Merge pull request #49341 from rh-tokeefe/OSSMDOC-517

OSSMDOC-517: service mesh 2.2.2 z stream release notes

Author: JStickler

_attributes/common-attributes.adoc

@@ -126,7 +126,7 @@ endif::[]
 :product-dedicated: Red Hat OpenShift Dedicated
 :SMProductName: Red Hat OpenShift Service Mesh
 :SMProductShortName: Service Mesh
-:SMProductVersion: 2.2.1
+:SMProductVersion: 2.2.2
 :MaistraVersion: 2.2
 //Service Mesh v1
 :SMProductVersion1x: 1.1.18.2

modules/ossm-rn-fixed-issues.adoc

@@ -19,13 +19,14 @@ The following issues been resolved in the current release:
 [id="ossm-rn-fixed-issues-ossm_{context}"]
 == {SMProductShortName} fixed issues
 
+* https://issues.redhat.com/browse/OSSM-1668[OSSM-1668] A new field `spec.security.jwksResolverCA` was added to the Version 2.1 `SMCP` but was missing in the 2.2.0 and 2.2.1 releases. When upgrading from an Operator version where this field was present to an Operator version that was missing this field, the `.spec.security.jwksResolverCA` field was not available in the `SMCP`.
+
 * https://issues.redhat.com/browse/OSSM-1325[OSSM-1325] istiod pod crashes and displays the following error message: `fatal error: concurrent map iteration and map write`.
 
 * https://issues.redhat.com/browse/OSSM-1211[OSSM-1211]
 Configuring Federated service meshes for failover does not work as expected.
 +
 The Istiod pilot log displays the following error: `envoy connection [C289] TLS error: 337047686:SSL routines:tls_process_server_certificate:certificate verify failed`
-+
 
 * https://issues.redhat.com/browse/OSSM-1099[OSSM-1099]
 The Kiali console displayed the message `Sorry, there was a problem. Try a refresh or navigate to a different page.`

modules/ossm-rn-known-issues.adoc

@@ -34,10 +34,6 @@ These are the known issues in {SMProductName}:
 
 * link:https://github.com/istio/istio/issues/14743[Istio-14743] Due to limitations in the version of Istio that this release of {SMProductName} is based on, there may be applications that are currently incompatible with {SMProductShortName}. See the linked community issue for details.
 
-* https://issues.redhat.com/browse/OSSM-1668[OSSM-1668] A new field `spec.security.jwksResolverCA` was added to the Version 2.1 `SMCP` but is missing in the 2.2.0 and 2.2.1 releases. When upgrading from an Operator version where this field was present to an Operator version that is missing this field, the `.spec.security.jwksResolverCA` field is not available in the `SMCP`.
-+
-Workaround: To enable additional JSON Web Key Set CA certificates when using an Operator version that is missing `spec.security.jwksResolverCA`, the workaround is to use the `spec.techPreview jwksResolverExtraRootCA` field.
-
 //Keep OSSM-1655 in RN, closed as "explained" error is expected.
 * https://issues.redhat.com/browse/OSSM-1655[OSSM-1655] Kiali dashboard shows error after enabling mTLS in `SMCP`.
 +
@@ -57,7 +53,7 @@ For more information, see Migrating from `ServiceMeshExtension` to `WasmPlugin`
 Workaround: Disable the gateway creation in the SMCP spec and manage the gateway deployment entirely manually (including Service, Role and RoleBinding).
 
 //Keep OSSM-882 in RN to document the workaround
-* https://issues.redhat.com/browse/OSSM-882[OSSM-882] Namespace is in the accessible_namespace list but does not appear in Kiali UI. By default, Kiali will not show any namespaces that start with "kube" because these namespaces are typically internal-use only and not part of a mesh.
+* https://issues.redhat.com/browse/OSSM-882[OSSM-882] This applies for {SMProductShortName} 2.1 and earlier. Namespace is in the accessible_namespace list but does not appear in Kiali UI. By default, Kiali will not show any namespaces that start with "kube" because these namespaces are typically internal-use only and not part of a mesh.
 +
 For example, if you create a namespace called 'akube-a' and add it to the Service Mesh member roll, then the Kiali UI does not display the namespace. For defined exclusion patterns, the software excludes namespaces that start with or contain the pattern.
 +

modules/ossm-rn-new-features.adoc

@@ -17,7 +17,7 @@ This release adds improvements related to the following components and concepts.
 
 == New features {SMProductName} version {SMProductVersion}
 
-This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), bug fixes, and is supported on OpenShift Container Platform 4.9 and 4.10.
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), bug fixes, and is supported on OpenShift Container Platform 4.9 or later.
 
 === Component versions included in {SMProductName} version {SMProductVersion}
 
@@ -30,6 +30,32 @@ This release of {SMProductName} addresses Common Vulnerabilities and Exposures (
 |Envoy Proxy
 |1.20.6
 
+|Jaeger
+|1.36
+
+|Kiali
+|1.48.2-1
+|===
+
+=== Copy route labels
+
+With this enhancement, in addition to copying annotations, you can copy specific labels for an OpenShift route. {SMProductName} copies all labels and annotations present in the Istio Gateway resource (with the exception of annotations starting with kubectl.kubernetes.io) into the managed OpenShift Route resource.
+
+== New features {SMProductName} version 2.2.1
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), bug fixes, and is supported on OpenShift Container Platform 4.9 or later.
+
+=== Component versions included in {SMProductName} version 2.2.1
+
+|===
+|Component |Version
+
+|Istio
+|1.12.7
+
+|Envoy Proxy
+|1.20.6
+
 |Jaeger
 |1.34.1
 
@@ -39,7 +65,7 @@ This release of {SMProductName} addresses Common Vulnerabilities and Exposures (
 
 == New features {SMProductName} 2.2
 
-This release of {SMProductName} adds new features and enhancements, and is supported on OpenShift Container Platform 4.9 and 4.10.
+This release of {SMProductName} adds new features and enhancements, and is supported on OpenShift Container Platform 4.9 or later.
 
 === Component versions included in {SMProductName} version 2.2
 
@@ -105,6 +131,28 @@ spec:
 ----
 Restricting route attachment on Gateway API listeners is possible using the `SameNamespace` or `All` settings. Istio ignores usage of label selectors in `listeners.allowedRoutes.namespaces` and reverts to the default behavior (`SameNamespace`).
 
+== New features {SMProductName} 2.1.5
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), bug fixes, and is supported on OpenShift Container Platform 4.9 or later.
+
+=== Component versions included in {SMProductName} version 2.1.5
+
+|===
+|Component |Version
+
+|Istio
+|1.9.9
+
+|Envoy Proxy
+|1.17.1
+
+|Jaeger
+|1.36
+
+|Kiali
+|1.36.12-1
+|===
+
 == New features {SMProductName} 2.1.4
 
 This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
@@ -333,6 +381,28 @@ Kiali 1.36 includes the following features and enhancements:
 * Namespace and cluster boxing to support federated service mesh views
 * New validations, wizards, and distributed tracing enhancements
 
+== New features {SMProductName} 2.0.11
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs), bug fixes, and is supported on OpenShift Container Platform 4.9 or later.
+
+=== Component versions included in {SMProductName} version 2.0.11
+
+|===
+|Component |Version
+
+|Istio
+|1.6.14
+
+|Envoy Proxy
+|1.14.5
+
+|Jaeger
+|1.36
+
+|Kiali
+|1.24.16-1
+|===
+
 == New features {SMProductName} 2.0.10
 
 This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.