OSDOCS-13647: 4.17.21 RN

Author: obrown1205

release_notes/ocp-4-17-release-notes.adoc

@@ -2879,6 +2879,40 @@ This section will continue to be updated over time to provide notes on enhanceme
 For any {product-title} release, always review the instructions on xref:../updating/updating_a_cluster/updating-cluster-web-console.adoc#updating-cluster-web-console[updating your cluster] properly.
 ====
 
+// 4.17.21
+[id="ocp-4-17-21_{context}"]
+=== RHSA-2025:2696 - {product-title} {product-version}.21 bug fix, and security update advisory
+
+Issued: 19 March 2025
+
+{product-title} release {product-version}.21 is now available. The list of bug fixes that are included in the update is documented in the link:https://access.redhat.com/errata/RHSA-2025:2696[RHSA-2025:2696] advisory. The RPM packages that are included in the update are provided by the link:https://access.redhat.com/errata/RHBA-2025:2698[RHBA-2025:2698] advisory.
+
+Space precluded documenting all of the container images for this release in the advisory.
+
+You can view the container images in this release by running the following command:
+
+[source,terminal]
+----
+$ oc adm release info 4.17.21 --pullspecs
+----
+
+[id="ocp-4-17-21-bug-fixes_{context}"]
+==== Bug fixes
+
+* Previously, the `trusted-ca-bundle-managed` config map was a mandatory component. If you attempted to use a custom Public Key Infrastructure (PKI), the deployment would fail because the OpenShift API server expected the presence of the `trusted-ca-bundle-managed` config map. With this release, you can deploy clusters without the `trusted-ca-bundle-managed` config map when you use a custom PKI. (link:https://issues.redhat.com/browse/OCPBUGS-52657[*OCPBUGS-52657*])
+
+* Previously, the *Observe* section on the web console did not show items contributed from plugins unless certain flags related to the monitoring were set. However, these flags prevented other plugins, such as logging, distributed tracing, network observability, and so on, from adding items to the *Observe* section. With this release, the monitoring flags are removed so that other plugins can add items to the *Observe* section. (link:https://issues.redhat.com/browse/OCPBUGS-52205[*OCPBUGS-52205*])
+
+* Previously, a custom Security Context Constraint (SCC) impacted pods that were generated by the Cluster Version Operator from receiving a cluster version upgrade. With this release, {product-title} now sets a default SCC to each pod, so that any custom SCC created does not impact a pod. (link:https://issues.redhat.com/browse/OCPBUGS-50589[*OCPBUGS-50589*])
+
+* Previously, you could not create `NodePool` resources with ARM64 architecture on non-AWS or {azure-short} platforms. This bug resulted in validation errors that prevented the addition of bare-metal compute nodes and caused Common Expression Language (CEL) validation blocks when creating a `NodePool` resource. The fix modifies the `NodePool` spec validation rules to allow ARM64 architecture on non-AWS or {azure-short} by setting `None` for the `self.platform.type` section. You can now create `NodePool` with ARM64 architecture specifications on non-AWS or {azure-short} bare-metal platforms. (link:https://issues.redhat.com/browse/OCPBUGS-46440[*OCPBUGS-46440*])
+
+* Previously, if you deleted a bare-metal host with a related data image, the data image stayed present. With this release, the issue is resolved, and the data image is deleted with the bare-metal host as expected. (link:https://issues.redhat.com/browse/OCPBUGS-42387[*OCPBUGS-42387*])
+
+[id="ocp-4-17-21-updating_{context}"]
+==== Updating
+To update an {product-title} 4.17 cluster to this latest release, see xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI].
+
 // 4.17.20
 [id="ocp-4-17-20_{context}"]
 === RHSA-2025:2445 - {product-title} {product-version}.20 bug fix, and security update advisory