Chapter 3. Enhancements


This section describes the major enhancements introduced in Red Hat OpenShift Data foundation 4.12.

3.1. Single Stack IPv6 support

Single Stack IPv6 is now supported in Red Hat OpenShift Data Foundation. For more information, see Single Stack IPv6 support.

3.2. Support for KMS providers using KMIP

This release introduces support for Key Management System (KMS) providers using Key Management Interoperability Protocol (KMIP) which uses client certificate for authentication. Thales CipherTrust Manager works well with OpenShift Data Foundation 4.12. For more information, see CipherTrust Manager.

3.3. Adjusting verbosity levels of logs

The amount of space consumed by debugging logs can become a significant issue. With this update, it is possible to adjust and therefore control the amount of storage that can be consumed by debugging logs as the space consumed by the debugging logs can be a significant issue at times. For more information, see Adjusting verbosity level of logs.

3.4. Encryption in transit

With this enhancement, the IPsec framework provides Encryption in transit for a virtualized network that is used for pods and services. The virtualized network is provided by the Open Virtual Network (OVN)-Kubernetes Container Network Interface (CNI) plug-in. For more information, see Encryption in transit.

3.5. Support resource modification for Multicloud Object Gateway PV pool pods

This enhancement enables you to fine-tune the performance of backingstores that are based on Multicloud Object Gateway (MCG) persistent volume (PV) pools. It provides the ability to modify the CPU and memory resource and limit for PV pool based backingstores to improve MCG’s performance for their workloads.

For more information, see Creating a local Persistent Volume-backed backingstore.

3.6. Secure mode deployment for Multicloud Object Gateway

With this enhancement, it is possible to deploy Multicloud Object Gateway (MCG) in a secure mode and restricts any external access. This provides fine grained control over subnets that have access to MCG deployment. For more information, see Enabling secure mode deployment for Multicloud Object Gateway.

3.7. Change in default permission and FSGroupPolicy

Permissions of newly created volumes now defaults to a more secure 755 instead of 777. FSGroupPolicy is now set to File (instead of ReadWriteOnceWithFSType in ODF 4.11) to allow application access to volumes based on FSGroup. This involves Kubernetes using fsGroup to change permissions and ownership of the volume to match user requested fsGroup in the pod’s SecurityPolicy.

Note

Existing volumes with a huge number of files may take a long time to mount since changing permissions and ownership takes a lot of time.

For more information, see this knowledgebase solution.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.