Merge pull request #39441 from mrogers950/fio_release_notes

sagidlow · web-flow · commit 310b4fa1f7ab · 2021-12-06T10:35:56.000-05:00
File Integrity Operator release notes
diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml
@@ -754,6 +754,8 @@ Topics:
 - Name: File Integrity Operator
   Dir: file_integrity_operator
   Topics:
+  - Name: File Integrity Operator release notes
+    File: file-integrity-operator-release-notes
   - Name: Installing the File Integrity Operator
     File: file-integrity-operator-installation
   - Name: Understanding the File Integrity Operator
diff --git a/security/file_integrity_operator/file-integrity-operator-release-notes.adoc b/security/file_integrity_operator/file-integrity-operator-release-notes.adoc
@@ -0,0 +1,44 @@
+//OpenShift File Integrity Operator Release Notes
+[id="file-integrity-operator-release-notes"]
+= File Integrity Operator release notes
+:context: file-integrity-operator-release-notes-v0
+include::modules/common-attributes.adoc[]
+
+toc::[]
+
+The File Integrity Operator for {product-title} deploys file integrity checking for {op-system} nodes.
+
+These release notes track the development of the File Integrity Operator in the {product-title}.
+
+For an overview of the File Integrity Operator, see xref:../../security/file_integrity_operator/file-integrity-operator-understanding.adoc#understanding-file-integrity-operator[Understanding the File Integrity Operator].
+
+[id="file-integrity-operator-release-notes-0-1-21"]
+== OpenShift File Integrity Operator 0.1.21
+
+The following advisory is available for the OpenShift File Integrity Operator 0.1.21:
+
+* link:https://access.redhat.com/errata/RHBA-2021:4631[RHBA-2021:4631 OpenShift File Integrity Operator Bug Fix and Enhancement Update]
+
+[id="file-integrity-operator-0-1-21-new-features-and-enhancements"]
+=== New features and enhancements
+
+* The metrics related to `FileIntegrity` scan results and processing metrics are displayed on the monitoring dashboard on the web console. The results are labeled with the prefix of `file_integrity_operator_`.
++
+* If a node has an integrity failure for more than 1 second, the default `PrometheusRule` provided in the operator namespace alerts with a warning.
++
+* The following dynamic Machine Config Operator and Cluster Version Operator related filepaths are excluded from the default AIDE policy to help prevent false positives during node updates:
+ - /etc/machine-config-daemon/currentconfig
+ - /etc/pki/ca-trust/extracted/java/cacerts
+ - /etc/cvo/updatepayloads
+ - /root/.kube
++
+* The AIDE daemon process has stability improvements over v0.1.16, and is more resilient to errors that might occur when the AIDE database is initialized.
+
+[id="openshift-file-integrity-operator-0-1-21-bug-fixes"]
+=== Bug fixes
+
+* Previously, when the Operator automatically upgraded, outdated daemon sets were not removed. With this release, outdated daemon sets are removed during the automatic upgrade.
+
+[id="file-integrity-operator-release-notes_additional-resources"]
+== Additional resources
+xref:../../security/file_integrity_operator/file-integrity-operator-understanding.adoc#understanding-file-integrity-operator[Understanding the File Integrity Operator]
