Security remediation (TCP SACK PANIC) for fuse-ignite
Scheduled Maintenance Report for OpenShift Online Starter
Completed
Posted Jul 08, 2019 - 04:21 GMT-03:00
In progress
Scheduled maintenance is currently starting. We will provide updates as necessary. If you have any questions or concerns, please contact support at https://access.redhat.com/support/contact/technicalSupport/.
Posted Jul 08, 2019 - 01:00 GMT-03:00
Update
This is a reminder regarding your upcoming scheduled maintenance on Jul 8, 2019 at 04:00 UTC. If you have any questions or concerns, please contact support at https://access.redhat.com/support/contact/technicalSupport/.
Posted Jul 08, 2019 - 00:00 GMT-03:00
Update
This is a reminder regarding your upcoming scheduled maintenance on Jul 8, 2019 at 04:00 UTC. If you have any questions or concerns, please contact support at https://access.redhat.com/support/contact/technicalSupport/.
Posted Jul 07, 2019 - 21:00 GMT-03:00
Update
This is a reminder regarding your upcoming scheduled maintenance on Jul 8, 2019 at 04:00 UTC. If you have any questions or concerns, please contact support at https://access.redhat.com/support/contact/technicalSupport/.
Posted Jul 07, 2019 - 17:00 GMT-03:00
Update
This is a reminder regarding your upcoming scheduled maintenance on Jul 8, 2019 at 04:00 UTC. If you have any questions or concerns, please contact support at https://access.redhat.com/support/contact/technicalSupport/.
Posted Jul 07, 2019 - 01:00 GMT-03:00
Scheduled
SRE is performing a remediation to protect OpenShift Dedicated clusters against various kernel network stack vulnerabilities, described here: https://access.redhat.com/security/vulnerabilities/tcpsack

How does the maintenance work?
Master nodes are remediated first. An SRE-initiated playbook will remediate each of the master nodes, one at a time, removing them from the ELB as the maintenance is performed, until all three master nodes are patched, rebooted and confirmed to be protected from the vulnerabilities.

Compute and infrastructure nodes are remediated once the master nodes are done. Compute and infrastructure nodes are part of an AWS scale group. A new scale group will be created that includes the latest, remediated AMI. This new scale group will be activated and when all the instances are up and available, the legacy nodes will be marked not schedulable, and the new instances marked schedulable. This action will move all compute workloads to the newly created and remediated instances. Once all the workloads are migrated, the legacy scale group and associated instances will be decommissioned.

The cluster will be confirmed both operational and remediated and the maintenance window will be closed.

What should you do?
You can minimize the impact on your applications by scaling your services to more than one pod. In general, for applications to be able to continue to service clients, they should be scaled. Some pod workloads are not appropriate for scaling, such as a single-instance, non-replicated database using a persistent volume claim. In this situation, a deployment strategy of 'recreate' will ensure the pod is restarted after migration, although a brief outage will be experienced.

For more information, refer to the following guide:
https://blog.openshift.com/deploying-highly-available-applications-openshift-kubernetes/

Thank you for using OpenShift Dedicated.

Support links:
https://access.redhat.com/support
https://access.redhat.com/support/contact/technicalSupport/
Posted Jun 21, 2019 - 16:16 GMT-03:00
This scheduled maintenance affected: fuse-ignite (Master API Service, Application Creation Service, Docker Registry Service, etcd Service).