|
| 1 | +//OpenShift File Integrity Operator Release Notes |
| 2 | +[id="file-integrity-operator-release-notes"] |
| 3 | += File Integrity Operator release notes |
| 4 | +:context: file-integrity-operator-release-notes-v0 |
| 5 | +include::modules/common-attributes.adoc[] |
| 6 | + |
| 7 | +toc::[] |
| 8 | + |
| 9 | +The File Integrity Operator for {product-title} deploys file integrity checking for {op-system} nodes. |
| 10 | + |
| 11 | +These release notes track the development of the File Integrity Operator in the {product-title}. |
| 12 | + |
| 13 | +For an overview of the File Integrity Operator, see xref:../../security/file_integrity_operator/file-integrity-operator-understanding.adoc#understanding-file-integrity-operator[Understanding the File Integrity Operator]. |
| 14 | + |
| 15 | +[id="file-integrity-operator-release-notes-0-1-21"] |
| 16 | +== OpenShift File Integrity Operator 0.1.21 |
| 17 | + |
| 18 | +The following advisory is available for the OpenShift File Integrity Operator 0.1.21: |
| 19 | + |
| 20 | +* link:https://access.redhat.com/errata/RHBA-2021:4631[RHBA-2021:4631 OpenShift File Integrity Operator Bug Fix and Enhancement Update] |
| 21 | + |
| 22 | +[id="file-integrity-operator-0-1-21-new-features-and-enhancements"] |
| 23 | +=== New features and enhancements |
| 24 | + |
| 25 | +* The metrics related to `FileIntegrity` scan results and processing metrics are displayed on the monitoring dashboard on the web console. The results are labeled with the prefix of `file_integrity_operator_`. |
| 26 | ++ |
| 27 | +* If a node has an integrity failure for more than 1 second, the default `PrometheusRule` provided in the operator namespace alerts with a warning. |
| 28 | ++ |
| 29 | +* The following dynamic Machine Config Operator and Cluster Version Operator related filepaths are excluded from the default AIDE policy to help prevent false positives during node updates: |
| 30 | + - /etc/machine-config-daemon/currentconfig |
| 31 | + - /etc/pki/ca-trust/extracted/java/cacerts |
| 32 | + - /etc/cvo/updatepayloads |
| 33 | + - /root/.kube |
| 34 | ++ |
| 35 | +* The AIDE daemon process has stability improvements over v0.1.16, and is more resilient to errors that might occur when the AIDE database is initialized. |
| 36 | + |
| 37 | +[id="openshift-file-integrity-operator-0-1-21-bug-fixes"] |
| 38 | +=== Bug fixes |
| 39 | + |
| 40 | +* Previously, when the Operator automatically upgraded, outdated daemon sets were not removed. With this release, outdated daemon sets are removed during the automatic upgrade. |
| 41 | + |
| 42 | +[id="file-integrity-operator-release-notes_additional-resources"] |
| 43 | +== Additional resources |
| 44 | +xref:../../security/file_integrity_operator/file-integrity-operator-understanding.adoc#understanding-file-integrity-operator[Understanding the File Integrity Operator] |
0 commit comments