This document describes future changes that will affect your current resources used inside of OpenShift. Each change contains description of the change and information when that change will happen.
-
Currently all build pods have a label named
build
. This label is being deprecated in favor ofopenshift.io/build.name
in Origin 1.0.x (OSE 3.0.x) - both are supported. In Origin 1.1 we will only set the new label and remove support for the old label. See #3502. -
Currently
oc exec
will attempt toPOST
topods/podname/exec
, if that fails it will fallback to aGET
to match older policy roles. In Origin 1.1 (OSE 3.1) the support for the oldoc exec
endpoint viaGET
will be removed. -
The
pauseControllers
field inmaster-config.yaml
is deprecated as of Origin 1.0.4 and will no longer be supported in Origin 1.1. After that, a warning will be printed on startup if it is set to true. -
The
/ns/namespace-name/subjectaccessreview
endpoint is deprecated, use/subjectaccessreview
(with thenamespace
field set) or/ns/namespace-name/localsubjectaccessreview
. In Origin 1.y / OSE 3.y, support for/ns/namespace-name/subjectaccessreview
will be removed. At that time, the openshift docker registry image must be upgraded in order to continue functioning. -
The
deploymentConfig.rollingParams.updatePercent
field is deprecated in favor ofdeploymentConfig.rollingParams.maxUnavailable
anddeploymentConfig.rollingParams.maxSurge
. TheupdatePercent
field will be removed in Origin 1.1 (OSE 3.1). -
The
volume.metadata
field is deprecated as of Origin 1.0.6 in favor ofvolume.downwardAPI
. -
New SCCs and additional fields on SCCs have been added in Origin 1.0.8. To pick up the new SCCs you may reset your default SCCs.
New Fields:
-
allowHostPID - defaults to false. You may wish to change this to true on any privileged SCCs or reset your default SCCs which will set this field to true for the privileged SCC and false for the restricted SCC.
-
allowHostIPC - defaults to false. You may wish to change this to true on any privileged SCCs or reset your default SCCs which will set this field to true for the privileged SCC and false for the restricted SCC.
-
allowHostNetwork - defaults to false. You may wish to change this to true on any privileged SCCs or reset your default SCCs which will set this field to true for the privileged SCC and false for the restricted SCC.
-
allowHostPorts - defaults to false. You may wish to change this to true on any privileged SCCs or reset your default SCCs which will set this field to true for the privileged SCC and false for the restricted SCC.
-
fsGroup - if the strategy type is unset this field will default to RunAsAny. For more information about using fsGroup with annotations please see annotation configuration.
-
supplementalGroups - if the strategy type is unset this field will default to RunAsAny. For more information about using supplementalGroups with annotations please see annotation configuration.
-
priority - defaults to nil for existing SCCs. Please refer to the SCC Documentation for more information on how this affects admission.
-
The
v1beta3
API version is being removed in Origin 1.1 (OSE 3.1). Existingv1beta3
resources stored in etcd will still be readable and automatically converted tov1
by the master on first mutation. Existingv1beta3
resources stored on disk are still readable by theoc
client and will be automatically converted tov1
for transmission to the master.
OpenShift master configuration files will need updated to remove v1beta3
references:
- The
etcdStorageConfig.openShiftStorageVersion
field value should bev1
. - The
etcdStorageConfig.kubernetesStorageVersion
field value should bev1
. - The
apiLevels
field should contain onlyv1
. - The
kubernetesMasterConfig.apiLevels
field should contain onlyv1
.
OpenShift clients <= 1.0.4 will need to pass --api-version=v1
when communicating with
a master. (openshift#5254)
- The
buildconfig
label on Build objects, which contains the name of the BuildConfig for the Build, has been deprecated in favor of a newopenshift.io/build-config.name
label.
-
Field names in
yaml
andjson
files will now follow strict rules for case sensitivity.
Incorrectly cased field names will now be rejected. Please ensure allyaml
andjson
files conform to the naming conventions defined in REST API -
The existing docker registry images will not be able to support auto-provisioning of image streams based on docker pushes against new API servers. Upgrade your docker registry image to make auto-provisioning work again.
-
New service accounts specific to the PersistentVolume operations of binding, recycling, and provisioning were added. Run
oadm policy reconcile-sccs --confirm
to update your SecurityContextConstraints.