Skip to content

OSDOCS 15776 retry #97806

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

OSDOCS 15776 retry #97806

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions release_notes/ocp-4-19-release-notes.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2809,6 +2809,40 @@ To save the `vmcore` file, use the `crashkernel` setting to reserve 1024 MB of m

* NFS volumes exported from VMware vSAN Files cannot be mounted by clusters running {product-title} 4.19 due to RHEL-83435. To avoid this issue, ensure that you are running VMware ESXi and vSAN at the latest patch versions of 8.0 P05, or later. (link:https://issues.redhat.com/browse/OCPBUGS-55978[OCPBUGS-55978])

Known Gateway API issues

* By default, `istiod` will create a ConfigMap `istio-ca-root-cert` in every namespace it watches, which can create unnecessary ConfigMaps. (link:https://issues.redhat.com/browse/OSSM-9076[OSSM-9076])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the workaround? Do we have one (or is this something that people just have to deal with)?
If your 'affected' by this what action should you be taking (watch the bug for updates)?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sferich888 Most of these are open OSSM or NE bugs that we know about but haven't had time to fix. No workarounds, and very little other information.


* When using Gateway API via the Cluster Ingress Operator (CIO), any Istio specific resources (e.g. VirtualService) are not allowed or supported. (link:https://issues.redhat.com/browse/OSSM-9154[OSSM-9154])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not allowed? As In I shouldn't create these; or the server will reject them (which is it)?
When you say supported; does this mean it breaks something or are we just not testing/validating this (thus its not supported)?

In short the verbage here leave a lot to the reader to interpret; and we want to where possible remove ambiguity; is there a way we can clean this up to be more explicit about what we mean here?


* Istio will copy all labels and annotations from your Gateway objects to the child resources it creates. (link:https://issues.redhat.com/browse/OSSM-8989[OSSM-8989])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What problem does this create? Why is a release note needed for this? Should we have a KCS for this instead?

The same applies for the next ~7 line items.

Copy link

@candita candita Aug 25, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sferich888 we are basically trying to tell people - we know these are issues so please don't report duplicate issues. We're trying to get ahead of bug reports, in other words. If this is not the right approach, please let me know.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do the majority of issues in SM come from customer direct filed bug reports? If not; I think it might be better to speak with CEE about why so many bug reports are being filed (that the team is having to close as duplicates).

What is the duplicate bug count (and/or closure rate); compared to the overall backlog of issues the team is managing? cc: @CFields651 (as you might be needed to help look into this).

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sferich888 I was more concerned with the unnecessary effort that the support person would need to go through to finally get to the point where they open a bug, and then we find that it is for an issue we already know about. Or a customer, who, for example, makes grand plans to enable Gateway API on BareMetal without realizing it won't work.

I think the most important items can be summarized and added to existing 4.19 docs instead of release notes. No doubt they will be more visible there anyway.

@jmanthei I spoke to my team leads/manager, and I will try to come up with something like a "Things you need to know before enabling Gateway API" section. For now, you can close this PR. My apologies for the false start and thanks for the effort.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@candita I really appreciate the heads up.


* Gateway API on CIO can be broken by an existing incompatible OpenShift Service Mesh (OSSM) subscription. (link:https://issues.redhat.com/browse/NE-1964[NE-1964])

* Currently Gateway API is not supported for on-premise platforms: BareMetal, VSphere, oVirt, KubeVirt, EquinixMetal, Nutanix. (link:https://issues.redhat.com/browse/NE-2010[NE-2010])

* The reverse proxy for Gateway API is known to be less performant than HAProxy. (link:https://issues.redhat.com/browse/NE-1990[NE-1990])

* Gateway API may not work with RH Connectivity Link, OpenShift AI, or other layered products. (link:https://issues.redhat.com/browse/NE-1967(NE-1967))

* Gateway API does not have idling support. (link:https://issues.redhat.com/browse/NE-1103[NE-1103])

* Gateway API does not have OpenShift Console integration. (link:https://issues.redhat.com/browse/NE-1109[NE-1109])

* Gateway API has no OpenShift Console command line integration. (link:https://issues.redhat.com/browse/NE-1102[NE-1102])

* Gateway API has no configuration of access logs or other Istio options. (link:https://issues.redhat.com/browse/NE-1926[NE-1926])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there some corrective action a user can take?


* Gateway API does not currently support using User Defined Networks (UDN). (link:https://issues.redhat.com/browse/NE-1928[NE-1928])

* Users will not receive flags when previous Gateway API CRDs are trying to make changes. (link:https://issues.redhat.com/browse/NE-1958[NE-1958])

* Installing OSSM with Gateway API causes an Ingress Operator Failure. (link:https://issues.redhat.com/browse/OCPBUGS-55317[OCPBUGS-55317])

* On a private cluster, the LB created for a Gateway should be internal, but it is external. (link:https://issues.redhat.com/browse/OCPBUGS-57440[OCPBUGS-57440])

* Users who create a Gateway resource pointing to the correct `GatewayClass` must also manually add an `istio.io/rev` label to their Gateway object for it to be recognized. (link:https://issues.redhat.com/browse/OSSM-10518[OSSM-10518])

[id="ocp-4-19-asynchronous-errata-updates_{context}"]
== Asynchronous errata updates

Expand Down