We’re pleased to announce the general availability of Red Hat OpenShift 4.13, based on Kubernetes 1.26 and Crio 1.26. The latest release is designed to accelerate modern application development and delivery across the hybrid cloud with enhanced security, flexibility, and scalability.
As organizations continue to scale operating environments and workloads, the need for greater consistency across these heterogeneous footprints has grown as well. Red Hat OpenShift 4.13 makes it easier to consume enterprise Kubernetes across the open hybrid cloud while focusing on securing and managing these environments.
What’s New in OpenShift 4.13 Infographic by Julia Hiadlovska
Enhanced security across infrastructure and workloads
Red Hat OpenShift 4.13 strengthens the security and business continuity of applications across the hybrid cloud by reinforcing security best practices with certificate management, data encryptions, and policy enforcement.
New security features and enhancements include:
- The cert-manager operator provides application certificate lifecycle management. Cert-manager allows users to integrate with external certificate authorities and provides certificate provisioning, renewal, and retirement. Cert-manager introduces certificate authorities and certificates as resource types in the Kubernetes API, which makes it possible to provide certificates on demand to developers working within the cluster.
- Deploy Red Hat OpenShift on encrypted VMs and encrypted storage in VMware vSphere. This allows traffic between the hypervisor and storage backend to be encrypted to comply with corporate security policies or regulatory mandates.
- Encrypt etcd with AES-GCM ciphers enables organizations to meet compliance requirements for cryptographic standards.
- User managed key to encrypt storage on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform. Prior to Red Hat OpenShift 4.13, when user-managed encryption keys were provided at install time, only root volumes for nodes were encrypted with those keys. Now, the default storage class on AWS, Azure, and GCP uses the same user-managed encryption keys to apply to all block Container Storage Interface (CSI) provisioned volumes automatically without requiring additional post-installation configurations.
To further bridge the skill gaps for Kubernetes security and enable our customers to break cross functional barriers in their organizations, we are introducing the latest Red Hat Advanced Cluster Security for Kubernetes version 4.0. Red Hat Advanced Cluster Security 4.0 includes a database re-architecture of moving the central database to PostgreSQL, performance and scalability improvements, full host level scanning for Red Hat Enterprise Linux (RHEL) CoreOS, as well as single Clair scanner for Red Hat Advanced Cluster Security and Red Hat Quay. The latest version of Red Hat Advanced Cluster Security is also now available as a cloud service in limited availability on AWS - enabling organizations to take advantage of the Kubernetes-native security capabilities, regardless of the underlying Kubernetes platform.
Improved scalability across workloads and the hybrid cloud
Kubernetes can be complex, and those complexities are compounded when managing containers at scale. We continue to simplify scaling Kubernetes and enable customers to deliver applications quickly and manage them efficiently.
To help organizations focus on applications and reduce management overhead, we’re pleased to announce Red Hat OpenShift Service on AWS (ROSA) with hosted control planes. Hosted control planes is an OpenShift topology that provides a separation of concerns between platform management and workload management to enable hybrid cloud operations at scale. Available as a preview, Red Hat OpenShift Service on AWS with hosted control planes optimizes multicluster deployments at scale to achieve efficient resource utilization and faster provisioning time.
Additional new features and enhancements to help customers better manage OpenShift at scale include:
- Single click control plane scaling on Microsoft Azure and Google Cloud Platform enables Administrators to scale control plane nodes automatically just like they would worker nodes. This leverages control plane machine sets, introduced in OpenShift 4.12, to manage the cluster’s control plane machines and adds additional automation on existing Machine API concepts. This operational flexibility is especially useful to tackle growth or a control plane node failure.
- Automatically scale applications with the Custom Metrics Autoscaler operator, which is generally available in Red Hat OpenShift 4.13. This autoscaler enables developers to horizontally scale the number of pods for their application workloads based on resource utilization metrics (CPU and memory usage), events, and custom metrics.
- NUMA-aware scheduling with the NUMA Resources Operator is now generally available. The NUMA Resources Operator deploys a NUMA-aware secondary scheduler that makes scheduling decisions for workloads based on a complete picture of available NUMA zones in clusters. This enhanced NUMA-aware scheduling ensures that latency-sensitive workloads are processed in a single NUMA zone for maximum efficiency and performance. This update adds fine-tuning of API polling for NUMA resource reports and provides configuration options at the node group level for the node topology exporter.
To further manage clusters at scale, Red Hat introduces Red Hat Advanced Cluster Management for Kubernetes 2.8. Red Hat Advanced Cluster Manager 2.8 includes PolicySet for Red Hat OpenShift Platform Plus and Regional stateful application replication with Red Hat OpenShift Data Foundation 4.13. A PolicySet is a Kubernetes Custom Resource Definition (CRD) that contains a set of policies for managing Kubernetes resources across multiple clusters. With the OpenShift Platform Plus, the PolicySet is used to enforce security requirements, ensure compliance with regulatory standards, and automate the deployment of OPP resources at the hub, so the OpenShift fleet management, OpenShift Data Foundation and Red Hat Advanced Cluster Security for Kubernetes can be stood up quickly with best practices and safeguards in place.
More topology options for edge computing and across clouds
Red Hat OpenShift 4.13 continues to add to OpenShift’s flexibility by supporting a diverse set of infrastructure footprints across the hybrid cloud, including public clouds, on-premises, and edge.
In this latest version, deploying a compact three node cluster is now supported on AWS, Microsoft Azure, Google Cloud Platform, and VMware vSphere. This provides smaller, more resource-efficient clusters in resource-constrained environments for cluster administrators and developers to use for development, test, and production purposes.
Customers can also deploy single node OpenShift on x86-based instances in AWS to provide a small economical cluster for development and testing new applications before rolling them out to single nodes operating in remote or edge locations. Support for single node OpenShift on Arm-based bare metal deployments is also now available. This paves the way for a vast array of highly efficient edge deployment configurations. Combining high performance with low power consumption means new applications can run close to their data sources to deliver insights quickly and locally.
Red Hat OpenShift 4.13 makes it easier for customers to install on IBM Power or install on IBM zSystems and IBM LinuxONE with Red Hat Enterprise Linux KVM via Assisted Installer. Prior to OpenShift 4.13, customers had to manually install OpenShift on IBM Power, or manually install on IBM zSystems and IBM LinuxONE with RHEL KVM. With Red Hat OpenShift 4.13 and Assisted Installer, customers provision new bare metal nodes and create OpenShift clusters on these platforms easily with a web-based guided experience.
Visit https://console.redhat.com/ to update to Red Hat OpenShift 4.13 to take advantage of the latest features and enhancements. For an in-depth look at Red Hat OpenShift 4.13, check out Everything you need to know about Red Hat OpenShift 4.13.
About the author
Ju Lim works on the core Red Hat OpenShift Container Platform for hybrid and multi-cloud environments to enable customers to run Red Hat OpenShift anywhere. Ju leads the product management teams responsible for installation, updates, provider integration, and cloud infrastructure.