Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1900579

Summary:	Kubernetes 1.19.2 -> 1.19.4 update
Product:	OpenShift Container Platform	Reporter:	Stefan Schimanski <sttts>
Component:	kube-apiserver	Assignee:	Stefan Schimanski <sttts>
Status:	CLOSED DUPLICATE	QA Contact:	Ke Wang <kewang>
Severity:	high	Docs Contact:
Priority:	unspecified
Version:	4.6.z	CC:	aos-bugs, mfojtik, xxia
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2020-11-23 12:56:14 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Stefan Schimanski 2020-11-23 12:20:13 UTC

The 4.6 z-stream should follow upstream patch releases. From 1.19.2 to 1.19.4 the following notable changes were made:

# Since 1.19.3:

## Bug or Regression
- An issues preventing volume expand controller to annotate the PVC with volume.kubernetes.io/storage-resizer when the PVC StorageClass is already updated to the out-of-tree provisioner is now fixed. (#94489, @ialidzhikov) [SIG API Machinery, Apps and Storage]
- Cloud node controller: handle empty providerID from getProviderID (#95452, @nicolehanjing) [SIG Cloud Provider]
- Disable watchcache for events (#96052, @wojtek-t) [SIG API Machinery]
Disabled LocalStorageCapacityIsolation feature gate is honored during scheduling. (#96140, @Huang-Wei) [SIG Scheduling]
- Fix a bug that Pods with topologySpreadConstraints get scheduled to nodes without required labels. (#95880, @ialidzhikov) [SIG Scheduling]
- Fix azure disk attach failure for disk size bigger than 4TB (#95463, @andyzhangx) [SIG Cloud Provider]
- Fix azure disk data loss issue on Windows when unmount disk (#95456, @andyzhangx) [SIG Cloud Provider and Storage]
- Fixed a bug causing incorrect formatting of kubectl describe ingress. (#94985, @howardjohn) [SIG CLI and Network]
- Fixed a bug in client-go where new clients with customized Dial, Proxy, GetCert config may get stale HTTP transports. (#95427, @roycaihw) [SIG API Machinery]
- Fixed a regression which prevented pods with docker/default seccomp annotations from being created in 1.19 if a PodSecurityPolicy was in place which did not allow runtime/default seccomp profiles. (#95990, @saschagrunert) [SIG Auth]
- Fixed kubelet creating extra sandbox for pods with RestartPolicyOnFailure after all containers succeeded (#92614, @tnqn) [SIG Node and Testing]
- Fixes high CPU usage in kubectl drain (#95260, @amandahla) [SIG CLI]
- If we set SelectPolicy MinPolicySelect on scaleUp behavior or scaleDown behavior,Horizontal Pod Autoscaler doesn`t automatically scale the number of pods correctly (#95647, @JoshuaAndrew) [SIG Apps and Autoscaling]
- Kube-proxy now trims extra spaces found in loadBalancerSourceRanges to match Service validation. (#94107, @robscott) [SIG Network]
- Kubeadm: add missing "--experimental-patches" flag to "kubeadm init phase control-plane" (#95786, @Sh4d1) [SIG Cluster Lifecycle]

# Since 1.19.2:

## Feature
- build: Update to k/repo-infra.1 (supports go1.15.2)
- build: Use go-runner:buster-v2.0.1 (built using go1.15.1)
- bazel: Replace --features with Starlark build settings flag
- hack/lib/util.sh: some bash cleanups
  - switched one spot to use kube::logging
  - make kube::util::find-binary return an error when it doesn't find anything so that hack scripts fail fast instead of with '' binary not found errors.
  - this required deleting some genfeddoc stuff. the binary no longer exists in k/k repo since we removed federation/, and I don't see it in https://github.com/kubernetes-sigs/kubefed/ either. I'm assuming that it's gone for good now.
  - bazel: output go_binary rule directly from go_binary_conditional_pure

    From: @mikedanese: Instead of aliasing. Aliases are annoying in a number of ways. This is specifically bugging me now because they make the action graph harder to analyze programmatically. By using aliases here, we would need to handle potentially aliased go_binary targets and dereference to the effective target.

    The comment references an issue with pure = select(...) which appears to be resolved considering this now builds.

  - make kube::util::find-binary not dependent on bazel-out/ structure

    Implement an aspect that outputs go_build_mode metadata for go binaries, and use that during binary selection. (#94838, @justaugustus) [SIG Architecture, Release and Testing]

## Design
- Prevent logging of docker config contents if file is malformed (#95346, @sfowl) [SIG Auth and Node]

## Bug or Regression
- Do not fail sorting empty elements. (#94666, @soltysh) [SIG CLI]
- Ensure getPrimaryInterfaceID not panic when network interfaces for Azure VMSS are null (#94802, @nilo19) [SIG Cloud Provider]
- Fix azure file migration panic (#94853, @andyzhangx) [SIG Cloud Provider]
- Fix bug where loadbalancer deletion gets stuck because of missing resource group #75198 (#93962, @phiphi282) [SIG Cloud Provider]
- Fix detach azure disk issue when vm not exist (#95177, @andyzhangx) [SIG Cloud Provider]
- Fix etcd_object_counts metric reported by kube-apiserver (#94819, @tkashem) [SIG API Machinery]
- Fix network_programming_latency metric reporting for Endpoints/EndpointSlice deletions, where we don't have correct timestamp (#95363, @wojtek-t) [SIG Network and Scalability]
- Fix scheduler cache snapshot when a Node is deleted before its Pods (#95153, @alculquicondor) [SIG Scheduling]
- Fix the cloudprovider_azure_api_request_duration_seconds metric buckets to correctly capture the latency metrics. Previously, the majority of the calls would fall in the "+Inf" bucket. (#94943, @marwanad) [SIG Cloud Provider and Instrumentation]
- Fix: azure disk resize error if source does not exist (#93011, @andyzhangx) [SIG Cloud Provider]
- Fix: detach azure disk broken on Azure Stack (#94885, @andyzhangx) [SIG Cloud Provider]
- Fixed a bug where improper storage and comparison of endpoints led to excessive API traffic from the endpoints controller (#94937, @damemi) [SIG Apps, Network and Testing]
- Fixed a regression that sometimes prevented kubectl portforward to work when TCP and UDP services were configured on the same port (#94728, @amorenoz) [SIG CLI]
- Fixes a bug where EndpointSlices would not be recreated after rapid Service recreation. (#94730, @robscott) [SIG Apps, Network and Testing]
- Fixes a race condition in kubelet pod handling (#94774, @auxten) [SIG Node]
- Gracefully delete nodes when their parent scale set went missing (#95289, @bpineau) [SIG Cloud Provider]
- Kubeadm: relax the validation of kubeconfig server URLs. Allow the user to define custom kubeconfig server URLs without erroring out during validation of existing kubeconfig files (e.g. when using external CA mode). (#94816, @neolit123) [SIG Cluster Lifecycle]
- Kubeadm: warn but do not error out on missing "ca.key" files for root CA, front-proxy CA and etcd CA, during "kubeadm join --control-plane" if the user has provided all certificates, keys and kubeconfig files which require signing with the given CA keys. (#94988, @neolit123) [SIG Cluster Lifecycle]

## Other (Cleanup or Flake)
- Masks ceph RBD adminSecrets in logs when logLevel >= 4 (#95245, @sfowl) [SIG Storage]
- Vsphere: improve logging message on node cache refresh event (#95236, @andrewsykim) [SIG Cloud Provider]

Comment 1 Stefan Schimanski 2020-11-23 12:20:49 UTC

Here is the source of the changelog:

https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.19.md#changelog-since-v1193
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.19.md#changelog-since-v1192

Comment 2 Stefan Schimanski 2020-11-23 12:56:14 UTC


*** This bug has been marked as a duplicate of bug 1900630 ***