Chapter 3. Enhancements
This section describes the major enhancements introduced in Red Hat OpenShift Data foundation 4.12.
3.1. Single Stack IPv6 support
Single Stack IPv6 is now supported in Red Hat OpenShift Data Foundation. For more information, see Single Stack IPv6 support.
3.2. Support for KMS providers using KMIP
This release introduces support for Key Management System (KMS) providers using Key Management Interoperability Protocol (KMIP) which uses client certificate for authentication. Thales CipherTrust Manager works well with OpenShift Data Foundation 4.12. For more information, see CipherTrust Manager.
3.3. Adjusting verbosity levels of logs
The amount of space consumed by debugging logs can become a significant issue. With this update, it is possible to adjust and therefore control the amount of storage that can be consumed by debugging logs as the space consumed by the debugging logs can be a significant issue at times. For more information, see Adjusting verbosity level of logs.
3.4. Encryption in transit
With this enhancement, the IPsec framework provides Encryption in transit for a virtualized network that is used for pods and services. The virtualized network is provided by the Open Virtual Network (OVN)-Kubernetes Container Network Interface (CNI) plug-in. For more information, see Encryption in transit.
3.5. Support resource modification for Multicloud Object Gateway PV pool pods
This enhancement enables you to fine-tune the performance of backingstores that are based on Multicloud Object Gateway (MCG) persistent volume (PV) pools. It provides the ability to modify the CPU and memory resource and limit for PV pool based backingstores to improve MCG’s performance for their workloads.
For more information, see Creating a local Persistent Volume-backed backingstore.
3.6. Secure mode deployment for Multicloud Object Gateway
With this enhancement, it is possible to deploy Multicloud Object Gateway (MCG) in a secure mode and restricts any external access. This provides fine grained control over subnets that have access to MCG deployment. For more information, see Enabling secure mode deployment for Multicloud Object Gateway.
3.7. Change in default permission and FSGroupPolicy
Permissions of newly created volumes now defaults to a more secure 755 instead of 777. FSGroupPolicy is now set to File (instead of ReadWriteOnceWithFSType in ODF 4.11) to allow application access to volumes based on FSGroup. This involves Kubernetes using fsGroup to change permissions and ownership of the volume to match user requested fsGroup in the pod’s SecurityPolicy.
Existing volumes with a huge number of files may take a long time to mount since changing permissions and ownership takes a lot of time.
For more information, see this knowledgebase solution.