What's New in OpenShift 4.18

Transcript

1. V0000000 Jan 27, 2025 What’s New in Red Hat OpenShift

   4.18 OpenShift Product Management red.ht/whatsnew 1

2. What's New in OpenShift 4.18 2 Kubernetes & Cluster Services

   Install | Over-the-air updates | Networking | Ingress | Storage | Monitoring | Log forwarding | Registry | Authorization | Containers | VMs | Operators | Helm Linux (container host operating system) Physical Virtual Private cloud Public cloud Edge Integrated DevOps Services Service Mesh | Serverless | Builds | Pipelines | GitOps |Tracing | Log Management | Cost Management | Migration Tools Advanced Management & Security Multicluster Management | Cluster Security| Global Registry | Cluster Data Management Red Hat OpenShift on IBM Cloud Red Hat OpenShift Service on AWS Azure Red Hat OpenShift OpenShift Dedicated Self-Managed Platforms OpenShift Cloud Services Red Hat open hybrid cloud platform

3. What's New in OpenShift 4.18 Podman and Podman Desktop approved

   as CNCF Sandbox Projects! 🎉🎉🎉🎉 ▸ Voting finished (link, link) ▸ Original announcement blog (Podman Desktop) ▸ Original announcement blog (Podman, Buildah, and Skopeo) “While the CNCF currently hosts many projects that support developer pipelines and packaging, it does not yet have a complete set of user tools for container building and manipulation. Podman and its subprojects, already utilized by several existing CNCF projects, fills this gap. Together with Podman Desktop, this gives the CNCF a more complete stack of developer tools for container application development.” https://podman-desktop.io/

4. What's New in OpenShift 4.18 Kubernetes 1.31 4 Product Manager:

   Nick Png CRI-O 1.31 Kubernetes 1.31 OpenShift 4.18 Notable Beta Features ▸ Always honor PersistentVolume Reclaim Policies ▸ nftables backend for kube-proxy ▸ Multiple Service CIDRs ▸ Traffic distribution for Services ▸ Kubernetes VolumeAttributesClass ModifyVolume “Elli” Notable Stable Features ▸ Improved Ingress Connectivity Reliability for kube-proxy ▸ Unhealthy Pod eviction policy for PodDisruptionBudget ▸ Random Pod selection on ReplicaSet downscaling ▸ Persistent Volume last phase transition time ▸ Elastic Indexed Jobs

5. What's New in OpenShift 4.18 Notable Top RFEs and Components

   5 Top Requests for Enhancement (RFEs) ▸ Support for Server Message Block CSI driver via Operator - RFE-512 ▸ User Defined Networks for OpenShift Virtualization - RFE-6390 ▸ Support custom IPv4 subnets on OVN for BYO VPC deployments - RFE-3981 ▸ OpenShift on Baremetal and OpenShift Virtualization on GCP - RFE-5176 ▸ OpenShift on Baremetal and OpenShift Virtualization on Oracle Cloud - RFE-3635 ▸ Allow disabling over-provisioning in LVMS as day 2 operation - RFE-5490 Product Manager: Nick Png

6. What's New in OpenShift 4.18 6 OpenShift 4.18 Spotlight Features

7. What's New in OpenShift 4.18 Red Hat OpenShift 4.18 Highlights

   Core • Enhanced User Defined Networks including BGP for UDN • Operator Lifecycle Management v1 • oc-mirror v2 with Helm charts and proxy support • OpenShift on bare metal in Google Cloud Platform (GA) • OpenShift on Oracle Cloud: bare metal shapes on OCI (GA), Oracle Cloud@Customer and Oracle Private Cloud Appliance Virtualization • OpenShift Virtualization Engine • VM friendly networking with User Defined Networks • VM storage migration (GA) • OpenShift Virtualization in Google Cloud Platform (TP) • OpenShift Virtualization in Oracle Cloud Infrastructure (TP) Security • Secret Store CSI Driver (GA) • Streamline secrets handling with Secret Store CSI Driver in OpenShift GitOps and OpenShift Pipelines workflows • Secure OpenShift Service Mesh secrets with cert-manager (TP) • Automated certificate recovery after cluster hibernation Red Hat red.ht/whatsnew GA: Generally Available TP: Technology Preview VM: virtual machines

8. What's New in OpenShift 4.18 Native Network Isolation for Namespaces

   8 A better solution for the monolithic layer 3 Kubernetes pod network Product Managers: Marc Curry, Deepthi Dharwar ▸ User Defined Network (UDN) support in OVN-Kubernetes ▸ A default network for OVN-Kubernetes components + VRF support for additional isolated-by-default UDNs ▸ One or more namespaces in each UDN (tenant) ▸ A namespace can be connected to different UDNs, each meant for a specific purpose ▸ Support for: ･ OpenShift Virtualization ･ static IP assignments for the life of VMs (for OCP Virt) ･ L2, L3 & localnet UDN topologies ･ overlapping pod IPs across UDNs ･ Kubernetes Network Policy ･ clusterIP services and external services ･ BGP (GAs in a 4.18.z, EVPN integration targeting 4.19) node-1 udn-network-2 udn-network-1 pod-1 172.16.0.2 pod-2 172.16.0.3 pod-1 10.10.0.2 pod-2 (VM) 10.10.0.3 node-2 udn-network-2 udn-network-1 pod-1 172.16.1.3 pod-2 172.16.1.4 pod-3 10.10.0.4 pod-4 (VM) 10.10.0.5 ovn_layer2_switch (10.10.0.0/16) 172.16.0.0/24 172.16.1.0/24 L3 topology ▸ Extend UDN into provider networks, so a VM can be directly referenced by its (static) L2 network address, rather than requiring NAT translation at the cluster edge ▸ Existing secondary networks (Multus) are not impacted

9. What's New in OpenShift 4.18 The next-gen Operator Lifecycle Manager

   → OLM v1 (Now Generally Available) Operator Framework 9 OLM v1: a streamlined, secure, and automated management experience Product Manager: Tony Wu Increased Reliability Continuous reconciliation and opt-in rollbacks, ensuring proactive issue resolution and improved reliability. Tightened Security User-provided ServiceAccounts for installing and upgrading content, improving the overall security posture. Enhanced Update Control Control over desired versions for updates, including optional automatic Z-stream updates for critical security patches. Simpler and Automated Management Consolidated API and declarative workflows for easier GitOps integration and zero-touch provisioning (ZTP), reducing human error. The classic OLM, OLM v0, remains fully supported throughout OpenShift 4's lifecycle.

10. What's New in OpenShift 4.18 ⏯ Watch demo videos to

    learn more about oc-mirror v2 (Now Generally Available) 10 Product Manager: Tony Wu oc-mirror v2: Supercharging Restricted Environments OpenShift oc-mirror Mirror Helm charts (including in enclaves) for simplified application management. Helm Chart Support Reduced mirroring times, bandwidth consumption, and improved efficiency. Faster Performance with Intelligent Caching Precisely manage image deletion in your mirror registry to optimize storage. Granular Image Deletion Support enclave environments, providing secure and isolated mirroring for most sensitive workloads. Enhanced Security Leverage existing proxies and pull-through caches in your infrastructure, optimizing efficiency. Proxy Support Enclave mirroring workflow: 10

11. What's New in OpenShift 4.18 Flexible Infrastructure • Native network

    isolation for VMs with User-defined primary network • Easier to configure VM networking for AWS and ROSA • Dynamically reconfigure VM storage with Storage Live Migration in production environments • Wider public cloud support (TP) ◦ Google Cloud Platform ◦ Oracle Cloud Infrastructure Improved infrastructure optimization • Automatic VM workload balancing based on actuals • Easier golden image provisions across multiple clusters Simplified VM Management • Virtualization Admin inventory tree view • Fast reliable migration MTV performance recommendations 11 OpenShift Virtualization Highlights Modernize your operations with comprehensive lifecycle and infrastructure management Product Manager: Peter Lauterbach

12. What's New in OpenShift 4.18 OpenShift Virtualization Engine OpenShift Virtualization

    Engine Opening the door to virtualization and modernization Run as many VMs as you need, maximizing the value of your hardware. Purchase RHEL subscriptions, virtualized OpenShift for container-based applications, or upgrade to other bare metal OpenShift editions if needed. 128 core bare metal scale Get bare metal scale with 128 cores per subscription - run more VMs on less hardware, optimizing your infrastructure efficiency. Unlimited VMs Optional Advanced Cluster Management for Virtualization Scale as big as you can; add Advanced Cluster Management for Virtualization to make management of thousands of nodes as easy as managing a single rack. Workload monitoring and platform logging Keep tabs on and track your environment with a preconfigured, preinstalled, and self-updating stack then stay in command with the included OpenShift GitOps operator to leverage Kubernetes-powered orchestration for VMs. Product Manager: Peter Lauterbach 12

13. What's New in OpenShift 4.18 Security Highlights for OpenShift 4.18

    Increased security for networking, secrets management, cluster stability 13 Product Manager: Nick Png Networking ▸ istio-csr integration between cert-manager and OpenShift Service Mesh (OSSM) - Technology Preview. ▸ Seamless ability to secure OSSM workload and control plane components. ▸ Supports BYO Issuer. Workload Secrets Cluster Stability ▸ General Availability of Secret Store CSI driver and operator. ▸ Highly secure, secrets mounted in ephemeral volume per workload, no data in etcd. ▸ e2e testing for Azure, GCP, and Vault provider plugins. ▸ OCP 4.18+ ▸ New Single-Node OpenShift clusters can be shutdown and recovered automatically. ▸ High Availability self-managed clusters in the cloud can be suspended for up to 90-days.

14. What's New in OpenShift 4.18 Intelligent OpenShift 14

15. What's New in OpenShift 4.18 ▸ OpenShift 4.18 knowledge OpenShift

    Lightspeed 0.3 incorporates OpenShift 4.18 product knowledge ▸ Arm support Deploy on Arm-based CPUs for greater flexibility ▸ Faster responses Experience faster answers with line-by-line live streaming from the LLM provider ▸ Designed for FIPS Meets FIPS security standards for secure deployments ▸ OpenShift Virtualization Virtual Machine page aware Imports YAML, logs, events, and alerts directly from VMs in OpenShift Virtualization ▸ Import YAML from OLS into OpenShift UI YAML editor Imports OpenShift Lightspeed generated YAML into the OpenShift Console YAML editor with one click Product Manager: Gaurav Singh Openshift Lightspeed v0.3 Technology Preview

16. What's New in OpenShift 4.18 ▸ Troubleshoot faster on OpenShift

    clusters Correlation of K8s resources & observability signals from multiple heterogeneous data stores ▸ Powered by Korrel8r (Extendable) rules define relationships between those signals ▸ Install the Cluster Observability Operator (COO) Deploy the operator to make use a dedicated Troubleshooting side-panel in the OpenShift web console ▸ New feature Support extended to distributed traces with the COO 1.0.0 release! Product Manager: Vanessa Martini Troubleshooting panel with (observability) signal correlation Enhanced Technology Preview

17. What's New in OpenShift 4.18 17 Product Manager: Erwan Gallen

    AI Accelerators ▸ AMD GPU Operator (GA) ▸ Support for AMD Instinct MI210 and MI300X ▸ Intel Gaudi 3 supported with the Intel Gaudi Base Operator ▸ NVIDIA GPU Operator support for the H200 NVL GPU ▸ OpenShift Virtualization with vGPU time-sliced for AI (GA) ▸ Oracle Cloud Infrastructure support for bare-metal compute shapes A100/H100 ▸ Grace Hopper GH200 NVL2 systems certified (HPE DL384 Gen12) ▸ Spyre AI Accelerator supported in OpenShift with the AIU Operator

18. What's New in OpenShift 4.18 Manage at Scale 18

19. What's New in OpenShift 4.18 Heterogeneous NodePools with Agent Support

    for heterogeneous NodePools via the Agent Platform including IBM’s Power/Z. E.g, Deploy an x86 Hosted control plane and to add at least one NodePool running with a ppc64le architecture. 19 Hosted Control Plane (Self-Managed) Deploy Hosted Clusters on OpenStack (Dev-Preview) Deploy Hosted Control Planes alongside Standalone Deploy up to 3 hosted clusters alongside standalone OpenShift control-plane nodes and save resources as you are scaling up to larger deployments. Host Tenancy Support exposed for AWS Node Pools Allows launching AWS EC2 instances into dedicated instances or dedicated hosts, providing enhanced tenant isolation and customization options. HCP now available on a new provider. Test Hosted Control Planes on OpenStack in dev-preview . I.e., spec.platform = openstack

20. What's New in OpenShift 4.18 20 SEE: Enhanced Observability with

    Right Sizing for OpenShift Virtualization dashboard (DP) red.ht/ACMRightSize Virtual Machines Operating System Details FIND: Virtual machines easily with enhanced search capabilities DO: Policy based backup of Virtual Machines ACM 2.13 - Support for OpenShift virtualization Product Managers: Bradd Weidenbenner (speaking on behalf of Scott Berens, Christian Stark, August Simonelli, Sho Weimer) Red Hat Advanced Cluster Management for Kubernetes Gain powerful insights and deeper control of your OpenShift virtualization environments

21. What's New in OpenShift 4.18 ▸ Kyverno and ValidatingAdmissionPolicy in

    Governance UI (Note: Red Hat support for Kyverno as a run-time policy engine is not being offered) ･ Automated discovery of Kyverno and Kubernetes ValidatingAdmissionPolicies deployed across the fleet. ･ View Kyverno resource audit violations, generated resources, image verification violations, and mutated objects. ▸ (TP) Tools for testing Open Cluster Management policies ･ Leverage the policytools CLI “dryrun” command to create automated tests for policies and integrate them into a CI pipeline for increased pre-deployment validation. ▸ Gatekeeper operator uplift to 3.18 ･ Alignment with latest version available in the upstream community. RHACM 2.13 - Policy-based Governance 21 What’s New in RHACM 2.13 - Policy-based Governance Red Hat Advanced Cluster Management for Kubernetes Product Managers: Bradd Weidenbenner (speaking on behalf of Scott Berens, Christian Stark, August Simonelli, Sho Weimer)

22. What's New in OpenShift 4.18 Cluster API Provider ･ CAPA

    implementation for ROSA HCP features (Technology Preview) ･ Auto import CAPI clusters to ACM (Developer Preview) Networking ･ Submariner Hosted Control Planes & BareMetal support RHACM 2.13 - Cluster Lifecycle 22 What’s New in RHACM 2.13 - Cluster Lifecycle and Multicluster Networking Red Hat Advanced Cluster Management for Kubernetes Product Managers: Bradd Weidenbenner (speaking on behalf of Scott Berens, Christian Stark, August Simonelli, Sho Weimer)

23. Red Hat Advanced Cluster Security for Kubernetes 23 ACS 4.7

    Highlights ▸ Auto-renewal of Internal certificates for Secured clusters ▸ Short-lived OIDC credential from Microsoft Entra ID for m2m auth ▸ Integration with Azure services using workload Identity ▸ SBOM Generation based on scanned container images (SBOM type Analyzed) (Tech Preview) ▸ Enriched Vulnerability Data with EPSS Score ▸ Integration with ServiceNow Container Vulnerability Response Application (April 2025) ▸ Integration with Red Hat Developer Hub (Tech Preview) Vulnerability Management Platform Product Manager: Anjali Telang **Note: Released UI may have some differences

24. Restricting access to ACS Console to authorized IP ranges -

    Enhanced Security: Lowers risk of unauthorized access and potential attacks. - Attack Surface Reduction: Limiting console access to a narrow range of known IPs - Improved Compliance: Ensures adherence to organizational or regulatory requirements that mandate restricted access to sensitive security management interfaces. 24 Red Hat Advanced Cluster Security for Kubernetes Product Manager: Anjali Telang

25. What's New in OpenShift 4.18 ML Model Storage Expansion Introducing

    basic artifact storage functionality for AI/ML models as a Tech Preview New UI - Road Towards Defaulting by adding: ▪ Proxy-Pull Cache UI ▪ OAuth API Token Management ▪ Quota UI ▪ SuperUser UI UX Upgrade: Intuitiveness Improved Tag Management: This feature provides users with the date and time a tag was last pulled, eliminating the need to manually extract this information from audit logs. Enhanced Notification Management: By allowing non-unique email addresses, we can simplify user experience and reduce manual intervention 25 Red Hat Quay ML Model Storage and UI/UX Upgrades Red Hat Quay 3.14 Product Manager: Quiana Berry Data Scientists ML engineers Discover & Inspect + Modeling & Testing Production Model Registry

26. What's New in OpenShift 4.18 Observability & Sustainability

27. What's New in OpenShift 4.18 27 Deploy it to benefit

    from observability signal correlation & additional analytics features - provided as part of UI features Exploring Observability Data with UI Plugins Making Use of Analytics Features Deploy it to make use of observability visualization capabilities: Dashboard UI Plugin, Troubleshooting UI Plugin, Distributed Tracing UI Plugin, Logging UI Plugin & Monitoring UI Plugin Creating Standalone Monitoring Stacks Deploy it to create standalone monitoring stacks - independent from the default in-cluster monitoring stack (CMO) Generally Available with the 1.0.0 Release Powered by Konflux Cluster Observability Operator Enhanced Technology Preview: observability signal correlation with troubleshooting panel in OCP web console - now supporting traces Developer Preview: Observe>Alerting UI in RHACM console / Multi-Cluster Alerting UI New New Product Managers: Roger Floren, Vanessa Martini Observability

28. What's New in OpenShift 4.18 28 Observability OpenShift Monitoring Product

    Manager: Roger Floren ▷ Allow user-defined monitoring administrators to define multi-namespace Prometheus alerts ▷ Improve Prometheus I/O pattern on shared storage ▷ Integrate AlertManager with common proxy settings ▷ Collect accelerator metrics ▷ Immediate config validation & feedback for Monitoring ▷ Custom metrics collection in must-gather ▷ Alert updates ◦ Minor improvements, more runbooks ▷ Monitoring stack components updated ◦ Alertmanager: 0.27.0 ◦ Prometheus Operator: 0.78.1 ◦ Prometheus: 2.55.1 ◦ kube-state-metrics: 2.13.0 ◦ node-exporter: 1.8.2 ◦ thanos: 0.36.1 New Features Improvements OpenShift 4.18

29. What's New in OpenShift 4.18 29 Observability Product Manager: Jamie

    Parker Logging 6.2 OpenShift Logging ▷ Cluster Logging Operator will have Short Term Token support for exporting logs to Google Cloud Platform via Workload Identity Federation ▷ Loki queries will be optimized for OpenTelemetry semantic conventions Log Collection Log Storage

30. What's New in OpenShift 4.18 30 Application Observability & Integrations

    ▷ Automated RBAC for OpenTelemetry components ▷ Export OpenShift Monitoring Metrics via OTLP • Kubestats • Hostmetrics Product Manager: Jamie Parker ▷ Fine Grained RBAC for stored Tracing data ▷ Support for IBM Cloud Object Storage in Tempo ▷ Tempo monolithic memory handling improvements Red Hat build of OpenTelemetry Distributed tracing Observability

31. What's New in OpenShift 4.18 31 Observability Currently - Power

    monitoring 0.3 - TP ≤ OCP 4.17 Upcoming - Power monitoring 0.4 (Feb 5th) - TP ≥ OCP 4.18 Power Monitoring ▷ Kepler 0.7.12 ･ Reduce overhead & performance improvements ･ Improved data accuracy on bare metal & updated machine learning model for estimator (estimating power data in env with no direct access to hardware) ▷ kepler-operator 0.15.0 ▷ Next: GPU support ▷ GA planned for April 2025 ▷ Powers sustainability research projects Improved performance & data accuracy Product Manager: Roger Floren

32. What's New in OpenShift 4.18 Console 32

33. What's New in OpenShift 4.18 33 Console Console: Content Security

    Policy (CSP) Product Manager: Ali Mobrem Read more at: https://github.com/openshift/console/blob/master/frontend/packages/console-dynamic-plugin-sdk/README.md#content-security-policy Content-Security-Policy (CSP) header provides a defense-in-depth measure in client-side security Console Dynamic Plugin Behind Feature Gate

34. What's New in OpenShift 4.18 34 Console Console Updates ▸

    New Quick Create from Masthead ･ Import YAML, Git, or Container Image ▸ Build your own AI ChatBot with our new Sample ･ Accessible via the Developer Catalog ･ Helm Based ･ Does Not Require GPU ▸ Colorize Tekton Pipeline Logs ･ Supports PipelineRun & TaskRun ▸ ClusterTask Deprectation ･ Removed in Pipelines Operator 1.17 ▸ LightSpeed Integration ･ Import YAML to Console Product Manager: Ali Mobrem

35. What's New in OpenShift 4.18 35 Console Console RFEs “Customer

    Happiness” ▸ RFE-4475 - Ability to hide Getting Started Card on Overview Page ･ Console-operator config: new field 'GettingStartedBanner' ▸ RFE-6131 - Start a Job from a CronJob ･ Start Job action from both List and Details pages for a CronJob Product Manager: Ali Mobrem

36. What's New in OpenShift 4.18 Developer Tools Update 36

37. What's New in OpenShift 4.18 OpenShift Developer Experience IDE Extensions

    and Cloud Developer Environment ▸ The extension activation is improved by bundling and removing unnecessary files ▸ Use SSO account to configure sandbox in one click ▸ The Helm UI Page is added with additional tag based filtering ▸ The selection of devfile version is added to the Devfile Registry editor Quarkus Tools & EAP for VS Code and IntelliJ - 1.20.0 OpenShift Toolkit for VS Code and IntelliJ - 1.17.0 ▸ (Still New :-)) Language Server Protocol Plugin for IntelliJ ▸ Available on JetBrains Marketplace and user guide is on GitHub ▸ Various bug fixes and improvements. ▸ Integration example demo for the curious ▸ Support for global namespace ▸ Support for multiple Qute template root ▸ Data model template matcher support. ▸ Roq DataMapping support ▸ Various performance enhancements in VS Code extension Language Server Protocol Plugin - 0.9.0 TMM: Markus Eisele 37

38. What's New in OpenShift 4.18 OpenShift Dev Spaces Version 3.17

    is now available Red Hat OpenShift Dev Spaces 3.17 is based on Eclipse Che 7.92 Starting from this release, you can specify the list of URLs based on which Cloud Development Environments (CDEs) can be initialized using the dedicated optional `allowedSources` property. With this release, you can deploy operands managed by the operator (dashboard, gateway, plugin-registry etc.) on the specific cluster nodes using the dedicated 'nodeSelector' and 'tolerations' properties You can restrict the total number of the 'Running' workspaces on a cluster using the `maxNumberOfRunningWorkspacesPerCluster` CheCluster CR property. Specifying the list of the allowed sources based on which CDEs can be started Restricting the total number of the 'Running' workspaces on a cluster Adding an option to deploy operands on specific cluster nodes With this release, you can provide endpoint annotations in the devfile. For example, the following devfile snippet will create an ingress or route with the annotation `foo: bar` on Cloud Development Environment (CDE) startup. Support devfile endpoint annotations 38 TMM: Markus Eisele

39. What's New in OpenShift 4.18 RHDH 1.4 Plug-ins and templates:

    🆕 Notification Plugin 🆕 Support for Open Telemetry 💡 Documentation on converting & installing Dynamic Plugins 💡 New AI Templates for OpenShift 💡 Example of AI Asset Tracking using the Software Catalog 39 Red Hat Developer Hub Setting Development Teams up for success! Red Hat Developer Hub - IDP for OpenShift Platform RHDH 1.4 Core 🆕 Add middleware functions to the RootHttpRouter 🆕 OpenShift Dedicated is fully supported 💡 Installation on GKE is now fully supported (joining AKS, EKS, OpenShift) 💡 Janus plugins have been moved to new homes on Backstage Community and Red Hat Developer GitHub Release Notes TMM: Markus Eisele

40. What's New in OpenShift 4.18 https://podman-desktop.io/blog/podman-desktop-release-1.15 Podman Desktop 1.15 and

    the BootC extension 1.6 40 5.1k ! ▸ Improved Feedback Form: Redesigned for seamless issue reporting to GitHub ▸ New Experimental Task Manager: A revamped task manager is now available for testing ▸ Enhanced Kubernetes Events: Added support for events on resources like Nodes, Services, and Pods ▸ SSH Access to Podman Machine: Directly connect to your Podman machine from Podman Desktop ▸ BootC: From a standard container image to a full bootable-on-a-usb-stick OS!

41. What's New in OpenShift 4.18 Runtimes 41

42. What's New in OpenShift 4.18 42 ▸ Improved integration with

    Red Hat Developer Hub ▸ Security improvements • Auto generated TLS certificates for development • Easier configuration ▸ Front end development improvement • WebBundler (NPM integration) • HTMX support • WebComponents ▸ Java Flight Recorder extension for monitoring containerized Java app stats on OpenShift with Cryostat Red Hat build of Quarkus What’s New in 3.15 PMM: Jeff Beck Cryostat Automated Analysis Report Cryostat Grafana dashboard

43. What's New in OpenShift 4.18 Red Hat Build of Keycloak

    What’s New Key Highlights of the new version: ▸ Multi-Organizations for a multi-tenancy concept for SaaS platforms, enabling support for B2B, B2C, and B2B2C use cases. ▸ Multi-Site HA active-active deployment support on AWS (see FAQ for more details) ▸ Persistent user sessions (or Durable Sessions across restarts) ▸ New Hostname options ▸ New Password hashing (Argon2) ▸ Java 21 support ▸ Improved Lifecycle Support Policies (see Notes) RH-SSO ELS-1 Availability (Jun 2025 - 2027) - more in KB Article RHBK 26.0 (GA: Nov 13th, 2024) ; RH-SSO ELS-1 ( 2 years) 43 PMM: Jeff Beck

44. What's New in OpenShift 4.18 Platform Services 44

45. What's New in OpenShift 4.18 45 OpenShift Service Mesh ▸

    OpenShift Service Mesh 3.0 General Availability: ▸ Based Istio 1.24 and Kiali 2.1 ▸ Managed by a new Istio operator based on community Istio - the “Sail Operator” ▸ New Service Mesh 3.0 documentation ▸ Supported migration paths from OpenShift Service Mesh 2.6 ▸ New included features: ▪ Istio’s multi-cluster topologies ▪ Canary control plane upgrades ▪ Istioctl command line utility ▸ “sidecar-less” ambient mode developer preview ▸ OpenShift Service Mesh 3.0 will be supported on OCP 4.14+. Product Manager: Jamie Longmuir

46. What's New in OpenShift 4.18 46 OpenShift GitOps ▸ OpenShift

    GitOps 1.15 release, includes Argo CD 2.13 and Argo Rollouts 1.7.2 ▸ Multi-source applications GA ▸ Argo Rollouts extension in the Argo CD dashboard ▸ Rollouts plugins enabled ▸ Decoupled control plane and app sync privileges ▸ RFE-5037 Secrets for custom TLS certificates ▸ RFE-3545 Config option for AppSet deletion prevention ▸ GITOPS-5382 Rollouts HA Product Manager: Harriet Lawrence

47. What's New in OpenShift 4.18 47 OpenShift Pipelines Product Manager:

    Siamak Sadeghianfar ▸ OpenShift Pipelines 1.17 ▸ Multiple auth configurations for Git resolver ▸ Additional fields in affinityAssistantPodTemplate for TaskRuns ▸ New Prometheus metrics ▸ Per namespace ▸ Per pipeline ▸ Per Git repository (pac)

48. What's New in OpenShift 4.18 OpenShift Serverless 48 Product Manager:

    Naina Singh ▸ Serverless 1.35 release based on Knative 1.15 ▸ Golang Functions are now GA ▸ Event Catalog for easy events discoverability in Dev Console ▸ Autoscaling of Knative Kafka Subscription using KEDA/CMA - TP ▸ Support for long running requests for RHAI/LLM use cases ▸ Serverless Logic ▸ Knative Eventing Workflow Events Management ▸ Workflow Monitoring Management for Prometheus

49. What's New in OpenShift 4.18 Builds for OpenShift ▸ Builds

    1.3 released ▸ Air-gapped and restricted network support ▸ Builds on Arm, IBM Power and IBM Z systems ▸ FIPS support ▸ Entitled builds with Shared Resource CSI Driver ▸ Console enhancements ▸ Build samples in YAML editor ▸ Form-based Build creation 49 Product Manager: Siamak Sadeghianfar

50. What's New in OpenShift 4.18 Installation & Updates 50

51. What's New in OpenShift 4.18 and IBM LinuxONE OpenShift 4.18

    Supported Providers Installation Experiences Automated Full Control Interactive – Connected - Auto-provisions infrastructure - *KS like - Enables self-service - Bring your own hosts - You choose infrastructure automation - Full flexibility - Integrate ISV solutions - Hosted web-based guided experience - Agnostic, bare metal, vSphere and Nutanix - ISO driven - Restricted network (disconnected / air -gapped) - Automatable installations via CLI - Bare metal, vSphere, SNO - ISO driven Installer Provisioned Infrastructure User Provisioned Infrastructure Assisted Installer Agent-based Installer Local – Disconnected Azure Stack Hub Bare Metal IBM Power Systems Product Managers: Marcos Entenza (AWS, Azure, GCP, IBM Cloud, Oracle Cloud), Ju Lim (Alibaba), Ramon Acedo (BM, Nutanix, VMware), Linh Nguyen (BM), Peter Lauterbach (OCP Virtualization), Gil Rosenberg (OpenStack), Duncan Hardie (IBM Z & Power), Adel Zaalouk (HCP) 51 Outposts Wavelength Local Zones (Tech Preview)

52. What's New in OpenShift 4.18 52 Product Managers: Marcos Entenza

    ▸ Custom IPv4 subnets on OVN for BYO VPC deployments ▸ Rotate keys on AWS (docs) ▸ BYO DNS for OpenShift on GCP (GA) ▸ GCP Workload Identity enablement for additional OLM operators ▸ OpenShift on c3-metal, C4/C4A, and N4 ▸ Rotate keys on GCP (docs) ▸ Microsoft Entra Workload ID enablement for additional OLM operators ▸ Cluster API Provider for Azure (TP) ▸ Rotate keys on Azure (docs) Installation Highlights for Cloud Providers Cloud

53. What's New in OpenShift 4.18 Installation Highlights for On-premises Providers

    53 On-premises ▸ Support additional NTP servers in install-config ▸ Bare Metal day 2 firmware settings reconfiguration and firmware updates (Technology Preview) ▸ Support multi-NIC in Nutanix ▸ Support for preloaded RHCOS image from Prism Central ▸ vSphere multi-NIC VM creation support in the IPI installer (Technology Preview) ▸ Support for Multi-vCenter without shared storage (GA) ▸ Add compute nodes as a day 2 operation using Agent Based Installer Bare Metal IBM Power Systems and IBM LinuxONE Product Managers: Ramon Acedo Rodriguez, Linh Nguyen, Duncan Hardie ▸ Automatically move your x86 control plane over to Arm Nodes on AWS ▸ Fine-tune how to distribute workloads that support multiple architectures in a mixarch cluster ▸ Multi-arch Tuning Operator validated on Hosted Control Planes Multi- Arch

54. What's New in OpenShift 4.18 Shift-On-Stack and RHOSO in 4.18

    54 Product Manager: Gil Rosenberg ▸ Openshift on Openstack Key Highlights ◦ Deploying Single Stack IPv6 clusters is now GA ◦ Hosted Control Plane support for openstack is now Dev Preview ▪ Host a Hub cluster in a “administrative” project ▪ Run multiple NodePools in different tenant projects ▸ Red Hat OpenStack Services on Openshift ( RHOSO) Feature Release 2 On 4.18 ◦ Support for L3 Distributed RHOSO control planes ▪ Leverages FRRK8s ▪ Support Spine leaf network topology ▪ Openstack dataplane AZ awareness ◦ Tech Preview of Multiple RHOSO deployments under namespace isolation ◦ Tech Preview of Dynamic workload scheduling via the Openstack Watcher Operator * As measured in Red Hat labs, April 2024

55. What's New in OpenShift 4.18 Find Recommended Update Paths via

    CLI Technology Preview 55 Product Manager: Subin Modeel ▸ Use oc adm upgrade recommend to narrow down your release version suggestions and recommend a new target release before you launch your update. ◦ read-only command and does not alter the state of your cluster. ▸ oc adm upgrade recommend --version To determine whether a specific version is recommended for your update, use E.g. oc adm upgrade recommend --version 4.12.51 $ export OC_ENABLE_CMD_UPGRADE_RECOMMEND=true $ oc adm upgrade recommend Channel: stable-4.13 (available channels: candidate-4.12, candidate-4.13, eus-4.12, eus-4.14, fast-4.12, fast-4.13, stable-4.12, stable-4.13) Updates to 4.13: Version: 4.13.50 Image: quay.io/openshift-release-dev/ocp-release@sha25 6:6afb11e1cac46fd26476ca134072937115256b9c6360f 7a1cd1812992c065f02 Reason: AdminAckRequired Message: Kubernetes 1.26 and therefore OpenShift 4.13 remove several APIs which require admin consideration. Please see the knowledge article https://access.redhat.com/articles/6958394 for details and instructions. Updates to 4.12: VERSION ISSUES 4.12.64 no known issues 4.12.63 no known issues And 43 older 4.12 updates you can see with '--show-outdated-releases' or '--version VERSION'. $ export OC_ENABLE_CMD_UPGRADE_RECOMMEND=true $ oc adm upgrade recommend --version 4.12.51 Channel: stable-4.13 (available channels: candidate-4.12, candidate-4.13, eus-4.12, eus-4.14, fast-4.12, fast-4.13, stable-4.12, stable-4.13) Update to 4.12.51 Recommended=False: Image: quay.io/openshift-release-dev/ocp-release@sha256:15 8ced797e49f6caf7862acccef58484be63b642fdd2f66e64162 95fa7958ab0 Release URL: https://access.redhat.com/errata/RHSA-2024:1052 Reason: MultipleReasons Message: An unintended reversion to the default kubelet nodeStatusReportFrequency can cause significant load on the control plane. https://issues.redhat.com/browse/MCO-1094 After rebooting into kernel-4.18.0-372.88.1.el8_6 or later, kernel nodes experience high load average and io_wait times. The nodes might fail to start or stop pods and probes may fail. Workload and host processes may become unresponsive and workload may be disrupted. https://issues.redhat.com/browse/COS-2705

56. What's New in OpenShift 4.18 Control Plane 56

57. What's New in OpenShift 4.18 57 Improvements for cluster shutdown

    and recovery, allowing restoration after up to 90 days,, simplifying operations, and eliminating complex manual recovery steps. Simplified Shutdown and Restore (hibernation) with Recovery from Expired Certificates Simplified Shutdown and Restore with Recovery from Expired Certificates Product Manager: Ramon Acedo Rodriguez

58. What's New in OpenShift 4.18 Automated Control Plane Recovery •

    Reduced Complexity Eliminates the need to follow a manual recovery process • Improved Efficiency Saves time and minimizes human error • Better Support Enhanced test & support of disaster recovery workflows Automate the recovery process from an etcd quorum loss scenario in OpenShift, automating the manual steps* required *https://docs.openshift.com/container-platform/4.17/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-2-restoring-cluster-state.html How it works 1. Admin initiates automation on a designated recovery host (e.g., via CLI) 2. Required inputs gathered (backup files, static pod configs, SSH access details) 3. Recovery steps executed 4. Control plane is restored and fully functional with standing nodes 5. Recovered nodes are added to the cluster Product Manager: Ramon Acedo Rodriguez 58

59. What's New in OpenShift 4.18 Re-validation of sigstore signed image

    at cluster & namespace level Technology Preview Once images are signed via sigstore and stored in an image registry, they are not re-verified when pulled to nodes. ▸ If these images are compromised after being signed and stored, there is no existing mechanism to re-verify their integrity during the pull process. ▸ This lack of re-verification presents a security risk, as compromised images could be deployed within the cluster or namespace without detection. What's New in 4.18 OpenShift administrators now can re-verify the integrity of images before pulling them from the image registry into the Openshift cluster or namespace. This ensures that images have not been compromised since their initial signing and storage, thus enhancing the security of the deployment process. Product Manager: Gaurav Singh 59

60. What's New in OpenShift 4.18 Crun is now default in

    Openshift 4.18 What's New in 4.18 is an open-source, lightweight, and fast container runtime written in C. It is an implementation of the Open Container Initiative (OCI) runtime specification and serves as an alternative to other runtimes like runc. What's New in 4.18 ▸ Starting Openshift 4.18, Crun will be installed as default in all OpenShift installations. ▸ RunC will be still available as non default option. Product Manager: Gaurav Singh 60

61. What's New in OpenShift 4.18 Re-implemented CLI Manager as “Openshift

    CLI manager Operator” Technology Preview Product Manager: Gaurav Singh OpenShift CLI Manager Operator enables users to manage the CLI lifecycle (install, update, delete) through the upstream project Krew (using oc krew install abc). What's New in 4.18 CLI Manager, previously available as a technology preview, has been re-implemented and now available as the OpenShift CLI Manager Operator, offering support for disconnected use cases. 61

62. What's New in OpenShift 4.18 Networking & Routing 62

63. What's New in OpenShift 4.18 Red Hat OpenShift Networking Enhancements

    Product Managers: Marc Curry, Deepthi Dharwar Ingress Enhancements Support for HAProxy Dynamic Configuration Manager [Tech Preview] • Helps propagate endpoint changes using dynamic HAProxy API • Reduces ◦ Number of reloads ◦ Memory footprint • End point changes including those during scaling the number of Ingress pods is now more seamless On Premises deployment Networking configuration flexibility [General Availability] • Alternative to using ‘configure-ovs.sh’ • Ability to explicitly configure the br-ex bridge to their exact specifications at install-time • Modify it after deployment using standard networking tools. Bare metal deployments

64. What's New in OpenShift 4.18 Network Observability Product Managers: Marc

    Curry, Deepthi Dharwar Network Observability Operator • New release: v1.8 • User Defined Networks Support [Dev Preview] • Net Observ CLI improvements • Making tcpdump collection simpler using the lightweight NetObserv CLI • eBPF multi filter and sampling • Network Observability integration with eBPF Manager [Dev Preview] 64 UDN

65. What's New in OpenShift 4.18 Introducing Red Hat Connectivity Link

    Product Manager: Christopher Ferreira 65 Security & Policy Management Composable API Management Web Assembly Plugin (WASM) Configuration Replication Mirroring Intelligent Routing / Load Balancing OpenShift Console Plugin Connectivity Link

66. What's New in OpenShift 4.18 Storage 66

67. What's New in OpenShift 4.18 OpenShift Storage Product Manager: Gregory

    Charot CSI Operators Operator Migration Driver AWS EBS GA GA AWS EFS n/a GA Azure Disk GA GA Azure File GA GA Azure Stack Hub n/a GA GCE Disk GA GA GCP Filestore n/a GA IBM Cloud n/a GA RH-OSP Cinder GA GA RH-OSP Manila n/a GA vSphere GA GA SecretStore n/a GA SMB/CIFS n/a GA 67 Operators & Drivers ▸ Secret Store CSI • GA! ▸ vSphere • Support for multiple vCenter (GA) ▸ SMB/CIFS CSI • GA! ▸ GCP PD • Support for hyperdisk-balanced (GA) ▸ Manila • Resize support (GA) ▸ LSO • Auto clean up volume deletion

68. What's New in OpenShift 4.18 ▸ Disaster Recovery • Regional

    Disaster Recovery Recipes for complex applications • Support application consistency ▸ Security • Key rotation support for cluster wide encryption ▸ Multicloud Object Gateway • Object browser within OpenShift Console • Bucket notifications ▸ Support multi device classes for storage tiering, data isolation and mixture of SAN and local devices. OpenShift Data Foundation 4.18 Out of the box support Block, File, Object, NFS Platforms AWS/Azure Google Cloud (GA) OpenShift Virtualization OSP (Tech Preview) Bare metal/IBM Z/Power VMWare 7,8 Thin/Thick IPI/UPI ARO (GA), ROSA HCP (GA*) with Self managed ODF IBM ROKS & Satellite - Managed ODF (GA) Any platform using agnostic deployment mode for self managed OpenShift deployments. Deployment modes Disconnected environment and Proxied environments 68 Product Manager: Gregory Charot (speaking on behalf of Eran Tamir)

69. What's New in OpenShift 4.18 Telco 5G & Edge 69

70. What's New in OpenShift 4.18 Image Based Break+Fix (IBBF) 70

    Product Manager: Franck Baudin (on behalf of Robert Love) Developer Preview to be available in 4.18 Steps to replace a DU-configured Single Node OpenShift using Image Based Break Fix (IBBF) Commercial DU site preparation Commercial DU site upgrade Activities which should be done before hardware failure. Activities which are done after hardware failure. • Procedurally similar to Image Based Install • Cluster identifiers retained from previous installation to maintain manageability and observability continuity Hub Cluster Config Repo Staging Facility Radio Site STEP 1 A seed-image generated from DU-configured Single Node OpenShift installation STEP 2 The seed-image is then installed to any number of Far Edge servers STEP 6 Image Based Install Operator and Lifecycle Agent Operator orchestrate site-specific configuration for the new SNO STEP 7 (CNF / Orchestrator functionality) Orchestrator orchestrates CNF restoration process STEP 3 Far Edge server shipped to Far Edge site, racked cabled and booted STEP 4 Provisioning triggered by committing SiteConfig to git. STEP 5 Hub Cluster components orchestrate SNO provisioning • Procedurally similar to Image Based Install Technician Delivers Server • Server is shipped to the Far Edge site

71. What's New in OpenShift 4.18 T-GM Advanced Timing for RAN

    (PTP) 71 Product Manager: Franck Baudin (on behalf of Robert Love) PTP Operator Upstream Community: https://github.com/k8snetworkplumbingwg/ptp-operator T-GM Holdover T-GM Leap Second Mitigation

72. What's New in OpenShift 4.18 72 Telco 5G AMD EPYC

    Bergamo and Genoa support for OCP Telco use cases Socket0 128 cores 256 CPU (HT) Socket 1 128 cores 256 CPU (HT) Total: 512 CPUs 9754 dual NUMA nodes Support already added for OCP4.17.z and OCP4.16.z OCP 4.18 adds LLC Locality feature - Tech Preview Product Manager: Franck Baudin CCX(0) LLC CPU CPU CPU CCX(n) LLC CPU CPU CPU

73. What's New in OpenShift 4.18 Red Hat Device Edge and

    MicroShift V4.18 Red Hat Device Edge with MicroShift is a Kubernetes distribution derived from OpenShift designed for small form factor devices and edge computing. Product Manager: Daniel Fröhlich Gateway API (Dev Preview) • aka Kubernetes “Ingress V2” (details) • Expressive, portable, and extensible API • Simplified configuration for Ingress • Optional install for MicroShift Auto-Recover MicroShift from backups • MicroShift can recover from backups in case startup fails, e.g. due to corrupt etcd database or human errors • provides an addition layer of protection and robustness for edge devices, avoiding manual intervention • Create a cronjob to create backups, store them on the device and point MicroShift to them. In case of a startup-failure, MicroShift will try to starting from the backups (newest first) Base image for RHEL image mode (Tech Preview) • OCI container image that contains OS and MicroShift • bootc this image to run MicroShift instantly • Use as base image for your solution to simplify and speedup your CI/CD pipeline Enhanced config options • Allow to delete application manifests in addition to applying them. This helps with application lifecycle management • Ingress operation and performance options can now be configured (e.g. httpHeaders) 73

74. V0000000 linkedin.com/company/red-hat youtube.com/OpenShift facebook.com/redhatinc twitter.com/OpenShift 74 Thank you Guided demos

    of new features on a real cluster learn.openshift.com OpenShift info, documentation and more try.openshift.com OpenShift Commons: where users, partners, and contributors come together commons.openshift.org

75. Nominate an OpenShift Super hero OpenShift user award to celebrate:

    • The Builder: contributes to the evolution of OpenShift • The Advocate: amplifies their OpenShift experience and learnings through events, blogs, meetups, etc. • The Ambassador: shares knowledge across diverse teams, industries, organizations • Or the category of your choosing Nominate your OpenShift Super Hero