Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Red Hat OpenShift / What's Next/What's New | Red Hat Livestreaming / 7 Jan 2021
Red Hat OpenShift / What's Next/What's New | Red Hat Livestreaming / 7 Jan 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: [What's New] OpenShift 4.7 [Jan-2021]

Description

Technical Product Manager Overview of OCP 4.7 with Public Q+A that anyone can see.

Who Should come: Customers: Developers, Admins, IT professionals
Where: openshift.tv

A

Hello uh welcome everyone. uh This is the what's new in openshift 4.7 uh briefing for the field. uh um I am representing the openshift product management team and my name is tashar katarki. um Let me turn on my video. um First of all, uh you know if you have any questions, we're going to go through a lot of presentation material today, but if you have any questions, please use the q a forum on prime time or, if you are on openshift.tv use the comments. uh Any outstanding questions will be addressed afterwards.

A

uh This call is being recorded, and so uh you will get that uh recording and slide deck and the q a questions answered eventually after the call. So, as you see, we have a lot of content to cover uh and uh without further ado, let's uh get into it. This is the openshift product management team. uh We do this uh every more or less for every release. Just before the release. uh What's new uh openshift uh uh openshift 4.7 content uh covers the stuff in.

A

uh Let me one thing I didn't do is turn off my notifications so give me once again sorry about that.

A

um um So, what's new 4.7 uh is something uh that we uh we're going to cover today and 4.7 is on deck and it is going to be released soon in the next few weeks. uh You know, and so you will get a chance uh to play with it uh and uh take it for a ride. So so, what's uh what are some of the themes for 4.7?

A

uh The theme of 4.7 are, as we continue to add, new installer platforms and they make improvements to existing ones, and you will see uh you know very soon, our assistant installer.

A

As an example of those improvements um from a code platform perspective, we have some exciting uh changes and features in the scheduler as well as we continue on our you know, journey on oen and you will see obniki sec as one of the spotlight features there. uh Security has always been important for openshift and for red hat.

A

The aci is kubernetes benchmark being presented a little later and then finally, on the workload and stability side, uh you know we continue to uh make improvements to openshift get offs that we introduced in 4.6 and openshift pipelines that we introduced even before that and help is now at figure out fire, and that is not ga, so we'll hear all about it uh soon.

A

So one of the things that uh we talk about here is: uh what's what's our roadmap looking like and from a roadmap perspective, you have, um you know 4.7, as I mentioned, uh 4.8 will be in we're targeting q2 of 2021, and then we will potentially have one, if not two more releases in the bottom half of uh this calendar year. uh I won't go into the details of this, but, as you can see, we have uh improvements planned for uh every layer of this stack.

A

Kubernetes openshift 4.7 is based on kubernetes 1.2 1.20, which g8 on december, 8th 2020, uh you know and contrary to recent releases. uh This release has more alpha than uh stable enhancements, uh showing that there is still much to explore in this cloud native ecosystem and improve uh so considering what the world has gone through. In 2020, this is such a remarkable achievement for the community uh to come together to make this 1.20, and so the openshift team definitely salutes that. So uh I'm sure you all agree with me on that.

A

So uh with that, uh I will uh pass the bit on on to uh these. Are the openshift 4.7 spotlight features? Some select features that we selected as representing some of the highlights of 4.7, uh we'll go through them first and then we'll get into kind of the more uh functional level features that we talk about in these presentations. So uh with that I'll hand it over to moran to talk about the assisted installer.

B

Hi.

C

Okay, hi everyone, my name is mohan goldberg, I'm a product manager in cloud platform bu and today I'm going to talk about assisted installer and what is assisted, installer, so assisted installer is a web-based service hosted on cloud.credit.com made to simplify the flow of deployment openshift on bare metal. It is focused on getting a user to an open shift cluster up and running with minimal requirements and great ux um 4.7.

C

We are basically going to release it as a tech preview, um where the installation network itself is intact preview, but the clusters installed successfully installed with it are supported and upgradable, um and very much as like as bare metal ipi clusters.

C

um So, let's, let's talk for a minute about the flow, so the focus is really simplified flow, so what the user needs to do it needs to go to the cloud.trader.com, generate an iso which then you basically take and boot machines with it. The boot media is awkwas loss and agent. The agent calls back home and registers the service and, from that point on, everything is done via the ui, and we've got really really minimum pre to to begin the flow.

C

So we don't need a dedicated bootstrap node, which is really critical on bare metal to save the resources. We actually use one of the masters to pivot them to people teach from bootstrap to a master machine, and we so we've got a three nodes: minimum cluster to begin with master and walker combination.

C

So that's the bare minimum uh compact bare metal clusters, as well as you can add, as much water as you want as part of this flow, and we don't need any dhcp hostname allocation and we've got the option to have a jumpstart veep allocations, meaning that the the agent is basically asking uh address allocation for the vips for the load, but for the load. Balancer grips to make the installation really really easy, and we also focus on pre-installation validations to make sure that the installation is successful.

C

So before running any openshift installation, we make sure that the host meets minimum requirements that the network connectivity and addresses metrics full mesh connectivity is there. Ntp uh is seeing oh, and if not it has, it has the option for to have a chronic config and we have the option to select disk and and validating the other speed of those lists, and so just making sure that everything is ready for for the installation and we also kind of provide a smart smart default configuration to make it pretty easy, but also changeable if needed.

C

And of course all the process is, is actually progress monitor. So you can see that the progress of the installation, event and alerts uh you have the option to download the logs if something goes wrong open a bug, if you need the.

C

Assistant of of support, uh so actually, all in all, we are trying to really wrap the experience. um This is something that uh we brought up this service to air around uh late september as in a dev preview, and now we are going to advance with it um so uh 4.7 prerelease installation is actually available today and on cloud.render.com. So you can go ahead and to assist the installer and try it out using 4.7 bits at the bottom.

C

You can see a blog post link which have kind of a further explanation and overview around the entire process and capabilities. If you are interested- and I think that's it for me today, thanks to sean back to you.

D

Hi, my name is guard sink. I'm a product manager at open shift. I'm going to talk about hba, horizontal part, auto scaling. It is automatically scaling up part based on memory. Utilization, uh take an example, think about an application or website customer facing website.

D

Suddenly a lot of people logging in because of that, the memory utilization of the website has increased to 90 percent hpa, will spin up new parts so that the memory has been spread across and your website is functional without any impact on the right. What you see is a yaml template where you can specify what is the minimum and maximum scaling and at the bottom is target average utilization 60. It is a 60 percent.

D

It could be a a definite value like 500, mb and 600 mb, and the 60 percent is off the pod memory request. Not the limit next slide.

D

Please: okay, dueling profile, uh it's in technology preview. What it is is uh you can customize the default behavior out of the box, behavior of openshift scheduler with profiles it comes into flavor one. Is the previous profiles think about it as best practices? There are three people profile. One is the low node utilization.

D

uh It will spread the part evenly across the nodes. Then high node utilization is packed as many parts on a small dedicated nodes and no securing scoring is quickly skidding. Apart think about an application which require low latency, so it schedule those parts very quickly on the right. It is build your own profile. Think of it as an uh we give you a bunch of legos you put together, legos based on your business, need uh every openshift scheduler have only one studying profile and one splitting profile.

D

I have many plugins and one plugin has many extension points so, based on this, you can uh you can build many logic of which maps to your business need uh next type. Please.

D

um Scheduler operator, uh uh if it effects part data schedule on less desired node in the cluster. uh Basically what it is any part that violates your predefined rules are been evicted.

D

There are three profiles available today: affinity and pains uh a big part that do not follow the ethnicity and paint rule uh topology and duplicates uh a big part if it duplicate parts and balance it across the node, then life cycle and utilization is effect, part which, uh based on part lifetime value and every part or vivid low utilize part, which is being spin up on note, which has been dedicated for high density.

D

uh That's from uh that's it from me uh next slide, and next presenter.

E

Hello, I'm erwin garen product manager for hardware accelerators. We have collaborated with nvidia to allow gpu sharing for openshift on virtualized platforms. So to use this feature on your open worker node should run on a virtual machine supporting virtual gpu, like reddit openstack platform or radar virtualization.

E

Instead of having a parity of one pod to one physical gpu, you will be able to use up to 16 ports on one physical gpu, so this feature could be handy for inference, workloads or data scientist notebooks, so the maximum number of cpu gpu can vary because it could be, for example, 16 v gpus for the nvidia c4 or 10 for the a100.

E

So you can also choose the vgpu memory size on the vgpu sharing technology. You can pick time slides or new. The new multiple instance gpu before using gpu operator with vgpu. You have to install the vgpo host driver on the hypervisor and you need to set up nvidia license server on your network. Next is.

E

Mac.

F

Right uh thanks everyone, so uh an important feature for uh openshift customers in four seven.

F

um But there we go an important new feature for openshift customers in 47 is ipsec, so with ipsec all east-west internode data plane, traffic is governed by um that is governed by obn will be encrypted and per fips requirements. Ipsec is enabled at installation time, so this next generation enablement of ipsec is going to improve upon our 3x implementation in several ways. So for one, the specific type and level of encryption will be fips compliant for another.

F

It avoids ipsec between worker and control, plane nodes, which already are using https to meet the requirements of fips. Third, while initial four seven implementation, encrypts all dated plane traffic at the node level, um implementing episec inside of ovn enables future capabilities in the specificity of the internet traffic that will get encrypted. So, for example, we could refine encryption to specific namespace to namespace traffic versus encrypting, all the traffic between the nodes and, finally, the way we've implemented it in four.

F

Seven also provides the foundation for supporting hardware offload of ipsec encryption to the uh the smart next. That will support in a future version of openshift, so uh further details about how you would implement ibsec um in a four seven are included in the notes of this slide. uh Next slide. Please.

G

Open shift, git ups is a new add-on that will be achieved for seven and uh the idea openshift githubs is to enable customers to adopt github's practices that uh for for driving um infrastructure and application operations through git workflows. So in openshift get ups. uh Customers have access to a supported version of argo cd, which is the githubs engine and through the cr, and you can see on the on the slide uh it can define which git repo should be synced with which cluster and through that way, they can completely rely on the git provider.

G

Workflows like pull requests, reviews commenting and merge in order to push an application to a large number of clusters connected to a git repo or a cluster configuration if you're, configuring authentication, for example, a multiple instance of openshift, and you want to guarantee they're all looking alike and openshift github's operator will be available in operator hub and once installed gives a one-click experience for getting access to an argo cd instance that we recommended to use that instance for cluster configs and in addition, customers can create other argo city instances within the name spaces for application teams.

G

So these are instances that have more limited access to the cluster and focus on driving application deployments and continuous delivery in a declarative manner. They can't install any cluster-wide or cluster um or more like they don't have privileged access to the cluster that they're running on um it has access to.

C

uh

G

It has its supports out of the with tp disconnected cluster restricted uh networks uh in both of those scenarios, and we have some guidance on different use cases or different topologies for installing or using argo cd for different purposes.

G

In addition to the two that were mentioned beyond argo, cd openshift gdos also includes a cli openshift and github's application manager, cli abbreviates to to cam, and the purpose of that is to help customers bootstrap a github's workflow using argo cd using tekton and some of the other components in order to simplify adopting github's practices, it generally populates a git repo, basically for them and configures our currency, configures takedown, the integration points in between them- and this is an area that uh over the coming months, will be um focusing a lot on uh getting customers started with that next slide.

G

Please.

H

Hi everyone kirsten newcomer here I'm excited to provide an update to you for a cis benchmark for openshift. We have been working behind the scenes with directly with the center for internet security dis on a open shift benchmark. We expect that that will be published uh late january potentially early february.

H

um It has gone through an initial internal review with cis. uh In the interim, we have made available the openshift four hardening guide, which is uh you'll need to a red hatter to help you get access to that and once the cis openshift benchmark is published that will replace the hardening guide. We also now have available for use with 4.6 and then with 4.7 as soon as 47 gas, automated compliance checks with the benchmark that you can implement using the openshift compliance operator.

H

We have a link here on the slide to the update that you need to apply for 4.6 and again these checks will be available through the uh optional compliance operator in 4.7 and 4.6.

H

Also, we want to announce that red hat advanced cluster manager, 2.1 is integrated with the openshift compliance operator, so you'll be able to leverage that integration. For these compliance management across your fleet of clusters, next slide, please.

H

So for those of you who may not have heard on january 7th red hat announced its intent to we decide announced signature of a definitive agreement to acquire stack rocks. The acquisition is subject to certain customary closing conditions, so at this time, uh there's a great deal of public information available to you. There are some links here to the press release at the top and to some blogs and an faq at the bottom.

H

Stackrocks is strategically aligned with red hat's view on offering security capabilities that enable full stack solution for enterprise-ready hybrid cloud, the co. The capabilities that you see listed here from stack, rocks complex, complement, red hat's, layered approach to security, where we focus on integrating security capabilities throughout the stack throughout the life cycle, and we're really excited about uh this.

H

The opportunities that this opens up to expand and refine coop native security, as well as to shift security left into the container, build in ci cd pipelines as stack, rocks and red hat work together to deliver a cohesive and comprehensive solution to enhance security uh throughout our offerings and throughout the life cycle. Thank you. Next slide.

I

Thank you very much uh good day everybody. My name is hisham murad. Welcome, I'd like to give you a quick update on what's new in red hat, advanced cluster management, 2.2, so acm 2.2 will be releasing on march. 4Th and acm to acm in general has four main pillars. If you will, I want to touch on each of those pillars, as I, as I touch on these three main bullets here.

I

So one of the things we introduced in the prior release is actually being able to really manage openshift everywhere me continue to expand that theme for our customers, but it doesn't matter where their open shift clusters live, they're able to manage it.

I

We introduced bare metal as well as vsphere and the prior release and in 2.2 we're excited to announce that we're also supporting azure red hat open shift, as well as openshift dedicated again being able to manage that openshift clusters, regardless of where they live, and on that same theme, if you will we're actually as a tech preview, integrating submariner as part of this. Why is this important for our customers? Because what we're doing is we're enabling this secure communication between clusters, but from an application perspective.

I

Now our customer is going to be able to deploy modern applications that will span clusters and data centers and even ban providers as well so incredibly powerful thing that we're bringing here for our customers now at the heart and soul of what we do from a red hat perspective is all about open source and we want to continue to expand and embrace open source. So as part of the compliance and what kirsten just talked about is the integration of the compliance operator. Well with the 2.2 release.

I

We continue to enhance that as well, and we want to make sure that openscap scanning and that security scanning that you can perform using that operator against your clusters. You're now able to surface surface. Excuse me that information into the acm ui and have that unified, centralized visibility of that as well. Another thing that we're into that we're bringing in as a tech preview is we're integrating the kubernetes integrity shield. This is all about resource assurance, making sure that the integrity and authenticity of all the kubernetes resources and images and containers are valid.

I

So that's also very important that touches on our governance and risk and security and compliance aspect of or pillar. If you will of acm now another area, that's really important is get ops right. Get ops is really a now a methodology. That's used very widely across developers and has been for some time, but we now have actually integrated argo cd. Argo cd is widely used by many many users and many many customers to deploy applications because of this integration with acm we're now able to surface all the openshift managed clusters to the argo cd users.

I

So now they can, with confidence, deploy to these securely managed acm uh uh open shift clusters so again continuing to expand and enhance that story, and that really expands our application life cycle management story as well.

I

Lastly, observability is one of those key four pillars that we have in acm and we're continuing to expand that customers want to know that these clusters are healthy, they're, not experiencing any performance degradation. They want that visibility.

I

So now, customers are able to actually choose which metrics that are meaningful for them and be able to actually customize those allow lists. What does that mean?

I

That means from a graffana perspective, you are now able to build custom dashboards and in those dashboards you have the different panels, where you're able to present and showcase all those metrics that are really important for the customers, so making it more and more meaningful for them and at the end of the day, it's really all about making the customers lives easier in terms of the multi uh kubernetes cluster management.

I

Last point is: we have so much more detail. That's coming on this. It's going to be on one stop very quickly. So please please uh go visit one stop soon and we'll have some more details, both in a messaging document, as well as a powerpoint presentation on all these topics. Thank you very much.

J

Okay, so this is sergio khan, the product manager for cost management. We've worked a lot in the last release. You have it available today and it will be updated through voltage, seven and more than experience for ocp clusters. So in the past we were using operator metering right now. There's a new operator. It's called coco metrics until we certified that it will happen during photo seven with only one configuration file, one two minutes: now you can have it and we have reduced by 1000 the resources that you need to get it running.

J

So we get the same information we got before easier and really with better maintenance, and the other thing we are delivering through photo. Seven is we're gonna support it in our gap scenarios, so there will be an update in a few weeks where you will be able to get your igap cluster gather the information and upload that to the sas service to be processed next slide.

J

Please.

J

So right now there's two operators. The new one will be available. The 35 version will have another name. So let's go to the next.

J

Slide. Okay, so we've changed some uh additional things in the tool. So, if you go now, you will see that you can filter out tags in the different sources we support. That was important. We have customers with one tag and more than 1.5 million values, and that was basically making it really hard to use the tool right now you can select which tags are going to be used for openshift. You basically select the ones you want to include in your interface for amazon and azure you by default.

J

All of them are selected because you already do that in your in your cloud, but you can deselect one or several of them. If you don't need them or you think they're misleading. We also in in enhance the cost model with level based rate. So right now you if you want to put a price on storage and you want to differentiate between different type of storage. So it's it's more pricey to use a gold tier than using a bronze tier.

J

You can use a label in your storage or in your notes, and we will use that and of course, in order to do that too, we support default rates. So if you label something at default, if you wouldn't find any of the tabs that you have configured, we would use the default that we cover many of the use cases, and the other thing is one request we were getting a lot from.

J

Customers is encasement to our back that come with the platform, but right now you can fine-tune your disability, so you can select one group and define exactly what resources are available. Do you want to see a cluster? You want to see an account.

J

You can limit that visibility to one group, so you don't have access to everything that we have in the database. You only get access to whatever you are entitled to use and the other thing that it's it's nice uh coming along with. That is that now there's a specific role to create sources that you don't need to be an organ mean to create new sources. You delegate the role and the user will be able to create new sources for cost management and that's all next slide on net presenter.

K

Hey jake lucky here, so I just want to talk about managed openshift and the really. The first thing I want to touch on is that um from the managed openshift side. We really want to highlight the fact that openshift is a single product with multiple consumption models um go ahead and go to the next slide. Actually, uh so, if we skip to the next slide, so one thing that we're going to be doing in the openshift 4.7 time frame um actually back to the previous slide.

K

There, sorry um in the openshift, 4.7 time frame uh from the openshift cluster manager side. If we really want to emphasize that, uh so when you go into openshift cluster manager, uh we want to give you. You know all the different ways that you can create: openshift, uh whether you're gonna be creating a new cluster uh with ocp on bare metal, uh maybe using the assisted installer, uh whether you're, creating openshift dedicated cluster or whether you're creating a rocks cluster um on ibm cloud.

K

uh So what you're gonna start to see in the experience information cluster manager is uh you'll, be able to log in you'll, be able to create a cluster you'll, see all the different ways you can create. A cluster uh and you'll actually be able to register your uh arrow clusters and your rocks clusters back to your cluster list. So you have a real, a true multi-cluster view across all of your openshift clusters, no matter where they're deployed uh next slide.

K

Now, from the openshift dedicated and the redhead openshift service on the abs side, uh we have actually quite a few updates coming here in the 4.7 time frame and keep in mind um managed openshift. uh When we say openshift4.7, we mean 4.7 time frame. uh These are features coming in that time frame, not with openshift 4.7.

K

So we have a new ui for scheduling cluster updates, so you can basically tell us if you want your cluster to automatically update uh when there's a new openshift z stream available, you can basically set a maintenance window for that. What time and day, if you want that to happen on, you can do manual updates, you can basically set policies around. You know.

K

If how you want your nodes to drain when updates happen, we have auto scaling coming at the the cluster level, uh so you'll basically be able to set auto scaling at both at the cluster level and at the machine pool level. So we have this concept in dedicated and redhead openshift.

K

uh The the rosa service that you can basically create uh machine pools for the machine sets uh so machine pools are basically a multi-az machine set so um starting in the 4.7 time frame, you'll be able to actually create machine pools with different instance types um previously, you're restricted only to a single instance type. Now you can use mixed instance, types in your openshift, dedicated and rosa clusters, and you can set auto scaling on those pools.

K

uh You'll also be able to install into an existing uh vpc on aws, with your osd erosive cluster uh you'll, be able to use larger instance sizes all the way up to 96b, cpu and 760 768 gigabytes of memory. I believe that's the memory optimized 24x large.

K

um We also have customer notifications uh so um basically tied to the ocm cluster history, log, so ocm, tracks changes to your cluster uh version uh or any other changes that a cluster owner might make to the cluster in the at the ocm. Layer um also tracks, uh if sorry for doing support case, work on your cluster you'll, basically get a notification and you can set your notification preferences on clouderaheld.com.

K

um Lastly, we want to call out bring your own key disk encryption, um a feature available in ocp on abs, so we're bringing that to any osd or rosa clusters. uh You'll be able to use bring your own key disk encryption for basically, the os disks and persistent volumes uh next slide.

K

uh So, on on arrow on azure redhead openshift, our big focus, there is still uh on getting microsoft, azure governments uh available so basically expanding into the azure government region. uh We still have a lot of work happening around that uh that should be coming.

K

Maybe for that seven time frame it might start seeing like uh preview customers in 4.7 timeframe. Maybe 4.8 may be more realistic for when we see a ga on that um egress lockdown, so basically the ability to restrict uh outbound traffic from your cluster.

K

um We should have that uh coming in the near future here so just like, with uh with osd and roson abs. Bring your own key disk. Encryption uh is another feature that we're working very hard to get released on aero and then larger vm sizes there as well.

K

uh One of the things that you should see sooner uh on the arrow side would be the cluster create gui, so basically you'll be able to log into the azure portal and actually uh use um you know the web azure web console to set up a new cluster and set all of your configuration and preferences there, and I think that's it. uh That's it for me I'll hand it over to danger.

L

Thank you, jake. Let's talk about workloads, I'm daniel messer and the product manager for the operator framework, which is the foundation for all our workload. Operators on openshift for the operator lifecycle manager, our on cluster component 4.7, was mostly a bug fix release. So we went a lot into fixing uh issues with the product and bring in stability improvements. But one thing that we also put in as a new feature is for operators to communicate their readiness to be updated.

L

This is in order to make operator updates themselves more uh reliable and robust and obviously not something you would see when the operator is in a critical situation. So a critical operation, for instance, might be a live migration of a virtual machine and openshift virtualization or the restoration of a database from a backup.

L

So in these instances with 4.7, an operator can now raise the flag and can say it's not upgradable and the lifecycle manager will hold any pending update either manually or automatically approved until the operator leaves the critical phase and sets the upgradeable flag again to true. So this should help with building up confidence with cluster administrators to update operators as often as possible next slide.

L

The operator sdk is now a supported offering in openshift 4.7. That means um our isv partners and customers. Marketing operators can now rely on a supported official, downstream release of the sdk with all the branding and that they can get from redhead.com and obviously also get support for, and on top of that, we are now at version 1.3 of the operator sdk, which brings a lot of improvements in terms of automating um the packaging, as well as the testing so with a single command.

L

You can now test and package your operator for olm and see if it can be deployed and managed by olm. The sdk also supports the web hook, integration that oem offers so operators that are using admission web posts or cld conversion. Web posts are usually a little bit harder to install because the cluster admin needed to go up front into the system and register those web hosts, put tls certificates in place and make sure they are rotated, and this is not all being done by olm.

L

Since the last release and the required metadata for that is also now sketch scaffolded automatically with the sdk, the aforementioned operator conditions setting upgrade readiness to false and true is now also something that the sdk can natively make use of.

L

And last but not least, um the new bundle format that we introduced in the last release is something that the sdk can now scaffold and create automatically all to the point that it really just takes one command to do the whole bundle, metadata and catalog creation, which should help our customers to do this actually as part of their pipelines and continuously test. The operator on openshift, with o m.

L

With that over to the next slide to karina on an update on helm.

M

Thank you daniel I'm karina angel and we are further complementing our operator story with home charts, so more package management, more ways to bring workloads to openshift, and if you are especially a helm shop and are using a lot of helm charts, you will be excited for helm. 3.5 support the home. 3.5 is a feature: release go to helm.sh and go look at all the great new features in helm35.

M

Also, we will be allowing you to configure multiple repositories.

M

So if your development environment uses multiple repositories- or there are repositories out there- that you would like to pull into your openshift environment and now do that and support for disconnected environments, you can pull down the default repo and allow yourself to use your helm, charts in a disconnected environment for air gap mode. Also. Now, if your team does not want to see the default repository, you can remove that we will not force you to see the helm charts.

M

um The operator, the openshift developer, console team has also been working on a lot of great new features. So not only can you use helm through the cli, you can also go into the console and deploy helm charts.

M

uh First, I want to highlight that we do have an example: quarkus helm chart for you to deploy and you can go and copy that and use it. How you wish and pull it into your own repo. You can also select different version if you're using different versions for your home charts. Now you can select which one to install as well as filter out any helm, charts that are not compatible to your openshift release.

M

Another big thing is form based value creation. Instead of having to go change your yaml now you can do it in the form again. The theme is simplifying this for your developers and now you can see the topology view for your helm, charts as well. Now you can visualize.

M

I also want to point out that argo cd we've been talking a lot about get ops, as was mentioned by cmac, as well as the acm team. Argo cd does support helm, charts so remember that next slide. Please.

M

The red hat application services team, since we are talking about workloads, formerly known as middleware of course, has been doing a lot of work and making it easier to bring for middleware and application services to openshift.

M

I want to highlight that the runtimes team we have been announcing lots of great quarkus enhancements and quartuses your cloud native java development runtime.

M

So now within the console, you have quick starts, which will be mentioned later in this presentation to get you up and running more quickly, as well as, as I mentioned at the example helm chart so that you can go deploy a quarkus from your developer, console go to the helm group repository and you will find an example. Helm chart there also integration with serverless functions, which is dev preview, that nano will be talking about later as well.

M

I would also like to highlight that eap now has runnable jars again, making it faster and quicker for you to run your applications and get you up and running and for all you spring boot users, not only support for ubi support for java, 8 and 11, but decorate build hooks again, making it easier for you. So that's tech preview, please play with it, give us all your feedback all right. The red hat integration, team jake was talking about openshift dedicated and all the great new enhancements.

M

Another thing that you can use in openshift dedicated is the managed api service. That is ga so go play with that and, of course, lots of manageability enhancements.

M

The red hat process, automation team- we have been talking a lot about cogito cogito is upstream cloud native process, automation, so pam 7.10 is the first release with that technology and you'll see even more coming out, but play with that again and the new dashboard builder, so lots of great stuff coming out of the red hat application services and now on to peter louderbach for openshift virtualization.

N

Thanks karina, so openshift virtualization is the ability to run vms inside of openshift. Now, based on the upstream cuber, we've actually been working with some very strategic customers to do things like create hybrid applications of legacy, vms, like enterprise databases and connect them to their cloud native development, and then some other folks are doing some very uh what I would call advanced stuff using ephemeral with those vms inside of uh say, developer pipelines right. So there's lots of different use cases here.

N

What we've done is we want to make it super easy just as you've done on your existing virtual platforms to just create a catalog of vms, based on golden images that have been blessed by the operating systems. Teams and developers can deploy those with one or two clicks.

N

We've also got some quick starts that are very capable guides that step you through the process of doing something in time real with with the console, and so it steps you through and guides you and helps you learn the product easier. One of the other things we've got coming as well is some sizing guidance. Once you get through running a couple of virtual machines and you want to start scaling and deploying across your cluster and what does that look like?

N

The other thing that we've worked focused on is ux throughout the entire product, so the ability to get the operator to create vms in your openshift cluster, I think, is now down to three or four clicks. It's very frictionless. It's easy to deploy and easy to update.

N

You can create virtual machines on a subset of nodes where, if you want to make sure you restrict it for say hardware, so you've got gpus or something like that and connect it. That way.

N

We last time we talked, we did have a robust virtual machine performance, benchmarks, running enterprise, databases, uh testing out the performance of qvert itself, and now we've been working very closely with the ocs team, making sure that, as you deploy large vms with databases inside them that you get both the performance and scale that you would expect on either bare metal or a virtualized platform.

N

But then you can also take advantage of the performance optimizations that ocs brings in terms of snapshotting and data protection.

N

One other thing I want to talk about is that we've done uh virtualization validation with microsoft. This has actually been the case since we actually gave the product several releases ago. So anything that's supported from windows, 2012 r2 onwards. All the way up to windows 10 is a supported, validated uh configuration not only from red hat, but from microsoft as well.

N

There's been a lot of work done in the storage area in terms of performance for pre-allocation of disks, where this is an optimization you might make for something like a large database and then the data protection work that I mentioned earlier.

N

We've started with offline virtual machine snapshots and then you'll see some future work coming in terms of online snapshots and additional capabilities. In conjunction with the work that the ocs team is doing. On the network side, we've actually got two things. One fell off the list here. We've got a tech preview capability to allow you to run a dual stack, ipv4 and ipv6 for the vms inside your cluster, and then we've actually been working very closely with our ecosystem partners.

N

As you know, openshift virtualization takes advantage of networking and storage abstractions, so we've been working with partners like tigera and their calico product to make sure that that it's easy not only to use those products in openshift with containers, but with virtual machines as well, and we look forward to working with our other partners in networking and storage to make sure that that users get the best experience, even if they're, using virtual machines, I'm going to turn it over now jamie to talk about service mesh.

O

Thanks peter uh hi, everyone, I'm jamie longmir, um so uh last last november we released service mesh, 2.0 uh and that'll continue to be. The latest supported version of service mesh on openshift 4.7 service message based on istio research services. 2 is based on istio 1.6.

O

uh Our team always performs a lot of extra testing and validation on new releases of istio, and so we're usually a version or so behind the uh the fast moving upstream project. um As worth noting, due to the substantial changes between 1.1 and 2, we strongly recommend that new users start with with service mesh 2.

O

next slide. Please.

O

So while we uh we don't have a new major release of service mesh, we do have a few updates to provide uh most notably service. Mesh now supports ovn kubernetes networking, which was was jade in ocp 4.6.

O

The team is also very close to declaring support for service mesh on power and system z hardware.

O

Finally, while service mesh is already supported on fips-enabled openshift clusters, we hope to declare that service mesh will be officially fixed validated soon. Fips ensures that your applications are running using a well-defined, secure and reliable set of cryptographic functions as validated by the national institute of standards and technology or the nist.

O

One of our most notable differences between openshift service, mesh and upstream istio is our use of openssl for encryption. This allows us to declare that service mesh declare service mesh as tips validated uh once the applicable version of rel open ssl receives its validation from nist, so we're just holding on for that. The uh the next version of openshift service mesh will be 2.1, which should be the next major version that will focus on service mesh federation and more next slide.

O

Finally, the team's getting closer to declaring official support for service mesh 2.0 on our managed openshift offerings, so openshift dedicated uh azure, red hat, openshift and red red hat openshift on aws uh service, which will be supported as an unmanaged add-on for these platforms, meaning that customers will will install and manage service mesh in in the same manner that they would on ocp with access to the same support channels available thanks. Everyone I'll now hand it over to naina who will talk about openshift serverless functions.

P

Thank you jamie, um as you all know that openshift serverless packages and extends k native and now with eventing as gn functions, has stepped with. You then serverless1.11 release. um We wanted to share what is new in serverless.12, so similar to the previous releases. 1.12 updates the serverless product released to upstream matching version, 4k native um serving eventing, cli, etc, which is 0.18.x um in addition to various bug fixes this release changes the minimum kubernetes version requirement to 1.17.

P

um Another thing to note is the net contour project that enables contour is now in stable stage um depth preview of functions. Runtimes now boasts the addition of spring boot as an available runtime in addition to quarkus node and go as you can see at the top right corner and in regards to eventing developer experience through devconsole.

P

Now, in addition to use of kn cli users can use that console to create channels and subscriptions and can also add triggers to brokers, and this could really aid the users in creating and visualizing um event driven applications, and you can see the glimpse at the bottom right. um We have also added the integration with servicemath2.oh um and I guess that's missing from the slide. I thought I'd take it anyway. So that's about it for this release and for further information. Please refer to our release, notes, um facts and on one stop.

P

um Next download would be covering ci cd geek get up so see how much please take it away.

G

Thank you so for cici and get ups they're, offering openshift they're, really three pieces that addresses different levels of complexity, of continuous delivery. There's openshift builds that focuses on building container images on the cluster, from source code or docker file or binary and other use cases. There is openshift pipelines that focuses on ti and more of the push-based knee openshift gears that we briefly talked about next slide. Please, on four seven, you have a new release of pipelines, 1.3 uh that brings uh takedown 0.19.

G

Some of the capabilities in in openshift 5.1.3 is that we have reduced the privileges that the pipelines have both the controllers and also and the pipeline itself that is executing and uh in the next next release. We actually will reduce that even further taking advantage of uh the user uh launching pod and user uh namespace. That is coming also in in openshift47 um clusterwide configs, that if a customer configure them on on the cluster uh option python, they consume them and pass them to the python.

G

The task from pods as well https support for web books is in our area, so we can have end-to-end integrations for uh web hooks that are exposed for each pipeline. This is an rfid that comes from the customer and another area that you will see more also in the following versions. More automation around is that we work a lot to reduce the amount of resources number of pods for even listeners, so that one even listener can be used across the entire cluster or across multiple related namespaces.

G

The enhancements on the tasks task, library that is shipped by with openshift python is that now it is try and build a task expose a result containing the image digest of the image that was just built in that task that I can consume in the following tests in a pipeline for deployment, for example, again, you don't have to go on the tags that are inaccurate and you can use a specific digest of the image and deployed within the pipeline. There are also numerous enhancement in the dev console the ui experience of pipelines. There is metrics.

G

Tab is added, as you can see, on the slide. There is like the success failure. Ratio of the python runs for a particular pipeline average and time that it takes over time or over various days, so you can identify anomalies also for tasks uh test runs as well.

G

There is a task run tab to make it really easy to navigate from a python run to the task ones that are generated uh for that uh pipeline run to be able to dig deeper and for debugging purposes or more insight into what's happening in certified execution of pipeline and even stab is added. That is hugely beneficial when you're debugging the python. So you it's a collection aggregation of all the events that are coming out of a specific python run.

G

All the tasks runs that are related to that python run or any of the pods that are related to those task runs. So if something goes wrong and you don't see it in the logs there's a very high chance that you would find the events tab of of that particular python run, and some minor updates are also in the in the logs for um python.

G

You can there's a button to download the logs if you want to further analyze them next slide, please on the tool inside uh the takedown cli, um the ide plugins, that is vs code extension and intellij. We have now integration with tecton hub for searching and installing tasks. Tickton hub is a a central hub under hub that take down the depth or um discovering searching for task.

G

Reusable tasks that it can use for offering pipeline is a project that we launched a while back within the community, and it was actually just recently came out of preview. Now we have integration across our tooling that you don't have to lose your context, leave the cli or leave vs code or intellij to search for install tasks right from there. You can install it can also in the vs code, install the task as a cluster task.

G

If you want to share the task across the entire cluster, there is improvement in the code completion in vs code. You can see on the screen, for example, that the variable compilation includes results from other tasks and the context variables are available inside a pipeline.

G

Support for creating pvcs is added when you're starting a pipeline vs code. It's a very common scenario that someone wants to start a pipeline. That has a workspace, but you don't already have created a pvc that you can use with that python run. So on the spot on the fly, you can create a pvc and start your pi network and a very useful capability added is about notifications as well that the pipelines that you have opened within your workspace in vs code as you execute python, runs and they fail or succeed.

G

You would get notification popping up at the bottom, uh notifying you about the result of execution of that pipeline next slide. Please.

G

Github we have a partnership with github, which was announced uh in the beginning of december, about a month ago, at github universe, you can read about the first release and the the blog that explains further on what is planned.

G

What is coming of the couple of monthly, the partner is already out github actions, which makes it really simple to create github workflows on outside inside github that interact with openshift. There are a number of tasks that are already available inside the github marketplace uh by red.

B

Hat.

G

uh They are all verified and there are more plan that would come along and there are more integration plans with github runner and eventually github enterprise running on openshift. But it's an area that is developing to bring openshift more into the github ecosystem and the github workflows that are taking traction are popular among the github users. Next time.

Q

So hi folks, I'm david harris talk about developer tooling, so we're always looking at new ways to help developers create and deploy applications on openshift and accompanying the 47 release. We've got some great new updates to our portfolio of developer tools and technology, starting off with this exciting new offering the developer sandbox.

Q

So this reduces friction for developers by instantly providing a reasonably sized private openshift environment for creating and deploying applications all at zero cost. So you can fully explore the default developer. Experience that comes out of the box with openshift and see how easy it is to take source code and have it running in a container developers can create new caucus-based applications. Connect them with the database running in their private environment, send links to their team members to provide feedback on as they iterate through it.

Q

The sandbox also includes code ready workspaces, so you can even do this in a loop development all hosted on openshift itself to get started with this. It is available. Now you just need to head over to developers.redhat.com forward. Slash developer dash sandbox next slide, please so the service binding, so service finding it enables dynamic discovery and configuration between microservices and the services that they depend on. So, for example, a java application can easily connect to a kafka instance without having to manually configure secrets, etc.

Q

This dynamic approach also makes things a lot simpler, as you start to move applications between environments, so where services or the addresses of things, may change, it's an open specification which red hat and a number of partners have been collaborating on, and it's looking to provide a standardized approach across the kubernetes ecosystem and thus making it easier for both consumers and producers or providers of services.

Q

As of december, the service binding operator is available on operator hub and as we progress towards ga both of the specification and the operator. Hopefully this will be in the second quarter, we're enhancing with important updates, such as to protect against privileged escalations uh next slide. Please.

Q

uh Code, ready workspaces is based on the eclipse che upstream project. It provides kubernetes native development environments all hosted on openshift, it's great for fast onboarding onto projects and collaboration with everything you need in a consistent and reproducible environment. There's some exciting new updates, either side of the 47 release.

Q

So with code ready workspaces, we have this capability where you can quickly start a workspace by simply appending the location of a repository in github to the url of your instance in 2.6.

Q

We're expanding our support of this capability to also include public and private repositories in bitbucket, then in 207 we're looking to improve what is often the first time experience where you haven't fully configured a workspace yet to automatically recommend and include plugins, so that you get better intellisense out of the box and next slide. Please.

Q

uh We provide a whole host of client-side tooling for developers uh here we're we're picking out a few examples. uh Firstly, audio. This is our cli, which extracts abstracts kubernetes and makes it simpler for developers to create and deploy new microservices.

Q

In version, two of that we switched to introducing a new dev file version, 2 format for creating components and since then, we've updated both of our ide plugins, the openshift connector for vs code and intellij, as well as code ready studio, which is our eclipse-based desktop ide. To leverage this new capability in audio uh within audio itself, as well as an update to support um service binding 0.3.

Q

The latest updates have been focused on improving the documentation to help users get started and be more productive and expanding. The support of this new devfile v2 specification in the openshift connector we'll be looking to provide simpler access to the new developer, sandbox that we mentioned earlier, like we already do with code ready containers and with code ready studio. Our upcoming release includes new support for versions of wildfly and eap next slide. Please.

Q

So code, ready containers allows developers to run a local instance of openshift on their laptops in the latest update we've made some more memory available for end user applications and we're continuing to work on reducing the overall requirements for crc.

Q

We have also added system trays on windows and mac to help you easily configure crc and there's a new installer for mac to streamline the installation process and the delivery of assigned binary we're also introducing new telemetry, and this will help us to better understand usage patterns and errors, hopefully to make crc even better and that's it from me. I'd like to pass the danger.

L

Thank you. A quick update on kwai free four um great v4 was originally planned to be a maintenance, only release will be released in the beginning of february. uh This was mainly due to the fact that we were doing a python v2 to python v3 migration for the entire code base, and this required a lot of retesting still, the team managed just a couple of interesting features, and one of which is that you can now download, create like pretty much any other red hat product.

L

There are official images going to be available for free for for quay, claire and all the operators, so no more downloading from cray I o with a shared secret next slide. um Speaking of operator, we have a completely rewritten quay operator that is managing quay on openshift and it gives customers this batteries included experience that many users have been asking and waiting for. So the new operator will deploy completely managed quay registry, including all the required databases.

L

Key value stores and storage source specifically is based on nuba, which comes off as part of the ocs operator, and this provides us a non-ha, s3 endpoint, based on local storage. Fulfilling the often cited requirement for quay to also work on local storage.

L

Obviously, customers can opt out of all these managed services, with obviously the exception of query and clear, and provide alternatives like, for instance, for storage using the redhead ocs offering with the ocs operator. The crate operator is also now level 2, meaning it can update quay itself to the next version, and it will also be able to migrate existing quay deployments with the previous great setup operator, used up until version 3.3 on the next slide.

L

One feature that got introduced are: is builders builders, allow quay to build your container images by integrating with source code management systems like bitbucket, github or gitlab?

L

um This is a tech review feature we are introducing with quay and in the first iteration it will work by launching a containerized virtual machine and execute your container build via builder. um For that you need a bare metal cluster as of today. This does not have to be the same cluster where query and the operator is running, it can be an external cluster and it's obviously also covered by the infrastructure policy, meaning there's no subscription required in the future.

L

We want to alleviate the need for a bare metal cluster and use some of the awesome build tooling. You have heard about earlier based on operation pipelines and on the next slide. Last but not least, um clearv4 finally, graduates out of tech preview. This is the component and created does all the image scanning, and this is now the default for quay. As of version 3 4., it supports now reporting many more vulnerabilities, also from programming language package managers.

L

We are starting with python here, but obviously you're going to expand with golang node and java and quay uh clear before can also now be part of a disconnected installation like wave 3 4 as well, due to the use of offline media for vulnerability databases, and that's it for cray over to adi. For news on the console.

R

Thanks daniel I'm going to focus on openshift console now, where we have four main themes: um developing on kubernetes learning, extending and managing we've done a lot of great work in the console in 47 across these themes and ollie, and I are going to highlight some of those today, as nina mentioned previously, we've added a lot of serverless features to the openshift console.

R

um The console now has support for brokers and channels in the first image on the left, we're showing the ad page, where users have the ability to create both brokers and channels once created, these resources are displayed in topology and staying in line with our visually guided focus and keeping things simple. In addition to allowing creation of subscriptions and triggers from action menus, we enable drag and drop to quickly and easily initiate these actions from within topology we've also enhanced our event source creation flow. Since event, sources are crs.

R

We changed our experience to be a catalog based experience to help deal with scalability of the number of event sources.

R

So in the screenshot in the bottom right hand, side you can see that users can view event sources along with other objects in the service catalog, or they can click directly into the event source type and drill into a more focused catalog, specifically on event sources. When the red hat integration kmlk operator is installed, our camel k connectors will also be shown in that catalog and finally, we've made some changes in the admin perspective around serverless. We now have a serverless primary nav item containing two nav items.

R

The first one is focused on serving resources and the second on eventing users can find event, sources, brokers triggers channels and subscriptions in that eventing section. Don't forget. These items are still accessible in the admin perspective as well, since the topology view is also available in admin.

R

On the next slide, I'm going to focus on the developer catalog, which is our one stop shop for developers to get quickly started in four seven. We've improved this experience, enabling a consistent experience across catalogs, while also exposing additional features as needed.

R

When entering the developer catalog, the catalog has the ability to view all content in a single catalog. We provide a number of sub-catalogs by default. The builder images, helm, charts operator back services and samples, but other sub-catalogs are available based on operator installs such as event, sources and vms in 4-7 and in the future, we'll see more coming in the catalog experience is more contextual when drilling into those sub catalogs exposing features and filters that are specific to that type. So, for example, the helm chart catalog when you drill into that.

R

Specifically, you were able to filter specifically by that uh helm, chart repositories. If you have multiples something that customers been asking for.

R

Quite a bit is the ability to modify the available catalogs, I'm sorry categories in the developer, catalog, so there's an area on the top left hand side around with categories, and we now provide this capability for the for the administrator we've added a customization section in the console operator resource, so admins can use the yaml snippet shown on the right hand, side to add the default categories to start with and then customize them from there.

R

Finally, I'd like to share some cool news, new things in topology on the next screen. First and foremost, we now have persistent storage for user preferences in the console. This is super exciting, because that sets a stage for us to persist layouts in topology, which has been something that's been requested quite a bit. So we now have that in four seven.

R

That means you can enter your topology view for a specific project, move your components and nodes around leave the project come back, leave the entire console and come back, and it will all be persistent. So that's great news there. One of my favorite features in four seven is uh the new quick ad in topology, which is shown in this this image.

R

Here it allows developers to quickly search for an item from the catalog directly from topology from the icon in the top left hand, side of the um the bar, the quick bar, and you don't have to change context.

R

So, as a user talk, type starts to type matches are shown, users could click on the matches and see a quick start, a quick overview in the right hand panel and when they find the one they want, they can just click on the cta to install it again, don't forget, even though we're showing topology in the developer perspective it's also available in admin, as well as in the home section of the project page.

R

Now, I'm going gonna pass over to ali to continue with more of the four seven console features.

S

Thanks serena, so um openshift uh console now has quick starts that was introduced in 4.6. um Quick starts are essentially are in console, guided experience, so new in four seven we've made this extensible. What does that mean? That means now our partners, our customers, can go and create their own quick start. Experiences are gonna, be built in right into the console. um We've made this super simple, and we focused this by by a couple things. First, we provide an excellent default sample right into the console.

S

So if you go into the console and go and create a console, quick start crd there'll be a default example like showing you everything you need to do to create it. On top of that, we've provided a quick start guidelines right. This is going to come in and tell you how to like. You know, create your content, uh the formatting and essentially just give you an overview and get and feel of how to create a really good, quick start.

S

So um we feel like this is a very important piece to help educate users so again like if you're an operator- and you want to come in and create a quick start to guide your users to come in and deploy some kind of sample app or show some really cool functionality.

S

uh The quick start is is for you a couple of nice additions that we also had in 47 for quick starts is we've added. The ability to do hints so hints will allow us to highlight certain sections of the the ui again just making a little bit easier to guide your users through uh through the quick start and finally, in four seven we introduced a bunch of new quick starts right.

S

So the ocs, the openshift container storage team added quickstarts virtualization team, did you'll see some new ones for home charts, quarkus spring boot, so a ton of great content coming in four seven. So look out for that uh next slide. Please all right! uh It's finally happened. People 4.7 we're getting internationalization.

S

uh What does that mean? That means we're going to have support for chinese japanese korean in 4.7, as you notice in the screenshot you'll now see a language preference drop down that will be under the user menu um again also. What does that mean for internationalization? That means all the client code that is in the console, we've translated. It um we've also translated and localized all dates and time it doesn't mean anything from the back end. Coming back from the cube api, anything is going to be translated as well, just all client-side code.

S

On top of that in 47, we've also done improvements on accessibility. Another key piece, that's important for us. We even enhance our ability to work with screen readers. You know, uh access accessibility is super important. We want to make this project available to as many people as possible and with these accessible improvements, you can do that.

S

I added a couple links here to some uh interesting blogs about our process of doing it. So if you're curious, take a look, please next slide. Please.

S

Also new to 4.7 we've improved our monitoring and graphing capabilities. So now we have the ability to extract uh stacked graphs and then, on top of that, we've added uh enhanced tooltips. So at any point in time you can go ahead, select somewhere in the chart, and we will give you the values of all items in that chart. uh It is a small improvement but an important one. It's all about improving the usability and understanding your environment.

S

So um we're super excited to get this out and you know we'll keep improving our monitoring stack uh every release next slide. Please.

S

All right so, finally, today I want to talk about our operator hub, specifically catalog sources. This is the mechanism used to populate the operators into the operator hub we've added uh additional ui to make this easier. So now, if you go to uh cluster admin, section operator hub to the configs you'll have the ability to come in and disable or enable any of the default operator hubs that come with the product.

S

um We've also added a nice ux around additional catalog sources. So again you could come in and edit configurations via ui, not the ammo, and we also uh surface a lot of key statuses for you and then. Finally, um when you go to your uh catalog source, uh you could actually select each one and you'll see which operators that this catalog source, for instance right so out of the box. We provide you a bunch of different catalog sources, uh but you could yourself uh add additional uh operator, catalog sources that will populate your operator hub.

S

So a really nice functionality to to improve that experience. All right.

B

Next slide, please I'm going.

S

To pass it off to you, uh christian thanks.

S

Everybody.

T

I'm sorry: um hey, hey everyone, um so there is not a lot to talk about auxibility today. um Only a brief announcement for logging um with openshift 4.7 login will continue on an independent release cycle to the openshift container platform. With that we better align ourselves with other layered products such as service mesh, serverless and others.

T

What it literally means is that with openshift 4.7 we will continue under logging. 5.0 don't be confused about the major version. um It is really important to know that we don't really change anything. We don't remove any features, we don't add any features. 5.0 is just because we have been releasing under open shift, so 4.6 4.7 4.5 dot dot, so it was just the next iteration. Basically we go to 5.0 um and then we will continue with minor versions. 5.1 5.2, um as I said already, um this is no change to how you receive support.

T

No change to you know introduce new sku. It will still be available under ocp. All the features are still supported that we currently support. This is really largely a repackaging exercise, but some of the notable changes which uh I believe are benefits for customers here is that um with 5.0, what you will see is more choice on how you want to consume logging. So if you go to operator hub, there will be a few more channels like stable and tech preview, and you can basically, you know, choose how and what to use.

T

um We will also go into a more feature based release, cadence to be a little bit more flexible to how and what customers need, and there will be also like an individual support metric. So you know that with service mesh and service and pipelines and so on, um so that means um you know with logging. We will not be able to only support one ocp release, but um you know potentially uh multiple ocp releases for eus here same topic. We will not change anything with every eos release.

T

You will get one minor version of logging that will be supported for the entire eos support lifecycle. More information will definitely come in time for the openshift 4.7 release, so watch out on blocks on our blocks and so on, and that's it for me. Thank you.

A

Hi, um I'm going to cover uh this section uh on behalf of catherine who couldn't make it today for openshift 4. There are two primary installation experiences: the full stack, exp automation, what is known as ipi and the pre-existing infrastructure- uh and this you all probably are familiar with it. Just shows you uh what is now supported with 4.7 uh moving to the next slide. uh This is the support uh with 4.7. We introduced support uh for the installer for the aws commercial cloud services or cto c2s.

A

You know the the installation processes are largely the same as deploying it to aws valve cloud. uh The aws c2s region uh must be manually configured uh in the installed config since uh red hat core os images aren't published to that region and the red core os uh armies must be manually uploaded by the user to uh prior to deploying openshift and resulting id must be specified. The army id must be specified in the install config, and this is the process for importing. These images will be included in the product documentation.

A

For user defined disk encryption keys on gcp, this is new that we are introducing in portal seven for customers uh that uh explicit uh with explicit compliance and security guidelines. When deploying to gcp. uh We have added the support for user, managed, kms key for encryption. uh Encrypting data on disks, the kms key can be configured in the install config using the optional encrypt key object and associated fields. The kms key must be created, along with assigning the proper permissions to service account prior to deploying openshift.

A

For aws security, token service I'll pass it on to maria.

U

Hi tashar, thank you so much. I'm maria customers want openshift to be able to use temporary short-lived credentials using um during and post installation. We've started this work with the aws provider since sts enables an authentication flow that allows a client to assume a role resulting in short-lived credentials.

U

Aws extended their sdk to offer a web identity token off. It allows the automation of the process of requesting and refreshing credentials using an openid connect, iem identity provider. Openshift can sign service account tokens trusted by aws iam tokens can be projected into a pod so that the pod can use those for authentication.

U

We plan on releasing an initial implementation of this shortly, following the release of openshift, 4.7 and customers that want to try. This will get a support exception. This will allow us to review and inform the implementation which is currently manual, as well as the plans for upgrading to openshift 4.8 in 4.8. We plan to complete the work to ga this feature, meaning all the automation for pre-installation steps and upgrade path.

U

We support only new deployments and greenfield cases. Support for migrating ex16 deployments to leverage aws sds will come after 4.9. With that, I will pass it to anita her.

V

Hey uh this is anita. I will be covering uh openshift on openstack, taking over from ramon and we'll keep it short. Since we are running out of time. uh Openshift and openstack is now supported with upi and ipi installers user, provisioned infrastructure and installer provision infrastructure and we're adding more features into the ipi support and building upi flexible ansible playbooks that allow customization with 4.7.

V

We can run on openstack 13 and openstack 16.1. We also have openstack bare metal integration uh with ironic. That was a backboard into c stream, and we are also looking at auto scaling uh options from zero nodes. So we didn't have zero node support. Now we can go from zero to and from zero nodes. uh We have additional telco support, starting on secondary interfaces with sriv support and um with openshift 4.8.

V

The telco coverage will go up with support for ipi with sri ov and also looking at ovs, dpdk and obvious hardware offload with openshift 4.9 for 4.7. We also are building the cinder csi support and with 4.8 we will had um topology aware with ipi for 4.7. Again, we have bring your own load, balancer dns, and your network with machine set for custom networks and career support for ipv6 and dual stack, no ipi installers. Yet, but that's coming next.

V

Thank you and I will hand off to better.

N

Thanks anita, so let's talk a little bit about openstack on rev. uh We've actually delivered a lot of functionality in openshift 4.6. If you remember, we did disconnected uh csi storage and user provision infrastructure.

N

We've actually spent a lot of time now, tightening up the experience and making the overall quality improved, especially for things that happen on naturally or where you have failures, of different things in your virtual environment. So we've improved the certificate handling.

N

We deploy high performance vms for the ftd nodes and the worker nodes and then automatic guest agent installation which improves the overall ability to collect debug data and just manage the nodes in general. One important thing I want to point out is from openshift 4.6 going forward. The tested, supported configuration will be openshift on rev 4.4.

N

That's a very important thing. We know we have a lot of customers that are running on 4.3 today. That will continue to be supported in a eus mode, but if you want to run openshift 4.6 or later you're going to need to upgrade your virtual infrastructure to rev 4.4, let's talk about some of the control plane, improvements.

N

Now.

A

Mark this is yours,.

F

Yep great, thank you uh thanks peter. So in four seven, we added a new api performance dashboard for both the cube api server and openshift api server and with each more than 30 different metrics.

F

So some of the metrics include api request rates, request, durations, there's several metrics in understanding, priority and fairness and how it's functioning and so on. These plots can help characterize understand api traffic in the cluster and accessing this information is as simple as just navigating in the gui to the navigation tab. Then dashboards and selecting api performance from the drop down selector next slide. Please.

W

Thanks mark, um I guess, on the cluster infrastructure side and we're continuing to move forward with the machine api. um We've got lots that we're working on, but um I guess in this release we focused on three high priority rfes and they all have a security theme, because we know how important security is. These days, um the first one I've deliberately put up at the top of the list. It's a subtle but important change.

W

um When we architected the machine api, we suppose that every cloud ap cloud provider api would be reachable from inside the cloud provider itself um and we used to ignore the global proxy proxy setting. But um for those of you kind of that have customers that have um inspection proxies and want to all traffic through it for security reasons or or others. Then we've now um actually look at that setting and we obey it.

W

So it's definitely helped us with a few customers whether this was a problem for us where they couldn't install before and we've made that change. This release, obviously, and we've also added support for the aws tenancy dedicated setting in the machine api. So for those of you with federal customers or federal regulations, that you need to build where you've got to run on specific data customer dedicated hardware in an aws environment that is now no longer a blocker to you using the machine api and then finally, um google cloud disk encryption sets.

W

So um we've had a few customers that have been wanting to and asking us to use their own own keys when we do the encryption rather than the ones provided by google. So we've started off by bringing that into this release as well, um hopefully to get people over that bump, um and I think next we're going to move on to mark who's, going to tell us some marvelous facts about red hat core os.

X

Hey everybody, and thanks duncan uh mark russell, is here to tell you what's new in our cost: 4.7, um it's just in the interest of time, skip to the real headline features uh they're all related to disk provisioning. So, starting with new clusters, you can deploy coreos nodes now with the mirrored boot device, so the node could lose either drive from that mirror and be able to function and reboot successfully for secondary file systems, we're also supporting both mirroring and raid 5..

X

A couple of other notes on disprovisioning multi-path will be supported now during initial deployment and early boot with four seven and now any block device can be lux encrypted, not just the root or boot device. To be clear, all of these disk provisioning features are for new 4.7 clusters.

X

Only in 4.8 it should be possible to allow existing upgraded clusters to also take advantage, but we'll return to that subject on the next presentation.

X

uh Last but not least, adam will be tech preview in 4.7 there will be published documentation on how to manually enable capture of kernel core dumps. In any case, we strongly recommend that you open a case with red hat support when you're using kdump I'll pass it back to mark curry for networking and routing.

F

Great thanks mark so in this one we're going to talk a little bit about configurable application domain support, so customers have asked us for the ability to specify one of their own domain names as the default domain name for application routes and grasses on the cluster and with that they'd use their own ca to sign bls certificate. So we enabled this capability via an app domain specification, there's a brief how-to on the right-hand side here that I created for you, it's pretty pretty straightforward.

F

Once you've set the app domain to the new default, you no longer have to specify that domain. You know when you run the oc exposed command and as this is a domain that is owned by the customer, we're going to need to configure dns for its proper resolution and there's a suggestion on the fourth bullet to do just that next slide. Please.

F

On this one, we cover several uh sdn feature developments, the first one being srib support for intel and 3k. I think that one is pretty self-explanatory. The idea is that n3k is now available for accelerated packet processing. The next ovn egress firewall filtering with dns names, egress firewall, is a improved version of upstream's network policy egress, which can be used to limit the external host to which pods can communicate for seven.

F

We brought uh ov egress firewall to feature parity with our current sdn implementation uh by adding the ability to use dns names instead of just sliders uh fast data path. Openstack support in four seven to address telco use cases, we've enabled fast data path when openshift is running on openstack. This directly addresses the fast data path technologies like sri iob, obs, dbdk and obstc flower offload, the sriov operator is, was originally designed only to work with bare metal.

F

But of course- and you know that- and that meant it directly controlled the nick, and so they could it own the next physical functions it could manage its virtual functions, uh but the problem running on open uh openshift on openstack is that that pf is owned by the underlying hypervisor and not present in the vm. So we've extended the capability to the sri sr iov operator to work with the underlying hypervisor to um to be able to work with the vfs that that are created next slide. Please.

F

um So uh also 47 will be full support for a new library named app.net util. This library can be used by an application to assist with the gathering of network information associated with a pod, in particular this targets, and will be very useful for application. Programmers that are using sri ovfs in dvdk mode, a commons, that's a common scenario for anyone needing high performance traffic throughput. There are three api methods implemented in this library.

F

Each the functionality of each should be self-explanatory by the name. uh The third one has something worth mentioning, however, though, and that is the get huge pages will for the moment, require the extra step of enabling the alpha feature, gate in kubernetes, 120 or greater for the downward api. Huge pages just set to the true, but that extra step um will be resolved and will be unnecessary in the 4 8 release.

F

Next slide, please.

F

uh This slide serves as both a announcement of a new api in 47, but also as a sort of pub psa for a change. That's coming in for eight that some cluster administrators and app developers may need to prepare for. So all the details are in this slide, but briefly in 48, the version of aj proxy will necessarily down case http header names. Now the value is just names as permitted by the http http protocol standard.

F

There's um an example of this in the first bullet of the slide when they are when those header names are down cased some legacy applications might be sensitive to that base conversion and could break so to mitigate the issue. We created a new api that would allow cluster admins and have developers to accommodate those uh older legacy applications until such time as they can be fixed um and essentially the admin can specify rules that transforms the header names in any http one request.

F

So this will give cluster admins and app developers the chance to fix their code or configure the api before upgrading to 48. next slide. Please.

W

Next slide, thanks mark, um I guess, onto storage now um just a couple of things worth talking about here um or to highlight so upstream. We are now seeing the deprecation of some entry drivers that are going on, so we need to be moving on and getting our csi drivers out there really quickly. um So you see here the sender, csi driver and the google persistent disk joining the list that we already have, but you'll see a lot more movement on this going forward and the other big thing um it seemed like.

W

We went through a time when everyone was asking for snapshot. Well, snapshot has gone ga upstream, um so we get that now in openshift, which is great news for all the vendors out there that are investing in a and csa operators to run on openshift and use them. That way. uh Next slide, please I'm on the openshift container storage side again a lot going on a lot on the security side like the vault key management system integration, but I think we should really move on and let robert tell you some interesting facts about.

W

Telco.

Y

Thanks duncan uh the first feature that we've added uh in 4.7 is the ability, excuse me a virtual routing and forwarding cni plug-in. This is a meta plug-in that you typically use with another cni like mac, vlan or sriov.

Y

It allows you to create a virtual routing and forwarding space, and these spaces are applied to secondary network interfaces and are isolated, and this allows you to have overlapping cedar blocks for each of these spaces on your secondary interface next slide, please.

Y

In 4.7, we've added a new test to our cnf test suite our cnf test. Suite is a set of tests that allows you to verify that your cluster is configured for a cnf.

Y

Therefore, assuring you that your network function is ready to be deployed onto that cluster uh in 4.7, we've added the operating system, latency measurement test os lat to be specific to this suite of tests next slide. Please.

Y

Our cnf certification program recognizes three levels: good, better and best. Our first batch of vendors, validated cnfs, have been published and the list will continue to increase as we complete new validations.

Y

We have a growing pipe of cnf vendors joining our certification program and our goal is to help them reach to the better and best certification levels. With that said, I'd like to hand it over to kirsten and anand to cover security and compliance.

H

Hi so, as we talked about earlier, the openshift compliance operator gives you the ability to automate check uh auditing for technical controls associated with regulatory requirements. Not only does the compliance operator allow you to automate that work, um you can also automate remediation with the compliance operator. In parallel, we have been working on documentation to help. You understand how openshift can meet the technical controls in various uh regulatory frameworks.

H

So you can see here that we have a product applicability guide available for hipaa, for iso 27001 and for fisma we're working on getting those latter two available uh externally on redhat.com.

H

We also have an open shift for security guide and, as I mentioned at the beginning of the call we uh just published the openshift for hardening guide, you will need to ask your red hat account team to help you get that uh we expect it to be replaced by the cis openshift benchmark in late january early february, and that's the reason that we've chosen not to make it publicly available at this time. We also wanted to mention uh for those of you who think about certifications, that our hosted team has been working.

H

Our managed services team has been working hard on certifications, and so we have listed those here just so that you have an idea again to demonstrate that we know certified deployments can be achieved with openshift four next slide, please and over to anand.

Z

Thanks kristen, so this feature is about the ability to log out and destroy non all non-active sessions and tokens. So, first of all the problem, so in openshift today, users have the ability to create multiple tokens by running oc, login repeatedly right. So, for instance, you can log in with the browser you can log in with the command shell. In fact, you can open a couple of you know: command shells and just type oc login.

Z

As a consequence, you know multiple tokens get created, but when, let's say you go to one of those terminals and you type log out, only the latest token is logged out and voice is important, because an attacker could reuse a token from an another session like from a browser or from a terminal where you have not done aoc log out and use those uh session credentials or session ids to basically, you know, get access to your cluster right. So, as an analogy I mean uh think of you know facebook right.

Z

So if you, let's say log into facebook, from your browser from your mobile device from your ipad, but let's say you log out of facebook only from your ipad and somebody gets access to your phone, your browser, they pretty much log in so this is exactly the same where we want to give openshift users the ability to log out all uh active sessions. So you would simply, you know, open a command prompt, say: oc, get use, user access tokens get a list of all the oauth access tokens.

Z

So, for instance, you get the names of each of the tokens you get the client name. So, for instance, was the client token from a browser or was it from a console or was it from a challenging client?

Z

And then you can also find out when the token was created when it expired, watch the token inactivity timeout on those tokens and once you you know, figured all of that out you can. Then you know select each token that you want to delete and say oc, delete user oauth access token again back to the facebook analogy. It would be something like facebook lets. You list all your active sessions and for each of those sessions you can go and say log out. This is a very similar analogy to that next session. uh Next slide.

Z

Please next slide, please so windows. So we went generally available with the windows machine config operator, sometime in december of 2020, which was available uh on two platforms, aws and azure, and uh with four seven uh be proud to announce. We will be going uh generally available with uh vsphere ipi. The next slide please, and what this will let us do is unlock a lot of customers who are on vsphere using ipi to use the windows machine config operator to bootstrap windows.

Z

Nodes that are running on vsphere uh slight point to note is bring your own host is still uh work in progress. We are hoping to get that by you know, maybe q1 or q2. So until bringing a host comes, uh we will not be able to support things like vsphere upi. You know and other platforms, like uh you know, paired metal, red hat virtualization, so on so forth, but we feel there's a good start.

Z

You know, customers running vsphere, ipi should be able to use the windows machine config operator, and that should be available enforcer next week. Please.

W

Thanks anand and then last and by no means least, we come to the multi-architecture updates, actually a lot going on this release. But let me just stick to a couple of things: um the first big one up at the front. There is we're making kvm available for ibm, z platform so before you had to use the zvm environment, and this is really useful to customers they're already familiar with um kvm that want to use it.

W

There's also some kind of price considerations in there that they take into um the other big thing for this release is multi-pass support, so with ibm, z and power. The the big you know, applications that they run are pretty important. They want to give that better. Aha experience so now we're bringing it onto those power and z platforms as as well, um and so let me end by handing you back to our debina debian air host, um to show us who you can wrap up.

A

Thank you all. uh Thank you, uh the openshift management team. Thank you uh audience for uh listening to us. As you saw, uh we covered a lot of ground here. uh Definitely we are definitely over time, so apologize for uh that, but, as you saw, the pms definitely put a lot of heart into it and they try to get into the right level of detail so that you have the information out there. um As I said uh earlier, I mean it is recorded the q, a any lots of q, a questions so bring them on.

A

So that is all good uh if you, if we have any unanswered, we'll address them offline uh with that without further ado have a nice day, and thank you all.

B

You.