openshift · wgabor0427 · Oct 30, 2025 · bharath-b-rh · Oct 31, 2025 · wgabor0427
diff --git a/security/external_secrets_operator/external-secrets-operator-release-notes.adoc b/security/external_secrets_operator/external-secrets-operator-release-notes.adoc
@@ -10,11 +10,60 @@ The {external-secrets-operator} is a cluster-wide service that provides lifecycl
 
 These release notes track the development of {external-secrets-operator-short}.
 
-:FeatureName: The {external-secrets-operator}
-include::snippets/technology-preview.adoc[leveloffset=+1]
-
 For more information, see xref:../../security/external_secrets_operator/index.adoc#external-secrets-operator-about[{external-secrets-operator-short} overview].
 
+[id="external-secrets-operator-release-notes-1-0-0_{context}"]
+== Release notes for {external-secrets-operator} 1.0.0 (General Availability)
+
+Issued: 2025-11-03
+
+The following advisories are available for the {external-secrets-operator} 1.0.0:
+
+* link:https://access.redhat.com/errata/RHBA-2025:19416[RHBA-2025:19416]
+* link:https://access.redhat.com/errata/RHBA-2025:19417[RHBA-2025:19417]
+* link:https://access.redhat.com/errata/RHBA-2025:19418[RHBA-2025:19418]
+* link:https://access.redhat.com/errata/RHBA-2025:19463[RHBA-2025:19463]
+
+Version 1.0.0 of the {external-secrets-operator} is based on the upstream external-secrets version v0.19.0. For more information, see the link:https://github.com/external-secrets/external-secrets/releases/tag/v0.19.0[external-secrets project release notes for v0.19.0].
+
+[id="external-secrets-operator-1-0-0-bug-fixes_{context}"]
+=== Bug fixes
+
+* Before this release, many of the APIs listed in the console for the {external-secrets-operator} were missing descriptions. With this release, the API descriptions have been added. (link:https://issues.redhat.com/browse/OCPBUGS-61081[OCPBUGS-61081])
+
+
+[id="external-secrets-operator-1-0-0-features-enhancements_{context}"]
+=== New features and enhancements
+
+*Renaming and improvements on the Operator API*
+
+With this release, the Operator API externalsecrets.operator.openshift.io has been renamed to externalsecretsconfigs.operator.openshift.io to avoid confusions with the external-secrets provided API that has the same name, but a different purpose. The API has also been restructured and new features are added.
+
+For more information, see {external-secrets-operator} APIs.
+
+*Support to collect metrics of {external-secrets-operator-short}*
+
+With this release, the {external-secrets-operator} supports collecting metrics for both the Operator and operands. This is optional and must be enabled.
+
-
+
+For more information, see Monitoring the External Secrets Operator for Red Hat OpenShift.
-
+
+For more information, see Monitoring the External Secrets Operator for Red Hat OpenShift.
+For more information, see Monitoring the {external-secrets-operator}.
+
+*Support to configure proxy for {external-secrets-operator-short}*
+
+With this release, the {external-secrets-opeator} supports configuring proxy for both the Operator and operand.
+
+For more information, see About the egress proxy for the {external-secrets-operator}.
+
+*Root filesystem is read-only for {external-secrets-operator} containers*
+
+With this release, to improve security, the {external-secrets-operator} and all its operands have the `readOnlyRootFilesystem` security context set to true by default. This enhancement hardens the containers and prevents a potential attacker from modifying the contents of the container’s root file system.
+
+*Network policy hardening is now available for {external-secrets-operator-short} components*
+
+With this release, {external-secrets-opeator} includes pre-defined `NetworkPolicy` resources designed for enhanced security by governing ingress and egress traffic for operand components. These policies cover essential internal traffic, such as ingress to the metrics and webhook servers, and egress to the OpenShift API server and DNS server. Note that deployment of the `NetworkPolicy` is enabled by default and egress allow policies must be explicitly defined in the `ExternalSecretsConfig` custom resource for the `external-secrets` component to fetch secrets from external providers.
+
+For more information, see Configuring Network Policy for the Operands.
+
+
-
+*Root filesystem is read-only for External Secrets Operator for Red Hat OpenShift containers*
+
+With this release, to improve security, the External Secrets Operator for Red Hat OpenShift and all its operands have the readOnlyRootFilesystem security context set to true by default. This enhancement hardens the containers and prevents a potential attacker from modifying the contents of the container’s root file system.
+
+*Network policy hardening is now available for External Secrets Operator components*
+
+With this release, External Secrets Operator for Red Hat OpenShift includes pre-defined NetworkPolicy resources designed for enhanced security by governing ingress and egress traffic for operand components. These policies cover essential internal traffic, such as ingress to the metrics and webhook servers, and egress to the OpenShift API server and DNS server. Note that deployment of the NetworkPolicy is enabled by default and egress allow policies must be explicitly defined in the ExternalSecretsConfig custom resource for the external-secrets component to fetch secrets from external providers.
+
+For more information, see Configuring Network Policy for the Operands.
+
-
+*Root filesystem is read-only for External Secrets Operator for Red Hat OpenShift containers*
+
+With this release, to improve security, the External Secrets Operator for Red Hat OpenShift and all its operands have the readOnlyRootFilesystem security context set to true by default. This enhancement hardens the containers and prevents a potential attacker from modifying the contents of the container’s root file system.
+
+*Network policy hardening is now available for External Secrets Operator components*
+
+With this release, External Secrets Operator for Red Hat OpenShift includes pre-defined NetworkPolicy resources designed for enhanced security by governing ingress and egress traffic for operand components. These policies cover essential internal traffic, such as ingress to the metrics and webhook servers, and egress to the OpenShift API server and DNS server. Note that deployment of the NetworkPolicy is enabled by default and egress allow policies must be explicitly defined in the ExternalSecretsConfig custom resource for the external-secrets component to fetch secrets from external providers.
+
+For more information, see Configuring Network Policy for the Operands.
+
 [id="external-secrets-operator-release-notes-0-1-0_{context}"]
 == Release notes for {external-secrets-operator} 0.1.0 (Technology Preview)