what’s New in OpenShift 4.18

OpenShift 4.18 Improvement by Using Kubernetes 1.31:

1. Overview
   OpenShift 4.18 is based on the upstream CRI-O 1.31 and Kubernetes 1.31. Kubernetes 1.31 introduces a number of enhancements aimed at improving traffic distribution, resource management, and security. Key improvements include:
   o Ingress Connectivity Reliability: This improvement addresses endpoints on terminating nodes or nodes with an unhealthy kube-proxy. The Ingress connectivity reliability enhancement for kube-proxy graduates to stable, marking a significant improvement for admins who want to limit unexpected traffic drops during node shutdown.
2. Deployment Stability
   o Random Pod Selection During Replica Set Downscaling: This feature helps maintain pod balance across failure domains, leading to better pod distribution and improved high availability in environments.
   o Unhealthy Pod Eviction Policies: This allows admins to specify actions for pods that are healthy but not yet ready, offering more granular control over pod processes.
3. Support for Multiple Service CIDR (Beta)
   Kubernetes 1.31 adds support for multiple service CIDRs, helping to resolve IP exhaustion challenges in large or long-lived clusters. It allows administrators to dynamically modify CIDR service ranges without downtime.

Top Requests for Enhancement (RFE) in OpenShift 4.18:

1. Server Message Block (SMB) Container Storage Interfaces (GA)
   OpenShift now offers general availability (GA) support for SMB container storage interfaces, enabling customers in Samba or Microsoft environments to leverage their existing storage infrastructure in OpenShift.
2. Networking-Related Improvements
   o User-Defined Networks: A highly demanded Kubernetes networking feature that enables cluster and project admins to define isolated networks for pods and virtual machines (VMs), particularly useful in OpenShift Virtualization use cases.
   o Custom IPv4 Subnets on OVN: This feature allows admins to customize OVN networks for “bring your own VPC” deployments.
3. Cluster Deployment Enhancements
   o Bare Metal and Virtualization Support: OpenShift now provides further support for bare-metal deployments in Google Cloud and Oracle Cloud.

Red Hat OpenShift 4.18 Highlights:

1. Core Concepts
   o Enhanced User-Defined Networks (UDN) with BGP support.
   o Operator Lifecycle Manager V1 for improved security and GitOps integration.
   o OC Mirror V2 to manage container images with enhanced performance and security.
   o General Availability (GA) support for OpenShift on Bare Metal in Google Cloud and Oracle Cloud.
2. Virtualization
   o VM-Friendly Networking: With user-defined networks, OpenShift improves networking for VMs.
   o VM Storage Migrations: Enhanced support for VM storage migrations.
   o Public Cloud Support: Virtualization in Google Cloud and Oracle Cloud.
3. Security
   o Secret Store CSI Driver: Improved handling of secrets using the Secret Store CSI Driver in OpenShift GitOps and OpenShift Pipelines workflows.
   o Cert-Manager Integration: Secure OpenShift Service Mesh secrets with Cert-Manager.
   o Automated Certificate Recovery: Faster cluster recovery following hibernation.

News in OpenShift Networking 4.18:
OpenShift 4.18 introduces User-Defined Networks (UDN), which provide admins with more control over the segmentation of pod networks. This allows for the creation of isolated layer 2, layer 3, or local net networks for pods and VMs. Key features include:
• BGP Integration: Supports direct referencing of VMs from outside the cluster without requiring NAT at the cluster’s edge.
• Overlap Handling: Kubernetes ensures isolated subnets and avoids conflicts between different UDNs.

Operator Lifecycle Manager (OLM) V1 Enhancements:
OLM V1 brings several improvements:
• Consolidated Cluster Extension API for easier integration and automation.
• Declarative Workflows to enable zero-touch provisioning.
• Improved Security via user-provided service accounts with minimized permissions.
• Enhanced Reliability with continuous reconciliation and automated rollbacks.

OC Mirror V2 Enhancements:
OC Mirror V2 brings significant improvements, especially for air-gapped environments:
• Enhanced Security with Enclave environments for sensitive workloads.
• Granular Image Deletions and optimized storage management.
• Helm Chart Mirroring in addition to container images.

Virtualization Updates:

1. User-Defined Networking (UDN): OpenShift now supports UDN for VMs, enabling multi-tenancy and extending across clusters.
2. Storage Live Migration: OpenShift now supports the migration of VMs’ storage across different types and vendors.
3. Public Cloud Support: VMs are now available on Google Cloud and Oracle OCI.
4. Workload Balancing: Enhancements improve resource management for VMs, allowing third-party tools to participate.
5. VM Inventory and Management: A visual inventory system has been introduced to manage VMs and namespaces in OpenShift.

Security Enhancements in OpenShift 4.18:

1. Service Mesh and Certificate Management: Integration with CertManager 15 for seamless certificate management.
2. Secret Store CSI Driver GA Release: External secret managers can now securely store secrets in volumes mounted to pods.
3. Cluster Stability: Faster and more efficient cluster recovery without requiring backups.

OpenShift 4.18 New Features for AI and Workload Optimization:

1. OpenShift LightSpeed: A generative AI-based chat assistant in tech preview.
   o Integration with OpenShift 4.18 knowledge.
   o Support for ARM-based architectures.
   o Real-time response display and improved VM object imports.
2. Accelerator Support:
   o NVIDIA GPUs: Support for H2 NV GPUs and VGPU technology.
   o AMD and Intel GPUs: Support for AMD Instinct GPUs and Intel GPUs (GUDI 3).
   o IBM SP Accelerator: New support for AI workloads.

Advanced Cluster Management (ACM) 2.13:

1. Virtualization Insights: ACM includes dashboards for VM right-sizing.
2. Policy-Based VM Backups: New backup management for VMs and improved search capabilities.
3. Governance & Policy Management: Improved support for Kubernetes admission policies and pre-deployment testing.
4. Cluster API Support: Automates tasks through GitOps for hosted control plane clusters.

Security Enhancements with Advanced Cluster Security (ACS) 4.7:

1. Software Bill of Materials (SBOM): Tracks dependencies and libraries in container images for better software supply chain security.
2. Exploit Prediction Scoring System (EPSS): Adds EPSS to vulnerability data, helping prioritize remediation.
3. ServiceNow Integration: Integrates ACS with ServiceNow for improved tracking and resolution of vulnerabilities.

These updates across OpenShift 4.18 provide significant advancements in networking, virtualization, security, and AI/ML workload optimization, enhancing both performance and user experience.