Skip to content

v1.1.5
Compare
Choose a tag to compare
@smarterclayton smarterclayton released this 29 Mar 21:10
· 26888 commits to master since this release
v1.1.5
847f337

IMPORTANT: Issue #8297 prevents regular users from accessing PVCs if you reconcile-cluster-roles. Upgrade to v1.1.6

This is a bug fix release on top of Origin 1.1.x.

Backwards Compatibility

  • Origin v1.1.5 is now compiled on Go 1.6, which may result in changes to runtime GC behavior that may require tuning at high densities and load.
  • Origin v1.1.5 requires Docker 1.8.3 or 1.9.1-23 or higher due to bugs with cGroup limits and systemd.
  • The name of the generator for oc run that creates DeploymentConfigs changed from run/v1 to deploymentconfig/v1 for compatibility with kubectl

Component updates

  • Updated to Kubernetes 1.2.0

Features

  • The new Kubernetes 1.2 ConfigMap resource is now usable. You must run oadm policy reconcile-cluster-roles to grant access to use it for end users.
  • Limits, quotas, and quota scopes are now displayed in the web console

Security and Admin

  • Add quota support to emptydirs - when the quota is enabled on an XFS system, nodes will limit the amount of space any given namespace can use on a node to a fixed upper bound. The quota is tied to the FSGroup of the namespace - administrators can control this value by editing the namespace directly or allowing users to set FSGroup via security context constraints.
  • DaemonSet is now limited to cluster admins because pods running under a daemonset are considered to have higher priority than regular pods, and for regular users on the cluster this could be a security issue.
  • Administrators can prevent clients from accessing the API by their User-Agent header the new userAgentMatching config setting
  • Access to set externalIP on services is now disabled by default, to prevent malicious users from creating services that impersonate other IP addresses in the cluster. Administrators can selectively enable the field for specific IP ranges.
  • The NO_PROXY environment variable will now accept a CIDR in a number of places in the code for controlling which IP ranges bypass the default HTTP proxy settings.
  • Administrators can now enforce the readOnlyRootFilesystem flag via security contexts to require users run without being able to modify the container image
  • Administrators can now limit what volume types users can use directly from within a Pod - by default, regular users are now forbidden from directly mounting any of the remote volume type (they must use a PVC)

Bugs

  • Fixed a performance regression in cAdvisor that resulted in long pauses on Kubelet startup
  • oc edit was not properly displaying all errors when saving an edited resource failed
  • Show more information about persistent volume claims and persistent volumes in a number of places in the CLI and web console
  • Some commands that used the API PATCH command could fail intermittently when they were executed on the server and another user edited at the same time.
  • Warn when trying to import a non-existent tag in oc import-image
  • Show singular pods in the oc status output
  • Router
    • Show more information from the router reload command in the router logs
    • Routes that changed at the same time could compete for being exposed if they were in different namespaces. Made the check for which route gets exposed predictable.
    • Use the health check when restarting the router to ensure the new process is correctly running before continuing
  • Better error in the web console when JavaScript is disabled.
  • Failed deployments should update the status of the deployment config more rapidly, reducing the time before the old deployment is scaled back up

Release SHA256 Checksums

f32db04d5f96eb5ea12bf1866069760bfdcc8d9ec0066c742dc17b5499e144e7  openshift-origin-client-tools-v1.1.5-847f337-linux-32bit.tar.gz
6e7a3a9de046e0de5efda0f024e958651cdd45b12e04b053b6da90332388dc82  openshift-origin-client-tools-v1.1.5-847f337-linux-64bit.tar.gz
a1d1eb484424dffbb857147b85233ad35773b49e7c6ee7c48e7570156b93f01f  openshift-origin-client-tools-v1.1.5-847f337-mac.zip
b4e44d3a2de1fd002c4d9bbdc5f545cc13c6561febd9fa6d4618630676e50ba3  openshift-origin-client-tools-v1.1.5-847f337-windows.zip
3570cd90f4094269acb9d733bfb2571d40287f6a2e75d7a7e99b735764432e4c  openshift-origin-server-v1.1.5-847f337-linux-64bit.tar.gz
Assets 8