Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add OpenShift 4.16 release notes summary #357

Merged
merged 2 commits into from
Oct 11, 2024
Merged

Add OpenShift 4.16 release notes summary #357

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5159b4c
Add OpenShift 4.16 release notes summary
simu Oct 11, 2024
246b8fc
Remove 4.14 release notes summary
simu Oct 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
137 changes: 73 additions & 64 deletions docs/modules/ROOT/pages/references/release_notes.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,79 @@

TIP: This page lists notable changes in OpenShift releases which we find important. Reading release notes for you as a service.

== OpenShift 4.16

OpenShift version 4.16 is available since 2024-06-27.
This version is based on Kubernetes 1.29 and CRI-O 1.29.
The RHCOS image uses RHEL 9.4 packages.
Find the release notes in the upstream documentation at https://docs.openshift.com/container-platform/4.16/release_notes/ocp-4-16-release-notes.html[OpenShift Container Platform 4.16 release notes].
The https://www.redhat.com/en/blog/what-you-need-to-know-red-hat-openshift-416[Red Hat OpenShift 4.16: What you need to know] blog post is also a valuable resource.

OpenShift SDN network plugin blocks future minor upgrades::
Clusters which use OpenShift SDN as the network plugin can't be upgraded past OpenShift 4.16.
+
[NOTE]
====
VSHN Managed OpenShift 4 clusters are installed with https://access.redhat.com/articles/5436171#isovalent-4[Cilium], a fully certified and supported 3rd party CNI plugin for OpenShift 4.
Therefore VSHN Managed OpenShift clusters aren't affected by this block.
====

Proxy service for monitoring components changed::
This release changes the proxy service for monitoring components from OpenShift OAuth to kube-rbac-proxy.
+
IMPORTANT: You may need to grant additional roles or cluster roles for service accounts or users that are accessing monitoring component APIs.

Update to HAProxy 2.8::
This OpenShift release uses HProxy 2.8.
Starting from this release, the OpenShift ingress HAProxy is configured to disallow SHA-1 certificates.
+
IMPORTANT: Both existing and new routes that use SHA-1 certificates will be rejected by and won't work in OpenShift 4.16.

Legacy service account API token secrets are no longer generated::
In previous OpenShift releases, a legacy API token secret was created for each service account to enable access to the integrated OpenShift image registry.
Starting with this release, these legacy API token secrets aren't generated anymore.
Instead, each service account's image pull secret for the integrated image registry uses a bound service account token which is automatically refreshed before it expires.
+
[IMPORTANT]
====
If you're using a service account token to access the OpenShift image registry from outside the cluster, you should create a long-lived token for the service account.
See the https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#manually-create-a-long-lived-api-token-for-a-serviceaccount[Kubernetes documentation] for details.
====

Linux control groups version 1 (cgroupv1) deprecated::
In RHEL 9 and RHCOS 9, the default mode is `cgroupv2`.
In RHEL 10 and RHCOS 10, booting into `cgroupv1` won't be supported anymore.
Therefore, `cgroupv1` is deprecated in OpenShift 4.16 and later.
`cgroupv1` will be removed in a future OpenShift Container Platform release.
+
IMPORTANT: If you're running Java applications on VSHN Managed OpenShift, please update to a Java runtime that supports `cgroupv2` as soon as possible.

Warning for iptables usage::
OpenShift will create event messages for pods still using `iptables` rules, since `iptables` support will be removed in RHEL 10 and RHCOS 10.
If your software still uses `iptables`, please make sure to update your software to use `nftables` or eBPF.
+
TIP: If you are seeing these events for third-party software that isn't managed by VSHN, please check with your vendor to ensure they will have an `nftables` or eBPF version available soon.

RWOP with SELinux context mount is generally available::
OpenShift 4.16 makes the `ReadWriteOncePod` access mode for PVs and PVCs generally available.
In contrast to RWO where a PVC can be used by many pods on a single node, RWOP PVCs can only be used by a single pod on a single node.
For CSI drivers which support RWOP, the SELinux context mount from the pod or container is used to mount the volume directly with the correct SELinux labels.
This eliminates the need to recursively relabel the volume and can make pod startup significantly faster.
+
NOTE: VSHN Managed OpenShift doesn't yet support RWOP on all infrastructure providers.

Beta APIs removed from Kubernetes 1.29::
Kubernetes removed the following deprecated APIs:
+
* `FlowSchema` API version `flowcontrol.apiserver.k8s.io/v1beta2`.
Migrate to `flowcontrol.apiserver.k8s.io/v1`
* `PriorityLevelConfiguration` API version `flowcontrol.apiserver.k8s.io/v1beta2`.
Migrate to `flowcontrol.apiserver.k8s.io/v1`.

Monitoring stack replaces prometheus-adapter with metrics-server::
This release removes prometheus-adapter and introduces metrics-server to provide the `metrics.k8s.io` API.
This should reduce load on the cluster monitoring Prometheus stack.

== OpenShift 4.15

OpenShift version 4.15 is available since 2024-03-19.
Expand Down Expand Up @@ -41,67 +114,3 @@ In a subsequent future release, the OpenShift SDN network plugin is planned to b
Red Hat will provide bug fixes and support for this feature until removed, but this feature will no longer receive enhancements.
+
NOTE: New APPUiO Managed OpenShift 4 clusters are installed with https://access.redhat.com/articles/5436171#isovalent-4[Cilium], a fully certified and supported 3rd party CNI plugin for OpenShift 4.

== OpenShift 4.14

OpenShift version 4.14 is available since 2023-11-06.
This version is based on Kubernetes 1.27 and CRI-O 1.27.
The RHCOS image uses RHEL 9.2 packages.
Find the release notes in the upstream documentation as https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html[OpenShift Container Platform 4.14 release notes].
The https://www.redhat.com/en/blog/red-hat-openshift-4.14-is-now-available[Red Hat OpenShift 4.14 is now available] blog post is also a valuable resource.

API deprecations::
An API has been removed in Kubernetes 1.27.
Before updating a cluster to OpenShift 4.14, check for usage of the following API:

* `CSIStorageCapacity` Resource, `storage.k8s.io/v1beta1` migrates to `storage.k8s.io/v1`

See the upstream documentation on https://docs.openshift.com/container-platform/4.14/updating/preparing_for_updates/updating-cluster-prepare.html[preparing to update to OpenShift Container Platform 4.14] for detailed instructions to check for usage of these APIs.
If any of the APIs are used, inform the affected users and ask them to update their workloads to use the APIs indicated in the upstream documentation.


Logging in to the CLI using a web browser::
With OpenShift Container Platform 4.14, a new oc command-line interface (CLI) flag, `--web` is now available for the oc login command.
+
With this enhancement, you can log in by using a web browser, so that you don't need to insert your access token into the command line.
+
TIP: This feature has been backported to OpenShift 4.13 and can already be used on APPUiO Managed OpenShift 4 clusters.

Update to HAProxy 2.6::
With this release, OpenShift Container Platform is updated to HAProxy 2.6.

New option to deploy monitoring web console plugin resources::
With this release, the monitoring pages in the Observe section of the OpenShift Container Platform web console are deployed as a dynamic plugin.
With this change, the Cluster Monitoring Operator (CMO) is now the component that deploys the OpenShift Container Platform web console monitoring plugin resources.

New option to specify resource limits for all monitoring components::
With this release, you can now specify resource requests and limits for all monitoring components, including the following:
* Alertmanager
* kube-state-metrics
* monitoring-plugin
* node-exporter
* openshift-state-metrics
* Prometheus
* Prometheus Adapter
* Prometheus Operator and its admission webhook service
* Telemeter Client
* Thanos Querier
* Thanos Ruler
+
In previous versions of OpenShift Container Platform, you could only set options for Prometheus, Alertmanager, Thanos Querier, and Thanos Ruler.

DeploymentConfig resources are now deprecated::
As of OpenShift Container Platform 4.14, `DeploymentConfig` objects are deprecated.
`DeploymentConfig` objects are still supported, but aren't recommended for new installations.
Only security-related and critical issues will be fixed.
+
Instead, use `Deployment` objects or another alternative to provide declarative updates for pods.

Deprecation of the OpenShift SDN network plugin::
OpenShift SDN CNI is deprecated as of OpenShift Container Platform 4.14.
It's currently planned that the network plugin won't be an option for new installations in the next minor release of OpenShift Container Platform.
In a subsequent future release, the OpenShift SDN network plugin is planned to be be removed and no longer supported.
Red Hat will provide bug fixes and support for this feature until removed, but this feature will no longer receive enhancements.
As an alternative to OpenShift SDN CNI, you can use OVN Kubernetes CNI instead.
+
NOTE: New APPUiO Managed OpenShift 4 clusters are installed with https://access.redhat.com/articles/5436171#isovalent-4[Cilium], a fully certified and supported 3rd party CNI plugin for OpenShift 4.