Red Hat OpenShift 4.10.3 RHSA-2022:0056-01 Moderate: Multiple Threats

Red Hat OpenShift Container Platform release 4.10.3 is now available withupdates to packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.2034474 - Template's boot source is "Unknown source" before and after set enableCommonBootImageImport to true2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren't working properly2034493 - Change cluster version operator log level2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list2034527 - IPI deployment fails 'timeout reached while inspecting the node' when provisioning network ipv62034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART2034537 - Update team2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success2034577 - Current OVN gateway mode should be reflected on node annotation as well2034621 - context menu not popping up for application group2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.102034624 - Warn about unsupported CSI driver in vsphere operator2034647 - missing volumes list in snapshot modal2034648 - Rebase openshift-controller-manager to 1.232034650 - Rebase openshift/builder to 1.232034705 - vSphere: storage e2e tests logging configuration data2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail.2034766 - Special Resource Operator(SRO) - no cert-manager pod created in dual stack environment2034785 - ptpconfig with summary_interval cannot be applied2034823 - RHEL9 should be starred in template list2034838 - An external router can inject routes if no service is added2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent2034879 - Lifecycle hook's name and owner shouldn't be allowed to be empty2034881 - Cloud providers components should use K8s 1.23 dependencies2034884 - ART cannot build the image because it tries to download controller-gen2034889 - `oc adm prune deployments` does not work2034898 - Regression in recently added Events feature2034957 - update openshift-apiserver to kube 1.23.12035015 - ClusterLogForwarding CR remains stuck remediating forever2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster2035141 - [RFE] Show GPU/Host devices in template's details tab2035146 - "kubevirt-plugin~PVC cannot be empty" shows on add-disk modal while adding existing PVC2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting2035199 - IPv6 support in mtu-migration-dispatcher.yaml2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing2035250 - Peering with ebgp peer over multi-hops doesn't work2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices2035315 - invalid test cases for AWS passthrough mode2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env2035321 - Add Sprint 211 translations2035326 - [ExternalCloudProvider] installation with additional network on workers fails2035328 - Ccoctl does not ignore credentials request manifest marked for deletion2035333 - Kuryr orphans ports on 504 errors from Neutron2035348 - Fix two grammar issues in kubevirt-plugin.json strings2035393 - oc set data --dry-run=server makes persistent changes to configmaps and secrets2035409 - OLM E2E test depends on operator package that's no longer published2035439 - SDN Automatic assignment EgressIP on GCP returned node IP adress not egressIP address2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to 'ecs-cn-hangzhou.aliyuncs.com' timeout, although the specified region is 'us-east-1'2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster2035467 - UI: Queried metrics can't be ordered on Oberve->Metrics page2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class2035602 - [e2e][automation] add tests for Virtualization Overview page cards2035703 - Roles -> RoleBindings tab doesn't show RoleBindings correctly2035704 - RoleBindings list page filter doesn't apply2035705 - Azure 'Destroy cluster' get stuck when the cluster resource group is already not existing.2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed2035772 - AccessMode and VolumeMode is not reserved for customize wizard2035847 - Two dashes in the Cronjob / Job pod name2035859 - the output of opm render doesn't contain olm.constraint which is defined in dependencies.yaml2035882 - [BIOS setting values] Create events for all invalid settings in spec2035903 - One redundant capi-operator credential requests in “oc adm extract --credentials-requests”2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen2035927 - Cannot enable HighNodeUtilization scheduler profile2035933 - volume mode and access mode are empty in customize wizard review tab2035969 - "ip a " shows "Error: Peer netns reference is invalid" after create test pods2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error2036029 - New added cloud-network-config operator doesn’t supported aws sts format credential2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.232036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.232036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected2036826 - `oc adm prune deployments` can prune the RC/RS2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform2036861 - kube-apiserver is degraded while enable multitenant2036937 - Command line tools page shows wrong download ODO link2036940 - oc registry login fails if the file is empty or stdout2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container2036989 - Route URL copy to clipboard button wraps to a separate line by itself2036990 - ZTP "DU Done inform policy" never becomes compliant on multi-node clusters2036993 - Machine API components should use Go lang version 1.172037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log.2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api2037073 - Alertmanager container fails to start because of startup probe never being successful2037075 - Builds do not support CSI volumes2037167 - Some log level in ibm-vpc-block-csi-controller are hard code2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles2037182 - PingSource badge color is not matched with knativeEventing color2037203 - "Running VMs" card is too small in Virtualization Overview2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly2037237 - Add "This is a CD-ROM boot source" to customize wizard2037241 - default TTL for noobaa cache buckets should be 02037246 - Cannot customize auto-update boot source2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately2037288 - Remove stale image reference2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources2037483 - Rbacs for Pods within the CBO should be more restrictive2037484 - Bump dependencies to k8s 1.232037554 - Mismatched wave number error message should include the wave numbers that are in conflict2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform]2037635 - impossible to configure custom certs for default console route in ingress config2037637 - configure custom certificate for default console route doesn't take effect for OCP >= 4.82037638 - Builds do not support CSI volumes as volume sources2037664 - text formatting issue in Installed Operators list table2037680 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :80802037689 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :80802037801 - Serverless installation is failing on CI jobs for e2e tests2037813 - Metal Day 1 Networking - networkConfig Field Only Accepts String Format2037856 - use lease for leader election2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.102037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests2037904 - upgrade operator deployment failed due to memory limit too low for manager container2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation]2038034 - non-privileged user cannot see auto-update boot source2038053 - Bump dependencies to k8s 1.232038088 - Remove ipa-downloader references2038160 - The `default` project missed the annotation : openshift.io/node-selector: ""2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional2038196 - must-gather is missing collecting some metal3 resources2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777)2038253 - Validator Policies are long lived2038272 - Failures to build a PreprovisioningImage are not reported2038384 - Azure Default Instance Types are Incorrect2038389 - Failing test: [sig-arch] events should not repeat pathologically2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect2038663 - update kubevirt-plugin OWNERS2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via "oc adm groups new"2038705 - Update ptp reviewers2038761 - Open Observe->Targets page, wait for a while, page become blank2038768 - All the filters on the Observe->Targets page can't work2038772 - Some monitors failed to display on Observe->Targets page2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation2038864 - E2E tests fail because multi-hop-net was not created2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured2038968 - Move feature gates from a carry patch to openshift/api2039056 - Layout issue with breadcrumbs on API explorer page2039057 - Kind column is not wide enough in API explorer page2039064 - Bulk Import e2e test flaking at a high rate2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator2039170 - [upgrade]Error shown on registry operator "missing the cloud-provider-config configmap" after upgrade2039227 - Improve image customization server parameter passing during installation2039241 - Improve image customization server parameter passing during installation2039244 - Helm Release revision history page crashes the UI2039294 - SDN controller metrics cannot be consumed correctly by prometheus2039311 - oc Does Not Describe Build CSI Volumes2039315 - Helm release list page should only fetch secrets for deployed charts2039321 - SDN controller metrics are not being consumed by prometheus2039330 - Create NMState button doesn't work in OperatorHub web console2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters.2039359 - `oc adm prune deployments` can't prune the RS where the associated Deployment no longer exists2039382 - gather_metallb_logs does not have execution permission2039406 - logout from rest session after vsphere operator sync is finished2039408 - Add GCP region northamerica-northeast2 to allowed regions2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration2039425 - No need to set KlusterletAddonConfig CR applicationManager->enabled: true in RAN ztp deployment2039491 - oc - git:// protocol used in unit tests2039516 - Bump OVN to ovn21.12-21.12.0-252039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled2039541 - Resolv-prepender script duplicating entries2039586 - [e2e] update centos8 to centos stream82039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty2039619 - [AWS] In tree provisioner storageclass aws disk type should contain 'gp3' and csi provisioner storageclass default aws disk type should be 'gp3'2039670 - Create PDBs for control plane components2039678 - Page goes blank when create image pull secret2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported2039743 - React missing key warning when open operator hub detail page (and maybe others as well)2039756 - React missing key warning when open KnativeServing details2039770 - Observe dashboard doesn't react on time-range changes after browser reload when perspective is changed in another tab2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard2039781 - [GSS] OBC is not visible by admin of a Project on Console2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled2039880 - Log level too low for control plane metrics2039919 - Add E2E test for router compression feature2039981 - ZTP for standard clusters installs stalld on master nodes2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced2040143 - [IPI on Alibabacloud] suggest to remove region "cn-nanjing" or provide better error message2040150 - Update ConfigMap keys for IBM HPCS2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp2040376 - "unknown instance type" error for supported m6i.xlarge instance2040394 - Controller: enqueue the failed configmap till services update2040467 - Cannot build ztp-site-generator container image2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn't take affect in OpenShift 42040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps2040535 - Auto-update boot source is not available in customize wizard2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name2040603 - rhel worker scaleup playbook failed because missing some dependency of podman2040616 - rolebindings page doesn't load for normal users2040620 - [MAPO] Error pulling MAPO image on installation2040653 - Topology sidebar warns that another component is updated while rendering2040655 - User settings update fails when selecting application in topology sidebar2040661 - Different react warnings about updating state on unmounted components when leaving topology2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi2040694 - Three upstream HTTPClientConfig struct fields missing in the operator2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers2040710 - cluster-baremetal-operator cannot update BMC subscription CR2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms2040782 - Import YAML page blocks input with more then one generateName attribute2040783 - The Import from YAML summary page doesn't show the resource name if created via generateName attribute2040791 - Default PGT policies must be 'inform' to integrate with the Lifecycle Operator2040793 - Fix snapshot e2e failures2040880 - do not block upgrades if we can't connect to vcenter2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.102041093 - autounattend.xml missing2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates2041319 - [IPI on Alibabacloud] installation in region "cn-shanghai" failed, due to "Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped"2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.232041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener2041441 - Provision volume with size 3000Gi even if sizeRange: '[10-2000]GiB' in storageclass on IBM cloud2041466 - Kubedescheduler version is missing from the operator logs2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR is missing (controller and speaker pods)2041492 - Spacing between resources in inventory card is too small2041509 - GCP Cloud provider components should use K8s 1.23 dependencies2041510 - cluster-baremetal-operator doesn't run baremetal-operator's subscription webhook2041541 - audit: ManagedFields are dropped using API not annotation2041546 - ovnkube: set election timer at RAFT cluster creation time2041554 - use lease for leader election2041581 - KubeDescheduler operator log shows "Use of insecure cipher detected"2041583 - etcd and api server cpu mask interferes with a guaranteed workload2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation2041620 - bundle CSV alm-examples does not parse2041641 - Fix inotify leak and kubelet retaining memory2041671 - Delete templates leads to 404 page2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled2041750 - [IPI on Alibabacloud] trying "create install-config" with region "cn-wulanchabu (China (Ulanqab))" (or "ap-southeast-6 (Philippines (Manila))", "cn-guangzhou (China (Guangzhou))") failed due to invalid endpoint2041763 - The Observe > Alerting pages no longer have their default sort order applied2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied2041882 - cloud-network-config operator can't work normal on GCP workload identity cluster2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist2041971 - [vsphere] Reconciliation of mutating webhooks didn't happen2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile2041999 - [PROXY] external dns pod cannot recognize custom proxy CA2042001 - unexpectedly found multiple load balancers2042029 - kubedescheduler fails to install completely2042036 - [IBMCLOUD] "openshift-install explain installconfig.platform.ibmcloud" contains not yet supported custom vpc parameters2042049 - Seeing warning related to unrecognized feature gate in kubescheduler & KCM logs2042059 - update discovery burst to reflect lots of CRDs on openshift clusters2042069 - Revert toolbox to rhcos-toolbox2042169 - Can not delete egressnetworkpolicy in Foreground propagation2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool2042265 - [IBM]"--scale-down-utilization-threshold" doesn't work on IBMCloud2042274 - Storage API should be used when creating a PVC2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection2042366 - Lifecycle hooks should be independently managed2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway2042382 - [e2e][automation] CI takes more then 2 hours to run2042395 - Add prerequisites for active health checks test2042438 - Missing rpms in openstack-installer image2042466 - Selection does not happen when switching from Topology Graph to List View2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver2042567 - insufficient info on CodeReady Containers configuration2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk2042619 - Overview page of the console is broken for hypershift clusters2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud2042770 - [IPI on Alibabacloud] with vpcID & vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring)2042851 - Create template from SAP HANA template flow - VM is created instead of a new template2042906 - Edit machineset with same machine deletion hook name succeed2042960 - azure-file CI fails with "gid(0) in storageClass and pod fsgroup(1000) are not equal"2043003 - [IPI on Alibabacloud] 'destroy cluster' of a failed installation (bug2041694) stuck after 'stage=Nat gateways'2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]2043043 - Cluster Autoscaler should use K8s 1.23 dependencies2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props)2043078 - Favorite system projects not visible in the project selector after toggling "Show default projects".2043117 - Recommended operators links are erroneously treated as external2043130 - Update CSI sidecars to the latest release for 4.102043234 - Missing validation when creating several BGPPeers with the same peerAddress2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler2043254 - crio does not bind the security profiles directory2043296 - Ignition fails when reusing existing statically-keyed LUKS volume2043297 - [4.10] Bootimage bump tracker2043316 - RHCOS VM fails to boot on Nutanix AOS2043446 - Rebase aws-efs-utils to the latest upstream version.2043556 - Add proper ci-operator configuration to ironic and ironic-agent images2043577 - DPU network operator2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator2043675 - Too many machines deleted by cluster autoscaler when scaling down2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation2043709 - Logging flags no longer being bound to command line2043721 - Installer bootstrap hosts using outdated kubelet containing bugs2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather2043759 - Bump cluster-ingress-operator to k8s.io/api 1.232043780 - Bump router to k8s.io/api 1.232043787 - Bump cluster-dns-operator to k8s.io/api 1.232043801 - Bump CoreDNS to k8s.io/api 1.232043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown2043961 - [OVN-K] If pod creation fails, retry doesn't work as expected.2044201 - Templates golden image parameters names should be supported2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8]2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter “csi.storage.k8s.io/fstype” create pvc,pod successfully but write data to the pod's volume failed of "Permission denied"2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects2044347 - Bump to kubernetes 1.23.32044481 - collect sharedresource cluster scoped instances with must-gather2044496 - Unable to create hardware events subscription - failed to add finalizers2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources2044680 - Additional libovsdb performance and resource consumption fixes2044704 - Observe > Alerting pages should not show runbook links in 4.102044717 - [e2e] improve tests for upstream test environment2044724 - Remove namespace column on VM list page when a project is selected2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff2044808 - machine-config-daemon-pull.service: use `cp` instead of `cat` when extracting MCD in OKD2045024 - CustomNoUpgrade alerts should be ignored2045112 - vsphere-problem-detector has missing rbac rules for leases2045199 - SnapShot with Disk Hot-plug hangs2045561 - Cluster Autoscaler should use the same default Group value as Cluster API2045591 - Reconciliation of aws pod identity mutating webhook did not happen2045849 - Add Sprint 212 translations2045866 - MCO Operator pod spam "Error creating event" warning messages in 4.102045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin2045916 - [IBMCloud] Default machine profile in installer is unreliable2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify2046137 - oc output for unknown commands is not human readable2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance2046297 - Bump DB reconnect timeout2046517 - In Notification drawer, the "Recommendations" header shows when there isn't any recommendations2046597 - Observe > Targets page may show the wrong service monitor is multiple monitors have the same namespace & label selectors2046626 - Allow setting custom metrics for Ansible-based Operators2046683 - [AliCloud]"--scale-down-utilization-threshold" doesn't work on AliCloud2047025 - Installation fails because of Alibaba CSI driver operator is degraded2047190 - Bump Alibaba CSI driver for 4.102047238 - When using communities and localpreferences together, only localpreference gets applied2047255 - alibaba: resourceGroupID not found2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions2047317 - Update HELM OWNERS files under Dev Console2047455 - [IBM Cloud] Update custom image os type2047496 - Add image digest feature2047779 - do not degrade cluster if storagepolicy creation fails2047927 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used2047929 - use lease for leader election2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]2048046 - New route annotation to show another URL or hide topology URL decorator doesn't work for Knative Services2048048 - Application tab in User Preferences dropdown menus are too wide.2048050 - Topology list view items are not highlighted on keyboard navigation2048117 - [IBM]Shouldn't change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value2048413 - Bond CNI: Failed to attach Bond NAD to pod2048443 - Image registry operator panics when finalizes config deletion2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-*2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt2048598 - Web terminal view is broken2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure2048891 - Topology page is crashed2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class2049043 - Cannot create VM from template2049156 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used2049886 - Placeholder bug for OCP 4.10.0 metadata release2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.22050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.02050227 - Installation on PSI fails with: 'openstack platform does not have the required standard-attr-tag network extension'2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s]2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members2050310 - ContainerCreateError when trying to launch large (>500) numbers of pods across nodes2050370 - alert data for burn budget needs to be updated to prevent regression2050393 - ZTP missing support for local image registry and custom machine config2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud2050737 - Remove metrics and events for master port offsets2050801 - Vsphere upi tries to access vsphere during manifests generation phase2050883 - Logger object in LSO does not log source location accurately2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit2052062 - Whereabouts should implement client-go 1.22+2052125 - [4.10] Crio appears to be coredumping in some scenarios2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade.2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests2052598 - kube-scheduler should use configmap lease2052599 - kube-controller-manger should use configmap lease2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set.2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.12052666 - [4.10.z] change gitmodules to rhcos-4.10 branch2052756 - [4.10] PVs are not being cleaned up after PVC deletion2053175 - oc adm catalog mirror throws 'missing signature key' error when using file://local/index2053218 - ImagePull fails with error "unable to pull manifest from /busy.box:v5 invalid reference format"2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs2053268 - inability to detect static lifecycle failure2053314 - requestheader IDP test doesn't wait for cleanup, causing high failure rates2053323 - OpenShift-Ansible BYOH Unit Tests are Broken2053339 - Remove dev preview badge from IBM FlashSystem deployment windows2053751 - ztp-site-generate container is missing convenience entrypoint2053945 - [4.10] Failed to apply sriov policy on intel nics2054109 - Missing "app" label2054154 - RoleBinding in project without subject is causing "Project access" page to fail2054244 - Latest pipeline run should be listed on the top of the pipeline run list2054288 - console-master-e2e-gcp-console is broken2054562 - DPU network operator 4.10 branch need to sync with master2054897 - Unable to deploy hw-event-proxy operator2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line2055371 - Remove Check which enforces summary_interval must match logSyncInterval2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.112055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured2056479 - ovirt-csi-driver-node pods are crashing intermittently2056572 - reconcilePrecaching error: cannot list resource "clusterserviceversions" in API group "operators.coreos.com" at the cluster scope"2056629 - [4.10] EFS CSI driver can't unmount volumes with "wait: no child processes"2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation2056948 - post 1.23 rebase: regression in service-load balancer reliability2057438 - Service Level Agreement (SLA) always show 'Unknown'2057721 - Fix Proxy support in RHACM 2.4.22057724 - Image creation fails when NMstateConfig CR is empty2058641 - [4.10] Pod density test causing problems when using kube-burner2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials2060956 - service domain can't be resolved when networkpolicy is used in OCP 4.10-rc