Red Hat has announced Red Hat OpenShift 4.3 and Red Hat OpenShift Container Storage 4 to support multicloud Kubernetes containers. OpenShift 4.3 is based on Kubernetes 1.16.
OpenShift 4.2 was released last fall. The new version should provide OpenShift with better platform security. In particular, it adds encryption in accordance with the Federal Information Processing Standard (FIPS). FIPS-validated cryptography is mandatory for U.S. federal departments that encrypt sensitive data.
When OpenShift runs on Red Hat Enterprise Linux (RHEL) running in FIPS mode, OpenShift calls FIPS-validated cryptographic libraries. The toolset enabling this functionality was already available to all Red Hat customers, but now it will be possible to run this in OpenShift.
The new version also supports etcd encryption. Etcd is a popular key value store for storing data across clusters. This allows customers to encrypt sensitive data stored in etcd. This functionality should make it possible to better defend oneself against malicious parties trying to gain access to sensitive data.
Furthermore, OpenShift now also supports Network-Bound Disk Encryption (NBDE). This can be used to encrypt and automate the external Linux Unified Key Setup-on-disk (LUKS) format. This feature prevents malicious persons from accessing your data, even if they steal physical storage devices.
In addition to security enhancements, the OpenShift 4.3 installer can deploy OpenShift clusters on pre-existing Virtual Private Networks and Virtual Private Clouds (VPN/VPC), as well as subnets on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) managed by the customer. Also, OpenShift clusters can be installed with private load balancer endpoints on AWS, Azure and GCP. This means that resources can also be used in the public cloud, while external users are blocked. Furthermore, OpenShift administrators have access to a new cipher configuration application programming interface (API).
OpenShift 4.3 also makes it easier to perform basic management, with automated health control. In addition, the new version also supports Kubernetes Operators. This is a method to package, deploy and manage a Kubernetes application. “Customers with air-gapped installs can find this especially useful in order to take advantage of Operators for highly-secure or sensitive environments,” the company explains.