Releases: Azure/ARO-RP
Release v20260604.02-lb-tagged-ip-dual-frontend
Add portal_in_tagged NSG rule and fix tagged portal container port bindings (rebased on latest master)
Changes
9c68855 Regenerate deploy assets on latest master base
07b7bba Add portal_in_tagged NSG rule and fix tagged portal container port bindings
6d4f56b Fix TestCleanupOrphanedTaggedPIPs: use plain error for non-404 case
d59387a Fix test failures: make forceNSGs a deployer struct field
a7e2946 Add orphaned tagged PIP cleanup and NSG-only predeploy mode
86357f4 Regenerate deploy assets after VMSS IP tagging cherry-pick
f221829 Add INT release status to VMSS IP tagged docs
78362a8 Update docs with correct commit ID and tag
a74bfa6 Fix whitespace in templates_rp.go after make generate
2f0e468 Add documentation for VMSS public IP tagging
31e30f2 Add IP tags to RP and Gateway VMSS public IPs
142b7dd Regenerate deploy assets after cherry-pick onto latest master
f58ff96 Fix monitor checkReady() regression: use subs.GetLastProcessed()
119a399 Add second INT release status to LB tagged IP docs
f783535 Add INT release pipeline link to LB tagged IP docs
942e2a7 Add portal SSH tagged LB rule and rename portal-probe-tagged
eb9cb64 Fix missing regexp import in deploy generator templates
dd4e2e2 Add tagged public IPs to RP load balancer with dual-frontend rollback support
7a9a3b4 Update mise image (#4838)
4e5e616 Merge pull request #4844 from Azure/bragazzi/ARO-26990-isclusterupgrading-false-positive
4f7815e Merge pull request #4771 from Azure/dependabot/pip/pytest-9.0.3
dca1c37 Merge pull request #4795 from Azure/dependabot/npm_and_yarn/portal/v2/postcss-8.5.10
a4b970e chore(deps): bump pytest from 9.0.2 to 9.0.3
beca294 Merge pull request #4773 from Azure/dependabot/go_modules/github.com/containers/podman/v5-5.8.2
cf83ed8 replace old containers/storage references with go.podman.io refs * without doing this, Go builds fail on Linux due to C conflicts
5ad20ba chore(deps): bump postcss from 8.4.38 to 8.5.15 in /portal/v2
7c985b8 chore(deps): bump github.com/containers/podman/v5 from 5.6.1 to 5.8.2
7a3a53a ARO-26990: make test less fragile by keying off a bool rather than test name
8610265 Make comment on logic change more general
c40ece7 ARO-26990: correct tests to use history state instead of OperatorProgressing for determing cluster upgrade status
ac39d9f ARO-26990: eliminate IsClusterUpgrading() false positive during non-upgrade MCO rollouts
Full Changelog: v20260528.00...v20260604.02-lb-tagged-ip-dual-frontend
Release v20260602.00-linux3
Azure Linux 3.0
Changes
594505e fix: handle OpenSSL 3.x CN format in mdsd certificate SAN extraction
Full Changelog: v20260601.00-linux3...v20260602.00-linux3
Release v20260601.00-mise-test
MISE testing in canary
Changes
30d6f15 Update mise image
4e5e616 Merge pull request #4844 from Azure/bragazzi/ARO-26990-isclusterupgrading-false-positive
4f7815e Merge pull request #4771 from Azure/dependabot/pip/pytest-9.0.3
dca1c37 Merge pull request #4795 from Azure/dependabot/npm_and_yarn/portal/v2/postcss-8.5.10
a4b970e chore(deps): bump pytest from 9.0.2 to 9.0.3
beca294 Merge pull request #4773 from Azure/dependabot/go_modules/github.com/containers/podman/v5-5.8.2
cf83ed8 replace old containers/storage references with go.podman.io refs * without doing this, Go builds fail on Linux due to C conflicts
5ad20ba chore(deps): bump postcss from 8.4.38 to 8.5.15 in /portal/v2
7c985b8 chore(deps): bump github.com/containers/podman/v5 from 5.6.1 to 5.8.2
7a3a53a ARO-26990: make test less fragile by keying off a bool rather than test name
8610265 Make comment on logic change more general
c40ece7 ARO-26990: correct tests to use history state instead of OperatorProgressing for determing cluster upgrade status
ac39d9f ARO-26990: eliminate IsClusterUpgrading() false positive during non-upgrade MCO rollouts
Full Changelog: v20260528.00...v20260601.00-mise-test
Release v20260601.00-linux3
Azure Linux 3.0
Changes
5558079 update: bump Fluentbit image to Azure Linux 3 based version 5.0.0
f249ef8 sync: regenerate production deploy assets
40c4bf4 Revert "fix: handle OpenSSL 3.x CN format in mdsd certificate SAN extraction"
37d04df sync: regenerate production deploy assets
6c9844e Revert "fix: replace sed with openssl extraction in MDM cert download script"
767b61a fix: handle OpenSSL 3.x CN format in mdsd certificate SAN extraction
de319a2 sync: regenerate production deploy assets
d52a14a fix: replace sed with openssl extraction in MDM cert download script
3ca753e sync: regenerate production deploy assets
8459869 fix: split exclude_pkgs into separate array elements
95a5d6f sync: regenerate production deploy assets
2d8ad96 fix: address review feedback for firewall and busybox tags
ed0db7a fix: restore Azure Linux 3 VMSS package bootstrap with tdnf
a5a940f fix: switch dev proxy weekly updates to tdnf
9dae8e1 sync build files with master and regenerate deploy assets
d6052fb Stop switching firewalld backend to iptables on Azure Linux 3
5ad338f Remove aardvark-dns from install_pkgs (not available on Azure Linux 3)
b23dab3 add missing podman 5.x dependencies (crun, netavark, aardvark-dns)
d337b1e use 3.12 for ci pipeline too?
500c520 bump changes for fluentbit to build on azurelinux3
131a41b bump onebranch for validate-roledef
60021c9 bump e2e resources to azurelinux
9ba49f2 move to fips-by-default on azurelinux3
5e04300 bump to azure linux 3 FIPS for the VMs
dff91eb bump dev to azlinux3
4ae6056 mariner -> azurelinux, and don't hardcode the 3.0 in the dockerfile
c15787e don't mirror mariner 2.0
4e5e616 Merge pull request #4844 from Azure/bragazzi/ARO-26990-isclusterupgrading-false-positive
4f7815e Merge pull request #4771 from Azure/dependabot/pip/pytest-9.0.3
dca1c37 Merge pull request #4795 from Azure/dependabot/npm_and_yarn/portal/v2/postcss-8.5.10
a4b970e chore(deps): bump pytest from 9.0.2 to 9.0.3
beca294 Merge pull request #4773 from Azure/dependabot/go_modules/github.com/containers/podman/v5-5.8.2
cf83ed8 replace old containers/storage references with go.podman.io refs * without doing this, Go builds fail on Linux due to C conflicts
5ad20ba chore(deps): bump postcss from 8.4.38 to 8.5.15 in /portal/v2
7c985b8 chore(deps): bump github.com/containers/podman/v5 from 5.6.1 to 5.8.2
7a3a53a ARO-26990: make test less fragile by keying off a bool rather than test name
8610265 Make comment on logic change more general
c40ece7 ARO-26990: correct tests to use history state instead of OperatorProgressing for determing cluster upgrade status
ac39d9f ARO-26990: eliminate IsClusterUpgrading() false positive during non-upgrade MCO rollouts
Full Changelog: v20260528.00...v20260601.00-linux3
Release v20260528.00
PWIRS Release v20260528.00
Changes
0fac6f8 return error when PWIRS listAll() fails (#4861)
5731ef9 ARO-3837 -Add EncryptionAtHost feature flag Validation (#4806)
7d50df3 Improve error messages for invalid identities (#4848)
ac7aea3 chore(deps): bump github.com/microsoft/kiota-http-go from 1.5.4 to 1.5.5 (#4822)
6f18872 Merge pull request #4843 from Azure/dependabot/pip/idna-3.15
0c6274f Merge pull request #4835 from Azure/dependabot/github_actions/oxsecurity/megalinter-9.5.0
5f4c443 Merge pull request #4778 from Azure/dependabot/go_modules/github.com/moby/spdystream-0.5.1
6d4cbf2 chore(deps): bump idna from 3.11 to 3.15
d2d3e2b Merge pull request #4854 from Azure/dependabot/github_actions/golangci/golangci-lint-action-9.2.1
53449aa Merge pull request #4781 from Azure/dependabot/github_actions/actions/setup-node-6.4.0
4117d51 chore(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1
a757c0d chore(deps): bump actions/setup-node from 6.3.0 to 6.4.0
8901221 e2e flake - randomize namespace name to prevent collisions
c1e250f e2e flake - verify etcd pod is ready before attempting to exec
f664dd3 Bump golangci/golangci-lint-action from 9.2.0 to 9.2.1
9888b15 Bump oxsecurity/megalinter from 9.4.0 to 9.5.0
Full Changelog: v20260527.00...v20260528.00
Release v20260527.00
v20260527.00 Sprint 289 RP release
Changes
833209c chore(deps): bump gitpython from 3.1.46 to 3.1.50 (#4826)
da86d83 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (#4827)
e2b481e Merge pull request #4851 from Azure/dependabot/npm_and_yarn/portal/v2/multi-f792d6d6d9
c668a75 Merge pull request #4853 from Azure/dependabot/github_actions/step-security/harden-runner-2.19.4
ba78d23 Bump step-security/harden-runner from 2.16.1 to 2.19.4
951d743 Bump qs and express in /portal/v2
Full Changelog: v20260525.00...v20260527.00
Release v20260526.00-linux3
Azure Linux 3.0
Changes
f6aefd5 sync: regenerate production deploy assets
da6a71f Revert "fix: replace sed with openssl extraction in MDM cert download script"
b20772a fix: handle OpenSSL 3.x CN format in mdsd certificate SAN extraction
Full Changelog: v20260525.00-linux3...v20260526.00-linux3
Release v20260525.00
POAMS release + Tanmay dirtyfrag/copyfail fixes (#4850) through 05bc198
Changes
05bc198 Update dirtyfrag workaround to remove mitigation on fixed OCP versions (#4850)
f8b36ba Update local dev hacks/docs for MIWI to reflect updates to CLI, etc. (#4847)
a7cb85a [ARO-27277] Holmes: use Entra ID token auth for Azure OpenAI (#4852)
2ffe705 Merge pull request #4840 from Azure/adprice/aro-27162-disk-encryption-set
e68f959 Merge pull request #4841 from Azure/ARO-26564/improve-timeout-error-reporting
badcd6d fix(cli): assign reader role over disk encryption set
061b335 ARO-24827 Addition of changes needed to update azidentity to latest version (#4837)
1dce17b ARO-26564 fix: include condition name in timeout error fallback
fc8e2af docs: add ARO Classic AI debugging hint docs (#4836)
Full Changelog: v20260519.00...v20260525.00
Release v20260525.00-linux3
Azure Linux 3.0
Changes
4d9dfca sync: regenerate production deploy assets
dec0de1 fix: replace sed with openssl extraction in MDM cert download script
8e0fddf sync: regenerate production deploy assets
3d39741 fix: split exclude_pkgs into separate array elements
7df769f sync: regenerate production deploy assets
0d2c6ed fix: address review feedback for firewall and busybox tags
8edb882 fix: restore Azure Linux 3 VMSS package bootstrap with tdnf
01ad22c fix: switch dev proxy weekly updates to tdnf
6654b2b sync build files with master and regenerate deploy assets
7f56454 Stop switching firewalld backend to iptables on Azure Linux 3
0dcf99c Remove aardvark-dns from install_pkgs (not available on Azure Linux 3)
2faf257 add missing podman 5.x dependencies (crun, netavark, aardvark-dns)
d59235b use 3.12 for ci pipeline too?
bc543b5 bump changes for fluentbit to build on azurelinux3
f06ab7a bump onebranch for validate-roledef
e6cf300 bump e2e resources to azurelinux
1678ae9 move to fips-by-default on azurelinux3
0cc13cc bump to azure linux 3 FIPS for the VMs
b0b0285 bump dev to azlinux3
f32232f mariner -> azurelinux, and don't hardcode the 3.0 in the dockerfile
2e99f3e don't mirror mariner 2.0
9dbf4e6 Add HolmesGPT build dockerfile and make cmd
839fc73 Linisusan/aro 25090 imagebumps april2026 (#4811)
7989763 Merge pull request #4731 from Azure/yjst2012/ARO-23216
4fb6cde Merge pull request #4668 from Azure/ventifus/ARO-23146/etcd-admin-actions
bf646ad Tighten dirtyfrag marshal error test
b467b24 Address dirtyfrag workaround review feedback
6e10537 Add dirtyfrag workaround implementation
f8474ff Potential fix for pull request finding
1c4d916 Remove copyfail mitigation on clusters running fixed versions
b015d5c [ARO-23471] Allow internal LB zonal migrations to be a MIMO task (#4579)
d1dfe81 Kick CI
13072e6 update README
7dce6c7 kick CI
85a2886 test/e2e: add tests for exec, runjob, and etcdkeycount
eecc381 pkg/frontend: add admin etcdkeycount endpoint for etcd key counts
935c323 pkg/frontend: add admin runjob endpoint for streaming job output
5586811 pkg/frontend: fix etcd recovery privilege bugs
15ee321 pkg/frontend: add admin exec endpoint for streaming pod command output
58eea9b pkg/frontend/adminactions: add exec output streaming via websocket
5bd23b8 kick CI
e4fd460 address comments
ac83790 add method flag to select which way to go
ce673de fix comments
4cae894 Merge branch 'master' into yjst2012/ARO-23216
9a3a3dc update comments
a0a125e update README
407097c Merge branch 'master' into yjst2012/ARO-23216
1b11a7b more test cases
9fc8034 fail to ignore if engine fails
e04d3a7 use the latest instance in ticker
5d4cce6 fix guardrails ticker issue
41a1567 Revert "chore: merge master into branch"
d0b686e chore: merge master into branch
1989b88 Add HOLMESGPT_REF validation check in builder stage
4babca6 Update Dockerfile.holmesgpt
cbe2c39 Align HolmesGPT image flow with Red Hat base and upstream entrypoint.
06257f5 fix: remove duplicated Dockerfile.holmesgpt definition
f19674c Add HolmesGPT image build and publish targets.
0e87efd rename gatekeeper ticker to avoid confuse
9c6e601 add ticker to restore vap policies
1757058 ensure vap resources in a native way
cfd85f7 fix oc delete problem
34bcf1f fix tests
a3c3934 migration logic from gatekeeper to VAP
bf8fa45 Merge branch 'master' into yjst2012/ARO-23216
266b480 added initial draft of vap policies
Full Changelog: v20260509.00...v20260525.00-linux3
Release v20260519.01-test-mise-image
Test mise image
Changes
f7310a9 Update mise image
aa384c5 [ARO-6447] create missing identities and role assignments before upgrading (#4828)
e60b7e4 [ARO-25810] Only rotate ACR tokens that are close to 'expiry' (#4831)
6837183 feat: add script to deploy Azure OpenAI for Holmes admin API (#4764)
affd65f feat: add Holmes investigation admin API endpoint (ARO-25791) (#4754)
9dbf4e6 Add HolmesGPT build dockerfile and make cmd
839fc73 Linisusan/aro 25090 imagebumps april2026 (#4811)
7989763 Merge pull request #4731 from Azure/yjst2012/ARO-23216
4fb6cde Merge pull request #4668 from Azure/ventifus/ARO-23146/etcd-admin-actions
bf646ad Tighten dirtyfrag marshal error test
b467b24 Address dirtyfrag workaround review feedback
6e10537 Add dirtyfrag workaround implementation
f8474ff Potential fix for pull request finding
1c4d916 Remove copyfail mitigation on clusters running fixed versions
b015d5c [ARO-23471] Allow internal LB zonal migrations to be a MIMO task (#4579)
d1dfe81 Kick CI
13072e6 update README
7dce6c7 kick CI
85a2886 test/e2e: add tests for exec, runjob, and etcdkeycount
eecc381 pkg/frontend: add admin etcdkeycount endpoint for etcd key counts
935c323 pkg/frontend: add admin runjob endpoint for streaming job output
5586811 pkg/frontend: fix etcd recovery privilege bugs
15ee321 pkg/frontend: add admin exec endpoint for streaming pod command output
58eea9b pkg/frontend/adminactions: add exec output streaming via websocket
5bd23b8 kick CI
e4fd460 address comments
ac83790 add method flag to select which way to go
ce673de fix comments
4cae894 Merge branch 'master' into yjst2012/ARO-23216
9a3a3dc update comments
a0a125e update README
407097c Merge branch 'master' into yjst2012/ARO-23216
1b11a7b more test cases
9fc8034 fail to ignore if engine fails
e04d3a7 use the latest instance in ticker
5d4cce6 fix guardrails ticker issue
41a1567 Revert "chore: merge master into branch"
d0b686e chore: merge master into branch
1989b88 Add HOLMESGPT_REF validation check in builder stage
4babca6 Update Dockerfile.holmesgpt
cbe2c39 Align HolmesGPT image flow with Red Hat base and upstream entrypoint.
06257f5 fix: remove duplicated Dockerfile.holmesgpt definition
f19674c Add HolmesGPT image build and publish targets.
0e87efd rename gatekeeper ticker to avoid confuse
9c6e601 add ticker to restore vap policies
1757058 ensure vap resources in a native way
cfd85f7 fix oc delete problem
34bcf1f fix tests
a3c3934 migration logic from gatekeeper to VAP
bf8fa45 Merge branch 'master' into yjst2012/ARO-23216
266b480 added initial draft of vap policies
Full Changelog: v20260509.00...v20260519.01-test-mise-image