Skip to content

Commit

Permalink
Release v1.4.0
Browse files Browse the repository at this point in the history
  • Loading branch information
rhmdnd committed Dec 1, 2023
1 parent 535aa99 commit 1a8349f
Show file tree
Hide file tree
Showing 7 changed files with 67 additions and 29 deletions.
78 changes: 57 additions & 21 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,33 @@ Versioning](https://semver.org/spec/v2.0.0.html).

### Enhancements

-

### Fixes

-

### Internal Changes

-

### Deprecations

-

### Removals

-

### Security

-


## [1.4.0] - 2023-12-01

### Enhancements

- Users can now pause scan schedules by setting the `ScanSetting.suspend`
attribute to `True`. This allows users to suspend a scan, and reactivate it
without having to delete and recreate the `ScanSettingBinding`, making it
Expand All @@ -17,39 +44,48 @@ Versioning](https://semver.org/spec/v2.0.0.html).
for more details.
- Implemented support for an optional `version` attribute on `Profile` custom
resources.
- `Rule` custom resources now contain an annotation
(`compliance.openshift.io/profiles`) that maps the rule to the profiles that
use it, making it easier to understand where a rule is used. The alternative
to this approach would be to query each `Profile` and join all rules.

### Fixes

- Optimize how we check the KubeletConfig rule, we now store the runtime KubeletConfig
in a ConfigMap per node when a node scan is launched. Then, we mount the ConfigMap to
the scanner pod to scan for it. Hold on to applying remediation until all scans are
done in the suite.
This fixes issues when comparing the KubeletConfig for each node.
This also fixes "/api/v1/nodes/NODE_NAME/proxy/configz" warning message in the log.
[OCPBUGS-11037](https://issues.redhat.com/browse/OCPBUGS-11037)

- Fix api-checks-pod crashes issues caused by outdated MCO dependency, the dependency
bump will enable CO to support Ignition 3.4, and therefore solve the issue.
[OCPBUGS-18025](https://issues.redhat.com/browse/OCPBUGS-18025)
- Optimize how the operator checks `KubeletConfig` rules by storing the runtime
`KubeletConfig` in a `ConfigMap` per node when a node scan is launched. The
`ConfigMap` is then mounted to the scanner pod for evaluation. The operator
will wait to apply `ComplianceRemediation` objects until all scans are
processed. This also fixes issues when comparing the `KubeletConfig` options
for each node, and removes `/api/v1/nodes/NODE_NAME/proxy/configz` warning
messages in the log [OCPBUGS-11037](https://issues.redhat.com/browse/OCPBUGS-11037).
- Fix api-checks-pod crashes issues caused by an outdated Machine Config Operator
dependency. The dependency bump allows the operator to support Ignition 3.4,
and therefore solves the issue [OCPBUGS-18025](https://issues.redhat.com/browse/OCPBUGS-18025).
- Stale `ComplianceCheckResult` resources are now pruned on each rescan
[OCPBUGS-3009](https://issues.redhat.com/browse/OCPBUGS-3009).

### Internal Changes

-

### Deprecations

-
- All compatibility code for the `CronJob` beta API has been removed [CMP-2310](https://issues.redhat.com/browse/CMP-2310).

### Removals

- We have reverted commit 9cbf874, which is a fix for OCPBUGS-3864, the fix
is not needed anymore since the issue is fixed when we switched back to
the old way remediate the KubeletConfig.
- We have reverted commit
[9cbf874](https://github.com/ComplianceAsCode/compliance-operator/commit/9cbf874),
which is a fix for
[OCPBUGS-3864](https://issues.redhat.com/browse/OCPBUGS-3864), the fix is not
needed anymore with how `KubeletConfig` rules are processed.

### Security
## [1.3.1] - 2023-10-11

-
### Fixes

- Fix an issue caused by outdated Machine Config Operator dependencies where
the API check pod crashes due to Machine Config Operator using newer versions
of Ignition (3.4).
[OCPBUGS-18025](https://issues.redhat.com/browse/OCPBUGS-18025)

## [1.3.0] - 2023-09-11

## [1.2.0] - 2023-07-21

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ metadata:
]
capabilities: Seamless Upgrades
categories: Monitoring,Security
olm.skipRange: '>=0.1.17 <1.2.0'
olm.skipRange: '>=0.1.17 <1.4.0'
operatorframework.io/cluster-monitoring: "true"
operatorframework.io/suggested-namespace: openshift-compliance
operators.openshift.io/infrastructure-features: '["disconnected", "fips", "proxy-aware"]'
Expand All @@ -174,7 +174,7 @@ metadata:
operatorframework.io/arch.amd64: supported
operatorframework.io/arch.ppc64le: supported
operatorframework.io/arch.s390x: supported
name: compliance-operator.v1.2.0
name: compliance-operator.v1.4.0
namespace: placeholder
spec:
apiservicedefinitions: {}
Expand Down Expand Up @@ -1653,4 +1653,4 @@ spec:
name: operator
- image: ghcr.io/complianceascode/k8scontent:latest
name: profile
version: 1.2.0
version: 1.4.0
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,8 @@ spec:
state:
description: The current state of the tailored profile
type: string
warnings:
type: string
type: object
type: object
served: true
Expand Down
4 changes: 2 additions & 2 deletions catalog/preamble.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@
"package": "compliance-operator",
"entries": [
{
"name": "compliance-operator.v1.2.0",
"skipRange": ">=0.1.17 <1.2.0"
"name": "compliance-operator.v1.4.0",
"skipRange": ">=0.1.17 <1.4.0"
}
]
}
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ metadata:
]
capabilities: Seamless Upgrades
categories: Monitoring,Security
olm.skipRange: '>=0.1.17 <1.2.0'
olm.skipRange: '>=0.1.17 <1.4.0'
operatorframework.io/cluster-monitoring: "true"
operatorframework.io/suggested-namespace: openshift-compliance
operators.openshift.io/infrastructure-features: '["disconnected", "fips", "proxy-aware"]'
Expand Down
2 changes: 1 addition & 1 deletion version.Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@
# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
# - use environment variables to overwrite this value (e.g export VERSION=0.0.2)

VERSION?=1.2.0
VERSION?=1.4.0
2 changes: 1 addition & 1 deletion version/version.go
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
package version

var (
Version = "1.2.0"
Version = "1.4.0"
)

0 comments on commit 1a8349f

Please sign in to comment.