diff --git a/release_notes/ocp-4-17-release-notes.adoc b/release_notes/ocp-4-17-release-notes.adoc index f321a6ccfb38..7da3f88e8950 100644 --- a/release_notes/ocp-4-17-release-notes.adoc +++ b/release_notes/ocp-4-17-release-notes.adoc @@ -538,9 +538,47 @@ Starting in {product-title} 4.14, Extended Update Support (EUS) is extended to t [id="ocp-4-17-insights-operator-enhancements_{context}"] === Insights Operator -* The Insights Operator now collects the `haproxy_exporter_server_threshold` metric. (link:https://issues.redhat.com/browse/OCPBUGS-36687[*OCPBUGS-36687*]) +// Engineering reference CCXDEV-12582 -* Previously, the Insights Operator gathered information about all Ingress Controller certificates, including their `NotBefore` and `NotAfter` dates. This data is now compiled into a `JSON` file located at `aggregated/ingress_controllers_certs.json` for easier monitoring of certificate validity across the cluster. (link:https://issues.redhat.com/browse/OCPBUGS-35727[*OCPBUGS-35727*]) +The Insights Operator now collects more {product-title} container log data from namespaces prefixed with either the `openshift-` or `kube-` prefix and generates recommendations much faster. +Enhancements have also been made to give you more flexibility in how the data to be collected gets defined for your service. + +==== Rapid Recommendations + +This release introduces a new feature called Rapid Recommendations, which provides a more dynamic and version-independent mechanism for remotely configuring the rules that determine which data the Insights Operator collects. + +Rapid Recommendations builds on the existing conditional data gathering mechanism. +The Insights Operator connects to a secure remote endpoint service running on `/console.redhat.com` to retrieve definitions that contain the rules for determining which container log messages are filtered and collected by Red Hat. + +The conditional data-gathering definitions, also referred to as rules, get configured through an attribute named `conditionalGathererEndpoint` in the link:https://github.com/openshift/insights-operator/blob/master/config/pod.yaml[`pod.yml`] configuration file. + +[source,bash] +---- +conditionalGathererEndpoint: https://console.redhat.com/api/gathering/v2/%s/gathering_rules +---- + +[NOTE] +==== +Previously, the rules for determining the data that the Insights Operator collects were hard-coded and tied to the corresponding {product-title} version. +==== +The preconfigured endpoint URL now provides a placeholder (`%s`) for defining a target version of {product-title}. + +==== More data collected and recommendations added + +The Insights Operator now gathers more data to detect the following scenarios, which other applications can use to generate remedial recommendations to proactively manage your {product-title} deployments: + +// Engineering reference: CCXDEV-12899 +* Detects pods and namespaces that use the link:https://access.redhat.com/articles/7065170[deprecated OpenShift SDN CNI plugin] and generates a recommendation for the possible actions you should take depending on the data collected from your deployment. +// Engineering reference: OSPRH-5904 +* Collects custom resource definitions (CRD) from {rh-openstack}. +// Engineering reference: CCXDEV-13001 +* Collects the `haproxy_exporter_server_threshold` metric to detect the problem and remediation reported in link:https://issues.redhat.com/browse/OCPBUGS-36687[*OCPBUGS-36687*]. +// Engineering reference: CCXDEV-12758 +* Collects data to detect custom Prometheus Alertmanager instances that are not in the `openshift-monitoring` namespace because they could potentially impact the management of corresponding resources. +// Engineering reference: CCXDEV-12503 +* Detects the upcoming expiry of the default Ingress Controller expiration certificate, which other applications and services can use to generate recommendations to renew the certificate before the expiry date. +// Engineering reference: OCPBUGS-35727 + ** Before this update, the Insights Operator gathered information about all Ingress Controller certificates, including their `NotBefore` and `NotAfter` dates. This data is now compiled into a `JSON` file located at `aggregated/ingress_controllers_certs.json` for easier monitoring of certificate validity across the cluster. (link:https://issues.redhat.com/browse/OCPBUGS-35727[*OCPBUGS-35727*]) [id="ocp-4-17-installation-and-update_{context}"] === Installation and update @@ -2877,7 +2915,7 @@ $ oc adm release info 4.17.2 --pullspecs * Previously, for managed services on {hcp}, audit logs were sent to a local webhook service, `audit-webhook`. This caused issues for {hcp} pods that sent audit logs through the `konnectivity` service. With this release, `audit-webhook` is added to the list of `no_proxy` hosts so that {hcp} pods can send auti logs to the `audit-webhook` service. (link:https://issues.redhat.com/browse/OCPBUGS-42974[*OCPBUGS-42974*]) -* Previously, when you used the Agent-based Installer to install a cluster, `assisted-installer-controller` timed out or exited the installation process depending on whether `assisted-service` was unavailable on the rendezvous host. This situation caused the cluster installation to fail during CSR approval checks. With this release, an update to `assisted-installer-controller` ensures that the controller does not timeout or exit if `assisted-service` is unavailable. The CSR approval check now works as expected. (link:https://issues.redhat.com/browse/OCPBUGS-42839[*OCPBUGS-42839*]) +* Previously, when you used the Agent-based Installer to install a cluster, `assisted-installer-controller` timed out or exited the installation process depending on whether `assisted-service` was unavailable on the rendezvous host. This situation caused the cluster installation to fail during CSR approval checks. With this release, an update to `assisted-installer-controller` ensures that the controller does not timeout or exit if `assisted-service` is unavailable. The CSR approval check now works as expected. (link:https://issues.redhat.com/browse/OCPBUGS-42839[*OCPBUGS-42839*]) * Previously, running the `openshift-install gather bootstrap --dir ` command might cause the installation program to skip the analysis of the collected logs. The command would output the following message: +