You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Compliance Operator lets {product-title} administrators describe the desired compliance state of a cluster and provides them with an overview of gaps and ways to remediate them.
9
+
The Compliance Operator lets {product-title} administrators describe the required compliance state of a cluster and provides them with an overview of gaps and ways to remediate them.
10
10
11
11
These release notes track the development of the Compliance Operator in the {product-title}.
12
12
@@ -28,8 +28,8 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.44
28
28
=== New features and enhancements
29
29
30
30
* In this release, the `strictNodeScan` option is now added to the `ComplianceScan`, `ComplianceSuite` and `ScanSetting` CRs. This option defaults to `true` which matches the previous behavior, where an error occurred if a scan was not able to be scheduled on a node. Setting the option to `false` allows the Compliance Operator to be more permissive about scheduling scans. Environments with ephemeral nodes can set the `strictNodeScan` value to false, which allows a compliance scan to proceed, even if some of the nodes in the cluster are not available for scheduling.
31
-
+
32
-
* You can now customize the node that is used to schedule the result server workload by configuring the `nodeSelector` and `tolerations` attributes of the `ScanSetting` object. These attributes are used to place the `ResultServer` pod, the pod that is used to mount a PV storage volume and store the raw Asset Reporting Format (ARF) results. Previously, the `nodeSelector` and the `tolerations` parameters defaulted to selecting one of the control plane nodes and tolerating the `node-role.kubernetes.io/master taint`. This did not work in environments where control plane nodes are not permitted to mount PVs. This feature provides a way for you to select the node and tolerate a different taint in those environments.
31
+
+
32
+
* You can now customize the node that is used to schedule the result server workload by configuring the `nodeSelector` and `tolerations` attributes of the `ScanSetting` object. These attributes are used to place the `ResultServer` pod, the pod that is used to mount a PV storage volume and store the raw Asset Reporting Format (ARF) results. Previously, the `nodeSelector` and the `tolerations` parameters defaulted to selecting one of the control plane nodes and tolerating the `node-role.kubernetes.io/master taint`. This did not work in environments where control plane nodes are not permitted to mount PVs. This feature provides a way for you to select the node and tolerate a different taint in those environments.
33
33
+
34
34
* The Compliance Operator can now remediate `KubeletConfig` objects.
35
35
+
@@ -43,7 +43,7 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.44
43
43
44
44
=== Templating and variable use
45
45
46
-
* In this release, the remediation template now allows multi-value variables.
46
+
* In this release, the remediation template now allows multi-value variables.
47
47
+
48
48
* With this update, the Compliance Operator can change remediations based on variables that are set in the compliance profile. This is useful for remediations that include deployment-specific values such as time outs, NTP server host names, or similar. Additionally, the `ComplianceCheckResult` objects now use the label `compliance.openshift.io/check-has-value` that lists the variables a check can use.
49
49
@@ -60,7 +60,7 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.44
60
60
* Previously, if an error occurred while parsing a profile, rules or variables objects were removed and deleted from the profile. Now, if an error occurs during parsing, the `profileparser` annotates the object with a temporary annotation that prevents the object from being deleted until after parsing completes. link:https://bugzilla.redhat.com/show_bug.cgi?id=1988259[(BZ#1988259)].
61
61
+
62
62
* Previously, an error occurred if titles or descriptions were missing from a tailored profile. Because the XCCDF standard requires titles and descriptions for tailored profiles, titles and descriptions are now required to be set in `TailoredProfile` CRs.
63
-
+
63
+
+
64
64
* Previously, when using tailored profiles, `TailoredProfile` variable values were allowed to be set using only a specific selection set. This restriction is now removed, and `TailoredProfile` variables can be set to any value.
The Compliance Operator lets {product-title} administrators describe the desired compliance state of a cluster and provides them with an overview of gaps and ways to remediate them. The Compliance Operator assesses compliance of both the Kubernetes API resources of {product-title}, as well as the nodes running the cluster. The Compliance Operator uses OpenSCAP, a NIST-certified tool, to scan and enforce security policies provided by the content.
8
+
The Compliance Operator lets {product-title} administrators describe the required compliance state of a cluster and provides them with an overview of gaps and ways to remediate them. The Compliance Operator assesses compliance of both the Kubernetes API resources of {product-title}, as well as the nodes running the cluster. The Compliance Operator uses OpenSCAP, a NIST-certified tool, to scan and enforce security policies provided by the content.
0 commit comments