openshift-docs/microshift_release_notes/microshift-4-15-release-notes.adoc

:_mod-docs-content-type: ASSEMBLY
[id="microshift-4-15-release-notes"]
= {product-title} {product-version} release notes
include::_attributes/attributes-microshift.adoc[]
:context: release-notes

toc::[]

{product-title-first} provides developers and IT organizations with small-form-factor and edge computing delivered as an application that customers can deploy on top of their managed {op-system-base-full} devices at the edge. Built on {OCP} and Kubernetes, {microshift-short} provides an efficient way to operate single-node clusters in low-resource edge environments.

{microshift-short} is designed to make control plane restarts economical and be lifecycle-managed as a single unit by the operating system. Updates, roll-backs, and configuration changes consist of simply staging another version in parallel and then - without relying on a network - flipping to and from that version and restarting.

[id="microshift-4-15-about-this-release"]
== About this release
Version 4.15 of {product-title} includes new features and enhancements. {microshift-short} was introduced as Generally Available with {microshift-short} 4.14. Update to the latest version of {microshift-short} to receive all of the latest features, bug fixes, and security updates. This release uses link:https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.28.md[Kubernetes 1.28] with the CRI-O container runtime. New features, changes, and known issues that pertain to {microshift-short} are included in this topic.

You can deploy {microshift-short} clusters to either on-premise, cloud, or disconnected environments.

// Double check OP system versions
{microshift-short} {product-version} is supported on {op-system-ostree-first} and {op-system-base-full} 9.2 and 9.3.

For lifecycle information, see the link:https://access.redhat.com/product-life-cycles?product=Red%20Hat%20build%20of%20Microshift,Red%20Hat%20Device%20Edge[{product-title} Life Cycle Policy].

[id="microshift-4-15-new-features-and-enhancements"]
== New features and enhancements

This release adds improvements related to the following components and concepts.

//L3 major categories with features in each as L4s, for example:
[id="microshift-4-15-rhel"]
=== {op-system-base-full}
* {microshift-short} now runs on {op-system-base-full} versions 9.2 and 9.3. Compatibility with {op-system} 9.3 is an enhancement for {microshift-short} version 4.15.

// Some details of the next note are adapted from https://kubernetes.io/blog/2022/08/31/cgroupv2-ga-1-25/
* {microshift-short} uses crun and Control Group v2 (cgroup v2). If workloads rely on the cgroup file system layout, they might need to be updated to be compatible with cgroup v2.

** If you run third-party monitoring and security agents that depend on the cgroup file system, update the agents to versions that support cgroup v2.
** If you run cAdvisor as a standalone DaemonSet for monitoring pods and containers, update it to v0.43.0 or later.
** If you deploy Java applications with JDK, ensure you are using JDK 11.0.16 and later or JDK 15 and later, which fully support cgroup v2.

//[id="microshift-4-15-security"]
//=== Security and compliance

[id="microshift-4-15-updating"]
=== Updating
Updates for both minor releases and patch releases are supported.

[id="microshift-4-15-updates-supported"]
==== The following updates are supported
The following list provides update details:

* {microshift-short} offers in-place updates on {op-system-ostree} systems with automatic system rollback capabilities and automatic back up and restore functions.
* Updates of the RPMs on a non-OSTree system such as {op-system} are also supported.
* Updates from the 4.14 version are supported.

[id="microshift-4-15-version-logs-at-start"]
==== Version logged at start up
Previously, {microshift-short} did not log its version at start up. The absence of version information made debugging certain scenarios difficult because the update path was unknown. Now, the {microshift-short} version is logged at start up and available with commands such as `journalctl -u microshift | grep "Version"`. (link:https://issues.redhat.com/browse/OCPBUGS-19540[*OCPBUGS-19540*])

//[id="microshift-4-15-new-feat-based-on-{op-system-ostree}"]
//==== Placeholder for new feat bases on RHEL Edge

[id="microshift-4-15-installation"]
=== Installation

[id="microshift-4-15-blueprint-included"]
==== Sample blueprints now included
The `microshift-release-info` RPM now contains sample blueprints that can be used for image building. The blueprints include both {microshift-short} RPM packages and container image references.
//TODO link to install section once merged

[id="microshift-4-15-support"]
=== Support

[id="microshift-4-15-etcd"]
==== Getting the etcd version
Previously, you could not query for the etcd version included with {microshift-short}. Now, the `microshift-etcd version` command outputs the {microshift-short} version and the base version of the etcd database. See xref:../microshift_support/microshift-etcd.adoc#microshift-etcd[The etcd service] for more information.

//[id="microshift-4-15-post-installation"]
//=== Post-installation configuration
//With this release, configuration options have changed.

//[id="microshift-4-15-changes-config-yaml"]
//==== Configuration options changes

//[id="microshift-4-15-administrator-perspective"]
//==== Administrator Perspective
//admin perspectives go here

//[id="microshift-4-15-security"]
//=== Security and compliance
//
// This content will be added post-GA, as it is asynchronous content.

[id="microshift-4-15-networking"]
=== Networking

[id="microshift-4-15-networking-doc-enhancements"]
==== Networking documentation enhancements

Various networking documentation improvements are now available in the {microshift-short} release.

* *Network features with their customization status.* A new detailed table of the networking features and their customizations that are accessible in a {microshift-short} instance are described in xref:../microshift_networking/microshift-cni.adoc#microshift-nw-customization-matrix_microshift-about-ovn-k-plugin[{microshift-short} networking customization matrix].

* *Network topology updates.* Extensive examples of the Network topology available in your {microshift-short} instance are also updated, see xref:../microshift_networking/microshift-cni.html#microshift-network-topology_microshift-about-ovn-k-plugin[Network topology].

* *Auditing exposed ports examples.* The {microshift-short} documentation now includes procedures on auditing exposed network ports and viewing port log settings. The updated documentation can be viewed in xref:../microshift_networking/microshift-networking-settings.adoc#microshift-exposed-audit-ports_microshift-networking[Auditing exposed network ports].

* *Adding and closing ports.* This release also improved the documentation for adding and closing ports and services in your {microshift-short} firewall, see xref:../microshift_networking/microshift-firewall.adoc#microshift-firewall-optional-settings_microshift-firewall[Using optional port settings].

* *Network policies introduction.* With this release, an introduction to setting network policies has been added to the {microshift-short} documentation. More details are expected to follow in z-stream releases, see xref:../microshift_networking/microshift-network-policy/microshift-network-policy-index.adoc#microshift-network-policy-index[Setting network policies].

[id="microshift-4-15-networking-disconnected"]
==== Configuring {microshift-short} on disconnected hosts

You can configure your network settings to run {microshift-short} on a fully disconnected host. This feature is also enabled in {microshift-short} version 4.14. For more information, see xref:../microshift_networking/microshift-disconnected-network-config.adoc[Configuring network settings for fully disconnected hosts].

[id="microshift-4-15-running-apps"]
=== Running Applications

[id="microshift-4-15-olm"]
==== Operator Lifecyle Manager
With this release, you can use Operator Lifecyle Manager (OLM) to create, apply, and administer add-on Operators. See xref:../microshift_running_apps/microshift-operators-olm.adoc#microshift-operators-olm[Using Operator Lifecycle Manager with {microshift-short}].

[id="microshift-4-15-deprecated-and-removed"]
== Deprecated and removed features

Some features available in previous releases of {microshift-short} have been deprecated or removed.

Deprecated functionality is still included in {microshift-short} and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments. For the most recent list of major functionality deprecated and removed within {microshift-short} {product-version}, refer to the tables below. Additional details for more functionality that has been deprecated and removed are listed after the table.

In the following tables, features are marked with the following statuses:

* _Available_

* _Deprecated_

* _Removed_

.{product-title} deprecated and removed features tracker
[cols="5,1,1,1",options="header"]
|====
|Feature |4.13 |4.14 |4.15

|Network configuration flags
|Deprecated
|Removed
|-

|CIDR notation
|-
|Removed
|-

|====

[id="microshift-4-15-bug-fixes"]
== Bug fixes

[discrete]
[id="microshift-4-15-installation-bug-fixes"]
=== Installation
* Previously, the `microshift-release-info` RPM depended on the `microshift` RPM. With this release, you can download and install the `microshift-release-info` RPM independently for use in image building. (link:https://issues.redhat.com/browse/OCPBUGS-22854[*OCPBUGS-22854*])

* Previously, the Greenboot health check script printed outputs for some checks that were not picked up by `journald`, resulting in missing log entries when running the `journalctl -u greenboot-healthcheck` command. With this release, the production of logs by the Greenboot healthcheck has been fixed so that all outputs are linked to the `systemd` unit, making them easily available to read. (link:https://issues.redhat.com/browse/OCPBUGS-20037[*OCPBUGS-20037*])

* Previously, the {microshift-short} clean-up script failed if CRI-O services were not present or not running. This prevented {microshift-short} and its dependencies from fully uninstalling. It also prevented the clean-up script from running on a system with a new installation of the `microshift` RPM that had not started. With this release, the {microshift-short} clean-up script skips the CRI-O steps if the service is not running, reports that status, and continues with clean-up activities. (link:https://issues.redhat.com/browse/OCPBUGS-22936[*OCPBUGS-22936*])

* Previously, the Greenboot health check reported a `RED` status when the Logical Volume Manager Storage (LVMS) component was disabled because no volume groups (VGs) were present. Because volume groups are not required for {microshift-short}, the health check should report `GREEN` without VGs. Now, when LVMS is disabled, the Greenboot health check skips the check for the `openshift-storage` namespace and reports `GREEN` status. (link:https://issues.redhat.com/browse/OCPBUGS-25689[*OCPBUGS-25689*])

[discrete]
[id="microshift-4-15-networking-bug-fixes"]
=== Networking
* Whenever `advertiseAddress` is configured with an IP address, any network interfaces must also be configured. Previously, manually setting the `advertiseAddress` in the {microshift-short} `config.yaml` to the IP address value that is expected to be set by default, but not manually setting the same IP address for the `br-ex` network bridge on the host, caused the `ovnkube-master` container in the `ovnkube-master` pod to crash. With this release, the {microshift-short} service verifies whether `advertiseAddress` is set in the `config.yaml` and whether any interface has the same IP address set. If the two settings are not the same, {microshift-short} prints an error, for example, `Advertise address: %s not present in any interface, advertiseAddress` and fails. This helps ensure the proper configuration before the system starts. (link:https://issues.redhat.com/browse/OCPBUGS-27398[*OCPBUGS-27398*]

[discrete]
[id="microshift-4-15-support-bug-fixes"]
=== Support
* Previously, `sos` reports created journal logs in separate files, making it difficult to correlate {microshift-short} and the Greenboot health check. Now the {microshift-short} `sos` tool includes a full system journal with an aggregated view in the same log. With this update, you can see one log with a detailed report that shows all of the enabled plugins and data from the different components and applications.
(link:https://issues.redhat.com/browse/OCPBUGS-19567[*OCPBUGS-19567*])

[id="microshift-4-15-asynchronous-errata-updates"]
== Asynchronous errata updates

Security, bug fix, and enhancement updates for {microshift-short} {product-version} are released as asynchronous errata through the Red Hat Network. All {microshift-short} {product-version} errata are https://access.redhat.com/downloads/content/290/[available on the Red Hat Customer Portal]. For more information about asynchronous errata, read the https://access.redhat.com/product-life-cycles?product=Red%20Hat%20build%20of%20Microshift,Red%20Hat%20Device%20Edge[{microshift-short} Life Cycle].

Red Hat Customer Portal users can enable errata notifications in the account settings for Red Hat Subscription Management (RHSM). When errata notifications are enabled, you are notified through email whenever new errata relevant to your registered systems are released.

[NOTE]
====
Red Hat Customer Portal user accounts must have systems registered and consuming {microshift-short} entitlements for {microshift-short} errata notification emails to generate.
====

This section is updated over time to provide notes on enhancements and bug fixes for future asynchronous errata releases of {microshift-short} {product-version}. Versioned asynchronous releases, for example with the form {microshift-short} {product-version}.z, will be detailed in the following subsections.

[id="microshift-4-15-0-dp"]
=== RHSA-2023:7200 - {microshift-short} 4.15.0 bug fix and security update advisory

Issued: 2024-02-27

{product-title} release 4.15.0 is now available. The list of bug fixes that are included in the update is documented in the link:https://access.redhat.com/errata/RHSA-2023:7200[RHSA-2023:7200] advisory. The images that are included in the update are provided by the link:https://access.redhat.com/errata/RHSA-2023:7198[RHSA-2023:7198] advisory.

For the latest images included with {microshift-short}, view the contents of the `microshift-release-info` RPM. See xref:../microshift_install/microshift-embed-in-rpm-ostree-offline-use.adoc#microshift-embed-microshift-image-offline-deploy_microshift-embed-in-rpm-ostree-offline-use[Embedding {microshift-short} containers for offline deployments].

[id="microshift-4-15-2-dp"]
=== RHBA-2024:1212 - {microshift-short} 4.15.2 bug fix and enhancement update advisory

Issued: 2024-03-13

{product-title} release 4.15.2 is now available. The list of bug fixes that are included in the update is documented in the link:https://access.redhat.com/errata/RHBA-2024:1212[RHBA-2024:1212] advisory. The images that are included in the update are provided by the link:https://access.redhat.com/errata/RHSA-2024:1210[RHSA-2024:1210] advisory.

For the latest images included with {microshift-short}, view the contents of the `microshift-release-info` RPM. See xref:../microshift_install/microshift-embed-in-rpm-ostree-offline-use.adoc#microshift-embed-microshift-image-offline-deploy_microshift-embed-in-rpm-ostree-offline-use[Embedding {microshift-short} containers for offline deployments].

[discrete]
[id="microshift-4-15-2-bug-fixes"]
==== Bug fixes

FIPS mode::
* Previously, {microshift-short} used a version of the logical volume manager storage (LVMS) Container Storage Interface (CSI) provider that was not designed for FIPS compliance. This caused {microshift-short} to fail a FIPS validation test. With this release, the LVMS version 4.15.0 is used as the default CSI storage provider and validation passes.

* When a {op-system-base-full} version that uses FIPS libraries is installed and started with FIPS enabled, {microshift-short} containers are automatically enabled to run in FIPS mode. See xref:../microshift_install/microshift-fips.adoc#microshift-fips[Running {microshift-short} containers in FIPS mode].

* Update to the 4.15.2 release to apply this fix for FIPS mode.

[discrete]
[id="microshift-4-15-2-enhancements"]
==== Enhancements

Adds OLM image references in dedicated file::
* Previously, image references for embedding MicroShift OLM in a RHEL for Edge image were part of the `microshift-olm` RPM package. The application package had to be downloaded and run to retrieve the information. With this release, image references are now in the dedicated `microshift-olm-release-info` RPM package for easier use. (link:https://issues.redhat.com/browse/OCPBUGS-29246[OCPBUGS-29246])

[id="microshift-4-15-3-dp"]
=== RHBA-2024:1257 - {microshift-short} 4.15.3 bug fix and enhancement update advisory

Issued: 2024-03-20

{product-title} release 4.15.3 is now available. The list of bug fixes that are included in the update is documented in the link:https://access.redhat.com/errata/RHBA-2024:1257[RHBA-2024:1257] advisory. The images that are included in the update are provided by the link:https://access.redhat.com/errata/RHSA-2024:1255[RHSA-2024:1255] advisory.

For the latest images included with {microshift-short}, view the contents of the `microshift-release-info` RPM. See xref:../microshift_install/microshift-embed-in-rpm-ostree-offline-use.adoc#microshift-embed-microshift-image-offline-deploy_microshift-embed-in-rpm-ostree-offline-use[Embedding {microshift-short} containers for offline deployments].

[id="microshift-4-15-5-dp"]
=== RHBA-2024:1451 - {microshift-short} 4.15.5 bug fix and enhancement update advisory

Issued: 2024-03-27

{product-title} release 4.15.5 is now available. The list of bug fixes that are included in the update is documented in the link:https://access.redhat.com/errata/RHBA-2024:1451[RHBA-2024:1451] advisory. The images that are included in the update are provided by the link:https://access.redhat.com/errata/RHSA-2024:1449[RHSA-2024:1449] advisory.

For the latest images included with {microshift-short}, view the contents of the `microshift-release-info` RPM. See xref:../microshift_install/microshift-embed-in-rpm-ostree-offline-use.adoc#microshift-embed-microshift-image-offline-deploy_microshift-embed-in-rpm-ostree-offline-use[Embedding {microshift-short} containers for offline deployments].

[discrete]
[id="microshift-4-15-5-enhancements"]
==== Enhancements

Change in openshift-marketplace pod security admission definition::
* With this release, the `openshift-marketplace` pod security admission definition defaults to `baseline`. See the OLM documentation for specifics on how this change impacts your operator deployments. See xref:../microshift_running_apps/microshift-operators-olm.adoc#microshift-operators-olm[Using Operator Lifecycle Manager with {microshift-short}]. (link:https://issues.redhat.com/browse/OCPBUGS-30034[OCPBUGS-30034])