DEVOPSdigest

Red Hat introduced new security and compliance capabilities for the Red Hat OpenShift enterprise Kubernetes platform.

The new features, available with the general availability of Red Hat OpenShift 4.12, are designed to help organizations more efficiently scale workloads across the hybrid cloud without compromising security.

The new enhancements available in Red Hat OpenShift 4.12 are designed to help organizations mitigate risks and meet compliance requirements across increasingly complex IT environments.

Red Hat OpenShift 4.12, based on Kubernetes 1.25, introduces three new Operators and an update to the Compliance Operator, designed to enhance workload consistency and management from the datacenter to the edge.

- The new Security Profiles Operator enables users to more easily distribute and use security profiles like Seccomp or SELinux in a Kubernetes cluster. Replacing what was previously a more manual process, the Security Profiles Operator is designed to simplify Seccomp or SELinux profile creation while managing profiles across nodes and namespaces. This helps IT teams to craft security profiles that give only the necessary privileges to container processes.

- New enhancements were introduced to the Compliance Operator which helps Red Hat OpenShift administrators run compliance scans and provide remediations for the issues found. With the introduction of PriorityClass, admins now have better control of their compute and memory resources and can prioritize which pods to scan first, enabling more accurate results and helps ensure each cluster stays compliant.

- The new Ingress Node Firewall Operator allows users to configure firewall rules at the node level. This helps administrators control from which interface and remote hosts the Kubernetes API server can be accessed, better controlling network traffic in and out of the node for enhanced security.

- The new Network Observability Operator, provides observable network traffic metrics, flows, topology and tracing for a more complete understanding of network traffic. The operator helps simplify identification of network bottlenecks and assists with troubleshooting connectivity issues, providing for enhanced network performance optimization in Red Hat OpenShift clusters.

Red Hat OpenShift provides a more consistent foundation for organizations to run applications wherever it makes the most sense while using their preferred tools to build, deploy, run and scale applications with a focus on security. Red Hat OpenShift 4.12 delivers even greater choice in how organizations deploy Red Hat OpenShift and enables IT teams to better meet dynamic technology requirements. New features supporting this expanded flexibility include:

- Support for Red Hat OpenShift on Arm now includes support to deploy Red Hat OpenShift on Arm-based instances in Microsoft Azure.

- Agent-based installer for disconnected deployments provides an easy and repeatable way to deploy edge Red Hat OpenShift clusters at scale into production with limited or no additional hardware. The agent-based installer is optimized for disconnected and air-gapped Red Hat OpenShift deployments for bare metal, vSphere, and agnostic platforms. Using the agent-based installer, organizations can deploy all supported Red Hat OpenShift topologies including single node clusters, three-node compact clusters or standard high availability clusters.

- Extended lifecycle support with an additional six months of extended update support on even numbered Red Hat OpenShift releases on the x86_64 architecture. Starting with Red Hat OpenShift 4.12, users will now have 24 months of support so users have even more flexibility to plan and operationalize upgrades.

Red Hat OpenShift 4.12 is now generally available.