This documentation is for a release that is no longer maintained
See documentation for the latest supported version 3 or the latest supported version 4.Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 1. {sandboxed-containers-first} 1.0 release notes
1.1. About this release
These release notes track the development of OpenShift sandboxed containers in Red Hat OpenShift Container Platform.
This product is currently in Technology Preview. OpenShift sandboxed containers is not intended for production use. For more information, see the Red Hat Customer Portal support scope for features in Technology Preview.
1.2. New features and enhancements
1.2.1. OpenShift sandboxed containers support on OpenShift Container Platform (Technology Preview)
					OpenShift sandboxed containers 1.0.0 Technology Preview release introduces built-in support for running Kata Containers as an additional runtime. OpenShift sandboxed containers enables users to choose Kata Containers as an additional runtime to provide additional isolation for their workloads. The OpenShift sandboxed containers Operator automates the tasks of installing, removing, and updating Kata Containers. It allows for tracking the state of those tasks by describing the KataConfig custom resource.
				
OpenShift sandboxed containers are only supported on bare metal. Red Hat Enterprise Linux CoreOS (RHCOS) is the only supported operating system for OpenShift sandboxed containers 1.0.0. Disconnected environments are not supported in OpenShift Container Platform 4.8.
For more information, see Understanding OpenShift sandboxed containers
1.3. Known issues
- 
						If you are using OpenShift sandboxed containers, you cannot use the hostPathvolume in a OpenShift Container Platform cluster to mount a file or directory from the host node’s file system into your pod. As an alternative, you can use local persistent volumes. See Persistent storage using local volumes for more information. (BZ#1904609)
- If you are running Fedora on OpenShift sandboxed containers, you need a workaround to install some packages. Some packages, like - iputils, require file access permission changes that OpenShift Container Platform does not grant to containers by default. To run containers that require such special permissions, it is necessary to add an annotation to the YAML file describing the workload, which tells- virtiofsdto accept such file permissions for that workload. The required annotations are:- io.katacontainers.config.hypervisor.virtio_fs_extra_args: | [ "-o", "modcaps=+sys_admin", "-o", "xattr" ] - io.katacontainers.config.hypervisor.virtio_fs_extra_args: | [ "-o", "modcaps=+sys_admin", "-o", "xattr" ]- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- In the 4.8 release, adding a value to - kataConfgPoolSelectorby using the OpenShift Container Platform web console causes- scheduling.nodeSelectorto be populated with an empty value. Pods that use- RuntimeClasswith the value of- katamight be scheduled to nodes that do not have the Kata Containers runtime installed.- To work around this issue, specify the - nodeSelectorvalue manually in the- RuntimeClass- kataby running the following command:- oc edit runtimeclass kata - $ oc edit runtimeclass kata- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - The following is an example of a - RuntimeClasswith the correct- nodeSelectorstatement.- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- The OpenShift sandboxed containers Operator details page on Operator Hub contains a few missing fields. The missing fields do not prevent you from installing the OpenShift sandboxed containers Operator in 4.8. (BZ#2019383)
- 
						Creating multiple KataConfigcustom resources results in a silent failure. The OpenShift Container Platform web console does not provide a prompt to notify the user that creating more than one custom resource has failed. (BZ#2019381)
- Sometimes the Operator Hub in the OpenShift Container Platform web console does not display icons for an Operator. (BZ#2019380)
1.4. Asynchronous errata updates
Security, bug fix, and enhancement updates for OpenShift sandboxed containers 1.0 are released as asynchronous errata through the Red Hat Network. All OpenShift Container Platform 4.8 errata is available on the Red Hat Customer Portal. See the OpenShift Container Platform Life Cycle for more information about asynchronous errata.
Red Hat Customer Portal users can enable errata notifications in the account settings for Red Hat Subscription Management (RHSM). When errata notifications are enabled, users are notified via email whenever new errata relevant to their registered systems are released.
Red Hat Customer Portal user accounts must have systems registered and consuming OpenShift Container Platform entitlements for OpenShift Container Platform errata notification emails to generate.
This section will continue to be updated over time to provide notes on enhancements and bug fixes for future asynchronous errata releases of OpenShift sandboxed containers 1.0.0.
1.4.1. RHBA-2021:3751 - OpenShift sandboxed containers 1.0.2 bug fix advisory
Issued: 2021-10-07
OpenShift sandboxed containers release 1.0.2 is now available. This advisory contains an update for OpenShift sandboxed containers with bug fixes.
The list of bug fixes that are included in the update is documented in the RHBA-2021:3751 advisory.
1.4.2. RHBA-2021:3552 - OpenShift sandboxed containers 1.0.1 bug fix advisory
Issued: 2021-09-16
OpenShift sandboxed containers release 1.0.1 is now available. This advisory contains an update for OpenShift sandboxed containers with bug fixes.
The list of bug fixes that are included in the update is documented in the RHBA-2021:3552 advisory.
1.4.3. RHEA-2021:2546 - OpenShift sandboxed containers 1.0.0 image release, bug fix, and enhancement advisory
Issued: 2021-07-29
The components for OpenShift sandboxed containers release 1.0.0 support for OpenShift Container Platform 4.8 are now available as a technology preview.
The list of bug fixes included in the update is documented in the RHEA-2021:3941 advisory.