What's Next in OpenShift (Q2 CY2023)

Transcript

1. What’s Next in OpenShift Q2CY2023 OpenShift Product Management 1 View

   the recording at: https://www.youtube.com/live/fa-3uKYS5CU Previous sessions: https://red.ht/nextandnew

2. Red Hat Enterprise Linux Red Hat OpenShift Taking a hybrid

   cloud approach Management and automation systems Private cloud Virtual Public cloud Bare metal Edge Development tools Traditional N-tier apps Cloud-native microservices Data, analytics, and AI/ML ISV packaged apps

3. What's Next in OpenShift Q2CY2023 IDC Survey of 200 US-based

   $1B companies actively using two or more “infrastructure clouds” for production applications 81% Challenges with Hybrid Cloud Management 3 Source: IDC Multicloud Management Survey, 2019: Special Study, Doc # US45020919, April 2019 *IDC Survey of 200 US-based $1B companies actively using two or more “infrastructure clouds” for production applications As organizations deploy more clusters across multiple clouds, new challenges arise. ▸ Difficult and error prone to manage at scale ▸ Inconsistent security controls across environments ▸ Overwhelming to verify components, configurations, policies, and compliance Using multiple infrastructure clouds* 93% Using multiple public clouds and one or more private/dedicated clouds*

4. What's Next in OpenShift Q2CY2023 Reality of enterprise IT environments

   Mixed infrastructure environments, diverse app portfolios, & limited automation Source: Red Hat detail. “The State of Enterprise Open Source,” Feb. 2021. People & Processes Applications Cloud-native and microservices AI/ML Analytics Serverless Infrastructure Bare metal Virtualization Edge Private cloud Public cloud Java™ .Net ISV Developer tools Pipeline and processes People and policies The right skills

5. CONFIDENTIAL designator What's Next in OpenShift Q2CY2023 • Service mesh

   | Serverless • Builds | CI/CD pipelines • GitOps | Distributed Tracing • Log management • Cost management • Languages and runtimes • API management • Integration • Messaging • Process automation • Databases | Cache • Data ingest and preparation • Data analytics • AI/ML • Developer CLI • Kubernetes-native IDE • Kubernetes on laptop • Plugins and extensions Developer services Developer productivity Kubernetes cluster services Install | Over-the-air updates | Networking | Ingress | Storage | Monitoring | Log forwarding | Registry | Authorization | Containers | VMs | Operators | Helm Linux (container host operating system) Kubernetes (orchestration) Physical Virtual Private cloud Public cloud Edge Cluster security Global registry Multicluster management Data services* Data-driven insights Application services* Build cloud-native apps Platform services Manage workloads * Red Hat OpenShift® includes supported runtimes for popular languages/frameworks/databases. Additional capabilities listed are from the Red Hat Application Services and Red Hat Data Services portfolios. ** Disaster recovery, volume and multicloud encryption, key management service, and support for multiple clusters and off-cluster workloads requires OpenShift Data Foundation Advanced Observability | Discovery | Policy | Compliance | Configuration | Workloads Image management | Security scanning | Geo-replication Mirroring | Image builds Declarative security | Container vulnerability management | Network segmentation | Threat detection and response RWO, RWX, Object | Efficiency | Performance | Security | Backup | DR Multicloud gateway Cluster data management 5 Red Hat Hybrid Cloud Platform

6. What's Next in OpenShift Q2CY2023 6 Red Hat OpenShift Available

   as self-managed platform or fully managed cloud service Red Hat OpenShift Dedicated2 Red Hat OpenShift service on Amazon Web Services1 Microsoft Azure Red Hat OpenShift Red Hat OpenShift on IBM Cloud1 Managed Red Hat OpenShift services Self-managed Red Hat OpenShift On public cloud, or on-premises on physical or virtual infrastructure3 Source: 2 Red Hat managed service running on user-supplied GCP infrastructure 3 See docs.openshift.com for supported infrastructure options and configurations Start quickly, we manage it for you Cloud managed You manage it, for control and flexibility Customer managed

7. Software supply chain security 7 Edge computing with Red Hat

   OpenShift What’s Next in OpenShift Q2CY2023

8. What's Next in OpenShift Q2CY2023 Software supply chain attacks: a

   matter of when, not if Ransom paid but a mere fraction to the overall downtime and recovery costs of a data breach Red Hat Trusted Software Supply Chain 742% 45% 1 in 5 average annual increase in software supply chain attacks over the past 3 years1 of organizations worldwide will experience supply chain attacks by 20252 data breaches are due to a software supply chain compromise3 71% YoY increase in cost of average ransom payment4 [1] State of the Software Supply Chain | [2] 7 Top Trends in Cybersecurity for 2022 | [3] Cost of a Data Breach 2022 - IBM Report | [4] Average Ransom Payment Up 71% This Year, Approaches $1 Million |

9. 9 Source: https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ Sec. 2. Removing Barriers to Sharing Threat

   Information. (vii) providing a purchaser a Software Bill of Materials (SBOM) for each product directly or by publishing it on a public website; Sec. 2. Removing Barriers to Sharing Threat Information. (f) Within 60 days of the date of this order, the Secretary of Commerce, in coordination with the Assistant Secretary for Communications and Information and the Administrator of the National Telecommunications and Information Administration, shall publish minimum elements for an SBOM. Software supply chain security Executive Order on Improving The Nation’s Cybersecurity May 12, 2021

10. What's Next in OpenShift Q2CY2023 10 Software Supply Chain Security

    with Openshift Supply Chain Security Development Staging Production > > Build Test Quality Security Signing Provenance Compliance Continuous Delivery Productivity

11. What's Next in OpenShift Q2CY2023 ▸ Pipelines As Code •

    Integration with Enterprise Contract policy and Tekton Chains • Validation of signatures on PR ▸ Security tasks/pipelines hosting with Red Hat Tekton Catalog ▸ Leverage k8s User Namespace to mitigate running PipelineRuns with elevated privileges Product Manager: Koustav Saha, Harriet Lawrence ▸ Tenant isolation ▸ Certificate management improvements ▸ ESO and SSCSID integration evaluation ▸ Manifest signing support CI/CD & GitOps OpenShift Pipelines OpenShift GitOps 11

12. What's Next in OpenShift Q2CY2023 12 Red Hat Quay &

    Quay.io Hybrid Cloud and OpenShift Platform Plus Product Manager: Daniel Messer, Quiana Berry Increased CVE reporting coverage Support for NodeJS, RubyGem and Golang via Quay’s static security analysis of container images (Clair) adopting OSV.dev Richer and more accurate CVE findings CSAF and VEX support in Clair Security artifacts linked to images Linking SBOMs, attestations and signatures to registry images for easy discovery and mirroring via OCI 1.1 (referrers API) Integration into Trusted Application Pipelines RHTAP customers and users will have their own place in Quay.io

13. 13 Red Hat Trusted Application Pipeline (RHTAP) ▸ Secure, SLSA

    level 3 container application builds in minutes ▸ Signed attestations generated by Tekton Chains ▸ Auto-generated Software-Bill-of-Materials (SBOM) ▸ Automated QE testing with Github integration ▸ Gitops powered deployment with no gitops experience necessary ▸ Policy-as-code features provide security guardrails across pipelines Hybrid Cloud and OpenShift Platform Plus Try now: https://red.ht/trusted Build Image Scanning Deployment Gates Artifact Building Image Building New

14. What's Next in OpenShift Q2CY2023 14 Near term • Self

    service workspace creation, user management and RBAC • Support for building and testing operators • User can add more environments • Control for promotion order and strategy between environments • Easier setup from bring-your-own-cluster environments Longer Term • Explore single-tenant deployments • More language support for hermetic builds • Advanced release strategies (blue/green, canary deployments, etc.) RHTAP Roadmap on Supply Chain Security

15. 15 Red Hat Advanced Cluster Security Cloud Service (RHACSCS) Integration

    into Red Hat Trusted Application Pipeline (RHTAP) ▸ Scan images with RHACS OpenShift Pipelines (Tekton) tasks ▸ Detect and respond to suspicious activity at runtime ▸ Runtime vulnerability scanning and management ▸ Audit for compliance across hundreds of controls ▸ Expedite incident response to reduce down times ▸ Visualize allowed versus active network traffic Hybrid Cloud and OpenShift Platform Plus Build Monitor Image Scanning Deployment Gates Artifact Building Image Building OSS Risk Profiles Images Containers Clusters Network Protecting cloud-native apps across full lifecycle - Build, Deploy & Run New

16. Multicluster management, governance and security 16 Edge computing with Red

    Hat OpenShift What’s Next in OpenShift Q2CY2023

17. What's Next in OpenShift Q2CY2023 Enhancements in workload right-sizing and

    fine-grained RBAC provide platform engineers with the necessary tools to reduce cap-ex and quickly deliver new dev-ex. 17 Red Hat Advanced Cluster Management Use policies to harden cluster security. Store compliance history. Advanced features with templatized policies and progressive policy rollouts. Governance Consistency at scale for edge use cases across all verticals from telco to retail, industrial, and healthcare. Leverage API/ CLI/UI methods to standardize cluster and application lifecycle everywhere. Scale Observability Product Manager: Jeff Brent, Bradd Weidenbenner, Sho Weimer, Scott Berens, Christian Stark Protect your investment Embrace growth Unified Kubernetes experience

18. Fleet Observability and Governance Red Hat Advanced Cluster Management for

    Kubernetes 18 Fleet Observability supports app developers, central operations and platform engineering teams delivering across a variety of needs: • Application Developer: needs Fine-grained RBAC • Platform Engineering: needs Capacity Management • Central Operations: needs Fleet Alert Trends • Global Hub: Aggregate management cross domains Product Manager: Jeff Brent, Bradd Weidenbenner, Sho Weimer, Scott Berens, Christian Stark Fleet Governance incorporates security compliance and enforcement across clusters: • Advanced Compliance History for policies • Tighter integration with TALM for selective policy enforcement in high scale fleet management • Enhanced policy based OLM Integration • Out of the box policies for the OpenShift Security Guide

19. What's Next in OpenShift Q2CY2023 19 Red Hat Advanced Cluster

    Security for Kubernetes • Vulnerability scanning support for images stored in mirror registries to support OpenShift customers using mirror registries, mostly in air-gapped environments • One consolidated Clair v4 scanner across Red Hat products (ACS & Quay) ensures accurate and consistent scan results. • Mapping OCP to ACS RBAC Supporting direct mapping of RBAC from OCP into ACS for faster user onboarding • Reuse collections defined across the platform in views and filters. Unified Experience Increase Return on Investment Hybrid Cloud and OpenShift Platform Plus Product Managers: Shubha Badve, Doron Caspin, Boaz Michael, Kirsten Newcomer, Maria Simon Marcos Anjali Telang

20. What's Next in OpenShift Q2CY2023 20 Red Hat Advanced Cluster

    Security for Kubernetes • Downloadable reports for vulnerability management • GitOps approach managing ACS policies. • Ensure your workloads meet networking guardrails defined by your organization with network system policies. • Namespace scoped ACS workflows Supporting namespace-admin compatible workflows in ACS • Focus attention on riskier deployments for remediation with heat maps in network graph. Security Everywhere Reduce security risk Hybrid Cloud and OpenShift Platform Plus Product Managers: Shubha Badve, Doron Caspin, Boaz Michael, Kirsten Newcomer, Maria Simon Marcos Anjali Telang

21. What's Next in OpenShift Q2CY2023 21 Red Hat Advanced Cluster

    Security for Kubernetes • CO-RE BPF as a new runtime collection allows to run ACS secured cluster on a wider set of Linux OS kernels. • ACS secured cluster on IBM ROKS/RHOIC. • Auto-renewal of Internal Certificates eases meeting compliance and security requirements for customers • Manage and schedule Compliance Operator scans with RHACS. Store historical compliance data. Easily product compliance reports for auditors. Platform Consistency Reduce complexity Hybrid Cloud and OpenShift Platform Plus Product Managers: Shubha Badve, Doron Caspin, Boaz Michael, Kirsten Newcomer, Maria Simon Marcos Anjali Telang

22. Red Hat Cloud Services 22 What’s Next in OpenShift Q2CY2023

23. Red Hat OpenShift cloud services A turnkey application platform with

    management and support from Red Hat and leading cloud providers Focus on innovation Simplify operations so your teams can refocus on innovation, not managing infrastructure. Operational efficiency Enhance operational consistency, efficiency and security with proactive management and support. Accelerate time to value Quickly build, deploy, and run applications that scale as needed. Hybrid cloud flexibility Deliver a consistent experience on premises and in the cloud. Cloud services Product Managers: Aaren de Jong, Bala Chandrasekaran, Jerome Boutaud, Oren Kashi, Shreyans Mulkutkar, Will Gordon

24. What's Next in OpenShift Q2CY2023 Cloud services Red Hat OpenShift

    cloud services Azure Red Hat OpenShift • Short term credentials with managed identities • Hosted Control Planes • Custom NSGs • Improving alerts with Azure Monitor Signals • Expanding cluster sizes • Expanding regions • Cluster wide proxy Red Hat OpenShift Service on AWS • Working on FedRAMP offering • Terraform provider & module • Hosted Control Planes • Region Expansion • Compute configuration QoL improvements Product Managers: Aaren de Jong, Bala Chandrasekaran, Jerome Boutaud, Oren Kashi, Shreyans Mulkutkar, Will Gordon

25. What's Next in OpenShift Q2CY2023 Cloud services Red Hat OpenShift

    cloud services OpenShift Dedicated • Google Cloud: ◦ OSD Purchase through GCP Marketplace ◦ Shared VPC (xPN) ◦ Private Service Connect ◦ New, standard instances - E2, N2, M3, C2 machine series ◦ New regions - Chile, Milan, Sydney, Melbourne, Paris, Tel Aviv, Turin ◦ Shielded VM policy ◦ Workload Identity Federation • AWS ◦ Allow newly created machine pool to be set as a default machine pool ◦ Managed Ingress improvements ◦ OCM Service Log notifications for platform events Product Managers: Aaren de Jong, Bala Chandrasekaran, Jerome Boutaud, Oren Kashi, Shreyans Mulkutkar, Will Gordon

26. ACS Cloud Service Roadmap H2 2023 - General Availability 1.

    General availability 2. 60 days trial 3. Provide default email notifications ACS Cloud Service 26 May 2023 - Limited Availability 1. Availability on NA and EU 2. Suport secured clusters EKS, AKS, GKE, OCP, ROSA, ARO 3. Fully support by RH with SLA 4. Available on AWS Marketplace 5. Connectivity for local registry H1 2024 1. APAC Region 2. Azure availability 3. Industry standard compliance

27. Workloads and developer experience 27 What’s Next in OpenShift Q2CY2023

28. What's Next in OpenShift Q2CY2023 28 Increase the ease of

    use Reduce exposure and risk Increased productivity • Multi-Tenancy for services and events through ServiceMesh • End to End encryption for internal and external services • Broker and Channel authentication and authorization • Zero Trust Architecture for securing serverless containers • OpenShift AI powered by Serverless • OpenShift Serverless for Edge • Integration with other platform features, Custom Auto Metrics scaler, Cert Operator, Gateway API OpenShift Serverless Security Platform User Experience • Seamless Developer Experience for apps creation and deployment through DevConsole, CLI and IDE • Pipeline as a code for Serverless functions • Event Mesh for easy discovery and subscription of events • Orchestration of microservices and functions Workloads and Developer Experience

29. What's Next in OpenShift Q2CY2023 ▸ Observability : CI oriented

    dashboard ▸ Pipelines As Code: GH permissions, Chains integration, Pipelines Templating ▸ Customization: Red Hat Tekton Catalog, Manual Approval, Pipelines caching, Recording artifacts in Pipeline, Pipelines in Pipelines ▸ Performance: Pipelines resource quota, Advanced concurrency control Product Manager: Siamak Sadeghianfar, Koustav Saha, Harriet Lawrence ▸ Observability: Progressive delivery UI integration ▸ Automation: Dynamic value lookup, Image Updater support, Automatic scaling ▸ Performance: Small-footprint GitOps, Resource consumption CI/CD & GitOps OpenShift Pipelines OpenShift GitOps 29

30. What's Next in OpenShift Q2CY2023 OCP Console ▸ Improved Debugging

    Tooling and Documentation ▸ Support for Charting Components ▸ New Extension Points/SDK Components ･ Project Creation Flow ･ Details Page ･ more… ▸ PF5 & React-Router 6 support ▸ New and improved Sample Plugins ▸ Plugin Template Repo Refresh ▸ Axe Testing Framework for 508 Compliance What’s next with Dynamic Plugins? OCP Console - Dynamic Plugins Product Managers: Ali Mobrem

31. What's Next in OpenShift Q2CY2023 31 Migration Toolkit for Applications

    Enable adoption leads to make informed decisions and keep the migration and modernization process measurable and predictable Gather Insight Fully integrated toolkit leveraging tools from the CNCF project Konveyor with a seamless user experience Extended Scope Reduce risks Provide value on each stage of adoption Help organizations safely migrate and modernize their application portfolio to leverage OpenShift Migration Guidance Ease OpenShift adoption Product Manager: Ramon Roman Nissen Workloads

32. What's Next in OpenShift Product Manager: Daniel Messer, Tony Wu

    • New controls over granting access to CRDs provided by Operators to cluster users. • Admins can define if any namespaces should only get ‘view-only’ access. Operator Framework 32 OLM 1.0 Preview: Enable full flexibility depending on your operational model • OLM exposes all versions along the update path. • Admins can select a target version for update or set auto updates but bound to z-stream for CVE patches without breaking changes. User permission management Full control over desired update path Fully declarative / GitOps-friendly workflows User-facing Operator API • A single GitOps friendly API to manage installed Operators. • First-class controls for update policy, permission/access controls. • Displaying Operator constraints, dependencies, provided APIs pre-/post-install. Flexible Operator packaging format • OLM can manage Operators packaged with plain k8s manifests or in helm charts. • Manage in-house built Operators or join our partner ecosystem at ease with OLM. • A reduced user-facing API surface area for managing an Operator. • Admins or SREs team can automate and define desired state via GitOps.

33. What's Next in OpenShift Q2CY2023 33 Dynamic loading of plugins,

    helping organizations scale and simplify plugin management. Improved plugin installation & config Red Hat Plug-Ins for Backstage and GPTs enable cohesive integration with OpenShift and other products in the Red Hat portfolio. Better Together Reduce time & complexity when adding plugins Increase developer productivity Product Manager: Serena Chechile Red Hat Developer Hub Provide a permission framework by default, with an Admin UI supporting RBAC flows and more. Improved authorization & Admin UI experience Reduce exposure and risk What’s Next Roadmap - Subject to change

34. What's Next in OpenShift Q2CY2023 • Onboarding experience • Simpler

    Docker compatibility configuration • Native Hypervisors support Kubernetes Capabilities OpenShift Support Containers tooling Product Manager: Stevan Le Meur Simple transitions to Kubernetes Tighter OpenShift Integration Efficient developer flows • Improvements in Podify and Kubify flows • Kubernetes Objects Explorer • Compose to Kubernetes • DevSandbox account creation and token renewal flow • Image checker • Continue exploration on Microshift for developers

35. What's Next in OpenShift Q2CY2023 IDE Extensions JBoss Tools presents

    the OpenShift tooling for Eclipse OpenShift Toolkit for Visual Studio Code and IntelliJ Language support for Java in Visual Studio Code Quarkus Tooling with Microprofile and Qute Support Visual Studio Code, IntelliJ and Eclipse Tooling Inner Loop Developer Experience on Red Hat OpenShift Accelerates application development from local development environment to OpenShift using CLI and extensions workflows and across any language frameworks. VSCode: https://marketplace.visualstudio.com/publishers/redhat IntelliJ: https://plugins.jetbrains.com/organizations/Red-Hat Odo CLI: https://odo.dev/ Inner Loop application development using OpenShift Toolkit IDE extension - Support Helm Charts in IDE - Deploy from Git to OpenShift - Provision OpenShift clusters - Remote Debugging of apps - Support air-gapped environment Deploy apps on Hybrid Cloud through IDE extension on: - Developer Sandbox - OpenShift on Azure - OpenShift on AWS - Podman - OpenShift Local IDE Extensions - Developer Experience IDE extensions across products, languages and CLI tools around OpenShift Product Manager: Mohit Suman Cloud-native apps Odo CLI IDE Extensions Devfile configuration > > > 35

36. 36 Much Later Invite users to join a sandbox Invite

    others in your organization to join your sandbox and even join theirs. Collaborate on new applications and learn OpenShift together. Later Dashboard and application launcher See everything you need to know about your sandbox in one place on HCC. Know how much resource you have used and how much time you have left. Next Red Hat Developer Hub on Sandbox Have your own instance of the Red Hat Developer Hub to experiment with and share with others. Try out our library of plugins and Golden Path Templates. Now Sign Up in Hybrid Cloud Console Sign Up for the developer sandbox on HCC. The new home for the Red Hat Developer Sandbox! No more SMS verification either! Developer Sandbox

37. Core platform 37 What’s Next in OpenShift Q2CY2023

38. What's Next in OpenShift Q2CY2023 Installation, Updates, and Provider Integration

    38 • Add new clouds and platforms • Add new regions • Enable third party integrations • Hosted Control Planes • Composable installation • Add more flexibility and new capabilities Installation Updates Platforms Enable Hybrid Cloud Simplify onboarding Mitigate risk • Improve update user experience and documentation • Update risk assessment • 24-month lifecycle for EUS releases for multi-architectures Core platform Product Manager: Ju Lim, Marcos Entenza, Ramon Acedo, Adel Zaalouk, Subin Modeel

39. What's Next in OpenShift Q2CY2023 External DNS and Azure Managed

    Identity 39 Support external DNS for cloud providers ▸ Enable full stack automated installations (IPI) to use existing user managed DNS records to deploy OpenShift on public clouds like AWS, Azure or GCP. ▸ Customers deploying OpenShift on regulated environments where DNS cloud services can not be used will be able to leverage their own external DNS solution. Azure Managed Identity ▸ Create and manage OpenShift clusters with managed identities for Azure resources for authentication, in conjunction with Azure AD workload identities to access Azure cloud resources securely ▸ Deploy OpenShift and run operators on Azure using access controls (IAM roles) with temporary, limited privilege credentials Product Manager: Marcos Entenza (External DNS), Ju Lim (Azure Managed Identity)

40. What's Next in OpenShift Q2CY2023 40 Longer lifecycle for Multi

    Architectures for EUS Releases Product Manager: Duncan Hardie What An additional 6 month of Extended Update Support (EUS) phase on even numbered OpenShift (OKE, OCP, OPP) releases and a subset of layered operators for multiple architectures ▸ ARM, IBM Power, and IBM Z Who Those with Premium subscriptions, [or Standard subscriptions + an add-on SKU] When Starting with OpenShift 4.14 and applying to subsequent even numbered releases of OpenShift. Why ▸ Support customers and partners struggling to maintain pace with 4.y cadence ▸ Align approach and offering rules of OCP EUS to RHEL’s program rules Note ▸ EUS to EUS upgrades continue the same behaviour. ▸ Layered operators/operands and products will continue to have their own lifecycle. ▸ Layered operator lifecycles are available on the OpenShift lifecycle page.

41. What's Next in OpenShift Q2CY2023 Onboarding Third Party Integrations (Components)

    41 ▸ Introducing platform “external” to allow for 3rd party (partner) integrations ▸ “External” joins other platform types (e.g. AWS, baremetal, None, etc.) to indicate provider integration type ▸ “External” signals that OpenShift cluster is deployed on partner infrastructure where core cluster components (e.g. Cloud Controller Manager, Container Storage Interface) may be replaced by partner ▸ Partner has option to disable (or replace) selected platform components through the capabilities API ･ Some components in OpenShift cluster with “External” platform allow changes to deployment options ･ E.g. If partner specifies the presence of custom Cloud Controller Manager, then cluster is configured to expect the custom Cloud Controller Manager with option to add their own Container Storage Interface driver Product Manager: Ju Lim

42. What's Next in OpenShift Q2CY2023 Cloud Controller Manager and Cluster

    API 42 Product Manager: Subin Modeel Out-of-tree Cloud Controller Manager Cluster API What We GA’ed out-of-tree Cloud controller Manager for AWS, GCP, Azure platforms. Create Machines and MachineSets in CAPI Why Originally, Kubernetes implemented cloud provider-specific functionalities natively within the main Kubernetes tree (as in-tree modules). With more infrastructure providers supporting Kubernetes, the in-tree method became impractical and no longer advised. New providers supporting Kubernetes must follow the out-of-tree model. We gradually plan to replace the Machine API controllers/code with Cluster API controllers and API types to reduce the maintenance burden of maintaining two competing solutions across multiple products. Users will be able to create Machines and MachineSets in CAPI for the following platforms; AWS, Azure, GCP, vSphere, (Possibly OpenStack + Baremetal). When Starting with OpenShift 4.14 Mid to long term Who No impact on user in any way. The out-of-tree implementation is backward compatible and does not impact OpenShift. This feature will come out as a Tech Preview and will provide a migration path to CAPI when it GAs.

43. What's Next in OpenShift Q2CY2023 OpenShift on Oracle Cloud 43

    ▸ OpenShift on Oracle Cloud VMware Solution (OCVS) ･ Supported since OpenShift 4.12+ ･ Support included as OCVS is a VMware Cloud Verified provider ･ Validated reference architecture: Red Hat OpenShift Container Platform 4.12 on Oracle Cloud VMware Solution ▸ OpenShift on Oracle Cloud Infrastructure (OCI) ･ VMs and bare metal ･ Guided installation from Hybrid Cloud Console via Assisted Installer ･ Partner provided integrations Product Manager: Ju Lim, Marcos Entenza, Ramon Acedo

44. OpenShift on Arm • Run OpenShift on highly efficient, high

    performance per watt architectures o-----------------------------o • Support for Arm on GCP • More layered products (Service Mesh, Serverless) Multi-architecture Cluster • Allow more flexibility in a cluster, use different cloud platforms and different architecture types to enhance flexibility o------------------------------o • Support for Arm & IBM architectures with Multi-architecture compute and Hosted Control Planes • More integration into Console and ACM • Improved disconnected experience IBM Power and IBM Z • Expose more Power and Z built in capabilities for use via OpenShift o-----------------------------o • Assisted Installer • Agent based installer • Disaster recovery • SMC-D/R support, SMT power level support • Kepler support • Quay support PM: Duncan Hardie Systems Enablement

45. Improving disconnected installations, hybrid-cloud and cluster zero deployments 45 •

    UPI use cases • AWS, Azure and GCP cluster expansion with bare metal nodes • Multicluster Engine integration PM: Ramon Acedo Rodriguez UPI use cases, such as specific host-level configurations or platform agnostic, will be handled by the Agent-Based Installer. Agent-Based Installer with UPI use cases Add bare metal compute nodes to clusters on public clouds within your on-premise datacenters using the Bare Metal Operator. Expand AWS, Azure and GCP clusters on-premise Enable MCE during installation to get to cluster zero easily, and to manage the day-2 operations in your clusters Multicluster Engine Integration OpenShift on Bare Metal

46. What's Next in OpenShift Q2CY2023 • Unified Kernel Images (UKI)

    • Runtime integrity checks • Remote attestation • CIS Benchmark for RHCOS RHEL CoreOS and Machine Config Operator • On-cluster build automation • Custom boot images • OpenShift Console integration CoreOS Layering Enhancements • Resilient and flexible upgrade strategies • Reboot Policies • Enhanced metrics and reporting Administrator Clarity & Control Confidential Compute and Security Product Manager: Mark Russell Deeper Integration Empowered Admins Reduced Risk

47. What's Next in OpenShift Q2CY2023 • The new way of

    requesting access to resources • Provides partial or optional device allocation 47 Hardware accelerators and specialized devices • Removes on-site drivers builds with pre-compiled drivers • Enables UEFI secure boot NVIDIA GPU precompiled drivers • Allows to share GPU memory for AI training with inbox network drivers • Network Inline processing using GPUs AI training with dma-buf Dynamic Resource Allocation API Product Manager: Erwan Gallen Fast deployment of GPU nodes Open offloading Flexibility for accelerator offloading

48. What's Next in OpenShift Q2CY2023 Confidential Computing Confidential computing provides

    a Trusted Execution Environment (TEE) that protects code/data that is in memory from unauthorised entities ▸ Confidential Containers (CoCo) is a new sandbox project of the Cloud Native Computing Foundation (CNCF) ▸ Developer Preview coming to OpenShift Product Manager: Jochen Schröder 48

49. What's Next in OpenShift Q2CY2023 49 Use Case ▸ Job

    Queueing ･ Job queueing decides which jobs should wait, which can start immediately, and what resources they can use. ▸ Job priority preemption ･ Ability to preempt low priority job for high priority job ▸ Job quota management ･ Ability to assign quota to the jobs Potential upstream projects we are exploring to solve above use case: ▸ Kueue ▸ Multi-Cluster App Dispatcher (MCAD) Enhanced Job Management in Openshift Product Manager: Gaurav Singh

50. What's Next in OpenShift Q2CY2023 Openshift Pod Autoscaling • VPA

    based on CPU & Mem • HPA based on CPU & Mem • Custom metric autoscaler • Behaviour detection VPA • In-place update of pod resources • In-place update of VPA • Multidimensional pod scaling (VPA+HPA) Product Manager: Gaurav Singh

51. What's Next in OpenShift Q2CY2023 OpenShift Windows Containers PM: Duncan

    Hardie Enabling Infrastructure • Bring better visibility to preempt and diagnose issues, while also improving access to networks and storage infrastructure o-----------------------------o • Cluster wide proxy • CSI proxy • Integrated Monitoring • Logging solution Secure Environments • When you data center does not have access to the internet run windows workloads safely while securing services o------------------------------o • Fully supported in disconnected environments • Group managed service account support More Platforms • Bring windows nodes into more cloud platforms and benefit from multiple managed service offerings o-----------------------------o • Nutanix Platform Support • ARO/ROSA enablement • IBM Cloud

52. What's Next in OpenShift Q2CY2023 Control Plane Improvements: Auth Pod

    Security Admission (PSA) No auto-creation of SA secrets User namespaces Globally enforce: restricted mode SCC changes for Containers to run as non-privileged users on host Secrets should not be automatically created on SA creation BYO OIDC Identity Bring Your Own OIDC provider for direct API access Secret Store CSI Driver Mount application secrets from external secret providers Product Manager: Anjali Telang 52

53. What's Next in OpenShift Q2CY2023 Control Plane Improvements: etcd Backup

    API (Automated B&R) Hitless Operations ETCD Profiles (adjust for efficiency) Automated Backup & Recovery of etcd database Selectable validated profiles for etcd heartbeat intervals and election timers Hitless etcd defragmentation and certificate rotation Product Manager: William Caban 53

54. What's Next in OpenShift Q2CY2023 Automatic recovery from expired certificates

    when cluster resumes from hibernation, snapshots or a restored from a backup Kube API and OpenShift API server internal certificate rotation without any service degradation or performance impact Hitless* Certificate Rotations Automatic Certificate Rotation on Cluster Hibernation or Restore Improvements to Certificate Rotation * Execute the action without any service degradation or performance impact Product Manager: William Caban 54

55. What's Next in OpenShift Q2CY2023 Spanned Control Plane Official guidance

    on designs and considerations for deployment of control planes spanning multiple locations or non-optimal underlying infrastructure. Official Guidance in OpenShift Docs The etcd dashboard will include new metrics, alarms and thresholds aligned with the guidance for deployments of control planes across locations. Improved etcd dashboard supporting guidance Product Manager: William Caban 55

56. What's Next in OpenShift Q2CY2023 56 Product Manager: Adel Zaalouk

    Self-Managed Hosted Control Planes for Red Hat OpenShift • AWS: ◦ HCP (x86) | NodePools: x86 ◦ HCP (x86) | NodePools: Arm ◦ HCP (Arm) | NodePools: x86 ◦ HCP (Arm) | NodePools: Arm • Agent ◦ HCP (x86) | NodePools (x86) ◦ HCP (x86) | NodePools (P/Z) • OpenShift Virtualization: ◦ HCP (x86) | NodePools (x86)

57. What's Next in OpenShift Q2CY2023 57 OpenShift Virtualization Enterprise Virtualization

    Capabilities • Metro (Sync) DR with ODF • Regional (Async) DR with ODF • Dynamic configuration with Network and CPU hotplug • Improved density with Memory Overcommit • Ecosystem DR integrations • Overlay Secondary network • Windows 11 persistent vTPM OpenShift Developer Services • VMs as code for GitOps using Tekton and ArgoCD Pipelines • Windows 11 and Windows Server 2022 examples. • Ansible integration • Gateway API for load balancing Multi-Cluster Scaling and Cloud Services • Reduce cost and deploy faster with multi-tenant virtual clusters • ACM VM lifecycle and workflow Public Cloud • GA of AWS Bare Metal Support • Equinix • OpenShift Virtualization in ROSA Product Manager: Peter Lauterbach

58. What's Next in OpenShift Q2CY2023 Storage 58 ReadWriteOncePod Access mode

    TP Non Graceful node shutdown GA Retroactive storage class assignment GA SELinux context mounting for RWO PVs TP Core Storage Unified storage across footprints Cloud Providers CSI Google FileStore CSI Azure File NFS support CSI Migration vSphere migration for all clusters Secret Management Secrets Store CSI Container Storage Interface Enhanced user & operator experience Product Manager: Gregory Charot

59. What's Next in OpenShift Q2CY2023 OpenShift Update Service 59 Product

    Manager: Subin Modeel ▸ Single command to monitor OpenShift Update ･ Check status of Openshift components during Update ･ oc adm update status ▸ Improve disconnected update experience ･ Remove manual steps by serving OpenShift release signatures via Cincinnati ▸ ROSA with hosted control planes consumes update recommendations from OpenShift Update Service (OSUS) ▸ Improve Update documentation ･ Troubleshooting guide for common update issues

60. What's Next in OpenShift Q2CY2023 60 ▸ OSP18 uses Openshift

    Bare metal for hosting of its control plane and lifecycle mechanisms ▸ Dataplane (Nova compute and Ironic) remain external to OpenShift ▸ Leveraging core openshift capabilities (Operator Framework, Metal3, Multus, MetalLB) and native ansible ▸ Support both greenfield and existing deployed clouds (TripleO “adoption” process) ▸ Better telemetry and observability ▸ Beta to be released on 4.14.x ▸ GA targeting 4.16 OpenStack Services coming to OpenShift Red Hat Openstack 18 will utilize a new architecture, leveraging OpenShift bare metal as the hosting infra for the OSP control plane and lifecycle tooling (deployment, day 2 and upgrades) Product Manager: Gil Rosenberg

61. Baremetal OCP-worker-1 (BM1) OCP App Pod OCP App Pod Infra

    Pod Infra Pod OCPApp Pod OCPApp Pod Infra Pod Infra Pod Infra Pod Infra Pod Master-0 Infra Pod Infra Pod Master-1 Infra Pod Infra Pod Master-2 Infra Pod Infra Pod OCPApp Pod OCPApp Pod OCP-worker-3 (BM3) OCP-worker-2 (BM2) OCP-worker-0 (BM0) OCP App Pod Infra Pod OCP App Pod Infra Pod OSP Infra Pods (ctlplane) OSP Infra Pods (ctlplane) OSP Infra Pods (ctlplane) Red Hat Openstack 18 High Level Architecture OSP Compute Baremetal OSP Compute Baremetal OSP Infra Pods (ctlplane) Old control plane repurposed Pre-existing compute tier adopted into the new control plane Product Manager: Gil Rosenberg

62. Telco & Edge 62 What’s Next in OpenShift Q2CY2023

63. What's Next in OpenShift Q2CY2023 63 Red Hat Device Edge

    Add RHDE/ MicroShift related management capabilities to Ansible Automation Platform and Advanced Cluster Management Edge Management • Machine Vision on arm • Low latency workload • Compliance (FIPS, ISA62443, ….) Extend Capabilities MicroShift General Availability • Currently Tech Preview • GA planned for next release • CNCF certification Product Manager: Daniel Fröhlich consistent management More edge use cases Enterprise Support for k8s at the smallest edge device

64. What's Next in OpenShift Q2CY2023 Further extend supported providers •

    Added: • Next: Single Node OpenShift • Make more cluster capabilities optional • Optimize resource usage • Goal: 1 core control plane Continue footprint reduction Minimize Deployment Time • Make SNO relocatable • Install at near edge / facility, then relocated to far edge Product Manager: Daniel Fröhlich More ressources available for workload Faster edge rollouts Cost savings for small clusters C W

65. What's Next in OpenShift Q2CY2023 65 Telco 5G Core and

    Edge Telco orthogonal requirements… all mandatory! Optimization on two axis, conceptually straightforward, is not an option Availability (5 nines SLA: 5 mins 15s of unavailability per year) Cost-efficiency (OPEX and CAPEX) Performance (millions of packet / subscriber per core / server)

66. What's Next in OpenShift Q2CY2023 66 Strategic Investment Areas Relentlessly

    reduce CaaS CPU and memory consumption while leveraging hardware power consumption innovations Sustainability Secure the physical platform and participate in the network chain of trust and compliance with security regulation authorities Security Reduce carbon footprint and energy consumption End to End chain of trust from Hardware, Networking and Software Improve telco operations at scale and utilize next generation hardware (CPU, NIC, Accelerators…) to maximize platform efficiency Operation excellence Managing Agile Infrastructure with the latest Hardware [Efficient, Scale, TCO] Telco 5G Core and Edge Product Manager: Erwan Gallen

67. Networking and Observability 67 What’s Next in OpenShift Q2CY2023

68. 68 What's Next in OpenShift Q2CY2023 Multicluster End-to-End Networking Red

    Hat OpenShift Networking Internet Gateway API Platform-native Load Balancing Ingress Controller Node Node Node OVN OVS ▸ Unified traffic handling so you configure all your traffic the same way ▸ Any supported platform – add or swap easily, hybrid scenarios ▸ Flexibility to use native traffic distribution for optimal performance ▸ Physical Virtual Private cloud Public cloud Edge Managed cloud Istio Ingress Submariner Product Managers: Marc Curry, Deepthi Dharwar, Bradd Weidenbenner (Submariner), Jack Britton (Service Interconnect), Jamie Longmuir (Service Mesh/Istio) Service Interconnect

69. What's Next in OpenShift Q2CY2023 Product Managers: Marc Curry, Deepthi

    Dharwar Red Hat OpenShift Networking 69 ▸ Zero Trust Networking ▸ Performance and Scale Improvements ▸ Network Observability Operator updates ▸ Ingress as an option ▸ Resource consumption optimizations ▸ IPv6 for public cloud deployments ▸ HAProxy 2.6 ▸ Unified IPsec North-South & East-West ▸ ovn-kubernetes on secondary interface ▸ Live migration from OpenShiftSDN to OVN ▸ Admin Network Policy ▸ Multi-NIC support for ovn-kubernetes ▸ Ingress Node Firewall ▸ Istio Implementation of Gateway API

70. What's Next in OpenShift Q2CY2023 70 OpenShift Service Mesh Support

    scaled mesh use cases: Large meshes, multi-cluster, services outside of clusters and dual-stack. Service Mesh at Scale Cohesive with the OpenShift including console, networking, certificate management, monitoring, GitOps and more. Better Together Secure, observe & manage traffic at scale Reduce complexity with a consistent experience Converge Service Mesh with Istio to enable customers on the latest from the Istio and Kubernetes communities. Istio Community Convergence The latest application networking innovation Product Manager: Jamie Longmuir OpenShift Networking

71. What's Next in OpenShift Q2CY2023 71 Observability Correlated observability signals

    in the OpenShift Web Console (first experience) TraceQL support for distributed traces Analyze OpenShift Web Console - Developer Perspective: Expire silences in bulk & Logs-based alerts (Loki) Jaeger UI: RED metrics from traces Dev Preview: power monitoring for Red Hat OpenShift (Kepler) Visualize Out of the Box Visualization Experience Productization of Prometheus Operator Multicluster log collection Loki zone aware replication OpenTelemetry collector and Tempo GA OpenTelemetry metrics support Collect, Store & Aggregate Flexible Collection & Storage Experience Product Managers: Roger Floren, Jamie Parker, Vanessa Martini & Jose Gomez-Selles Turn your data into answers! OpenShift Observability near-term objectives near-term objectives near to mid-term objectives

72. What's Next in OpenShift Q2CY2023 Power monitoring with Kepler Drive

    energy cost down for IT operations and contribute to achieve sustainability goals Power monitoring with Kepler • Uses eBPF to probe energy related system stats and exports as Prometheus metrics that can be leveraged for workload scheduler and auto-scaling and drive CI/CD pipelines • Power monitoring with Kepler will be Dev Preview with OpenShift 4.14 Project Scope • Monitor/Report Energy Costs and CO2 Emissions • Hybrid Cloud Energy and CO2 Monitoring and Reporting • Data/Analytics for Energy Optimization • Data/Analytics for Green IT and Green (Re)-Engineering • Data for ESG reporting Virtualized Edge Public clouds Physical Hardware Private clouds Kepler Open Data Hub ESG Reporting 3rd Party Data (Power Grid) 3rd Party Observability Power Data Power Data CO2 Data CO2 Data OpenShift Observability Product Managers: Roger Floren, Jamie Parker, Vanessa Martini & Jose Gomez-Selles

73. What's Next in OpenShift Q2CY2023 Insights for OpenShift Red Hat

    Insights Advisor for OpenShift 73 - Predicting risks, recommending actions - Leveraging Red Hat experience with running/supporting OpenShift Coming soon (Q3 2023 features) ▸ Update risk assessment generally available ･ Identifying cluster conditions impacting successful update ▸ Deployment Validation Operator generally available ･ Expanding Insights recommendations to workloads ･ Best practice recommendations based on Red Hat SRE experience ･ Workload recommendations with deanonymized content ▸ Insights Advisor support for Hosted control planes (Hypershift) Product Managers: Radek Vokál, Tomas Dosek & Pau Garcia Quiles

74. What's Next in OpenShift Q2CY2023 Insights for OpenShift Red Hat

    Insights Cost Management 74 - Helps you visualize and distribute Red Hat OpenShift costs and cost of additional services into meaningful items. - Cost visibility and allocation - Report fully-loaded per-project cost to bill internal/external customers Coming soon (Q3 2023 features ) ▸ Improved cost of running apps on OpenShift to allow users to define what’s the “platform costs” ▸ (More) Resource optimization - identify and optimize workloads ･ Pod-level usage reporting ･ Identify pods with no/wrong resource requests/limits ･ Waste reporting ▸ Tag mapping and reconciliation Product Managers: Radek Vokál, Tomas Dosek & Pau Garcia Quiles

75. linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat Thank you Red Hat is the

    world’s leading provider of enterprise open source software solutions. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500.