v1.4.1

This is a patch release of OpenShift Origin.

Backwards Compatibility

• As a result of fixing #12606, any users who have logged in since upgrading to v1.4.0 will need to log in again and recreate their login information. Old user identity information from before the v1.4.0 upgrade will still exist in etcd and can be overwritten if necessary.

Changes

v1.4.1 (2017-01-24) Full Changelog

Bugs

• storage: Restore correct etcd pathsfor user identities and network egress policies #12606
• cluster: Ensure Windows systems can properly upload config files for oc cluster up #12634

Release SHA256 Checksums

51d57a891ec7f7ef8c5fca9eef99971a1caaa4e82892e1675f402724e1a9f6c6  openshift-origin-client-tools-v1.4.1-3f9807a-linux-32bit.tar.gz
c2ac117e85a968c4d16d5657a31dce0715dcbfa4ab4a7bc49e5c6fd7caffb7da  openshift-origin-client-tools-v1.4.1-3f9807a-linux-64bit.tar.gz
97668ef7d4312a1a7a45e447b735873766cb1d66342d3c3f6e9f7e613f89fae7  openshift-origin-client-tools-v1.4.1-3f9807a-mac.zip
922bc2318685c4ea3518e17099c17ad609529a744fc48231c226f4e1e76d3288  openshift-origin-client-tools-v1.4.1-3f9807a-windows.zip
8d60866685d1a692aea5037b7d4be0d26a1de4ad3baea5693eeee10a1dbc474b  openshift-origin-server-v1.4.1-3f9807a-linux-64bit.tar.gz

v1.5.0-alpha.2

This is the second alpha release of OpenShift Origin v1.5.0.

API Changes

• Images
  • dockerImageConfig and dockerImageManifest are no longer available via the ImageStreamTag and ImageStreamImage resources - they must be retrieved via the registry API #12004
• Policy
  • Label selectors were not honored when LISTing clusterroles #12461

Component updates

• Updated to Kubernetes 1.5.2 + patches
  • 32000: Update node status instead of node in kubelet
    #10790
• Docker registry
  • 2140: Add 'ca-central-1' region for registry S3 storage driver #12451

Features

Roadmap for the v1.5 release

v1.5.0-alpha.2 (2017-01-18) Full Changelog

Improvements to oc cluster up

oc cluster up now allows HTTP proxies to be configured on the started cluster for environments which require them, and will now also create a set of persistent volumes by default for use with applications to make it easier to test those that have stateful storage.

• cluster: Support HTTP and HTTPS proxies via environment variables when running oc cluster up #12483
• cluster: Add persistent volumes on startup #12456

Web console improvements

All web console changes

• Improve suggested Jenkinsfile examples for readability and clarity #1074
• Making placement of actions menu consistent across pages #1130
• Display custom metrics for pods if they are available. #1109
• Create storage form improvements #1133
• Allow editing of build hooks on build configuration page #680
• Add StatefulSets browse page #1088
• Show post commit hooks for builds and build configs #1139

Bugs

• admin: The manage-node command should avoid unnecessary conflicts by using PATCH to mark nodes unschedulable #12486
• cli: Only set the TERM variable if oc rsh is running /bin/sh #12386
• cli: Policy commands should print information about what was changed #12324
• console: Truncate long event messages to 1000 characters #1082
• console: Use metadata.name as secondary sort for projects #1081
• console: Let users specify HTTPS when editing health checks #1087
• console: Fix editing existing commands #1089
• console: Fix duplicate build messages on overview #1092
• console: Fix bug displaying read-only build config env vars #1107
• console: Respect limit ranges on create storage page #1134
• console: Prevent mobile table td collapsing issue Fixes openshift/origin-web-console#1128 #1131
• console: Collapse pending pipelines on overview #1126
• egress: The egress router should not set a route if the gateway and destination addresses are the same #12460
• ipfailover: User check script should override default check script #12509
• newapp: Add golang source detector for new-app #12485
• newapp: Support passing environment variables to the build via oc new-app #12455
• performance: Switch image quota to shared informers #12088
• router: Add more information to the HAProxy 503 page to assist new users #12409
• servingcerts: Add service UID as x509 extension to service server certs #12413

Release SHA256 Checksums

3f37994961214dfb2750014439dc43049e1a84d6c94c182ea0e8417d79921cd5  openshift-origin-client-tools-v1.5.0-alpha.2-e4b43ee-linux-32bit.tar.gz
d87d37da3be54035f5ca88a0529e830884922f2b9629f677b249cb5dd92d9dba  openshift-origin-client-tools-v1.5.0-alpha.2-e4b43ee-linux-64bit.tar.gz
875a73563d4a9332a2ae4767c5840e73d3ec3145daf668a01c7e8f245058ddef  openshift-origin-client-tools-v1.5.0-alpha.2-e4b43ee-mac.zip
c825916e8277693b2c4fc3bfd7d238e2993fb1879160a2a7172b2e9ada52ecda  openshift-origin-client-tools-v1.5.0-alpha.2-e4b43ee-windows.zip
2cc31e72c662efa310b13d19febe9ac1a159280b584d24105af2abd5d419f5f6  openshift-origin-server-v1.5.0-alpha.2-e4b43ee-linux-64bit.tar.gz

v1.4.0

PLEASE UPGRADE to v1.4.1 instead of v1.4.0

A critical problem with v1.4.0 has been identified where user identity information is read from a different location in etcd compared to v1.3.x. Upgraded clusters will not correlated logged in users correctly. No data is lost, however any new users created on 1.4 will not be accessible after the fix is delivered in v1.4.1.

#12606

---

This is the official release of OpenShift v1.4.0.

Changes

Features included in the 1.4 release

v1.4.0 (2017-01-18) Full Changelog

Component Updates

• Kubernetes
  • 35013: Extend list of known regions for AWS to include us-east-2 #12256
  • 36812: Some ScheduledJobs and Jobs were not created with unique enough names #12432
  • 39493: Prevent a panic from the kubelet when performing some volume type checks #12411
• Docker registry
  • 2140: Add 'ca-central-1' region for registry S3 storage driver #12470

Bugs

• Prevent a race condition where image pulls fail from the registry when a registry also has pull through enabled #12396
• Prevent the SDN from needlessly updating the node IP address if the order of IPs reported by the node changes #12388
• Ensure the volume attach/detach controller will not panic if it needs to report an error #12263

SHA256 Checksums

a9ec430c6a315a3adae6841d2e9e56fed6a6ffcc89708d8bbc469d4d56e5f070  openshift-origin-client-tools-v1.4.0-208f053-linux-32bit.tar.gz
99404b7b0bc4f6ee2f6af617872060343bd17b5b58bb44567afae5b93e20b000  openshift-origin-client-tools-v1.4.0-208f053-linux-64bit.tar.gz
8a9582410a5e24b6e317c34a6584a642f5bdaca36bba8bf9ef5ca61f1f1f27a7  openshift-origin-client-tools-v1.4.0-208f053-mac.zip
bc8b48bec09fd83397f76f27672af6fd9d02430193d7ef25267305b1d2ddcdb4  openshift-origin-client-tools-v1.4.0-208f053-windows.zip
8fc0813eeb789fd599005d30b9a36e671cefbe25c14cfb49ec524a8ef078db15  openshift-origin-server-v1.4.0-208f053-linux-64bit.tar.gz

v1.3.3

This is a security patch release to OpenShift Origin v1.3.x.

Bugs

v1.3.3 (2017-01-18) Full Changelog

• registry: Verify permissions for linked layers correctly on images that are accessed via pull through
  #12307

Release SHA256 Checksums

8a4cc493e25ad201803c8da9dcc2d616ab8c26ab9b9db283911a65d74619d86f  openshift-origin-client-tools-v1.3.3-bc17c1527938fa03b719e1a117d584442e3727b8-linux-32bit.tar.gz
fba51a21b8894ba0cf00c99e3ab71be06ff4b48094e38429614e332c8a7c70c6  openshift-origin-client-tools-v1.3.3-bc17c1527938fa03b719e1a117d584442e3727b8-linux-64bit.tar.gz
5c0004b328ae647bf0108f5d3dcdc69b29c515f54af845ea71cefb4a1aa60c7a  openshift-origin-client-tools-v1.3.3-bc17c1527938fa03b719e1a117d584442e3727b8-mac.zip
3ec3f82344807c0e6d6a24c048367d205d1d3629345322045451eb2b28b4eda8  openshift-origin-client-tools-v1.3.3-bc17c1527938fa03b719e1a117d584442e3727b8-windows.zip
b17162f9b6014b526b905575cea02ae8816013ace46b094bf4cee581b51dfd31  openshift-origin-server-v1.3.3-bc17c1527938fa03b719e1a117d584442e3727b8-linux-64bit.tar.gz

v1.5.0-alpha.1

This is a feature development release leading up to v1.5.0. It is immediately prior to rebasing onto Kubernetes 1.5.

Changes

v1.5.0-alpha.1 (2017-01-24) Full Changelog

API

• image: Report creationTimestamp from the image in ImageStreamImage #12052
• build: Report failure reasons with the build #10817
• deployments: Respect the imagePullPolicy of the deployment when running lifecycle hooks #12080
• routes: Make insecureEdgeTerminationPolicy work with all types of secure routes #11953

Features

• cli: Support HTTP URLs in oc start-build --from-file #11811
• cli: Support go template and jsonpath output for oc process #12230
• cli: Support reading environment variables and parameters from files for new-app, new-build, and process #12164
• ipfailover: The failover daemon check and notify scripts can now be customized #11644
• newapp: Set env vars on oc new-app of template #12048
• router: Add option to use PROXY protocol #12271
• router: Allow route balancing algorithm to be configured and backend cookies to be disabled #11984
• security: Allow administrator to limit which users can invite others to join their projects to prevent abuse #11743
• web: Show environment variables coming from the builder image in the Environment tab #889
• web: Improve descriptions for quota scopes #887
• web: Show duration for completed pods #909
• web: Add link to check server connection to error page for api discovery #907
• web: Add ability to copy commands in CLI tools page #871
• web: Let users remove volumes #891
• web: Add volume name validation when attaching PVCs #920
• web: Display keys and paths when set for secret volumes #927
• web: Add in-context Jenkinsfile help #947
• web: Create new config maps and secrets when adding config files #950
• web: Show a "Start Pipeline" button on overview #958
• web: Improve display of secrets #963
• web: Let users define labels when creating routes #985
• web: Show build status message when it exists #989
• web: Support "Run on OpenShift" links #884
• web: Add build failure reasons to monitoring and overview pages #996
• web: Let users save logs #1040
• web: Improve the route form #1068

Bugs

• auth: Redirect to server root if login flow is started with no destination #11961
• builds: Fail new builds that can't start a build pod because it already exists #12057
• builds: Wait for first build to start before showing builds to reduce timeouts #12163
• cli: Add namespace selector field to cluster resource quota describe output #12292
• cli: Deleted secrets should be able to be unlinked from a service account #11868
• cli: Deprecate process -v/--value in favor of -p/--param #12001
• cli: Don't error on login if the user can't list projects #12008
• cli: Don't include display name when showing the "short" project name #12274
• cli: Ensure login, project, and discovery work against an RBAC-enabled Kubernetes cluster #11340
• cli: Ensure newer builds show up first in oc status #12179
• cli: Show ready pods next to deployments in oc status #11291
• cli: Suggest oadm drain instead of oadm manage-node drain #12226
• cluster: Ensure /sys/devices/virtual/net r/w for kubelet under oc cluster up #12138
• cluster: Tolerate docker attach races when starting a cluster #12223
• cluster: Use default cert dir for oc cluster up client if DOCKER_TLS_VERIFY is set #12035
• clusterquota: Reconcile deleted namespaces out of cluster quota status #12123
• deployments: Increase default Recreate deployment timeout to ten minutes #12259
• deployments: Reduce the number of times deployments are processed unnecessarily to improve performance #11805
• deployments: Wait for old pods to terminate before proceeding to Recreate #11917
• diagnostics: add shell prompt to commands in msgs #11295
• examples: Add advanced pipeline examples #12177
• images: Fix tag sorting according to semantic versioning rules #9600
• jenkins: Give Jenkins a longer livenessProbe delay to prevent it being killed prematurely #12134
• ldap: Compare object DN to structured baseDN #12105
• newapp: Appropriately warn/error on circular build dependencies #12104
• newapp: Don't print internal error when a docker registry is unreachable #12269
• newapp: Fix a bug with hidden image stream tags when no tag is specified #12185
• newapp: Hide image stream tags that have the "hidden" annotation #12100
• newapp: Support csproj files for identifying .NET Core projects #11896
• newapp: fix priority of Jenkinsfile, Dockerfile, source when strategy unspecified #11982
• registry: Ensure all download references are valid before allowing an image blob to be accessed #12182
• router: Allow router to bind ports only when ready #11768
• router: Minimize reloads performed during startup and filtering #12199
• sdn: Ensure that the correct node IP is reported, even if the order of NICs reported for the host changes #12107
• sdn: Fix a multiple-pointers-to-single-loop-variable bug in EgressNetworkPolicy #12045
• sdn: Validate if the openshift master is running with mutitenant network plugin #11880
• sdn: garbage-collect dead containers to recover IPAM leases #11964
• server: Provide a better initial seed for math/rand on server start #12200
• servicecerts: Regenerate service serving certs when configuration changes #12050
• web: Prevent filters from appearing twice on config maps page #913
• web: Add warning that BC has been deleted #916
• web: Don't show image name multiple times when reused in a template #921
• web: Link to image stream tags in the same namespace from the build config #922
• web: Don't show Start Build if build config no longer exists #923
• web: Better handling of metrics errors #930
• web: Show "Start Pipel...

v1.3.2

This is a patch release to Origin v1.3.x containing stability and security fixes.

Bugs

v1.3.2 (2016-12-12)
Full Changelog

• Fix AWS attach / detach logic for volumes #12024
• Cluster resource quotas were not properly recording their status, leading to inaccurate quota info #12067

Release SHA256 Checksums

321789dca301a45aef8643ff62a9622601946af5ee2504986314da8373368d0c  openshift-origin-client-tools-v1.3.2-ac1d579-mac.zip
ed6c77bd870bb70a474a435b74475090e0b1d17f837e4156b442a1176d634e6d  openshift-origin-client-tools-v1.3.2-ac1d579-linux-32bit.tar.gz
73f175a5aba04aaca3f873ca24631f246931dc5d9904d50bc4a7153988d121b1  openshift-origin-client-tools-v1.3.2-ac1d579-linux-64bit.tar.gz
d80e290db8e17a2e319bdf2aa4717d5fc3d57d8ebf0959dd17025de6b9c78261  openshift-origin-client-tools-v1.3.2-ac1d579-windows.zip
a1049820c3cca7ffaf7fe1e8b7913eddea09ae705b4e8e8f42072abeb46085de  openshift-origin-image-v1.3.2-ac1d579-linux-64bit.tar.gz
d84852af7cc8c2de21b566286667c7850415d23f1d007e612c73c04f276c8bc4  openshift-origin-server-v1.3.2-ac1d579-linux-64bit.tar.gz

v1.5.0-alpha.0

This is the first alpha release for OpenShift v1.5.0.

Features

Release roadmap
v1.5.0-alpha.0 (2016-11-19)
Full Changelog

Release SHA256 Checksum

8d1559c5f1b6b33a45d2c0e81e7d0d4389a2a4f6ebf825c029d5c1c434ceb6f3  openshift-origin-client-tools-v1.5.0-alpha.0+3b2bbe5-linux-32bit.tar.gz
1c45409e742e67466fca0b66eed98f4e5672acbcdb11817b5014f1f7830ed463  openshift-origin-client-tools-v1.5.0-alpha.0+3b2bbe5-linux-64bit.tar.gz
de65010e78e11f43ca422dc25dbe9e2f9613ef4ccdaaaefc6572262635f4146c  openshift-origin-client-tools-v1.5.0-alpha.0+3b2bbe5-mac.zip
bd100144ec2ef6c6fa46544ada421b2ee89a6363f494b32525a9b8eecfecc278  openshift-origin-client-tools-v1.5.0-alpha.0+3b2bbe5-windows.zip
0585066a9fe5a9240b119d83b6585558a7de02a59bee81db5ece581a78abf833  openshift-origin-server-v1.5.0-alpha.0+3b2bbe5-linux-64bit.tar.gz

v1.4.0-rc1

This is the first release candidate for OpenShift Origin v1.4.0.

Features

Release roadmap
v1.4.0-rc1 (2016-11-19)
Full Changelog

Release SHA256 Checksums

71b854fdc5e80f97afa8e20c4f138eff3dc8c3acb4a8dae6c6bac14fa93270ef  openshift-origin-client-tools-v1.4.0-rc1.b4e0954-linux-32bit.tar.gz
8b51c0c3db20101740590075a63540fefe7a4f797fdb832974c6f61bac8bd901  openshift-origin-client-tools-v1.4.0-rc1.b4e0954-linux-64bit.tar.gz
f59ffa513316e050746afdc79b59ebffcdf6d95996b44269f64e2e6cad3f352c  openshift-origin-client-tools-v1.4.0-rc1.b4e0954-mac.zip
4c0f109a2229a5927d9333cc0bf523dc11c5848d51aa799f5934822193bbc690  openshift-origin-client-tools-v1.4.0-rc1.b4e0954-windows.zip
574185a6a19bb0ef02dd15d6c6aac1e08d89106725bcd39d8fa85297fe7c8528  openshift-origin-server-v1.4.0-rc1.b4e0954-linux-64bit.tar.gz

v1.4.0-alpha.1

This is the final alpha for Origin 1.4.

Backwards Compatibility

Features

Release roadmap
v1.4.0-alpha.1 (2016-11-03)
Full Changelog

API Changes and backwards compatibility notes

• PATCH is allowed in CORS requests #11700
• Authorization checks like SubjectAccessReview may now be performed on non-existent namespaces #11321
• Webhooks that are in error now return a JSON status body with their response with extended information about the failure #11077
• The permissions required to proxy a node have changed #11228
• Deployment behavior with automatic=false has changed in 1.4 #11223
• Remove updatePercent from deployments #11090
• The CLI has removed support for passing comma-separated template parameters through --param/--value - the flag must be specified multiple times to pass multiple parameters #11539

Upstream

Update Kubernetes to v1.4.0 + patches

• 1.4.x Cherry picks #11709
• 35285: Remove stale volumes if endpoint/svc creation fails. #11722
• 35082: Wait for all pods to be running before checking PDB status #11714
• 33014: Report the image digest in pod status when available #11674
• 34434: Print valid json/yaml output in kubectl set image #11664
• 34298: Fix potential panic in namespace controller #11632
• 30836: Fix dynamic provisioning for vSphere #11598
• 35608: Update PodAntiAffinity to ignore calls to subresources #11578
• 34997: Fix kube vsphere.kerneltime #11574
• 35420: Remove Job also from .status.active for Replace strategy #11523
• 32593: Audit test fails to take into account timezone #11505
• 31607: Add kubectl describe storageclass #11481
• 30145: Add PVC storage to Limit Range #11396
• 32084: Do not allow creation of GCE PDs in unmanaged zones #11369
• 32077: Do not report warning event when an unknown provisioner is requested #11368
• 32662: Change the default volume type of GlusterFS provisioner #11367
• 35206: Update default run func for cmds containing sub-commands #11362
• 27714: Send recycle events from pod to pv. #11259
• 34763: Log warning on invalid --output-version #11239
• 34028: Add --dry-run option to kubectl create sub-commands #11238
• 33958: Add global timeout flag #11104
• 34010: Match GroupVersionKind against specific version #11286
• 34020: Allow empty annotation values #11210
• 33464: Fix cache expiration check #11088
• 33319: Add nodeport option when creating NodePort service #11059

Features

• sysctl support in runtime and via SecurityConstraintContexts #11195
• Rules review endpoint for other users #11172
• SCC check API: REST #11075
• Support non-string template parameter substitution #11421
• Enable jenkins autoprovisioning #11065
• Fix OAuth redirect ref in Jenkins service account #11681
• F5 should be able to integrate into the openshift-sdn directly #11181
• Provide vxlan integration options to the router cmd line #11677
• Fix a problem with F5 node watches #11742
• Verify all certificates used by the router #11218
• Change router to use a certificate list/map file for stronger validation of user certificates #11217
• Allow wildcards to be supported in routers #11550
• Allow compression to optionally be enabled for all routes #11469
• Convert openshift-sdn to a CNI plugin #11082
• network: Fix join/isolate project network under CNI #11679
• sdn: miscellaneous fixes after the CNI merge #11613
• network: fix single-tenant pod setup and leave docker0 around #11588
• Make rollout and rollback more in line with upstream Kubernetes in the CLI #11655
• oc: add -o revision in rollout latest #11357
• oc: deprecate 'deploy --latest' in favor of 'rollout latest --again' #11287
• Convey conditions about deployments, replication controllers, deployment configs, and replica sets on the API objects for better user comprehension of problems #11214
• deploy: Set condition reason correctly for new RCs #11609
• deploy: add conditions when creating replication controllers #11412
• Add Ceph RBD and Gluster provisioners #11460
• Support specifying StorageClass while creating volumes with oc set volume #11451
• Add 'oc set resources' #11384
• Admins can now default build pod annotations and node selectors #11380
• Add option to install logging components to oc cluster up #11343
• Add oc cluster status for helpful info about a recent cluster #11171
• Add option to oc whoami to print the server url #11180
• Switch nodes to enable pods-per-core as the primary constraint, and increase max pods #11174

Console Features

Managing project membership

An important feature for people that want to collaborate within the same projects, the new membership management interface lets you add and remove roles to users, groups, and service accounts within your project.

Project administrators have access to view and modify the project’s membership. Membership management is the only difference between an admin and an editor in the default OpenShift roles. Cluster administrators can add a description to any role to provide extra information for end users about what that role actually allows.

Creating and Adding Secrets for Build and Deployment Configurations

Prior to 1.4 it was very difficult to set up a build against a private git repository from the web console. Previously you had to Import YAML/JSON to create your secret and then edit your build’s YAML to make it use that secret.

Now you can expand the advanced build options, create a user/password or SSH key based secret and tell the build to use that when cloning your source. Already have your secret created in that project? You can pick any of your existing ones too.

While we were making private git repository connections easier to set up, we figured we should improve setting up push and pull against private image registries as well. The build configuration editor lets you set up a push or pull secret in case the image you are building from or the image stream you are pushing to is on a secure registry. Similarly the new deployment configuration editor allows you to specify a pull secret.

Editor for deployment configuration strategy, hooks, and secrets

We’ve had a GUI editor for build configurations for a few releases now, but now we’ve added one for deployment configurations too. From the new editor you can:

• Switch your deployment strategy
• Tweak advanced deployment set...

v1.2.2

This is a patch release to Origin v1.2.x containing a security related fix. All users are recommended to upgrade to v1.2.2 who are on v1.2.x.

Bugs

v1.2.2 (2016-08-18)
Full Changelog

• Intermediate CA certificates were being improperly checked for authorization (CVE-2016-7075) #11413

Release SHA256 Checksums

4b2321ffe2dc2ca74651532b77fa1ebca9865de173790aedcdd0ecad2831d4a1  openshift-origin-client-tools-v1.2.2-565691c-linux-32bit.tar.gz
d957b439a9194ccf01c48973449b84495649fadecc00c34a49ca6fd38b6c96a0  openshift-origin-client-tools-v1.2.2-565691c-linux-64bit.tar.gz
f06415c6ca879a500441225c8c353cabe2f2d668fc71588263e2b1673f4447fc  openshift-origin-client-tools-v1.2.2-565691c-mac.zip
feb64928d83ab542b3d5b164f3d5784bfdaf570ea5093721a8489b1575bc0d87  openshift-origin-client-tools-v1.2.2-565691c-windows.zip
f431fcf03a6ae9aa9a6800f00050e571481ee71fe0821dea1ca405d1e5b4f76a  openshift-origin-server-v1.2.2-565691c-linux-64bit.tar.gz