Upgrade to Pro — share decks privately, control downloads, hide ads and more …

What's Next In OpenShift (Q2 2024)

What's Next In OpenShift (Q2 2024)

What’s Next offers an overview of the direction, initiatives and exciting new use cases and features over a 6 to 18 months time horizon. These are heavily influenced by you our users, via formal and informal feedback, and also by market drivers and trends.

Watch our Product Management team deliver the update with awesome deep insights here: https://www.youtube.com/watch?v=0XMHPoyK58U

Red Hat Livestreaming

May 22, 2024
Tweet

More Decks by Red Hat Livestreaming

Other Decks in Technology

Transcript

  1. 2 Speakers Radek Vokal Ju Lim Sho Weimer Boaz Michaely

    Bala Chandrasekaran Hari Rakotoranto Jamie Longmuir Kirsten Newcomer
  2. Creating value depends on the ability to develop and deliver

    high-quality applications (and AI models) faster on any cloud Improve digital customer experience Mitigate risks Gain competitive advantage 3
  3. 4 The Challenges of enterprise technologists surveyed plan to modernize

    more than half of their legacy applications in the next 2 years. Source: The Newstack 80% 80% Application Modernization Rise of Generative AI of Enterprises will have deployed Generative AI-Enabled Applications by 2026 Source: Gartner 76% of organizations say the cognitive load is so high that it is a source of low productivity. Gartner predicts 75% of companies will establish platform teams for application delivery. Source: Salesforce Source: Gartner Developer Productivity Average annual increase in software supply chain attacks over the past three years. 45% of organizations will experience attacks. Is a matter of when, not if. Source: Sonatype 742% Software Supply Chain Security
  4. Trusted Comprehensive Consistent Container engine Application platform Across hybrid cloud

    Reduce Risk Improve Productivity Increase Flexibility You need an application platform that is…
  5. The Road Ahead 6 Manage at Scale Modernize Applications Modernize

    Infrastructure Multicluster management and governance Cloud Services Edge Platform, Application and Supply Chain Security Developer productivity AI/ML (OpenShift AI) Simplify app connectivity OpenShift Virtualization Appliance (Dell APEX, HPE Greenlake) OpenStack Services on OpenShift
  6. 2024 Application Services and Developer Launches Continue Red Hat innovation

    towards empowering Developers and Platform Engineers Pull/Merge Request Platform Engineers: “Developer’s Developer” Developers “Writing Code” • JBoss EAP 8 • Quarkus AI/Langchain support • OpenJDK Extended Lifecycle Support (ELS) • AMQ streams: KRaft GA, New Console UI • SSO/Keycloak: Multi-site replication • Next-gen API Management and App Connectivity • MTA: Developer Hub plugin Generative-AI integration • Podman Desktop: AI Studio, Bootable containers • RH Build of Camel: Visual tooling in VSCode • Developer Hub: Operator, Plugin Catalog, Orchestrator • Trusted Software Supply Chain: Trusted Profile Analyzer, Trusted Artifact Signer, Trusted Application Pipeline At Scale Desktop So they can develop, build, and manage AI enabled Apps from desktop to massive scale CONFIDENTIAL Red Hat associate and NDA partner use only, No further distribution Application Developer What’s New/Next April 24th Red Hat Application Foundations Red Hat Developer Services
  7. Accelerate Innovation that Safeguards User Trust Delivered with integrated security

    guardrails at every phase of the software development lifecycle 9 Compliance Management Threat Detection Images Containers Clusters Network Security Policies Release Gates Vulnerability Analysis Verified Pipelines Run & Monitor Build and deploy platform, pipeline and applications as-code to an auditable, declarative state that’s continuously monitored Tamper Proof Code: Digitally Sign & Verify | Immutable Certificate Authority | Keyless Signing | Transparent, Auditable Logs Deploy Build Code Software Composition Analysis Store/Query SBOMs and VEXs Dependency Management OSS Risk Profiles Curate trusted content at code-time, with an automated chain of trust that verifies pipeline compliance at build-time Standardize on security-focused golden paths for code that stays compliant with corporate security practices Application Placement Application Configuration Analysis Tech Preview *Note: Red Hat Trusted Application Pipeline is a single product SKU that includes RHDH, RHTAS, RHTPA. Red Hat Application Pipeline, Red Hat Trusted Artifact Signer, Red Hat Trusted Profile Analyzer are in service/technical preview
  8. What's Next in OpenShift Q2CY2024 AI and OpenShift 10 Deploy

    GPU nodes faster Faster deployments with NVIDIA GPU precompiled drivers Run isolated AI/ML workloads GPU support in OpenShift sandboxed containers via peer-pods Protect data in use Deploy AI apps in Confidential Containers to secure sensitive data Share GPUs for parallel workloads NVIDIA MPS GPU sharing in OpenShift Accelerate GenAI deployments anywhere Support custom models with NVIDIA NIM microservices in OpenShift Provide choice and flexibility A broad ecosystem of hardware accelerators with AMD, Intel, and more
  9. What's Next in OpenShift Q2CY2024 OpenShift AI MLOps platform for

    artificial intelligence/machine learning (AI/ML) use cases 11 MLOps ▸ Model registry ▸ Model serving runtimes ▸ Model monitoring metrics ▸ Auto scaling ▸ Canary rollouts ▸ SNO and RHDE support Platform and integrations ▸ AMD, Intel GPUs, NVIDIA Grace Hopper, and ARM GPUs ▸ Fractional GPUs ▸ Red Hat Developer Hub integration Model development ▸ VS Code, RStudio, local IDE integration ▸ Feature Store ▸ Data Science Projects UX enhancements ▸ Custom Notebooks UX enhancements GenAI ▸ LLM serving and tuning ▸ Enhanced job and quota management ▸ Enhanced tuning ▸ Distributed workloads Integration with Data Science Pipelines
  10. What's Next in OpenShift Q2CY2024 12 Flexibility Enterprise Networking and

    Storage Multi-cluster and Hybrid Cloud • Regional-DR and Metro-DR with ACM and ODF • Multi-cluster virtualization monitoring with ACM • Oracle Cloud Infrastructure Bare Metal • Additional Cloud integrations • Improve GPU utilization with GPU workload support in hosted clusters • Manage static IPs and outbound connections with IPAM and Egress OVN-K secondary overlay networks. • Optimize storage lifecycle with storage class migration (TP) OpenShift Virtualization Modern infrastructure with proven KVM virtualization • Seamlessly scale workloads with CPU and memory hot-add • Increased workloads density using memory overscribe • Optimize and balance clusters with descheduler
  11. What's Next in OpenShift Q2CY2024 VM VM 0 1 2

    VM VM VMware vSphere VM VM Red Hat OpenShift Virtualization Discover & Analyze Automate & Orchestrate Existing Steadystate Migrate Red Hat OpenStack Platform Migration Toolkit for Virtualization Day-2 Operations & Ongoing Management B Comput e Network Storage Public Cloud V M V M V M V M Nutanix Move Nutanix AHV VM D OpenStack Migration Hyperscaler Migration A C Network Compute Alternative hosting options ITSM e.g. ServiceNow Events e.g. Kafka, Prometheus, Dynatrace Ansible Automation Platform 0 Evaluate and scope Evaluate the existing data center setup Migrate Use MTV to migrate virtual machines to Openshift VIrtualization. Ansible helps automate orchestrate as needed. Red Hat Steadystate VMs are now hosted on OpenShift Virtualization alongside container workloads. Ansible Automation Platform handle day two operations. 1 2 A Migration factory from Day-0 to Day-2 with Ansible automation OpenShift Virtualization An easy transition to a Modern Virtualization Infrastructure
  12. Cloud services Red Hat OpenShift Cloud Services Azure Red Hat

    OpenShift (ARO) 1. Managed Identities 2. Hosted Control Planes 3. Azure Lockbox Enhancements 4. Expanded cluster sizes for public clusters 5. Cluster wide proxy on existing ARO clusters 6. Expanded regions (Taiwan) and instance types (ARM) Red Hat OpenShift Service on AWS (ROSA) 1. Install preferred CNI in place of OVN 2. Cross-account API Server Private Link access 3. Support up to 500 nodes in HCP clusters 4. ROSA clusters with no public internet egress 5. Terraform Provider for ROSA with HCP 6. AWS Graviton support for HCP Machine pools
  13. Cloud services Red Hat OpenShift Cloud Services OpenShift Dedicated -

    Google Cloud 1. Private Service Connect 2. Workload Identity Federation 3. Region expansion (Madrid, Turin, Milan, Chile, Doha, Dammam) 4. Support for E2, N2, C2, M3 standard GCP machines 5. Support for GPU-enabled A2 instances
  14. Cloud services H2 2023 H1 2024 H2 2024 2025 Cloud

    Service Free Trial ACS CS launches a 60 days no cost trial. General Availability No changes in the product other than a marketing announcement AND a Red Hat commitment to the product moving forward. Compliance & Regions Added PCI-DSS 4.0 support APAC Availability Industry standard compliance FedRAMP Local regularity Additional POP The ACS Cloud Service timeline Where we are going Limited Availability ACS launched at Summit in Limited availability. Although the product is ready for consumption we will GA when we have more customer buy-in.
  15. What's Next in OpenShift Q2CY2024 19 Builds for OpenShift New

    ways to build Buildpacks UX • Buildpacks build strategy GA • UBI Buildpacks for Node.js and Quarkus • Build on Git events • Multi-arch build strategy • Expanding community build strategies • Improve access to RHEL entitlements • Enhance installation experience • Additional CLI use-cases • Migration guide form BuildConfigs
  16. 20 Workloads and Developer Experiences No more pull secrets: ease

    developer onboarding and strengthen security with identity trust between OCP and Quay Comprehensive standards support - Consistent security Referrers API connects SBOMs and Signatures with images and artifacts for standardized discovery and retrieval Red Hat Quay OCI 1.1 Keyless authentication Organization Robot Account Quay User Service Account OpenShift User OIDC provider Trust OCI 1.1 specification
  17. What's Next in OpenShift Q2CY2024 21 Operator Framework Empowering your

    cloud-native journey with a next-generation operator management experience. • Centralized management: Manage a wider ecosystem of operators, including Helm charts, for streamlined deployments. • Rich catalog visibility: Gain in-depth insights into packages (e.g., versions, channels, and deprecation) for informed decision-making. • Accurate infrastructure features: Operators in the catalog are clearly annotated with the infrastructure features they support. • Subscription requirements defined: Easily identify operators eligible for use within your subscription, ensuring compliance with entitlement. Trusted Deployments Comprehensive Management • Predictable deployments: Declarative management with continuous reconciliation ensures reliable deployments across your infrastructures. • Auto update with focus: Granular control over operator updates ensures stability and security. Consistent Rollouts Trusted Comprehensive Consistent
  18. What's Next in OpenShift Q2CY2024 22 OpenShift ServiceMesh Trusted Container

    engine Reduce Risk Comprehensive Consistent Application platform Across hybrid cloud Improve Productivity Increase Flexibility • OpenShift Service Mesh 3 will be based on community Istio rather than the midstream Maistra project. • Technology preview targeted for early Q3 and GA by late 2024. • Expanded multi-cluster support with Istio multi-primary and primary-remote support • Dual-Stack IPv4/IPv6 support • Support for off-Kubernetes workloads for 2025 • Provides critical security, visibility and traffic management for your application platform. • OpenShift integrations in the works: ◦ OpenShift Ingress w/ Gateway API ◦ Argo Rollouts for progressive delivery ◦ Cert-Manager isto-csr support ◦ Red Hat Developer Hub (Backstage) integration
  19. What's next in OpenShift Q2 2024 23 OpenShift GitOps •

    Small footprint GitOps for MicroShift GA • Apps in any namespace GA • Source verification policies TP • FIPS Support • Argo Rollouts GA • Multiple Sources GA • Single-cluster and multi-cluster scalability improvements Use GitOps where you need it Reducing risk in deployments Meet your developer teams where they are Trusted Comprehensive Consistent Reduce Risk Improve Productivity Increase Flexibility
  20. What's Next in OpenShift Q2CY2024 24 OpenShift Pipelines Trusted Container

    engine Reduce Risk Comprehensive Consistent Application platform Across hybrid cloud Improve Productivity Increase Flexibility • Red Hat Tekton Catalog GA • Adding sane defaults to Tekton Chains • Tekton Chains better integration with Red Hat Trusted Artifact Signer • Tekton support for Windows nodes • Tekton performance improvements with enabling HA of various tekton controllers and better reconciler and controller based pruner • Multi cluster Tekton with Pipelines As Code • Pipelines As Code enhancements ◦ Support for triggering pipeline runs via chatops commands ◦ Custom .tekton/ Resolver Service ◦ Advanced concurrency control • Caching with stepActions in Tekton • Pipelines in Pipelines GA • Manual Approval custom task and console integration GA
  21. What's Next in OpenShift Q2CY2024 25 OpenShift Serverless Trusted Container

    engine Reduce Risk Comprehensive Consistent Application platform Across hybrid cloud Improve Productivity Increase Flexibility • End to End encryption for internal and external services • Eventing authentication and authorization • OpenShift AI foundation • Seamless Developer Experience for apps creation and deployment through DevConsole, CLI and IDE • OpenShift Serverless for Edge • Serverless for Arm architecture • Serverless performance and scaling • Integration with other platform features - Cert Operator, Gateway API, BackStage • Function template- Python for AI and Wasm(DP) • Function and Eventing integration for event driven apps • Buildpacks for building functions • Serverless logic GA for orchestration of services and events
  22. What's Next in OpenShift Q2CY2024 Installation, Updates, and Provider Integration

    27 ▸ Add new clouds and platforms ▸ Add new regions ▸ Multiple architectures ▸ Enable third party integrations ▸ Hosted Control Planes ▸ Composable installation ▸ New capabilities ▸ More flexibility Installation Updates Platforms Enable Hybrid Cloud Optimize onboarding Mitigate risk ▸ Improve update user experience ▸ Z-stream rollback ▸ Disconnected update optimizations Core platform
  23. What's Next in OpenShift Q2CY2024 28 Cloud ▸ BYO IAM

    instance profile on AWS while deploying OpenShift ▸ External DNS for AWS ▸ Custom IPv4 subnets for BYO VPC deployment ▸ Dual stack support ▸ Tokenized auth enablement for OLM operators ▸ External DNS for Azure ▸ NAT Gateway as outboundType support ▸ Confidential VMs on Azure ▸ In-place migration to Azure AD Workload Identity ▸ Azure File CSI cloning support ▸ Dual stack support ▸ Tokenized auth enablement for OLM operators ▸ BYO shared VPC with BYO hosted zone in GCP ▸ Custom tags on GCP ▸ Private Google Access to GCP endpoints ▸ Dual stack support ▸ Tokenized auth enablement for OLM operators ▸ Oracle Cloud Infrastructure (VM and bare metal) ▸ OpenShift Virtualization on Oracle Cloud Infrastructure with bare metal ▸ Simplify add nodes on day 2 with Agent-based Installer ▸ Oracle Private Cloud Appliance ▸ Oracle Compute Cloud @ Customer Consistency Across the Hybrid Cloud
  24. What's Next in OpenShift Q2CY2024 Consistency Across the Hybrid Cloud

    29 On-premises ▸ BMC address modification post installation ▸ Hardware RAID support via Redfish ▸ BareMetalHost with self-signed CA certs for BMCs ▸ Attach non-bootable ISO ▸ Simplify add nodes on day 2 with Agent-based Installer ▸ OpenShift Appliance enablement ▸ Static IP assignment ▸ Restricted network deployments with Agent-based Installer ▸ Flow Virtual Networking support ▸ Simplify add nodes on day 2 with Agent-based Installer ▸ SDN to OVN-K migration ▸ Multi-vCenter clusters ▸ Set optional tags to machines in vSphere ▸ Add ControlPlane MachineSet for vSphere ▸ Static IP assignment ▸ Support SNO from IPI and ACM on vSphere ▸ Simplify add nodes on day 2 with Agent-based Installer ▸ Make max vSphere snapshot per volume configurable ▸ ShiftonStack on Red Hat OpenStack Services on OpenShift (RHOSO) architecture ▸ RHOSO multi cluster resource orchestration ▸ RHOSO multi-Openstack deployments ▸ PowerVS support (IPI installation) ▸ Hosted control planes: x86 control plane for compute nodes on IBM Power and IBM Z ▸ Agent-based Installer for IBM Power and zSystems ▸ Assisted Installer for z/VM Bare Metal IBM Power Systems and IBM LinuxONE
  25. What's Next in OpenShift Q2CY2024 30 Hosted Control Planes (HCP)

    ▸ Self-managed HCP on AWS ▸ Arm control-plane with x86 data-plane on AWS ▸ Self-managed HCP on Azure (Preview) ▸ IBM Power/Z support for HCP using the Agent provider ▸ Automated etcd snapshot management ▸ CSI RWX block and snapshot support for HCP on OpenShift Virtualization Storage ▸ CIFS CSI ▸ ReadWriteOnce Pod Access mode ▸ VolumeGroup Snapshot API ▸ Azure File CSI cloning support ▸ Secret Store CSI ▸ PV last phase transition time Core ▸ Custom RHCOS boot images ▸ Minimize workload disruption ▸ Swap support for containers ▸ In-place pod update ▸ In-place Vertical Pod Autoscaler update ▸ Machine API to Cluster API migration Autoscaling ▸ Cluster scaling with priority expander and least-waste expander ▸ Scale nodes with Karpenter ▸ Multi dimensional pod autoscaler to scale workloads Hosted Control Planes and the Core Platform
  26. What's Next in OpenShift Q2CY2024 Scalability and Resilience ▸ Cluster

    hibernation for up to 6 month ▸ Optimizations for recoverability of the control-plane • Control-plane recovery on expired certificates • Automated backup of etcd database (BackupAPI) ▸ Optimizations for scalability • Selectable etcd database sizes ▸ Optimizations for bare metal stretched control plane • Selectable etcd latency profiles • 4-nodes and 5-nodes control-planes ▸ Support external KMS provider 31
  27. What's Next in OpenShift Q2CY2024 Trusted and Secure Platform ▸

    Bring Your Own external OIDC for seamless multi-cloud authentication ▸ Pod Security Admission Integration - Restricted Enforcement ▸ User namespace support ▸ Kube-KMS support ▸ Cert-Manager enhancements - Route support, additional issuer support (NCM, RHCS), Gateway API Support ▸ Secret Store CSI Driver - Support for Vault and GCP Testing, GA with Cloud Secret Store CSI Providers ▸ SigStore toolchain to sign and verify signed artifacts in OpenShift ▸ Confidential computing enhancements 32
  28. What's Next in OpenShift Q2CY2024 34 Support seamless integration between

    Red Hat OpenShift Networking’s cluster network (OVN-Kubernetes) and customer external networks, along with targeted networking solutions that cross over that boundary. First-focus (CY2024) Feature Development: • VRF Support • Subnet per namespace w/ overlapping subnets • BGP + EVPN OpenShift Core Networking Roadmap Universal Connectivity
  29. What's Next in OpenShift Q2CY2024 OpenShift Core Networking Roadmap Networking

    - bpfman 35 eBPF program gatekeeper and manager ▸ bpfman ・ Provides insights on eBPF utilization ・ Ensures secure deployment of eBPF applications ・ eBPF Program Loader ・ eBPF Filesystem Management ▸ Will integrate with all current and future Red Hat internal eBPF implementations: ・ OpenShift Advanced Cluster Security (ACS) ・ Ingress Node Firewall ・ Network Observability Operator ▸ Targeting: ・ Developer Preview at OpenShift 4.16 ・ Technical Preview at OpenShift 4.17 ・ Full support at Openshift 4.18
  30. What's Next in OpenShift Q2CY2024 OpenShift Core Networking Roadmap Network

    Observability 36 ▸ Multi-cluster enablement ▸ Metrics API GA ▸ OpenShift AI deployment-specific metrics ▸ netobserv-cli ▸ eBPF enhancements (modern TCx hook in latest kernel & RHEL 9.4) ▸ Infrastructure Observability (OVN internals, visualizing VIPs, LBs, etc) ▸ loki-Disabled observability enhancements ▸ Packet tracing and IPsec / mTLS ▸ Kubernetes “Ingress v2” ▸ Optional enablement (HAProxy is default) ▸ Expressive, portable, and extensible API ▸ Role-based configuration layers ▸ Simplified configuration ▸ Enhanced scalability ▸ Advanced traffic management ▸ Increased security ▸ More information Next-gen Ingress and Network Observability OpenShift router ➔ Istio HAProxy ➔ Envoy IngressController ➔ Gateway Route ➔ HTTPRoute Ingress Component Analogs
  31. What's Next in OpenShift Q2CY2024 Observability Roadmap 37 Custom dashboards

    w/ Perses (OCP) Tracing UI (OCP) Troubleshooting side-panel (OCP) OpenTelemetry dashboard (OCP) Multicluster Observability addon for ACM (choose your preferred signal) Distributed tracing (ACM) Alerting UI (ACM) Visualize for Single cluster & Fleet OpenTelemetry collection for Edge Expand OTel capabilities (filelog, hostmetrics, k8sreceivers…) Complete migration from EFK to loki/vector Vector&Loki support for OpenTelemetry Tempo monolithic deployment (no 3rd party dependency) Cluster Observability Operator - single and simple way to enable observability stack Power Monitoring RedFish support Collect, Store & Aggregate Troubleshooting Experience - new features for incident detection & observability signal correlation (OCP) Right-sizing (ACM) Analyze Red Hat Observability Platform redhat.com/observability ▸ Building blocks - for collecting, storing, and delivering relevant signals for our customers ▸ Analytics solutions to troubleshoot faster no matter the number of clusters to be managed ▸ Single-pane-of-glass for Observability no matter the number of clusters to be managed ▸ Solution focused guidance across Red Hat and 3rd party products
  32. What's Next in OpenShift Q2CY2024 38 Observability for EDGE 38

    Red Hat Observability Platform OpenTelemetry based monitoring Using OpenTelemetry for Edge devices enables: ▸ Tech agnosticity: Prometheus? OTLP? Jaeger? Syslog? Journald? → The Red Hat build of OpenTelemetry can handle it! ▸ Easily managed and maintained with a configuration file ▸ Lightweight. No local storage needed ▸ Local cache for disconnections ▸ Extensible ▸ Easily integrated with other platforms ▸ OpenShift Commons: ABB Case Study
  33. What's Next in OpenShift Q2CY2024 39 Advisor - Predicting risks,

    recommending actions - Leveraging Red Hat experience with running/supporting OpenShift Coming soon (Q2 2024 features) ▸ Workload recommendations - Best practices for your deployments ▸ Update risks aggregated view Cost Management - Helps you visualize and distribute Red Hat OpenShift and cloud costs and into meaningful items. - Cost visibility and allocation - Cost models enable flexible cost distribution Coming soon (Q2-Q3 2024 features ) ▸ Itemized cost of cloud resources (VMs, storage, databases, ..) ▸ OpenShift AI support: cost of GPU, GPU rightsizing ▸ Excel and Power BI sample reports ▸ (More) Resource optimization - Namespace-level recommendations, custom timeframe ▸ Red Hat Developer Hub plugin Red Hat Observability Platform Observability connected Insights services for OpenShift available now!
  34. What's Next in OpenShift Q2CY2024 Networking & Observability AI Workloads

    and AI-Powered 40 ▸ Support the specific networking behavior, configurability and observability required for common AI workload ▸ AI hardware (e.g. GPU, HPU) enablement ・ OpenShift AI-certified partner solution integrations, SR-IOV for Arm ・ Resource optimizations, capacity planning ▸ Based on specific industry’s workload needs ・ for example, high-throughput between GPUs, multiple networks ▸ OTEL instrumentation, resource optimization, cost management ▸ Develop prompts to simplify networking complexity ・ e.g. “human language” to generate YAML (and the reverse operation) ▸ Tailored recommendations AI-Optimized Infra OpenShift Lightspeed Observability & Networking for AI
  35. V0000000 42 Provide a controlled rollout of policy configuration changes

    across a fleet of clusters. Application Disaster Recovery Policy Progressive Rollouts Expanded disaster recovery scenarios involving non-GitOps based applications and OpenShift Virtualization based VMs. Policy Violation History Track the policy violation history for policies across the fleet. Red Hat Advanced Cluster Management What’s Next - Red Hat Advanced Cluster Management
  36. Red Hat Advanced Cluster Management Integration with Managed OpenShift ROSA

    & ARO lifecycle management & automatic import. Fleet Management at the Edge RHDE lifecycle management and observability. Advanced Management of Hosted Control Planes Observability, migration, and disaster recovery. 43 What’s Next - Red Hat Advanced Cluster Management
  37. Build Secure supply chain Deploy Secure infrastructure Run Secure workloads

    Policy engine API Security Policy Guardrails Compliance Vulnerability Management Threat Detection and Response Network Segmentation Risk Profiling 44 Red Hat Advanced Cluster Security Security across the entire application lifecycle
  38. Vulnerability Management ▸ Unified image scanner for ACS and Quay

    ・ Consistent reporting across products ・ ACS gains Golang and additional OS support ・ Adopt OSV.dev for language vulnerabilities ▸ Remediation guidance ・ Inform when Red Hat updates images ・ Adopt CSAF-VEX format ▸ Highlight known exploited vulnerabilities Developer local image scanning ▸ Scan images before pushing to registry ▸ Within IDE or using CLI 45 Red Hat Advanced Cluster Security for Kubernetes Supply Chain Security & Compliance ▸ Configure, schedule and run Compliance Operator Infrastructure scan from ACS ▸ Review and export compliance operator scan results ▸ Build tailored profile ▸ Remediation ▸ New and Updated Benchmarks ◦ OpenShift profiles for PCI-DSS 4.0, CIS Openshift 1.5 Expanded Compliance in ACS SBOM (Software Bill Of Materials) ▸ Map SBOMs to vulnerabilities ◦ Import SBOMs ◦ Generate SBOMs from your images and export
  39. • Simplify GitOps approach to managing ACS policies • ArgoCD

    and other GitOps tools Policy as code • Customization of risk factors • Visibility of Risk priority Deployment Risk Model 46 Policy, Risk Management and Runtime Red Hat Advanced Cluster Security for Kubernetes • Visualize and identify traffic: ◦ Between secured clusters ◦ Incoming/outgoing traffic Network Graph external traffic • Limit runtime events only to specific namespaces • Enable/disable runtime specific types of events Scoped runtime analysis
  40. Red Hat Advanced Cluster Security for Kubernetes Multitenancy, seamless integrations,

    extended platform support Image verifications with better Key management Support for integration with KMS and Red Hat Trusted Artifact Signer Mapping ACS and OCP/K8s RBAC Seamlessly map RBAC from existing OCP/K8s clusters into ACS Scoped Access aligned with Multi-cluster RBAC Scope and Filter resources based on Multi-tenancy requirements in a multi-cloud ACS deployment Short-lived token for Machine<>Machine access ACS Central will provide short-lived OIDC tokens for machine access • Consolidate Arm 64 architecture across the portfolio; Arm secured cluster support Secured clusters for Edge deployments • Red Hat Device Edge
  41. OpenShift for Telco and Edge 48 Edge computing with Red

    Hat OpenShift What’s Next in OpenShift Q4CY2023
  42. What's Next in OpenShift Q2CY2024 Red Hat Device Edge and

    MicroShift Edge Management Lightweight gitops in pull mode Observability with OTel Improved integration with AAP, ACM and ACS Extend Capabilities Multus IPV6 Low latency workload MicroShift Compliance ISA 62443 compliance Custom CA support Cert-manager Configurable ingress Consistent management More edge use cases Secure the edge EDGE
  43. What's Next in OpenShift Q2CY2024 Single Node OpenShift Make more

    cluster capabilities optional Optimize resource usage Goal: 1 core control plane Continue footprint reduction Minimize Deployment Time Make SNO relocatable using an image based approach Improve installation and upgrade time by using an A/B image based approach Support quick rollbacks More resources available for workload Faster edge rollouts C W EDGE
  44. What's Next in OpenShift Q2CY2024 Image Based Install (IBI) 51

    Accelerate RAN vDU Installations on Single Node OpenShift Goals: • Reduce the time it takes to finish new installations of DU-configured OpenShift deployments by utilizing existing Telecom pre-staging facilities What we plan to do: • Replace existing installation procedure with an image-based installation procedure STEP 1 A seed-image generated from DU-configured Single Node OpenShift installation STEP 2 A Single Node OpenShift is installed to a template SNO, using the seed-image. This template image can then be copied to storage on any number of new Far Edge servers STEP 3 A Far Edge server is shipped to Far Edge site, racked cabled and booted STEP 4 Image Based Install Operator and Lifecycle Agent Operator orchestrate site-specific configuration for the SNO STEP 5 Reboot to updated OpenShift version, finalize install and instantiate CNF Steps to install a DU-configured Single Node OpenShift using Image Based Install (IBI) In Design/Development; Developer Preview with OCP 4.16
  45. What's Next in OpenShift Q2CY2024 Goals: • Reduce service downtime

    when hardware has failed and is replaced Image Based Break+Fix (IBBF) 52 Accelerate RAN vDU Hardware Replacement on Single Node OpenShift What we plan to do: • Combine image-based installation procedure and backup/restore from image based upgrade to define new Break+Fix procedure Steps to replace hardware for a DU-configured Single Node OpenShift using Image Based Break+Fix (IBBF) Product Manager: Robert Love In Design; Stretch Goal to deliver Developer Preview with OCP 4.16 STEP 1 seed-image generated from DU-configured Single Node OpenShift installation STEP 2 seed-image made bootable and copied to storage on new Far Edge server STEP 3 Far Edge server shipped to Far Edge site, racked cabled and booted STEP 4 Image Based Install Operator and Lifecycle Agent Operator restore the CNF kubernetes artifacts and orchestrate site-specific configuration for the SNO STEP 5 Reboot to updated OpenShift version, finalize install and instantiate CNF STEP 0 Regular, Operator-driven, backups of CNF kubernetes artifacts to off-node s3 storage
  46. What's Next in OpenShift Q2CY2024 53 Telco • O2-IMS inventory

    - ongoing • O2-IMS monitoring (alerts) - ongoing • O2-IMS monitoring (metrics) (*) • O2-IMS provisioning (*) • O2-IMS lifecycle (*) O2-IMS Interface Implementation • Partnership with Hardware vendors and NEPs to deliver a pre-integrated O-Cloud/RAN and address the main RAN challenges (TTM, operational efficiency, etc.) Continued Cooperation with HW Vendors and NEPs Standardised Telco Cloud for RAN O-RAN & O-Cloud pre-integrated • Influence O-RAN to implement an intent-based API for O-RAN interface and follow the K8s declarative paradigm • O-RAN-SC contribution to deliver a reference O-Cloud deployments Continued Involvement in O-RAN WG6, WG11 and O-RAN SC Cloud Native practices in modern Telco (*) - Depends on the O2-IMS API specifications readiness O-RAN/O-Cloud as a part of Red Hat solution for Telco
  47. What's Next in OpenShift Q2CY2024 54 Telco New schedulable entity,

    beyond CPUs, memory: network bandwidth (*) new pod request: • 8 CPUs • 32 GB of memory • 10 Gbps BW (*) 25Gbps Pod A 10 Gbps BW Pod B 10 Gbps BW available: • 44 CPUs • 120 GB RAM • 5Gbps BW Node0 25Gbps Pod C 5 Gbps BW Pod D 5 Gbps BW available: • 44 CPUs • 120 GB RAM • 15Gbps BW Node1 Kubernetes scheduler
  48. Thank you for joining! 55 Guided demos of new features

    on a real cluster learn.openshift.com OpenShift info, documentation and more try.openshift.com OpenShift Commons: Where users, partners, and contributors come together commons.openshift.org What’s New and What’s Next red.ht/whatsnew