v1.0.5

API Changes

• If a deployment config is created without specifying the triggers field, the deployment will default to having a ConfigChange trigger.
• A new field subjects (a list of object references) is available when creating role bindings. You may pass object references to User, SystemUser, Group, SystemGroup, or ServiceAccount when defining the binding. Passing a reference to a service account will resolve the correct name, making it easier to grant access to service accounts in the current namespace. If users or groups are also specified, they will take priority over values set in subjects

Features

Security

• Secrets were previously limited to only being available in pods when the service account referenced them. To make it easier to use secrets in templates, this is now disabled by default. Administrators can set a config variable to force this for the whole platform, and in a project you can set the "kubernetes.io/enforce-mountable-secrets" annotation to "true" on a particular serivce account to require that check.

High Availability

• Master processes can now be started separately as API server and controllers via openshift start master api and openshift start master controllers. Added support for controller leader election - set controllerLeaseTTL to a value between 10 and 300 seconds to control the expiration of a lease (a good default is 30 or 60s). When controllers lose their lease they will exit and expect to be restarted by a process manager.

Platform

• Added support for groups of users. Introduced oc groups command to manage them.
• Service accounts are more easily bound to roles through the new subjects field (described in API Changes above)

Networking/Routing

• Added multitenant SDN support to isolate pods based on which project they belong to.
• Added --host-network flag to openshift router command to allow router to run with container network stack (when set to false)

Images

• Importing and pulling from V2 registries is now supported.
• The import-image command can now create image streams with the --from flag specifying the repo you want to import.
• When you tag an image with 'oc tag' into an image stream that does not exist, an image stream can now be automatically created.

Storage

• The volume command now lists by default, and shows you additional information about each volume type.
  • Persistent volume claims show whether they are provisioned or not, their size, and details about their bound persistent volume. The volume command can also create a new persistent volume claim for you if you specify --claim-size=
• Added support for CephFS volumes

CLI

• Added a --list flag to oc new-app to display list of available images and templates
• Added --short or -q flag to oc project command to only display project name

Builds

• Custom builds now allow a forcePull flag to indicate that the custom builder image must be pulled.
• Multiple image change triggers are now allowed in BuildConfigs

Templates

• Added required attribute to template parameters. Templates now cannot be instantiated without supplying a value for all required parameters.

Fixes

Platform

• Projects can now be updated using oc edit - project admins can change display name and description.

Web Console

• Updated the set of labels generated when creating a new app from source just as in the CLI.
• Improved display of builds in web console.

Builds

• Builds in which a pod is not created are no longer marked as successful.
• Prevent starting S2I builds that may run as root based on security context constraints on the builder service account.
• Prevent remote shell access to builder containers.

CLI

• Builds are now listed according to creation timestamp
• Builds from new-app are started immediately with ConfigChange trigger
• Fixed help text for oc get projects

Networking/Routing

• Trigger SDN node event when node ip changes
• Rolling update strategy is used for router deploy
• Added mode http to HA proxy frontend SNI definition