×

Red Hat OpenShift Container Platform provides developers and IT organizations with a hybrid cloud application platform for deploying both new and existing applications on secure, scalable resources with minimal configuration and management overhead. OpenShift Container Platform supports a wide selection of programming languages and frameworks, such as Java, JavaScript, Python, Ruby, and PHP.

Built on Red Hat Enterprise Linux (RHEL) and Kubernetes, OpenShift Container Platform provides a more secure and scalable multitenant operating system for today’s enterprise-class applications, while delivering integrated application runtimes and libraries. OpenShift Container Platform enables organizations to meet security, privacy, compliance, and governance requirements.

About this release

OpenShift Container Platform (RHSA-2022:5069) is now available. This release uses Kubernetes 1.24 with CRI-O runtime. New features, changes, and known issues that pertain to OpenShift Container Platform 4.11 are included in this topic.

OpenShift Container Platform 4.11 clusters are available at https://console.redhat.com/openshift. With the Red Hat OpenShift Cluster Manager application for OpenShift Container Platform, you can deploy OpenShift clusters to either on-premises or cloud environments.

OpenShift Container Platform 4.11 is supported on Red Hat Enterprise Linux (RHEL) 8.4 and 8.5, as well as on Red Hat Enterprise Linux CoreOS (RHCOS) 4.11.

You must use RHCOS machines for the control plane, and you can use either RHCOS or RHEL for compute machines.

OpenShift Container Platform layered and dependent component support and compatibility

The scope of support for layered and dependent components of OpenShift Container Platform changes independently of the OpenShift Container Platform version. To determine the current support status and compatibility for an add-on, refer to its release notes. For more information, see the Red Hat OpenShift Container Platform Life Cycle Policy.

New features and enhancements

This release adds improvements related to the following components and concepts.

Red Hat Enterprise Linux CoreOS (RHCOS)

Improved support for NVMe over Fabrics

OpenShift Container Platform 4.11 introduces the nvme-cli package that provides an interface for managing NVMe devices.

Investigate kernel crashes on AMD64 machines with kdump

RHCOS now supports kdump for the x86_64 architecture in OpenShift Container Platform 4.11. Support for kdump on other architectures remains in Technology Preview.

Investigate kernel crashes on ARM64 machines with kdump (Technology Preview)

RHCOS now supports kdump for the arm64 architecture in OpenShift Container Platform 4.11 as a Technology Preview.

RHCOS now uses RHEL 8.6

RHCOS now uses Red Hat Enterprise Linux (RHEL) 8.6 packages in OpenShift Container Platform 4.11 and above. This enables you to have the latest fixes, features, and enhancements, as well as the latest hardware support and driver updates.

Updated RHCOS registry URL

The redirector hostname for downloading RHCOS boot images is now rhcos.mirror.openshift.com. You must configure your firewall to grant access to the boot images. For more information, see Configuring your firewall for OpenShift Container Platform.

Installation and upgrade

RHEL 9 support for the OpenShift installer

Using Red Hat Enterprise Linux (RHEL) 9 with the OpenShift installer (openshift-install) is now supported.

For more information, see the "Obtaining the installation program" section of the installation documentation for your platform.

New minimum system requirements for installing OpenShift Container Platform on a single node

This release updates the minimum system requirements for installing OpenShift Container Platform on a single node. When installing OpenShift Container Platform on a single node, you should configure a minimum of 16 GB of RAM. Specific workload requirements can require additional RAM. The complete list of supported platforms has been updated to include bare metal, vSphere, Red Hat OpenStack Platform (RHOSP), and Red Hat Virtualization platforms. In all cases, you must specify the platform.none: {} parameter in the install-config.yaml configuration file when the openshift-installer binary is being used to install single-node OpenShift.

OpenShift Container Platform on ARM

OpenShift Container Platform 4.11 is now supported on ARM architecture based AWS user-provisioned infrastructure and bare-metal installer-provisioned infrastructure. For more information about instance availability and installation documentation, see Supported installation methods for different platforms.

The following features are supported for OpenShift Container Platform on ARM:

  • Disconnected installation support

  • Elastic file system (EFS) for AWS

  • Local storage operator on bare metal

  • Internet Small Computer Systems Interface (iSCSI) for bare metal

The following Operators are supported for OpenShift Container Platform on ARM:

  • Special resource operator (SRO)

Troubleshooting bootstrap failures during installation on AWS

The installation program now gathers serial console logs from the bootstrap and control plane hosts on AWS. This log data is added to the standard bootstrap log bundle.

For more information, see Troubleshooting installation issues.

Support for Microsoft Hyper-V generation version 2

By default, the installation program now deploys a Microsoft Azure cluster using Hyper-V generation version 2 virtual machines (VMs). If the installation program detects that the instance type selected for the VMs does not support version 2, it uses version 1 for the deployment.

Default AWS and VMware vSphere compute node resources

Beginning with OpenShift Container Platform 4.11, by default, the installation program now deploys AWS and VMware vSphere compute nodes with 4 vCPUs and 16 GB of virtual RAM.

Support for the AWS SC2S region

OpenShift Container Platform 4.11 introduces support for the AWS Secret Commercial Cloud Services (SC2S) region. You can now install and update OpenShift Container Platform clusters in the us-isob-east-1 SC2S region.

Installing a cluster on Nutanix using installer-provisioned infrastructure

OpenShift Container Platform 4.11 introduces support for installing a cluster on Nutanix using installer-provisioned infrastructure. This type of installation lets you use the installation program to deploy a cluster on infrastructure that the installation program provisions and the cluster maintains.

For more information, see Installing a cluster on Nutanix.

Installing OpenShift Container Platform using Azure Ultra SSD

You can now enable Ultra SSD storage when installing OpenShift Container Platform on Azure. This feature requires that both the Azure region and zone where you install OpenShift Container Platform offer Ultra storage.

For more information, see Additional Azure configuration parameters.

Added support for bootstrapExternalStaticIP and bootstrapExternalStaticGateway configuration settings

When deploying an installer-provisioned OpenShift Container Platform cluster on bare metal with static IP addresses and no DHCP server on the baremetal network, you must specify a static IP address for the bootstrap VM and the static IP address of the gateway for the bootstrap VM. OpenShift Container Platform 4.11 provides the bootstrapExternalStaticIP and the bootstrapExternalStaticGateway configuration settings, which you can set in the install-config.yaml file before deployment. The introduction of these settings replaces the workaround procedure Assigning a bootstrap VM an IP address on the baremetal network without a DHCP server from the OpenShift Container Platform 4.10 release.

Configuring Fujitsu hardware

OpenShift Container Platform 4.11 introduces support for configuring the BIOS and RAID arrays of control plane nodes when installing OpenShift Container Platform on bare metal with Fujitsu hardware. In OpenShift Container Platform 4.10, configuring the BIOS and RAID arrays on Fujitsu hardware was limited to worker nodes.

For more information, see Configuring the BIOS and Configuring the RAID.

Disconnected mirroring with the oc-mirror CLI plug-in is now generally available

You can use the oc-mirror OpenShift CLI (oc) plug-in to mirror images in a disconnected environment. This feature was previously introduced as a Technology Preview in OpenShift Container Platform 4.10 and is now generally available in OpenShift Container Platform 4.11.

This release of the oc-mirror plug-in includes the following new features:

  • Pruning images from the target mirror registry

  • Specifying version ranges for Operator packages and OpenShift Container Platform releases

  • Generating supporting artifacts for OpenShift Update Service (OSUS) usage

  • Obtaining a template for the initial image set configuration

If you used the Technology Preview version of the oc-mirror plug-in for OpenShift Container Platform 4.10, it is not possible to migrate your mirror registry to OpenShift Container Platform 4.11. You must download the new oc-mirror plug-in, use a new storage back end, and use a new top-level namespace on the target mirror registry.

Installing a cluster on Azure using user-managed encryption keys

OpenShift Container Platform 4.11 introduces support for installing a cluster on Azure with user-managed disk encryption.

For more information, see Enabling user-managed encryption for Azure.

Accelerated Networking for Azure enabled by default

OpenShift Container Platform 4.11 on Azure provides accelerated networking for control plane and compute nodes. Accelerated networking is enabled by default for supported instance types in an installer-provisioned infrastructure installation.

AWS VPC endpoints and restricted installations

You are no longer required to configure AWS VPC endpoints when installing a restricted OpenShift Container Platform cluster on AWS. While configuring VPC endpoints remains an option, you can also choose to configure a proxy without VPC endpoints or configure a proxy with VPC endpoints.

For more information, see Requirements for using your VPC.

Additional customization when installing OpenShift Container Platform

OpenShift Container Platform 4.11 allows you to disable the installation of the baremetal and marketplace Operators, and the openshift-samples content that is stored in the openshift namespace. You can disable these features by adding the baselineCapabilitySet and additionalEnabledCapabilities parameters to the install-config.yaml configuration file prior to installation. If you disable any of these capabilities during the installation, you can enable them after the cluster is installed. After a capability has been enabled, it cannot be disabled again.

For more information, see the "Installation configuration parameters" section of the installation documentation for your platform.

Azure Marketplace offering

OpenShift Container Platform is now available on the Azure Marketplace. The Azure Marketplace offering is available to customers who procure OpenShift Container Platform in North America and EMEA.

AWS Marketplace offering

OpenShift Container Platform is now available on the AWS Marketplace. The AWS Marketplace offering is available to customers who procure OpenShift Container Platform in North America.

For more information, see Installing OpenShift using AWS Marketplace.

CSI driver installation on vSphere clusters

To install a CSI driver on a cluster running on vSphere, you must have the following components installed:

  • Virtual hardware version 15 or later

  • vSphere version 7.0 Update 2 or later

  • VMware ESXi version 7.0 Update 2 or later

Components with versions earlier than those above are deprecated or removed. Deprecated versions are still fully supported, but Red Hat recommends that you use vSphere 7.0 Update 2 or later and ESXi 7.0 Update 2 or later.

For more information, see Deprecated and removed features.

Post-installation configuration

Cluster capabilities

As a cluster administrator, you can enable cluster capabilities to select or deselect one or more optional components before installation or post installation.

For more information, see Cluster capabilities.

OpenShift Container Platform on heterogeneous architectures (Technology Preview)

OpenShift Container Platform 4.11 introduces heterogeneous architecture cluster support using Azure installer-provisioned infrastructure in Technology Preview. This feature offers, as a day-two operation, the ability to add arm64 worker nodes to an existing x86_64 Azure cluster that is installer provisioned with a heterogeneous installer binary. You can add arm64 workers to your heterogeneous cluster by creating a custom Azure machine set that uses a manually generated arm64 boot image. Control planes on arm64 architectures are not currently supported. For more information, see Configuring a heterogeneous cluster.

You can manually upgrade your cluster to the latest heterogeneous release image by using the release image-pullsec. For more information, see Upgrading your heterogeneous cluster.

Web console

Developer Perspective

  • With this update, in the developer perspective, you can add your GitHub repository containing pipelines to the OpenShift Container Platform cluster. You can now run pipelines and tasks from your GitHub repository on the cluster when relevant Git events, such as push or pull requests are triggered.

    • In the administrator perspective, you can configure your GitHub application with the OpenShift cluster to use a pipeline as code. With this configuration, you can execute a set of tasks required for build deployment.

  • With this update, you can create a customized pipeline using your own set of curated tasks. You can search, install, and upgrade your tasks directly from the developer console.

  • With this update, in the web terminal you can now have multiple tabs, view bash history, and the web terminal remains open until you close the browser window or tab.

  • With this update, in the Add+ page of the developer perspective, a new menu added to share project and Helm Chart repositories that allows to add or remove users to the project.

Dynamic plug-in updates

With this update, you can use the new console.openshift.io/use-i18next annotation to determine if the ConsolePlugin contains localization resources. If the annotation is set to "true", the localization resources from the i18n namespace named after the dynamic plug-in, are loaded. If the annotation is set to any other value or is missing on the ConsolePlugin resource, localization resources are not loaded.

For more information, see Dynamic plug-ins.

Support for dark mode theme

The OpenShift Container Platform web console now supports the dark mode theme. On the User Preferences page, select your preferred theme to view the web console in.

Display operand instances for all managed namespaces on the Installed Operator page

With this update, the OperatorInstalled Operator page will show all Operators across all namespaces. You are still able to view only the instances in the selected namespace within the project selector. When viewing the operand instances, a new switching control allows all operand instances from either all namespaces or only the current namespace to be seen.

Conditional updates

With this update, if conditional updates are available, you can enable Include supported but not recommended versions in the Select new version dropdown of the Update cluster modal to populate the dropdown list with conditional updates. If a Supported but not recommended version is selected, an alert will appear below the dropdown menu displaying potential issues with the version.

Pod disruption budgets (PDBs)

This update provides support for pod disruption budgets (PDBs) to the OpenShift Container Platform web console. From WorkloadsPodDisruptionBudgets, you can create PDBs for pod resources. You can select maxUnavailable and minAvailable from the availability requirement list and set the value of pods running. Alternatively, pod disruption budgets can be created from pod controller resources list and Detail pages. For example, from WorkloadsDeployments click Add PodDisruptionBudget.

For more information, see Pod preemption and other scheduler settings.

OpenShift CLI (oc)

RHEL 9 support for the OpenShift CLI (oc)

Using Red Hat Enterprise Linux (RHEL) 9 with the OpenShift CLI (oc) is now supported.

It is not supported to install the OpenShift CLI (oc) as an RPM for Red Hat Enterprise Linux (RHEL) 9. You must install the OpenShift CLI for RHEL 9 by downloading the binary.

For more information, see Installing the OpenShift CLI.

IBM Z and LinuxONE

With this release, IBM Z and LinuxONE are now compatible with OpenShift Container Platform 4.11. The installation can be performed with z/VM or RHEL KVM. For installation instructions, see the following documentation:

Notable enhancements

The following new features are supported on IBM Z and LinuxONE with OpenShift Container Platform 4.11:

  • Alternate Authentication Provider

  • Automatic Device Discovery with Local Storage Operator

  • CSI Volumes

    • Cloning

    • Expansion

    • Snapshot

  • File Integrity Operator

  • Monitoring for user-defined projects

  • Operator API

  • OC CLI plug-in

Supported features

The following features are also supported on IBM Z and LinuxONE:

  • Currently, the following Operators are supported:

    • Cluster Logging Operator

    • Compliance Operator

    • Local Storage Operator

    • NFD Operator

    • NMState Operator

    • OpenShift Elasticsearch Operator

    • Service Binding Operator

    • Vertical Pod Autoscaler Operator

  • The following Multus CNI plug-ins are supported:

    • Bridge

    • Host-device

    • IPAM

    • IPVLAN

  • Encrypting data stored in etcd

  • Helm

  • Horizontal pod autoscaling

  • Multipathing

  • Persistent storage using iSCSI

  • Persistent storage using local volumes (Local Storage Operator)

  • Persistent storage using hostPath

  • Persistent storage using Fibre Channel

  • Persistent storage using Raw Block

  • OVN-Kubernetes, including IPsec encryption

  • Support for multiple network interfaces

  • Three-node cluster support

  • z/VM Emulated FBA devices on SCSI disks

  • 4K FCP block device

These features are available only for OpenShift Container Platform on IBM Z and LinuxONE for 4.11:

  • HyperPAV enabled on IBM Z and LinuxONE for the virtual machines for FICON attached ECKD storage

Restrictions

The following restrictions impact OpenShift Container Platform on IBM Z and LinuxONE:

  • The following OpenShift Container Platform Technology Preview features are unsupported:

    • Precision Time Protocol (PTP) hardware

  • The following OpenShift Container Platform features are unsupported:

    • Automatic repair of damaged machines with machine health checking

    • Red Hat OpenShift Local

    • Controlling overcommit and managing container density on nodes

    • FIPS cryptography

    • NVMe

    • OpenShift Metering

    • OpenShift Virtualization

    • Tang mode disk encryption during OpenShift Container Platform deployment

  • Compute nodes must run Red Hat Enterprise Linux CoreOS (RHCOS)

  • Persistent shared storage must be provisioned by using either Red Hat OpenShift Data Foundation or other supported storage protocols

  • Persistent non-shared storage must be provisioned using local storage, like iSCSI, FC, or using LSO with DASD, FCP, or EDEV/FBA

IBM Power

With this release, IBM Power is now compatible with OpenShift Container Platform 4.11. For installation instructions, see the following documentation:

Notable enhancements

The following new features are supported on IBM Power with OpenShift Container Platform 4.11:

  • Alternate Authentication Provider

  • CSI Volumes

    • Cloning

    • Expansion

    • Snapshot

  • File Integrity Operator

  • IPv6

  • Monitoring for user-defined projects

  • Operator API

  • OC CLI plug-in

Supported features

The following features are also supported on IBM Power:

  • Currently, the following Operators are supported:

    • Cluster Logging Operator

    • Compliance Operator

    • Local Storage Operator

    • NFD Operator

    • NMState Operator

    • OpenShift Elasticsearch Operator

    • SR-IOV Network Operator

    • Service Binding Operator

    • Vertical Pod Autoscaler Operator

  • The following Multus CNI plug-ins are supported:

    • Bridge

    • Host-device

    • IPAM

    • IPVLAN

  • Encrypting data stored in etcd

  • Helm

  • Horizontal pod autoscaling

  • Multipathing

  • Multus SR-IOV

  • OVN-Kubernetes, including IPsec encryption

  • Persistent storage using iSCSI

  • Persistent storage using local volumes (Local Storage Operator)

  • Persistent storage using hostPath

  • Persistent storage using Fibre Channel

  • Persistent storage using Raw Block

  • Support for multiple network interfaces

  • Support for Power10

  • Three-node cluster support

  • 4K Disk Support

Restrictions

The following restrictions impact OpenShift Container Platform on IBM Power:

  • The following OpenShift Container Platform Technology Preview features are unsupported:

    • Precision Time Protocol (PTP) hardware

  • The following OpenShift Container Platform features are unsupported:

    • Automatic repair of damaged machines with machine health checking

    • Red Hat OpenShift Local

    • Controlling overcommit and managing container density on nodes

    • FIPS cryptography

    • OpenShift Metering

    • OpenShift Virtualization

    • Tang mode disk encryption during OpenShift Container Platform deployment

  • Compute nodes must run Red Hat Enterprise Linux CoreOS (RHCOS)

  • Persistent storage must be of the Filesystem type that uses local volumes, Red Hat OpenShift Data Foundation, Network File System (NFS), or Container Storage Interface (CSI)

Security and compliance

Audit logs now include OAuth server audit events

OAuth server audit events, annotated with login events, are now logged at the metadata level in the audit logs. The login events include failed login attempts.

For more information, see About audit log policy profiles.

Networking

Pod-level bonding for secondary networks

Bonding at the pod leve