From 952f3378c3d7513f02b8c9c8a6315c1d420de22c Mon Sep 17 00:00:00 2001 From: GroceryBoyJr <75502996+GroceryBoyJr@users.noreply.github.com> Date: Thu, 21 May 2026 15:30:16 -0400 Subject: [PATCH 1/2] CMP-4274: File Integrity Operator Release Notes 1.4.0 --- modules/fio-rn-1-4-0.adoc | 28 +++++++++++++++++++ ...file-integrity-operator-release-notes.adoc | 2 ++ 2 files changed, 30 insertions(+) create mode 100644 modules/fio-rn-1-4-0.adoc diff --git a/modules/fio-rn-1-4-0.adoc b/modules/fio-rn-1-4-0.adoc new file mode 100644 index 000000000000..d8f9afa50e67 --- /dev/null +++ b/modules/fio-rn-1-4-0.adoc @@ -0,0 +1,28 @@ +// Module included in the following assemblies: +// +// * security/file_integrity_operator/file-integrity-operator-release-notes.adoc +// Documentation story: https://issues.redhat.com/browse/OSDOCS-19878 + +:_mod-docs-content-type: REFERENCE +[id="file-integrity-operator-release-notes-1-4-0_{context}"] += Release notes for OpenShift File Integrity Operator 1.4.0 + +[role="_abstract"] +Release notes for OpenShift File Integrity Operator 1.4.0. + +The following Red Hat Security Advisory (RHSA) is available for the OpenShift File Integrity Operator 1.4.0: + +* link:https://access.redhat.com/errata/RHSA-2026:xxxxx[RHSA-2026:xxxxx OpenShift File Integrity Operator Update] + +[id="file-integrity-operator-1-4-0-new-features-and-enhancements_{context}"] +== New features and enhancements + +* With this release, you can optionally set `priorityClassName` in the `FileIntegrity` custom resource (CR) to assign a `PriorityClass` to file integrity daemon pods. On nodes under resource pressure, the scheduler can preempt lower-priority workloads to make room for those pods, helping ensure nodes continue to receive integrity checks. (link:https://issues.redhat.com/browse/RFE-9047[RFE-9047]) + +[id="file-integrity-operator-1-4-0-bug-fixes_{context}"] +== Bug fixes + +* Before this update, `aide-worker-fileintegrity` pods could use increasing CPU and memory during hourly Advanced Intrusion Detection Environment (AIDE) scan cycles, often approaching DaemonSet resource limits and disrupting integrity checks on affected nodes. With this release, AIDE worker pods use CPU and memory more consistently during scans. (link:https://issues.redhat.com/browse/CMP-4006[CMP-4006]) + +* This update includes upgraded dependencies in the underlying base images. + diff --git a/security/file_integrity_operator/file-integrity-operator-release-notes.adoc b/security/file_integrity_operator/file-integrity-operator-release-notes.adoc index 02bfd2ac6784..f457d5e199e4 100644 --- a/security/file_integrity_operator/file-integrity-operator-release-notes.adoc +++ b/security/file_integrity_operator/file-integrity-operator-release-notes.adoc @@ -13,6 +13,8 @@ The File Integrity Operator for {product-title} continually runs file integrity These release notes track the development of the File Integrity Operator in the {product-title}. // Release note modules (most recent first) +include::modules/fio-rn-1-4-0.adoc[leveloffset=+1] + include::modules/fio-rn-1-3-8.adoc[leveloffset=+1] include::modules/fio-rn-1-3-7.adoc[leveloffset=+1] From 402808c6586faf016c2dd77a256703bc08bcf2d6 Mon Sep 17 00:00:00 2001 From: GroceryBoyJr <75502996+GroceryBoyJr@users.noreply.github.com> Date: Fri, 29 May 2026 10:31:57 -0400 Subject: [PATCH 2/2] FIO 1.4.0 Test of New Formatting --- modules/fio-rn-1-4-0.adoc | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/modules/fio-rn-1-4-0.adoc b/modules/fio-rn-1-4-0.adoc index d8f9afa50e67..89b95a4675be 100644 --- a/modules/fio-rn-1-4-0.adoc +++ b/modules/fio-rn-1-4-0.adoc @@ -2,14 +2,15 @@ // // * security/file_integrity_operator/file-integrity-operator-release-notes.adoc // Documentation story: https://issues.redhat.com/browse/OSDOCS-19878 +// +// Example branch (fio-140-test): release notes formatted per current Red Hat +// supplementary style guide (description list, per-note headings, detached Jira links). :_mod-docs-content-type: REFERENCE [id="file-integrity-operator-release-notes-1-4-0_{context}"] = Release notes for OpenShift File Integrity Operator 1.4.0 [role="_abstract"] -Release notes for OpenShift File Integrity Operator 1.4.0. - The following Red Hat Security Advisory (RHSA) is available for the OpenShift File Integrity Operator 1.4.0: * link:https://access.redhat.com/errata/RHSA-2026:xxxxx[RHSA-2026:xxxxx OpenShift File Integrity Operator Update] @@ -17,12 +18,19 @@ The following Red Hat Security Advisory (RHSA) is available for the OpenShift Fi [id="file-integrity-operator-1-4-0-new-features-and-enhancements_{context}"] == New features and enhancements -* With this release, you can optionally set `priorityClassName` in the `FileIntegrity` custom resource (CR) to assign a `PriorityClass` to file integrity daemon pods. On nodes under resource pressure, the scheduler can preempt lower-priority workloads to make room for those pods, helping ensure nodes continue to receive integrity checks. (link:https://issues.redhat.com/browse/RFE-9047[RFE-9047]) - -[id="file-integrity-operator-1-4-0-bug-fixes_{context}"] -== Bug fixes - -* Before this update, `aide-worker-fileintegrity` pods could use increasing CPU and memory during hourly Advanced Intrusion Detection Environment (AIDE) scan cycles, often approaching DaemonSet resource limits and disrupting integrity checks on affected nodes. With this release, AIDE worker pods use CPU and memory more consistently during scans. (link:https://issues.redhat.com/browse/CMP-4006[CMP-4006]) - -* This update includes upgraded dependencies in the underlying base images. - +File Integrity Operator supports optional priorityClassName for daemon pods:: ++ +With this release, you can optionally set `priorityClassName` in the `FileIntegrity` custom resource (CR) to assign a `PriorityClass` to file integrity daemon pods. On nodes under resource pressure, the scheduler can preempt lower-priority workloads to make room for those pods. As a result, nodes continue to receive integrity checks even when resources are constrained. ++ +link:https://issues.redhat.com/browse/RFE-9047[RFE-9047] + +[id="file-integrity-operator-1-4-0-fixed-issues_{context}"] +== Fixed issues + +AIDE worker pods no longer use increasing CPU and memory during hourly scans:: ++ +Before this update, `aide-worker-fileintegrity` pods could consume increasing CPU and memory during hourly Advanced Intrusion Detection Environment (AIDE) scan cycles, often approaching DaemonSet resource limits. As a consequence, integrity checks were disrupted on affected nodes. With this release, AIDE worker pods use CPU and memory more consistently during scans. As a result, hourly scans complete without approaching resource limits as often. ++ +link:https://issues.redhat.com/browse/CMP-4006[CMP-4006] + +This update includes upgraded dependencies in the underlying base images.