource and eventSink #11847
Bug 2053703: Handle blank usernames in error message #11045
Bug 2109225: Remove modelsLoaded conditional rendering from ModelStatusBox #11857
Bug 2106385: Fix CronJob resource version to batch/v1 #11820
Bug 2106385: redirect v1beta1 CronJobs #11819
Bug 2095217: VM SSH command generated by UI points at api VIP #11779
[release 4.10] Bug 2094584: Cant create vm with sysprep #11775
Bug 2100974: Restore spacing between/below modal body content #11763
Bug 2092832: Check if spec is available in MCP details page #11629
Bug 2084629: Add params prop to HorizontalNav component #11488
Bug 2100330: disable upload for sourceRef templates #11774
Bug 2104889: Fix topology sidebar update issues #11798
Bug 2052416: fix offensive vm names #11778
Bug 2094194: fix bug where log stream pauses in Chrome #11654
Bug 2100345: fix clone vm error creating DV #11770
Bug 2097338: Filter virtualization alerts in status card #11715
Bug 2094215: Pass contextSource to TopologyApplicationActionProvider #11656
Bug 2099600: Topology toolbars are unaligned to other toolbars #11703
Bug 2095637: Disable update channel validation as well #11753
Bug 2078699: Display disk size in correct units #11746
Bug 2099527: Bug fix context menu position on topology #11735
Bug 2078699: Display disk size in GiB in VM customize wizard #11733
Bug 2079985: use the correct Alertmanager tenancy proxy #11418
Bug 2094348: Display only running VMs in Virtualization Overview chart #11659
Bug 2095217: Fix SSH command string #11679
Bug 2062980: fixes uri case for event sink #11175
Bug 2092496: [release-4.10] Added vault_tenants_sa to the list of supported providers #11584
Bug 2094863: fix web terminal start #11672
Bug 2094211: Change Ping source spec.jsonData (deprecated) field to spec.data #11655
Bug 2090750: Handle medik8s node maintenance #11581
Bug 2091482: change metrics queries based on metrics level configurations #11595
Bug 2089589: add debounce to tektonhub versions api call to avoid many calls #11552
Bug 2092140: Avoid using ‘gp2’ hardcoded storage class #11618
Bug 2089315: fix rolebinding in DevConsole dropping all subjects when updating #11545
Bug 2095637: Fix failing backend test after devfile registry update #11710
Bug 2094001: Add high priority alerts to overview #11647
Bug 2092168: Add ‘Unavailable’ status to clusteroperator status filter #11619
Bug 2088210: Monitoring: Fix first panel sometimes not rendered #11528
Bug 2090124: Removing SSH service selectors to minimum required #11565
Bug 2081946: Fix default branch param in pipeline import from git flow #11442
Bug 2091402: cloud-init User check for Windows VM refuses to accept capitalized #11592
Bug 2084430: fixes apiversion for k8s svc and resource selection for sink for form yaml switcher #11482
Bug 2087065: show Limit exceeded state for large number of nodes in topology #11506
Bug 2050273: Update MON_DISK_LOW whitelisted alert documentation URL #11411
Bug 2089162: Change learn more link in virtualization -> migration tool #11541
Bug 2089547: Eliminate use of lookaside cache and move to Cachito #11551
Bug 2088430: Set dashboards timeout based on selected timespan #11532
Bug 2084091: MCG standalone deployment page goes blank when the KMS option is enabled #11479
Bug 2088247: Different status shows on VM list page and details page #11538
Bug 2087041: back port conditional updates #11487
Bug 2088281: Attached disk keeps in loading status when add disk to a power off VM by non-privileged user #11530
Bug 2088246: Overview page crash if no labels available #11525
Bug 2051433: [release-4.10] Create HANA VM does not use values from customized HANA templates #11011
Bug 2088255: Adding missing annotations to create VM from YAML #11527
Bug 2088019: The default YAML on vm wizard is not latest #11522
Bug 2083729: Fix Filter Dropdown State Management #11471
Bug 2084489: Create VM from template that has sourceRef - will now reflect sourceRef at yaml #11485
Bug 2076989: Fix ResourceQuota dashboard card and ACRQ donut label #11367
Bug 2083385: fix bug where “Update blocked” label incorrectly displa… #11466
Bug 2076370: fix CRD name filter #11356
Bug 2083551: customize wizard is crashed #11469
Bug 2076275: Update and scope our breadcrumb padding rule so it doesn’t effect a pure implementation #11365
Bug 2076777: add update mode to Update cluster #11364
Bug 2074163: remove .pf-c-button.pf-m-link override #11315
Bug 2071904: Translate Extensions On Each Language Change #11348
Bug 2078385: Remove reference to deprecated v2v-vmware ConfigMap #11387
Bug 2076369: fix bug where ClusterRole > RoleBindings did not display… #11354
Bug 2073477: Add IBM Flashsystem volume types #11308
Bug 2077641: Improve Firehose cache, so that it does not return unexpected data also if isList differs on two concurrent calls #11382
Bug 2065008: add a hardcoded blog link as fallback in guided tours #11193
Bug 2074571: fix bug where Cluster Settings shows 0 of N, 0% progres… #11319
Bug 2073023: Fix WebSockets not reconnecting during upgrade #11302
Bug 2072839: fix bug where RoleBindings are not displaying in ClusterRole > RoleBindings #11297
Bug 2069246: Fixed the render of a Tab Extension when there is a version present #11242
Bug 2076221: Fix failing TestGetRegistrySamples test #11351
Bug 2057218: Added support for customized wizard - new templates #11341
Bug 2069959: Update getting started blog link #11255
Bug 2074895: Display correct disk size in Edit disk modal #11329
Bug 2061250: Update ConsolePlugin manifest #11267
Bug 2072440: avoid pre-fetching tekton hub task versions in pipeline builder #11290
Bug 2067719: correct ChannelDocLink url #11225
Bug 2069913: Fix disabling community tasks in pipeline builder issue #11253
Bug 2059186: Don’t pass Authorization header when not needed #11108
Bug 2048892: Add empty state to running VMs card #10986
Bug 2054949: Disabling Vault SA based auth for storage class encryption #11064
Bug 2049762: Cannot change storage class of boot disk when creating VM #10994
Bug 2054650: Allow custom template namespace #11057
Bug 2067983: Pipeline metrics: use prometheus-tenancy API to get data #11226
Bug 2065480: Fix VolumeSnapshot creation sort #11196
Bug 2064988: [Tekton Hub] show read more link in the task quick search details pane #11192
Bug 2057507: Decode secrets before authorizing repository #11094
Bug 2052414: Add started-by annotation to pipelines created with “Start last run” #11015
Bug 2059807: Show standalone resources as sink and not the one’s owned by other resource #11119
Bug 2065672: Fix alert from showing an object #11200
Bug 2060090: updates versions for kafka and kafkaTopic #11127
Bug 2059989: Fix to add labels to webhook secrets created during import #11125
Bug 2056512: fix ClusterOperator Status, Version col sorts #11084
Bug 2064510: Change the tekton hub api endpoint to use v1 api #11186
Bug 2062258: Add optional chaining to avoid npe #11164
Bug 2059805: clear dashboard variables for dev perspective on unmount #11118
Bug 2060448: Fix potential issues with namespaces that contains just numbers #11132
Bug 2059849: fix console crashing in the edit deployment form #11122
Bug 2055444: Fix sticky footer in pipeline builder’s form yaml switcher #11079
Bug 2054757: (Topology) Performance improvement by reducing rerenderings and deep-copy toJSON() calls #11059
Bug 2062146: Allow topology list to select application group #11162
Bug 2059848: fix duplicate edit app action on installing virtualization operator #11121
Bug 2062837: Remove tech preview badge for web terminal #11173
Bug 2055290: Sum total memory of unnamed container only #11072
Bug 2057260: Fix pipeline run logs autoscrolling issue #11092
Bug 2048047: Make namespace bar full width and sticky in console #11065
Full changelog

console-operator

OCPBUGS-11342: Deleting downloads deployment should not fail if already deleted #744
OCPBUGS-14845: Distinguish between route conditions and remove the old ones #768
Bug 2106944: InfrastructureTopology must be driving console affinity rule creation #664
Bug 2078912: Modify the operator display name to match it with the name displayed in operatorhub #651
Bug 2076453: Console operator should not block installation/upgrade process when set to Removed state #649
Bug 2059992: Re-enable TestMetricsEndpoint e2e test case #646
Bug 2054535: ODF quickstart permissions check #637
Bug 2054199: Dockerfile.rhel7: add new Helm CRD, ProjectHelmChartRepository #636
And 1 elided commits (e.g. from squash or rebase merges)
Full changelog

container-networking-plugins

Bug 2103175: Sysctl IFNAME [backport 4.10] #63
Full changelog

coredns

OCPBUGS-2902: Remove bufsize hardcoding to 2048 on cache upstream refreshes. #80
Full changelog

csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager

OCPBUGS-6903: Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.23 into release-4.10 #177
OCPBUGS-5012: Sync with upstream release-1.23 #158
Full changelog

csi-driver-manila-operator

OCPBUGS-10722: Bump go.mongodb.org/mongo-driver to v1.5.1 #178
OCPBUGS-7796: Address CVE-2022-41717 #169
Bug 2091649: SWEET32: Improve TLS configuration for Kube RBAC Proxy #150
Full changelog

csi-driver-nfs

OCPBUGS-10554: Bump go.mongodb.org/mongo-driver to v1.5.1 #114
Full changelog

csi-livenessprobe

OCPBUGS-13143: Bump gRPC from 1.38.0 to 1.49.0 #41
Full changelog

docker-builder

OCPBUGS-15652: Add the git-lfs package #355
OCPBUGS-11782: manage-dockerfile: use the original form of HEALTHCHECK #342
OCPBUGS-205: Add support for BUILDAH_QUIET environment variable #310
Full changelog

docker-registry

OCPBUGS-920: Keep OCI image configs when hard prune #344
Bug 2110963: Bump aws-sdk-go to 1.44.4 #340
Bug 2099416: Support authentication using gcp workload identity federation #336
Bug 2085414: forward http.StatusTooManyRequests to client #332
Bug 2069807: Bug 2060362: Revert “Support authentication using gcp workload identity federation” #321
Bug 2061785: Fix ICSP for subrepositories #318
Full changelog

driver-toolkit

Adding kernel-rpm-macros to the Dockerfile. (#109) #109
Full changelog

etcd

Update owners #187
Updating ose-etcd images to be consistent with ART #151
OCPBUGS-5950: UPSTREAM:<carry>: etcdserver: process the scenaro of the last WAL rec… #179
OCPBUGS-3103: Rebase openshift/etcd 4.10 onto v3.5.6 #171
OCPBUGS-2142: Rebase openshift/etcd 4.10 onto 3.5.5 #156
Update OWNERS #123
Bug 2077498: Merge Upstream etcd 3.5.3 into Openshift 4.10 #118
Full changelog

gcp-machine-controllers

OCPBUGS-5291: refactor restartPolicyToBool function #36
Full changelog

gcp-pd-csi-driver-operator

Bug 2098655: gcp cluster rollback fails due to storage failure #49
Full changelog

grafana

OCPBUGS-4260: bump github.com/crewjam/saml dependency #93
Full changelog

haproxy-router

Bug 2098230: Fix gap in router’s handling of graceful shutdowns. #406
Bug 2096362: HAProxy: enable PROXY protocol for all listeners #405
Bug 2076371: generateRouteHostRegexp: Escape blanks #385
Full changelog

hyperkube, pod

OCPBUGS-8735: UPSTREAM: <drop>: bump apiserver-library-go #1628
OCPBUGS-8314: bump to k8s 1.23.17 #1497
OCPBUGS-10244: Fix mounted volume expansion tests #1510
OCPBUGS-3434: UPSTREAM: 113517: kubelet: fix pod log line corruption when using timestamps and long lines #1415
UPSTREAM: <carry>: Wait for default service account in node authorizer test #1398
Bug 2101326: bump to k8s 1.23.12 #1382
OCPBUGS-1266: UPSTREAM: <carry>: Remove reserved CPUs from default set #1362
Bug 2106414: UPSTREAM: 109103: cpu/memory manager containerMap memory leak #1318
Bug 2103381: UPSTREAM: <carry>: update list of deprecated apis #1306
Bug 2104928: UPSTREAM: 109932: fix: exclude non-ready nodes and deleted nodes from azure load balancers #1263
Bug 2067464: Backport 107821 and 107831 #1241
Bug 2075831: UPSTREAM: 109487: Disable JobTrackingWithFinalizers due to unresolved… #1244
Bug 2074094: UPSTREAM: <carry>: An APIRequestCount without dots in the name can cause a panic #1237
Bug 2069311: UPSTREAM: <carry>: use hardcoded rest mapper from library-go #1231
Bug 2065774: Backport 108723 OutofCpu Fixes #1221
Bug 2065620: Rebase 1.23.5 #1220
Full changelog

hypershift

OCPBUGS-10823 ensure well known public domains do not get proxied on image imports #2412
Use non-strict mode when parsing global config #1619
adopt existing immutable selectors to prevent errors reconciling components from roks toolkit clusters #1571
cache registry files #1567
feat(oauth): allow challenge override for OpenID #1543
Add fallback set cache value from old token #1531
Set Recommended Leader Election Values #1507
feat(cpo): Support disable profiling annotation #1501
Use ImagePullPolicyIfNotPresent for HO #1483
Updated secret permissions to conform to kubernetes CIS benchmark #1480
Ensure that everything uses imagePullPolicy IfNotPResent for resiliency #1475
Add missing control plane prometheus rules #1471
Ensure cache is set during token rotation before reconciling #1461
Fix(cpo): Propagate TLS security profile config to kube-controller-manager and kube-scheduler #1416
feat(cpo): adhere to upgrade order from kube version skew policy #1410
Set shutdown params to improve graceful shutdown #1387
fix(cpo): Scope down secrets access for olm collect profiles cj #1378
move to ga apis for all components now that management clusters at minimum release boundary #1361
configure cipher suites to prevent using medium strength ssl ciphers #1359
Use apiserver host/port from InfraStatus in reconciling Kube API Server #1333
Ignition server: Actually use workdir #1317
Use forked processes instead of pods to generate ignition payload #1311
disable reconcile of registry config in IBMCloud deployments #1309
feat(cpo): Disable PodSecurity for 4.10 #1289
Disable PodSecurity admission in 4.11 as it breaks conformance #1286
Expose a service account signing key in the API #1265
release-4.10 - Create valid route names with long namespace names #1252
Fast-Forward from main #1233
Forward from main #1190
Forward from main #1178
Update release-4.10 branch with latest from main #1173
Update release-4.10 branch with latest from main #1160
Forward from main #1148
Updating hypershift images to be consistent with ART #1121
Full changelog

ibm-vpc-block-csi-driver

OCPBUGS-1488: Add udev #20
Full changelog

ibm-vpc-block-csi-driver-operator

Bug 2077419: [4.10] [ibm-vpc-block] Unable to change default storage class #35
Full changelog

image-customization-controller

OCPBUGS-3999: use host IPC for the agent container #71
OCPBUGS-754: mount /run/udev into the agent container #64
Bug 2098627: Remove the container at exit #56
Update OWNERS to current team status #53
Bug 2061977: Add delay between ironic-agent restart, but restart forever #54
Bug 2061977: Restart ironic-agent.service when it fails #43
Full changelog

insights-operator

OCPBUGS-6832: feat(recent_metrics) adds openshift_apps_deploymentconfigs_strategy_total (#726) (#740) #726
OCPBUGS-1987: do not periodically update Available clusteroperator co… (#718) (#720) #718
helm upgrades and uninstalls backport 4.10 (#663) #663
OCPBUGS-251 Gather status of the cephclusters.ceph.rook.io resources (#659) #659
Backport console helm installs to 4.10 (#638) #638
Bug 2081844: Fix the clusteroperator conditions values when IO is (#619) #619
Bug 2079318: Remove PSP gatherer (#608) (#615) #608
Bug 2072848: Gather namespace names with overlapping UIDs (#605) #605
Gather some error messages from the kube-controller-manager containers (#598) #598
Gather cluster images.config.openshift.io resource definition (#581) #581
Full changelog

ironic

OCPBUGS-13729: Bump python-sushy #374
OCPBUGS-7163: Increase power_state_change_timeout setting #348
Bug OCPBUGS-6886: Fix setting boot related attributes #347
OCPBUGS-5344: Configure Ironic iLO driver to use web server #343
OCPBUGS-4467: Remove RDO distribution configuration #330
OCPBUGS-5415: Update packages versions with latest available #345
Bug OCPBUGS-3477: Improve resiliency of eTag handling #316
OCPBUGS-2829: Removed ServerName from VirtualHost Directives #307
OCPBUGS-1740: Backport improvements to iDRAC steps to OCP 4.10 #303
OCPBUGS-1225: sync BIOS settings fixes #298
Bug 2109125: Upgrade version of ironic package to include fix for ZTP deployment #284
Bug 2080442: Update sushy version #272
Full changelog

ironic-agent

OCPBUGS-7533: make coreos-installer output available in the logs #68
OCPBUGS-1232: Include Fix for discovering bond interfaces #63
Bug 2100775: Include Fix discovering WWN/serial for devicemapper devices #56
Bug 2100836: Add missing multipath modules #55
Bug 2089312: multipath fix for passive paths #52
Bug 2053752: import time #49
Bug 2053752: Bump retries for UEFI boot configuration #48
Bug 2061278: [release-4.10] Retry UEFI boot Configuration #43
Bug 2048481: Update ironic-python-agent to latest bugfix version #38
Full changelog

jenkins, jenkins-agent-base, jenkins-agent-maven, jenkins-agent-nodejs

OCPBUGS-14650: Bump Jenkins plugins to latest versions #1696
OCPBUGS-14401: Combined backport updates #1689
OCPBUGS-14279: Updates to use Java 11 by default #1682
mitigate CVEs #1675
OCPBUGS-13654: Bump Jenkins version and Plugin versions #1672
OCPBUGS-11499, OCPBUGS-11500, OCPBUGS-11501: Various issues #1658
OCPBUGS-11238: Fix labels for jenkins-slave-base-rhel8 #1643
OCPBUGS-10012, OCPBUGS-10020, OCPBUGS-6079: Bump Jenkins #1639
OCPBUGS-11236, OCPBUGS-11237, OCPBUGS-11239: Bump Jenkins version to 2.387.1 #1642
OCPBUGS-11240: configuration-as-code bumped to 1569.vb_72405b_80249 #1644
OCPBUGS-6627: Bump script security plugin #1624
OCPBUGS-7238: Enable Websocket support #1587
OCPBUGS-7052: Sync jenkins version and plugins with ma… #1582
OCPBUGS-4095: Required Plugin workflow-multibranch #1569
OCPBUGS-6645: Handle routes properly in s2i/run #1562
OCPBUGS-4095: Various CVEs September/2022 #1547
OCPBUGS-900: Bump openshift login plugin to 1.0.29 #1561
OCPBUGS-912: Add maven plugin dependency in base plugins #1530
OCPBUGS-3697: [release-4.10] Update OWNERS #1521
[release: 4.10] OCPBUGS-2137: Sync javax-mail-api with version required by jenkins 2.361.1 #1496
OCPBUGS-724: Update blueocean-autofavorite to 1.2.5 #1478
OCPBUGS-2943: Force git-server to an earlier version #1509
OCPBUGS-2185: Bump Jenkins version to 2.361.1 #1499
OCPBUGS-1440: fix install plugins script #1484
OCPBUGS-1037: Install glibc language package to remove setLocale warning #1480
OCPBUGS-473: CVE mitigations #1479
OCPBUGS-713: Add user coreydaley to approvers list #1477
OCPBUGS-400: Revert xmlstarlet usage #1469
Bug 2095620: Bump matrix-project plugin to 1.20 #1453
Bug 2080204: Correctly declare Jenkins URL with trailing slash #1441
Bug 2076253: Mitigate multiple CVEs #1430
Bug 2075135: set necessary JVM args to allow jenkins JVM to come up on a FIPS node #1425
Bug 2069134: [release-4.10] Update bundle-plugins.txt #1420
Bug 2069134: [release-4.10] Enable supply-chain check #1417
Bug 2061616: [release-4.10] Compute bundle plugins in build #1398
Bug 2063898: [release-4.10] 2022-02-15 Security Advisory #1403
Bug 2062053: Add Jitendar to OWNERS file #1401
Bug 2055653: Add xmlstarlet to handle JENKINS_PASSWORD properly #1391
Full changelog

kube-proxy, sdn

OCPBUGS-13919: save and delete the old egress network policy #545
OCPBUGS-13984: CVE-2018-17419 ose-node-container: dns: Denial of Service (DoS) [openshift-4] #548
OCPBUGS-10912: Fix race in Egress IP Tracker start #524
OCPBUGS-10524: Initialize egress node monitoring struct with previous reachability status #519
OCPBUGS-8091: Handle race condition to setup default vnid flows #512
OCPBUGS-5977: Use pagination and set ResourceVersion to 0 when listing resources #494
OCPBUGS-6911: Add node egress IP assignment resync #501
OCPBUGS-2106: fix network policy egress #465
Bug OCPBUGS-4387: Rebase against cherry-pick of kubernetes#107413 #475
OCPBUGS-3996: egressip: Continue to process other nodes if a node is not ready #472
OCPBUGS-647: Fix DNS endpoint hack to prefer local instead of forcing it #467
OCPBUGS-647: Fix OCP hack to prefer local DNS endpoints #457
OCPBUGS-255: setup network policy rules during pod creation to fix postStart hook #455
Bug 2078501: [release-4.10] Remove node-tainting for too-small MTU #422
Bug 2087763: Probe failures and pod restarts during 4.7 to 4.8 upgrade #431
Bug 2082451: Masquerade in cluster traffic that is marked for egress IP #430
Bug 2066466: Fix releasing egress IP in cloud environments #416
Bug 2064807: Rebase SDN k8 1.23.4 #415
Bug 2062859: mixed ingress and egress policies can result in half-isolated pods #410
Full changelog

kube-state-metrics

OCPBUGS-4086: cherry-pick, do not expose ingress path metric when service is nil #86
OCPBUGS-2196: internal/store: fix metrics slice length #79
Bug 2078835: internal/store: fix potential panic in pod store #70
Bug 2085329: Use v1 PodDisruptionBudget and CronJob resources #72
Full changelog

kuryr-cni, kuryr-controller

OCPBUGS-15491: KuryrPort cleanup: Fix issue of subport not found #736
Bug OCPBUGS-13779: Fix ValueError when Pod has no IP address #732
Bug OCPBUGS-2216: Cleanup KuryrPort when Pod is missing #702
OCPBUGS-11828: CNI: Watch for deleted pods #712
Bug OCPBUGS-941: Fix unbound router_id variable while creating event #688
Bug 2082079: Parallelize ports removal #663
Bug 2097277: Use upper-constraints.txt from stable/xena in UT #673
Bug 2077384: Increase cni_request_duration buckets #656
Bug 2055661: Update KLB .spec.provider when required #637
Full changelog

machine-api-operator

OCPBUGS-13600: vSphere - enable steal time accounting #1143
OCPBUGS-11327: Fix empty component version #1134
OCPBUGS-8359: Append annotations from machine template spec to the node #1125
Updating ose-machine-api-operator images to be consistent with ART #1103
OCPBUGS-957: Change “create” sequence with powering on the vm after clone #1065
Bug 2109124: Add DescribeRegions permission for aws controller #1046
Bug 2086104: Set vCenter client request timeout #1017
Full changelog

machine-config-operator

Permit consistent go compilation #3748
OCPBUGS-9837: Increase keepalived API check fall value to 3](https://github.com/openshift/machine-config-operator/pull/3176#top) #3176
OCPBUGS-10703: configure-ovs: fix mtu-migration cleanup #3622
OCPBUGS-5692: 4.10 - remove goutils from dependency tree #3500
OCPBUGS-4830: daemon: gate done state on uncordon completion #3278
OCPBUGS-6702: controller: don’t render new MC until base MCs update #3517
OCPBUGS-5831: Do not allow empty system reserved values #3487
OCPBUGS-4810: Sync controllerconfig anyway if daemon sync fails #3454
OCPBUGS-4136: configure-ovs: auto-connect ovs-if-phys0 with br-ex #3436
OCPBUGS-4134: Avoid NM managing patch port between br-int and br-ex #3435
OCPBUGS-3500: Add ephemeral storage to kubelet system reserved args #3408
Bug 2069754: [on-prem] Add NetworkManager reload to resolv-prepender #3041
OCPBUGS-2973: drop doc overlaysize default #3395
OCPBUGS-2070: Make sure there is a search domain in resolv.conf #3366
OCPBUGS-642: Fix .ssh directory not owned by core when created by Machine Config Daemon #3315
Bug 2118609: Fix problem with retaining data in string array in piped while loop #3289
Bug 2118607: configure-ovs: clone inactive autoconnect slaves #3288
Bug 2100894: fix MCNameSuffix with kcfg ctrrcfg #3224
Bug 2084187: Avoid kubernetes node port range #3145
Bug 2099686: controller: de-couple FIPS and realtime detection #3201
Bug 2098626: configure-ovs: improve handling of static ip and mac address configuration #3197
Bug 2096564: Bug fix for node drain caused by ICSP objects #3181
Bug 2089757: configure-ovs: avoid restarting NetworkManager #3159
Bug 2085410: OVN Kubernetes configure-ovs-network set static if conversion metric #3147
Bug 2081317: configure-ovs.sh: Provide store hint for default route interface #3131
Bug 2076493: [on-prem] make Corefile api matching stricter #3095
Bug 2082567: [vsphere] remove warning encountered on vSphere UPI cluster without API VIP #3138
Bug 2069798: ClusterRoleUpdated/ClusterRoleBindingUpdated Spamming Event Logs #3045
Bug 2079097: Ensure only one apiserver-watcher process is active on a node. #3121
Bug 2071696: Add KUBELET_NODEIP_HINT to nodeip-configuration #3058
Bug 2072621: Fix bootstrap-unit test failure caused by #3008 #3109
Bug 2076308: Move removeUpdateInProgressTaint functionality to mcc #3091
Bug 2072621: [OCPNODE-869] Create a drop-in file for cri-o’s seccomp use default config #3008
Bug 2070492: configure-ovs: move dhcp config from br-ex to ovs-if-br-ex #3049
Bug 2062666: configure-ovs: reload NM only when necessary #3005
Bug 2062290: Add –templates flag to MCC bootstrap command #2997
Bug 2063326: [release-4.10] Ensure directories are created with usable permission bits #3012
Bug 2060954: Explicitly set keyfile as the default plugin #2985
Full changelog

machine-os-images

OCPBUGS-960: Update rhcos release browser url #24
Bug 2090022: Get rid of lookaside cache in OCP build #17
Revert .ci-operator.yaml #18
Updating ose-machine-os-images images to be consistent with ART #9
Bug 2077305: Remove destination coreos if it exists #14
Full changelog

multus-admission-controller

OCPBUGS-343: Configure ignored namespaces into multus-admission-controller #55
Full changelog

multus-cni

OCPBUGS-11590: suppress uid mismatch error/warning in case of static pod #150
OCPBUGS-8672: SNO: Pods fail to delete, Multus: failed to open netns [backport 4.10] #147
Bug 2071800: Remove error handling for getPod to force to proceed cmdDel [backport 4.10] #132
OCPBUGS-2448: Fix missing device-info in networks-status annotation for chained plugins #137
Bug 2084289: Bumps net-attach-def client library (for CNI v1.0 IP compatibility) [backport 4.10] #128
Updating multus-cni images to be consistent with ART #110
Full changelog

multus-networkpolicy

Updating multus-networkpolicy images to be consistent with ART #14
Full changelog

multus-whereabouts-ipam-cni

OCPBUGS-13242: Added trailing 0 to ipv6 ranges that end in “:” [Backport 4.10] #133
OCPBUGS-3943: Excluded ranges bug (#282) #105
OCPBUGS-1659: ip-reconciler: Add all non default interfaces to Pod IP list #98
Bug 2065488: Sync upstream for context improvements for reconciler [backport 4.10] #88
Full changelog

must-gather

Bug 2106842: Add timeout to oc cp command to fix must-gather delays when routers are terminating #323
Bug 2059777: Fix the namespace extract filter #288
Bug 2106559: fix gather_insights collection #322
Bug 2084591: Add networking resources #307
Bug 2069554: Collect NMState resources when operator is installed #294
Full changelog

network-interface-bond-cni

Bug 2116642: Backport “mac duplicates” #42
Bug 2101841: Backport Fix incorrect bond name issue #36
Bug 2084289: Backport IPAM fixes [4.10] #34
Full changelog

network-metrics-daemon

Updating ose-network-metrics-daemon images to be consistent with ART (#40) #40
Fix field selector (#50) #50
Added METRIC_TEST_IMAGE var (#47) #47
Full changelog

oauth-apiserver

OCPBUGS-2553: bump kube to 1.23.12 to fix group sync #85
Bug 2094022: Update 4.10 to 1.23 #79
Full changelog

oc-mirror

Bug 2075051: [release-4.10] fix: adds handling for channel with different prefixes in cincinnati.go (#413) #413
build(deps): bump operator-registry dep to v1.21.1 (#390) #390
Bug 2064901: fix(associations): modifies association return values to allows image… (#359) #359
Bug 2065500: resolves multiple channel heads in merged catalogs (#372) #372
chore: adds dynamic version info for version command with ldflags (#328) (#334) #328
Full changelog

openshift-apiserver

OCPBUGS-4341: fix printer panic #337
OCPBUGS-4604: [release-4.10] bump to kube 1.23.12 #323
Add coreydaley as reviewer/approver for pkg/build #298
Full changelog

openshift-state-metrics

Updating openshift-state-metrics images to be consistent with ART #80
Bug 2052804: adding new build comments required for go 1.17 #83
Full changelog

openstack-cinder-csi-driver-operator

Bug OCPBUGS-4717: Add SecretHashAnnotation to node service #104
Bug 2091649: SWEET32: Improve TLS configuration for Kube RBAC Proxy #89
Full changelog

openstack-machine-controllers

OCPBUGS-6596: Address CVE-2022-41717 #251
OCPBUGS-2628: Ensure network defs without subnet follow noAllowedAddressPairs #249
OCPBUGS-1951: Apply noAllowedAddressPairs on intended subnets only #245
Bug 1921656: Remove dependence on annotation to allow Server deletion #240
Bug 2077380: Fix InstanceCreate port & trunk cleanup #233
Bug 2071538: Address CVE-2022-21698 #226
Bug 2050064: Ensure subnets belong to the queried network #219
Full changelog

operator-lifecycle-manager, operator-registry

OCPBUGS-17779: fix dynamic conversion webhook #546
Introduce DOWNSTREAM_OWNERS file #543
OCPBUGS-7904: Cleanup conversion webhooks when an operator is uninstalled #458
Allow cpb to be statically compiled / exempt from FIPS compliance #514
OCPBUGS-6498: Order an operator CR’s status.Component.Refs array (#2880) #432
OCPBUGS-1525: Package Server Manager should enforce expected csv values #387
OCPBUGS-5294: backport cert rotation fix #428
OCPBUGS-4799: Fix label key truncation for subscription annotations (#2731) #421
OCPBUGS-4128: concurrent write bug fix #415
OCPBUGS-2898: [release-4.10] fix(openshift): use env var instead of clusterversion status (#2817) #389
OCPBUGS-1323: Add autoscaling eviction annotation to catalog pods to enable proper draining of nodes #392
OCPBUGS-1087: Stop corrupting resolver cache. #385
Bug 2115874: fix(grpc): Add startupProbe to check for grpc health readiness (#2791) #348
Bug 2118261: Update containerd version #357
Bug 2106838: remove broken thread-safety (#2697) #340
Bug 2101802: opm bug fix #327
Bug 2095329: [release-4.10] Bump go to v1.17 (#922) #310
Bug 2080609: Fix GRPC CheckRegistryServer function (#2756) #298
Bug 2071941: Replace collect-profile jobs that haven’t completed #277
Bug 2070131: Fix a bug in deletion of webhook service for replacement #272
Full changelog

ovirt-csi-driver

OCPBUGS-761: CSI provisioned disks are preallocated #117
OCPBUGS-620: Upgrade go-ovirt-client to 1.0.0 #116
Full changelog

ovirt-csi-driver-operator

Bug 2050118: Add custom CA bundle support #84
Bug 2070525: Recreate oVirt connection for every sync #94
Full changelog

ovn-kubernetes

OCPBUGS-17165: ovnkube-master pod failed to reconnect to ovn db due to ssl expire #1794
OCPBUGS-16206: Fix stale SNAT entries for completed pods #1758
Bug OCPBUGS-12792: [release-4.10] Delete equivalent ACLs when searching by predicate. #1670
OCPBUGS-11453: [release-4.10] Batch potentially big transaction on egress firewall ACLs migration #1641
OCPBUGS-11557: Fix leak in service controller cache #1634
OCPBUGS-11423: [release-4.10] Handle Completed pods deletion #1628
OCPBUGS-4762: [4.10] Dockerfile: bump to OVS 2.17.0-62 #1440
Updating ose-ovn-kubernetes images to be consistent with ART #1615
OCPBUGS-8513: Don’t recreate clusterPGs and clusterRtrPGs unless needed #1562
OCPBUGS-7021, OCPBUGS-7990: Delete stale egress ip snat entries by node #1542
OCPBUGS-6641: Drop in-cluster traffic towards svcCIDR at wrong port #1492
OCPBUGS-3656: Fixes dualstack clusterIPs for network policy svc handler #1378
OCPBUGS-7012: [release-4.10] Fix Egress FW ACL rules in dualstack mode #1508
OCPBUGS-2013: Validate node subnet annotations against cluster networks #1332
Bug 2092895: update all egress ACLs’ direction to “from-lport” #1148
OCPBUGS-6814: [release-4.10] Ensure loadbalancer cleanup doesn’t fail #1499
OCPBUGS-4882: append instead of overwrite logicalSwitch other-config #1450
OCPBUGS-3615: [4.10] CARRY: client: don’t construct transaction log string when it’s not needed #1375
OCPBUGS-5929: [release-4.10] Fix egress firewall to allow inbound connections in both gw modes #1482
OCPBUGS-5990: egressip: fix test data race accessing podAssignment cache #1480
OCPBUGS-5077: [release-4.10] Fix load balancer health check locking and update #1463
OCPBUGS-5299: Set the node as reachable only when it is being added as an egressip node #1464
OCPBUGS-5040: [release-4.10] Fix hybrid overlay unit tests #1462
OCPBUGS-4864: [release-4.10] Fix address set cleanup: only delete address sets owned by given object #1453
OCPBUGS-4888: [release-4.10] Fixes scenario where deleted + completed pods may leak #1458
OCPBUGS-4839, OCPBUGS-4861: [release-4.10] Avoid duplicate transactions and minimize handlers with empty namespace selectors #1452
Bug 2115872: Fix unit-test failures in 4.10 #1457
OCPBUGS-1568: pods: deleteLogicalPort should not fail when node is gone #1423
OCPBUGS-3778: [release-4.10] Netpol races partial fixes #1434
OCPBUGS-4598: Bumps libovsdb to pick up fixes for optional values #1426
OCPBUGS-3858: Adjust ovs bundle timeout #1385
OCPBUGS-1568: pods: deleteLogicalPort should not fail when ls is gone #1293
Bug 2099843: Add final db check to egress IP test #1357
Bug 2105657: Fix egressIP object deletion if the node is deleted first #1228
OCPBUGS-2660: Add logging verbosity to configuring OVN logs #1326
OCPBUGS-1454: Fix NP upgrade bug: unexpectedly found multiple equivalent ACLs (arp v/s arp||nd) #1269
OCPBUGS-2746: Fixes SNAT-ing Logic for EgressIPs #1336
OCPBUGS-2208: getDefaultGatewayInterfaceByFamily: custom filter for MultiHop #1303
OCPBUGS-2464: Fix the golang image used for unit-tests #1299
OCPBUGS-1024: Dockerfile: bump to 2.16.0-89.3.el8fdp #1271
Bug 2111552: Remove conntrack entries after rules #1219
OCPBUGS-660: [release-4.10] pods: deleteLogicalPort should not fail when port is already gone #1257
Bug 2113861: reconcile-node-lbs #1227
OCPBUGS-174: [release-4.10] Fix race when adding and removing pod with same name #1250
Bug 2070392: Fix egress IP reassignment on cloud #1203
Bug 2111588: [release-4.10] export OVS metrics #1215
Bug 2109442: Fix GetPodsBySelector/GetNamespacesBySelector so MatchExpressions is respected #1195
Bug 2104454: improve performance of service sync #1173
Bug 2105653: egressIP: node retrieval failure is not respected, causes panic #1185
Bug 2105275: Fix egressips for pods recreated with same name #1179
Bug 2107903: Append the SNAT rule in management chain #1201
Bug 2105265: EGW: Clean Stale Conntrack Entries #1191
Bug 2099680: [release-4.10] libovsdb fixes for empty values #1164
Bug 2105276: Fix panics in DestroyNetworkPolicy if policy is nil #1182
Bug 2099206: Update logging for specific policy when creating it #1149
Bug 2099822: Fix pointer loop var #1153
Bug 2091157: [release-4.10] Free IPs and delete resources for completed pods #1152
Bug 2092501: Fixes finding default gateway for configured GW interface #1131
Bug 2095193: duplicated IPs can be assigned to multiple Pods #1132
Bug 2088582: Bumps OVN to 21.12.0-58.el8fdp #1101
Bug 2086891: policy: Fix multicast allow policy type. #1093
Bug 2088040: Delete ChassisPrivate along with Chassis #1099
Bug 2077129: [release-4.10] Fixes secondary bridge #1044
Bug 2088627: EgressIP NATs are not being cleared correctly from the logical router #1098
Bug 2087203: enable exportloopref linter and fix violations #1095
Bug 2082467: Fix cluster/status parsing for single-member db cluster (SNO) #1082
Bug 2083116: delete SNAT2NIP if pod.node == egressNodeServingPod #1084
Bug 2080069: Cleanup conntrack entries when services are deleted #1061
Bug 2080895: Ensure stale information is not present in metrics with labels when they change #1070
Bug 2080882: Fix incorrectly logged error when searching for ovnkube master pod #1069
Bug 2080925: Don’t spawn go routines for adding metric events #1071
Bug 2079546: [release-4.10] call clearInitialNodeNetworkUnavailableCondition for noHostSubnet nodes #1057
Bug 2065780: [release-4.10][backport] Fix cleaning VF representor ports #1001
Bug 2073411: Fix ETP=local for host->svc traffic #1063
Bug 2073137: Fix lgw flows for ingress-svc traffic #1026
Bug 2074839: [release-4.10] fix ipv6 network policy #1043
Bug 2052017: Retry Pod Deletions on Failure #1025
Bug 2059354: [4.10z] After reboot egress node, lr-policy-list was not correct #994
Bug 2061804: [4.10] Fixes “ErrorAddingLogicalPort: duplicate IP found in ECMP Pod route cache!” for same pod #990
Bug 2063834: backport 2052975 to 4.10 #995
Bug 2057723: Multiple fixes around Network Policies #971
Full changelog

prometheus

OCPBUGS-3078: Backkport OCPBUGS-1718 to release 4.10 #146
Full changelog

prometheus-config-reloader, prometheus-operator

OCPBUGS-7795: Fixes ThanoRuler StatefulSet re-creation bug #219
Bug 2108976: pkg/prometheus: fix curl exec probe #196
Bug 2060718: Add relabel validations #161
Full changelog

telemeter

OCPBUGS-6575: update prometheus/client_golang version #446
Full changelog

tests

OCPBUGS-15178: Move from registry.centos.org to quay.io #27988
CCO-367: Allow CCO to be Upgradeable=False when credentialsMode=Manual #27962
OCPBUGS-11874: Add Kuryr exception to “pods should successfully create sandboxes” test #27878
OCPBUGS-11560, OCPBUGS-11629: flake Pods Extended Pod Container lifecycle evicted pods #27872
OCPBUGS-10244: Bump(openshift/kubernetes): to get fix for resizing flake #27800
OCPBUGS-4578: Bond test 4.10 backport #27593
OCPBUGS-2614: Fix s2i ruby test that relys on rack #27479
disruption checking is disabled for prior releases because we lack a good baseline #27472
OCPBUGS-1454: Fixes OVN ACL audit log parsing #27429
Bug 2117301: Skip ErrImagePull for expected failures #27352
Bug 2115862: Skip internet connection test if we use a proxy #27344
Bug 2065028: rearrange test cases #26915
OCPBUGS-374: test: allow -f to match tests for any test suite #27366
Bug 2080198: skip tests for etcd leaders when etcd revisions change a lot #27076
Bug 2080759: Remove BlueOcean annotation check #27065
Bug 2077995: Best matcher single node OVN #27048
Bug 2059845: [test]: bump upper bounds for AWS single node and GCP #27055
Bug 2077414: MGMT-9440: Fix single node serial tests API crash #27037
Bug 2074714: synthetictests: skip “alert/Watchdog must have no gaps or changes” on SNO upgrades #27011
Bug 2074448: exclude loki-promtail from duplicated events #27010
Bug 2077516: don’t fail when a query returns warnings #27039
Bug 2059845: operators should not create watch channels very often: bump OpenStack monitoring operator #26879
Bug 2076265: [release-4.10] test: switch to testing CapBnd over CapInh #27021
Bug 2060592: only add failure when no event was found for the target revision #26881
Bug 2055381: cleanup network policy ACL extended test #26946
Bug 2059717: IBMCloud: Ignore CRB already exists #26869
Bug 2061554: Add debug info for signature test #26889
Bug 2060862: [release-4.10] Increase cluster-monitor-operator watch count threshold on single-node clusters #26872
Full changelog

thanos

OCPBUGS-2037: Bump 4.10 to 0.23.2 #92
Full changelog

vsphere-cloud-controller-manager

Bug 2106666: Return error when VM’s info returned from VC doesn’t contain IP address #29
OCPBUGS-2065: fix .dockerignore to satisfy OCP specific requirements #27
Full changelog

vsphere-csi-driver-operator

OCPBUGS-5895: Fix vendored ini package #137
OCPBUGS-5895: Backport multi dc support 410 #133
OCPBUGS-5507: Fix sc creation if it is deleted #128
OCPBUGS-3288: set TLS cipher suites in Kube RBAC sidecars #120
OCPBUGS-2282: Add HTTP proxy to syncer container #114
OCPBUGS-376: storageclass should not be created for unsupported vsphere version #105
Bug 2108003: 4.10: Don’t block upgrades when another CSI driver is found #99
Bug 2095824: Report max. nr. of attachable volumes per node #91
Full changelog

vsphere-problem-detector

Bug 2055895: change NodePerfCheck criteria to be based on average latency #76
Bug 2059255: Fix stale metrics by resetting them #80
Full changelog

View changelog in Markdown or change previous release:

Source code for this page located on github