RHBA-2020:2215: OpenShift Container Platform 3.11 bug fix and enhancement update

First published: Thu May 28 2020(Updated: )

Red Hat OpenShift Container Platform is Red Hat's cloud computing<br>Kubernetes application platform solution designed for on-premise or private<br>cloud deployments.<br>This advisory contains the RPM packages for Red Hat OpenShift Container<br>Platform 3.11.219. See the following advisory for the container images for<br>this release:<br><a href="https://access.redhat.com/errata/RHBA-2020:2216" target="_blank">https://access.redhat.com/errata/RHBA-2020:2216</a> This release fixes the following bugs among others:<br><li> Previously, DNS names were queried every time they occurred in an</li> EgressNetworkPolicy. Records were queried regardless of whether a particular DNS<br>record had been refreshed by a previous query, resulting in slow network<br>performance. DNS records are now queried based on unique names rather than per<br>each EgressNetworkPolicy. As a result, DNS query performance has been<br>significantly improved. (BZ#1772594)<br><li> Previously, the PKI directory was not properly mounted to the sync Pod. This</li> caused the `openshift-ca.crt` to be inaccessible, and as a result, was<br>recreated. The missing mounts and volumes have been added to the sync Pod, so<br>the `openshift-ca.crt` is available and is not incorrectly recreated. (BZ#1808068)<br><li> The Google Cloud Storage (GCS) driver was not reporting all errors due to a</li> variable shadowing issue. This issue has been resolved, allowing all errors to<br>be reported by the registry. (BZ#1814722)<br><li> The image registry was using repository names in metrics labels. This caused</li> Prometheus to have problems with reporting many metrics. This bug fix removes<br>repository names from labels, resulting in less generated metrics and better<br>performance. (BZ#1827744)<br><li> The variable `openshift_certificate_expiry_warning_days` was hard-coded in an</li> area of {product-title}'s underlying code calling the<br>`openshift_certificate_expiry` role during upgrades. This prevented the<br>`openshift_certificate_expiry_warning_days` variable from being overridden in<br>the inventory. This bug fix replaces the hard-coded value with a task to set a<br>value of six months if the variable has not been defined by the user. (BZ#1829492)<br><li> When redeploying certificates, the certificate expiry check provided little</li> value because the expectation was that the certificates would be replaced.<br>Additionally, there were situations where certificates were invalid and<br>redeployment was blocked by the check. This bug fix removes the checks, allowing<br>certificate redeployment to proceed without requiring additional inventory<br>variables to override expiry days or invalid/missing certificates. (BZ#1832379)<br>All OpenShift Container Platform 3.11 users are advised to upgrade to these<br>updated packages and images.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHBA-2020:2215
• agent/title
• agent/severity
• agent/references
• agent/tags
• agent/type
• agent/description
• agent/event
• agent/first-publish-date
• agent/softwarecombine
• agent/last-modified-date
• agent/remedy
• package-manager/redhat