Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OpenShift Commons Gathering Chicago 2023 - Open...

OpenShift Commons Gathering Chicago 2023 - OpenShift: The Road Ahead and Release Update

Chuck Dubuque (Red Hat), William Caban (Red Hat), and Peter Lauterbach (Red Hat) speak at the OpenShift Commons Gathering Co-Located with KubeCon + CloudNativeCon North America 2023.

OpenShift Commons

November 17, 2023
Tweet

More Decks by OpenShift Commons

Other Decks in Technology

Transcript

  1. CONFIDENTIAL designator OpenShift: The Road Ahead and Release Update Chuck

    Dubuque OpenShift PM 1 William Caban OpenShift PM Peter Lauterbach OpenShift PM
  2. CONFIDENTIAL designator OpenShift and themes that drive our roadmap Trusted

    Core container and Kubernetes engine Curated Cloud application development and deployment Consistent Across a Hybrid Cloud Environment 3 OpenShift Roadmap and Update
  3. CONFIDENTIAL designator OpenShift Roadmap and Update 4 Serving Customers when

    and where they need us Artificial Intelligence (AI) or Machine Learning (ML) Edge computing or Internet of Things (IoT) Containers Serverless computing 71% 71% 68% 61% Source: Red Hat detail. “The State of Enterprise Open Source,” Feb. 2022.
  4. CONFIDENTIAL designator 5 Cloud-native apps AI/ML, Functions Communities of Innovation

    | Ecosystems of Solutions Secure & Automated Infrastructure and Operations Traditional apps Physical Virtual Private cloud Public cloud Edge Deliver consistent, reliable, and secure applications OpenShift Roadmap and Update
  5. CONFIDENTIAL designator OpenShift Dedicated 6 There’s an OpenShift for that

    OpenShift Roadmap and Update Red Hat OpenShift on IBM Cloud USAGE MODELS PAYMENT MODELS On-Premises or Edge Customer Managed Application Platform On-Premises Partner Managed Public Cloud Customer Managed Public Cloud Cloud Managed Application Platform Red Hat OpenShift Service on AWS Azure Red Hat OpenShift OpenShift Dedicated Dell APEX Cloud Platform for Red Hat OpenShift HPE Greenlake for Red Hat OpenShift
  6. CONFIDENTIAL designator OpenShift Roadmap and Update 9 Operators in Multi-Tenant

    Clusters New lifecycle model that enables cluster tenants to have their own operator instance Better Helm Workflow Support in ArgoCD with enhancements including support for dynamic value lookup Improved Canary Deployments with Argo Rollouts support in OpenShift GitOps Automate Updating GitOps Repos with Image Updater and new push to image registries Multi-arch and multi-cluster support across the application platform including ARM64 support for Service Mesh and Serverless Networking Improvements with Gateway API east-west enhancements and dev preview support for dual stack IPv4/IPv6 in Service Mesh What’s Next for Running the Applications?
  7. CONFIDENTIAL designator Developer Hub 1.0 GA based on Backstage enables

    self-service capabilities for end-to-end developer workflows, with golden paths and plugins Hyperscaler Marketplace Support for Developer Hub Additional Developer Hub Plugins Keycloak, ArgoCD, Tekton, Quay, Multi Cluster View, JFrog Artifactory, Nexus Registry, Azure Container Registry, GPTs OpenShift Roadmap and Update 10 Podman Desktop provides a user-friendly interface for containers developer workflows and enabling smooth transition to OpenShift from a local workstation. OpenShift Local run OpenShift on the desktop to debug applications easily Developer Sandbox provides rapid access to a hosted private OpenShift environment, seeded with curated tools and services for developers Create and Deploy Templated Functions with additional Serverless Functions support for Wasm (DP) and Python What’s Next for Developer Self-Service?
  8. CONFIDENTIAL designator OpenShift Roadmap and Update 11 What’s Next for

    Infrastructure Teams? • Additional Regions and Providers ◦ AWS regions in the middle-east ◦ Azure Regions in China • AWS Wavelength Zones • AWS Outpost • OpenShift Virtualization on Oracle Cloud Infrastructure (OCI) • Deploy & Distribute OpenShift Cluster across multiple vSphere Clusters • Simplify adding nodes as day-2 with Agent-Installer regardless of their installation method ◦ Bare-metal ◦ vSphere ◦ Nutanix ◦ Oracle Cloud Infrastructure/OCI (external) ◦ Platform “none”
  9. CONFIDENTIAL designator Seamless Windows Integrations for disconnected environments Streamlined credential

    management with Group Managed Service Accounts (gMSA) Enhanced Monitoring with a unified monitoring experience for both Windows and Linux nodes Cross-Platform Support with Windows Containers for ARO & ROSA platforms OpenShift Roadmap and Update 12 Heterogeneous control-planes and node pools with Hosted Control Planes (HCP) Expanding Hosted Control Planes with more Providers like vSphere and Nutanix Enhanced experience for running layered Operators in HCP Optimize Scheduling Workloads on Multi-arch Environments make the best use of the OpenShift’s Multi-arch environment Extend IBM Power/Z clusters with x86 nodes on day-2 What’s Next for Platform Teams?
  10. CONFIDENTIAL designator OpenShift Roadmap and Update 13 What’s Next for

    Security Teams? Towards Zero Trust • User Namespaces • Pod Security Admission (PSA) Enforcement mode • Admin Network Policy allows cluster-admin to define cluster-wide Network Policies to restrict egress, pod and namespaces traffic • Zero-Trust Networking encrypting North-South/East-West traffic from cluster to external network endpoints Multi-Cluster Identity • BYO OIDC Identity enables the configuration and integration with OIDC IDPs like KeyCloack, and Azure IDP • Cross-Cloud Identity with Unified SSO powered by SPIRE enables workloads from one cluster to securely communicate with a workload on a different cluster
  11. CONFIDENTIAL designator Optimize Azure Outbound traffic by disabling SNAT for

    enhanced scalability using Azure NAT Gateway the default for outbound traffic management Extend dual-stack IPv4/IPv6 to public cloud OpenShift deployments Enabling GCP Shared VPC (XPN) between Service & Host Project OpenShift Roadmap and Update 14 Enhancements to OVN for linear scalability with node count: O(1) Improved Stability with the isolation of node lost to affect just that node instead of the whole cluster network Improved Security now nodes don’t need to know the networking of other nodes, or communicate their own GCP Private & Restricted API Endpoints by leveraging Private Service Connect with OpenShift Enabling GCP Shared VPC (XPN) for secure and efficient communication between a Host project and the Service projects What’s Next for Networking Teams?
  12. CONFIDENTIAL designator OpenShift Roadmap and Update 16 Red Hat Advanced

    Cluster Security for Kubernetes Improving collection with new runtime collection for enabling secured clusters on top of various Linux kernel versions. Extending support to Hosted Control Planes (HCP), Red Hat Device Edge Multi-arch support for OpenShift and xKS on ARM Export/Import SBOMs Integration with Paladin Cloud for full-stack cloud-native protection for applications Enhanced Vulnerability and Alert Management with the integration to ServiceNow Vulnerability Response and Alerts
  13. CONFIDENTIAL designator Provide fleet platform health metrics, logs and traces

    all in 1 place. Deliver Kubernetes right-sizing recommendations for platform engineers and developers. 17 Red Hat Advanced Cluster Management for Kubernetes Enhanced policy compliance timeline, progressive policy rollouts, and advanced operator management provides configuration controls at the speed of your business. Governance Manage your mixed fleet: MicroShift, HyperShift, single-node, compact, … and whatever comes next. Global hub policy view and inventory search. Scale Observability Product Managers: Jeff Brent, Bradd Weidenbenner, Sho Weimer, Scott Berens, Christian Stark Protect your investment Embrace growth Reduce cost
  14. CONFIDENTIAL designator OpenShift Roadmap and Update 18 Hosted Control Planes

    (HCP) for OpenShift 30% 65% 50% Infrastructure Mgmt Costs Power & Facility HCP Economics (Savings) Baremetal with the Agent Provider (GA) OpenShift Virtualization (GA) Improved AWS (TP) ARM CP and x86 NodePools on AWS (TP) IBM Power/Z NodePools (TP)
  15. CONFIDENTIAL designator OpenShift Roadmap and Update 19 OpenShift Clusters with

    OpenShift Virtualization Physical Hardware VM worker VM worker VM worker VM worker VM worker VM worker VM worker VM worker VM worker api-s erver etcd … api-s erver etcd … api-s erver etcd … Control Planes (hosted in OCP) Worker Nodes (hosted in VMs on OCP) Virtual Machines Increase Utilization of Infrastructure by consolidating multiple control planes into the same nodes. Increase physical host utilization by hosting virtual worker nodes for multiple clusters Eliminate dependencies on legacy hypervisors for hosting containerized infrastructure.
  16. CONFIDENTIAL designator OpenShift Roadmap and Update 20 Red Hat Device

    Edge & MicroShift Kubernetes cluster services Networking | Ingress | Storage | Helm Kubernetes Orchestration | Security Linux for edge (*) Security | Containers | VMs Install | Over-the-air-updates Monitoring | Logging Physical | Virtual | Cloud | Edge MicroShift k8s workload k8s operators VMs Red Hat Device Edge with MicroShift is a Kubernetes distribution derived from OpenShift Container Platform that is designed for optimizing small form factor devices and edge computing. General Availability Updateability Automatic rollback with rpm-ostree Manual backup and restore CSI Snapshots CNCF certification Networking enhancements (full offline)
  17. CONFIDENTIAL designator OpenShift Roadmap and Update 21 Hybrid MLOps Platform:

    OpenShift AI Model development Conduct exploratory data science in JupyterLab with access to core AI/ML libraries and frameworks including TensorFlow and PyTorch Model serving & monitoring Deploy models across any cloud, fully managed, and self-managed OpenShift footprint and centrally monitor their performance. Lifecycle management Create repeatable data science pipelines for model training and validation and integrate them with devops pipelines for delivery of models across your enterprise. Increased capabilities / collaboration Create projects and share them across teams. Combine Red Hat components, open source software, and ISV certified software.
  18. CONFIDENTIAL designator OpenShift Roadmap and Update 22 AI Stack Red

    Hat / NVIDIA Infrastructure Solutions Red Hat OpenShift Platform Red Hat OpenShift Platform
  19. CONFIDENTIAL designator OpenShift Roadmap and Update 23 Improve Your Sustainability

    Power Monitoring for Red Hat OpenShift is downstream of Kepler project (Dev Preview) Embedded in the observability stack console, you can easily experiment with Kepler and observe power consumption
  20. CONFIDENTIAL designator OpenShift Enables Exploration Trusted Core container and Kubernetes

    engine Curated Cloud application development and deployment Consistent Across a Hybrid Cloud Environment 24 OpenShift Roadmap and Update
  21. CONFIDENTIAL designator commons.openshift.org youtube.com/OpenShift facebook.com/openshift twitter.com/openshift 25 Commons builds connections

    and collaboration across OpenShift communities, projects and stakeholders. In doing so we'll enable the success of customers, users, partners, and contributors as we deepen our knowledge and experiences together. Thank you
  22. CONFIDENTIAL designator OpenShift Roadmap and Update 26 What’s Next for

    5G in OpenShift? Commons OpenShift 5G Update Talk: KubeCon NA 2023
  23. CONFIDENTIAL designator OpenShift Roadmap and Update 28 Integrating Zero Trust

    Zero Trust OpenShift Ansible Identity Platforms (IDM, DS/CS, SSO) ZT maturity via services engagements Security Ecosystem
  24. CONFIDENTIAL designator OpenShift Roadmap and Update 29 DISA STIG for

    OpenShift Learn more about STIGS and Red Hat see this FAQ The Compliance Operator for Red Hat OpenShift provides a fully automated tooling to implement the DISA STIG for OpenShift clusters. US DISA STIG is the MANDATED security baseline for the Department of Defense, and is widely used by civilian and commercial agencies New and Updated Benchmarks with OpenShift profiles for DISA-STIG, CIS 1.4 Expanded Compliance with RHACS with the ability to run the Compliance Operator on xKS platforms (e.g. EKS) Export compliance scans from the RHACS dashboard Remediate for compliance from RHACS dashboard