RHBA-2020:2215: OpenShift Container Platform 3.11 bug fix and enhancement update
Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or privatecloud deployments.This advisory contains the RPM packages for Red Hat OpenShift ContainerPlatform 3.11.219. See the following advisory for the container images forthis release:https://access.redhat.com/errata/RHBA-2020:2216 This release fixes the following bugs among others: Previously, DNS names were queried every time they occurred in an EgressNetworkPolicy. Records were queried regardless of whether a particular DNSrecord had been refreshed by a previous query, resulting in slow networkperformance. DNS records are now queried based on unique names rather than pereach EgressNetworkPolicy. As a result, DNS query performance has beensignificantly improved. (BZ#1772594) Previously, the PKI directory was not properly mounted to the sync Pod. This caused the openshift-ca.crt to be inaccessible, and as a result, wasrecreated. The missing mounts and volumes have been added to the sync Pod, sothe openshift-ca.crt is available and is not incorrectly recreated. (BZ#1808068) The Google Cloud Storage (GCS) driver was not reporting all errors due to a variable shadowing issue. This issue has been resolved, allowing all errors tobe reported by the registry. (BZ#1814722) The image registry was using repository names in metrics labels. This caused Prometheus to have problems with reporting many metrics. This bug fix removesrepository names from labels, resulting in less generated metrics and betterperformance. (BZ#1827744) The variable openshiftcertificateexpirywarningdays was hard-coded in an area of {product-title}'s underlying code calling theopenshiftcertificateexpiry role during upgrades. This prevented theopenshiftcertificateexpirywarningdays variable from being overridden inthe inventory. This bug fix replaces the hard-coded value with a task to set avalue of six months if the variable has not been defined by the user. (BZ#1829492) When redeploying certificates, the certificate expiry check provided little value because the expectation was that the certificates would be replaced.Additionally, there were situations where certificates were invalid andredeployment was blocked by the check. This bug fix removes the checks, allowingcertificate redeployment to proceed without requiring additional inventoryvariables to override expiry days or invalid/missing certificates. (BZ#1832379)All OpenShift Container Platform 3.11 users are advised to upgrade to theseupdated packages and images.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHBA-2020:2215?
The severity of RHBA-2020:2215 is categorized as 'Important' due to its impact on Red Hat OpenShift Container Platform security and performance.
How do I fix RHBA-2020:2215?
To fix RHBA-2020:2215, update all affected RPM packages to version 3.11.219-1 or later as specified in the advisory.
Which systems are affected by RHBA-2020:2215?
RHBA-2020:2215 affects Red Hat OpenShift Container Platform version 3.11.219 specifically for certain packages mentioned in the advisory.
Are there any workarounds for RHBA-2020:2215?
Currently, there are no known workarounds for RHBA-2020:2215; applying the update is the recommended action.
What packages need to be updated for RHBA-2020:2215?
The packages that need updating under RHBA-2020:2215 include atomic-openshift, atomic-openshift-clients, and several others, as listed in the advisory.