v1.1.1

This is a bug fix and feature release on top of v1.1 Origin.

API Changes

• Allow deleting a tag via DELETE /oapi/v1/namespaces/NAMESPACE/imagestreamtags/STREAM:TAG
• It is no longer valid to set route TLS configuration without also specifying a termination type. A default has been set for type to be terminate if the user provided TLS certificates
• Docker builds can now be configured with custom Dockerfile paths

Dynamic provisioning of persistent volumes

Dynamic provisioning of persistent volumes was implemented for AWS, GCE, and OpenStack, with 1 provisioner per cloud provider. PersistentVolumes of those types can be made on-the-fly in response to a PersistentVolumeClaim with a specific annotation ("volume.alpha.kubernetes.io/storage-class"). This feature is experimental and may change in future releases. Having multiple provisioners at once is not currently supported.

Web Console

• Allow build config environment variables to be edited from the web console
• Show build trends on the build config overview page
• Individual build configs and deployments can be deleted
• Allow any object in the web console to be edited like oc edit with a direct YAML editor, for when you need to tweak rarely used fields
• Improve the experience around web console scaling with more information
• Show empty replication controllers in the overview when they are not part of a service
• Users can dismiss web console alerts

Command line

• oc status now shows suggestions and warnings about conditions it detects in the current project
• oc start-build now allows environment and log-level to be passed as arguments
• oc secret allows custom secret types to be created
  • Accept the new dockercfg format in the oc secrets commands
• oc new-build now supports the --to flag, which allows you to specify which image stream tag you want to push a build to. You can pass --to-docker to push to an external image registry. If you only want to test the build, pass --no-output which will just ensure the build passes.
• Support some of the global rsync flags on oc rsync for displaying progress information - not supported on all rsync backends (like tar)

Security

• The user name of the person requesting a project be created is now available to parameterize the initial project template as the parameter PROJECT_REQUESTING_USER
• When creating a new application from a Docker image, warn if the image does not specify a user that administrators may have disabled running as root inside of containers.
• Add a new role system:image-pusher that allows pushing images to the integrated registry.
• Deleting a cluster role from the command line will now delete all role bindings associated to that role unless you pass --cascade=false
• Deleting users and groups cascades to delete their role bindings across the cluster.
• Run the Docker registry as a non-root user

Misc features

• Update to the 2.2.1 version of the Docker registry
• Use the new iptables kube-proxier instead of the userspace proxier for a big improvement in speed and reduction in CPU
• Promote the LDAP group prune and sync commands out of experimental into oadm groups
• More tests and config warnings in openshift ex diagnostics
• Builds are updated with the Git commit used in a build after the build completes.
• Routers now support overriding the host value in a route at startup - you can start multiple routers and serve the same route over different wildcards (with different configurations). See the help for openshift-router

Bug fixes

• Remove deployer pods when pruning failed deployments
• Various improvements to tab-autocompletion scripts on the command line
  • Fix autocompletion of build config names
  • Fix autocompletion of flags used by all commands
• When filewalld is restarted, reload proxy rules
• Give router instances a readiness check and update their liveness check to always use /healthz (which is now exposed)
• Do not export service account secrets that can't be used in other environments (service account tokens are namespace specific)
• Allow the streaming connection timeout in the kubelet to be configured via kubelet extended parameters, instead of being hardcoded
• Validate the remote repository to be cloned in builds using git ls-remote which is more accurate when using certain Git clone specs
• When using source code authentication in builds, if the password exceeds 255 characters (which is not supported by Git correctly) we now use a local proxy
• oc start-build --from-webhook could fail when not passing Git info
• On Windows, oc now uses the correct home directory for its operations
• The Jenkins template no longer identifies Jenkins as a DB
• When generating applications using new-app or builds with new-build, prevent accidental circular references (don't push the build output to the same tag that is used as the input to the build)
• Make oc env more tolerant of the background status updates the node generates (less conflict failures from the CLI)
• Improve deployment scaling behavior by making oc scale dc/foo more reliable and predictable.
• When running oc new-app, allow the local Docker daemon to be contacted over TLS if the user has specified the normal Docker client environment variables.
• Websocket watches were not being closed cleanly, resulting in hangs on some browsers
• DNS in the cluster is now served via the kube-proxy on the Kubernetes master port 53, which ensures that in an HA setup DNS continues to respond.
• systemd start notifications were not properly being delivered in some cases, resulting in services being restarted
• oc expose is updated to work with services that use port names (instead of numbers) when creating routes
• Importing of Docker images into image streams now correctly works when using a proxy via HTTPS_PROXY
• In a clustered etcd deployment, wait for access tokens to propagate to all cluster members before returning the token to the user
• Setting a node IP in the Kubelet config no longer overrides the node hostname.