[3.2] Additional release-note updates (#543)

* Add kiwi builder to 3.2 release notes * release-notes: Add some new features * release-notes: Update SBOM examples for 3.2 image * release-notes: Add Metal3 upgrade information * Update asciidoc/edge-book/releasenotes.adoc Co-authored-by: Atanas Dinov <[email protected]>
suse-edge · Jan 18, 2025 · 7015ced · 7015ced
1 parent b6d1f37
commit 7015ced
Showing 1 changed file with 23 additions and 8 deletions.
diff --git a/asciidoc/edge-book/releasenotes.adoc b/asciidoc/edge-book/releasenotes.adoc
@@ -31,13 +31,16 @@ NOTE: SUSE Edge z-stream releases are tightly integrated and thoroughly tested a
 [#release-notes-3-2-0]
 = Release 3.2.0
 
-Availability Date: TBC
+Availability Date: 20th January 2025
 
 Summary: SUSE Edge 3.2.0 is the first release in the SUSE Edge 3.2 release stream.
 
 == New Features
 
-TBC
+* Updated to Kubernetes 1.31, and Rancher Prime 2.10
+* Updated Rancher Turtles, Cluster API and Metal3/Ironic versions
+* A container image is now provided which enables building updated SUSE Linux Micro images. See <<guides-kiwi-builder-images>> for more details.
+* Deployment of dual-stack downstream clusters is now possible via the directed network provisioning flow as a technology preview.
 
 == Bug & Security Fixes
 
@@ -147,6 +150,7 @@ registry.suse.com/rancher/system-upgrade-controller:v0.14.2
 registry.suse.com/edge/3.2/upgrade-controller:0.1.1 +
 registry.suse.com/edge/3.2/kubectl:1.30.3 +
 registry.suse.com/edge/3.2/release-manifest:3.2.0
+| Kiwi Builder | 10.1.16.0 | N/A | registry.suse.com/edge/3.2/kiwi-builder:10.1.16.0
 |======
 
 = Technology previews
@@ -172,29 +176,29 @@ Verify the container image hash, for example using `crane`:
 
 [,bash]
 ----
-> crane digest registry.suse.com/edge/3.1/baremetal-operator:0.6.1
-sha256:cacd1496f59c47475f3cfc9774e647ef08ca0aa1c1e4a48e067901cf7635af8a
+> crane digest registry.suse.com/edge/3.2/baremetal-operator:0.8.0
+sha256:d85c1bcd286dec81a3806a8fb8b66c0e0741797f23174f5f6f41281b1e27c52f
 ----
 
 Verify with `cosign`:
 
 [,bash]
 ----
-> cosign verify-attestation --type spdxjson --key key.pem registry.suse.com/edge/3.1/baremetal-operator@sha256:cacd1496f59c47475f3cfc9774e647ef08ca0aa1c1e4a48e067901cf7635af8a > /dev/null
+> cosign verify-attestation --type spdxjson --key key.pem registry.suse.com/edge/3.2/baremetal-operator@sha256:d85c1bcd286dec81a3806a8fb8b66c0e0741797f23174f5f6f41281b1e27c52f > /dev/null
 #
-Verification for registry.suse.com/edge/3.1/baremetal-operator@sha256:cacd1496f59c47475f3cfc9774e647ef08ca0aa1c1e4a48e067901cf7635af8a --
+Verification for registry.suse.com/edge/3.2/baremetal-operator@sha256:d85c1bcd286dec81a3806a8fb8b66c0e0741797f23174f5f6f41281b1e27c52f --
 The following checks were performed on each of these signatures:
   - The cosign claims were validated
   - The claims were present in the transparency log
   - The signatures were integrated into the transparency log when the certificate was valid
   - The signatures were verified against the specified public key
 ----
 
-Extract SBOM data as described at the https://www.suse.com/support/security/sbom/[upstream documentation]:
+Extract SBOM data as described at the https://www.suse.com/support/security/sbom/[SUSE SBOM documentation]:
 
 [,bash]
 ----
-> cosign verify-attestation --type spdxjson --key key.pem registry.suse.com/edge/3.1/baremetal-operator@sha256:cacd1496f59c47475f3cfc9774e647ef08ca0aa1c1e4a48e067901cf7635af8a | jq '.payload | @base64d | fromjson | .predicate'
+> cosign verify-attestation --type spdxjson --key key.pem registry.suse.com/edge/3.2/baremetal-operator@sha256:d85c1bcd286dec81a3806a8fb8b66c0e0741797f23174f5f6f41281b1e27c52f | jq '.payload | @base64d | fromjson | .predicate'
 ----
 
 = Upgrade Steps
@@ -211,6 +215,17 @@ Systems upgraded to 6.0 from 5.x carry over the old behavior. New installations
 
 It is recommended to create a non-root user or use key based authentication, but if necessary installing the package `openssh-server-config-rootlogin` restores the old behavior and allows password-based login for the root user.
 
+== Metal^3^ chart changes
+
+In Edge 3.2 the Metal^3^ chart changes some default behavior, chart configuration changes may be required if you require the previous default behavior:
+
+* The Ironic deployment has been rebased to more closely align with the upstream image, which includes several fixes and security improvements:
+** Removal of the deprecated `idrac-wsman` driver
+** Removal of the `ironic-inspector` API (inspection is now handled via the Ironic API)
+** More restrictive access rules for the Ironic HTTP server
+* MariaDB is now optional and disabled by default; on upgrade the MariaDB deployment will be replaced by SQLite unless the new `enable_mariadb` chart variable is specified.
+* Persistent storage for the Ironic shared volume is now optional and disabled by default - on upgrade it will be necessary to ensure the `size` and `storageClass` persistence values are specified if you wish to retain a PVC in the deployment
+
 = Product Support Lifecycle
 
 SUSE Edge is backed by award-winning support from SUSE, an established technology leader with a proven history of delivering enterprise-quality support services. For more information, see https://www.suse.com/lifecycle[https://www.suse.com/lifecycle] and the Support Policy page at https://www.suse.com/support/policy.html[https://www.suse.com/support/policy.html]. If you have any questions about raising a support case, how SUSE classifies severity levels, or the scope of support, please see the Technical Support Handbook at https://www.suse.com/support/handbook/[https://www.suse.com/support/handbook/].