Nick Png CRI-O 1.30 Kubernetes 1.30 OpenShift 4.17 Notable Beta Features ▸ Support user namespaces in pods ▸ Structured Auth Configuration ▸ Node memory swap support ▸ Make Kubernetes aware of the LoadBalancer behaviour ▸ CRD validation ratcheting “Uwubernetes” Notable Stable Features ▸ Pod Scheduling Readiness ▸ Common Expression Language (CEL) for Admission Control ▸ Container resource-based pod autoscaling ▸ Reduction of Secret-based Service Account Tokens
5 Top Requests for Enhancement (RFEs) ▸ Seamless offline migration from SDN to OVN-K - RFE-5502 ▸ 4-node and 5-node control-plane architecture for bare-metal clusters - RFE-540 ▸ Support IAM instance profiles for OpenShift in AWS Installations - RFE-2596 ▸ Support User Namespaces in pods (Tech Preview) - RFE-4517 ▸ Migrate from SDN to OVN with NIC bonding - RFE-4015 ▸ Custom tags for OpenShift in GCP - RFE-4546 Product Manager: Nick Png
(GA) ▸ Memory hotplug for non-disruptive scale-up of VM performance ▸ Automatic VM workload balancing with descheduler ▸ VM storage live migration between storage classes (Tech Preview) OpenShift Platform Plus ▸ Policy as code via ArgoCD and VEX support in Scanner with Advanced Cluster Security 4.6 ▸ ROSA cluster lifecycle with RHACM 2.12 (Dev Preview) ▸ Keyless Authentication and auto pruning policies with Red Hat Quay 3.13 ▸ Self-managed OpenShift Data Foundation on ROSA HCP Core ▸ 4-nodes and 5-nodes control-plane architecture for bare-metal spanned clusters ▸ Node disruption policies to minimize disruption (GA) ▸ Native Network Isolation for Namespaces (Tech Preview) ▸ eBPF Manager (Tech Preview) ▸ User namespaces in pods (Tech Preview) Hosted Control Planes (HCP) ▸ Disconnected Installation enhancements ▸ Comprehensive Backup and Restore Solution for OpenShift Virtualization HCP Clusters ▸ NVIDIA GPU support for OpenShift Virtualization HCP Clusters (Tech Preview) ▸ Multi-architecture HCP Red Hat OpenShift 4.17 highlights Product Manager: Siamak Sadeghianfar
Generative AI based chat assistant Generative AI Powerful, pluggable LLMs combined with the latest OpenShift documentation • RHEL AI • Red Hat OpenShift AI • OpenAI • Azure AI • Watson X Explain, investigate and learn more Provides assistance with explaining and investigating cluster resources Help where you need it Integrated directly into the Red Hat OpenShift web console Product Manager: Gaurav Singh
Enhanced Security for Containers: User namespaces allow pods to run with distinct user IDs inside the container, while mapping them to different IDs on the host. • Better protection against privilege escalation: By enabling user namespaces, it becomes easier to run containers that require root privileges inside the container while being non-root on the host. This improves security by ensuring that any process that escapes a privileged container will not have privileges on the host. Product Manager: Gaurav Singh 9
– Technical Preview 10 The default single L3 pod network is not flexible enough to cover a wide variety of use cases. Product Managers: Marc Curry, Deepthi Dharwar ▸ User Defined Network (UDN) support in OVN-Kubernetes ▸ A default network for OVN-Kubernetes components + VRF support for additional isolated-by-default UDNs ▸ One or more namespaces in each UDN (tenant) ▸ A pod can be connected to different networks, each meant for a specific purpose ▸ Support for: ・ (Admin) Network Policy ・ primary (default) and secondary UDNs ・ overlapping pod IPs across UDNs ・ clusterIP services and external services ▸ Existing secondary networks (Multus) are not impacted node-1 network-3 network-2 pod-1 172.16.0.2 pod-2 172.16.0.3 pod-1 10.10.0.2 pod-2 (VM) 10.10.0.3 node-2 network-3 network-2 pod-1 172.16.1.3 pod-2 172.16.1.4 pod-3 10.10.0.4 pod-4 (VM) 10.10.0.5 ovn_layer2_switch (10.10.0.0/16) ▸ Create a flat Layer-2 network as the primary network to migrate your VMs (pods) across nodes. ▸ Attach your VM/pod network to a provider network (specify VLAN ID to segment/mark/isolate traffic). (Targeting first 4.17.z release) Example Use Cases 172.16.0.0/24 172.16.1.0/24 L3 topology
Manager - Technical Preview 11 An eBPF program manager and gatekeeper Product Managers: Marc Curry, Deepthi Dharwar ▸ eBPF Manager (upstream: “bpfman”) notable features: ・ System Overview (provide insights on eBPF programs) ・ eBPF Program Loader ・ eBPF Filesystem Management ▸ OCTO and RHEL collaboration to productize its use in OpenShift ・ Tech Preview at OpenShift 4.17 ▸ Optionally installed from Operator Hub ▸ Manages targeted Red Hat internal eBPF implementations: ・ Ingress Node Firewall ▸ Currently in CNCF Sandbox ensure the secure deployment of eBPF applications +
policies! ▸ Specify policies per file or path ▸ Associate an action - Reboot (default), Drain, None ▸ Restart specified systemd services - optional Greater control for CoreOS Administrators Product Manager: Mark Russell
HA Control-Plane (Bare Metal Only) CP 2 CP 3 CP 4 CP 5 W W W W W W W W W W W W Failure Domain 1 Failure Domain 2 CP 1 • Active-active deployments across two locations • Designed for traditional applications like OpenShift Virtualization VMs • Enhances resiliency with 2+2 or 3+2 configurations • Supported on bare metal platform only Product Manager: Ramon Acedo Rodriguez
Oversubscription for workload density • Memory hotplug for non-disruptive scale-up of VM performance • GPU workload on hosted clusters. (Tech Preview) • Live Migration optimizations for busy workloads Improved infrastructure optimization • Automatic VM workload balancing with descheduler • Native EBS storage support for Virtual machines • Easily deploy disconnected hosted clusters • VM storage live migration between storage classes (Tech Preview) Simplified VM Management • Virtualization Admin focused view • MTV 2.7 preserves static IPs and drive letters for warm migration 14 OpenShift Virtualization highlights Modernize your operations with comprehensive lifecycle and infrastructure management Product Manager: Peter Lauterbach Virtual Memory Physical Memory Workload Workload Workload
a glance Filter and find VMs and clusters quickly Multicluster Virtual Machine Observability with RHACM 15 ▸ Comprehensive set of dashboards addressing important use cases ▸ Flexible Single VM/Single-Cluster view versus Multi VM/MultiCluster view ▸ Based on a rich set of metrics to retrieve valuable status of individual VM’s and inventories Product Manager: Peter Lauterbach (speaking on behalf of Christian Stark)
Preview) Manages configuration and trustee components lifecycle 16 ▸ Based on the community Trustee project ▸ Tech Preview on Azure and IBM Z ▸ Provides attestation services together with OpenShift sandboxed containers ・ Provides attestation services for confidential containers workloads ・ Attestation to retrieve container image signing or decryption keys ・ Attestation for releasing application secrets ▸ Must be deployed in trusted environment with TEE (e.g. Intel TDX or AMD SEV-SNP) Product Manager: Jochen Schroder See also Exploring the OpenShift confidential containers solution blog
Product Manager: Adel Zaalouk Enhanced Reliability Backup & restore for the entire hosted cluster artifacts with OpenShift APIs for Data Protection (OADP) Optimize your deployments cost and time savings but do it responsibly at the same time. Platform Improvements Improvements in disconnected installs with HCP • Fixing certificate issues with image streams • Respecting registry overrides for HCP/NP OpenShift Virtualization provider NVIDIA GPU (Tech Preview) • Run AI workloads on the OpenShift Virtualization Provider Hosted Cluster Workers Multi-architecture configurations • Arm control-plane with x86 data-plane on AWS • x86 control-plane with Arm data-plane on AWS (Self-Managed) • x86 control-plane with Z data-plane • x86 control-plane with Power data-plane Single Pane of Glass to Manage the Fleet of Hosted Clusters Discover multicluster engine operator hosted clusters in Red Hat Advanced Cluster Management Importing Hosted Clusters from other management clusters managed by Advanced Cluster Management (ACM) and Multi-Cluster Engine (MCE)
showing important observability information across clusters. FIND: Virtual machines easily with enhanced search capabilities (Dev Preview). DO: Stop, start, restart, and pause VMs directly from ACM (Tech Preview). ACM 2.12 - Support for OpenShift virtualization Product Managers: August Simonelli (speaking on behalf of Scott Berens, Christian Stark, Bradd Weidenbenner, Sho Weimer) Red Hat Advanced Cluster Management for Kubernetes Gain powerful insights and deeper control of your OpenShift virtualization environments
and management 20 Red Hat Advanced Cluster Management for Kubernetes Governance, observability, and management Product Managers: August Simonelli (speaking on behalf of Scott Berens, Christian Stark, Bradd Weidenbenner, Sho Weimer) Governance at scale Enhanced OpenShift GitOps (ArgoCD) integrations Improved usability & user experience for policies Gatekeeper updated to 3.17 Standalone Thanos operator Multicluster Observability Addon (MCOA) (Dev preview) Grafana updated to 11.5.1 Customize policy output messages Export ACM and MCE tables as CSV Continued enhancements for ROSA and managed cloud offerings Observability at scale Advanced management
Additional profiles to comply with PCI-DSS 4.0.0 Ensure your business meets the latest security standards, protects sensitive payment data, and avoids costly breaches with PCI-DSS 4.0 compliance. Product Manager: Anjali Telang Updated DISA STIG V2R1 Strengthens an organization's security posture while promoting consistency, regulatory compliance, and effective risk management.
Highlights ▸ Policy as Code via Argo CD ▸ Support for ARM in Secured Clusters ▸ Integration with MS Sentinel Notifier ▸ External IP information [TP] ▸ Support for PCI-DSS 4.0.0 on OpenShift ▸ Download Compliance Reporting ▸ Adopt Red Hat CSAF/VEX ▸ CVE Scoring: NVD + RH ▸ Scanner V4 Node Scanning ▸ Integration ServiceNow Vulnerability Response Compliance Vulnerability Management Platform Product Manager: Anjali Telang
service is certified across key global standards ensuring top-tier security, compliance, and data protection for your business. - ISO/IEC 27001:2022 - ISO/IEC 27017:2015 - ISO/IEC 27018:2019 - PCI DSS 4.0 - SOC 2 Type 2 / SOC 3 23 Red Hat Advanced Cluster Security for Kubernetes Product Manager: Anjali Telang
Auto-Pruning Rules: Users can create multiple rules per policy allowing more specific auto-pruning rules based on tag patterns. The feature includes support for regular expressions, enabling users to include or exclude specific image tags according to their organizational needs. Keyless Authentication Secure Access with Short-Lived Tokens: Users can securely access Quay using short-lived, regularly rotated tokens, reducing the risk of credential theft while simplifying the authentication process. (This Release: just an API endpoint on Quay - Future Release: Will add functionality on OpenShift) Certificate-based Postgres Authentication Enhanced Database Security: Quay authenticates to PostgreSQL, enhancing database security and aligning with customer security policies. 24 Red Hat Quay Enhanced Security, Authentication, and Automation Red Hat Quay 3.13 Product Manager: Quiana Berry
▸ OpenTelemetry collector dashboards ▸ OTLP Logs are now native to OpenShift ▸ Certificate rotation ▸ New components: Metrics transform processor, Group by attributes processor, Routing connector and Prometheus Remote Write exporter. Product Manager: Jamie Parker (on behalf of Jose Gomez-Selles) Read more at: https://t.co/FoHfJ9D4BX ▸ Gantt chart: Observing your requests with context, including a side panel for granular information ▸ Configure temporary access to AWS S3 with AWS STS ▸ TLS is streamlined in OpenShift via service annotation when gateway/multi tenant is disabled Red Hat build of OpenTelemetry Distributed tracing
▸ Cluster Observability Operator 0.4.0 released as Technology Preview ▸ Observability Signal Correlation for Red Hat OpenShift ▸ Enhancements: ・ Focus functionality ・ Show Query & additional experimental features ▸ Troubleshooting panel ・ Triggered from the application launcher menu of the OCP web console Product Manager: Jamie Parker (on behalf of Vanessa Martini) Read more here
▸ Cluster Logging Operator can forward logs via OTLP to our internal Loki Log Storage, or forward logs off cluster to an external OTLP endpoint ▸ Loki Log Storage can store and view logs sent to it over OTLP from two sources ・ Cluster Logging Operator ・ Red Hat Build of OpenTelemetry ▸ Logs sent to Loki over OTLP can be viewed in the OpenShift Observability UI Featuring End to End OTLP Support
OCP (Developer Preview) Get to RCA faster with alert based incident detection. Directly in OCP Web Console! Visit our blog post for more detail! Red Hat Insights Product Manager: Tomas Dosek https://console.redhat.com/openshift/insights
Happiness” ▸ ODC-7589: Show Developer Console warnings if the PodDisruptionBudget limit is reached ▸ ODC-7590: Gitea support when using Import from Git in Developer Console ▸ ODC-7388: Let user modify timeout before running pipeline ▸ CONSOLE-4140: Simplified view of MachineConfig configuration files on details page ▸ CONSOLE-3792: Add ability to customize create project modal using dynamic plugins Product Manager: Ali Mobrem
▸ Checkout the new Plugin project references section ▸ New i18N section to help you with adding translations ▸ Heads Up: PF6 Support coming in 4.19 ▸ Reminder: Shared Modules Section & Deprecation Notices ・ Deprecation of PF4 & ReactRouter5 Product Manager: Ali Mobrem Read more at: github.com/openshift/console/.../console-dynamic-plugin-sdk Dynamic Plugin Framework Docs have been Enhanced… Don’t forget to upgrade Dynamic Plugins are the best way to build native experiences directly into the OCP console
and Cloud Developer Environment ▸ Support for creating deployments using a BuildConfig ▸ Configure Helm Chart installation with a build image within IDE ▸ Add Kubernetes Resource Link Provider workflow ▸ Support for the devfile for .NET 9 ▸ Install RHDH using Helm chart from the extension ▸ Support OpenShift Serverless Function with func cli 1.51.1 Quarkus Tools & EAP for VS Code and IntelliJ OpenShift Toolkit for VS Code and IntelliJ ▸ NEW Language Server Protocol Plugin for IntelliJ ▸ LSP4IJ is a free and open-source Language Server protocol (LSP) client compatible with all flavours of IntelliJ ▸ Available on JetBrains Marketplace and user guide is on GitHub ▸ JBoss EAP 8.x support in VS Code and IntelliJ ▸ NEW Quarkus Plugin for IntelliJ ▸ Support for @Startup healthcheck diagnostic ▸ Support @route from vertx to display codelens URL ▸ Full Support for Java 22 in VS Code extension Language Server Protocol Plugin TMM: Markus Eisele (on behalf of Mohit Suman) 35
is now available Red Hat OpenShift Dev Spaces 3.16 is based on Eclipse Che 7.90 Starting from this release, it is possible to configure the container image, temporary storage, memory and CPU limits when starting a CDE using the "Import from Git" flow. With the fuse-overlayfs storage driver, you can enable faster builds and more optimized storage usage for podman build and buildah within your Red Hat OpenShift Dev Spaces cloud development environment (CDE). When you start a CDE from a URL, you are asked if you trust the authors of the repository since creating a workspace from unknown or untrusted sources could be dangerous. Advanced “Import from Git” flow Warning users that creating a CDE from an unknown source could be dangerous Enabling fuse-overlayfs for all workspaces Starting from this release, podman login is performed automatically during workspace startup for all container registries configured in the User Preferences. Automatic 'podman login' into external container registries TMM: Markus Eisele (on behalf of Mohit Suman) 36
🆕 Bulk import plug-in (Git org & repo into Catalog) 🆕 Migration Toolkit for Application plug-in 🆕 Software template to create a new Frontend plug-in 🆕 Software template to create a new Backend plug-in 💡 Visualize your VMs from the Topology plug-in 💡 Software Template library 37 Red Hat Developer Hub Setting Development Teams up for success! Red Hat Developer Hub - IDP for OpenShift Platform RHDH 1.3 Core 🆕 Support for external Redis cache 🆕 OpenShift Dedicated is fully supported 🆕 Import custom Theme through dynamic plug-ins 🆕 Dynamic plug-ins developer guide 💡 Manage sidebar navigation items through dynamic plug-ins 💡 Add any plug-ins to the Home page TMM: Markus Eisele (on behalf of Christophe Fargette)
GPU support for Podman AI Lab 38 4.7k ! TMM: Markus Eisele (on behalf of Stevan LeMeur) ▸ Manage your remote Podman machines all within the UI. ▸ MacOS & Windows GPU support ▸ Light mode out of experimental ▸ OpenShift Local extension has been improved ▸ More Kubernetes Objects are supported.
Red Hat Developer Hub ▸ Security improvements • Auto generated TLS certificates for development • Easier configuration ▸ Front end development improvement • WebBundler (NPM integration) • HTMX support • WebComponents ▸ Java Flight Recorder extension for monitoring containerized Java app stats on OpenShift with Cryostat Red Hat build of Quarkus What’s New in 3.15 (late Oct) PMM: Jeff Beck Cryostat Automated Analysis Report Cryostat Grafana dashboard
7.1 ▸ Support for .NET analysis (Dev Preview), including rules for the .NET Framework to .NET migration path. ▸ Automatic language and technology discovery for applications to speed up association with Archetypes. ▸ Gradle support (Tech Preview) for Java applications analysis. ▸ Analysis insights (Tech Preview) that provide pointers on where and how certain technologies are being used by applications. ▸ Task Management to include precise information about what is queued for execution in the MTA UI, allowing users to preempt tasks to prioritize according to their needs at every moment. PMM: Jeff Beck
Now available: OpenShift Service Mesh 3.0 Technology Preview: ▸ Based on the latest Istio and Kiali releases: ▪ Istio 1.23 and Kiali 1.89 ▸ Managed by a new operator based on community Istio - the “Sail Operator” ▸ New standalone service mesh documentation ▸ New included features: ▪ Istio’s multi-cluster topologies ▪ Canary control plane upgrades ▪ Istioctl command line utility Look for it in Operator Hub on OCP 4.14+! Product Manager: Jamie Longmuir
GitOps 1.14 release, includes Argo CD 2.12 and Argo Rollouts 1.7 ▸ Multi-source applications in Argo CD Dashboard with rollback ▸ Consistent sharding algorithm to assign clusters to shards ▸ Reduced cluster reshuffling on sharding config changes ▸ Project-scoped repository credentials ▸ RFE-3590 Application labels on Kubernetes events ▸ RFE-3882 GPG signature verification of Git commits in ApplicationSets ▸ RFE-5210 Sidecar support in Argo CD server and controller Product Manager: Siamak Sadeghianfar (on behalf of Harriet Lawrence)
Koustav Saha ▸ OpenShift Pipelines 1.16 release planned ▸ StepActions (General Availability) ▸ Reusable and scriptable unit of work that is performed by a Step ▸ Support in Red Hat Tekton Catalog ▸ Tekton Chains enhancements ▸ Support for rotation of MongoDB URI and Hashicorp Vault token ▸ Specify list of namespaces where users intend chains to run ▸ Larger Task results via Sidecar logs ▸ Tekton Results enhancements (Technology Preview) ▸ Support for Openshift Logging and Loki for pipelinerun logs ▸ Log retention policy support ▸ Console improvements ▸ Filter to fetch pipeline details from cluster and tekton results ▸ Support for timeout in start pipeline modal
Supported Providers Installation Experiences Automated Full Control Interactive – Connected - Auto-provisions infrastructure - *KS like - Enables self-service - Bring your own hosts - You choose infrastructure automation - Full flexibility - Integrate ISV solutions - Hosted web-based guided experience - Agnostic, bare metal, vSphere and Nutanix - ISO driven - Restricted network (disconnected / air -gapped) - Automatable installations via CLI - Bare metal, vSphere, SNO - ISO driven Installer Provisioned Infrastructure User Provisioned Infrastructure Assisted Installer Agent-based Installer Local – Disconnected Azure Stack Hub Bare Metal IBM Power Systems Product Manager(s): Marcos Entenza (AWS, Azure, GCP, IBM Cloud, Oracle Cloud), Ju Lim (Alibaba), Ramon Acedo (BM, Nutanix, VMware), Peter Lauterbach (OCP Virtualization), Gil Rosenberg (OpenStack), Duncan Hardie (IBM Z & Power), Adel Zaalouk (HCP) 49 Outposts Wavelength Local Zones (Tech Preview)
Subin Modeel ▸ Existing AWS IAM instance profiles for OpenShift in AWS installations ▸ AWS EFS CSI usage metrics ▸ AWS Placement Group Partition Number support ▸ Precreate Service Accounts in GCP ▸ GCP Private Service Connect support ▸ GCP Workload Identity Management for OLM operators ▸ Custom tags for OpenShift on GCP (GA) ▸ Azure Reserved Capacity via Machine API ▸ Ensure CSI Stack is running on management clusters with hosted control planes on Azure ▸ Central region (spain central) added Installation Highlights for Cloud Providers Cloud
53 On-premises ▸ Simplify add nodes on day 2 with Agent-based Installer (GA) ▸ Publish Redfish supported features for partners ▸ Create Nutanix worker VMs with GPUs ▸ Create Nutanix VMs with multiple disks ▸ Support for Nutanix Flow Virtual Networking on Prism Central ▸ Support for Multi-vCenter without shared storage (Technology Preview) ▸ Simplify add nodes on day 2 with Agent-based Installer (GA) ▸ CPU Manager on IBM Z ▸ Scheduler Plugins for IBM Power and IBM Z (Feature Parity) ▸ NVMe devices on IBM Z systems with z/VM ▸ Compliance Operator - DISA-STIG Profile for IBM Power and IBM Z ▸ cluster-etcd-operator support for slower hardware condition ▸ Exploitation of hardware based root volume LUKS encryption (IBM Z) ▸ Parity for Secondary Scheduler Operator (IBM Z and IBM Power) Bare Metal IBM Power Systems and IBM LinuxONE Product Managers: Ramon Acedo Rodriguez, Duncan Hardie ▸ Multi-architecture Tuning Operator (GA) ▸ Install multi-arch configured clusters (x86 & Arm) on AWS and GCP ▸ Hosted control plane support of x86 control plane with either IBM Power or IBM Z nodepools Multi- Arch
Cluster Generally Available Product Manager: Ramon Acedo Rodriguez Add Nodes to Any Cluster Any cluster, regardless of the installation method used. Simplified User Experience Create and boot an ISO image, that’s it. Multi-platform • Bare metal • vSphere • None • Oracle Cloud Infrastructure Fail fast Validates the host(s) you are adding to detect common configuration problems More information in the documentation Adding a Single Node Using Command Flags 1. Run oc adm node-image create --mac-address=<mac_address>. 2. Boot the node with the generated ISO image. 3. Track progress with oc adm node-image monitor <ip_address>. 4. Approve CSRs with oc adm certificate approve <csr_name>. Adding One or More Nodes Using a Configuration File 1. Create a nodes-config.yaml file with configurations for the nodes. 2. Run oc adm node-image create nodes-config.yaml. 3. Boot the nodes with the generated ISO image. 4. Track progress with oc adm node-image monitor <ip_addresses>. 5. Approve CSRs with oc adm certificate approve <csr_name>.
Jamie Parker (on behalf of Gil Rosenberg) ▸ Exposing shift On stack metrics to the RHOSO-OCP cluster ◦ Utilizes the build in monitoring capability in RHOSO (Openstack 18) ◦ Centralized matrics collection for multiple ShiftOnStack clusters ◦ 1st step in enabling metrics correlation ▸ Using RootVolumnes to support master nodes ◦ Access to Low latency SSD/NVMe on the nova compute nodes ◦ Improve stability for large / high churn clusters * As measured in Red Hat labs, April 2024
Control Planes/OpenShift Virtualization Deployments and EUS Upgrades OpenShift oc-mirror Hosted Control Planes/OpenShift Virtualization Support oc-mirror v2 (Tech Preview) expands image coverage for Hosted Control Planes/OpenShift Virtualization deployments EUS Upgrade Guidance oc-mirror v1/v2 (Tech Preview) improve version gap detection and warnings for EUS upgrades Product Manager: Ramon Acedo Rodriguez, Tony Wu ➔ Expanded image coverage: oc-mirror v2 processes images referenced in release-manifests/0000_50_installer_coreos-bootimages.yaml in addition to those listed in release-manifests/image-references. ➔ Enhanced support for RHCOS image: This change directly benefits Hosted Control Planes/OpenShift Virtualization, making it easier to deploy hosted clusters in disconnected environments. ➔ Improved flexibility: By mirroring the RHCOS image, oc-mirror v2 offers greater flexibility and adaptability for various deployment scenarios. ➔ Improved detection to version gaps: oc-mirror now identifies when the difference between minVersion and maxVersion exceeds one minor version, e.g., 4.14 to 4.16. ➔ Improved user experience: Provides clear guidance with warnings to include intermediate versions (e.g., 4.15) in their mirrored channels to prevent upgrade failures. ➔ Reduced support burden: Directs users to the Cincinnati graph lab app for available versions in the updated documentation. ⏯ Watch our demo videos to learn more about oc-mirror v2 (Tech Preview)
certificates when cluster resumes from hibernation, snapshots or a restored from a backup When a new signer certificate is close to its expiration date an automatic rotation of the signer certificate activates. Automatic Certificate Rotations Automatic Control Plane Recovery from Expired Certificates Certificate Rotation Improvements Product Manager: Ramon Acedo Rodriguez
reboot To Improve Corruption Protection and Reboot Efficiency • Faster Node Recovery: By detecting and wiping only corrupted layers instead of all images, this feature significantly reduces the time required to reboot nodes after unexpected power failures or crashes. This is particularly valuable in telco edge locations, where minimizing downtime is critical for maintaining service availability. • Improved Resource Efficiency: Cleaning up only corrupted layers reduces the demand for bandwidth and storage, as fewer images need to be repulled. This is especially beneficial in edge environments where network connectivity might be limited, and external registries may not be readily accessible. Product Manager: Gaurav Singh 59
Product Managers: Marc Curry, Deepthi Dharwar Software Defined Networking Upgrades and Support • HAProxy upgraded to v2.8 minor version • ALBO controller to v2.8 • CoreDNS to v1.11.3 • Support for kubernetes-nmstate on Azure eBPF Manager [Tech Preview] • The eBPF Manager (upstream: bpfman) is available as a technology preview to deploy and manage eBPF programs across the cluster including OpenShift components. This Operator works in tandem with the Ingress Node Firewall Operator. OVN Observability with Sampling Tech Preview • Ability to correlate network flows with network policies ◦ What Policy allowed that flow ? ◦ What flows got dropped ? ◦ Global statistics on Dropped and accepted traffic Reminder: openshift-sdn CNI plug-in Deprecated • No longer available in 4.17 • No new installs at 4.15+ • Upgrades allowed to 4.16 • Limited live migration and cold migration options Operator updates eBPF 61
Managers: Marc Curry, Deepthi Dharwar Network Observability Operator • New release: v1.7 • OCP Virtualization support • FIPS compliance • Disconnected cluster support • Open Telemetry support • TCP Flags Filtering Capabilities • Developer view with multi tenancy • Enrichment in Packet capture via on-demand observability (Tech Preview) • DNS tacking enhancements 62
Operators with the OpenShift Web Console Post-Installation Visibility: Clear representation of deprecated operators, channels, or versions within installed packages. 64 Pre-Installation warnings: Visual indicators in the console UI alert users to deprecated packages, channels, or versions. Operator Framework Product Manager: Tony Wu, Ali Mobrem Support Boundary Guidance: Recommendations on alternative packages, channels, or versions to maintain support.
OLM v1 Tech Preview - Phase 4 Next-generation OLM is getting closer to prime time with a safe, secure, and declarative experience. Avoid conflicts by ensuring only one ”ClusterExtension” API object manages specific resources. Operator Framework Enhance security with dedicated ServiceAccounts for installing and upgrading content, and protect catalog data using HTTPS encryption for catalogd webserver responses. Prevent data loss by detecting CustomResourceDefinition (CRD) schema changes. Clear Ownership Tightened Security Safe CRD Upgrades OLM v1 embeds Helm, enabling future native support for Helm chart-packaged content. Laying the Groundwork for Helm Chart Support
Lim (speaking on behalf of Gregory Charot) CSI Operators Operator Migration Driver AWS EBS GA GA AWS EFS n/a GA Azure Disk GA GA Azure File GA GA Azure Stack Hub n/a GA GCE Disk GA GA GCP Filestore n/a GA IBM Cloud n/a GA RH-OSP Cinder GA GA RH-OSP Manila n/a GA vSphere GA GA SecretStore n/a TP SMB/CIFS n/a TP Operators & Drivers • vSphere ◦ Support for multi vCenters (Tech Preview) ◦ Remove CSI driver & silence VPO alerts • AWS EFS ◦ CSI Usage Metric (opt-in) • Azure File ◦ Snapshot support (Tech Preview) • GCP Filestore ◦ Clean up resources after cluster deletion Misc • SELinux Mount for RWO/RWX (Dev Preview) … 67
of the box support Block, File, Object, NFS Platforms AWS/Azure Google Cloud (GA) OpenShift Virtualization OSP (Tech Preview) Bare metal/IBM Z/Power VMWare 7,8 Thin/Thick IPI/UPI ARO (GA), ROSA HCP (GA*) with Self managed ODF IBM ROKS & Satellite - Managed ODF (GA) Any platform using agnostic deployment mode for self managed OpenShift deployments. Deployment modes Disconnected environment and Proxied environments 68 Product Manager: Ju Lim (speaking on behalf of Eran Tamir) ▸ Replica 2 for Block and FileSystem (RBD and CephFS) ▸ Capacity usage trend information ▸ Key rotation support for PV encryption ▸ Azure Key Vault support (GA) ▸ Object • Enhanced replication mechanism • Support for account replication across clusters • Support for client Security Token Service
Accelerate RAN vDU Installations on Single Node OpenShift Goals: • Reduce the time it takes to finish new installations of DU-configured OpenShift deployments by utilizing existing Telecom pre-staging facilities What we plan to do: • Replace existing installation procedure with an image-based installation procedure STEP 1 A seed-image generated from DU-configured Single Node OpenShift installation STEP 2 The seed-image is then installed to any number of Far Edge servers STEP 3 A Far Edge server is shipped to Far Edge site STEP 4 Image Based Install Operator and Lifecycle Agent Operator orchestrate site-specific configuration for the SNO STEP 5 Instantiate CNF Steps to install a DU-configured Single Node OpenShift using Image Based Install (IBI) Product Manager: Hari Rakotoranto (on behalf of Robert Love)
MicroShift Red Hat Device Edge with MicroShift is a Kubernetes distribution derived from OpenShift designed for small form factor devices and edge computing. Product Manager: Daniel Fröhlich IPv6 support • ingress/egress/pod2pod via IPv6 • Single-Stack, Dual-Stack • Enables usage scenarios that require IPv6 due to lack of IPv4 addresses Support for low latency workload • Isolate cores for low latency workload pods • Use workload partitioning to pin the control plane to reserved cores to avoid jitter • Optionally use the realtime kernel • Max latencies ≪50 µsec can be achieved • Enables latency sensitive workload like live audio transcoding, software defined radios and similar. Tech Preview support for RHEL image mode • Use container tooling to build an OCI image that includes the Operating System and MicroShift • Use bootc to install those OCI images onto a system. • Simplify CI/CD by leveraging same tools for workload and the operating system (e.g. an OCI container registry) Resource usage optimisation • LVM Storage footprint reduction (less containers, less RAM) • Deactivate CSI components if not needed 71
What’s Next session for Red Hat AI tentatively planned for 5 November 2024 • Plan to cover both RHEL AI and RHOAI in this session • Will cover near-term roadmaps and highlights of recently added features • Moving forward, plan to hold these sessions once per quarter What’s New and What’s Next for OpenShift AI Product Manager: Siamak Sadeghianfar (on behalf of Jeff DeMoss)
of new features on a real cluster learn.openshift.com OpenShift info, documentation and more try.openshift.com OpenShift Commons: where users, partners, and contributors come together commons.openshift.org
redhatlivestreaming
rocio
gr2m
morganepeng
jakevdp
jcasabona
kneath
chriscoyier
swwweet
philhawksworth
lauravandoore
stephaniewalter
quramy
