Maximo Visual Inspection v9.2.0¶
Release Notes¶
New Features¶
- Add Ground Truth Model Validation service (#744)
Bug Fixes and Security Updates¶
- Fix kyverno policies around usage-reporter (#907)
- Add fips writeable folder /tmp/fips for FIPS mode (#883)
- Log FIPS status at runtime (#898)
- Update compatibility matrix for 92 (#916)
- Add ObjectStore client connection parameters to custom-service ConfigMap (#906)
- Add flag to toggle ReadOnlyRootFilesystem (#935)
- Fix CRD version conflicts for spec.settings.readOnlyRootFilesystem (#936)
- Fix cannot create temporary files when upload files on readOnlyRootFilesystem (#938)
- Fix import failures for datasets and models on IBM Cloud read-only clusters (#949)
- add baseBranches for backported versions (#953)
- Update Productversion in modelvalidation configmap (#973)
- Address kyverno policy topologyspreadconstraints (#972)
- Add ConfigMap support for DNN service log level configuration (#974)
- Add unit test coverage (#975)
- Add /tmp volume and HPA for model-validation Kyverno compliance (#992)
- Add ServiceMonitor for model-validation service metrics endpoint (#1013)
- Update licenses for Jan FC (#1010)
- vision-ui bump (#1026)
- Bump DLE to 9.5.x (#1033)
- Make /tmp EmptyDir size configurable via custom ConfigMaps (#1049)
- Fix Makefile for non-arch specific builds : MASCORE-12018 (#1074)
- Set readOnlyRootFilesystem to false by default (#1078)
- Make tmp folder writeable in vision-service (#1050)
- update /tmp volume size for dle and dnn (#1086)
- Add reconcileRouteMode to retrieve routing mode from suite binding (#1084)
- Fix pull rate limit against golang - operator build to use icr.io registry (#1089)
- Increase tmp storage for model-conversion and videoms - backport 92x (#1098)
- Address RunAsNonRoot kyverno for task-pvc (ODF only) (#1094)
- Enable seccomp profile when readOnlyRootFilesystem is enabled (#1110)
- Update reconcileRoute in workspace controller based on route mode (#1104)
- Document reconciliation triggers (follow-up to path-based routing PR) (#1113)
- update reconcileOIDCClient in workspace controller based on route mode (#1118)
- Update reconcileConfigMap that consumes domain (edgemanager, ui nginx, etc..) (#1123)
- Remove MVI custom scc (#1114)
- Update licenses for Mar FC (#1136)
- Enable FIPS 140-3 support for wlp (#1150)
- Moun the
hyperscalerFormatfield to vision-service (#1186) - Add topologySpreadConstraints to all deployments (backport from 9.1.x) (#1212)
- Increase emptyDir volume size to 2Gi for dnn/dle workloads (backport from 91x) (#1214)
- Support updated Kyverno topology policy via Singleton labels (backport from 9.1.x) (#1213)
- Support specifying operands ImageTags via checksum/digest [backport] (#1221)
- Disable tensorRT by default (#1222)
- Generate CRD schemas configmap (#1261)
- Add valkey deployment for caching - backport 9.2 (#1259)
- Mount DNN API key for model-validation service MASMVI-2282 (#1258)
- Update secrets baseline - 92x (#1275)
- Add MAX_VALIDATION_IMAGES configuration for model validation MASMVI-3416 (#1266)
- Enhance error logging for OIDC client registration (#1281)
- Refactor workspaceID retrieval for path based routing (#1156)
- Add support for core essential roles (#1277)
- Optimize model-validation resources based on performance testing (#1286)
- Add support for internal/public Issuers (#1296)
- Add fsGroupChangePolicy/EnableSELinuxOptimization/RuntimeClass (backport 9.2) (#1299)
- Update MAS 9.2 licenses (#1300)
Install Modes¶
| Mode | Supported |
|---|---|
| OwnNamespace | True |
| SingleNamespace | True |
| MultiNamespace | False |
| AllNamespaces | False |
Service Accounts¶
No service accounts
Cluster Permissions¶
| Group | Resource | Verbs |
|---|---|---|
| security.openshift.io | securitycontextconstraints | use |
| "" | nodes | list |
| "" | pods | list |
Namespace Permissions¶
| Group | Resource | Verbs |
|---|---|---|
| "" | configmaps | create, delete, deletecollection, get, list, patch, update, watch |
| "" | pods | create, delete, deletecollection, get, list, patch, update, watch |
| "" | services | create, delete, deletecollection, get, list, patch, update, watch |
| "" | services/proxy | create, delete, deletecollection, get, list, patch, update, watch |
| "" | endpoints | create, delete, deletecollection, get, list, patch, update, watch |
| "" | events | create, delete, deletecollection, get, list, patch, update, watch |
| "" | persistentvolumeclaims | create, delete, deletecollection, get, list, patch, update, watch |
| "" | resourcequotas | get, list, watch |
| "" | secrets | create, delete, get, list, patch, update, watch |
| "" | serviceaccounts | create, delete, get, list, patch, update, watch |
| "" | services/finalizers | create, delete, get, list, patch, update, watch |
| apps | daemonsets | create, delete, deletecollection, get, list, patch, update, watch |
| apps | deployments | create, delete, deletecollection, get, list, patch, update, watch |
| apps | replicasets | create, delete, deletecollection, get, list, patch, update, watch |
| apps | statefulsets | create, delete, deletecollection, get, list, patch, update, watch |
| apps.mas.ibm.com | visualinspectionapps | create, delete, get, list, patch, update, watch |
| apps.mas.ibm.com | visualinspectionapps/finalizers | update |
| apps.mas.ibm.com | visualinspectionapps/status | get, patch, update |
| apps.mas.ibm.com | visualinspectionappworkspaces | create, delete, get, list, patch, update, watch |
| apps.mas.ibm.com | visualinspectionappworkspaces/finalizers | update |
| apps.mas.ibm.com | visualinspectionappworkspaces/status | get, patch, update |
| autoscaling | horizontalpodautoscalers | create, delete, get, list, patch, update, watch |
| batch | cronjobs | create, delete, deletecollection, get, list, patch, update, watch |
| batch | jobs | create, delete, deletecollection, get, list, patch, update, watch |
| cert-manager.io | certificates | create, delete, deletecollection, get, list, patch, update, watch |
| cert-manager.io | issuers | create, delete, get, list, patch, update, watch |
| coordination.k8s.io | leases | create, delete, get, list, patch, update, watch |
| core.mas.ibm.com | suites | get, list, watch |
| grafana.integreatly.org | grafanadashboards | create, delete, get, list, patch, update, watch |
| monitoring.coreos.com | servicemonitors | create, delete, deletecollection, get, list, patch, update, watch |
| monitoringcontroller.cloud.ibm.com | monitoringdashboards | create, delete, get, list, patch, update, watch |
| networking.k8s.io | networkpolicies | create, delete, deletecollection, get, list, patch, update, watch |
| rbac.authorization.k8s.io | clusterroles | * |
| rbac.authorization.k8s.io | clusterroles/finalizers | * |
| rbac.authorization.k8s.io | rolebindings | * |
| rbac.authorization.k8s.io | roles | * |
| route.openshift.io | routes | create, delete, deletecollection, get, list, patch, update, watch |
| route.openshift.io | routes/custom-host | create |
| security.openshift.io | securitycontextconstraints | use |