What_s_New_in_OpenShift_4.21.pdf

Transcript

1. V0000000 Feb 3, 2026 What’s New in Red Hat OpenShift

   4.21 OpenShift Product Management red.ht/whatsnew

2. What's New in OpenShift 4.21 2 Physical Virtual Private cloud

   Public cloud Edge Linux host operating system Kubernetes Run Containers and Virtual Machines | Run Virtual Machines Only Foundational Application Platform Capabilities Service Mesh | Serverless | Builds | Pipelines | GitOps |Tracing | Log Management | Cost Management Advanced Development Capabilities Internal Development Portal | Secure Software Delivery | Developer Tools Advanced Management & Security Multicluster Management | Cluster Security Global Registry | Cluster Data Management Red Hat OpenShift on IBM Cloud Red Hat OpenShift Service on AWS Azure Red Hat OpenShift OpenShift Dedicated Red Hat OpenShift Cloud Services Middleware Application Servers | Integration | Messaging AI Capabilities Model Development | Serving Lifecycle | Agentic | RAG | Fine Tuning Red Hat OpenShift and Open Hybrid Cloud

3. What's New in OpenShift 4.21 58 Total Enhancements 23 Graduated

   to Stable 22 Promoted to Beta 13 New Alpha Features Kubernetes 1.34 3 Product Manager: Nick Png CRI-O 1.34 Kubernetes 1.34 OpenShift 4.21 Notable Beta Features ▸ External ServiceAccount token signing ▸ Dynamic Resource Allocation (DRA) ▸ Prefer same node traffic distribution ▸ Pod Level Resources ▸ Mutating Admission Policies “Of Wind & Will” Notable Stable Features ▸ Dynamic Resource Allocation (DRA) core ▸ Job Pod Replacement Policy ▸ Volume Attributes Class ▸ Structured Authentication Configuration ▸ Anonymous Authentication Configurable Endpoints ▸ Relaxed DNS Search Validation

4. What's New in OpenShift 4.21 Notable Top RFEs and Components

   4 Top Requests for Enhancement (RFEs) ▸ Kube ApiServer: allow `events-ttl` parameter to be configurable - RFE-4559 ▸ Use UBI-minimal as base image for OpenShift components - OCPSTRAT-2553 ▸ Improvements to Vertical Pod Autoscaling - RFE-29 ▸ Support in-place update for pod resources - RFE-556 ▸ Support for Google Cloud Platform Spot VMs - RFE-3563 ▸ Support hosts file for CoreDNS resolution on MicroShift - RFE-7409 Product Manager: Nick Png

5. What's New in OpenShift 4.21 5 OpenShift 4.21 Spotlight Features

6. What's New in OpenShift 4.21 Red Hat OpenShift 4.21 Highlights

   DRA: Dynamic Resource Allocation GA: Generally Available VM: Virtual Machine red.ht/whatsnew AI Core Virtualization Kueue 1.2 KubeFlow Trainer v2, pending workloads JobSet (GA) Attribute Based GPU Allocation (DRA) Namespace Controlled Admin Access (DRA) Prioritized Alternatives (DRA Device Requests) Dynamic Scaling (Hosted Control Planes) Autoscaling to/from zero (Hosted Control Planes) OpenShift on VMware Cloud Foundation 9 (GA) OpenShift on Oracle Database Appliance (GA) Confidential Containers (Azure and Azure Red Hat OpenShift GA) Cross Cluster Live VM Migration IPv6-only control plane and secondary network (GA) OpenShift Virtualization on Google Cloud bare metal (GA) Streamline virtualization and localnet UI flows AI powered VM insights and troubleshooting UI 6

7. What's New in OpenShift 4.21 AI Workloads in OpenShift 4.21

   Optimizing Infrastructure for Enterprise AI/ML DRA: Attribute-Based GPU Allocation General Availability Lets a pod ask for a device using clear, structured fields (not vague strings). DRA Admin Access General Availability Give admins a safe, limited way to inspect or service in-use devices. DRA: Prioritized Alternatives Generally Available Let a pod list “preferred device options” in order (try A, else B, else C). Product Managers: Gaurav Singh, Duncan Hardie Job Set General Availability JobSet lets you define and run multiple related Jobs as one coordinated workload. Red Hat Build of Kueue 1.2 General Availability Provides support for KubeFlow TrainJob v2 as well as introducing the ability to monitor pending workloads. 7

8. What's New in OpenShift 4.21 Red Hat OpenShift expands support

   for VMware vSphere Foundation 9 (VVF9) and VMware Cloud Foundation 9 (VCF9) 8 ▸ General availability (GA) support is now available for: ▸ OpenShift 4.18, 4.19, 4.20, and 4.21, ▸ Red Hat Advanced Cluster Management for Kubernetes (ACM) 2.15.1+. ▸ OpenShift Data Foundation versions 4.19.7 and 4.20 are available as a Technology Preview (TP). ▸ We plan to make ODF versions 4.18, 4.19, and 4.20 generally available on VVF9 and VCF9 platforms in Q1 2026. Details in this blog post. Product Managers: Michal Zasepa How to configure networking layer with VCF9 Customers deploying OpenShift clusters on top of VCF9 will use a standardized networking model: ▸ Infrastructure network provider: Powered by VMware NSX, helping to ensure robust connectivity at the hypervisor level. ▸ Overlay network: Powered by OVN-Kubernetes, providing the standard, agile networking layer required by OpenShift.

9. What's New in OpenShift 4.21 Simplified VM admin Management •

   Multi-cluster VM operations and management • Physical Network Creation User Interface • Virtual VM Network Creation Wizard • Integrated Gen AI Lightspeed information into the UI flows for troubleshooting • Support for UI plugins for 3rd party integration Optimize your infrastructure • Cross-cluster VM live migration from MTV and RHACM (GA) • Storage agnostic Change Block Tracking for Incremental Backup (TP) • MIG vGPUs for VMs • OpenShift Virtualization on Google Cloud bare metal (GA) • Eject/Insert CD-ROM (TP) • Windows Server Failover Cluster with multipath failover support Networking Enhancements • IPv6 single-stack for control plane and secondary networks (GA) • Import of VMs connected to an overlay network 9 OpenShift Virtualization Highlights Modernize your operations with comprehensive lifecycle and infrastructure management Product Managers: Peter Lauterbach, Ronen Sde-Or, Martin Tessun

10. What's New in OpenShift 4.21 Intelligent OpenShift 10

11. What's New in OpenShift 4.21 ▸ Right sizing recommendations at

    the namespace, cluster & virtual machine levels A multi-layer optimization feature designed to help users reconcile the gap between requested resources and actual consumption. ▸ Ensure better performance across workloads It prevents over-provisioning, which leads to idle and wasted resources, and under-provisioning, which causes performance degradation and application instability (CPU & Memory-based recommendations). ▸ Leverage MultiClusterObservability (MCO) Make use of dedicated Grafana dashboards in RHACM console. Product Managers: Vanessa Martini, Christian Stark Right Sizing Recommendations Generally Available with Red Hat Advanced Cluster Management 2.16 11 CPU overestimation/underestimation - VM Level, cluster level & namespace level:

12. What's New in OpenShift 4.21 12 Product Manager: Erwan Gallen,

    Sudhakar Molli AI Accelerator Ecosystem ▸ UEFI secure boot with prebuilt NVIDIA signed drivers (early access for OpenShift 4.18+) ▸ NVIDIA GPU Operator v25.10.1 support ◦ Updated GPU driver, DCGM, device plugin, MIG manager ◦ Improved stability during upgrades and node updated ▸ Kubernetes DRA APIs available in OpenShift 4.21 ▸ NVIDIA DRA driver delivered as a standalone component. ◦ Deployable via Helm charts ◦ Replaces NVIDIA device plugin ◦ Not embedded in the NVIDIA GPU Operator yet; native integration planned H2, 2026). ▸ AMD GPU Operator v1.4.1 - GA and published in Red Hat catalog ▸ Support for AMD Instinct MI350X/MI355X with ROCm 7.2 ▸ Disconnected/Air gapped install support ▸ Improved kernel compatibility handling ▸ OLM packaging fully functional ▸ Starting ROCm 7.2 amdgpu kernel driver version is decoupled from ROCm user space ◦ Enables independent driver upgrade/downgrade

13. What's New in OpenShift 4.21 Manage at Scale 13

14. What's New in OpenShift 4.21 ARO HCP During this release

    we added 15 features to ARO HCP in our way to make it available later this year 14 Hosted Control Planes Append Global Pull Secret in ROSA HCP Users can provide custom pull secrets that automatically merge with the cluster’s Global Pull Secret, enabling access to both custom and service-managed registries without requiring configurations by the SREs HCP on Azure Developer Preview support on Azure. Run hosted control planes and node pools on Azure natively (self-managed, not ARO) Scale down to zero nodes in ROSA HCP Users can set min-replicas to 0 and scale down and back up as needed while maintaining the hosted control plane operative, reducing compute costs when not needed. Product Manager: Ramon Acedo, Linh Nguyen Control Plane Autoscaling in ROSA HCP Scale automatically based on actual Kube API Server memory usage (VerticalPodAutoscaler) ensuring optimal performance and reducing over-provisioning costs. X86 Control Plane and ARM Nodes Improved matrix for supported architectures with this combo * Hosted Control Planes is shipped in the HyperShift Operator included in RHACM, released about 6 weeks after the GA of OCP 4.21 Configure Ingress Route Specify the endpointPublishingStrategy (e.g. LoadBalancer) directly in the HostedCluster CR.

15. What's New in OpenShift 4.21 15 Product Managers: Shawn Purtell

    (speaking on behalf of August Simonelli, Scott Berens, Christian Stark, Bradd Weidenbenner, Sho Weimer) Global Cluster Management • Managed Cluster Migration - integration with ZTP (ClusterInstance) • Event Driven cluster lifecycle events Fleet Virtualization • Cross-cluster live migration (GA) • Fine Grained RBAC for Virtualization (GA) Red Hat Advanced Cluster Management for Kubernetes 2.16

16. What's New in OpenShift 4.21 Monitoring & Observability • Right

    Sizing for VMs, namespaces & clusters - GA Product Managers: Shawn Purtell (speaking on behalf of August Simonelli, Scott Berens, Christian Stark, Bradd Weidenbenner, Sho Weimer) ArgoCD & Application Management • ACM Gitops Addon (GA) ◦ focus on efficient installation Cluster Lifecycle Management • Cluster Lifecycle for ARO with Azure (CAPZ) provider (TP) • Cluster Lifecycle for private cloud with CAPI v1.11 (CAPOA) Red Hat Advanced Cluster Management for Kubernetes 2.16 16

17. What's New in OpenShift 4.21 17 4.10 highlights Red Hat

    Advanced Cluster Security for Kubernetes Product Manager: Maria Simon Single-Stack and Dual-Stack IPv6 ACS in modern IPv6 enabled enviornments Tech Preview: File Activity Monitoring provides essential visibility for by tracking sensitive node files and allowing users to enforce security policies and receive instant violation alerts. Tech Preview: RHACS Plugin in OpenShift Console for Vulnerability Management Integrates vulnerability data directly into the OpenShift console for easier risk management KEY updates MORE updates Base Image Separation of Duties Enforce trusted base images and clearly separate base-layer vulnerabilities from application-layer vulnerabilities. Policy Criteria for “Days since CVE fixed” prioritize remediation efforts based on the age of a vulnerability fix Dev Preview: Stackrox MCP Server & lightspeed integration Users can ask security questions in natural language to get a personalized, AI-driven answer that instantly identifies if a CVE affects their environment Tech Preview:Vulnerability Management in ACS for Virtual Machines running on OpenShift Virtualization platform .extends ACS vulnerability scanning to RHEL virtual machines, allowing security teams to detect and manage VM image and runtime vulnerabilities Global NodeSelector and Tolerances Support for Central Config Allows operators to configure where the Central component runs Cluster Registration Secret GA Allows secure registration of clusters to RHACS Central Dev Preview: SBOM scanning and Vulnerability report generation .allows detecting vulnerabilities early via SBOM files in SPDX 2.3 format for secure software development lifecycle

18. What's New in OpenShift 4.21 Sparse Manifests: Enabling Efficient Mirroring

    Enables storage/bandwidth optimization for disconnected clusters. Quay supports client tools to sync only the architectures you need while preserving digest integrity. Immutable Image Tags Hard enforcement for those who prefer the readability of tags over digests. Use regex policies to lock specific tags, ensuring stable human-readable references remain unchanged and protected. Hardened UBI 9 Minimal Foundation Quay is now re-platformed on UBI 9 Minimal. This transition ensures a FIPS-ready stack with a significantly smaller footprint, reducing both security risks and CVE alerts. Organization Mirroring: The "Scale Unlock" Automate replication for massive environments. Mirror entire organizations or Harbor projects in one step, removing the friction of manual, per-repository configuration. Product Manager: Tony Wu 18 Scaling the Telco/Edge, Enforcing Tag Stability, and Hardening the Security Foundation Red Hat Quay 3.17 What’s new in Red Hat Quay 3.17

19. What's New in OpenShift 4.21 Observability & Sustainability 19

20. What's New in OpenShift 4.21 20 Cluster Observability Operator ▷

    Customizable dashboards in OCP/ACM console - powered by Perses (TP) ▷ AI Trace Summarizer (DP) New Features COO 1.4 Product Managers: Vanessa Martini, Roger Floren

21. What's New in OpenShift 4.21 21 Observability OpenShift Monitoring Product

    Manager: Roger Floren ▷ Steps into supporting full UTF8 ▷ Enhanced OTLP Metrics ingestion ▷ PromQL / TSDB performance improvements ▷ Increased involvement in the monitoring upstream projects ▷ Thanos Ruler retention now aligns with user workload Prometheus by default ▷ Monitoring stack components updated ◦ Prometheus Operator: 0.87.1 ◦ Prometheus: 3.7.3 ◦ kube-state-metrics: 2.17.0 ◦ node-exporter: 1.10.2 ◦ thanos: 0.39.2 New Prometheus / Prometheus operator Improvements OpenShift 4.21

22. What's New in OpenShift 4.21 22 Observability Product Manager: Jamie

    Parker Logging 6.5 OpenShift Logging ▷ OpenTelemetry Log Export for Advanced Correlation ▷ Loki - Add Flexibility to Persistent Volumes ▷ Support for Alternative Authentication Gateways Log Collection Log Storage

23. What's New in OpenShift 4.21 23 Application Observability & Integrations

    ▷ GA Components: ◦ Metricsstarttime Processor ◦ Filter Processor ◦ Transform Processor ▷ Managed OpenTelemetry experience for new users Product Manager: Jamie Parker ▷ Upgrade to Tempo 2.9 ◦ Performance improvement for TraceQL searches Observability Distributed Tracing 3.9 Red Hat Build of OpenTelemetry Distributed Tracing

24. What's New in OpenShift 4.21 Console 24

25. What's New in OpenShift 4.21 25 Console Console RFEs “Customer

    Happiness” for 4.21 ▸ RFE-1279 - Ability to impersonate user who has privileges from multiple groups ▸ CONSOLE-4701 - Allow users to set the Monaco Editor theme and font-size ▸ CONSOLE-4814 - Add UI for creating VACs and also applying VACs to PVCs ▸ RFE-6236 - Support mailto: links in ConsoleLink href field Product Manager: Ali Mobrem

26. What's New in OpenShift 4.21 Developer Experience 26

27. What's New in OpenShift 4.21 27 Red Hat Developer Hub

    Streamlined DevX and accelerated onboarding using centralized tools and docs. Red Hat Developer Hub RHDH 1.8 Highlights: • New Scorecard plugin provides insights into project health and compliance metrics (DP) • Templates/Scaffolder versioning support • Notifications are sent or PR opened when the template has been updated. • Localization support & French translations • Quickstart added for the “Developer” persona RHDH Release Notes • Developer Lightspeed is now based on Llama-stack for greater flexibility (DP) • MCP Server in Red Hat Developer Hub for AI access to catalogs and techdocs (DP) • Openshift AI Connector for RHDH syncs AI assets with the RHDH catalog (DP) • RHDH Dynamic Plugin Factory to help with plugin development (DP) Product Manager: Christophe Fargette

28. What's New in OpenShift 4.21 28 7.2k ! ▸ Default

    registries through managed configuration ▸ Improved UX for Podman Remote connections ▸ New and improved task manager ▸ Performance improvements ▸ Windows Podman installer doesn’t require Administrator privileges ▸ Support added for podman kube play ‘replace’ ▸ Forward and backward navigation Podman Desktop The open-source GUI to manage containers and bridge the gap from local development to Kubernetes. Release Notes

29. What's New in OpenShift 4.21 OpenShift Dev Spaces Versions 3.24

    and 3.25 are now available Red Hat OpenShift Dev Spaces 3.25 is based on Eclipse Che 7.111 Developers can now use Dev Spaces with their local VS Code based editors such as VS Code, Cursor, and Kiro. Additionally, using local to remote with VS Code allows the use of microsoft store extensions instead of OpenVSX Running Containers in Dev Spaces is now natively supported, allowing for Podman run capabilities while removing the need for workarounds such as Kubedock. SSH Local to Remote for VS Code IDEs (Tech Preview) You can now connect to multiple Dev Spaces workspaces simultaneously by using the JetBrains Gateway plugin. Previously, the plugin restricted you to a single active connection. Nested Container Support (Podman Run Capabilities) Admins can now globally configure default resource requests and limits for all workspace containers in the Che Cluster CR. Additionally, the default per workspace PVC size has been increased to 10gi Use Multiple Jetbrains Workspaces Simultaneously Set Default Container Requests and Limits in CR 29 Product Manager: Mokhtar Alarhabi

30. What's New in OpenShift 4.21 Red Hat Developer Hub Enables

    cryptographic signing, verification of software and provenance metadata Red Hat Trusted Artifact Signer (RHTAS) RHTAS 1.3 Highlights: • Model Transparency Library with support for private Sigstore instances • Model Validation Operator for runtime model verification • High-availability Sigstore deployment options • Scalable Transparency Log with cloud storage support • Transparency Log Monitoring capabilities RHTAS 1.3 Release Notes • Conforma now supports Open Policy Agent (OPA) version 1.0 • Conforma can verify signatures from multiple Rekor instances within a single policy execution Product Manager: Veda Shankar 30

31. What's New in OpenShift 4.21 Red Hat Developer Hub Advanced

    Developer Suite - Software Supply Chain (RHADS-SSC) RHADS-SSC 1.8 Highlights: • Upgrade products version - DevHub 1.8, TAS 1.3, TPA 2.2, GitOps 1.18, Pipeline 1.20 • Installer now handles dependency and Helm Chart ordering more intelligently • Integrates Red Hat Developer Hub to use OIDC authentication instead of GitHub • Customized GitLab pipelines require updates to template paths (now /work/tssc) and image locations (now quay.io/redhat-tssc/task-runner:1.8) RHTAS 1.3 Release Notes • Model Signature Verification - support in promotion phase template • Agentic MCP Interface for tssc CLI - allowing LLM agents to orchestrate automated installations and configurations on OpenShift clusters Product Manager: Veda Shankar 31

32. What's New in OpenShift 4.21 Runtimes 32

33. What's New in OpenShift 4.21 33 ▸ Red Hat build

    of Quarkus 3.27 (Release Summary) • Upgrade to Hibernate ORM 7, Hibernate Reactive 3 and Hibernate Search 8 • Subscription aware tooling (CLI, code.quarkus, etc) • Chappie - AI-powered assistant to improve dev experience ･ assistant module to talk to extensions ▸ planning stages for Quarkus/RHBQ 4 (late ‘26/early ‘27) Red Hat build of Quarkus What’s New in 3.27 PMM: Jeff Beck

34. What's New in OpenShift 4.21 Platform Services 34

35. What's New in OpenShift 4.21 35 OpenShift Service Mesh ▸

    OpenShift Service Mesh 3.3 is coming soon: ▸ Based Istio 1.28 and Kiali 2.22 ▸ Support for post quantum cryptographic (PQC) algorithms with Istio gateways (ML-KEM) ▸ Istio Ambient mode - updates: ▪ Support on FIPS clusters (140-2) ▪ Multi-cluster ambient - technology preview ▸ Developer preview features coming soon: ▪ Kiali AI chatbot and MCP integrations ▪ Zero Trust Workload Identity Manager (SPIRE) integration ▪ Service mesh with external VM workloads Product Manager: Jamie Longmuir App SC App SC App SC App SC App SC App SC App App App ZTunnel App App App ZTunnel Waypoint Node Sidecar mode (Traditional service mesh) Ambient mode (Available with Service Mesh 3.2+) Node Node

36. What's New in OpenShift 4.21 36 Builds & Pipelines OpenShift

    Pipelines 1.21 ▸ Debug Pipeline Runs with OpenShift LightSpeed in Dev Preview ▸ Event-driven Pruner and Tekton Cache in Generally Available ▸ Hardened controllers and webhook containers: readOnlyRootFilesystem set to true ▸ Override individual TaskRun timeouts within a PipelineRun ▸ Enhanced Resolver caching minimizes external API calls ▸ Fine-grained retention policies for PipelineRuns and TaskRuns Builds for OpenShift 1.7 ▸ BuildConfig to Shipwright migration guide available Product Manager: Carlos Salinas`

37. What's New in OpenShift 4.21 37 OpenShift GitOps OpenShift GitOps

    1.19 release highlights: ▸ Argo CD 3.1.9, Argo Rollouts 1.8.3, and Argo CD Agent 0.5.1 ▸ Argo CD Agent-based architecture - GA ▸ Argo CD Image Updater - TP ▸ Enhanced control over image pull policies ▸ Delegated notification management ▸ Configurable resource limits for plugins ▸ Deprecation of openshift-gitops-argocd-cli RPMS Product Manager: Sho Weimer

38. What's New in OpenShift 4.21 ▸ Knative 1.17 - improvements

    to core components ▸ Updated default configurations for Serving ▸ Generic event sources/sinks using Kamelets for Eventing ▸ Serverless Functions - MCP Server Developer Preview ▸ Full Serverless Function features ▸ Context injection ▸ Integration with popular AI tools ▸ Openshift Service Mesh 3 - migration Tech Preview ▸ Migration guide from Service Mesh 2.x to 3.0 OpenShift Serverless 38 Product Manager: Finn Liu

39. What's New in OpenShift 4.21 Migration Toolkit for Applications 39

    Product Manager: Ramón Román Nissen Migration Toolkit for Applications 8.1 ▸ Centralized Configuration Management: Adopt a Platform Engineering approach to Migration and Modernization: ▸ Enable organizations to enforce standards. ▸ Harmonize concepts and abstractions across all components. ▸ Enable connectivity between the local components (IDE Extension, CLI) and the central Hub. ▸ Dev Spaces support for the MTA IDE Extension and Developer Lightspeed for MTA (Tech Preview). ▸ Enhanced support for .NET (Dev Preview).

40. What's New in OpenShift 4.21 Installation & Updates 40

41. What's New in OpenShift 4.21 RHEL CoreOS & Machine Config

    Operator Core Platform 41 Cloud-native OS Dual OS streams extend the effective RHEL Certified hardware lifecycle in OpenShift and isolate the OS major version upgrade process. Dual Stream: RHCOS 9 and 10 in the same cluster TECH PREVIEW * *In upcoming z-stream update

42. What's New in OpenShift 4.21 and IBM LinuxONE OpenShift 4.21

    Supported Providers Installation Experiences Automated Full Control Interactive – Connected - Auto-provisions infrastructure - *KS like - Enables self-service - Bring your own hosts - You choose infrastructure automation - Full flexibility - Integrate ISV solutions - Hosted web-based guided experience - Agnostic, bare metal, vSphere and Nutanix - ISO driven - Restricted network (disconnected / air -gapped) - Automatable installations via CLI - Bare metal, vSphere, SNO - ISO driven Installer Provisioned Infrastructure User Provisioned Infrastructure Assisted Installer Agent-based Installer Local – Disconnected Azure Stack Hub Bare Metal IBM Power Systems Product Managers: Marcos Entenza (AWS, Azure, GCP, IBM Cloud, Oracle Cloud), Ju Lim (Alibaba), Ramon Acedo (HCP), Linh Nguyen (HCP), Peter Lauterbach (OCP Virtualization), Gil Rosenberg (OpenStack), Duncan Hardie (IBM Z & Power), Michal Zasepa (Bare Metal, vSphere, Nutanix) 42 Outposts Wavelength Local Zones (Tech Preview)

43. What's New in OpenShift 4.21 43 Product Managers: Marcos Entenza,

    Linh Nguyen ▸ Validate m7 instance types on OCP ▸ Enabled customization of throughput settings for rootVolume ▸ Add support for New Zealand ap-southeast-6 ▸ Support custom DNS for Google Cloud (GA) ▸ Support custom Google Cloud api endpoints ▸ Enhance security posture with fine-grain firewall permissions ▸ Allow customer managed DNS solutions for Azure (TP) ▸ Support NAT Gateway as outboundType for clusters in Azure (GA) ▸ Add support for NVIDIA H100 and H200 enabled machine series Installation Highlights for Cloud Providers Cloud ▸ Openshift on Oracle Database Appliance (GA)

44. What's New in OpenShift 4.21 Installation Highlights for On-premises Providers

    44 On-premises ▸ Bare Metal Day-2 firmware settings reconfiguration and firmware updates (GA) ▸ Enable Bare Metal metrics collection on OpenShift (TP) ▸ Dell iDRAC 10 support ▸ Custom CA certificates for BMCs (GA) ▸ Bare Metal Spoke Cluster Provisioning for Hosted Control Planes from a KubeVirt Hosted Cluster (GA) Bare Metal ▸ Imagestreams import manifestlist by default on a cluster multi payload ▸ Autoscaling from zero on Multi Arch compute ▸ Enable SMB CSI operator for IBM Power ▸ Hosted Control Plane support OCP clusters created on OCP Virt on IBM Z and LinuxONE (Tech Preview) Product Managers: Michael Zasepa, Duncan Hardie ▸ VMware vSphere Foundation 9 and VMware Cloud Foundation 9 support (GA) [blog] ▸ Support Adding Bare Metal Nodes to OpenShift clusters in platform vSphere (Tech Preveiw) Multi- Arch IBM Z, IBM Power, Arm

45. What's New in OpenShift 4.21 OpenShift Virtualization Installation in Disconnected

    and an External Registry-less Technology Preview in OpenShift 4.21.z Product Managers: Linh Nguyen, Ramon Acedo Rodriguez, Michal Zasepa 45 Day-1 (a new cluster deployment) Day-2 (adding new node or replacing failed one) Replace the failed node Extend the cluster capacity STEP A - Download the ISO image STEP B - Boot all servers using downloaded ISO and install an OpenShift Virt cluster in the air-gap environment and without an external registry. New functionality introduced in OpenShift 4.21 ▸ 6 additional Day-2 operators: ◦ Loki Operator, ◦ OpenShift Logging, ◦ Cluster Observability, ◦ MetalLB, ◦ NUMA Resources ◦ OADP. ▸ Inject your SSH key and pull secret to ISO before you download it. ▸ Day-2 upgrade with an external registry ◦ Upgrade without an external registry on the roadmap.

46. What's New in OpenShift 4.21 ▸ OpenShift on Openstack Highlights

    ◦ Support for AuthToken in the Openstack Cloud Credentials ▪ Streamline Openstack Infrastructure integration ▪ Improves openshift image registry integration to the storage backend used (file/block and object) ▸ RHOSO18 Highlights (Feature Release 5 March 2026) ◦ Multi Region Keystone (realm federation) GA ▪ Single authentication for multiple regions (distinct openstack deployments) ▪ Managed under a single UI/Cli with region selection ▪ Local keystone svc still available if needed ◦ RHOSO Lightspeed Integration (Tech Preview) ▪ Intuitive access to infra utilization and resource consumption ▪ Easier troubleshooting ▪ Paves the way to intuitive actions for workload optimization (using OWO - OpenStack Watcher) RHOSO18 and Shift-On-Stack in OpenShift 4.21 46 * As measured in Red Hat labs, April 2024 Product Manager: Gil Rosenberg Horizon Central

47. What's New in OpenShift 4.21 47 Product Manager: Marina Kalinin

    47 OpenShift oc-mirror v2 • Mirror Signatures by default ◦ oc-mirror v2 will mirror cosign sigstore signatures for container images by default now. • oc-mirror will require explicit use of flags --v1 or --v2 ◦ To ensure a stable migration path from the deprecated v1 tool, users are now asked to specify the version explicitly to avoid workflow ambiguity.

48. What's New in OpenShift 4.21 Control Plane & Security 48

49. What's New in OpenShift 4.21 49 Control Plane Security &

    Scalability Product Manager: Ramon Acedo Rodriguez With Key Management Service support you can store the encryption key for etcd secrets externally in a KMS provider • Encrypt etcd secrets at rest using an external KMS provider • HashiCorp Vault and AWS KMS initial support • Tech Preview and post-GA in a 4.21.z release OpenShift Enhancement 1872 adds the required OpenShift controllers and operators to natively enable this plugin-based integration External KMS for etcd Secrets Encryption (Tech Preview) Introducing a configurable “Event TTL”, enabling users to tune event data retention in etcd to significantly reduce etcd load and improve overall API server performance in very large OpenShift clusters Reducing Etcd Database Load for High-Scale Environments etcd Scalability KMS v2 Integration External KMS Provider KMS Controller etcd KMS Plugin

50. What's New in OpenShift 4.21 OpenShift Core Payload Verification via

    SigStore Signature validation policy in effect What This Is OpenShift Core Payload now also verified during install and update via ClusterImagePolicy Why this matters • All OCP images now also ship with SigStore signatures, allowing for easy manual verification by the user via cosign • Images are automatically mirrored via oc-mirror and remain valid in offline registries, no resigning required anymore Product Manager: Gaurav Singh 50

51. What's New in OpenShift 4.21 Secrets Management Increased security for

    certificates and secrets management 51 Product Manager: Nick Png cert-manager ▸ Trust-manager integration enables construction and distribution of custom CA trust bundles. ▸ Use ubi-minimal as base image for operator ▸ Added tutorials and sample YAML snippets to the OpenShift console external secrets operator ▸ Improved configuration options available at runtime for the operator. ▸ Improved support for WIF with GCP ▸ Use ubi-minimal as base image for operator ▸ Added tutorials and sample YAML snippets to the OpenShift console

52. What's New in OpenShift 4.21 Networking & Routing 52

53. What's New in OpenShift 4.21 Network Observability Product Managers: Marc

    Curry, Mark Schmitt 53 Improved DNS decoding Network Observability ▸ New release: v1.11 ▸ Networking Features ▪ Test additional Virt Topologies ▪ Improved DNS decoding ▸ Troubleshooting ▪ Network Health & Alerts [GA] ▸ Improve installation experience & resource tuning ▪ Install by default, easily tune resource/granularity needs ▪ Revamp deployment models (Loki-less, Kafka-less, etc) ▪ Splunk integration via OTEL

54. What's New in OpenShift 4.21 54 Product Managers: Marc Curry,

    Mark Schmitt On-Prem Networking ▸ Make VIPs optional with external loadbalancer ▸ Backports (to 4.16.z) for Support Migration to NMState Bridge Creation ▸ Complete enhancement for Delete nmstate configuration from the system on NNCP deletion ▸ Complete CNCF Sandbox submission for Kubernetes-NMState ▸ Support VSphere 9 ▸ Add support for VRF name in routes Ingress/DNS ▸ Gateway API ▪ Improve upgrade logic for OSSM and Istio ▪ Lead TLSRoute into Standard ▪ Add telemetry ▪ Support for on-premises platforms ▪ Improve OSSM compatibility status reporting ▪ Track upstream work: ListenerSets and Auth

55. What's New in OpenShift 4.21 55 Product Managers: Marc Curry,

    Mark Schmitt Core Networking Virtualization [GA] Support staticIP VM Migration into OVN-Kubernetes • Feature was tech preview in 4.20 • Only remaining pieces are tests and feature gate promotion • Backport feature into 4.20.z Universal Connectivity • Using VRFLite or EVPN [TP] for carrying UDNs via a VPN to external networks • Maximize throughput with no overlay tunnels

56. What's New in OpenShift 4.21 56 Upstream Collaboration with NVIDIA

    Motivation • Changes our planning process ◦ We will strategically work on NVIDIA priority EPICs as well as those that benefit customers like Virtual Private Clouds on OVN-Kubernetes ◦ Review Enhancements and ensure Red Hat customer use cases are represented well Key Feature • UDN Layer2 Topology Improvements Product Managers: Marc Curry, Mark Schmitt Core Networking

57. What's New in OpenShift 4.21 Product Manager: Christopher Ferreira 57

    Red Hat Connectivity Link New Features: • Developer Portal ◦ Dev Preview for Developer Hub will be available in v1.3 • Enhanced Developer Experience ◦ Tracing/Observability expansion for policies & RHCL components • MCP Gateway Auth ◦ Developer Preview of MCP Gateway multi-directional authentication New Release (v1.3) Featuring: • CoreDNS Support ◦ General Availability of CoreDNS • Automated DNS Failover ◦ Cluster-Level DNS Policy to automatically failover in the event of outage (Dev Preview) • Developer Portal in OpenShift Console ◦ Coming in v1.4 (June) along with Developer Hub Additional Updates:

58. What's New in OpenShift 4.21 Operator Framework 58

59. What's New in OpenShift 4.21 The next-gen Operator Lifecycle Manager

    → OLM v1 Operator Lifecycle Manager (OLM) v1 Product Manager: Marina Kalinin • Streamlined Lifecycle: Authors can package webhooks without modifications. • Enhanced Troubleshooting: Automatic detection of misconfigurations and Service Pod health. • Enable support for centralized TLS cluster profiles in OLMv1 Available for testing via the TechPreviewNoUpgrade feature set • OLMv1 in OpenShift Console • OwnNamespace/SingleNamespace operators: ◦ Supports operators packaged in registry+v1 bundles using OwnNamespace and SingleNamespace installmodes. ◦ TargetNamespace propagation: Ensures correct WATCH_NAMESPACE environment variable propagation for accurate operator behavior. OLM v1 Tech Preview Functionality Webhooks Support for registry+v1 bundles is Generally Available (GA) Honor Centralized TLS Configuration for PQC-Safety 59

60. What's New in OpenShift 4.21 Console Evolution: Unified Software Ecosystem

    Product Manager: Marina Kalinin Operators and Helm Charts in the Unified View under Ecosystem Ecosystem Navigation Menu • Helm view is now a sub menu under the Ecosystem ◦ Merged from Developer View • OLMv1 view is an option if a cluster is in TechPreviewNoUpgrade ◦ Non-production clusters only ◦ No form for Create and Upgrade flow - only YAML presentation ◦ OLMv1 toggle to turn off, if not ready to test yet ◦ Note: OLM classic, aka v0 is still fully supported The next-gen Operator Lifecycle Manager → OLM v1 60

61. What's New in OpenShift 4.21 Storage 61

62. What's New in OpenShift 4.21 OpenShift Storage Product Manager: Gregory

    Charot Operators & Drivers ▸ Azure File • Snapshots (GA) • Cloning (GA) ▸ GCP PD • Reduce permission scope ▸ SMB • PPC64le support Core Storage ▸ VolumeAttributesClass (GA) ▸ Mutable CSI Node Allocatable Property (TP) 62

63. What's New in OpenShift 4.21 ▸ Regional Disaster Recovery •

    Multi Volume support • Support for Multus • Hybrid RDR with on-prem and Azure ▸ Multicloud Object Gateway • Allow developer users to use the ODF Object Browser • Minimal IAM support ▸ External mode support for IPv6 and replica 1 ▸ ODF HealthOverview UI ▸ ARM support [GA] OpenShift Data Foundation 4.21 Out of the box support Block, File, Object, NFS Platforms AWS/Azure Google Cloud (GA) OpenShift Virtualization OSP (Tech Preview) Bare metal/IBM Z/Power VMWare 8,9 Thin/Thick IPI/UPI ARO ARM (GA) ROSA HCP (GA) with Self managed ODF IBM ROKS & Satellite - Managed ODF (GA) Any platform using agnostic deployment mode for self managed OpenShift deployments. Deployment modes Disconnected environment and Proxied environments 63 Product Manager: Gregory Charot (speaking on behalf of Eran Tamir)

64. What's New in OpenShift 4.21 Telco 5G & Edge 64

65. What's New in OpenShift 4.21 Telco 5G 65 Granular IRQ

    SMP Affinity (DPDK pods) Benefits => more CPUs to run IRQs: kernel Networking Stack, storage I/O Product Manager: Franck Baudin container single UNIX process 0 1 2 3 4 5 6 7 8 9 10 11 12 13 logs IT > 100% load, should never be interrupted few% load, interruptible tasks Physical Core: composed of 2 hyperthreads siblings (Linux CPUs) oc exec examplePMD -- env …/… OPENSHIFT_HOUSEKEEPING_CPUS=2,3 # new: CPUs 2 and 3 can run IRQs, CPUs 4-7 cannot run IRQs kind: Pod metadata: name: examplePMD annotations: irq-load-balancing.crio.io: "housekeeping" # current behaviour still possible: CPUs 2-7 cannot run IRQs kind: Pod metadata: name: examplePMD annotations: irq-load-balancing.crio.io: "disabled"

66. What's New in OpenShift 4.21 Single Node OpenShift Network Change

    [Tech Preview in OCP 4.21] 66 SNO Node Network State Change (via CR) Dual Stack (Primary family and Dummy Secondary family) [TP] Dual Stack (Primary family and valid Secondary family) [TP] • Toggle Address Family (IPv4/IPv6 via DNS masking • IP Address • Subnets • VLAN • Default Gateways • DNS Servers Single Stack [DP] • IP Address • Subnet • LAN • Default Gateway • DNS Servers Prerequisites • SNO provisioned with Dual Stack networking for Address Family change (if only one stack is usable, the inactive network stack uses a “dummy”, non-addressable address) ◦ Primary Stack in Dual Stack does not change with network change ◦ DNS filtering applied to inactive family Limitations • Statically defined networking only ; no DHCP • No Proxy in the cluster • No bonded node network interfaces • No change to any other interfaces other than the node's primary network interface (SR-IOV, etc…) • One VLAN Objective: Provide cluster operators with the ability to change the node’s network definition, effectively moving the node from one network to another Process: Apply CR to initiate change [ Locally for DR scenario or via ACM Policy (TALM ClusterGroupUpgrade for scale) when change is planned ] Product Manager: Robert Love

67. What's New in OpenShift 4.21 New Features MicroShift V4.21 (02/2026)

    Product Manager: Daniel Fröhlich Simplify SR-IOV usage • Use the SR-IOV operator to easily configure SR-IOV networking, without the need to manually configure Virtual Functions (VFs) and Multus networking MicroShift on RHEL10 (Tech Preview) • Deploy as image or package based on RHEL 10.0 Enhanced Community Experience • Upstream Microshift bootc/rpm now installable without pull secrets. See microshift.io Use a hosts file for CoreDNS resolution • At the edge, DNS is not always available or reliable. An hosts file can now be configured to be used by cluster internal DNS resolution. Last Level Cache Locality • Modern CPUs can have multiple last level caches (LLC aka uncore cache). Workload performance can benefit from that when scheduled to cores with same LLC. The k8s UncoreCache CPU manager policy helps with this. Generic Device Plugin (General Available) • Simplifies access to generic devices like USB cameras, serial ports etc. • No elevated privileges for the consuming pod needed 67

68. V0000000 linkedin.com/company/red-hat youtube.com/OpenShift facebook.com/redhatinc twitter.com/OpenShift Thank you Recording will be

    available shortly here: red.ht/whatsnew Guided demos of new features on a real cluster learn.openshift.com OpenShift info, documentation and more try.openshift.com OpenShift Commons: where users, partners, and contributors come together commons.openshift.org