You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: release_notes/ocp-4-18-release-notes.adoc
+51Lines changed: 51 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -3023,6 +3023,57 @@ This section will continue to be updated over time to provide notes on enhanceme
3023
3023
For any {product-title} release, always review the instructions on xref:../updating/updating_a_cluster/updating-cluster-web-console.adoc#updating-cluster-web-console[updating your cluster] properly.
3024
3024
====
3025
3025
3026
+
// 4.18.18
3027
+
[id="ocp-4-18-18_{context}"]
3028
+
=== RHSA-2025:9269 - {product-title} {product-version}.18 bug fix and security update
3029
+
3030
+
Issued: 25 June 2025
3031
+
3032
+
{product-title} release {product-version}.18 is now available. The list of bug fixes that are included in the update is documented in the link:https://access.redhat.com/errata/RHSA-2025:9269[RHSA-2025:9269] advisory. The RPM packages that are included in the update are provided by the link:https://access.redhat.com/errata/RHBA-2025:9270[RHBA-2025:9270] advisory.
3033
+
3034
+
Space precluded documenting all of the container images for this release in the advisory.
3035
+
3036
+
You can view the container images in this release by running the following command:
3037
+
3038
+
[source,terminal]
3039
+
----
3040
+
$ oc adm release info 4.18.18 --pullspecs
3041
+
----
3042
+
3043
+
[id="ocp-4-18-18-bug-fixes_{context}"]
3044
+
==== Bug fixes
3045
+
3046
+
* Previously, the Started column was hidden on reduced screen sizes, causing the `VirtualizedTable` component to break due to a missing sort function. As a consequence, this broken table component prevented users from consistently viewing `pipelinerun` list pages. With this release, the `VirtualizedTable` component now handles missing sort functions for default columns for reduced screen sizes. As a result, you can consistently view `pipelinerun` list pages, regardless of screen size. (link:https://issues.redhat.com/browse/OCPBUGS-57353[OCPBUGS-57353])
3047
+
3048
+
* Previously, when you changed the order of selectors in the `ClusterRole` parameter for the `OperatorGroup` in Operator Lifecycle Management (OLM), unnecessary etcd writes and auth cache invalidation degraded performance. With this release, an update to OLM prevents unnecessary etcd writes and auth cache invalidation when you change the selector order in the `ClusterRole` parameter. (link:https://issues.redhat.com/browse/OCPBUGS-57314[OCPBUGS-57314])
3049
+
3050
+
* Previously, the agent-based installer ignored the custom `additionalTrustBundlePolicy` parameter because of a missing field in the `install-config.yaml` file. Consequently, cluster installations sometimes did not comply with specified settings due to ignored overrides. With this release, the `additionalTrustBundlePolicy` config overrides are now properly applied in the `install-config.yaml` file for the assisted-service. As a result, you can correctly set the `additionalTrustBundlePolicy` parameter, and other installation configuration overrides are correctly applied. (link:https://issues.redhat.com/browse/OCPBUGS-57306[OCPBUGS-57306])
3051
+
3052
+
* Previously, if you tried to update a hosted cluster that used in-place updates, the proxy variables were not honored and the update failed. With this release, the pod that performs in-place upgrades honors the cluster proxy settings. As a result, updates now work for hosted clusters that use in-place updates. (link:https://issues.redhat.com/browse/OCPBUGS-57273[OCPBUGS-57273])
3053
+
3054
+
* Previously, when installing into an existing virtual private cloud (VPC) on {aws-first}, a potential mismatch could occur in the subnet information in the {aws-short} Availability Zone between the machine set custom resources for control plane nodes and their corresponding {aws-short} EC2 instances. As a consequence, where the control plane nodes were spread across three Availability Zones and one was recreated the discrepancy could result in an unbalanced control plane as two nodes occurred within the same Availability Zone. With this release, it is ensured that the subnet availability zone (AZ) information in the machine set custom resources and in the EC2 instances match and the issue is resolved.
* Previously, the kubelet stopped reporting metrics if a `stat` call stalled from the kernel (for example, in instances where a `stat` call on the disk which was run on the Network File System (NFS)). With this release, the kubelet reports metrics even if a disk is stuck. (link:https://issues.redhat.com/browse/OCPBUGS-57219[OCPBUGS-57219])
3058
+
3059
+
* Previously, the `/metrics` endpoint was not correctly parsing a bearer token from the `Authorization` header on internal Prometheus scrape requests. Consequently, the `TokenReview` failed and all the scrape requests returned a 401 response. With this release, the metrics endpoint handler is updated to correctly parse bearer tokens in the `Authorization` header for the `TokenReview`. This update resolves the `TargetDown` alert in the {product-title} web console. (link:https://issues.redhat.com/browse/OCPBUGS-57181[OCPBUGS-57181])
3060
+
3061
+
* Previously, when you defined multiple bring-your-own (BYO) subnet CIDRs for the `machineNetwork` parameter in the `install-config.yaml` configuration file, the installation failed at the bootstrap stage. This situation occurred because the control plane nodes were blocked from reaching the machine config server (MCS) to get their necessary setup configurations. The root cause was an overly strict {aws-short} security group rule that limited MCS access to only the first specified machine network CIDR. With this release, a fix to the {aws-short} security group means that the installation succeeds when multiple CIDRs are specified in the `machineNetwork` parameter of the `install-config.yaml`. (link:https://issues.redhat.com/browse/OCPBUGS-57139[OCPBUGS-57139])
3062
+
3063
+
* Previously, when an IDMS or ICSP in the management cluster defined a source that pointed to `registry.redhat.io` or `registry.redhat.io/redhat` and the mirror registry did not contain the required OLM catalog images, the provisioning of the `HostedCluster` object stalled due to unauthorized image pulls. As a consequence, the `HostedCluster` object was not deployed, and was blocked from pulling essential catalog images from the mirrored registry. With this release, the provisioning explicitly fails and blocks if a required image cannot be pulled due to authorization errors. In addition, the logic for registry overrides is improved to allow matches on the root of the registry, such as `registry.redhat.io`, for OLM CatalogSource image resolution. Also, a fallback mechanism is introduced to use the original image reference if the registry override does not yield a working image. As a result, the `HostedCluster` object is deployed, even in scenarios where the mirror registry lacks the required OLM catalog images, because the system correctly falls back to pull from the original source when appropriate. (link:https://issues.redhat.com/browse/OCPBUGS-56955[OCPBUGS-56955])
3064
+
3065
+
* Previously, the self-signed loopback certificate for the Kubernetes API Server expired after one year. With this release, the expiration date of the certificate is extended to three years. (link:https://issues.redhat.com/browse/OCPBUGS-56835[OCPBUGS-56835])
3066
+
3067
+
* Previously, a Machine Config Operator (MCO) incorrectly set an `Upgradeable=False` condition to all new nodes that were added to a cluster. The condition stated a `PoolUpdating` reason for set condition. With this release, the MCO now correctly sets `Upgradeable=True` condition to all new nodes that get added to a cluster so that the issue no longer exists. (link:https://issues.redhat.com/browse/OCPBUGS-56517[OCPBUGS-56517])
3068
+
3069
+
* Previously, the IDMS or ICSP resources from the management cluster were processed without considering that a user might specify only the root registry name as a mirror or source for image replacement. As a consequence, any IDMS or ICSP entries that used only the root registry name did not work as expected. With this release, the mirror replacement logic now correctly handles cases where only the root registry name is provided. As a result, the issue no longer occurs, and the root registry mirror replacements are now supported. (link:https://issues.redhat.com/browse/OCPBUGS-56166[OCPBUGS-56166])
3070
+
3071
+
* Previously, during image cleanup, oc-mirror plugin v2 would stop the deletion process if any error occurred while removing an image. With this release, oc-mirror plugin v2 continues attempting to delete remaining images even after encountering errors. After the process completes, it displays a list of any failed deletions. (link:https://issues.redhat.com/browse/OCPBUGS-56125[OCPBUGS-56125])
3072
+
3073
+
[id="ocp-4-18-18-updating_{context}"]
3074
+
==== Updating
3075
+
To update an {product-title} 4.18 cluster to this latest release, see xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI].
3076
+
3026
3077
// 4.18.17
3027
3078
[id="ocp-4-18-17_{context}"]
3028
3079
=== RHSA-2025:8560 - {product-title} {product-version}.17 bug fix and security update
0 commit comments