The new Red Hat OpenShift 4.10 release is based on Kubernetes 1.23 with the CRI-O 1.23 runtime and offers new enhancements and features for both developers and administrators.
Among the 45 enhancements are the ability to change static network configurations after cluster deployment with enhanced networking metrics and debuggability. OpenShift also provides a way to check configurations regularly, so the administrator can be more proactive in addressing problems sooner with MachineConfigDaemon Events.
OpenShift also supports Microsoft Azure AvailabilitySets in MachineSets for better resilience and high availability. It includes the ability to change the maximum transmission unit (MTU) of openshift-sdn, post cluster deployment.
OpenShift sandbox containers are now generally available in OpenShift 4.10 and are complementary to numerous existing security features of OpenShift: SELinux, role based access control (RBAC), projects, security context constraints (SCCs), and Kubernetes network policies.
Red Hat also added two new compliance operator profiles that cover PCI-DSS and NERC CIP as well as additional controls to the FedRAMP Moderate profile.
“The compliance operator provides relief to the operational complexity of managing the security compliance of the cluster, by automating, auditing, and remediation of compliance with technical controls for the cluster administrator,” Red Hat wrote in a blog post.
Red Hat also focused on streamlining the process for setting up a mirror registry with a minimal Red Hat Quay deployment that serves as the registry to bootstrap one’s first disconnected cluster. Red Hat said it is starting to consolidate all relevant operations into a single plugin for the oc client that condenses multiple tools and steps that were previously required into a single command.
The new version also introduces Extended Update Support (EUS)-to-EUS updates to provide customers a quicker and safer update experience while reducing disruptions to their workloads.
To mitigate risk in any updates, Red Hat added enhancements for conditional updates in which the OpenShift Update Service (OSUS) may declare conditionally recommended updates associated with known risks.
Additionally, OpenShift on bare metal can provide customers with cost savings, more control, simplified management, and improved performance.
OpenShift Virtualization has also added support for OpenShift Service Mesh, virtual GPU (Tech Preview for vGPU), and warm migration of RHV VMs. The Service Mesh support can help developers easily monitor, visualize and control traffic between pods and VMs.
Additional details on OpenShift 4.10 are available here.