OCPBUGS-77151,OCPBUGS-83567: Branch Sync release-4.19 to release-4.18 [04-16-2026]#3143
Conversation
Combine all ipBlocks in a NetworkPolicy rule into single ACL instead of creating one ACL per ipBlock. This reduces ACL bloat when policy having multiple ipBlocks for ingress/egress rules. Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com> (cherry picked from commit fd27015) (cherry picked from commit 14b7309) (cherry picked from commit 21ef647)
When an EndpointSlice for a UDP NodePort or loadbalancer type of service is updated, stale conntrack entries for removed endpoints must be flushed. The existing logic failed to do this correctly if the backend pod was on a different node. This patch fixes the issue by flushing conntrack entries by filtering the nodePort when the node is not hosting the backend pod. In case that the backend pod was on the same node as the service, this issue won't happen. Since all old pod entries are removed from the node by the function deletePodConntrack when the pod is deleted. Signed-off-by: Peng Liu <pliu@redhat.com> (cherry picked from commit b426934) Signed-off-by: Venkata Charan Sunku <vsunku@redhat.com>
It should be able to preserve UDP traffic when server pod cycles for a NodePort service via a different node. Signed-off-by: Peng Liu <pliu@redhat.com> (cherry picked from commit 4e55026) Signed-off-by: Venkata Charan Sunku <vsunku@redhat.com>
[release-4.20] OCPBUGS-77357: Clear stale conntrack UDP entries for nodePorts
[release-4.20] OCPBUGS-77148: Minimize ACLs by combining ipBlocks into single ACL
…NS names Signed-off-by: arkadeepsen <arsen@redhat.com> (cherry picked from commit 1d5ee82)
[release-4.20] OCPBUGS-79537: EgressFirewall: Use exponential backoff to refresh IP addresses for DNS names
serviceUpdateNotNeeded() used explicit nil guards before dereferencing InternalTrafficPolicy and AllocateLoadBalancerNodePorts. When both old and new are nil (all non-LoadBalancer services), (nil != nil && ...) evaluates to false, incorrectly indicating an update is needed. Use reflect.DeepEqual on the pointer directly, which handles nil == nil. Signed-off-by: Peng Liu <pliu@redhat.com> (cherry picked from commit 40caf4c) (cherry picked from commit 581bfde) (cherry picked from commit 2a5bf31)
…4.20-to-release-4.19-04-04-2026
…4.19-04-04-2026 OCPBUGS-82032: Branch Sync release-4.20 to release-4.19 [04-04-2026]
[release-4.19] OCPBUGS-81478: node: fix serviceUpdateNotNeeded nil pointer comparison
…4.19-to-release-4.18-04-16-2026
|
/ok-to-test |
openshift-ci-robot
added
the
jira/valid-reference
|
@openshift-pr-manager[bot]: This pull request explicitly references no jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@openshift-pr-manager[bot]: trigger 4 job(s) of type blocking for the ci release of OCP 4.18
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/daf154e0-3972-11f1-94d9-a2b381fe26d0-0 trigger 8 job(s) of type blocking for the nightly release of OCP 4.18
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/daf154e0-3972-11f1-94d9-a2b381fe26d0-1 |
openshift-ci
Bot
added
the
ok-to-test
|
/retitle OCPBUGS-83567: Branch Sync release-4.19 to release-4.18 [04-16-2026] |
openshift-ci
Bot
changed the title
openshift-ci-robot
added
the
jira/severity-critical
|
@openshift-pr-manager[bot]: This pull request references Jira Issue OCPBUGS-83567, which is valid. The bug has been moved to the POST state. 7 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Jira (huirwang@redhat.com), skipping review request. The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci-robot
added
the
jira/valid-bug
|
/payload-job periodic-ci-openshift-hypershift-release-4.18-periodics-e2e-aws-ovn |
|
@arkadeepsen: trigger 2 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/c2a90bb0-3988-11f1-994e-242435ac5fc0-0 |
|
/test e2e-aws-ovn-hypershift |
|
@openshift-pr-manager[bot]: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/payload-job periodic-ci-openshift-release-main-ci-4.18-e2e-azure-ovn-upgrade |
|
@arkadeepsen: trigger 2 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/86dfe0e0-3997-11f1-92fe-5f71c0ff1b6d-0 |
openshift-ci
Bot
changed the title
openshift-ci-robot
added
jira/invalid-bug
|
@openshift-pr-manager[bot]: This pull request references Jira Issue OCPBUGS-77151, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. This pull request references Jira Issue OCPBUGS-83567, which is valid. 7 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Jira (huirwang@redhat.com), skipping review request. The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/jira refresh |
openshift-ci-robot
added
jira/valid-bug
|
@pperiyasamy: This pull request references Jira Issue OCPBUGS-77151, which is valid. 7 validation(s) were run on this bug
Requesting review from QA contact: This pull request references Jira Issue OCPBUGS-83567, which is valid. 7 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Jira (huirwang@redhat.com), skipping review request. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/assign @SachinNinganure |
|
System handled complex policy setup without ACL explosion /verified by @SachinNinganure |
|
@SachinNinganure: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/lgtm |
openshift-ci
Bot
added
the
backport-risk-assessed
openshift-ci
Bot
assigned
anuragthehatter,
asood-rh,
jechen0648,
mffiedler,
rbbratta,
weliang1 and
pperiyasamy
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: openshift-pr-manager[bot], pperiyasamy The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
Bot
added
the
approved
|
@openshift-pr-manager[bot]: Jira Issue Verification Checks: Jira Issue OCPBUGS-77151 Jira Issue OCPBUGS-77151 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓 Jira Issue Verification Checks: Jira Issue OCPBUGS-83567 Jira Issue OCPBUGS-83567 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Fix included in release 4.18.0-0.nightly-2026-04-27-154955 |
13 participants
Automated branch sync: release-4.19 to release-4.18.