January 15th, 2020 by Michael Rink
Red Hat Announces OpenShift Container Platform 4.3
Today, Red Hat announced plans to release OpenShift Container Platform 4.3. OpenShift Container Platform, sometimes shortened to just OpenShift, is Red Hat's Kubernetes based open-source software container application. When Red Hat says open-source, they mean open source. You can find the current full release notes here alongside the source code in their GitHub repository. Red Hat was founded in 1993 as an open-source software provider and advocate. Today it provides a wide range of home and enterprise software products and services, including a Linux operating system and 24/7 support subscriptions.
The most significant improvements in OpenShift Container Platform 4.3 are in improved security and platform support. 4.3 does also upgrade from Kubernetes 1.14 to Kubernetes 1.16.
By far the most significant improvement in security is that IT engineers can now install an OpenShift Container Platform cluster that uses Federal Information Processing Standard (FIPS) validated cryptographic libraries. Specifically, FIPS 140-2 Level 1. This opens the doors to its use by many US federal departments and agencies that are required to use certified FIPS environments to handle sensitive data. When OpenShift runs on Red Hat Enterprise Linux booted in FIPS mode, OpenShift calls into the Red Hat Enterprise Linux FIPS validated cryptographic libraries. Other security improvements include the addition of the option to encrypt data stored in etcd. Etcd is a strongly consistent, distributed key-value store that provides a reliable way to store data that needs to be accessed by a distributed system or cluster of machines. When you enable etcd encryption, the following OpenShift API server and Kubernetes API server resources are encrypted: Secrets, ConfigMaps, Routes, OAuth access tokens, and OAuth authorize tokens.
OpenShift Container Platform 4.3 allows IT teams to deploy private clusters on all three major public clouds. To install a private cluster to Google Cloud Platform (GCP), you need an existing Virtual Private Cloud (VPC). To install a private cluster to Amazon Web Services (AWS), you need an existing VPC. To install a private cluster to Microsoft Azure, you need an existing Azure Virtual Network (Vnet). The installation program will configure the Ingress Operator and API server for access from only the private network, and there are installation guides for each of the cloud providers.
Red Hat also released Red Hat OpenShift Container Storage (OCS) 4 today. OCS is based on Red Hat Ceph Storage and as an embedded OperatorHub that supports file, block and object-based storage. One of the major enhancements of OCS 4 is Multi-Cloud Object Gateway (part of Red Hat’s acquisition of NooBaa) that can give customers greater abstraction and flexibility that can help to avoid public cloud lock-in. OCS 4 has S3 interface, according to Red Hat, this makes it the only container storage solution to do so. The new version has greater automation through Rook’s storage orchestration capabilities and faster persistent volume creation. And finally, OCS 4 brings encryption, anonymization, key separation and erasure coding.
Expected by the end of the month (January 2020). OCS 4 is available now.
Engage with StorageReview