openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

Added bug fixes to the RN

Browse Source
This commit is contained in:
Michael Burke
2024-02-09 11:21:04 -05:00
parent d598064f50
commit 2e8409e38f
5 changed files with 92 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
_topic_maps/_topic_map.yml
View File

@@ -2522,7 +2522,7 @@ Topics:
- Name: Red Hat OpenShift support for Windows Containers overview
File: index
- Name: Red Hat OpenShift support for Windows Containers release notes
File: windows-containers-release-notes-8-x
File: windows-containers-release-notes-10-15-x
- Name: Understanding Windows container workloads
File: understanding-windows-container-workloads
- Name: Enabling Windows container workloads

9
modules/wmco-prerequisites.adoc
View File

@@ -7,10 +7,10 @@
The following information details the supported platform versions, Windows Server versions, and networking configurations for the Windows Machine Config Operator. See the vSphere documentation for any information that is relevant to only that platform.
[id="wmco-prerequisites-supported-8.0.0_{context}"]
== WMCO 8.0.0 supported platforms and Windows Server versions
[id="wmco-prerequisites-supported-10.15.0_{context}"]
== WMCO 10.15.0 supported platforms and Windows Server versions
The following table lists the link:https://docs.microsoft.com/en-us/windows/release-health/windows-server-release-info[Windows Server versions] that are supported by WMCO 8.0.0, based on the applicable platform. Windows Server versions not listed are not supported and attempting to use them will cause errors. To prevent these errors, use only an appropriate version for your platform.
The following table lists the link:https://docs.microsoft.com/en-us/windows/release-health/windows-server-release-info[Windows Server versions] that are supported by WMCO 10.15.0, based on the applicable platform. Windows Server versions not listed are not supported and attempting to use them will cause errors. To prevent these errors, use only an appropriate version for your platform.
[cols="3,7",options="header"]
|===
@@ -18,7 +18,8 @@ The following table lists the link:https://docs.microsoft.com/en-us/windows/rele
|Supported Windows Server version
|Amazon Web Services (AWS)
|Windows Server 2019, version 1809
a|* Windows Server 2022, OS Build link:https://support.microsoft.com/en-us/topic/april-25-2022-kb5012637-os-build-20348-681-preview-2233d69c-d4a5-4be9-8c24-04a450861a8d[20348.681] or later
* Windows Server 2019, version 1809
|Microsoft Azure
a|* Windows Server 2022, OS Build link:https://support.microsoft.com/en-us/topic/april-25-2022-kb5012637-os-build-20348-681-preview-2233d69c-d4a5-4be9-8c24-04a450861a8d[20348.681] or later

86
windows_containers/windows-containers-release-notes-10-15-x.adoc Normal file
View File

@@ -0,0 +1,86 @@
:_mod-docs-content-type: ASSEMBLY
[id="windows-containers-release-notes-10-15-x"]
= {productwinc} release notes
include::_attributes/common-attributes.adoc[]
:context: windows-containers-release-notes
toc::[]
[id="about-windows-containers"]
== About {productwinc}
Windows Container Support for Red{nbsp}Hat OpenShift enables running Windows compute nodes in an {product-title} cluster. Running Windows workloads is possible by using the Red{nbsp}Hat Windows Machine Config Operator (WMCO) to install and manage Windows nodes. With Windows nodes available, you can run Windows container workloads in {product-title}.
The release notes for Red{nbsp}Hat OpenShift for Windows Containers tracks the development of the WMCO, which provides all Windows container workload capabilities in {product-title}.
ifndef::openshift-origin[]
[id="getting-support"]
== Getting support
// wording taken and modified from https://access.redhat.com/support/policy/updates/openshift#windows
Windows Container Support for Red{nbsp}Hat OpenShift is provided and available as an optional, installable component. Windows Container Support for Red{nbsp}Hat OpenShift is not part of the {product-title} subscription. It requires an additional Red{nbsp}Hat subscription and is supported according to the link:https://access.redhat.com/support/offerings/production/soc/[Scope of coverage] and link:https://access.redhat.com/support/offerings/production/sla[Service level agreements].
You must have this separate subscription to receive support for Windows Container Support for Red{nbsp}Hat OpenShift. Without this additional Red{nbsp}Hat subscription, deploying Windows container workloads in production clusters is not supported. You can request support through the link:http://access.redhat.com/[Red{nbsp}Hat Customer Portal].
For more information, see the Red{nbsp}Hat OpenShift Container Platform Life Cycle Policy document for link:https://access.redhat.com/support/policy/updates/openshift#windows[{productwinc}].
If you do not have this additional Red{nbsp}Hat subscription, you can use the Community Windows Machine Config Operator, a distribution that lacks official support.
endif::openshift-origin[]
[id="wmco-10-15-0"]
== Release notes for Red{nbsp}Hat Windows Machine Config Operator 10.15.0
This release of the WMCO provides bug fixes for running Windows compute nodes in an {product-title} cluster. The components of the WMCO 10.15.0 were released in {UPDATE WHEN AVAILABLE} link:https://access.redhat.com/errata/RHSA-2023:4025[RHSA-2023:4025] {UPDATE WHEN AVAILABLE}
=== New features and improvements
[id="wmco-10-15-0-node-certificates"]
[id="wmco-10-15-0-numbering"]
==== New WMCO numbering
Starting with this release, y-stream releases of the WMCO will be in step with {product-title}, with only z-stream releases between {product-title} releases. The WMCO numbering will reflect the associated {product-title} version in the y-stream position. For example, the current release of WMCO is associated with {product-title} version 4.15. Thus, the numbering is WMCO 10.15.z.
[id="wmco-10-15-0-operator-metrics"]
==== CPU and memory usage metrics are now available
//https://issues.redhat.com/browse/WINC-1181
CPU and memory usage metrics for Windows pods are now available in Prometheus. The metrics are shown in the {product-title} web console on the *Metrics* tab for each Windows pod and can be queried by users.
[id="wmco-10-15-0-operator-sdk"]
==== Operator SDK upgrade
The WMCO now uses the Operator SDK version 1.32.0.
[id="wmco-10-15-0-operator-kube"]
==== Kubernetes upgrade
The WMCO now uses Kubernetes 1.28.
[id="wmco-10-15-0-bug-fixes"]
=== Bug fixes
* Previously, there was a flaw in the handling of multiplexed streams in the HTTP/2 protocol, which is utilized by the WMCO. A client could repeatedly make a request for a new multiplex stream and then immediately send an `RST_STREAM` frame to cancel those requests. This activity created additional work for the server by setting up and dismantling streams, but avoided any server-side limitations on the maximum number of active streams per connection. As a result, a denial of service occurred due to server resource consumption. This issue has been fixed. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2243296[*BZ-2243296*])
* Previously, there was a flaw in Kubernetes, where a user who can create pods and persistent volumes on Windows nodes was able to escalate to admin privileges on those nodes. Kubernetes clusters were only affected if they were using an in-tree storage plugin for Windows nodes. This issue has been fixed. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2247163[*BZ-2247163*])
* Previously, there was a flaw in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker could remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks. This issue has been fixed. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2254210[*BZ-2254210*])
* Previously, the routes from a Windows Bring-Your-Own-Host (BYOH) VM to the metadata endpoint were being added as non-persistent routes, so the routes were removed when a VM was removed (deconfigured) or re-configured. This would cause the node to fail if configured again, as the metadata endpoint was unreachable. With this fix, the WMCO runs the AWS EC2 launch v2 service after removal or re-configuration. As a result, the routes are restored so that the VM can be configured into a node, as expected. (link:https://issues.redhat.com/browse/OCPBUGS-15988[*OCPBUGS-15988*])
// Also in 7.2.1,
* Previously, the WMCO did not properly wait for Windows virtual machines (VMs) to finish rebooting. This led to occasional timing issues where the WMCO would attempt to interact with a node that was in the middle of a reboot, causing WMCO to log an error and restart node configuration. Now, the WMCO waits for the instance to completely reboot. (link:https://issues.redhat.com/browse/OCPBUGS-17217[*OCPBUGS-17217*])
// Also in 7.2.1
* Previously, the WMCO configuration was missing the `DeleteEmptyDirData: true` field, which is required for draining nodes that have `emptyDir` volumes attached. As a consequence, customers that had nodes with `emptyDir` volumes would see the following error in the logs: `cannot delete Pods with local storage`. With this fix, the `DeleteEmptyDirData: true` field was added to the node drain helper struct in the WMCO. As a result, customers are able to drain nodes with `emptyDir` volumes attached. (link:https://issues.redhat.com/browse/OCPBUGS-27300[*OCPBUGS-27300*])
* Previously, because of a lack of synchronization between Windows machine set nodes and BYOH instances, during an update the machine set nodes and the BYOH instances could update simultaneously. This could impact running workloads. This fix introduces a locking mechanism so that machine set nodes and BYOH instances update individually. (link:https://issues.redhat.com/browse/OCPBUGS-8996[*OCPBUGS-8996*])
* Previously, because of a missing secret, the WMCO could not configure proper credentials for the WICD on Nutanix clusters. As a consequence, the WMCO could not create Windows nodes. With this fix, the WMCO creates long-lived credentials for the WICD service account. As a result, the WMCO is able to configure a Windows node on Nutanix clusters. (link:https://issues.redhat.com/browse/OCPBUGS-25350[*OCPBUGS-25350*])
// Also in 7.2.1, 8.1.2
* Previously, because of bad logic in the networking configuration script, the WICD was incorrectly reading carriage returns in the CNI configuration file as changes, and identified the file as modified. This caused the CNI configuration to be unnecessarily reloaded, potentially resulting in container restarts and brief network outages. With this fix, the WICD now reloads the CNI configuration only when the CNI configuration is actually modified. (link:https://issues.redhat.com/browse/OCPBUGS-25756[*OCPBUGS-25756*])
include::modules/wmco-prerequisites.adoc[leveloffset=+1]
include::modules/windows-containers-release-notes-limitations.adoc[leveloffset=+1]

55
windows_containers/windows-containers-release-notes-6-x.adoc
View File

@@ -1,55 +0,0 @@
:_mod-docs-content-type: ASSEMBLY
[id="windows-containers-release-notes-6-x"]
= {productwinc} release notes
include::_attributes/common-attributes.adoc[]
:context: windows-containers-release-notes
toc::[]
[id="about-windows-containers"]
== About {productwinc}
Windows Container Support for Red Hat OpenShift enables running Windows compute nodes in an {product-title} cluster. Running Windows workloads is possible by using the Red Hat Windows Machine Config Operator (WMCO) to install and manage Windows nodes. With Windows nodes available, you can run Windows container workloads in {product-title}.
The release notes for Red Hat OpenShift for Windows Containers tracks the development of the WMCO, which provides all Windows container workload capabilities in {product-title}.
ifndef::openshift-origin[]
[id="getting-support"]
== Getting support
// wording taken and modified from https://access.redhat.com/support/policy/updates/openshift#windows
Windows Container Support for Red Hat OpenShift is provided and available as an optional, installable component. Windows Container Support for Red Hat OpenShift is not part of the {product-title} subscription. It requires an additional Red Hat subscription and is supported according to the link:https://access.redhat.com/support/offerings/production/soc/[Scope of coverage] and link:https://access.redhat.com/support/offerings/production/sla[Service level agreements].
You must have this separate subscription to receive support for Windows Container Support for Red Hat OpenShift. Without this additional Red Hat subscription, deploying Windows container workloads in production clusters is not supported. You can request support through the link:http://access.redhat.com/[Red Hat Customer Portal].
For more information, see the Red Hat OpenShift Container Platform Life Cycle Policy document for link:https://access.redhat.com/support/policy/updates/openshift#windows[{productwinc}].
If you do not have this additional Red Hat subscription, you can use the Community Windows Machine Config Operator, a distribution that lacks official support.
endif::openshift-origin[]
[id="wmco-6-0-0"]
== Release notes for Red Hat Windows Machine Config Operator 6.0.0
This release of the WMCO provides bug fixes for running Windows compute nodes in an {product-title} cluster. The components of the WMCO 6.0.0 were released in
=== New features and improvements
[id="wmco-6.0.0-node-certificates"]
==== Windows node certificates are updated
With this release, the WMCO updates the Windows node certificates when the kubelet client certificate authority (CA) certificate is rotated.
[id="wmco-6-0-0-new-features"]
=== New features
[id="wmco-6-0-0-containerd"]
==== Containerd is the default container runtime
Because the Docker runtime is deprecated in Kubernetes 1.24, containerD is now the default runtime for WMCO-supported Windows nodes. Upon the installation of or an upgrade to WMCO 6.0.0, containerd is installed as a Windows service. The kubelet now uses containerd for image pulls instead of the Docker runtime. Users no longer need to enable the Docker-formatted container runtime or install the Docker container runtime on Bring-Your-Own-Host (BYOH) instances. You can continue to use nodes based on VM images that use Docker. containerd can run along with the Docker service.
The WMCO supports a Windows golden image with or without Docker for vSphere and Bring-Your-Own-Host (BYOH) Windows instances.
include::modules/wmco-prerequisites.adoc[leveloffset=+1]
include::modules/windows-containers-release-notes-limitations.adoc[leveloffset=+1]

61
windows_containers/windows-containers-release-notes-8-x.adoc
View File

@@ -1,61 +0,0 @@
:_mod-docs-content-type: ASSEMBLY
[id="windows-containers-release-notes-8-x"]
= {productwinc} release notes
include::_attributes/common-attributes.adoc[]
:context: windows-containers-release-notes
toc::[]
[id="about-windows-containers"]
== About {productwinc}
Windows Container Support for Red Hat OpenShift enables running Windows compute nodes in an {product-title} cluster. Running Windows workloads is possible by using the Red Hat Windows Machine Config Operator (WMCO) to install and manage Windows nodes. With Windows nodes available, you can run Windows container workloads in {product-title}.
The release notes for Red Hat OpenShift for Windows Containers tracks the development of the WMCO, which provides all Windows container workload capabilities in {product-title}.
ifndef::openshift-origin[]
[id="getting-support"]
== Getting support
// wording taken and modified from https://access.redhat.com/support/policy/updates/openshift#windows
Windows Container Support for Red Hat OpenShift is provided and available as an optional, installable component. Windows Container Support for Red Hat OpenShift is not part of the {product-title} subscription. It requires an additional Red Hat subscription and is supported according to the link:https://access.redhat.com/support/offerings/production/soc/[Scope of coverage] and link:https://access.redhat.com/support/offerings/production/sla[Service level agreements].
You must have this separate subscription to receive support for Windows Container Support for Red Hat OpenShift. Without this additional Red Hat subscription, deploying Windows container workloads in production clusters is not supported. You can request support through the link:http://access.redhat.com/[Red Hat Customer Portal].
For more information, see the Red Hat OpenShift Container Platform Life Cycle Policy document for link:https://access.redhat.com/support/policy/updates/openshift#windows[{productwinc}].
If you do not have this additional Red Hat subscription, you can use the Community Windows Machine Config Operator, a distribution that lacks official support.
endif::openshift-origin[]
[id="wmco-8-0-0"]
== Release notes for Red Hat Windows Machine Config Operator 8.0.0
This release of the WMCO provides new features and bug fixes for running Windows compute nodes in an {product-title} cluster. The components of the WMCO 8.0.0 were released in link:https://access.redhat.com/errata/RHSA-2023:1372[RHSA-2023:1372].
[id="wmco-8-0-0-new-features"]
=== New features and improvements
[id="wmco-8-0-0-os"]
==== Support for the pod `os` parameter
You can now use the `spec.os.name.windows` parameter in your workload pods to authoritatively identify the pod operating system for validation and to enforce Windows-specific pod security context constraints (SCCs). It is recommended that you configure this parameter in your workload pods.
For more information, see xref:../windows_containers/scheduling-windows-workloads.adoc#sample-windows-workload-deployment_scheduling-windows-workloads[Sample Windows container workload deployment].
[id="wmco-8-0-0-must-gather"]
==== WICD logs are added to must-gather
The `must-gather` tool now collects the service logs generated by the Windows Instance Config Daemon (WICD) from Windows nodes.
[id="wmco-8-0-0-bug-fixes"]
=== Bug fixes
* Previously, the test to determine if the Windows Defender antivirus service is running was incorrectly checking for any process whose name started with `Windows Defender`, regardless of state. This resulted in an error when the WMCO created firewall exclusions for containerd on instances without `Windows Defender` installed. This fix now checks for the presence of the specific running process associated with the Windows Defender antivirus service. As a result, the WMCO can properly configure Windows instances as nodes regardless of whether Windows Defender is installed. (link:https://issues.redhat.com/browse/OCPBUGS-1513[*OCPBUGS-1513*])
* Previously, in-tree storage was not working for Windows nodes on VMware vSphere. With this fix, {productwinc} properly supports in-tree storage for all cloud providers. (link:https://issues.redhat.com/browse/WINC-1014[*WINC-1014*])
include::modules/wmco-prerequisites.adoc[leveloffset=+1]
include::modules/windows-containers-release-notes-limitations.adoc[leveloffset=+1]