openshift
diff --git a/‎modules/zstream-4-17-31.adoc‎
Lines changed: 41 additions & 0 deletions b/‎modules/zstream-4-17-31.adoc‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎modules/zstream-4-17-32.adoc‎
Lines changed: 40 additions & 0 deletions b/‎modules/zstream-4-17-32.adoc‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎modules/zstream-4-17-33.adoc‎
Lines changed: 35 additions & 0 deletions b/‎modules/zstream-4-17-33.adoc‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎modules/zstream-4-17-34.adoc‎
Lines changed: 46 additions & 0 deletions b/‎modules/zstream-4-17-34.adoc‎
Lines changed: 46 additions & 0 deletions
diff --git a/‎modules/zstream-4-17-35.adoc‎
Lines changed: 46 additions & 0 deletions b/‎modules/zstream-4-17-35.adoc‎
Lines changed: 46 additions & 0 deletions
@@ -0,0 +1,41 @@
+// Module included in the following assemblies:
+//
+// * release_notes/ocp-4-17-release-notes.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="ocp-4-17-31_{context}"]
+= RHBA-2025:8108 - {product-title} {product-version}.31 fixed issues
+
+Issued: 28 May 2025
+
+[role="_abstract"]
+{product-title} release {product-version}.31 is now available. The list of fixed issues that are included in the update is documented in the link:https://access.redhat.com/errata/RHBA-2025:8108[RHBA-2025:8108] advisory. There are no RPM packages for this release.
+
+Space precluded documenting all of the container images for this release in the advisory.
+
+You can view the container images in this release by running the following command:
+
+[source,terminal]
+----
+$ oc adm release info 4.17.31 --pullspecs
+----
+
+[id="ocp-4-17-31-fixed-issues_{context}"]
+== Fixed issues
+
+* Previously, {product-title} 4.15 and later versions managed by OpenShift Lifecycle Manager (OLM) were required to have the `olm.managed: "true"` label. In some cases, the solution failed to start and entered a `CrashLoopBackOff` state if the label was missing. The logs for this scenario were displayed as informative, which made it more challenging to identify the root cause. For this release, the log level is changed to error to make the issue clearer and easier to diagnose when the label is missing. (link:https://issues.redhat.com/browse/OCPBUGS-56250[OCPBUGS-56250])
+
+* Previously, if the default proxy environment variables were set to null on build containers, some applications in the container would not run. With this release, the proxy environment variables are added to the build container only if they are defined and the default values are not null. (link:https://issues.redhat.com/browse/OCPBUGS-55826[OCPBUGS-55826])
+
+* Previously, an Operator updated the Progressing condition’s `lastTransitionTime` value even when the condition’s status did not actually change. This led to potential installation errors and perceived instability for end users. With this release, the Operator is prevented from updating the `lastTransitionTime` value unless there is a status change. This enhances Operator stability, minimizes installer errors, and ensures a smoother user experience. (link:https://issues.redhat.com/browse/OCPBUGS-55800[OCPBUGS-55800])
+
+* Previously, the Cluster Samples Operator watched all cluster Operators in the cluster, which triggered the Cluster Samples Operator sync loop to run unnecessarily. This behavior negatively impacted overall performance. With this release, the Cluster Samples Operator only watches specific cluster Operators. (link:https://issues.redhat.com/browse/OCPBUGS-55795[OCPBUGS-55795])
+
+* Previously, the Grandmaster Timekeeper (T-GM) operation unexpectedly set the Precision Time Protocol (PTP) announce message internal signal flags incorrectly. This caused the loss of time synchronization across the network. With this release, the PTP announce message internal signal flags are correctly initialized, ensuring accurate and standardized time synchronization information is disseminated across the network. (link:https://issues.redhat.com/browse/OCPBUGS-55740[OCPBUGS-55740])
+
+* Previously, when creating a multi-network policy without specifying a protocol, the Open Virtual Network (OVN) would crash. With this release, the protocol is assumed to be the Transmission Control Protocol (TCP) if none is specified, preventing OVN crashes. (link:https://issues.redhat.com/browse/OCPBUGS-52480[OCPBUGS-52480])
+
+[id="ocp-4-17-31-updating_{context}"]
+== Updating
+
+To update an {product-title} 4.17 cluster to this latest release, see xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI].
@@ -0,0 +1,40 @@
+// Module included in the following assemblies:
+//
+// * release_notes/ocp-4-17-release-notes.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="ocp-4-17-32_{context}"]
+= RHSA-2025:8280 - {product-title} {product-version}.32 fixed issues and security update
+
+Issued: 04 June 2025
+
+[role="_abstract"]
+{product-title} release {product-version}.31 is now available. The list of fixed issues that are included in the update is documented in the link:https://access.redhat.com/errata/RHSA-2025:8280[RHSA-2025:8280] advisory. The RPM packages that are included in the update are provided by the link:https://access.redhat.com/errata/RHBA-2025:8281[RHBA-2025:8281] advisory.
+
+Space precluded documenting all of the container images for this release in the advisory.
+
+You can view the container images in this release by running the following command:
+
+[source,terminal]
+----
+$ oc adm release info 4.17.32 --pullspecs
+----
+
+[id="ocp-4-17-32-fixed-issues_{context}"]
+== Fixed issues
+
+* Previously, a bug fix altered the availability set configuration by changing the fault domain count to use the maximum available value instead of being fixed at 2. This inadvertently caused scaling issues for `MachineSet` objects created before the bug fix, because the controller attempted to modify immutable availability sets. With this release, availability sets are no longer modified after creation, allowing affected `MachineSet` objects to scale properly. (link:https://issues.redhat.com/browse/OCPBUGS-56655[OCPBUGS-56655])
+
+* Previously, the Samples Operator updated the Progressing condition’s `lastTransitionTime` value even when the condition’s status did not actually change. This led to potential installation errors and perceived instability for end users. With this release, the Operator is prevented from updating the `lastTransitionTime` value unless there is a status change. This enhances Operator stability, minimizes installer errors, and ensures a smoother user experience. (link:https://issues.redhat.com/browse/OCPBUGS-55800[OCPBUGS-55800])
+
+* Previously, the Samples Operator watched all cluster Operators in the cluster, which triggered the Cluster Samples Operator sync loop to run unnecessarily. This behavior negatively impacted overall performance. With this release, the Cluster Samples Operator only watches specific cluster Operators. (link:https://issues.redhat.com/browse/OCPBUGS-55795[OCPBUGS-55795])
+
+* Previously, the Grandmaster Timekeeper (T-GM) operation unexpectedly set the Precision Time Protocol (PTP) announce message internal signal flags incorrectly. This caused the loss of time synchronization across the network. With this release, the PTP announce message flags are correctly initialized, ensuring accurate and standardized time synchronization information is disseminated across the network. (link:https://issues.redhat.com/browse/OCPBUGS-55740[OCPBUGS-55740])
+
+* Previously, image pull timeouts occurred due to the Zscaler platform scanning all data transfers. This resulted in timed out image pulls. With this release, the image pull timeout is increased to 30 seconds, allowing successful updates. (link:https://issues.redhat.com/browse/OCPBUGS-54664[OCPBUGS-54664])
+
+
+[id="ocp-4-17-32-updating_{context}"]
+== Updating
+
+To update an {product-title} 4.17 cluster to this latest release, see xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI].
@@ -0,0 +1,35 @@
+// Module included in the following assemblies:
+//
+// * release_notes/ocp-4-17-release-notes.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="ocp-4-17-33_{context}"]
+= RHSA-2025:8552 - {product-title} {product-version}.33 fixed issues and security update
+
+Issued: 11 June 2025
+
+[role="_abstract"]
+{product-title} release {product-version}.33 is now available. The list of fixed issues that are included in the update is documented in the link:https://access.redhat.com/errata/RHSA-2025:8552[RHSA-2025:8552] advisory. The RPM packages that are included in the update are provided by the link:https://access.redhat.com/errata/RHBA-2025:8553[RHBA-2025:8553] advisory.
+
+Space precluded documenting all of the container images for this release in the advisory.
+
+You can view the container images in this release by running the following command:
+
+[source,terminal]
+----
+$ oc adm release info 4.17.33 --pullspecs
+----
+[id="ocp-4-17-33-known-issues_{context}"]
+== Known issues
+
+* If an egress IP is moved to a different node while a pod has a connection established to an external system, the pod will not receive any traffic from the external system on the same connection until it sends some traffic through it. Currently, there is no workaround for this issue. To keep pods connected, pods must regularly send some traffic through any connection they open via any egress IP in order to keep both directions of the connection working during egress IP failovers. (link:https://issues.redhat.com/browse/OCPBUGS-58355[OCPBUGS-58355])
+
+[id="ocp-4-17-33-fixed-issues_{context}"]
+== Fixed issues
+
+* Previously, the {product-title} web console sent you an alert that compute nodes must be updated within 60 days after you updated control plane nodes. This action request was invalid. With this update, the {product-title} web console no longer sends you this invalid alert. (link:https://issues.redhat.com/browse/OCPBUGS-56375[OCPBUGS-56375])
+
+[id="ocp-4-17-33-updating_{context}"]
+== Updating
+
+To update an {product-title} 4.17 cluster to this latest release, see xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI].
@@ -0,0 +1,46 @@
+// Module included in the following assemblies:
+//
+// * release_notes/ocp-4-17-release-notes.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="ocp-4-17-34_{context}"]
+= RHBA-2025:9289 - {product-title} {product-version}.34 fixed issues
+
+Issued: 25 June 2025
+
+[role="_abstract"]
+{product-title} release {product-version}.34 is now available. The list of fixed issues that are included in the update is documented in the link:https://access.redhat.com/errata/RHBA-2025:9289[RHBA-2025:9289] advisory. The RPM packages that are included in the update are provided by the link:https://access.redhat.com/errata/RHBA-2025:9290[RHBA-2025:9290] advisory.
+
+Space precluded documenting all of the container images for this release in the advisory.
+
+You can view the container images in this release by running the following command:
+
+[source,terminal]
+----
+$ oc adm release info 4.17.34 --pullspecs
+----
+
+[id="ocp-4-17-34-known-issues_{context}"]
+== Known issues
+
+* A known issue exists where a Technology Preview-enabled cluster has Sigstore verification for payload images in the `policy.json` file, but the Podman version in the base image does not support Sigstore configuration, so the new node is not available. As a workaround, the node starts running when the Podman version in the base image does not support Sigstore, so use the default `policy.json` file that does not have Sigstore verification if the base image is 4.11 or earlier. (link:https://issues.redhat.com/browse/OCPBUGS-52313[OCPBUGS-52313])
+
+[id="ocp-4-17-34-fixed-issues_{context}"]
+== Fixed issues
+
+* Previously, if you tried to update a hosted cluster that used in-place updates, the proxy variables were not honored and the update failed. With this release, the pod that performs in-place upgrades honors the cluster proxy settings. As a result, updates now work for hosted clusters that use in-place updates. (link:https://issues.redhat.com/browse/OCPBUGS-57432[OCPBUGS-57432])
+
+* Previously, when you defined multiple bring-your-own (BYO) subnet CIDRs for the `machineNetwork` parameter in the `install-config.yaml` configuration file, the installation failed at the bootstrap stage. This situation occurred because the control plane nodes were blocked from reaching the machine config server (MCS) to get their necessary setup configurations. The root cause was an overly strict {aws-short} security group rule that limited MCS access to only the first specified machine network CIDR. With this release, a fix to the {aws-short} security group means that the installation succeeds when multiple CIDRs are specified in the `machineNetwork` parameter of the `install-config.yaml`. (link:https://issues.redhat.com/browse/OCPBUGS-57292[OCPBUGS-57292])
+
+* Previously, a Machine Config Operator (MCO) incorrectly set an `Upgradeable=False` condition to all new nodes that were added to a cluster. A `PoolUpdating` reason was provided for the `Upgradeable=False` condition. With this release, the MCO now correctly sets an `Upgradeable=True` condition to all new nodes that get added to a cluster, which resolves the issue. (link:https://issues.redhat.com/browse/OCPBUGS-57135[OCPBUGS-57135])
+
+* Previously, the installation program was not checking for ESXi hosts that were powered off within a {vmw-first} cluster, which caused the installation to fail because the OVA could not be uploaded. With this release, the installer now checks the power status of each ESXi host and skips any that are powered off, which resolves the issue and allows the OVA to be imported successfully. (link:https://issues.redhat.com/browse/OCPBUGS-56448[OCPBUGS-56448])
+
+* Previously, in certain situations the gateway IP address for a node changed and caused the `OVN` cluster router to add a new static route with the new gateway IP address, without deleting the original one. The `OVN` cluster router manages the static route to the cluster subnet. As a result, a stale route still pointed to the switch subnet and this caused intermittent drops during egress traffic transfer. With this release, a patch applied to the `OVN` cluster router ensures that if the gateway IP address changes, the `OVN` cluster router updates the existing static route with the new gateway IP address. A stale route no longer points to the `OVN` cluster router so that egress traffic flow does not drop. (link:https://issues.redhat.com/browse/OCPBUGS-56443[OCPBUGS-56443])
+
+* Previously, a pod with a secondary interface in an OVN-Kubernetes `Localnet` network that was plugged into a `br-ex` interface bridge was out of reach by other pods on the same node, but used the default network for communication. The communication between pods on different nodes was not impacted. With this release, the communication between a `Localnet` pod and a default network pod running on the same node is possible, however the IP addresses that are used in the `Localnet` network must be within the same subnet as the host network. (link:https://issues.redhat.com/browse/OCPBUGS-56244[OCPBUGS-56244])
+
+[id="ocp-4-17-34-updating_{context}"]
+== Updating
+
+To update an {product-title} 4.17 cluster to this latest release, see xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI].
@@ -0,0 +1,46 @@
+// Module included in the following assemblies:
+//
+// * release_notes/ocp-4-17-release-notes.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="ocp-4-17-35_{context}"]
+= RHSA-2025:10294 - {product-title} {product-version}.35 fixed issues and security update
+
+Issued: 09 July 2025
+
+[role="_abstract"]
+{product-title} release {product-version}.35 is now available. The list of fixed issues that are included in the update is documented in the link:https://access.redhat.com/errata/RHSA-2025:10294[RHSA-2025:10294] advisory. The RPM packages that are included in the update are provided by the link:https://access.redhat.com/errata/RHSA-2025:10295[RHSA-2025:10295] advisory.
+
+Space precluded documenting all of the container images for this release in the advisory.
+
+You can view the container images in this release by running the following command:
+
+[source,terminal]
+----
+$ oc adm release info 4.17.35 --pullspecs
+----
+
+[id="ocp-4-17-35-enhancements_{context}"]
+== Enhancements
+
+* This enhancement extends the expiration date of the self-signed `loopback` certificate for the Kubernetes API Server from one year to three years. (link:https://issues.redhat.com/browse/OCPBUGS-57196[OCPBUGS-57196])
+
+[id="ocp-4-17-35-fixed-issues_{context}"]
+== Fixed issues
+
+* Previously, the `oc adm node-image create` command incorrectly modified the existing permissions of the target assets folder when the command saved the artifacts on the disk. With this release, a bug fix ensures that the copying operation for the command preserves the destination folder permissions. (link:https://issues.redhat.com/browse/OCPBUGS-58091[OCPBUGS-58091])
+
+* Previously, when installing into an existing virtual private cloud (VPC) on {aws-first}, a potential mismatch could occur in the subnet information in the {aws-short} Availability Zone between the machine set custom resources for control plane nodes and their corresponding {aws-short} EC2 instances. As a consequence, where the control plane nodes were spread across three Availability Zones and one was recreated, the discrepancy could result in an unbalanced control plane as two nodes occurred within the same Availability Zone. With this release, the subnet Availability Zone information in the machine set custom resources and in the EC2 instances now match and the issue is resolved. (link:https://issues.redhat.com/browse/OCPBUGS-57293[OCPBUGS-57293])
+
+* Previously, the kubelet stopped reporting metrics if a `stat` call stalled from the kernel. For example, in instances where a `stat` call on the disk was run on the Network File System (NFS). With this release, the kubelet reports metrics even if a disk is stuck. (link:https://issues.redhat.com/browse/OCPBUGS-57289[OCPBUGS-57289])
+
+* Previously, the `/metrics` endpoint failed to correctly parse a bearer token from the authorization header on internal Prometheus scrape requests. This caused the `TokenReviews` to fail and a `TargetDown` alert was triggered for the console metrics endpoint. With this release, the `/metrics` endpoint correctly parses the bearer token from the authorization header, the `TokenReview` step works as intended, and the `TargetDown` alert no longer displays. (link:https://issues.redhat.com/browse/OCPBUGS-57182[OCPBUGS-57182])
+
+* Previously, an `iptables-alerter` pod had to make several calls to the `crictl` command-line interface (CLI) for each pod that existed in a node to fetch information for the cluster. These calls required high CPU usage that impacted cluster performance. With this release, an `iptables-alerter` pod only needs to make a single call to `crictl` to fetch information for all pods that exist in a node. (link:https://issues.redhat.com/browse/OCPBUGS-55518[OCPBUGS-55518])
+
+* Previously, clusters that did not have the `IdleConnectionTerminationPolicy` API setting in the Ingress Controller API had the `idle-close-on-response` HAProxy setting enabled by default. This resulted in idle connections being closed immediately upon a response. With this release, the `IdleConnectionTerminationPolicy` API setting was added to the Ingress Controller API with `Deferred` as the default, enabling the HAProxy setting and keeping idle connections open until the last response is handled after a soft stop. (link:https://issues.redhat.com/browse/OCPBUGS-49702[OCPBUGS-49702])
+
+[id="ocp-4-17-35-updating_{context}"]
+== Updating
+
+To update an {product-title} 4.17 cluster to this latest release, see xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI].