Red Hat OpenShift 4.6
Red Hat OpenShift Container Platform 4.6 is now available, Production Grade, GA.
What is Red Hat OpenShift?
It’s a Container hosting platform with rich features from Red Hat (IBM). The core of Red Hat OpenShift is Kubernetes.
There are application Servers such as Oracle WebLogic and IBM WebSphere in the market. The core of an application server is J2EE (Java EE) and its job is to host J2EE applications.
Similarly, Red Hat OpenShift hosts Container(ized Application)s. It is scalable, secure, cloud native, with minimal configuration and overhead.
Red Hat did not publicly release OpenShift Container Platform 4.6.0 as the GA version and, instead, is releasing OpenShift Container Platform 4.6.1 as the GA version.
I list out few major features of Red Hat OpenShift 4.6.1 in this blog. A detailed release notes information link is available at the end.
Supported Platforms
Red Hat Enterprise Linux (RHEL) 7.7 or later
Red Hat Enterprise Linux CoreOS (RHCOS) 4.6
Kubernetes 1.19
CRI-O
The user must use RHCOS for the control plane (Master Nodes), and can use either RHCOS or RHEL for worker nodes.
Installation and Upgrade
The user can install a Red Hat OpenShift Cluster on Amazon Web Services (AWS) GovCloud Region and Microsoft Azure Government Region (MAG).
Introduces user defined outbound routing for a Red Hat OpenShift Cluster running on Azure to connect to the internet. It allows to skip the creation of public IP addresses and public cloud load balancers.
Red Hat OpenShift introduces support for installing a cluster on bare metal using installer-provisioned infrastructure.
The user must ensure all Operators previously installed through OLM (Operator Lifecycle Manager) are updated to their latest versions in their latest channels before upgrading to OpenShift Container Platform 4.6.
With this release, IBM Power Systems are now compatible with OpenShift Container Platform 4.6.
Install support for vSphere version 7.0
OpenShift Container Platform version 4.6 requires RHV (Red Hat Virtualization) version 4.4.2 or later.
Security and Compliance
The Compliance Operator feature allows the use of OpenSCAP tools to check that a deployment complies with security standards and provides remediation options.
The File Integrity Operator feature that continually runs file integrity checks on the cluster nodes, is now available. It deploys a daemon set that initializes and runs privileged advanced intrusion detection environment (AIDE) containers on each node, providing a status object with a log of files that are modified during the initial run of the daemon set Pods.
The user can now configure OAuth tokens to expire after a certain amount of time that they have been inactive.
Red Hat OpenShift (Kubernetes) security has become critical in DevSecOps. The upcoming course CKS (Certified Kubernetes Security Specialist) from RedPeppy helps you to understand and learn the Security aspects of Kubernetes and Containers.
Machine API
The Machine API now supports multiple block device mappings for machines running on AWS.
MachineSets running on Azure now support Spot VMs.
MachineSets running on GCP now support preemptible VM instances.
Web Console
Improved upgrade experience in the web console.
Improved Operator installation workflow with Operator Hub.
View related objects for cluster Operators.
Warning messages when editing managed resources.
Scale
The real-time profiles are fully compatible with what the real-time profiles do in Tuned on Red Hat Enterprise Linux (RHEL).
The Performance Addon Operator helps the administrator with tuning worker nodes for low latency and real-time workloads.
Networking
The OVN (Open Virtual Network)-Kubernetes Container Network Interface (CNI) is now GA. For this release, OpenShift SDN remains the default Pod network provider.
The user can now configure PodNetworkConnectivityCheck resources to check each network connection from the Pods that are managed by the Operator.
The NodePort range is expandable beyond the default range of 30000–32767.
Ingress in Red Hat OpenShift Container Platform 4.6 now uses HAProxy version 2.0.16.
Configuration of an Ingress Controller Network Load Balancer (NLB) for new and existing AWS clusters is now supported.
AWS Route53 endpoint configuration is now supported on the Ingress Operator.
Storage
The Container Storage Interface (CSI) Driver Operators and drivers for AWS Elastic Block Store (EBS), Red Hat Virtualization (oVirt), and OpenStack Manila shared file system service are now managed by the Cluster Storage Operator in OpenShift Container Platform.
The Local Storage Operator now has the ability to automatically discover a list of available disks in a cluster and provision local persistent volumes from attached devices.
Registry
The image registry can now be set up and configured for Azure Government.
The user can now configure logLevel in the Image Registry Operator to debug logs.
Operator Lifecycle
Operator developers can now use conversion webhooks for Operators that target all namespaces, also known as global Operators.
The Operator API is now supported and enabled by default. It gives a simplified experience discovering and managing the lifecycle of Operators in a Red Hat OpenShift cluster.
The Node Maintenance Operator now validates maintenance requests for master nodes, preventing master (etcd) quorum violation.
The users can now set log levels separately for the Image Registry Operator and operand.
Builds
Builds now support Git clones behind an HTTPS proxy.
Nodes
The user can now configure pod topology spread constraints for more fine-grained control the placement of pods across nodes, zones, regions, or other user-defined topology domains. This can help improving high availability and resource utilization.
New descheduler strategy is available (Technology Preview).
Descheduler filtering by namespace and priority (Technology Preview).
Cluster Logging
The Log Forwarding API is now generally available.
The Log Forwarding API allows the user to add free-text labels to log messages that are affixed to outbound log messages.
The (new) OpenShift Logging dashboard contains charts that show details about Elasticsearch instance at a cluster-level, including cluster resources, garbage collection, shards in the cluster, and Fluentd statistics.
The (new) Logging/Elasticsearch Nodes dashboard contains charts that show details about Elasticsearch instance, many at node-level, including details on indexing, shards, resources, and so forth.
Monitoring
In Red Hat OpenShift 4.6, the user can enable monitoring for user-defined projects in addition to the default platform monitoring.
The Red Hat OpenShift 4.6 introduces validation of Prometheus rules through a webhook that calls the validating admission plug-in.
Insights Operator
In Red Hat OpenShift 4.6, the Insights Operator collects information about all cluster nodes, while previous versions only collected information about unhealthy nodes.
Notable technical changes
Starting in Red Hat OpenShift 4.6, the Red Hat-provided default catalogs used by Operator Lifecycle Manager (OLM) and Operator Hub are now shipped as index images specific to the minor version of OpenShift Container Platform. This allows Operator providers to ship intentional ranges of Operator versions per cluster version.
Both the OpenShift SDN and OVN-Kubernetes Container Network Interface (CNI) network providers now use the Open switch (OVS) version installed on the cluster nodes. Previously, OVS ran in a container on each node, managed by a DaemonSet.
Warnings when using deprecated APIs.
Red Hat OpenShift 4.6 supports Operator SDK v0.19.4.
All images in Red Hat OpenShift 4.6 now use universal base image (UBI) version 8 by default.
The default Jenkins Node.js agent has been upgraded to Node.js version 12.
Reference Link
The below release notes link from Red Hat has granular details about the changes in Red Hat OpenShift 4.6
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html
Red Hat OpenShift market is growing well even during this pandemic. The pre-requisite is to develop a good knowledge and experience in Kubernetes and the Certified Kubernetes Administrator (CKA) course from RedPeppy helps you to become competitive in the new economy.
Lawrence Manickam is the Master Cloud Architect Trainer in RedPeppy, E-Learning division of Kuberiter.
Please visit https://redpeppy.com to register for my premium Cloud native courses such as Certified Kubernetes Administrator (CKA) and Certified Kubernetes Security Specialist (CKS).
