Skip to content

v3.6.0-alpha.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@smarterclayton smarterclayton released this 22 Mar 01:48
· 19607 commits to master since this release
v3.6.0-alpha.0
0343989

This is a feature release towards OpenShift 3.6.

Please note that we have updated the version numbering scheme for OpenShift to be consistent with the OpenShift version history to minimize impact to the installer and other related documentation and web links. OpenShift 3.6 replaces version number 1.6, and will be based on Kubernetes 1.6.

Changes

Roadmap for the 3.6 release

v3.6.0-alpha.0 (2017-03-21) Full Changelog

API

Move OpenShift API resources to their own API groups

API groups in Kubernetes allow extension of core APIs and better separation of unrelated API types.
In this release we are introducing API groups for all OpenShift API resources so that in the future
they can be used as extensions to a base Kubernetes distribution. These resources continue to be available
at /oapi/v1, but clients should begin using the new paths.

New API groups are available from the OpenShift API server at:

  • /apis/apps.openshift.io/v1: DeploymentConfigs
  • /apis/authorization.openshift.io/v1: OpenShift role based access control
  • /apis/build.openshift.io/v1: Build configs and builds
  • /apis/image.openshift.io/v1: Images, ImageStreams, and other supporting resources
  • /apis/oauth.openshift.io/v1: OpenShift OAuth resources like ClientAuthorization and Tokens
  • /apis/network.openshift.io/v1: Network policy for openshift-sdn and NetworkEgressPolicy
  • /apis/project.openshift.io/v1: Projects and project requests for role based access to namespaces
  • /apis/quota.openshift.io/v1: ClusterQuota and supporting namespaced resources
  • /apis/route.openshift.io/v1: Routes
  • /apis/security.openshift.io/v1: PodSecurityPolicyReview resources
  • /apis/template.openshift.io/v1: Templates
  • /apis/user.openshift.io/v1: User and group resources

Stored templates, configuration, and client code intended for use with 3.6 and above can substitute the
apiVersion field for an object with GROUP/v1. CLI code will continue to generate objects with the
legacy apiVersion v1 to enable working with older versions. On many commands you can use
--output-version to indicate the new version

  • API groups #12986
    • image: mutate group admission attributes to ensure grouped resources are captured #13421
    • cli: Fix bulk generator to prefer legacy group #13457
  • Builds
    • All fields related to extended builds have been marked as deprecated and will be removed in a future release #13063
    • Build webhooks return structured data including the created build name #12573

Component updates

  • Kubernetes:
    • vSphere driver fixes:
    • 39752: Fix panic in vSphere cloud provider #13159
    • 39754: Fix fsGroup for vSphere #13159
    • 39757: Fix space in volumePath in vSphere #13159
    • 40693: Fix for vSphere DeleteVolume #13159
    • 41217: Fix wrong VM name retrieval from the vSphere Cloud Provider #13159
    • 42973: Fix selinux support in vSphere #13374
    • Other fixes
      • 36774: Allow auth proxy to set groups and extra info #12803
      • 38818: Add sequential allocator for device names in AWS #13130
      • 38925: Fix nil pointer issue when making mounts for container #13269
      • 39751: Changed default SCSI controller type #13159
      • 40080: Fix unit tests for Update action when AllowUnconditionalUpdate is false #12541
      • 40301: Serve request header certificate CA #13163
      • 40935: Include subresource in subjectaccessreview #13085
      • 41226: Fix for detach volume when node is not present / powered off #13159
      • 41436: Fix bug in status manager TerminatePod #13378
      • 41455: Fix AWS device allocator to only use valid device names #13130
      • 41814: Add client-ca to configmap in kube-public #13217
      • 42275: API Discovery should always prefer /v1 #13152
      • 42337: Plumb cipher/tls version serving options #13167
      • 42491: Make the system:authenticated group addition smarter #13247
      • 42622: Ensure etcd custom prefixes are not lost when upgrading to etcd3 #13298
      • : Allow use of '*' as a capability in Security Context Constraints. #12875
      • : Add appliedclusterresourcequotas to ignoredGroupVersionResources in namespace controller #12986
      • : Admission namespace isAccessReview, remove post 1.7 rebase #13128
      • : Wait for loopback permissions, remove after updating loopback authenticator #13217
      • revert: add ExtraClientCACerts to SecureServingInfo" #13163

Features

Redesigned OpenShift Web Console Overview #1335

The web console has been heavily revised with a focus on showing the relationships between services and deployments,
with significant enhancements to layout and information presentation.

Other changes:

  • web: Add fullscreen terminal support #1167
  • web: Additional checks for security concerns during Import YAML and Template process #1321

Support environment variables as input to Jenkins Pipeline builds and build args to Docker builds

This makes it easier to parameterize these two classes of builds

  • builds: Add env var support to the pipeline strategy #12323
    • Allow build request override of pipeline strategy envs #13160
  • builds: Support build args on Docker builds #12439, #13257

Other Features

  • admin: Add a new network diagnostic pod image #12982
    • admin: Use DefaultImagePrefix instead of hardcoded 'openshift/origin' for network diagnostic image. #13107
  • documentation: Describe networking requirements for vendors replacing openshift-sdn #12981
  • image: Support reference-policy on oc import-image #13339
  • jenkins: Support automatic use of 32 vs. 64 bit JVMs with the integrated Jenkins for more efficient memory use #13032
  • registry: Allow control over TLS version and ciphers for docker-registry #13258
  • security: The privileged SCC should be able to use all capabilities, even those not yet defined #12875
  • security: Add a client for SCC review #12478
    • security: Fix issue in SCC review defaulting #13044
  • security: Make ciphers/tls version configurable #13167
  • tests: Bundle test files with the extended.test binary in the RPM so tests can be run anywhere #13361

Bugs

  • builds: Add parent BuildConfig to Build OwnerReferences #12961
  • builds: Prevent build updates from reverting the build phase #13048
  • builds: No failure reason displayed when build failed using invalid contextDir #13203
  • builds: Work around docker race condition when running build post commit hooks #13100
  • builds: Retry pulling an image if the build fails #13380
  • cli: Don't print odd command names when the binary is symlinked #12781
  • clusterup: Switch to nip.io from xip.io for default cluster up wildcard DNS #13023
  • clusterup: Warn on error parsing Docker version #13201
  • clusterup: Use loopback interface for nodename and default server IP #13112
  • deploy: Prevent rolling back to the same dc version #13104
  • etcd: Wait on startup for etcd to stabilize in v3 mode #13261
  • ha: Sync etcd endpoints during lease acquisition in case of failover #13082
  • image: ImageStreamImage references are not being resolved #13089
  • image: Pruning could fail if some security configuration is not provided #13072
  • image: Ensure all remote layers are checked when someone pulls an image #13001
  • image: Support insecure flag on image import #13114
  • image: Allow import rate to be set to unlimited #13315
  • install: Change logging deployer image name from 'logging-deployment' to 'logging-deployer' #13151
  • install: Changes required to support Docker versions beyond 1.12, including oc cluster up #13016
  • install: Install ceph-common pkg to support RBD provisioning #12896
  • login: Suggest a different port on login #12654
  • network: Increase default ARP cache size on nodes for the router #13034
  • network: Add validation to SDN objects with invalid name funcs #13124
  • network: Output VXLAN multicast flow in sorted order #13061
  • network: Improve SDN validation messages and error messages #13154
  • network: make /var/lib/cni persistent to ensure IPAM allocations stick around across node restart #13231
  • network: Attempt to handle fragmented packets when processing service traffic #13162
  • network: Fix race between ovsdb-server.service and node service #13417
  • newapp: Enhance new-app circular test to handle ImageStreamImage refs #13233
  • newapp: Make new-app report better errors #12978
  • node: Node should default to controller attach/detach #12726
    • controllers: Provide event recorder to attach/detach controller #13175
  • registry: Tolerate upstreams for pullthrough that don't support all content headers #13283
  • release: Enable release repository by default #13473
  • router: Fix cookies for reencrypt routes with InsecureEdgeTerminationPolicy "Allow" #13221
  • router: Use a TCP socket check for the router liveness probe to avoid connection starvation #13121
  • router: Set timeout http-keep-alive when timeout http-request is used to prevent short sessions #13051
  • router: Improve whitespace in the generated router config #13358
  • security: Add stateful sets permissions to disruption controller #13187
  • security: Switch personal SAR to upstream selfsubjectaccessreviews.authorization.k8s.io #13256
  • security: Use more of the upstream authorizer #13259, #13287, #13296, #13415
  • security: Add a cluster role for external PV provisioners #13333
    • Add list events permission to pv-provisioner cluster role #13420
  • security: Improve descriptions of SCCs #13404
  • security: Add conversions from RBAC resources to origin resources #13334
  • upgrade: Add an image migration script for keys affected by v1.4.0 #13059, #13117
  • web: Fix orderBy calls that were passed hashes so we dont get errors with ang 1.5 #1250
  • web: Eliminate kve bookkeeping in controllers #1090
  • web: Enable truncation of long labels within table cell. Fixes openshift/origin-web-console#1230 #1231
  • web: Fix bug searching builders with tags that reference other tags #1243
  • web: Removing an inappropriate class used to wrap inline radio form controls. And switch inline margin from left to right side to allow for alignment left. Fixes openshift/origin-web-console#1240 Fixes openshift/origin-web-console#1234 #1239
  • web: Removing orphaned Settings templates and controller #1255
  • web: Removing orphaned environments directive #1257
  • web: Relax SHA prefix regular expression for PodsService.getImageIDs #1265
  • web: Fix extra space before comma in build status message #1268
  • web: Only show admitted routes as links #1271
  • web: Make route services pie chart responsive #1275
  • web: Fix missing "Create Source Secret" link #1280
  • web: Remove emptyMessage var if its not changing #1203
  • web: Updating PatternFly and Angular-PatternFly to v3.21.0 #1284
  • web: Bug 1425728 - Fix cancel from add config files page #1286
  • web: Bug 1425686 - Make "Add Item" and "Remove Item" headline case #1285
  • web: Aligning kebab styles with PatternFly #1263
  • web: Resolve bug where list-view-item top border disappeared #1288
  • web: Fix problem with add to project from Git repository #1290
  • web: Bump openshift-jvm to 1.1.6 #1292
  • web: Making rule less specific so it applies even if another node (ng) #1293
  • web: Fix bug where margin is inconsistent on .table inside .table-responsive #1254
  • web: Don't resize log viewer before visible #1294
  • web: Fix bug 1426118, ignore namespace except for service account #1295
  • web: Include vendor prefixes required for consistent styling of placeholder text Fixes openshift/origin-web-console#1259 #1260
  • web: Set larger label-filter default input click targets based on statdard media query widths #1216
  • web: Switch Secrets 404 message from Alert header to Blank Slate body #1298
  • web: Change needed to allow multiple labels to display inline, but also truncate if parent width dictates Fixes openshift/origin-web-console#1297 #1299
  • web: Removing top margin causing unnecessary above the .log-header on the monitoring page. Adding class to adjust spacing when ui-select is shown Fixes openshift/origin-web-console#1233 #1238
  • web: Addition of truncate class to tile headers and when no deployments have started. And add word-break to empty-dc and empty-rc Fixes openshift/origin-web-console#1175 #1188
  • web: Lock bootstrap-switch to version 3.3.3 #1302
  • web: Bug 1421097 - Fix problems with secret links on build config page #1304
  • web: Make Project Creation promise-compliant #1300
  • web: Bug 1427084 - Fix problem showing project usage for cluster quota #1307
  • web: Bug 1427289 - Fix log updates when switching containers #1310
  • web: Bug 1427360 - Correctly handle 0 values in MetricsService #1312
  • web: Include conditional style to set spacing for ui-select Fixes openshift/origin-web-console#1309 #1314
  • web: Replace common services with imports from origin-web-common #1308
  • web: Bug 1421097: Fix create secret link for build secrets #1317
  • web: es6 updates #1289
  • web: Toggle link positioning for truncation directive Fixes openshift/origin-web-console#1277 #1316
  • web: Minor style updates for consistency #1323
  • web: Update addTemplateModal fn to class, extract to separate file #1327
  • web: Reduce the mac protractor config by using a clone of base config #1333
  • web: Automatically use Protractor conf for mac if running grunt on mac #1332
  • web: Update DataService.list in deployment controller #1330
  • web: Update createRoute ctrl to use new DataService.list #1329
  • web: Update attachPVC controller to use new DataService.list #1328
  • web: Addition of grid width class to the status column so that message doesn't overlap adjacent column Fixes openshift/origin-web-console#1324 #1338
  • web: Update edit/buildConfig DataService.list #1348
  • web: Removing pficon variables (overrides) #1349
  • web: Metrics can be defined with IDs which are different than the metric name. We need to use the ID and not name for the dataset ID. #1344
  • web: Make browseCategory Promise Compliant #1354
  • web: Make Autoscaler Promise Compliant #1355
  • web: Make Deployment Config Promise Compliant #1356
  • web: Make edit/Route controller promise compliant #1357
  • web: Make Other Resources controller promise compliant #1358
  • web: Make quota controller promise compliant #1359
  • web: Make Secrets promise compliant #1360
  • web: Make replicaSets promise compliant #1362
  • web: Make Set Limits Promise Compliant #1361
  • web: Make create/createFromImage promise compliant #1363
  • web: Correctly hide overview metrics when unavailable #1366
  • web: Hide service weight slider when all weights are 0 #1367
  • web: Improve pods table performance #1369

Release SHA256 Checksums

7a353841eb0edd28f0a4ab86279e79992804456a95f53125bdffae4daf8a5090  openshift-origin-client-tools-v3.6.0-alpha.0-0343989-linux-32bit.tar.gz
60e2cc967086acbba0fee1e6c98ed5792bde5af80d64ddaaa6727e835848d421  openshift-origin-client-tools-v3.6.0-alpha.0-0343989-linux-64bit.tar.gz
4583a8dfebd04d7d193f635629dd03113c0ba199f1b14c945928274982540bfb  openshift-origin-client-tools-v3.6.0-alpha.0-0343989-mac.zip
f38b393e7bdcf8f11077ce04c931b274a4c83ccb53513fd7cb14e1f0b575436f  openshift-origin-client-tools-v3.6.0-alpha.0-0343989-windows.zip
6607b727d3db21fa211240a41bd399573018bc76e54f265ba9d5632add9ba87a  openshift-origin-server-v3.6.0-alpha.0-0343989-linux-64bit.tar.gz
Assets 8