About this release

These release notes track the development of OpenShift sandboxed containers 1.1 alongside Red Hat OpenShift Container Platform 4.9.

This product is currently in Technology Preview. OpenShift sandboxed containers is not intended for production use. For more information, see the Red Hat Customer Portal support scope for features in Technology Preview.

New features and enhancements

FIPS compatibility

FIPS mode is now automatically enabled for OpenShift sandboxed containers. OpenShift sandboxed containers deployed on an OpenShift Container Platform cluster installed in FIPS mode will not taint the cluster’s FIPS support. For more information, see Understanding compliance and risk management.

Collect resources with must-gather

The OpenShift sandboxed containers Operator now includes a must-gather image, allowing you to collect custom resources and log files specific to this Operator and the underlying runtime components for diagnostic purposes. For more information, see Collecting OpenShift sandboxed containers data for Red Hat Support.

Disconnected environments

You can now install the OpenShift sandboxed containers Operator in a disconnected environment. For more information, see the Additional resources for Deploying OpenShift sandboxed containers workloads.

Bug fixes

  • Previously, when running Fedora on OpenShift sandboxed containers, some packages required file access permission changes that OpenShift Container Platform did not grant to containers by default. With this release, these permissions are granted by default. (BZ#1915377)

  • Previously, adding a value to kataConfgPoolSelector in the OpenShift Container Platform web console populated scheduling.nodeSelector with an empty value. As a result, pods that used a RuntimeClass object with the value of kata could be scheduled to nodes without the Kata Containers runtime installed. With this release, only nodes labeled with the same label as defined in kataConfgPoolSelector will install the Kata Containers runtime. (BZ#2019384)

  • Previously, the OpenShift sandboxed containers Operator details page on Operator Hub was missing fields. In this release, these fields are no longer missing. (BZ#2019383)

  • Previously, creating multiple KataConfig custom resources resulted in a silent failure, with no error from the OpenShift Container Platform web console notifying the user that creating more than one custom resource failed. With this release, the user receives an error when trying to create multiple custom resources. (BZ#2019381)

  • Previously, there were instances where the Operator Hub in the OpenShift Container Platform web console did not display icons for an Operator. With this release, icons are always displayed. (BZ#9019380)

Known issues

  • If you are using OpenShift sandboxed containers, you cannot use the hostPath volume in a OpenShift Container Platform cluster to mount a file or directory from the host node’s file system into your pod. As an alternative, you can use local persistent volumes. See Persistent storage using local volumes for more information. (BZ#1904609)

Asynchronous errata updates

Security, bug fix, and enhancement updates for OpenShift sandboxed containers 4.9 are released as asynchronous errata through the Red Hat Network. All OpenShift Container Platform 4.9 errata is available on the Red Hat Customer Portal. See the OpenShift Container Platform Life Cycle for more information about asynchronous errata.

Red Hat Customer Portal users can enable errata notifications in the account settings for Red Hat Subscription Management (RHSM). When errata notifications are enabled, users are notified via email whenever new errata relevant to their registered systems are released.

Red Hat Customer Portal user accounts must have systems registered and consuming OpenShift Container Platform entitlements for OpenShift Container Platform errata notification emails to generate.

This section will continue to be updated over time to provide notes on enhancements and bug fixes for future asynchronous errata releases of OpenShift sandboxed containers 1.1.0.

RHEA-2021:3941 - OpenShift sandboxed containers 1.1.0 image release, bug fix,and enhancement advisory

Issued: 2021-10-21

OpenShift sandboxed containers release 1.1.0 is now available. This advisory contains an update for OpenShift sandboxed containers with enhancements and bug fixes.

The list of bug fixes included in the update is documented in the RHEA-2021:3941 advisory.