You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: release_notes/ocp-4-17-release-notes.adoc
+44Lines changed: 44 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -2896,6 +2896,50 @@ This section will continue to be updated over time to provide notes on enhanceme
2896
2896
For any {product-title} release, always review the instructions on xref:../updating/updating_a_cluster/updating-cluster-web-console.adoc#updating-cluster-web-console[updating your cluster] properly.
2897
2897
====
2898
2898
2899
+
// 4.17.35
2900
+
[id="ocp-4-17-35_{context}"]
2901
+
=== RHSA-2025:10294 - {product-title} {product-version}.35 bug fix update and security
2902
+
2903
+
Issued: 09 July 2025
2904
+
2905
+
{product-title} release {product-version}.35 is now available. The list of bug fixes that are included in the update is documented in the link:https://access.redhat.com/errata/RHSA-2025:10294[RHSA-2025:10294] advisory. The RPM packages that are included in the update are provided by the link:https://access.redhat.com/errata/RHSA-2025:10295[RHSA-2025:10295] advisory.
2906
+
2907
+
Space precluded documenting all of the container images for this release in the advisory.
2908
+
2909
+
You can view the container images in this release by running the following command:
===== loopback certificate expiration date extended
2921
+
2922
+
* This enhancement extends the expiration date of the self-signed `loopback` certificate for the Kubernetes API Server from one year to three years. (link:https://issues.redhat.com/browse/OCPBUGS-57196[OCPBUGS-57196])
2923
+
2924
+
[id="ocp-4-17-35-bug-fixes_{context}"]
2925
+
==== Bug fixes
2926
+
2927
+
* Previously, the `oc adm node-image create` command incorrectly modified the existing permissions of the target assets folder when the command saved the artifacts on the disk. With this release, a bug fix ensures that the copying operation for the command preserves the destination folder permissions. (link:https://issues.redhat.com/browse/OCPBUGS-58091[OCPBUGS-58091])
2928
+
2929
+
* Previously, when installing into an existing virtual private cloud (VPC) on {aws-first}, a potential mismatch could occur in the subnet information in the {aws-short} Availability Zone between the machine set custom resources for control plane nodes and their corresponding {aws-short} EC2 instances. As a consequence, where the control plane nodes were spread across three Availability Zones and one was recreated, the discrepancy could result in an unbalanced control plane as two nodes occurred within the same Availability Zone. With this release, the subnet Availability Zone information in the machine set custom resources and in the EC2 instances now match and the issue is resolved. (link:https://issues.redhat.com/browse/OCPBUGS-57293[OCPBUGS-57293])
2930
+
2931
+
* Previously, the kubelet stopped reporting metrics if a `stat` call stalled from the kernel. For example, in instances where a `stat` call on the disk was run on the Network File System (NFS). With this release, the kubelet reports metrics even if a disk is stuck. (link:https://issues.redhat.com/browse/OCPBUGS-57289[OCPBUGS-57289])
2932
+
2933
+
* Previously, the `/metrics` endpoint failed to correctly parse a bearer token from the authorization header on internal Prometheus scrape requests. This caused the `TokenReviews` to fail and a `TargetDown` alert was triggered for the console metrics endpoint. With this release, the `/metrics` endpoint correctly parses the bearer token from the authorization header, the `TokenReview` step works as intended, and the `TargetDown` alert no longer displays. (link:https://issues.redhat.com/browse/OCPBUGS-57182[OCPBUGS-57182])
2934
+
2935
+
* Previously, an `iptables-alerter` pod had to make several calls to the `crictl` command-line interface (CLI) for each pod that existed in a node to fetch information for the cluster. These calls required high CPU usage that impacted cluster performance. With this release, an `iptables-alerter` pod only needs to make a single call to `crictl` to fetch information for all pods that exist in a node. (link:https://issues.redhat.com/browse/OCPBUGS-55518[OCPBUGS-55518])
2936
+
2937
+
* Previously, clusters that did not have the `IdleConnectionTerminationPolicy` API setting in the Ingress Controller API had the `idle-close-on-response` HAProxy setting enabled by default. This resulted in idle connections being closed immediately upon a response. With this release, the `IdleConnectionTerminationPolicy` API setting was added to the Ingress Controller API with `Deferred` as the default, enabling the HAProxy setting and keeping idle connections open until the last response is handled after a soft stop. (link:https://issues.redhat.com/browse/OCPBUGS-49702[OCPBUGS-49702])
2938
+
2939
+
[id="ocp-4-17-35-updating_{context}"]
2940
+
==== Updating
2941
+
To update an {product-title} 4.17 cluster to this latest release, see xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI].
0 commit comments