v1.0.8

OpenShift 1.0.8 (release candidate 2 for 1.1)

We recommend users running 1.0.7 upgrade to 1.0.8 due to several significant performance issues.

Major fixes

• #5774 Preserve very large integers when serializing and deserializing JSON - resulted in hangs on the server
• #5778 When running a containerized node, the ca.crt passed into the container is wrong
• #5720 Deleting projects could encounter significant slow downs due repeated invocations
• #5722 The oc command should automatically use the service account when used inside a container
• #5706 Deployment config can indefinitely accumulate error messages, leading to failures in deployment config updates and significant CPU use
• #5737 Significant CPU slowdown when creating new projects
• #5537 Better support viewing very large logs in the UI
• #5581 Update cAdvisor version, fixing a memory leak and Docker connection leak on the node
• #5585 Use of rsh and exec on could occasionally timeout due to unfair frame handling in SPDY
• #5613 DNS name resolution of services was triggering multiple false timeouts due to recursion - names should now resolve in a few milliseconds.

Features

• It is now possible to order security context constraints via the priority field, which applies pod security defaults from the highest priority group first. This allows cluster administrators to run pods as root by default. To restore the prior security behavior, set a higher priority on the SCC you wish to apply defaults.
• Supplemental groups for filesystem access are allocated per project, and access to shared filesystems can be controlled via the supplemental group on Docker 1.8 or later
• Build logs and deployment logs now supported via oc log dc/NAME and oc log build/NAME, with all log options on those types also supported
• When running hooks from a deployment, display the hook logs as part of the deployment pod logs

Fixes

• Kubelet reacts much faster to status changes in pods and communicates important status changes to the master more effectively
• Disable TCP keep-alive on liveness probes, which was causing false negatives on liveness because of Go's connection pooling
• Attaching to a pod with only stdin should terminate the attach when stdin is closed, not when the pod exits (fixed in go-dockerclient)
• Better error output when Gluster and iSCSI volumes cannot be mounted
• horizontalpodautoscaler and job resources are now available in the extensions/v1beta1 API, with policy that allows end users to access them
• Deleting pods that have the phase failed or succeeded should complete immediately, rather than waiting for the Kubelet to acknowledge the delete
• oc import-image should not require the image stream to have dockerImageRepository set, now that individual spec tags can reference different Docker image repositories
• Update documentation to properly identify all_squash as NOT being necessary when using NFS persistent volumes
• It should be possible to specify the amount of lines of a pod log to tail while also following the log
• Username taken from a build secret should override a username in the source URL
• Ensure service node ports are properly released when deleted
• When upgrading the master before nodes are upgraded, ensure the master handles graceful deletion for those old nodes
• Some timeouts in the kube proxy were too short, and have been lengthened to better handle failures failing over backends
• /etc/hosts is now managed by the Kubelet instead of Docker, to ensure that all search domains and name servers are properly resolved
• Mirror pods can now be logged
• It is possible to serialize image pulls on the node by setting a config value - this bypasses issues encountered in Docker 1.8 with simultaneous pulls
• Memory allocation in the apiserver is much reduced during normal operation
• Set context directory properly in the new-app and new-build commands when specifying source code using the ~ operator