Red Hat SummitChapter 1. What’s new for Red Hat OpenShift Service on AWS classic architecture
Find new additions, recent changes, and relevant updates for Red Hat OpenShift Service on AWS classic architecture listed below in quarterly increments.
1.1. Q1 2026
Copy linkLink copied to clipboard!
The following items were added during the first quarter of 2026.
- Cluster admins can now create multiple users with htpasswd identity providers
- Cluster administrators can now add multiple users to an htpasswd identity providers (IDPs) for Red Hat OpenShift Service on AWS classic architecture clusters using the command-line interface (CLI). You can add multiple users to a single htpasswd IDP, streamlining managing user identities. Using the CLI or Terraform, administrators can add users interactively and noninteractively. For more information, see Configuring an htpasswd identity provider.
- New version of Red Hat OpenShift Service on AWS classic architecture available
- Red Hat OpenShift Service on AWS classic architecture version 4.21 is now available for new clusters.
1.2. Q4 2025
Copy linkLink copied to clipboard!
The following items were added during the fourth quarter of 2025.
- AWS GovCloud
- The Amazon Web Services (AWS) GovCloud service is now available and for use by federal and government agencies, or by commercial organizations and Federal Information Security Modernization Act (FISMA) R&D Universities supporting a government contract or in the process of bidding on a government contract such as a request for proposal (RFP) or request for information (RFI) pre-bid stage. For more information, see Getting started with ROSA GovCloud.
- New version of Red Hat OpenShift Service on AWS classic architecture available
- Red Hat OpenShift Service on AWS classic architecture version 4.20 is now available for new clusters.
- Extended Update Support (EUS) channel group now available
- You can now select the EUS channel group when creating or editing your Red Hat OpenShift Service on AWS classic architecture cluster. The EUS channel group allows you to extend the life cycle of your even-numbered version Red Hat OpenShift Service on AWS classic architecture cluster, giving you additional time to plan and budget for future upgrades as well as providing continued security patches and critical bug fixes. For additional information, see Life cycle dates.
1.3. Q3 2025
Copy linkLink copied to clipboard!
The following items were added during the third quarter of 2025.
- Changed default ingress listening method to begin with Day 1 operations
- Previously, the default ingress listening method was a Day 2 operation. Now, the default ingress listening method is a Day 1 operation.
1.4. Q2 2025
Copy linkLink copied to clipboard!
The following items were added during the second quarter of 2025.
- Updated version requirements for migration from OpenShift SDN to OVN-Kubernetes
Your cluster version must be 4.16.43 or above to initiate live migration from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin.
If your cluster uses the OpenShift SDN network plugin, you cannot upgrade to future major versions of Red Hat OpenShift Service on AWS classic architecture without migrating to OVN-Kubernetes.
For more information about migrating to OVN-Kubernetes, see Migrating from OpenShift SDN network plugin to OVN-Kubernetes network plugin.
- AWS Trainium and Inferentia instance types now supported
- You can now use Amazon Web Services (AWS) Trainium and Inferentia instance types for your Red Hat OpenShift Service on AWS classic architecture clusters. For more information, see Red Hat OpenShift Service on AWS classic architecture instance types.
- New version of Red Hat OpenShift Service on AWS classic architecture available
- Red Hat OpenShift Service on AWS classic architecture version 4.19 is now available for new clusters. For more information about upgrading to this latest version, see Upgrading ROSA (classic architecture) clusters.
- Red Hat OpenShift Service on AWS classic architecture cluster ownership transfer is now available for Red Hat OpenShift Service on AWS classic architecture
- You can now transfer ownership of Red Hat OpenShift Service on AWS classic architecture clusters. For more information, see Initiating ownership transfer of a Red Hat OpenShift Service on AWS classic architecture cluster.
1.5. Q1 2025
Copy linkLink copied to clipboard!
The following items were added during the first quarter of 2025.
- Red Hat OpenShift Service on AWS classic architecture region added
Red Hat OpenShift Service on AWS classic architecture is now available in the following regions:
-
Tel Aviv (
il-central-1) -
Calgary (
ca-west-1)
For more information on region availabilities, see Regions and availability zones.
-
Tel Aviv (
- Cluster autoscaling is now available for Red Hat OpenShift Service on AWS classic architecture
- You can configure cluster autoscaling for Red Hat OpenShift Service on AWS classic architecture. For more information, see Cluster autoscaling.
- New version of Red Hat OpenShift Service on AWS classic architecture available
- Red Hat OpenShift Service on AWS classic architecture version 4.18 is now available. For more information about upgrading to this latest version, see Upgrading Red Hat OpenShift Service on AWS classic architecture clusters.
- Graphical installer enhancements
You can now use the graphical installer in Red Hat Hybrid Cloud Console to configure the following options when you create your cluster:
-
Configure a
cluster-adminuser and optionally define a custom password. - Configure the root disk size for the default machine pool.
-
Configure a
- Red Hat OpenShift Service on AWS classic architecture cluster node limit update
- Red Hat OpenShift Service on AWS classic architecture clusters versions 4.14.14 and greater can now scale to 249 worker nodes. This is an increase from the previous limit of 180 nodes.
- Red Hat SRE log-based alerting endpoints have been updated
-
Red Hat OpenShift Service on AWS classic architecture customers who are using a firewall to control egress traffic can now remove all references to
*.osdsecuritylogs.splunkcloud.com:9997from your firewall allowlist. Red Hat OpenShift Service on AWS classic architecture clusters still require thehttp-inputs-osdsecuritylogs.splunkcloud.com:443log-based alerting endpoint to be accessible from the cluster.
1.6. Q4 2024
Copy linkLink copied to clipboard!
The following items were added during the fourth quarter of 2024.
- Learning tutorials for Red Hat OpenShift Service on AWS classic architecture cluster and application deployment
- You can now use the Getting started with Red Hat OpenShift Service on AWS classic architecture tutorials to quickly deploy a Red Hat OpenShift Service on AWS classic architecture cluster for demo or learning purposes. You can also use the Deploying an application tutorials to deploy an application on your demo cluster.
- Create a VPC using the ROSA CLI
-
The
rosa create networkcommand lets you use the ROSA CLI to create a VPC for your cluster based on an AWS CloudFormation template. You can use this command to create and configure a VPC before creating your cluster. For more information, see create network. - ROSA CLI update
-
The ROSA CLI (
rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI.
1.7. Q3 2024
Copy linkLink copied to clipboard!
The following items were added during the third quarter of 2024.
- ROSA CLI update
-
The ROSA CLI (
rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI.
1.8. Q2 2024
Copy linkLink copied to clipboard!
The following items were added during the second quarter of 2024.
- ROSA CLI update
-
The ROSA CLI (
rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI. - Approved Access for Red Hat OpenShift Service on AWS classic architecture clusters
Red Hat Site Reliability Engineering (SRE) managing and proactively supporting Red Hat OpenShift Service on AWS classic architecture clusters will typically not require elevated access to customer clusters as part of the normal operations. In the unlikely event should Red Hat SRE (Site Reliability Engineer) need elevated access, the Approved Access functionality provides an interface for customers to review and approve or deny access requests.
Elevated access requests to Red Hat OpenShift Service on AWS classic architecture clusters and the corresponding cloud accounts can be created by Red Hat SRE either in response to a customer-initiated support ticket or in response to alerts received by a Red Hat SRE, as part of the standard incident response process. For more information, see Approved Access.
rosacommand enhancement-
The
rosa describecommand has a new optional argument,--get-role-policy-bindings. This new argument allows users to view the policies attached to STS roles assigned to the selected cluster. For more information, see describe cluster. - Expanded customer-managed policy capabilities
- You can now attach customer-managed policies to the IAM roles required to run Red Hat OpenShift Service on AWS classic architecture clusters. Furthermore, these customer-managed policies, including the permissions attached to those policies, are not modified during cluster or role upgrades. For more information, see Customer-managed policies.
- Permission boundaries for the installer role policy
- You can apply a policy as a permissions boundary on the Red Hat OpenShift Service on AWS classic architecture installer role. The combination of policy and boundary policy limits the maximum permissions for the Amazon Web Services(AWS) Identity and Access Management (IAM) entity role. Red Hat OpenShift Service on AWS classic architecture includes a set of three prepared permission boundary policy files, with which you can restrict permissions for the installer role since changing the installer policy itself is not supported. For more information, see Permission boundaries for the installer role.
- Cluster delete protection
- You can now enable the cluster delete protection option, which helps to prevent you from accidentally deleting a cluster. For more information on using the cluster delete protection option with the ROSA CLI, see edit cluster. For more information on using the cluster delete protection option in the UI, see Creating a cluster with the default options using OpenShift Cluster Manager.
- Longer cluster names enhancement
-
You can now specify a cluster name that is longer than 15 characters. For cluster names that are longer than 15 characters, you can customize the domain prefix for the cluster URL by using the
domain-prefixflag in the ROSA CLI (rosa) or by selecting the Create custom domain prefix checkbox in the Red Hat Hybrid Cloud Console. For more information, see create cluster in Managing objects with the ROSA CLI. - Node management improvements
- Now, you can perform specific tasks to make clusters more efficient. You can cordon, uncordon, and drain a specific node. For more information, see Working with nodes.
1.9. Q1 2024
Copy linkLink copied to clipboard!
The following items were added during the first quarter of 2024.
- ROSA CLI update
-
The ROSA CLI (
rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI. - Log linking is enabled by default
- Beginning with Red Hat OpenShift Service on AWS classic architecture 4.15, log linking is enabled by default. Log linking gives you access to the container logs for your pods.
- Availability zone update
- You can now optionally select a single availability zone (AZ) for machine pools when you have a multi-AZ cluster. For more information, see Creating a machine pool using the ROSA CLI.
- Delete cluster command enhancement
-
With the release of ROSA CLI (
rosa) version 1.2.31, the--best-effortargument was added, which allows you to force-delete clusters when using therosa delete clustercommand. For more information, see delete cluster.
1.10. Q4 2023
Copy linkLink copied to clipboard!
The following items were added during the fourth quarter of 2023.
- ROSA CLI update
-
The ROSA CLI (
rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI. - Delete cluster command enhancement
-
With the release of ROSA CLI (
rosa) version 1.2.31, the--best-effortargument was added, which allows you to force-delete clusters when using therosa delete clustercommand. For more information, see delete cluster. - Red Hat OpenShift Service on AWS that uses hosted control planes is now generally available
- For more information, see Creating Red Hat OpenShift Service on AWS classic architecture clusters using the default options.
- Configurable process identifier (PID) limits
-
With the release of ROSA CLI (
rosa) version 1.2.31, administrators can use therosa create kubeletconfigandrosa edit kubeletconfigcommands to set the maximum PIDs for an existing cluster. For more information, see Changing the maximum number of process IDs per pod (podPidsLimit) for Red Hat OpenShift Service on AWS classic architecture. - Configure custom security groups
-
With the release of ROSA CLI (
rosa) version 1.2.31, administrators can use therosa createcommand or the OpenShift Cluster Manager to create a new cluster or a new machine pool with up to 5 additional custom security groups. Configuring custom security groups gives administrators greater control over resource access in new clusters and machine pools. For more information, see Security groups. - Command update
-
With the release of ROSA CLI (
rosa) version 1.2.28, a new command,rosa describe machinepool, was added that allows you to check detailed information regarding a specific Red Hat OpenShift Service on AWS classic architecture cluster machine pool. For more information, see describe machinepool. - Documentation update
- The Operators section was added to the Red Hat OpenShift Service on AWS classic architecture documentation. Operators are the preferred method of packaging, deploying, and managing services on the control plane. For more information, see Operators overview.
- OpenShift Virtualization support
- The release of OpenShift Virtualization 4.14 added support for running OpenShift Virtualization on Red Hat OpenShift Service on AWS classic architecture clusters. For more information, see OpenShift Virtualization on AWS bare metal in the OpenShift Container Platform documentation.
1.11. Q3 2023
Copy linkLink copied to clipboard!
The following items were added during the third quarter of 2023.
- ROSA CLI update
-
The ROSA CLI (
rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI. - Cluster autoscaling
-
You can now enable cluster autoscaling using Red Hat OpenShift Service on AWS classic architecture clusters. Cluster autoscaling automatically adjusts the size of a cluster so that all pods have a place to run, and there are no unneeded nodes. You can enable autoscaling during and after cluster creation using either OpenShift Cluster Manager or the ROSA CLI (
rosa). For more information, see Cluster autoscaling. - Shared virtual private clouds
- Red Hat OpenShift Service on AWS classic architecture now supports installing clusters into VPCs shared among AWS accounts that are part of AWS organizations. AWS account installing Red Hat OpenShift Service on AWS (classic architecture) clusters can now use shared subnets owned by a management account. For more information, see Configuring a shared virtual private cloud for Red Hat OpenShift Service on AWS classic architecture clusters.
- Machine pool disk volume size
- You can now configure your machine pool disk volume size for additional flexibility. You can select your own sizing for the disk volumes of their worker machine pool nodes. For more information, see Configuring machine pool disk volume.
- Machine pool update
- You can now add taints to the machine pool that is automatically generated during cluster creation. You can also delete this machine pool. This new feature provides more flexibility and cost-effectiveness for cluster administrators, specifically in regards to scaling infrastructure based on changing resource requirements. For more information, see Creating a machine pool.
- Documentation update
- The CLI Tools section was added to the Red Hat OpenShift Service on AWS classic architecture documentation and includes more detailed information to help you fully use all of the supported CLI tools. The ROSA CLI section can now be found nested inside the CLI Tools heading. For more information, see CLI tools overview.
- Documentation update
- The Monitoring section in the documentation was expanded and now includes more detailed information to help you conveniently manage your Red Hat OpenShift Service on AWS classic architecture clusters. For more information, see About Red Hat OpenShift Service on AWS classic architecture monitoring.
1.12. Q2 2023
Copy linkLink copied to clipboard!
The following items were added during the second quarter of 2023.
- ROSA CLI update
-
The ROSA CLI (
rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI. - Red Hat OpenShift Service on AWS classic architecture region added
-
Red Hat OpenShift Service on AWS classic architecture is now available in the United Arab Emirates (
me-central-1) region. For more information on region availability, see Regions and availability zones.
1.13. Q1 2023
Copy linkLink copied to clipboard!
The following items were added during the first quarter of 2023.
- OIDC provider endpoint URL update
- Starting with ROSA CLI version 1.2.7, all new cluster OIDC provider endpoint URLs are no longer regional. Amazon CloudFront is part of this implementation to improve access speed, reduce latency, and improve resiliency. This change is only available for new clusters created with ROSA CLI 1.2.7 or later. There are no supported migration paths for existing OIDC provider configurations.
1.14. Known issues
Copy linkLink copied to clipboard!
The following items are known issues with Red Hat OpenShift Service on AWS classic architecture releases.
ocm-roleanduser-rolecan be enabled accidentally-
The OpenShift Cluster Manager roles (
ocm-role) and user roles (user-role) that are key to the Red Hat OpenShift Service on AWS classic architecture provisioning wizard might get enabled accidentally in your Red Hat organization by another user. However, this behavior does not affect the usability. htpasswddoes not function as expected-
The
htpasswdidentity provider does not function as expected in all scenarios against therosa create adminfunction.
1.15. Deprecated and removed features
Copy linkLink copied to clipboard!
Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in Red Hat OpenShift Service on AWS classic architecture and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.
- Red Hat OpenShift Service on AWS classic architecture non-STS deployment mode
- Red Hat OpenShift Service on AWS classic architecture non-STS deployment mode is no longer the preferred method for new clusters. Instead, users must deploy Red Hat OpenShift Service on AWS classic architecture with the STS mode. This deprecation is in line with our new Red Hat OpenShift Service on AWS classic architecture provisioning wizard UI experience on the Red Hat Hybrid Cloud Console.
- Label removal on core namespaces
-
Red Hat OpenShift Service on AWS classic architecture is no longer labeling OpenShift core using the
namelabel. Customers should migrate to referencing thekubernetes.io/metadata.namelabel if needed for Network Policies or other use cases.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}