Security remediation (TCP SACK PANIC) for starter-us-east-1
Scheduled Maintenance Report for OpenShift Online Starter
Completed
Posted 14 days ago. Jul 09, 2019 - 05:57 UTC
In progress
Scheduled maintenance is currently starting. We will provide updates as necessary. If you have any questions or concerns, please contact support at https://access.redhat.com/support/contact/technicalSupport/.
Posted 14 days ago. Jul 09, 2019 - 00:00 UTC
Update
This is a reminder regarding your upcoming scheduled maintenance on Jul 9, 2019 at 00:00 UTC. If you have any questions or concerns, please contact support at https://access.redhat.com/support/contact/technicalSupport/.
Posted 14 days ago. Jul 08, 2019 - 23:00 UTC
Update
This is a reminder regarding your upcoming scheduled maintenance on Jul 9, 2019 at 00:00 UTC. If you have any questions or concerns, please contact support at https://access.redhat.com/support/contact/technicalSupport/.
Posted 14 days ago. Jul 08, 2019 - 20:00 UTC
Update
This is a reminder regarding your upcoming scheduled maintenance on Jul 9, 2019 at 00:00 UTC. If you have any questions or concerns, please contact support at https://access.redhat.com/support/contact/technicalSupport/.
Posted 14 days ago. Jul 08, 2019 - 16:00 UTC
Update
This is a reminder regarding your upcoming scheduled maintenance on Jul 9, 2019 at 00:00 UTC. If you have any questions or concerns, please contact support at https://access.redhat.com/support/contact/technicalSupport/.
Posted 15 days ago. Jul 08, 2019 - 00:00 UTC
Scheduled
SRE is performing a remediation to protect OpenShift Dedicated clusters against various kernel network stack vulnerabilities, described here: https://access.redhat.com/security/vulnerabilities/tcpsack

How does the maintenance work?
Master nodes are remediated first. An SRE-initiated playbook will remediate each of the master nodes, one at a time, removing them from the ELB as the maintenance is performed, until all three master nodes are patched, rebooted and confirmed to be protected from the vulnerabilities.

Compute and infrastructure nodes are remediated once the master nodes are done. Compute and infrastructure nodes are part of an AWS scale group. A new scale group will be created that includes the latest, remediated AMI. This new scale group will be activated and when all the instances are up and available, the legacy nodes will be marked not schedulable, and the new instances marked schedulable. This action will move all compute workloads to the newly created and remediated instances. Once all the workloads are migrated, the legacy scale group and associated instances will be decommissioned.

The cluster will be confirmed both operational and remediated and the maintenance window will be closed.

What should you do?
You can minimize the impact on your applications by scaling your services to more than one pod. In general, for applications to be able to continue to service clients, they should be scaled. Some pod workloads are not appropriate for scaling, such as a single-instance, non-replicated database using a persistent volume claim. In this situation, a deployment strategy of 'recreate' will ensure the pod is restarted after migration, although a brief outage will be experienced.

For more information, refer to the following guide:
https://blog.openshift.com/deploying-highly-available-applications-openshift-kubernetes/

Thank you for using OpenShift Dedicated.

Support links:
https://access.redhat.com/support
https://access.redhat.com/support/contact/technicalSupport/
Posted about 1 month ago. Jun 21, 2019 - 19:41 UTC
This scheduled maintenance affected: starter-us-east-1 (Master API Service, Application Creation Service, Docker Registry Service, etcd Service).