Skip to content

v1.4.0-alpha.1

Pre-release
Pre-release
Compare
Choose a tag to compare
@smarterclayton smarterclayton released this 04 Nov 04:48
· 21906 commits to master since this release
v1.4.0-alpha.1
f189ede

This is the final alpha for Origin 1.4.

Backwards Compatibility

Features

Release roadmap
v1.4.0-alpha.1 (2016-11-03)
Full Changelog

API Changes and backwards compatibility notes

  • PATCH is allowed in CORS requests #11700
  • Authorization checks like SubjectAccessReview may now be performed on non-existent namespaces #11321
  • Webhooks that are in error now return a JSON status body with their response with extended information about the failure #11077
  • The permissions required to proxy a node have changed #11228
  • Deployment behavior with automatic=false has changed in 1.4 #11223
  • Remove updatePercent from deployments #11090
  • The CLI has removed support for passing comma-separated template parameters through --param/--value - the flag must be specified multiple times to pass multiple parameters #11539

Upstream

Update Kubernetes to v1.4.0 + patches

  • 1.4.x Cherry picks #11709
  • 35285: Remove stale volumes if endpoint/svc creation fails. #11722
  • 35082: Wait for all pods to be running before checking PDB status #11714
  • 33014: Report the image digest in pod status when available #11674
  • 34434: Print valid json/yaml output in kubectl set image #11664
  • 34298: Fix potential panic in namespace controller #11632
  • 30836: Fix dynamic provisioning for vSphere #11598
  • 35608: Update PodAntiAffinity to ignore calls to subresources #11578
  • 34997: Fix kube vsphere.kerneltime #11574
  • 35420: Remove Job also from .status.active for Replace strategy #11523
  • 32593: Audit test fails to take into account timezone #11505
  • 31607: Add kubectl describe storageclass #11481
  • 30145: Add PVC storage to Limit Range #11396
  • 32084: Do not allow creation of GCE PDs in unmanaged zones #11369
  • 32077: Do not report warning event when an unknown provisioner is requested #11368
  • 32662: Change the default volume type of GlusterFS provisioner #11367
  • 35206: Update default run func for cmds containing sub-commands #11362
  • 27714: Send recycle events from pod to pv. #11259
  • 34763: Log warning on invalid --output-version #11239
  • 34028: Add --dry-run option to kubectl create sub-commands #11238
  • 33958: Add global timeout flag #11104
  • 34010: Match GroupVersionKind against specific version #11286
  • 34020: Allow empty annotation values #11210
  • 33464: Fix cache expiration check #11088
  • 33319: Add nodeport option when creating NodePort service #11059

Features

  • sysctl support in runtime and via SecurityConstraintContexts #11195
  • Rules review endpoint for other users #11172
  • SCC check API: REST #11075
  • Support non-string template parameter substitution #11421
  • Enable jenkins autoprovisioning #11065
  • Fix OAuth redirect ref in Jenkins service account #11681
  • F5 should be able to integrate into the openshift-sdn directly #11181
  • Provide vxlan integration options to the router cmd line #11677
  • Fix a problem with F5 node watches #11742
  • Verify all certificates used by the router #11218
  • Change router to use a certificate list/map file for stronger validation of user certificates #11217
  • Allow wildcards to be supported in routers #11550
  • Allow compression to optionally be enabled for all routes #11469
  • Convert openshift-sdn to a CNI plugin #11082
  • network: Fix join/isolate project network under CNI #11679
  • sdn: miscellaneous fixes after the CNI merge #11613
  • network: fix single-tenant pod setup and leave docker0 around #11588
  • Make rollout and rollback more in line with upstream Kubernetes in the CLI #11655
  • oc: add -o revision in rollout latest #11357
  • oc: deprecate 'deploy --latest' in favor of 'rollout latest --again' #11287
  • Convey conditions about deployments, replication controllers, deployment configs, and replica sets on the API objects for better user comprehension of problems #11214
  • deploy: Set condition reason correctly for new RCs #11609
  • deploy: add conditions when creating replication controllers #11412
  • Add Ceph RBD and Gluster provisioners #11460
  • Support specifying StorageClass while creating volumes with oc set volume #11451
  • Add 'oc set resources' #11384
  • Admins can now default build pod annotations and node selectors #11380
  • Add option to install logging components to oc cluster up #11343
  • Add oc cluster status for helpful info about a recent cluster #11171
  • Add option to oc whoami to print the server url #11180
  • Switch nodes to enable pods-per-core as the primary constraint, and increase max pods #11174

Console Features

Managing project membership

An important feature for people that want to collaborate within the same projects, the new membership management interface lets you add and remove roles to users, groups, and service accounts within your project.

membership

Project administrators have access to view and modify the project’s membership. Membership management is the only difference between an admin and an editor in the default OpenShift roles. Cluster administrators can add a description to any role to provide extra information for end users about what that role actually allows.

Creating and Adding Secrets for Build and Deployment Configurations

Prior to 1.4 it was very difficult to set up a build against a private git repository from the web console. Previously you had to Import YAML/JSON to create your secret and then edit your build’s YAML to make it use that secret.

Now you can expand the advanced build options, create a user/password or SSH key based secret and tell the build to use that when cloning your source. Already have your secret created in that project? You can pick any of your existing ones too.

new-app-git-secrets

While we were making private git repository connections easier to set up, we figured we should improve setting up push and pull against private image registries as well. The build configuration editor lets you set up a push or pull secret in case the image you are building from or the image stream you are pushing to is on a secure registry. Similarly the new deployment configuration editor allows you to specify a pull secret.

Editor for deployment configuration strategy, hooks, and secrets

We’ve had a GUI editor for build configurations for a few releases now, but now we’ve added one for deployment configurations too. From the new editor you can:

  • Switch your deployment strategy
  • Tweak advanced deployment settings like the maximum number of pods that can be unavailable during - the deployment
  • Add, edit, or remove deployment lifecycle hooks
  • Change the image being deployed
  • Set a pull secret for the registry your image is being pulled from
  • Add, edit, or remove environment variables for the pods that will be deployed

dc-editor

Many of the existing editing actions we supported still exist as separate actions, such as editing health checks, or configuring different resource limits. If you want to make a number of changes without triggering a deployment for each change, you can now Pause your deployment, make all the changes you want, and then Resume it. Pausing will prevent any deployment from happening no matter whether it was automatically or manually triggered.

Organization of Add to Project Catalog / Customizable Categories

Our existing “Add to Project” catalog could become quite cluttered when dealing with builder images with many versions, or lots of templates with slight differences. In the past we had focused on minimizing the number of clicks to getting you to something running, but now we’ve focused on helping you find what you are actually looking for. The main catalog page now only contains high level categories “Languages” and “Technologies” and underneath those are sub-categories, such as “Java” or “Data Stores”. Diving into one of those you’ll find re-designed tiles for builder images and templates. Different versions of the same builder image now all roll-up to the same tile with the semantically latest version automatically selected. We have also taken a hard look at all of our out of the box images and templates and focused on providing better display names, descriptions, and categorization.

catalog-reorg

Don’t like our categories? Now you can customize the categories and subcategories as much as you want.

Filtering and Sorting the Project List

We have a class of users for OpenShift that manage many projects on behalf of a larger set of developers. To make things easier for people with a large number of projects, the project list now has a text filter on name, display name, description, and project creator. It also allows sorting on several of these attributes.

project-list-filter-sort

Quota Warnings

User working within quota constraints had a hard time before knowing when they had run out of quota unless they went to check the Quota page. We wanted to add some checks for the most common scenarios where we people have problems with quota. You’ll now get quota warnings:

  • On the overview - this is a generic warning if anything in your quota is at its limit
  • On the overview pod count visualizations - when we think you are unable to reach your scale target due to quota
  • If you try to create something and we know you are out of quota for that resource
  • If you try to create something and we think it will cause you to exceed quota for a resource

Bookmarkable Page States

Sometimes the little things can make all the difference. Have you been annoyed that you couldn’t send someone straight to the log tab for a pod? Now you can! Tab selection, label filters, and several other options that change page state are now persisted to the URL throughout the console. You can bookmark and share with others.

Support for new and beta Kubernetes features

Create storage using storage classes

  • If your cluster admin sets up storage classes, then they will be available for you to pick from in the “Create Storage” page.

Deployments and ReplicaSets

  • Will fit in seamlessly on the overview alongside your existing Deployment Configurations
  • Will appear on the Applications -> Deployments page
  • Support many of the actions we already supported for Deployment Configurations (excluding the new editor)

Roll-up of PetSet pods on the Overview

  • A PetSet’s pods will roll up into a single card with a pod count visualization like the other controllers
  • You’ll be able to see metrics on the overview for the pods in the petset

Bugs

  • admin: Allow oadm prune * to work against a single namespace #11249
  • admin: Make node evacuate command aware of replica set and daemon set #11284
  • audit: Switch to use upstream audit handler #11192
  • auth: Use custom transport for GitLab OAuth communication #11693
  • bootstrap: Add additional warning for oc cluster up not being able to access port 8443 #11597
  • bootstrap: Bind socat to 127.0.0.1 when using it on OS X #11139
  • bootstrap: Display warning instead of error if ports 80/443 in use #11600
  • bootstrap: Do not re-initialize a cluster that already has been initialized #11146
  • bootstrap: Lack of IPv6 should not prevent oc cluster up from starting a container #11219
  • bootstrap: Remove temporary files when creating a new cluster #11157
  • builds: Allow labels to be set when building images #11209
  • builds: Delete temporary secret data as soon as possible in builds #11116
  • builds: If the input image cannot be found, immediately fail the build #11398
  • cli: Add bash completion for pod name to oc exec #11329
  • cli: Clean up command descriptions (1/2) #11608
  • cli: Clean up command descriptions (2/2) #11684
  • cli: Ensure volumes worked correctly when used with oc apply and strategic merge patches #11062
  • cli: Improve oc start-build --follow to behave more predictably #11119
  • cli: Improve exec and attach error messages #11549
  • cli: Improve export for deployment configs #11529
  • cli: Improve oc help global options hint #11703
  • cli: Set the BASIC or SSH secret type with oc secrets new-* #11222
  • cli: Support for the --local flag in set deployment-hooks #11395
  • cli: Update short description for rollout #11657
  • cli: Validate inputs to 'oc run' for better user feedback #11635
  • cli: oadm manage-node --list-pods should return a single list of pods for scripting #11216
  • cli: oc env should be able to return a list of items post-mutation #11379
  • cli: oc login must ignore some SSL cert errors when --insecure #11145
  • cli: oc project should work against a Kubernetes server directly #11120
  • cli: fix oc whoami --show-server output #11697
  • cloud: Initialize cloud provider in node #11620
  • cloud: Make service controller startup failure non-fatal on unsupported platforms #11648
  • deploy: Correct updating lastTransitionTime in deployment conditions #11665
  • deploy: Default maxSurge/maxUnavailable separately #11678
  • deploy: Make deployment triggers more performant with lower latency by avoiding unnecessary work #11501
  • deploy: When instantiating a deployment, ensure it doesn't error if no changes occurred #11500
  • diagnostics: Test more pod to pod connectivity test combinations #11717
  • doc: Improved API docs for role bindings API #11344
  • doc: oc cluster up doc update #11624
  • extended: deployment with multiple containers using a single ICT #11221
  • extended: move deployment fixtures in separate directory #11212
  • images: Add the Jenkins v2 imagestreams to the default list #11360
  • images: Adds display name to image streams, updates PostgreSQL link #11619
  • images: Ensure multi-segment image names are properly handled on image import and tagging #11173
  • images: Improve out-of-the-box template and image stream metadata #11540
  • ipfailover: Allow the iptables chain that will accept multicast connections to be configured #11327
  • jenkins: Autoprovisioning is re-enabled #11543
  • network: Ensure that veth TX queue length is always set to non-zero to enable QoS #11126
  • network: Fix EgressNetworkPolicy match-all-IPs special case #11673
  • network: Fix creation of macvlan interfaces #11663
  • network: Release subnet leases upon hostsubnet delete #11628
  • newapp: Improve oc new-app output for better readability #11220
  • newapp: Validate non-numeric EXPOSE directive when strategy wasn't specified #11687
  • newapp: oc new-app --search should not require docker hub access #11436
  • perf: Improve reliability dockercfg secret creation by using shared caches #11394
  • perf: Use a cache of layer sizes to reduce stats calls in the registry #11558
  • perf: Use service account informer in podsecuritypolicyreview #11612
  • projects: Log project request failures #11226
  • projects: Only pay attention to origin types in project lifecycle admission #11627
  • quota: ClusterResourceQuota was reporting incorrect values #11595
  • reliability: Enable PodDistruptionBudget #11187
  • router: Allow http for edge teminated routes with wildcard policy. #11760
  • security: Control who can set the owner ref field on objects #11397
  • security: Restrict who can use custom builds by default #11411
  • security: Test x509 intermediates correctly #11307
  • server: Require TLS 1.2 by default for clients #11495
  • server: Warn if no login IDPs have been configured #11235
  • volumes: Allow pv controller to recycle pvs, watch recycler pod events #11731
  • volumes: Ensure meta info is loaded before removing a PV #11737

Release SHA256 Checksums

3001b9b00861567c9fbef99766e5a9af729477fae93c392818ad3fab6d4713dd  openshift-origin-client-tools-v1.4.0-alpha.1+f189ede-linux-32bit.tar.gz
59a59c21cf7631cf4f32a38eb96d661e73b0fa08c4d996735f5e339911731d8f  openshift-origin-client-tools-v1.4.0-alpha.1.f189ede-linux-64bit.tar.gz
00741baa06b62b40153472b25992a4f9a12b5f2a97ad72430bcab36177898145  openshift-origin-client-tools-v1.4.0-alpha.1.f189ede-mac.zip
92a7da5bcd7f9f095bd053a6e28a140f84f0301b452ec62b568cd5c0e8ddb254  openshift-origin-client-tools-v1.4.0-alpha.1.f189ede-windows.zip
229bd998bcb22871a0c2b0cc6ae5688324d79ed998cff922df5f73c35ca06861  openshift-origin-server-v1.4.0-alpha.1.f189ede-linux-64bit.tar.gz
Assets 8