RHBA-2021:4631 - Bug Fix Advisory

Topic

An updated File Integrity Operator (openshift-file-integrity-operator) image that fixes various bugs and adds enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.

Description

The File Integrity Operator image update is available with the following changes:

Version 0.1.21:

• BZ#2010706: Fix nil deref in daemonSet upgrade path
• Delete old aide-ds- prefixed daemonSets if they exist
• Use ClusterRole/ClusterRoleBinding for monitoring perms
• Add MCO and CVO related config excludes
• Adapt prometheusrule to only alert on currently existing nodes
• Optimize per-node reinit calls
• Handle metrics service during operator start
• BZ#1862022: Per-node reinit during update
• Use latest for CSV documentation link
• Enable TLS for controller metrics
• Add controller-based Prometheus metrics

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64

Fixes

• BZ - 1862022 - All aide-ds pods re-initiate when the single node restarts
• BZ - 1999054 - Metrics and alert not available on GUI for File Integrity Operator
• BZ - 2002519 - After upgrade file integrity operator from v0.1.16 > file-integrity-operator.v0.1.18, there are two aide pods for each node
• BZ - 2010706 - The file-integrity-operator container panics with invalid memory address or nil pointer dereference during upgrade v0.1.16 > v0.1.19
• BZ - 2016046 - After OCP upgrade, the fileintegritynodestatus object reports Errored status due to IO error while initializing the AIDE DB

CVEs

(none)

References

• null