Slide 1

Slide 1 text

V0000000 Oct 7, 2024 What’s New in Red Hat OpenShift 4.17 OpenShift Product Management red.ht/whatsnew 2

Slide 2

Slide 2 text

What's New in OpenShift 4.17 3 Kubernetes & Cluster Services Install | Over-the-air updates | Networking | Ingress | Storage | Monitoring | Log forwarding | Registry | Authorization | Containers | VMs | Operators | Helm Linux (container host operating system) Physical Virtual Private cloud Public cloud Edge Integrated DevOps Services Service Mesh | Serverless | Builds | Pipelines | GitOps |Tracing | Log Management | Cost Management | Migration Tools Advanced Management & Security Multicluster Management | Cluster Security| Global Registry | Cluster Data Management Red Hat OpenShift on IBM Cloud Red Hat OpenShift Service on AWS Azure Red Hat OpenShift OpenShift Dedicated Self-Managed Platforms OpenShift Cloud Services Red Hat open hybrid cloud platform

Slide 3

Slide 3 text

What's New in OpenShift 4.17 Kubernetes 1.30 4 Product Manager: Nick Png CRI-O 1.30 Kubernetes 1.30 OpenShift 4.17 Notable Beta Features ▸ Support user namespaces in pods ▸ Structured Auth Configuration ▸ Node memory swap support ▸ Make Kubernetes aware of the LoadBalancer behaviour ▸ CRD validation ratcheting “Uwubernetes” Notable Stable Features ▸ Pod Scheduling Readiness ▸ Common Expression Language (CEL) for Admission Control ▸ Container resource-based pod autoscaling ▸ Reduction of Secret-based Service Account Tokens

Slide 4

Slide 4 text

What's New in OpenShift 4.17 Notable Top RFEs and Components 5 Top Requests for Enhancement (RFEs) ▸ Seamless offline migration from SDN to OVN-K - RFE-5502 ▸ 4-node and 5-node control-plane architecture for bare-metal clusters - RFE-540 ▸ Support IAM instance profiles for OpenShift in AWS Installations - RFE-2596 ▸ Support User Namespaces in pods (Tech Preview) - RFE-4517 ▸ Migrate from SDN to OVN with NIC bonding - RFE-4015 ▸ Custom tags for OpenShift in GCP - RFE-4546 Product Manager: Nick Png

Slide 5

Slide 5 text

What's New in OpenShift 4.17 6 OpenShift 4.17 Spotlight Features

Slide 6

Slide 6 text

What's New in OpenShift 4.17 Virtualization ▸ Safe memory overcommit (GA) ▸ Memory hotplug for non-disruptive scale-up of VM performance ▸ Automatic VM workload balancing with descheduler ▸ VM storage live migration between storage classes (Tech Preview) OpenShift Platform Plus ▸ Policy as code via ArgoCD and VEX support in Scanner with Advanced Cluster Security 4.6 ▸ ROSA cluster lifecycle with RHACM 2.12 (Dev Preview) ▸ Keyless Authentication and auto pruning policies with Red Hat Quay 3.13 ▸ Self-managed OpenShift Data Foundation on ROSA HCP Core ▸ 4-nodes and 5-nodes control-plane architecture for bare-metal spanned clusters ▸ Node disruption policies to minimize disruption (GA) ▸ Native Network Isolation for Namespaces (Tech Preview) ▸ eBPF Manager (Tech Preview) ▸ User namespaces in pods (Tech Preview) Hosted Control Planes (HCP) ▸ Disconnected Installation enhancements ▸ Comprehensive Backup and Restore Solution for OpenShift Virtualization HCP Clusters ▸ NVIDIA GPU support for OpenShift Virtualization HCP Clusters (Tech Preview) ▸ Multi-architecture HCP Red Hat OpenShift 4.17 highlights Product Manager: Siamak Sadeghianfar

Slide 7

Slide 7 text

What's New in OpenShift 4.17 OpenShift Lightspeed (Technology Preview) 8 Generative AI based chat assistant Generative AI Powerful, pluggable LLMs combined with the latest OpenShift documentation ● RHEL AI ● Red Hat OpenShift AI ● OpenAI ● Azure AI ● Watson X Explain, investigate and learn more Provides assistance with explaining and investigating cluster resources Help where you need it Integrated directly into the Red Hat OpenShift web console Product Manager: Gaurav Singh

Slide 8

Slide 8 text

What's New in OpenShift 4.17 User Namespaces Technology preview ● Enhanced Security for Containers: User namespaces allow pods to run with distinct user IDs inside the container, while mapping them to different IDs on the host. ● Better protection against privilege escalation: By enabling user namespaces, it becomes easier to run containers that require root privileges inside the container while being non-root on the host. This improves security by ensuring that any process that escapes a privileged container will not have privileges on the host. Product Manager: Gaurav Singh 9

Slide 9

Slide 9 text

What's New in OpenShift 4.17 Native Network Isolation for Namespaces – Technical Preview 10 The default single L3 pod network is not flexible enough to cover a wide variety of use cases. Product Managers: Marc Curry, Deepthi Dharwar ▸ User Defined Network (UDN) support in OVN-Kubernetes ▸ A default network for OVN-Kubernetes components + VRF support for additional isolated-by-default UDNs ▸ One or more namespaces in each UDN (tenant) ▸ A pod can be connected to different networks, each meant for a specific purpose ▸ Support for: ・ (Admin) Network Policy ・ primary (default) and secondary UDNs ・ overlapping pod IPs across UDNs ・ clusterIP services and external services ▸ Existing secondary networks (Multus) are not impacted node-1 network-3 network-2 pod-1 172.16.0.2 pod-2 172.16.0.3 pod-1 10.10.0.2 pod-2 (VM) 10.10.0.3 node-2 network-3 network-2 pod-1 172.16.1.3 pod-2 172.16.1.4 pod-3 10.10.0.4 pod-4 (VM) 10.10.0.5 ovn_layer2_switch (10.10.0.0/16) ▸ Create a flat Layer-2 network as the primary network to migrate your VMs (pods) across nodes. ▸ Attach your VM/pod network to a provider network (specify VLAN ID to segment/mark/isolate traffic). (Targeting first 4.17.z release) Example Use Cases 172.16.0.0/24 172.16.1.0/24 L3 topology

Slide 10

Slide 10 text

What's New in OpenShift 4.17 OpenShift Core Networking Roadmap eBPF Manager - Technical Preview 11 An eBPF program manager and gatekeeper Product Managers: Marc Curry, Deepthi Dharwar ▸ eBPF Manager (upstream: “bpfman”) notable features: ・ System Overview (provide insights on eBPF programs) ・ eBPF Program Loader ・ eBPF Filesystem Management ▸ OCTO and RHEL collaboration to productize its use in OpenShift ・ Tech Preview at OpenShift 4.17 ▸ Optionally installed from Operator Hub ▸ Manages targeted Red Hat internal eBPF implementations: ・ Ingress Node Firewall ▸ Currently in CNCF Sandbox ensure the secure deployment of eBPF applications +

Slide 11

Slide 11 text

What's New in OpenShift 4.17 12 Introducing admin-defined node disruption policies! ▸ Specify policies per file or path ▸ Associate an action - Reboot (default), Drain, None ▸ Restart specified systemd services - optional Greater control for CoreOS Administrators Product Manager: Mark Russell

Slide 12

Slide 12 text

What's New in OpenShift 4.17 13 4 or 5 Node HA Control-Plane (Bare Metal Only) CP 2 CP 3 CP 4 CP 5 W W W W W W W W W W W W Failure Domain 1 Failure Domain 2 CP 1 ● Active-active deployments across two locations ● Designed for traditional applications like OpenShift Virtualization VMs ● Enhances resiliency with 2+2 or 3+2 configurations ● Supported on bare metal platform only Product Manager: Ramon Acedo Rodriguez

Slide 13

Slide 13 text

What's New in OpenShift 4.17 Performance and Scale ● Memory Oversubscription for workload density ● Memory hotplug for non-disruptive scale-up of VM performance ● GPU workload on hosted clusters. (Tech Preview) ● Live Migration optimizations for busy workloads Improved infrastructure optimization ● Automatic VM workload balancing with descheduler ● Native EBS storage support for Virtual machines ● Easily deploy disconnected hosted clusters ● VM storage live migration between storage classes (Tech Preview) Simplified VM Management ● Virtualization Admin focused view ● MTV 2.7 preserves static IPs and drive letters for warm migration 14 OpenShift Virtualization highlights Modernize your operations with comprehensive lifecycle and infrastructure management Product Manager: Peter Lauterbach Virtual Memory Physical Memory Workload Workload Workload

Slide 14

Slide 14 text

What's New in OpenShift 4.17 Comprehensive VM alerting Status at a glance Filter and find VMs and clusters quickly Multicluster Virtual Machine Observability with RHACM 15 ▸ Comprehensive set of dashboards addressing important use cases ▸ Flexible Single VM/Single-Cluster view versus Multi VM/MultiCluster view ▸ Based on a rich set of metrics to retrieve valuable status of individual VM’s and inventories Product Manager: Peter Lauterbach (speaking on behalf of Christian Stark)

Slide 15

Slide 15 text

What's New in OpenShift 4.17 Confidential Compute Attestation Operator (Technology Preview) Manages configuration and trustee components lifecycle 16 ▸ Based on the community Trustee project ▸ Tech Preview on Azure and IBM Z ▸ Provides attestation services together with OpenShift sandboxed containers ・ Provides attestation services for confidential containers workloads ・ Attestation to retrieve container image signing or decryption keys ・ Attestation for releasing application secrets ▸ Must be deployed in trusted environment with TEE (e.g. Intel TDX or AMD SEV-SNP) Product Manager: Jochen Schroder See also Exploring the OpenShift confidential containers solution blog

Slide 16

Slide 16 text

What's New in OpenShift 4.17 Manage at Scale 17

Slide 17

Slide 17 text

What's New in OpenShift 4.17 18 Hosted Control Plane (Self-Managed) Product Manager: Adel Zaalouk Enhanced Reliability Backup & restore for the entire hosted cluster artifacts with OpenShift APIs for Data Protection (OADP) Optimize your deployments cost and time savings but do it responsibly at the same time. Platform Improvements Improvements in disconnected installs with HCP ● Fixing certificate issues with image streams ● Respecting registry overrides for HCP/NP OpenShift Virtualization provider NVIDIA GPU (Tech Preview) ● Run AI workloads on the OpenShift Virtualization Provider Hosted Cluster Workers Multi-architecture configurations ● Arm control-plane with x86 data-plane on AWS ● x86 control-plane with Arm data-plane on AWS (Self-Managed) ● x86 control-plane with Z data-plane ● x86 control-plane with Power data-plane Single Pane of Glass to Manage the Fleet of Hosted Clusters Discover multicluster engine operator hosted clusters in Red Hat Advanced Cluster Management Importing Hosted Clusters from other management clusters managed by Advanced Cluster Management (ACM) and Multi-Cluster Engine (MCE)

Slide 18

Slide 18 text

What's New in OpenShift 4.17 19 SEE: Five key dashboards showing important observability information across clusters. FIND: Virtual machines easily with enhanced search capabilities (Dev Preview). DO: Stop, start, restart, and pause VMs directly from ACM (Tech Preview). ACM 2.12 - Support for OpenShift virtualization Product Managers: August Simonelli (speaking on behalf of Scott Berens, Christian Stark, Bradd Weidenbenner, Sho Weimer) Red Hat Advanced Cluster Management for Kubernetes Gain powerful insights and deeper control of your OpenShift virtualization environments

Slide 19

Slide 19 text

What's New in OpenShift 4.17 ACM 2.12 - Governance, Observability, and management 20 Red Hat Advanced Cluster Management for Kubernetes Governance, observability, and management Product Managers: August Simonelli (speaking on behalf of Scott Berens, Christian Stark, Bradd Weidenbenner, Sho Weimer) Governance at scale Enhanced OpenShift GitOps (ArgoCD) integrations Improved usability & user experience for policies Gatekeeper updated to 3.17 Standalone Thanos operator Multicluster Observability Addon (MCOA) (Dev preview) Grafana updated to 11.5.1 Customize policy output messages Export ACM and MCE tables as CSV Continued enhancements for ROSA and managed cloud offerings Observability at scale Advanced management

Slide 20

Slide 20 text

Red Hat Advanced Cluster Security for Kubernetes 21 Compliance Operator Additional profiles to comply with PCI-DSS 4.0.0 Ensure your business meets the latest security standards, protects sensitive payment data, and avoids costly breaches with PCI-DSS 4.0 compliance. Product Manager: Anjali Telang Updated DISA STIG V2R1 Strengthens an organization's security posture while promoting consistency, regulatory compliance, and effective risk management.

Slide 21

Slide 21 text

Red Hat Advanced Cluster Security for Kubernetes 22 ACS 4.6 Highlights ▸ Policy as Code via Argo CD ▸ Support for ARM in Secured Clusters ▸ Integration with MS Sentinel Notifier ▸ External IP information [TP] ▸ Support for PCI-DSS 4.0.0 on OpenShift ▸ Download Compliance Reporting ▸ Adopt Red Hat CSAF/VEX ▸ CVE Scoring: NVD + RH ▸ Scanner V4 Node Scanning ▸ Integration ServiceNow Vulnerability Response Compliance Vulnerability Management Platform Product Manager: Anjali Telang

Slide 22

Slide 22 text

Ensure compliance with Red Hat ACS cloud services Our cloud service is certified across key global standards ensuring top-tier security, compliance, and data protection for your business. - ISO/IEC 27001:2022 - ISO/IEC 27017:2015 - ISO/IEC 27018:2019 - PCI DSS 4.0 - SOC 2 Type 2 / SOC 3 23 Red Hat Advanced Cluster Security for Kubernetes Product Manager: Anjali Telang

Slide 23

Slide 23 text

What's New in OpenShift 4.17 Augmented Auto Pruning Policies Granular Auto-Pruning Rules: Users can create multiple rules per policy allowing more specific auto-pruning rules based on tag patterns. The feature includes support for regular expressions, enabling users to include or exclude specific image tags according to their organizational needs. Keyless Authentication Secure Access with Short-Lived Tokens: Users can securely access Quay using short-lived, regularly rotated tokens, reducing the risk of credential theft while simplifying the authentication process. (This Release: just an API endpoint on Quay - Future Release: Will add functionality on OpenShift) Certificate-based Postgres Authentication Enhanced Database Security: Quay authenticates to PostgreSQL, enhancing database security and aligning with customer security policies. 24 Red Hat Quay Enhanced Security, Authentication, and Automation Red Hat Quay 3.13 Product Manager: Quiana Berry

Slide 24

Slide 24 text

What's New in OpenShift 4.17 Observability

Slide 25

Slide 25 text

What's New in OpenShift 4.17 26 Application Observability and Integrations ▸ OpenTelemetry collector dashboards ▸ OTLP Logs are now native to OpenShift ▸ Certificate rotation ▸ New components: Metrics transform processor, Group by attributes processor, Routing connector and Prometheus Remote Write exporter. Product Manager: Jamie Parker (on behalf of Jose Gomez-Selles) Read more at: https://t.co/FoHfJ9D4BX ▸ Gantt chart: Observing your requests with context, including a side panel for granular information ▸ Configure temporary access to AWS S3 with AWS STS ▸ TLS is streamlined in OpenShift via service annotation when gateway/multi tenant is disabled Red Hat build of OpenTelemetry Distributed tracing

Slide 26

Slide 26 text

What's New in OpenShift 4.17 27 Observability Cluster Observability Operator ▸ Cluster Observability Operator 0.4.0 released as Technology Preview ▸ Observability Signal Correlation for Red Hat OpenShift ▸ Enhancements: ・ Focus functionality ・ Show Query & additional experimental features ▸ Troubleshooting panel ・ Triggered from the application launcher menu of the OCP web console Product Manager: Jamie Parker (on behalf of Vanessa Martini) Read more here

Slide 27

Slide 27 text

What's New in OpenShift 4.17 28 Monitoring OpenShift Monitoring Product Manager: Jamie Parker (on behalf of Roger Floren) https://www.redhat.com/en/blog/introducing-cluster-observability-operator New Features Improvements ▸ Tolerate scrape timestamp jitter in UWM ▸ Remove prometheus-adapter related code from CMO code base ▸ Export as CSV: dashboards & metrics line graphs ▸ CVE 2024-8421 fix ▸ Alert updates ● PrometheusKubernetesListWatchFailures ▸ Monitoring stack components updated ● Alertmanager: 0.27.0 ● Prometheus Operator: 0.75.2 ● Prometheus: 2.53.1 ● kube-state-metrics: 2.13.0 ● node-exporter: 1.8.2

Slide 28

Slide 28 text

29 Observability Logging 6.1 OpenShift Logging Product Manager: Jamie Parker ▸ Cluster Logging Operator can forward logs via OTLP to our internal Loki Log Storage, or forward logs off cluster to an external OTLP endpoint ▸ Loki Log Storage can store and view logs sent to it over OTLP from two sources ・ Cluster Logging Operator ・ Red Hat Build of OpenTelemetry ▸ Logs sent to Loki over OTLP can be viewed in the OpenShift Observability UI Featuring End to End OTLP Support

Slide 29

Slide 29 text

What's New in OpenShift 4.17 30 Observability Incident detection for OCP (Developer Preview) Get to RCA faster with alert based incident detection. Directly in OCP Web Console! Visit our blog post for more detail! Red Hat Insights Product Manager: Tomas Dosek https://console.redhat.com/openshift/insights

Slide 30

Slide 30 text

What's New in OpenShift 4.17 Console 31

Slide 31

Slide 31 text

What's New in OpenShift 4.17 32 Console Console RFEs “Customer Happiness” ▸ ODC-7589: Show Developer Console warnings if the PodDisruptionBudget limit is reached ▸ ODC-7590: Gitea support when using Import from Git in Developer Console ▸ ODC-7388: Let user modify timeout before running pipeline ▸ CONSOLE-4140: Simplified view of MachineConfig configuration files on details page ▸ CONSOLE-3792: Add ability to customize create project modal using dynamic plugins Product Manager: Ali Mobrem

Slide 32

Slide 32 text

What's New in OpenShift 4.17 33 Console Dynamic Plugin Framework ▸ Checkout the new Plugin project references section ▸ New i18N section to help you with adding translations ▸ Heads Up: PF6 Support coming in 4.19 ▸ Reminder: Shared Modules Section & Deprecation Notices ・ Deprecation of PF4 & ReactRouter5 Product Manager: Ali Mobrem Read more at: github.com/openshift/console/.../console-dynamic-plugin-sdk Dynamic Plugin Framework Docs have been Enhanced… Don’t forget to upgrade Dynamic Plugins are the best way to build native experiences directly into the OCP console

Slide 33

Slide 33 text

What's New in OpenShift 4.17 Developer Tools Update 34

Slide 34

Slide 34 text

What's New in OpenShift 4.17 OpenShift Developer Experience IDE Extensions and Cloud Developer Environment ▸ Support for creating deployments using a BuildConfig ▸ Configure Helm Chart installation with a build image within IDE ▸ Add Kubernetes Resource Link Provider workflow ▸ Support for the devfile for .NET 9 ▸ Install RHDH using Helm chart from the extension ▸ Support OpenShift Serverless Function with func cli 1.51.1 Quarkus Tools & EAP for VS Code and IntelliJ OpenShift Toolkit for VS Code and IntelliJ ▸ NEW Language Server Protocol Plugin for IntelliJ ▸ LSP4IJ is a free and open-source Language Server protocol (LSP) client compatible with all flavours of IntelliJ ▸ Available on JetBrains Marketplace and user guide is on GitHub ▸ JBoss EAP 8.x support in VS Code and IntelliJ ▸ NEW Quarkus Plugin for IntelliJ ▸ Support for @Startup healthcheck diagnostic ▸ Support @route from vertx to display codelens URL ▸ Full Support for Java 22 in VS Code extension Language Server Protocol Plugin TMM: Markus Eisele (on behalf of Mohit Suman) 35

Slide 35

Slide 35 text

What's New in OpenShift 4.17 OpenShift Dev Spaces Version 3.16 is now available Red Hat OpenShift Dev Spaces 3.16 is based on Eclipse Che 7.90 Starting from this release, it is possible to configure the container image, temporary storage, memory and CPU limits when starting a CDE using the "Import from Git" flow. With the fuse-overlayfs storage driver, you can enable faster builds and more optimized storage usage for podman build and buildah within your Red Hat OpenShift Dev Spaces cloud development environment (CDE). When you start a CDE from a URL, you are asked if you trust the authors of the repository since creating a workspace from unknown or untrusted sources could be dangerous. Advanced “Import from Git” flow Warning users that creating a CDE from an unknown source could be dangerous Enabling fuse-overlayfs for all workspaces Starting from this release, podman login is performed automatically during workspace startup for all container registries configured in the User Preferences. Automatic 'podman login' into external container registries TMM: Markus Eisele (on behalf of Mohit Suman) 36

Slide 36

Slide 36 text

What's New in OpenShift 4.17 RHDH 1.3 Plug-ins and templates: 🆕 Bulk import plug-in (Git org & repo into Catalog) 🆕 Migration Toolkit for Application plug-in 🆕 Software template to create a new Frontend plug-in 🆕 Software template to create a new Backend plug-in 💡 Visualize your VMs from the Topology plug-in 💡 Software Template library 37 Red Hat Developer Hub Setting Development Teams up for success! Red Hat Developer Hub - IDP for OpenShift Platform RHDH 1.3 Core 🆕 Support for external Redis cache 🆕 OpenShift Dedicated is fully supported 🆕 Import custom Theme through dynamic plug-ins 🆕 Dynamic plug-ins developer guide 💡 Manage sidebar navigation items through dynamic plug-ins 💡 Add any plug-ins to the Home page TMM: Markus Eisele (on behalf of Christophe Fargette)

Slide 37

Slide 37 text

What's New in OpenShift 4.17 https://podman-desktop.io/blog/podman-desktop-release-1.12 Podman Desktop 1.12 Introducing GPU support for Podman AI Lab 38 4.7k ! TMM: Markus Eisele (on behalf of Stevan LeMeur) ▸ Manage your remote Podman machines all within the UI. ▸ MacOS & Windows GPU support ▸ Light mode out of experimental ▸ OpenShift Local extension has been improved ▸ More Kubernetes Objects are supported.

Slide 38

Slide 38 text

What's New in OpenShift 4.17 Runtimes 39

Slide 39

Slide 39 text

What's New in OpenShift 4.17 40 ▸ Improved integration with Red Hat Developer Hub ▸ Security improvements ● Auto generated TLS certificates for development ● Easier configuration ▸ Front end development improvement ● WebBundler (NPM integration) ● HTMX support ● WebComponents ▸ Java Flight Recorder extension for monitoring containerized Java app stats on OpenShift with Cryostat Red Hat build of Quarkus What’s New in 3.15 (late Oct) PMM: Jeff Beck Cryostat Automated Analysis Report Cryostat Grafana dashboard

Slide 40

Slide 40 text

What's New in OpenShift 4.17 41 Migration Toolkit for Applications 7.1 ▸ Support for .NET analysis (Dev Preview), including rules for the .NET Framework to .NET migration path. ▸ Automatic language and technology discovery for applications to speed up association with Archetypes. ▸ Gradle support (Tech Preview) for Java applications analysis. ▸ Analysis insights (Tech Preview) that provide pointers on where and how certain technologies are being used by applications. ▸ Task Management to include precise information about what is queued for execution in the MTA UI, allowing users to preempt tasks to prioritize according to their needs at every moment. PMM: Jeff Beck

Slide 41

Slide 41 text

What's New in OpenShift 4.17 Platform Services 42

Slide 42

Slide 42 text

What's New in OpenShift 4.17 43 OpenShift Service Mesh ▸ Now available: OpenShift Service Mesh 3.0 Technology Preview: ▸ Based on the latest Istio and Kiali releases: ■ Istio 1.23 and Kiali 1.89 ▸ Managed by a new operator based on community Istio - the “Sail Operator” ▸ New standalone service mesh documentation ▸ New included features: ■ Istio’s multi-cluster topologies ■ Canary control plane upgrades ■ Istioctl command line utility Look for it in Operator Hub on OCP 4.14+! Product Manager: Jamie Longmuir

Slide 43

Slide 43 text

What's New in OpenShift 4.17 44 OpenShift GitOps ▸ OpenShift GitOps 1.14 release, includes Argo CD 2.12 and Argo Rollouts 1.7 ▸ Multi-source applications in Argo CD Dashboard with rollback ▸ Consistent sharding algorithm to assign clusters to shards ▸ Reduced cluster reshuffling on sharding config changes ▸ Project-scoped repository credentials ▸ RFE-3590 Application labels on Kubernetes events ▸ RFE-3882 GPG signature verification of Git commits in ApplicationSets ▸ RFE-5210 Sidecar support in Argo CD server and controller Product Manager: Siamak Sadeghianfar (on behalf of Harriet Lawrence)

Slide 44

Slide 44 text

What's New in OpenShift 4.17 45 OpenShift Pipelines Product Manager: Koustav Saha ▸ OpenShift Pipelines 1.16 release planned ▸ StepActions (General Availability) ▸ Reusable and scriptable unit of work that is performed by a Step ▸ Support in Red Hat Tekton Catalog ▸ Tekton Chains enhancements ▸ Support for rotation of MongoDB URI and Hashicorp Vault token ▸ Specify list of namespaces where users intend chains to run ▸ Larger Task results via Sidecar logs ▸ Tekton Results enhancements (Technology Preview) ▸ Support for Openshift Logging and Loki for pipelinerun logs ▸ Log retention policy support ▸ Console improvements ▸ Filter to fetch pipeline details from cluster and tekton results ▸ Support for timeout in start pipeline modal

Slide 45

Slide 45 text

What's New in OpenShift 4.17 OpenShift Serverless 46 PM: Naina Singh ▸ Serverless 1.34 release based on Knative 1.14 ▸ Serverless functions ▸ Golang functions (Tech Preview) ▸ Easy Event Subscription through CLI ▸ Autoscaling of Knative Kafka Triggers using KEDA/CMA ▸ Internal and External services hops encrypted (Tech Preview) ▸ Support for Startup probe for faster startup times ▸ Serverless Logic ▸ Access OpenAPI specs definitions across multiple namespaces ▸ Management Console ( Tech Preview)

Slide 46

Slide 46 text

What's New in OpenShift 4.17 ▸ Builds 1.1 released ▸ Shared Resource CSI Driver is GA ▸ Share secrets across namespace ▸ Granular RBAC ▸ Mount RHEL entitlements as CSI volumes in BuildConfigs, Shipwright Builds and Tekton Pipelines ▸ Shipwright in Console ▸ Import from Git ▸ Build strategy page Builds for OpenShift 47 PM: Siamak Sadeghianfar volumes: - name: rhel-entitlements csi: readOnly: true driver: csi.sharedresource.openshift.io volumeAttributes: sharedSecret: etc-pki-entitlement

Slide 47

Slide 47 text

What's New in OpenShift 4.17 Installer Flexibility 48

Slide 48

Slide 48 text

What's New in OpenShift 4.17 and IBM LinuxONE OpenShift 4.17 Supported Providers Installation Experiences Automated Full Control Interactive – Connected - Auto-provisions infrastructure - *KS like - Enables self-service - Bring your own hosts - You choose infrastructure automation - Full flexibility - Integrate ISV solutions - Hosted web-based guided experience - Agnostic, bare metal, vSphere and Nutanix - ISO driven - Restricted network (disconnected / air -gapped) - Automatable installations via CLI - Bare metal, vSphere, SNO - ISO driven Installer Provisioned Infrastructure User Provisioned Infrastructure Assisted Installer Agent-based Installer Local – Disconnected Azure Stack Hub Bare Metal IBM Power Systems Product Manager(s): Marcos Entenza (AWS, Azure, GCP, IBM Cloud, Oracle Cloud), Ju Lim (Alibaba), Ramon Acedo (BM, Nutanix, VMware), Peter Lauterbach (OCP Virtualization), Gil Rosenberg (OpenStack), Duncan Hardie (IBM Z & Power), Adel Zaalouk (HCP) 49 Outposts Wavelength Local Zones (Tech Preview)

Slide 49

Slide 49 text

What's New in OpenShift 4.17 52 Product Managers: Marcos Entenza, Subin Modeel ▸ Existing AWS IAM instance profiles for OpenShift in AWS installations ▸ AWS EFS CSI usage metrics ▸ AWS Placement Group Partition Number support ▸ Precreate Service Accounts in GCP ▸ GCP Private Service Connect support ▸ GCP Workload Identity Management for OLM operators ▸ Custom tags for OpenShift on GCP (GA) ▸ Azure Reserved Capacity via Machine API ▸ Ensure CSI Stack is running on management clusters with hosted control planes on Azure ▸ Central region (spain central) added Installation Highlights for Cloud Providers Cloud

Slide 50

Slide 50 text

What's New in OpenShift 4.17 Installation Highlights for On-premises Providers 53 On-premises ▸ Simplify add nodes on day 2 with Agent-based Installer (GA) ▸ Publish Redfish supported features for partners ▸ Create Nutanix worker VMs with GPUs ▸ Create Nutanix VMs with multiple disks ▸ Support for Nutanix Flow Virtual Networking on Prism Central ▸ Support for Multi-vCenter without shared storage (Technology Preview) ▸ Simplify add nodes on day 2 with Agent-based Installer (GA) ▸ CPU Manager on IBM Z ▸ Scheduler Plugins for IBM Power and IBM Z (Feature Parity) ▸ NVMe devices on IBM Z systems with z/VM ▸ Compliance Operator - DISA-STIG Profile for IBM Power and IBM Z ▸ cluster-etcd-operator support for slower hardware condition ▸ Exploitation of hardware based root volume LUKS encryption (IBM Z) ▸ Parity for Secondary Scheduler Operator (IBM Z and IBM Power) Bare Metal IBM Power Systems and IBM LinuxONE Product Managers: Ramon Acedo Rodriguez, Duncan Hardie ▸ Multi-architecture Tuning Operator (GA) ▸ Install multi-arch configured clusters (x86 & Arm) on AWS and GCP ▸ Hosted control plane support of x86 control plane with either IBM Power or IBM Z nodepools Multi- Arch

Slide 51

Slide 51 text

What's New in OpenShift 4.17 54 Adding Nodes to Any Cluster Generally Available Product Manager: Ramon Acedo Rodriguez Add Nodes to Any Cluster Any cluster, regardless of the installation method used. Simplified User Experience Create and boot an ISO image, that’s it. Multi-platform ● Bare metal ● vSphere ● None ● Oracle Cloud Infrastructure Fail fast Validates the host(s) you are adding to detect common configuration problems More information in the documentation Adding a Single Node Using Command Flags 1. Run oc adm node-image create --mac-address=. 2. Boot the node with the generated ISO image. 3. Track progress with oc adm node-image monitor . 4. Approve CSRs with oc adm certificate approve . Adding One or More Nodes Using a Configuration File 1. Create a nodes-config.yaml file with configurations for the nodes. 2. Run oc adm node-image create nodes-config.yaml. 3. Boot the nodes with the generated ISO image. 4. Track progress with oc adm node-image monitor . 5. Approve CSRs with oc adm certificate approve .

Slide 52

Slide 52 text

What's New in OpenShift 4.17 Shift-On-Stack 4.17 55 Product Manager: Jamie Parker (on behalf of Gil Rosenberg) ▸ Exposing shift On stack metrics to the RHOSO-OCP cluster ○ Utilizes the build in monitoring capability in RHOSO (Openstack 18) ○ Centralized matrics collection for multiple ShiftOnStack clusters ○ 1st step in enabling metrics correlation ▸ Using RootVolumnes to support master nodes ○ Access to Low latency SSD/NVMe on the nova compute nodes ○ Improve stability for large / high churn clusters * As measured in Red Hat labs, April 2024

Slide 53

Slide 53 text

What's New in OpenShift 4.17 56 Enhancing oc-mirror for Hosted Control Planes/OpenShift Virtualization Deployments and EUS Upgrades OpenShift oc-mirror Hosted Control Planes/OpenShift Virtualization Support oc-mirror v2 (Tech Preview) expands image coverage for Hosted Control Planes/OpenShift Virtualization deployments EUS Upgrade Guidance oc-mirror v1/v2 (Tech Preview) improve version gap detection and warnings for EUS upgrades Product Manager: Ramon Acedo Rodriguez, Tony Wu ➔ Expanded image coverage: oc-mirror v2 processes images referenced in release-manifests/0000_50_installer_coreos-bootimages.yaml in addition to those listed in release-manifests/image-references. ➔ Enhanced support for RHCOS image: This change directly benefits Hosted Control Planes/OpenShift Virtualization, making it easier to deploy hosted clusters in disconnected environments. ➔ Improved flexibility: By mirroring the RHCOS image, oc-mirror v2 offers greater flexibility and adaptability for various deployment scenarios. ➔ Improved detection to version gaps: oc-mirror now identifies when the difference between minVersion and maxVersion exceeds one minor version, e.g., 4.14 to 4.16. ➔ Improved user experience: Provides clear guidance with warnings to include intermediate versions (e.g., 4.15) in their mirrored channels to prevent upgrade failures. ➔ Reduced support burden: Directs users to the Cincinnati graph lab app for available versions in the updated documentation. ⏯ Watch our demo videos to learn more about oc-mirror v2 (Tech Preview)

Slide 54

Slide 54 text

What's New in OpenShift 4.17 Control Plane 57

Slide 55

Slide 55 text

What's New in OpenShift 4.17 58 Automatic recovery from expired certificates when cluster resumes from hibernation, snapshots or a restored from a backup When a new signer certificate is close to its expiration date an automatic rotation of the signer certificate activates. Automatic Certificate Rotations Automatic Control Plane Recovery from Expired Certificates Certificate Rotation Improvements Product Manager: Ramon Acedo Rodriguez

Slide 56

Slide 56 text

What's New in OpenShift 4.17 Optimize CRI-O Storage Wipe for reboot To Improve Corruption Protection and Reboot Efficiency ● Faster Node Recovery: By detecting and wiping only corrupted layers instead of all images, this feature significantly reduces the time required to reboot nodes after unexpected power failures or crashes. This is particularly valuable in telco edge locations, where minimizing downtime is critical for maintaining service availability. ● Improved Resource Efficiency: Cleaning up only corrupted layers reduces the demand for bandwidth and storage, as fewer images need to be repulled. This is especially beneficial in edge environments where network connectivity might be limited, and external registries may not be readily accessible. Product Manager: Gaurav Singh 59

Slide 57

Slide 57 text

What's New in OpenShift 4.17 Networking & Routing 60

Slide 58

Slide 58 text

What's New in OpenShift 4.17 Red Hat OpenShift Networking Enhancements Product Managers: Marc Curry, Deepthi Dharwar Software Defined Networking Upgrades and Support ● HAProxy upgraded to v2.8 minor version ● ALBO controller to v2.8 ● CoreDNS to v1.11.3 ● Support for kubernetes-nmstate on Azure eBPF Manager [Tech Preview] ● The eBPF Manager (upstream: bpfman) is available as a technology preview to deploy and manage eBPF programs across the cluster including OpenShift components. This Operator works in tandem with the Ingress Node Firewall Operator. OVN Observability with Sampling Tech Preview ● Ability to correlate network flows with network policies ○ What Policy allowed that flow ? ○ What flows got dropped ? ○ Global statistics on Dropped and accepted traffic Reminder: openshift-sdn CNI plug-in Deprecated ● No longer available in 4.17 ● No new installs at 4.15+ ● Upgrades allowed to 4.16 ● Limited live migration and cold migration options Operator updates eBPF 61

Slide 59

Slide 59 text

What's New in OpenShift 4.17 Network Observability Operator v1.7 Product Managers: Marc Curry, Deepthi Dharwar Network Observability Operator ● New release: v1.7 ● OCP Virtualization support ● FIPS compliance ● Disconnected cluster support ● Open Telemetry support ● TCP Flags Filtering Capabilities ● Developer view with multi tenancy ● Enrichment in Packet capture via on-demand observability (Tech Preview) ● DNS tacking enhancements 62

Slide 60

Slide 60 text

What's New in OpenShift 4.17 Operator Framework 63

Slide 61

Slide 61 text

What's New in OpenShift 4.17 Easily Identify and Manage Deprecated Operators with the OpenShift Web Console Post-Installation Visibility: Clear representation of deprecated operators, channels, or versions within installed packages. 64 Pre-Installation warnings: Visual indicators in the console UI alert users to deprecated packages, channels, or versions. Operator Framework Product Manager: Tony Wu, Ali Mobrem Support Boundary Guidance: Recommendations on alternative packages, channels, or versions to maintain support.

Slide 62

Slide 62 text

What's New in OpenShift 4.17 65 Product Manager: Tony Wu OLM v1 Tech Preview - Phase 4 Next-generation OLM is getting closer to prime time with a safe, secure, and declarative experience. Avoid conflicts by ensuring only one ”ClusterExtension” API object manages specific resources. Operator Framework Enhance security with dedicated ServiceAccounts for installing and upgrading content, and protect catalog data using HTTPS encryption for catalogd webserver responses. Prevent data loss by detecting CustomResourceDefinition (CRD) schema changes. Clear Ownership Tightened Security Safe CRD Upgrades OLM v1 embeds Helm, enabling future native support for Helm chart-packaged content. Laying the Groundwork for Helm Chart Support

Slide 63

Slide 63 text

What's New in OpenShift 4.17 Storage 66

Slide 64

Slide 64 text

What's New in OpenShift 4.17 OpenShift Storage Product Manager: Ju Lim (speaking on behalf of Gregory Charot) CSI Operators Operator Migration Driver AWS EBS GA GA AWS EFS n/a GA Azure Disk GA GA Azure File GA GA Azure Stack Hub n/a GA GCE Disk GA GA GCP Filestore n/a GA IBM Cloud n/a GA RH-OSP Cinder GA GA RH-OSP Manila n/a GA vSphere GA GA SecretStore n/a TP SMB/CIFS n/a TP Operators & Drivers ● vSphere ○ Support for multi vCenters (Tech Preview) ○ Remove CSI driver & silence VPO alerts ● AWS EFS ○ CSI Usage Metric (opt-in) ● Azure File ○ Snapshot support (Tech Preview) ● GCP Filestore ○ Clean up resources after cluster deletion Misc ● SELinux Mount for RWO/RWX (Dev Preview) … 67

Slide 65

Slide 65 text

What's New in OpenShift 4.17 OpenShift Data Foundation 4.17 Out of the box support Block, File, Object, NFS Platforms AWS/Azure Google Cloud (GA) OpenShift Virtualization OSP (Tech Preview) Bare metal/IBM Z/Power VMWare 7,8 Thin/Thick IPI/UPI ARO (GA), ROSA HCP (GA*) with Self managed ODF IBM ROKS & Satellite - Managed ODF (GA) Any platform using agnostic deployment mode for self managed OpenShift deployments. Deployment modes Disconnected environment and Proxied environments 68 Product Manager: Ju Lim (speaking on behalf of Eran Tamir) ▸ Replica 2 for Block and FileSystem (RBD and CephFS) ▸ Capacity usage trend information ▸ Key rotation support for PV encryption ▸ Azure Key Vault support (GA) ▸ Object ● Enhanced replication mechanism ● Support for account replication across clusters ● Support for client Security Token Service

Slide 66

Slide 66 text

What's New in OpenShift 4.17 Telco 5G and Edge 69

Slide 67

Slide 67 text

What's New in OpenShift 4.17 Image Based Install (IBI) 70 Accelerate RAN vDU Installations on Single Node OpenShift Goals: ● Reduce the time it takes to finish new installations of DU-configured OpenShift deployments by utilizing existing Telecom pre-staging facilities What we plan to do: ● Replace existing installation procedure with an image-based installation procedure STEP 1 A seed-image generated from DU-configured Single Node OpenShift installation STEP 2 The seed-image is then installed to any number of Far Edge servers STEP 3 A Far Edge server is shipped to Far Edge site STEP 4 Image Based Install Operator and Lifecycle Agent Operator orchestrate site-specific configuration for the SNO STEP 5 Instantiate CNF Steps to install a DU-configured Single Node OpenShift using Image Based Install (IBI) Product Manager: Hari Rakotoranto (on behalf of Robert Love)

Slide 68

Slide 68 text

What's New in OpenShift 4.17 Red Hat Device Edge and MicroShift Red Hat Device Edge with MicroShift is a Kubernetes distribution derived from OpenShift designed for small form factor devices and edge computing. Product Manager: Daniel Fröhlich IPv6 support ● ingress/egress/pod2pod via IPv6 ● Single-Stack, Dual-Stack ● Enables usage scenarios that require IPv6 due to lack of IPv4 addresses Support for low latency workload ● Isolate cores for low latency workload pods ● Use workload partitioning to pin the control plane to reserved cores to avoid jitter ● Optionally use the realtime kernel ● Max latencies ≪50 µsec can be achieved ● Enables latency sensitive workload like live audio transcoding, software defined radios and similar. Tech Preview support for RHEL image mode ● Use container tooling to build an OCI image that includes the Operating System and MicroShift ● Use bootc to install those OCI images onto a system. ● Simplify CI/CD by leveraging same tools for workload and the operating system (e.g. an OCI container registry) Resource usage optimisation ● LVM Storage footprint reduction (less containers, less RAM) ● Deactivate CSI components if not needed 71

Slide 69

Slide 69 text

What's New in OpenShift 4.17 OpenShift AI 72

Slide 70

Slide 70 text

What's New in OpenShift 4.17 73 ● What’s New and What’s Next session for Red Hat AI tentatively planned for 5 November 2024 ● Plan to cover both RHEL AI and RHOAI in this session ● Will cover near-term roadmaps and highlights of recently added features ● Moving forward, plan to hold these sessions once per quarter What’s New and What’s Next for OpenShift AI Product Manager: Siamak Sadeghianfar (on behalf of Jeff DeMoss)

Slide 71

Slide 71 text

V0000000 linkedin.com/company/red-hat youtube.com/OpenShift facebook.com/redhatinc twitter.com/OpenShift 74 Thank you Guided demos of new features on a real cluster learn.openshift.com OpenShift info, documentation and more try.openshift.com OpenShift Commons: where users, partners, and contributors come together commons.openshift.org

Slide 72

Slide 72 text

What's New in OpenShift 4.17 Appendix 75