OCP 4.6 Release Notes Tracker

[codyhoag]

Please leave comments here for anything that should be highlighted in the 4.6 release notes. Thank you!

Rendered draft of 4.6 release notes: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html

[codyhoag]

The deprecated /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt file will be removed in 4.6. Originally reported in https://github.com/openshift/openshift-docs/issues/18426#issuecomment-574239835. Drafted in #22349.

[sjstout]

If https://bugzilla.redhat.com/show_bug.cgi?id=1848695 is deferred to 4.7, we may need to add something to the RNs as a Known Issue. I've asked Eng to update the doc text in the BZ if a note is needed. Thanks!

[soltysh]

Kubernetes 1.19 added warnings in deprecated APIs which are now surfaced in client-go and oc/kubectl on every invocation against deprecated API, see https://github.com/kubernetes/kubernetes/pull/73032 for more details. Example looks like this:

warnings.go:67] batch/v1beta1 CronJob is deprecated in v1.22+, unavailable in v1.25+

[vikram-redhat]

Known issue for BM installs - https://bugzilla.redhat.com/show_bug.cgi?id=1880104

[miabbott]

OpenShift Container Platform 4.6 is supported on Red Hat Enterprise Linux 7.7 or later, as well as Red Hat Enterprise Linux CoreOS (RHCOS) 4.5.

That should state Red Hat Enterprise Linux CoreOS (RHCOS) 4.6

[shellyyang1989]

Known issue for GCP destroy: https://bugzilla.redhat.com/show_bug.cgi?id=1801968. To workaround this issue, use infra-id as machine prefix. If users are facing it, they can manually delete the firewall rules in gcp web console.

[anpingli]

@mburke5678 Shall we add some notes about LogFoward in release notes?

[rbo]

We added with BZ 1785122 [1] static IP configuration for vSphere & OVA.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1785122

[zhaozhanqi]

hi, SDN component changed in 4.6 version:

1. Sriov suport IB. see https://issues.redhat.com/browse/SDN-896
2. OVS from container switch to system ovs , see https://issues.redhat.com/browse/SDN-655
3. OVN GA and some new feature added from 4.6 including (egressip , egressfirewall) https://issues.redhat.com/browse/SDN-911 https://issues.redhat.com/browse/SDN-682

[kasturinarra]

Hi, In section "About this Release" the document says This release uses Kubernetes 1.18 , but 4.6 uses Kubernetes 1.19. Can we update this ? Thanks !!

[miabbott]

The RHCOS team has some suggestions that can be added as a new section under "New features and enhancements"

# New features and enhancements

## Red Hat Enterprise Linux CoreOS (RHCOS)

### Live ISO

It is now possible to boot an RHCOS "live ISO" into a live environment where you can run `coreos-installer`. This allows you to perform pre-install tasks like hardware discovery and complex network configuration.  Additionally, you can create your own custom live ISO with embedded Ignition configs and installation customizations for an automated RHCOS install experience. The live ISO is capable of performing installs completely offline. This replaces the previous installer ISO, though the same kernel arguments are supported.

### coreos-installer

`coreos-installer` has been rewritten from the ground up. It now supports more features, such as the ability to modify the kernel arguments of the installed system, fetching Ignition configs, and saving previously existing partitions.

### Ignition Spec v3

RHCOS has switched to using Ignition spec v3 as the only supported spec version of Ignition. This lays the foundation for supporting more complex disk configurations in the future. The change should be mostly transparent for installer-provisioned infrastructure users.  For user-provisioned infrastructure installs, you will need to adapt any custom Ignition configuration to use Ignition spec 3.  `openshift-install` now generates spec 3.

If you are creating Machine Configs for day 1 or day 2 operations that use Ignition snippets, they should be created using Ignition spec v3.

### Extension System 

RHCOS and Machine Config Operator now support the idea of "extensions" to the default RHCOS install.  The extensions mechanism allows you to install additional packages on RHCOS for particular needs.  The currently supported extensions are `kernel-devel`, and `usbguard`.

### Support for 4K Disks

RHCOS now has support for installing to disks that use 4K sector sizes.

### Support for /var partitions

RHCOS now supports `/var` being a separate partition, as well as any other subdirectory of `/var`.

[jianzhangbjz]

Hi, for the Deprecated and removed features part, the OperatorSources are removed from 4.6. As for the Operator Framework’s Package Manifest Format and v1beta1 CRDs, I guess they are deprecated. @ecordell @kevinrizza correct me if I'm wrong, thanks!

[yapei]

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-web-console-warning-messages-when-editing-managed-resources

An Operator developer can now specify a custom message to appear using an annotation, guiding the user on what resource the user should edit.

As far as I know I don't think we have this feature was implemented in 4.6, it would be good to confirm again with Devs

[sjstout]

Hi All, Mohan Shesh in the interoperability team asked that we include this issue in the Known Issues section:https://bugzilla.redhat.com/show_bug.cgi?id=1868104

[quarterpin]

There are the following features that have been introduced in the ingresscontroller and the network route/ingress resources with v4.6 which imo, should be mentioned in the release docs under the Networking section:

Ingresscontroller

• Haproxy version bumped to 2.0.16.
• Newly introduced httpCaptureHeaders and httpCaptureCookies parameters can be used to configure the haproxy router to capture and log HTTP request, response, and cookies header details along with custom header logging options with uniqueId parameters which works in conjunction to the logging feature.
• Control over X-Forwarded headers is now possible with forwardedHeaderPolicy option.

Route

• X-forwarded headers can now configure and applied on a per-route basis with the introduction of haproxy.router.openshift.io/set-forwarded-headers route annotations
• Support to modify route path for the incoming request is possible with haproxy.router.openshift.io/rewrite-target= annotations

Ingress resource

• Termination policies are now possible to be defined via route.openshift.io/termination annotation for the ingress objects.

[lihongan]

And the 4.6 feature "Enable use of NLB in AWS for app IngressController" should be added to Networking section as well. For details please refer to https://issues.redhat.com/browse/NE-138 and https://issues.redhat.com/browse/OSDOCS-1346

[huiran0826]

Known issue for OVN EgressIP https://bugzilla.redhat.com/show_bug.cgi?id=1877273

[yselkowitz]

There is a mention of Kubernetes 1.18 with a link to it's release notes, that should be 1.19.

@crawford should the RHEL 8 migration be mentioned here, and how?

The builder imagestreams have a new naming scheme which allow for a choice of both component and underlying RHEL/UBI versions, with RHEL/UBI 8 imagestreams are made available by default for the first time, and are used by default in templates. All mongodb based samples have been replaced, deprecated, or removed.

The default Jenkins Node.js agent has been upgraded to Node.js 12.

[sunzhaohua2]

The Cloud team has some new features should be mentioned under "New features and enhancements"

• Azure MachineSets support spot instances, please refer to https://issues.redhat.com/browse/OCPCLOUD-850
• GCP MachineSets support spot instances, please refer to https://issues.redhat.com/browse/OCPCLOUD-849
• AWS Machine API Support of more than one block device, please refer to https://issues.redhat.com/browse/OCPCLOUD-817
• Get validation/defaulting for providerSpec APIs, please refer to https://issues.redhat.com/browse/OCPCLOUD-869

One known issue: https://bugzilla.redhat.com/show_bug.cgi?id=1856270 https://github.com/openshift/installer/blob/master/docs/user/openstack/known-issues.md#deleting-machine-when-instance-stuck-in-provisioning-state

[wangke19]

From we need add customize audit config https://issues.redhat.com/browse/MSTR-990 to OCP 4.6 Release Notes, this is new in this release.

[anuragthehatter]

hi, SDN component changed in 4.6 version:

1. Sriov suport IB. see https://issues.redhat.com/browse/SDN-896
2. OVS from container switch to system ovs , see https://issues.redhat.com/browse/SDN-655
3. OVN GA and some new feature added from 4.6 including (egressip , egressfirewall) https://issues.redhat.com/browse/SDN-911 https://issues.redhat.com/browse/SDN-682

Few points about Local gateway to shared Gateway in OVN would be nice as well https://issues.redhat.com/browse/SDN-1030

[jboxman]

@anuragthehatter, I included an entry for OVS and OVN GA; I'm going to merge a PR for SR-IOV as well.

I don't have anything for shared gateway OVN yet; I didn't realize that was worth a mention.

[xiaojiey]

There is no doc for two new operators: Compliance operator(https://issues.redhat.com/browse/CMP-3) and File integrity operator(https://issues.redhat.com/browse/CMP-1)

[codyhoag]

RHV is not a supported platform for upgrade/install on 4.6. Temporary BZ: BZ#1862586. Another may come later.

Due to a known issue, if you're running RHV version 4.3 and have already installed OCP versions 4.4 or 4.5 on RHV, do not upgrade to OCP version 4.6. Red Hat has not tested this upgrade yet and, therefore, does not support it.

[crawford]

We need to announce the deprecation of bring-your-own RHEL 7 workers in these release notes. OpenShift 4.9 will be dropping support for them entirely.

[rbo]

We need to announce the deprecation of bring-your-own RHEL 7 workers in these release notes. OpenShift 4.9 will be dropping support for them entirely.

Do you have any RH Ticket/Issue for that? (Internal is fine for me rbohne@redhat.com)

[crawford]

@rbo I'm not aware of any, but I haven't looked either. This is coming from our product director though, and is documented here: https://docs.google.com/document/d/1-dwxz_IT97vR4RGsBFDBoc1aGfIAbeMgHu71a1OxNKY.

[crawford]

As @yselkowitz pointed out above, we have migrated the version of the universal base image used by all of the images running within the cluster. We are now using UBI 8 across the board. We don't anticipate any issues, but if customers or layered products are using our images as their base, they might notice (e.g. Python 2 vs 3).

[ahardin-rh]

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-web-console-warning-messages-when-editing-managed-resources

An Operator developer can now specify a custom message to appear using an annotation, guiding the user on what resource the user should edit.

As far as I know I don't think we have this feature was implemented in 4.6, it would be good to confirm again with Devs

@yapei Thanks for bringing this to our attention! I confirmed with the dev team that the annotation didn't make it into 4.6. The updates are addressed in https://github.com/openshift/openshift-docs/pull/26001. Thank you!

[codyhoag]

Document that CNs are deprecated when signing x.509 certificates: https://golang.google.cn/doc/go1.15#commonname. SANs should be used instead. https://bugzilla.redhat.com/show_bug.cgi?id=1882191

More info here: https://bugzilla.redhat.com/show_bug.cgi?id=1886892

[sheriff-rh]

@ahardin-rh and myself will be adding Compliance Operator and File Integrity Operator topics under the Security (and compliance) heading. Relevant PRs #26192 // #25740

[yuhui-12]

In the doc https://docs.openshift.com/container-platform/4.6/operators/operator_sdk/osdk-helm.html, the section, Installing the Operator SDK CLI, can put a link, no need to write such detailed procedure since the point is how to create helm operator, not operator-sdk.

[adellape]

In the doc docs.openshift.com/container-platform/4.6/operators/operator_sdk/osdk-helm.html, the section, Installing the Operator SDK CLI, can put a link, no need to write such detailed procedure since the point is how to create helm operator, not operator-sdk.

@yuhui-12 Thank you. This will be addressed in a planned revamp of the OSDK docs for OSDK v1 targeting OCP 4.7.

cc @tlwu2013 per recent discussion.

[dmage]

@bmcelvee should we mention that the image pruner tolerates invalid image references by default on fresh installations?

[bmcelvee]

@bmcelvee should we mention that the image pruner tolerates invalid image references by default on fresh installations?

Thanks, @dmage! I'll add this with the IR release notes.

[adambkaplan]

@bmcelvee we need an item for the Samples operator - if samples do not import, OpenShift will fire an alert instead of going Degraded [1]

[1] https://issues.redhat.com/browse/BUILD-92

[adambkaplan]

@bmcelvee Builds will now support git clones behind an HTTPS proxy [1]. Note that this is still under QE review, but engineering at this point cannot reproduce the BZ.

[1] https://issues.redhat.com/browse/BUILD-68

[bmcelvee]

@bmcelvee we need an item for the Samples operator - if samples do not import, OpenShift will fire an alert instead of going Degraded [1]

[1] https://issues.redhat.com/browse/BUILD-92

@bmcelvee Builds will now support git clones behind an HTTPS proxy [1]. Note that this is still under QE review, but engineering at this point cannot reproduce the BZ.

[1] https://issues.redhat.com/browse/BUILD-68

Thanks, @adambkaplan! I'll add these.

[yuvalk]

I believe the dropping of NET_RAW capability worth mentioning https://bugzilla.redhat.com/show_bug.cgi?id=1874671 incl. explanation of the difference between upgrade and new installation

[johnwilkins]

Telco docs has a spreadsheet for CNF and KNIDEPLOY release notes. Please update them as needed. https://docs.google.com/spreadsheets/d/1M27ZtL5GC5Wlf47SOaNrCGoiVzEQJaaiDVkbG2ZqHYI/edit#gid=484306265

[rbbratta]

hi, SDN component changed in 4.6 version:

1. Sriov suport IB. see https://issues.redhat.com/browse/SDN-896
2. OVS from container switch to system ovs , see https://issues.redhat.com/browse/SDN-655

host OVS is used for OpenShiftSDN as well as OVN. The section

OVN-Kubernetes default CNI network provider now uses OVS installed on cluster nodes

should also indicate the change is for OpenShiftSDN.

It looks like there wasn't a specific Jira for switching OpenShiftSDN, we just changed OVN and OpenShiftSDN to host OVS at the same time.

Under Table 2. Technology Preview tracker we should also indicate that "OVN-Kubernetes Pod network provider" is GA.

[rbbratta]

We should probably remove the "default" adjective after OVN-Kubernetes since a few lines after we indicate that OpenShiftSDN is still the default

OVN-Kubernetes default Pod network provider GA

...

For this release, OpenShift SDN remains the default Pod network provider.

[jianzhangbjz]

For the ocp-4-6-technology-preview, the opm should be GA for 4.6. Like below: Feature	OCP 4.4	OCP 4.5	OCP 4.6
opm(Operator Package Manage)	DP	DP	GA

@kevinrizza @ecordell Correct me if I'm wrong, thanks!

[xiuwang]

@bmcelvee We have a feature for build - Improve metrics collected from openshift-state-metrics https://issues.redhat.com/browse/BUILD-105

[xiuwang]

@bmcelvee Need add new features for image registry -Allow to change pruner's loglevel - https://issues.redhat.com/browse/IR-139 -Support Azure Government in Image Registry - https://issues.redhat.com/browse/IR-91 -Add metrics and deprecation notice for Registry v1 API - https://issues.redhat.com/browse/IR-99

[kasturinarra]

@codyhoag Descheduler should be TP for 4.6 , can some please help add that, currently nothing added there !! @damemi FYI, also please correct me if i am wrong !!

[kasturinarra]

@soltysh should we add about audit-logs not being collected by default and user will have to run --audit-logs option for collecting the same in Release Notes here ?

[damemi]

@codyhoag Descheduler should be TP for 4.6 , can some please help add that, currently nothing added there !! @damemi FYI, also please correct me if i am wrong !!

The descheduler is already in tech preview before 4.6, so do we need to add a note for that?

[kasturinarra]

@codyhoag Descheduler should be TP for 4.6 , can some please help add that, currently nothing added there !! @damemi FYI, also please correct me if i am wrong !!

The descheduler is already in tech preview before 4.6, so do we need to add a note for that?

No need to add a note, but there is a table which talks about which are GA & TP, for descheduler nothing is added as of today under OCP 4.6, so was asking for addition. https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-technology-preview

[codyhoag]

@codyhoag Descheduler should be TP for 4.6 , can some please help add that, currently nothing added there !!

Thanks @kasturinarra. Will update the table with that today!