Red Hat OpenShift 4.12 comes with new features that enable organizations to scale workloads across the hybrid cloud without compromising on security.
(https://developers.redhat.com/sites/default/files/styles/share/public/Containers_OpenShift_0.png)
The platform is built around Linux containers orchestrated and managed by Kubernetes on a foundation of Red Hat Enterprise Linux. Additionally, it supports the deployment of Red Hat OpenShift on Arm-based instances in Microsoft Azure. Security is a major IT priority in all regions and industries, with many organizations prioritizing it over innovation for their digital transformation goals.
To help organizations mitigate risks and comply with compliance requirements across increasingly complex IT environments, Red Hat OpenShift 4.12 introduces enhancements such as the Security Profiles Operator, Compliance Operator, Ingress Node Firewall Operator, and Network Observability Operator.
The Security Profiles Operator allows for easier distribution and use of security profiles such as Seccomp and SELinux in a Kubernetes cluster, while the Compliance Operator helps administrators run compliance scans and provide solutions for issues discovered. The Ingress Node Firewall Operator enables users to configure firewall rules at the node level for better control of network traffic, while the Network Observability Operator provides observable network traffic metrics, flows, topology, and tracing for a full understanding of network traffic.
Joe Fernandes, Vice President and General Manager of Hybrid Cloud Platforms at Red Hat, emphasizes the company's commitment to providing customers with the capabilities required to embrace cloud-native technologies with operational confidence.
With the expanded suite of capabilities introduced in Red Hat OpenShift 4.12, organizations can scale applications across clouds with integrated tools and meet stringent security and compliance requirements irrespective of where they run on the hybrid cloud.
The Red Hat® OpenShift Container Platform provides several features that can greatly enhance platform security. To achieve this, it utilizes Red Hat CoreOS as the host operating system, incorporates FIPS encryption (FIPS 140-2 Level 1) for stronger protection, and offers the Node configuration operator to further reduce privilege requirements in Security Context Constraints (SCC).
It also supports the encryption of data stored in etcd database, while the Network Disk Encryption (NBDE) feature can be used to remotely automate the inclusion of encrypted LUKS volumes for better protection. Additionally, SELinux is made mandatory in the Red Hat OpenShift Container Platform.
For Cloud Pak for Data, service accounts and RBAC role bindings are created in a separate namespace or project within an OpenShift cluster and access to the cluster level is not permitted. Two roles have been established: cpd-admin-role and cpd-viewer-role, while four service accounts (zen-admin-sa, zen-editor-sa, zen-viewer-sa, and zen-norbac-sa) are available for use, with limited SCCs set by default. The default service account that is automatically created does not have any RBAC access rights assigned to it, meaning that no roles are associated with it.
This account is mainly intended for user workloads such as Python jobs and notebooks. However, some additional services may require custom SCCS, which can be created as needed. When creating a project, Red Hat OpenShift assigns a unique UID range to the project, which the services will use. Some services that use custom SCCS reserve specific UIDS, but this information is detailed in the Custom SCCs for Services section.
Red Hat OpenShift 4.12 is a hybrid cloud platform that focuses on providing security and scalability for applications running in various environments, including on-premises, public, private, or multi-cloud.
One of the key features of OpenShift 4.12 is its enhanced security capabilities. It incorporates multiple layers of security controls to protect applications and data. This includes features like secure container image registry, vulnerability scanning, role-based access control, and network policies. These security measures help in minimizing the risk of attacks and unauthorized access.
OpenShift 4.12 also offers robust management tools for deploying, scaling, and managing applications. It includes automation capabilities that simplify the deployment process and make it more efficient. Operators, a key feature in OpenShift, allows for the automation and management of complex application lifecycles, making it easier for developers to deploy and manage their applications.
Another important aspect of OpenShift 4.12 is its focus on hybrid cloud deployments. It provides a consistent and unified experience for deploying and managing applications across different environments. This means that developers can easily move applications between on-premises and cloud environments without needing to modify the code. OpenShift ensures consistency in the development and deployment process, regardless of the underlying infrastructure.
Additionally, OpenShift 4.12 aims to improve developer productivity by simplifying the application development process. It provides a wide range of built-in tools and integrations that streamline the development workflow. This includes support for popular programming languages, frameworks, and CI/CD workflows, allowing developers to focus on writing code rather than managing infrastructure.
Overall, Red Hat OpenShift 4.12 offers a secure and scalable hybrid cloud platform that addresses the needs of enterprises looking to deploy their applications across multiple environments. Its emphasis on security, management, and developer productivity makes it a powerful tool for building and managing modern applications.
Tools like the Compliance Operator and SELinux integration via the Security Profiles Operator help enforce zero-trust principles across clusters. For security-conscious enterprises, these features reduce attack surfaces and simplify audit trails, making OpenShift a more viable option for regulated industries operating in hybrid environments.