diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index 67b2c7263b..993028bda9 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.21.0-0.nightly-arm64-2025-10-22-190453 +OCP_VERSION := 4.21.0-0.nightly-arm64-2025-10-26-121625 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index 5647f05e21..54b092b054 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 4.21.0-0.nightly-2025-10-22-123727 +OCP_VERSION := 4.21.0-0.nightly-2025-10-26-145358 diff --git a/assets/components/multus/release-multus-aarch64.json b/assets/components/multus/release-multus-aarch64.json index 6ee3348fe8..8b09c2c98c 100644 --- a/assets/components/multus/release-multus-aarch64.json +++ b/assets/components/multus/release-multus-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.21.0-0.nightly-arm64-2025-10-22-190453" + "base": "4.21.0-0.nightly-arm64-2025-10-26-121625" }, "images": { "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:946cf47f49872d9ab2a6a764eb78f1ae5c7ac6fe8822d8e7d76fc2f0823220df", diff --git a/assets/components/multus/release-multus-x86_64.json b/assets/components/multus/release-multus-x86_64.json index e19c6ffc47..b3f63d82e5 100644 --- a/assets/components/multus/release-multus-x86_64.json +++ b/assets/components/multus/release-multus-x86_64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.21.0-0.nightly-2025-10-22-123727" + "base": "4.21.0-0.nightly-2025-10-26-145358" }, "images": { "multus-cni-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9911528df809594adb3387f01e19d8f3c638744ccef5d8cd888b01e4f42c0d93", diff --git a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-catalogsources.crd.yaml b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-catalogsources.crd.yaml index 1ce841df79..e0bde39811 100644 --- a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-catalogsources.crd.yaml +++ b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-catalogsources.crd.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.18.0 + controller-gen.kubebuilder.io/version: v0.19.0 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" capability.openshift.io/name: "OperatorLifecycleManager" @@ -635,8 +635,8 @@ spec: most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + compute a sum by iterating through the elements of this field and subtracting + "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. type: array items: diff --git a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-clusterserviceversions.crd.yaml b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-clusterserviceversions.crd.yaml index 63c9bdc6f0..563474fa48 100644 --- a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-clusterserviceversions.crd.yaml +++ b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-clusterserviceversions.crd.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.18.0 + controller-gen.kubebuilder.io/version: v0.19.0 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" capability.openshift.io/name: "OperatorLifecycleManager" @@ -1386,8 +1386,8 @@ spec: most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + compute a sum by iterating through the elements of this field and subtracting + "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. type: array items: @@ -1771,7 +1771,9 @@ spec: - name properties: name: - description: Name of the environment variable. Must be a C_IDENTIFIER. + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. type: string value: description: |- @@ -1826,6 +1828,42 @@ spec: description: Path of the field to select in the specified API version. type: string x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + type: object + required: + - key + - path + - volumeName + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + default: false + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing the env file. + type: string + x-kubernetes-map-type: atomic resourceFieldRef: description: |- Selects a resource of the container: only resources limits and requests @@ -1876,8 +1914,8 @@ spec: envFrom: description: |- List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is starting. When a key exists in multiple + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -1904,7 +1942,9 @@ spec: type: boolean x-kubernetes-map-type: atomic prefix: - description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. type: string secretRef: description: The Secret to select from @@ -2548,7 +2588,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -2601,10 +2641,10 @@ spec: restartPolicy: description: |- RestartPolicy defines the restart behavior of individual containers in a pod. - This field may only be set for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, + This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. - Setting the RestartPolicy as "Always" for the init container will have the following effect: + Additionally, setting the RestartPolicy as "Always" for the init container will + have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" @@ -2616,6 +2656,57 @@ spec: init container is started, or after any startupProbe has successfully completed. type: string + restartPolicyRules: + description: |- + Represents a list of rules to be checked to determine if the + container should be restarted on exit. The rules are evaluated in + order. Once a rule matches a container exit condition, the remaining + rules are ignored. If no rule matches the container exit condition, + the Container-level restart policy determines the whether the container + is restarted or not. Constraints on the rules: + - At most 20 rules are allowed. + - Rules can have the same action. + - Identical rules are not forbidden in validations. + When rules are specified, container MUST set RestartPolicy explicitly + even it if matches the Pod's RestartPolicy. + type: array + items: + description: ContainerRestartRule describes how a container exit is handled. + type: object + required: + - action + properties: + action: + description: |- + Specifies the action taken on a container exit if the requirements + are satisfied. The only possible value is "Restart" to restart the + container. + type: string + exitCodes: + description: Represents the exit codes to check on container exits. + type: object + required: + - operator + properties: + operator: + description: |- + Represents the relationship between the container exit code(s) and the + specified values. Possible values are: + - In: the requirement is satisfied if the container exit code is in the + set of specified values. + - NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + type: string + values: + description: |- + Specifies the set of values to check for container exit codes. + At most 255 elements are allowed. + type: array + items: + type: integer + format: int32 + x-kubernetes-list-type: set + x-kubernetes-list-type: atomic securityContext: description: |- SecurityContext defines the security options the container should be run with. @@ -3217,7 +3308,9 @@ spec: - name properties: name: - description: Name of the environment variable. Must be a C_IDENTIFIER. + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. type: string value: description: |- @@ -3272,6 +3365,42 @@ spec: description: Path of the field to select in the specified API version. type: string x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + type: object + required: + - key + - path + - volumeName + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + default: false + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing the env file. + type: string + x-kubernetes-map-type: atomic resourceFieldRef: description: |- Selects a resource of the container: only resources limits and requests @@ -3322,8 +3451,8 @@ spec: envFrom: description: |- List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is starting. When a key exists in multiple + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -3350,7 +3479,9 @@ spec: type: boolean x-kubernetes-map-type: atomic prefix: - description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. type: string secretRef: description: The Secret to select from @@ -3973,7 +4104,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -4027,9 +4158,51 @@ spec: description: |- Restart policy for the container to manage the restart behavior of each container within a pod. - This may only be set for init containers. You cannot set this field on - ephemeral containers. + You cannot set this field on ephemeral containers. type: string + restartPolicyRules: + description: |- + Represents a list of rules to be checked to determine if the + container should be restarted on exit. You cannot set this field on + ephemeral containers. + type: array + items: + description: ContainerRestartRule describes how a container exit is handled. + type: object + required: + - action + properties: + action: + description: |- + Specifies the action taken on a container exit if the requirements + are satisfied. The only possible value is "Restart" to restart the + container. + type: string + exitCodes: + description: Represents the exit codes to check on container exits. + type: object + required: + - operator + properties: + operator: + description: |- + Represents the relationship between the container exit code(s) and the + specified values. Possible values are: + - In: the requirement is satisfied if the container exit code is in the + set of specified values. + - NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + type: string + values: + description: |- + Specifies the set of values to check for container exit codes. + At most 255 elements are allowed. + type: array + items: + type: integer + format: int32 + x-kubernetes-list-type: set + x-kubernetes-list-type: atomic securityContext: description: |- Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -4544,7 +4717,9 @@ spec: hostNetwork: description: |- Host networking requested for this pod. Use the host's network namespace. - If this option is set, the ports that will be used must be specified. + When using HostNetwork you should specify ports so the scheduler is aware. + When `hostNetwork` is true, specified `hostPort` fields in port definitions must match `containerPort`, + and unspecified `hostPort` fields in port definitions are defaulted to match `containerPort`. Default to false. type: boolean hostPID: @@ -4569,6 +4744,19 @@ spec: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. type: string + hostnameOverride: + description: |- + HostnameOverride specifies an explicit override for the pod's hostname as perceived by the pod. + This field only specifies the pod's hostname and does not affect its DNS records. + When this field is set to a non-empty string: + - It takes precedence over the values set in `hostname` and `subdomain`. + - The Pod's hostname will be set to this value. + - `setHostnameAsFQDN` must be nil or set to false. + - `hostNetwork` must be set to false. + + This field must be a valid DNS subdomain as defined in RFC 1123 and contain at most 64 characters. + Requires the HostnameOverride feature gate to be enabled. + type: string imagePullSecrets: description: |- ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. @@ -4656,7 +4844,9 @@ spec: - name properties: name: - description: Name of the environment variable. Must be a C_IDENTIFIER. + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. type: string value: description: |- @@ -4711,6 +4901,42 @@ spec: description: Path of the field to select in the specified API version. type: string x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + type: object + required: + - key + - path + - volumeName + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + default: false + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing the env file. + type: string + x-kubernetes-map-type: atomic resourceFieldRef: description: |- Selects a resource of the container: only resources limits and requests @@ -4761,8 +4987,8 @@ spec: envFrom: description: |- List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is starting. When a key exists in multiple + The keys defined within a source may consist of any printable ASCII characters except '='. + When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. @@ -4789,7 +5015,9 @@ spec: type: boolean x-kubernetes-map-type: atomic prefix: - description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. type: string secretRef: description: The Secret to select from @@ -5433,7 +5661,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -5486,10 +5714,10 @@ spec: restartPolicy: description: |- RestartPolicy defines the restart behavior of individual containers in a pod. - This field may only be set for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, + This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. - Setting the RestartPolicy as "Always" for the init container will have the following effect: + Additionally, setting the RestartPolicy as "Always" for the init container will + have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" @@ -5501,6 +5729,57 @@ spec: init container is started, or after any startupProbe has successfully completed. type: string + restartPolicyRules: + description: |- + Represents a list of rules to be checked to determine if the + container should be restarted on exit. The rules are evaluated in + order. Once a rule matches a container exit condition, the remaining + rules are ignored. If no rule matches the container exit condition, + the Container-level restart policy determines the whether the container + is restarted or not. Constraints on the rules: + - At most 20 rules are allowed. + - Rules can have the same action. + - Identical rules are not forbidden in validations. + When rules are specified, container MUST set RestartPolicy explicitly + even it if matches the Pod's RestartPolicy. + type: array + items: + description: ContainerRestartRule describes how a container exit is handled. + type: object + required: + - action + properties: + action: + description: |- + Specifies the action taken on a container exit if the requirements + are satisfied. The only possible value is "Restart" to restart the + container. + type: string + exitCodes: + description: Represents the exit codes to check on container exits. + type: object + required: + - operator + properties: + operator: + description: |- + Represents the relationship between the container exit code(s) and the + specified values. Possible values are: + - In: the requirement is satisfied if the container exit code is in the + set of specified values. + - NotIn: the requirement is satisfied if the container exit code is + not in the set of specified values. + type: string + values: + description: |- + Specifies the set of values to check for container exit codes. + At most 255 elements are allowed. + type: array + items: + type: integer + format: int32 + x-kubernetes-list-type: set + x-kubernetes-list-type: atomic securityContext: description: |- SecurityContext defines the security options the container should be run with. @@ -6010,6 +6289,7 @@ spec: - spec.hostPID - spec.hostIPC - spec.hostUsers + - spec.resources - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile @@ -6161,7 +6441,7 @@ spec: description: |- Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for - "cpu" and "memory" resource names only. ResourceClaims are not supported. + "cpu", "memory" and "hugepages-" resource names only. ResourceClaims are not supported. This field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod. @@ -6175,7 +6455,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -7409,15 +7689,13 @@ spec: volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass - will be applied to the claim but it's not allowed to reset this field to empty string once it is set. - If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller if it exists. + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -7586,16 +7864,13 @@ spec: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. - More info: https://examples.k8s.io/volumes/glusterfs/README.md type: object required: - endpoints - path properties: endpoints: - description: |- - endpoints is the endpoint name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + description: endpoints is the endpoint name that details Glusterfs topology. type: string path: description: |- @@ -7670,7 +7945,7 @@ spec: description: |- iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md + More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi type: object required: - iqn @@ -8063,6 +8338,110 @@ spec: type: string x-kubernetes-map-type: atomic x-kubernetes-list-type: atomic + podCertificate: + description: |- + Projects an auto-rotating credential bundle (private key and certificate + chain) that the pod can use either as a TLS client or server. + + Kubelet generates a private key and uses it to send a + PodCertificateRequest to the named signer. Once the signer approves the + request and issues a certificate chain, Kubelet writes the key and + certificate chain to the pod filesystem. The pod does not start until + certificates have been issued for each podCertificate projected volume + source in its spec. + + Kubelet will begin trying to rotate the certificate at the time indicated + by the signer using the PodCertificateRequest.Status.BeginRefreshAt + timestamp. + + Kubelet can write a single file, indicated by the credentialBundlePath + field, or separate files, indicated by the keyPath and + certificateChainPath fields. + + The credential bundle is a single file in PEM format. The first PEM + entry is the private key (in PKCS#8 format), and the remaining PEM + entries are the certificate chain issued by the signer (typically, + signers will return their certificate chain in leaf-to-root order). + + Prefer using the credential bundle format, since your application code + can read it atomically. If you use keyPath and certificateChainPath, + your application must make two separate file reads. If these coincide + with a certificate rotation, it is possible that the private key and leaf + certificate you read may not correspond to each other. Your application + will need to check for this condition, and re-read until they are + consistent. + + The named signer controls chooses the format of the certificate it + issues; consult the signer implementation's documentation to learn how to + use the certificates it issues. + type: object + required: + - keyType + - signerName + properties: + certificateChainPath: + description: |- + Write the certificate chain at this path in the projected volume. + + Most applications should use credentialBundlePath. When using keyPath + and certificateChainPath, your application needs to check that the key + and leaf certificate are consistent, because it is possible to read the + files mid-rotation. + type: string + credentialBundlePath: + description: |- + Write the credential bundle at this path in the projected volume. + + The credential bundle is a single file that contains multiple PEM blocks. + The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private + key. + + The remaining blocks are CERTIFICATE blocks, containing the issued + certificate chain from the signer (leaf and any intermediates). + + Using credentialBundlePath lets your Pod's application code make a single + atomic read that retrieves a consistent key and certificate chain. If you + project them to separate files, your application code will need to + additionally check that the leaf certificate was issued to the key. + type: string + keyPath: + description: |- + Write the key at this path in the projected volume. + + Most applications should use credentialBundlePath. When using keyPath + and certificateChainPath, your application needs to check that the key + and leaf certificate are consistent, because it is possible to read the + files mid-rotation. + type: string + keyType: + description: |- + The type of keypair Kubelet will generate for the pod. + + Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", + "ECDSAP521", and "ED25519". + type: string + maxExpirationSeconds: + description: |- + maxExpirationSeconds is the maximum lifetime permitted for the + certificate. + + Kubelet copies this value verbatim into the PodCertificateRequests it + generates for this projection. + + If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver + will reject values shorter than 3600 (1 hour). The maximum allowable + value is 7862400 (91 days). + + The signer implementation is then free to issue a certificate with any + lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 + seconds (1 hour). This constraint is enforced by kube-apiserver. + `kubernetes.io` signers will never issue certificates with a lifetime + longer than 24 hours. + type: integer + format: int32 + signerName: + description: Kubelet's generated CSRs will be addressed to this signer. + type: string secret: description: secret information about the secret data to project type: object @@ -8189,7 +8568,6 @@ spec: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. - More info: https://examples.k8s.io/volumes/rbd/README.md type: object required: - image diff --git a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-installplans.crd.yaml b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-installplans.crd.yaml index 3fd8618308..08f6701336 100644 --- a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-installplans.crd.yaml +++ b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-installplans.crd.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.18.0 + controller-gen.kubebuilder.io/version: v0.19.0 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" capability.openshift.io/name: "OperatorLifecycleManager" diff --git a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-olmconfigs.crd.yaml b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-olmconfigs.crd.yaml index d050561f88..ec2291246b 100644 --- a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-olmconfigs.crd.yaml +++ b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-olmconfigs.crd.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.18.0 + controller-gen.kubebuilder.io/version: v0.19.0 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" capability.openshift.io/name: "OperatorLifecycleManager" diff --git a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-operatorconditions.crd.yaml b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-operatorconditions.crd.yaml index 8b57b2927c..2f5a208669 100644 --- a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-operatorconditions.crd.yaml +++ b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-operatorconditions.crd.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.18.0 + controller-gen.kubebuilder.io/version: v0.19.0 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" capability.openshift.io/name: "OperatorLifecycleManager" diff --git a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-operatorgroups.crd.yaml b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-operatorgroups.crd.yaml index 72847359aa..acf2160ddc 100644 --- a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-operatorgroups.crd.yaml +++ b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-operatorgroups.crd.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.18.0 + controller-gen.kubebuilder.io/version: v0.19.0 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" capability.openshift.io/name: "OperatorLifecycleManager" diff --git a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-operators.crd.yaml b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-operators.crd.yaml index 5a0e2ba520..c571a3264a 100644 --- a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-operators.crd.yaml +++ b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-operators.crd.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.18.0 + controller-gen.kubebuilder.io/version: v0.19.0 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" capability.openshift.io/name: "OperatorLifecycleManager" diff --git a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-subscriptions.crd.yaml b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-subscriptions.crd.yaml index b093a12ef5..87ce80f720 100644 --- a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-subscriptions.crd.yaml +++ b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-subscriptions.crd.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.18.0 + controller-gen.kubebuilder.io/version: v0.19.0 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" capability.openshift.io/name: "OperatorLifecycleManager" @@ -622,8 +622,8 @@ spec: most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + compute a sum by iterating through the elements of this field and subtracting + "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. type: array items: @@ -972,7 +972,9 @@ spec: - name properties: name: - description: Name of the environment variable. Must be a C_IDENTIFIER. + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. type: string value: description: |- @@ -1027,6 +1029,42 @@ spec: description: Path of the field to select in the specified API version. type: string x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + type: object + required: + - key + - path + - volumeName + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + default: false + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing the env file. + type: string + x-kubernetes-map-type: atomic resourceFieldRef: description: |- Selects a resource of the container: only resources limits and requests @@ -1102,7 +1140,9 @@ spec: type: boolean x-kubernetes-map-type: atomic prefix: - description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. + description: |- + Optional text to prepend to the name of each environment variable. + May consist of any printable ASCII characters except '='. type: string secretRef: description: The Secret to select from @@ -1141,7 +1181,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1991,15 +2031,13 @@ spec: volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass - will be applied to the claim but it's not allowed to reset this field to empty string once it is set. - If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller if it exists. + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -2168,16 +2206,13 @@ spec: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. - More info: https://examples.k8s.io/volumes/glusterfs/README.md type: object required: - endpoints - path properties: endpoints: - description: |- - endpoints is the endpoint name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + description: endpoints is the endpoint name that details Glusterfs topology. type: string path: description: |- @@ -2252,7 +2287,7 @@ spec: description: |- iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md + More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi type: object required: - iqn @@ -2645,6 +2680,110 @@ spec: type: string x-kubernetes-map-type: atomic x-kubernetes-list-type: atomic + podCertificate: + description: |- + Projects an auto-rotating credential bundle (private key and certificate + chain) that the pod can use either as a TLS client or server. + + Kubelet generates a private key and uses it to send a + PodCertificateRequest to the named signer. Once the signer approves the + request and issues a certificate chain, Kubelet writes the key and + certificate chain to the pod filesystem. The pod does not start until + certificates have been issued for each podCertificate projected volume + source in its spec. + + Kubelet will begin trying to rotate the certificate at the time indicated + by the signer using the PodCertificateRequest.Status.BeginRefreshAt + timestamp. + + Kubelet can write a single file, indicated by the credentialBundlePath + field, or separate files, indicated by the keyPath and + certificateChainPath fields. + + The credential bundle is a single file in PEM format. The first PEM + entry is the private key (in PKCS#8 format), and the remaining PEM + entries are the certificate chain issued by the signer (typically, + signers will return their certificate chain in leaf-to-root order). + + Prefer using the credential bundle format, since your application code + can read it atomically. If you use keyPath and certificateChainPath, + your application must make two separate file reads. If these coincide + with a certificate rotation, it is possible that the private key and leaf + certificate you read may not correspond to each other. Your application + will need to check for this condition, and re-read until they are + consistent. + + The named signer controls chooses the format of the certificate it + issues; consult the signer implementation's documentation to learn how to + use the certificates it issues. + type: object + required: + - keyType + - signerName + properties: + certificateChainPath: + description: |- + Write the certificate chain at this path in the projected volume. + + Most applications should use credentialBundlePath. When using keyPath + and certificateChainPath, your application needs to check that the key + and leaf certificate are consistent, because it is possible to read the + files mid-rotation. + type: string + credentialBundlePath: + description: |- + Write the credential bundle at this path in the projected volume. + + The credential bundle is a single file that contains multiple PEM blocks. + The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private + key. + + The remaining blocks are CERTIFICATE blocks, containing the issued + certificate chain from the signer (leaf and any intermediates). + + Using credentialBundlePath lets your Pod's application code make a single + atomic read that retrieves a consistent key and certificate chain. If you + project them to separate files, your application code will need to + additionally check that the leaf certificate was issued to the key. + type: string + keyPath: + description: |- + Write the key at this path in the projected volume. + + Most applications should use credentialBundlePath. When using keyPath + and certificateChainPath, your application needs to check that the key + and leaf certificate are consistent, because it is possible to read the + files mid-rotation. + type: string + keyType: + description: |- + The type of keypair Kubelet will generate for the pod. + + Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", + "ECDSAP521", and "ED25519". + type: string + maxExpirationSeconds: + description: |- + maxExpirationSeconds is the maximum lifetime permitted for the + certificate. + + Kubelet copies this value verbatim into the PodCertificateRequests it + generates for this projection. + + If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver + will reject values shorter than 3600 (1 hour). The maximum allowable + value is 7862400 (91 days). + + The signer implementation is then free to issue a certificate with any + lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 + seconds (1 hour). This constraint is enforced by kube-apiserver. + `kubernetes.io` signers will never issue certificates with a lifetime + longer than 24 hours. + type: integer + format: int32 + signerName: + description: Kubelet's generated CSRs will be addressed to this signer. + type: string secret: description: secret information about the secret data to project type: object @@ -2771,7 +2910,6 @@ spec: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. - More info: https://examples.k8s.io/volumes/rbd/README.md type: object required: - image diff --git a/assets/optional/operator-lifecycle-manager/0000_50_olm_02-olm-operator.serviceaccount.yaml b/assets/optional/operator-lifecycle-manager/0000_50_olm_02-olm-operator.serviceaccount.yaml index 8e9ea5f101..febe778850 100644 --- a/assets/optional/operator-lifecycle-manager/0000_50_olm_02-olm-operator.serviceaccount.yaml +++ b/assets/optional/operator-lifecycle-manager/0000_50_olm_02-olm-operator.serviceaccount.yaml @@ -24,6 +24,18 @@ rules: verbs: ["watch", "list", "get", "create", "update", "patch", "delete", "deletecollection", "escalate", "bind"] - nonResourceURLs: ["*"] verbs: ["*"] + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create - apiGroups: - security.openshift.io resources: diff --git a/assets/optional/operator-lifecycle-manager/0000_50_olm_07-olm-operator.deployment.yaml b/assets/optional/operator-lifecycle-manager/0000_50_olm_07-olm-operator.deployment.yaml index e9ad66d461..a6ba1bfc02 100644 --- a/assets/optional/operator-lifecycle-manager/0000_50_olm_07-olm-operator.deployment.yaml +++ b/assets/optional/operator-lifecycle-manager/0000_50_olm_07-olm-operator.deployment.yaml @@ -34,7 +34,7 @@ spec: secretName: olm-operator-serving-cert - name: profile-collector-cert secret: - secretName: pprof-cert + secretName: olm-operator-serving-cert - name: tmpfs emptyDir: {} containers: diff --git a/assets/optional/operator-lifecycle-manager/0000_50_olm_08-catalog-operator.deployment.yaml b/assets/optional/operator-lifecycle-manager/0000_50_olm_08-catalog-operator.deployment.yaml index ef3c9c95e7..db08341cc7 100644 --- a/assets/optional/operator-lifecycle-manager/0000_50_olm_08-catalog-operator.deployment.yaml +++ b/assets/optional/operator-lifecycle-manager/0000_50_olm_08-catalog-operator.deployment.yaml @@ -34,7 +34,7 @@ spec: secretName: catalog-operator-serving-cert - name: profile-collector-cert secret: - secretName: pprof-cert + secretName: catalog-operator-serving-cert - name: tmpfs emptyDir: {} containers: diff --git a/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml b/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml index 3cdb2edfeb..fc6757ca53 100644 --- a/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml +++ b/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml @@ -2,10 +2,10 @@ images: - name: quay.io/operator-framework/olm newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:675ab2f26ccb0b60971b102429fc8ff448231b1dfa4c7d6b745cc183d8d843f4 + digest: sha256:5289d54d6a6e45835273b88d9ada86f4494e1e73ff0ba7472cba90caac9bbbd3 - name: quay.io/operator-framework/configmap-operator-registry newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:82ae682ebab11368ea3ca6b82f3a79b492ee990aacc9e762d3e3a59916b6f421 + digest: sha256:6223f2deebd9c3fe13de8f5b7616803f48902b2f4a7da53b824c44065c831beb - name: quay.io/openshift/origin-kube-rbac-proxy newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev digest: sha256:e23547bdd86a1dff7b18777373ed30f9912809bb1405ae1efda402f24cf58d34 @@ -16,12 +16,12 @@ patches: path: /spec/template/spec/containers/0/env/- value: name: OPERATOR_REGISTRY_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:82ae682ebab11368ea3ca6b82f3a79b492ee990aacc9e762d3e3a59916b6f421 + value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6223f2deebd9c3fe13de8f5b7616803f48902b2f4a7da53b824c44065c831beb - op: add path: /spec/template/spec/containers/0/env/- value: name: OLM_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:675ab2f26ccb0b60971b102429fc8ff448231b1dfa4c7d6b745cc183d8d843f4 + value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5289d54d6a6e45835273b88d9ada86f4494e1e73ff0ba7472cba90caac9bbbd3 target: kind: Deployment labelSelector: app=catalog-operator diff --git a/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml b/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml index a58e3f0296..698e3a84d2 100644 --- a/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml +++ b/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml @@ -2,10 +2,10 @@ images: - name: quay.io/operator-framework/olm newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:f0d90fa6e41d021e34e5316caf8744c2f100179aca18ec1e1b68fe7ebbe43aa4 + digest: sha256:3063999ff44535a069c880fc97674d7f427bd7def3b2105373c5136dd2f3f02a - name: quay.io/operator-framework/configmap-operator-registry newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:3af384fc22c6d12b5579cc908adf0f5ce69f3f5645a78f4ae3f1bea94f53cc95 + digest: sha256:7163356a108a704d079cfc68be0ede80017654e6c0c73617f8bda5d447e5ae18 - name: quay.io/openshift/origin-kube-rbac-proxy newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev digest: sha256:259964b66399bb8639633b6015a56f69535ce6569b99e3a913296566e4ee860d @@ -16,12 +16,12 @@ patches: path: /spec/template/spec/containers/0/env/- value: name: OPERATOR_REGISTRY_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3af384fc22c6d12b5579cc908adf0f5ce69f3f5645a78f4ae3f1bea94f53cc95 + value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7163356a108a704d079cfc68be0ede80017654e6c0c73617f8bda5d447e5ae18 - op: add path: /spec/template/spec/containers/0/env/- value: name: OLM_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f0d90fa6e41d021e34e5316caf8744c2f100179aca18ec1e1b68fe7ebbe43aa4 + value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3063999ff44535a069c880fc97674d7f427bd7def3b2105373c5136dd2f3f02a target: kind: Deployment labelSelector: app=catalog-operator diff --git a/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json b/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json index 88445bc081..5c0925375e 100644 --- a/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json +++ b/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json @@ -1,10 +1,10 @@ { "release": { - "base": "4.21.0-0.nightly-arm64-2025-10-22-190453" + "base": "4.21.0-0.nightly-arm64-2025-10-26-121625" }, "images": { - "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:675ab2f26ccb0b60971b102429fc8ff448231b1dfa4c7d6b745cc183d8d843f4", - "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:82ae682ebab11368ea3ca6b82f3a79b492ee990aacc9e762d3e3a59916b6f421", + "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5289d54d6a6e45835273b88d9ada86f4494e1e73ff0ba7472cba90caac9bbbd3", + "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6223f2deebd9c3fe13de8f5b7616803f48902b2f4a7da53b824c44065c831beb", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e23547bdd86a1dff7b18777373ed30f9912809bb1405ae1efda402f24cf58d34" } } diff --git a/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json b/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json index 426366a137..f487f3a7a9 100644 --- a/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json +++ b/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json @@ -1,10 +1,10 @@ { "release": { - "base": "4.21.0-0.nightly-2025-10-22-123727" + "base": "4.21.0-0.nightly-2025-10-26-145358" }, "images": { - "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f0d90fa6e41d021e34e5316caf8744c2f100179aca18ec1e1b68fe7ebbe43aa4", - "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3af384fc22c6d12b5579cc908adf0f5ce69f3f5645a78f4ae3f1bea94f53cc95", + "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3063999ff44535a069c880fc97674d7f427bd7def3b2105373c5136dd2f3f02a", + "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7163356a108a704d079cfc68be0ede80017654e6c0c73617f8bda5d447e5ae18", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:259964b66399bb8639633b6015a56f69535ce6569b99e3a913296566e4ee860d" } } diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 73177d08dd..e5d0aa8ca4 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,15 +1,15 @@ { "release": { - "base": "4.21.0-0.nightly-arm64-2025-10-22-190453" + "base": "4.21.0-0.nightly-arm64-2025-10-26-121625" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c2d5aef83e6593010c8c7f5c109cc50c7533b0e17d6d7efc569dee973f55c217", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f3594e7a15bb3f5cc802e29fdc8e525c67418dff144150fb4ba0a41863bef738", "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3f640a67eab56e0efcc548b63f5222df9cd3ee667d909f46667f49443bf1724", "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d7b2278ba99bd192d57fe7b1820d47e2ace732670dfa63e4ed0fd2a2de52785f", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e23547bdd86a1dff7b18777373ed30f9912809bb1405ae1efda402f24cf58d34", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9a9e1e2dff0b52b366036024ecaff25903baab14b03a6b9daba74f6dc9b66441", + "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a637267f6e2a065d101e1b83b0461a0f5e84f043c52113f2c1f40145f8d92f00", "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d7c72ef1887f087f42100c06991c22fd7d2c12cac7bdc6178e831157af76fe5b", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:da8665e8c39870474a0c74ca9b1921485ef1ae4f7938ec23ba241a9c78bc3629", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8150adb311effa478bff39ac25f6eadfba9db12aa09669e048dbbc1d6fd67cba", "lvms_operator": "registry.redhat.io/lvms4/lvms-rhel9-operator@sha256:3766640b19c336b443619ecdb35f36b479c79ea71b21de97febf024a5eaf6c84", "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fcb366668e4476783e973250c5056a575f5581926f1168c6164580977139ca05" } diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 6cf5e9ef0d..4e2a2f94e6 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,15 +1,15 @@ { "release": { - "base": "4.21.0-0.nightly-2025-10-22-123727" + "base": "4.21.0-0.nightly-2025-10-26-145358" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:32fc8d00b3f473d083d2ae82b63af087e7526d9ae941de388fb31f40a85522e3", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:491b7215b2ffbdeba1fed69677c0955dc653d109c0ec55f9b980597842d1654c", "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7d880ec2bc1f2e70d60c1fc91af0fedb8ff2ee5261ead5356efa60c95d3ee5d6", "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:086b4263895663cbc94544e41ac197ee96ba661379a498733e1f65f5ce53f1c8", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:259964b66399bb8639633b6015a56f69535ce6569b99e3a913296566e4ee860d", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ad19c1f0010ebcda83c0f0e9f0b2618f0ccd4353388c8ce668c036a153dc70ab", + "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9e7fe983fc4505fa729372f2dc0c6b39504fe853f7f0846204467c957fff639c", "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:001da71234c34cc1a0f6b7e8a20de88a2277a71787d0b8c04d80722e9e146af9", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:524ab36ed6dcf33c49ee2929e1fd138817373b4b3231c36139b05a3daec4d77d", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2a6892c392d86391d9628f5b5ce6e58bafdf6a3d6da6f7b5ea581ed173c8cccc", "lvms_operator": "registry.redhat.io/lvms4/lvms-rhel9-operator@sha256:58804d8baf922927b66cec9424d431a3bdb341d207024ce40cc8f0123bac03ee", "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:716e6e57400be2b54fb0ff785b20211730b0d4fb6af4ee0510925c5bfaf66103" } diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index a923bffb0e..7efa53aced 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,68 +1,114 @@ -- api embedded-component 5050707b5937d28133772a29825169e578310d2c to 8c9accafe91dd14148940fa3f3a71293184f0ab7 - - d96bf861 2025-10-21T11:29:27+02:00 Add MutableCSINodeAllocatableCount to Dev- and TechPreview - - d573f822 2025-10-19T20:35:36+02:00 Switch to invoking codegen once in general updates - - aea1b9ac 2025-10-16T10:41:07+02:00 `route`: improve `.spec.tls.termination` doc - - 63691f42 2025-10-14T15:09:48+01:00 Add IngressController .spec.domain API validation - - f28546a1 2025-09-22T13:30:42+02:00 Promote OLMv1 Webhook support to GA +- api embedded-component 8c9accafe91dd14148940fa3f3a71293184f0ab7 to 8691c3014652a8ced9d3304efb4a0cd76c3a35b2 + - 58a36590 2025-10-21T20:19:42+01:00 port emptypartialschemas from gengo v1 to v2 + - 0d6a3676 2025-10-21T20:03:00+01:00 codegen: reduce invocations of packages.Load() + - bf909fb9 2025-10-20T09:31:27+01:00 Rename API_GROUP_VERSIONS to API_GROUP_VERSION_PATHS and fix codegen integration + - fca93aff 2025-10-14T17:55:31-04:00 AWS, Azure: Add IPFamily to the PlatformStatus within Infra CR -- cluster-openshift-controller-manager-operator embedded-component da1e14c45093c19bc79e2055c9f4a55efc1cc1a8 to f90be06b151168ff43d53cb5e5ff0c2d2df80186 - - a7b78c8 2025-09-30T17:07:43+00:00 Updating ose-cluster-openshift-controller-manager-operator-container image to be consistent with ART for 4.21 Reconciling with https://github.com/openshift/ocp-build-data/tree/4fbe3fab45239dc4be6f5d9d98a0bf36e0274ec9/images/ose-cluster-openshift-controller-manager-operator.yml +- cluster-kube-apiserver-operator embedded-component adc82f6188f4037a515eeeaa686ce1c1a80894da to 151f2be4e47cc3826b266b16066829f3f4e16a98 + - 439a7b5 2025-10-23T15:56:30+02:00 CNTRLPLANE-1616: add event-ttl config observer + - 3be0d2b 2025-10-22T15:02:55+02:00 scc: restricted-v3: Fix runAsUser range + - 579b31e 2025-10-22T13:03:55+02:00 Update the deprecated API usage alerts for 1.34 + - c434346 2025-10-21T17:58:18+02:00 manifests: Enable user namespace for the operator + - 3d6b08b 2025-10-20T14:31:37+02:00 scc: Grant authenticated users use of restricted-v3 -- machine-config-operator embedded-component 7007a56217125f6b5ea358a520c080c4ac002575 to 06e7b70adfb1e932ebf88cdb225472997b39d367 - - 09b15282 2025-10-17T13:59:19-04:00 msbic: implement CPMS support - - 5e37bd7b 2025-10-17T13:59:19-04:00 vendor: o/api bump - - 6e6477a5 2025-10-17T16:31:10+02:00 OCPBUGS-62925: RHEL10 RT kernel packages filtering - - 8e33af8f 2025-10-17T09:23:04+05:30 OCPNODE-3806: Do not set kernel PSI parameter from MCO - - f3c5ff22 2025-10-17T08:42:21+05:30 OCPNODE-3806: Do not set kernel PSI parameter from MCO - - 108dae43 2025-10-15T10:44:32-04:00 hack: add AMI update automation script +- cluster-network-operator embedded-component a5879759fb042f6c4b26931fa7ef8540244c8660 to c563eb4e4e99f708e6b56da1c3da2c9e797b49fc + - f8a4b09 2025-09-11T14:46:24-04:00 Fixed "null" value for vSphere api and ingress VIP in UPI scenario -- openshift-controller-manager embedded-component 15fc552a73e47ae715f0cf59e3f535e26b43477a to 433bd500afb879dd82e27336359cd4e3051245b0 - - 9fc2342 2025-09-18T19:29:31+00:00 Updating ose-openshift-controller-manager-container image to be consistent with ART for 4.21 Reconciling with https://github.com/openshift/ocp-build-data/tree/22bf27a3a0b8820aa8d338d6be20972a7c5109ca/images/ose-openshift-controller-manager.yml +- machine-config-operator embedded-component 06e7b70adfb1e932ebf88cdb225472997b39d367 to d4827961fb1f4d4e6ed882c1a84d96a3addc57fe + - b938d417 2025-10-23T15:21:15+02:00 OCPBUGS-61714: Create temporal allow policy -- operator-framework-olm embedded-component bdc0d750909a7cea17b087f53bcaa01d449638f1 to a0b88f9ab6a32f679336a7b974b03895f7af8c19 - - 2257debf 2025-10-17T11:22:40+08:00 migrate opm cases to OTE +- operator-framework-olm embedded-component a0b88f9ab6a32f679336a7b974b03895f7af8c19 to 25904d88f5a7c13e7fd24c62a3df17719ba2ae83 + - 6e79ccc1 2025-10-24T10:10:22-04:00 OCPBUGS-59768: Enable authenticated metrics endpoints with OpenShift service-ca + - b7cbf38a 2025-10-24T10:10:22-04:00 NO-ISSUE: update openshift/* dependencies + - 8c4b0696 2025-10-24T10:10:22-04:00 OPRUN-4202: remove google.golang.org/grpc pin + - 433213c3 2025-10-24T13:29:35+00:00 Bump the k8s-dependencies group with 5 updates (#451) + - 3f189fb0 2025-10-24T13:28:53+00:00 Bump the k8s-dependencies group with 5 updates (#447) + - 712ddb62 2025-10-24T13:28:39+00:00 Bump actions/stale from 9 to 10 (#450) + - c7240f3c 2025-10-24T13:28:25+00:00 Bump actions/setup-go from 5 to 6 (#449) + - df5257ab 2025-10-24T13:28:12+00:00 Bump github.com/google/cel-go from 0.26.0 to 0.26.1 (#448) + - e6d7c219 2025-10-24T13:27:58+00:00 Bump github.com/stretchr/testify from 1.11.0 to 1.11.1 (#446) + - c63647b6 2025-10-24T13:27:45+00:00 Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#445) + - 3eb94ae8 2025-10-24T13:27:29+00:00 update o-f/api as prep for release (#1806) + - 8c20d32c 2025-10-24T13:27:14+00:00 release/goreleaser.opm.Dockerfile: parameterize grpc-health-probe version (#1801) + - 8ae79272 2025-10-24T13:26:59+00:00 Add PodMonitor to supported resources (#1795) + - 09804a8b 2025-10-24T13:26:44+00:00 Bump the k8s-dependencies group across 1 directory with 6 updates (#1772) + - 98efe7a9 2025-10-24T13:26:28+00:00 fix: Use rest.HTTPClientFor to create TLS-configured client for metrics authentication (#3686) + - c79dcb6c 2025-10-24T13:26:13+00:00 Fix ServiceMonitor RBAC for authenticated metrics endpoints (#3681) + - 8f75c797 2025-10-24T13:25:57+00:00 Fix container image short names for OpenShift compatibility (#3685) + - d79ced4a 2025-10-24T13:25:42+00:00 Fix TOCTOU race condition in ensureInstallPlan (#3682) + - be32bfc9 2025-10-24T13:25:25+00:00 :seedling: Bump go.podman.io/image/v5 from 5.37.0 to 5.38.0 (#3680) + - 677ca76e 2025-10-24T13:25:07+00:00 Add OpenShift service-ca support for authenticated metrics endpoints (#3677) + - c0fb4d50 2025-10-24T13:24:50+00:00 Add AGENTS.md (#3678) + - 723f39e3 2025-10-24T13:24:34+00:00 Remove use of retracted o/api version (#3679) + - 6411902b 2025-10-24T13:24:19+00:00 :seedling: Bump golang.org/x/time from 0.13.0 to 0.14.0 (#3674) + - c848db3a 2025-10-24T13:24:03+00:00 :seedling: Bump github.com/prometheus/common from 0.66.1 to 0.67.1 (#3673) + - 833e7a8e 2025-10-24T13:23:47+00:00 :seedling: Bump sigs.k8s.io/controller-runtime (#3672) + - 51a9332d 2025-10-24T13:23:30+00:00 bump o-f deps (#3662) + - f1f68cb4 2025-10-24T13:23:14+00:00 Secure metrics endpoint with cntrlr-runtime metrics authz mechanics (#3660) + - 8f7b95ad 2025-10-24T13:22:59+00:00 :seedling: Bump the k8s-dependencies group across 1 directory with 2 updates (#3671) + - 9ed1f2a3 2025-10-24T13:22:43+00:00 🌱 Bump github.com/operator-framework/api from 0.34.0 to 0.35.0 (#3670) + - 486a9d59 2025-10-24T13:22:20+00:00 :seedling: Bump github.com/onsi/ginkgo/v2 from 2.25.3 to 2.26.0 (#3667) + - c915edad 2025-10-24T13:22:04+00:00 :seedling: Bump google.golang.org/grpc from 1.75.1 to 1.76.0 (#3665) + - 0b58c050 2025-10-24T13:21:47+00:00 :seedling: Bump the k8s-dependencies group with 10 updates (#3638) + - a63e791a 2025-10-21T17:04:30+08:00 Define AI Guide for OLMv0 QE cases + - dd297420 2025-10-17T12:13:10-04:00 Update verify_commits.sh to use main branch -- oc image-amd64 672ff624b7d2523487d4f06565099949c625d43c to 8836b6630483cfa28ad2e092dbcf9cf7f241f064 - - bf9e2d9d 2025-10-20T18:33:31+03:00 Update version tags to 1.34.1 - - 6976ded4 2025-10-20T18:33:31+03:00 Use renamed ObjectGoPrintSideBySide function - - 42cd2fae 2025-10-20T18:33:25+03:00 React to upstream changes - - fbd00148 2025-10-20T17:37:07+03:00 Update openshift library depedencies to latest - - f8052d09 2025-10-20T17:33:36+03:00 Update golang.org/x dependencies to latest - - 36326dae 2025-10-20T17:31:36+03:00 Update k8s dependencies to 1.34.1 - - b89c9f92 2025-10-16T16:25:06+02:00 Pass dry-run option to all create API calls - - 9e4292b2 2025-10-15T12:13:44+03:00 Escape characters in url - - 9bb4d77d 2025-10-15T11:42:24+03:00 Adjust logs per verbosity - - 7c0e97b4 2025-10-15T11:42:23+03:00 Use aws native user-agent assignment - - ba1a7d1f 2025-10-15T11:42:23+03:00 Update to newer versions of aws-sdk-go-v2 - - c9ca4065 2025-10-15T11:42:23+03:00 Make respective changes for the new sdk - - 4ad945c9 2025-10-15T11:42:23+03:00 Migrate to aws-sdk-go-v2 - - cb28d277 2025-10-02T15:13:31-07:00 pkg/cli/admin/upgrade/recommend: Drop obsolete precheckEnabled knob +- service-ca-operator embedded-component e5d65c6f6b1446b77e0e915d64825d97be9c06de to b4fbf5e3cbf4455343a6682b9e3792244120454d + - 95535a2 2025-10-23T19:26:56+08:00 Created an OWNERS file for the tests-extension directory -- kube-rbac-proxy image-amd64 b9134351be37c43408334047d8eb85d0ac01fe4e to cd636680e06a55395c26570dff0cb37277014388 - - 93afe4a 2025-09-06T05:04:06+00:00 Updating kube-rbac-proxy-container image to be consistent with ART for 4.21 Reconciling with https://github.com/openshift/ocp-build-data/tree/5c68d71385f72cd67a199bc4590068053a833c7d/images/kube-rbac-proxy.yml +- oc image-amd64 8836b6630483cfa28ad2e092dbcf9cf7f241f064 to 18719cca1fc8abae4c120e85b46696961406cc29 + - 68cf5594 2025-10-23T20:46:54+03:00 Add pr-review Claude command and effective-go skills -- ovn-kubernetes image-amd64 3f971b1c061a775aedee0e9a06ab2a2a31bc64cc to a573f44ea6bb5f3eb3c507a628cddc55039be303 - - c0a8426b 2025-09-30T23:36:23+00:00 Updating ovn-kubernetes-microshift-container image to be consistent with ART for 4.21 Reconciling with https://github.com/openshift/ocp-build-data/tree/4fbe3fab45239dc4be6f5d9d98a0bf36e0274ec9/images/ovn-kubernetes-microshift.yml +- ovn-kubernetes image-amd64 a573f44ea6bb5f3eb3c507a628cddc55039be303 to 7dd6e74d49a194a146c331bcea0a88a524ecfcf7 + - fed12251 2025-10-20T14:45:07+02:00 Resolve merge conflicts + - c74e67eb 2025-10-17T17:29:35+02:00 [okep: layer2 router topology] Add clarification for joinIP routes. + - 2afbaf6a 2025-10-17T11:09:26+02:00 Skip Pending pods in EgressIP status updates + - 76f6439d 2025-10-15T18:02:45+02:00 Reintroduce completed pod check in shouldReleaseDeletedPod + - cd708300 2025-10-15T11:04:57+02:00 E2E service: Add test for named port handling with ETP=Local services + - 8e7b2c6f 2025-10-15T08:24:46+02:00 traffic-flow-tests: update to latest version of k8s-tft + - 628c3c4a 2025-10-14T18:32:55-04:00 Fixes BFD timeout for external gateway E2E + - 2871cdae 2025-10-14T14:05:57-07:00 RunOVSAppctl() doesn't work when ovs is run on host and hostPID is false + - b39031c0 2025-10-14T11:43:54-04:00 Increase single target attempts + - 1ed9749f 2025-10-14T16:20:44+01:00 chore: Remove SetTaintOnNode + - 2fff3669 2025-10-13T22:35:55+02:00 E2E service: Fix potential flake in conn to an ext IP using src port + - 651759c5 2025-10-13T22:35:55+02:00 E2E service: Move checkNumberOf.. to util.go + - 282b01ec 2025-10-13T22:35:55+02:00 Extends unit test coverage for named port handling in ETP local + - 06515935 2025-10-13T22:35:54+02:00 Fix named port handling in externalTrafficPolicy Local services + - cde88f27 2025-10-13T03:23:35+00:00 The expect expectedEndpointsNum should be 2 times endpoints for dualstack cluster + - 65e44a73 2025-10-11T09:27:16+00:00 unskip cases as bug is verified + - 317bdd67 2025-10-09T10:14:09+02:00 Enable ovn-ci workflow on release branches + - d4136ccf 2025-09-30T23:00:39+00:00 fix: list allowed values for --platform-type option + - a9d76d66 2025-09-30T20:45:30+00:00 fix: --logfile-maxsize is in megabytes, not bytes + - d3850302 2025-09-30T18:03:17+00:00 chore: Remove --pod-ip option -- oc image-arm64 672ff624b7d2523487d4f06565099949c625d43c to 8836b6630483cfa28ad2e092dbcf9cf7f241f064 - - bf9e2d9d 2025-10-20T18:33:31+03:00 Update version tags to 1.34.1 - - 6976ded4 2025-10-20T18:33:31+03:00 Use renamed ObjectGoPrintSideBySide function - - 42cd2fae 2025-10-20T18:33:25+03:00 React to upstream changes - - fbd00148 2025-10-20T17:37:07+03:00 Update openshift library depedencies to latest - - f8052d09 2025-10-20T17:33:36+03:00 Update golang.org/x dependencies to latest - - 36326dae 2025-10-20T17:31:36+03:00 Update k8s dependencies to 1.34.1 - - b89c9f92 2025-10-16T16:25:06+02:00 Pass dry-run option to all create API calls - - 9e4292b2 2025-10-15T12:13:44+03:00 Escape characters in url - - 9bb4d77d 2025-10-15T11:42:24+03:00 Adjust logs per verbosity - - 7c0e97b4 2025-10-15T11:42:23+03:00 Use aws native user-agent assignment - - ba1a7d1f 2025-10-15T11:42:23+03:00 Update to newer versions of aws-sdk-go-v2 - - c9ca4065 2025-10-15T11:42:23+03:00 Make respective changes for the new sdk - - 4ad945c9 2025-10-15T11:42:23+03:00 Migrate to aws-sdk-go-v2 - - cb28d277 2025-10-02T15:13:31-07:00 pkg/cli/admin/upgrade/recommend: Drop obsolete precheckEnabled knob +- service-ca-operator image-amd64 e5d65c6f6b1446b77e0e915d64825d97be9c06de to b4fbf5e3cbf4455343a6682b9e3792244120454d + - 95535a2 2025-10-23T19:26:56+08:00 Created an OWNERS file for the tests-extension directory -- kube-rbac-proxy image-arm64 b9134351be37c43408334047d8eb85d0ac01fe4e to cd636680e06a55395c26570dff0cb37277014388 - - 93afe4a 2025-09-06T05:04:06+00:00 Updating kube-rbac-proxy-container image to be consistent with ART for 4.21 Reconciling with https://github.com/openshift/ocp-build-data/tree/5c68d71385f72cd67a199bc4590068053a833c7d/images/kube-rbac-proxy.yml +- oc image-arm64 8836b6630483cfa28ad2e092dbcf9cf7f241f064 to 18719cca1fc8abae4c120e85b46696961406cc29 + - 68cf5594 2025-10-23T20:46:54+03:00 Add pr-review Claude command and effective-go skills -- ovn-kubernetes image-arm64 3f971b1c061a775aedee0e9a06ab2a2a31bc64cc to a573f44ea6bb5f3eb3c507a628cddc55039be303 - - c0a8426b 2025-09-30T23:36:23+00:00 Updating ovn-kubernetes-microshift-container image to be consistent with ART for 4.21 Reconciling with https://github.com/openshift/ocp-build-data/tree/4fbe3fab45239dc4be6f5d9d98a0bf36e0274ec9/images/ovn-kubernetes-microshift.yml +- ovn-kubernetes image-arm64 a573f44ea6bb5f3eb3c507a628cddc55039be303 to 7dd6e74d49a194a146c331bcea0a88a524ecfcf7 + - fed12251 2025-10-20T14:45:07+02:00 Resolve merge conflicts + - c74e67eb 2025-10-17T17:29:35+02:00 [okep: layer2 router topology] Add clarification for joinIP routes. + - 2afbaf6a 2025-10-17T11:09:26+02:00 Skip Pending pods in EgressIP status updates + - 76f6439d 2025-10-15T18:02:45+02:00 Reintroduce completed pod check in shouldReleaseDeletedPod + - cd708300 2025-10-15T11:04:57+02:00 E2E service: Add test for named port handling with ETP=Local services + - 8e7b2c6f 2025-10-15T08:24:46+02:00 traffic-flow-tests: update to latest version of k8s-tft + - 628c3c4a 2025-10-14T18:32:55-04:00 Fixes BFD timeout for external gateway E2E + - 2871cdae 2025-10-14T14:05:57-07:00 RunOVSAppctl() doesn't work when ovs is run on host and hostPID is false + - b39031c0 2025-10-14T11:43:54-04:00 Increase single target attempts + - 1ed9749f 2025-10-14T16:20:44+01:00 chore: Remove SetTaintOnNode + - 2fff3669 2025-10-13T22:35:55+02:00 E2E service: Fix potential flake in conn to an ext IP using src port + - 651759c5 2025-10-13T22:35:55+02:00 E2E service: Move checkNumberOf.. to util.go + - 282b01ec 2025-10-13T22:35:55+02:00 Extends unit test coverage for named port handling in ETP local + - 06515935 2025-10-13T22:35:54+02:00 Fix named port handling in externalTrafficPolicy Local services + - cde88f27 2025-10-13T03:23:35+00:00 The expect expectedEndpointsNum should be 2 times endpoints for dualstack cluster + - 65e44a73 2025-10-11T09:27:16+00:00 unskip cases as bug is verified + - 317bdd67 2025-10-09T10:14:09+02:00 Enable ovn-ci workflow on release branches + - d4136ccf 2025-09-30T23:00:39+00:00 fix: list allowed values for --platform-type option + - a9d76d66 2025-09-30T20:45:30+00:00 fix: --logfile-maxsize is in megabytes, not bytes + - d3850302 2025-09-30T18:03:17+00:00 chore: Remove --pod-ip option + +- service-ca-operator image-arm64 e5d65c6f6b1446b77e0e915d64825d97be9c06de to b4fbf5e3cbf4455343a6682b9e3792244120454d + - 95535a2 2025-10-23T19:26:56+08:00 Created an OWNERS file for the tests-extension directory diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index e6678447ac..cdbccaddd8 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -1,35 +1,35 @@ -https://github.com/openshift/api embedded-component 8c9accafe91dd14148940fa3f3a71293184f0ab7 +https://github.com/openshift/api embedded-component 8691c3014652a8ced9d3304efb4a0cd76c3a35b2 https://github.com/openshift/cluster-csi-snapshot-controller-operator embedded-component b022cf72ba3b4e982626d6d0b80bd53064bbe6ee https://github.com/openshift/cluster-dns-operator embedded-component 2ec8a3de79d73760abbccdbcbbf9951fc93097cd https://github.com/openshift/cluster-ingress-operator embedded-component 0cac97af560a68a5f5c0390a529726eb43556d51 -https://github.com/openshift/cluster-kube-apiserver-operator embedded-component adc82f6188f4037a515eeeaa686ce1c1a80894da +https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 151f2be4e47cc3826b266b16066829f3f4e16a98 https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component ffe5113eb88f384981fdeff599f22599e11a9d7c https://github.com/openshift/cluster-kube-scheduler-operator embedded-component 10d89b53f7ddcf0ee45f838c1a43e408074343e6 -https://github.com/openshift/cluster-network-operator embedded-component a5879759fb042f6c4b26931fa7ef8540244c8660 +https://github.com/openshift/cluster-network-operator embedded-component c563eb4e4e99f708e6b56da1c3da2c9e797b49fc https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component f90be06b151168ff43d53cb5e5ff0c2d2df80186 https://github.com/openshift/cluster-policy-controller embedded-component ef703966fe6e82f5f255b06bc5c758f105bf8b28 https://github.com/openshift/csi-external-snapshotter embedded-component 15313fb28f5c42e4b896928478652768225692a6 https://github.com/openshift/etcd embedded-component e2b3dfdf037938f7f0c489438eaa1138fd3fadba https://github.com/openshift/kubernetes embedded-component 96593f323733d9ffc0fc70257ecad44a56df0ce3 https://github.com/openshift/kubernetes-kube-storage-version-migrator embedded-component ce5ff17e9a81ce754567e6dd5053d13409c251e9 -https://github.com/openshift/machine-config-operator embedded-component 06e7b70adfb1e932ebf88cdb225472997b39d367 +https://github.com/openshift/machine-config-operator embedded-component d4827961fb1f4d4e6ed882c1a84d96a3addc57fe https://github.com/openshift/openshift-controller-manager embedded-component 433bd500afb879dd82e27336359cd4e3051245b0 -https://github.com/openshift/operator-framework-olm embedded-component a0b88f9ab6a32f679336a7b974b03895f7af8c19 +https://github.com/openshift/operator-framework-olm embedded-component 25904d88f5a7c13e7fd24c62a3df17719ba2ae83 https://github.com/openshift/route-controller-manager embedded-component c337cf413bbbfc2154dc1d3c1bf8007ea1edfbc8 -https://github.com/openshift/service-ca-operator embedded-component e5d65c6f6b1446b77e0e915d64825d97be9c06de -https://github.com/openshift/oc image-amd64 8836b6630483cfa28ad2e092dbcf9cf7f241f064 +https://github.com/openshift/service-ca-operator embedded-component b4fbf5e3cbf4455343a6682b9e3792244120454d +https://github.com/openshift/oc image-amd64 18719cca1fc8abae4c120e85b46696961406cc29 https://github.com/openshift/coredns image-amd64 91ae57f91e0bba5fc4fdb816e1f1cea633b3a8b5 https://github.com/openshift/csi-external-snapshotter image-amd64 15313fb28f5c42e4b896928478652768225692a6 https://github.com/openshift/router image-amd64 526b4d0ad4cd9d44b43e2585b3415e513fbaf3da https://github.com/openshift/kube-rbac-proxy image-amd64 cd636680e06a55395c26570dff0cb37277014388 -https://github.com/openshift/ovn-kubernetes image-amd64 a573f44ea6bb5f3eb3c507a628cddc55039be303 +https://github.com/openshift/ovn-kubernetes image-amd64 7dd6e74d49a194a146c331bcea0a88a524ecfcf7 https://github.com/openshift/kubernetes image-amd64 96593f323733d9ffc0fc70257ecad44a56df0ce3 -https://github.com/openshift/service-ca-operator image-amd64 e5d65c6f6b1446b77e0e915d64825d97be9c06de -https://github.com/openshift/oc image-arm64 8836b6630483cfa28ad2e092dbcf9cf7f241f064 +https://github.com/openshift/service-ca-operator image-amd64 b4fbf5e3cbf4455343a6682b9e3792244120454d +https://github.com/openshift/oc image-arm64 18719cca1fc8abae4c120e85b46696961406cc29 https://github.com/openshift/coredns image-arm64 91ae57f91e0bba5fc4fdb816e1f1cea633b3a8b5 https://github.com/openshift/csi-external-snapshotter image-arm64 15313fb28f5c42e4b896928478652768225692a6 https://github.com/openshift/router image-arm64 526b4d0ad4cd9d44b43e2585b3415e513fbaf3da https://github.com/openshift/kube-rbac-proxy image-arm64 cd636680e06a55395c26570dff0cb37277014388 -https://github.com/openshift/ovn-kubernetes image-arm64 a573f44ea6bb5f3eb3c507a628cddc55039be303 +https://github.com/openshift/ovn-kubernetes image-arm64 7dd6e74d49a194a146c331bcea0a88a524ecfcf7 https://github.com/openshift/kubernetes image-arm64 96593f323733d9ffc0fc70257ecad44a56df0ce3 -https://github.com/openshift/service-ca-operator image-arm64 e5d65c6f6b1446b77e0e915d64825d97be9c06de +https://github.com/openshift/service-ca-operator image-arm64 b4fbf5e3cbf4455343a6682b9e3792244120454d diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 12ccf9dc71..64c43f74df 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.21.0-0.nightly-2025-10-22-123727" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.21.0-0.nightly-arm64-2025-10-22-190453" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.21.0-0.nightly-2025-10-26-145358" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.21.0-0.nightly-arm64-2025-10-26-121625"