Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 1. What’s new with Red Hat OpenShift Service on AWS
Red Hat OpenShift Service on AWS (ROSA) is a fully-managed, turnkey application platform that allows you to focus on delivering value to your customers by building and deploying applications. Red Hat and AWS site reliability engineering (SRE) experts manage the underlying platform so you do not have to worry about the complexity of infrastructure management. ROSA provides seamless integration with a wide range of AWS compute, database, analytics, machine learning, networking, mobile, and other services to further accelerate the building and delivering of differentiating experiences to your customers.
Red Hat OpenShift Service on AWS clusters are available on the Hybrid Cloud Console. With the Red Hat OpenShift Cluster Manager application for ROSA, you can deploy Red Hat OpenShift Service on AWS clusters to either on-premises or cloud environments.
1.1. New changes and updates
1.1.1. Q2 2024
-
ROSA CLI update. The ROSA CLI (
rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI. Approved Access for ROSA clusters. Red Hat Site Reliability Engineering (SRE) managing and proactively supporting ROSA Clusters will typically not require elevated access to customer clusters as part of the normal operations. In the unlikely event should Red Hat SRE (Site Reliability Engineer) need elevated access, the Approved Access functionality provides an interface for customers to review and approve or deny access requests.
Elevated access requests to ROSA clusters and the corresponding cloud accounts can be created by Red Hat SRE either in response to a customer-initiated support ticket or in response to alerts received by a Red Hat SRE, as part of the standard incident response process. For more information, see Approved Access. This is applicable to ROSA and Red Hat OpenShift Service on AWS (classic architecture).
-
ROSA command enhancement. The
rosa describecommand has a new optional argument,--get-role-policy-bindings. This new argument allows users to view the policies attached to STS roles assigned to the selected cluster. For more information, see describe cluster. - Expanded customer-managed policy capabilities. You can now attach customer-managed policies to the IAM roles required to run both ROSA (classic architecture) and ROSA clusters. Furthermore, these customer-managed policies, including the permissions attached to those policies, are not modified during cluster or role upgrades. For more information, see Customer-managed policies.
- Permission boundaries for the installer role policy. You can apply a policy as a permissions boundary on the ROSA installer role. The combination of policy and boundary policy limits the maximum permissions for the Amazon Web Services(AWS) Identity and Access Management (IAM) entity role. ROSA includes a set of three prepared permission boundary policy files, with which you can restrict permissions for the installer role since changing the installer policy itself is not supported. For more information, see Permission boundaries for the installer role. This is applicable only to Red Hat OpenShift Service on AWS (classic architecture).
- Cluster delete protection. You can now enable the cluster delete protection option, which helps to prevent you from accidentally deleting a cluster. For more information on using the cluster delete protection option with the ROSA CLI, see edit cluster. For more information on using the cluster delete protection option in the UI, see Creating a cluster with the default options using OpenShift Cluster Manager.
ROSA with HCP regions added. Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP) is now available in the following regions:
-
Zurich (
eu-central-2) -
Hong Kong (
ap-east-1) -
Osaka (
ap-northeast-3) -
Spain (
eu-south-2) UAE (
me-central-1)For more information on region availabilities, see Regions and availability zones.
-
Zurich (
- Added support for external authentication providers. You can now create clusters configured with external authentication providers, such as Microsoft Entra ID and KeyCloak. For more information, see Creating ROSA with HCP clusters with external authentication.
-
Longer cluster names enhancement. You can now specify a cluster name that is longer than 15 characters. For cluster names that are longer than 15 characters, you can customize the domain prefix for the cluster URL by using the
domain-prefixflag in the ROSA CLI (rosa) or by selecting the Create custom domain prefix checkbox in the Red Hat Hybrid Cloud Console. For more information, see create cluster in Managing objects with the ROSA CLI. -
Additional Security Groups for ROSA with HCP. Starting with ROSA CLI version 1.2.37, you can now use the
--additional-security-group-ids <sec_group_id>when creating machine pools on ROSA with HCP clusters. For more information, see Creating a machine pool using the ROSA CLI and the create machinepool section of the ROSA CLI reference. - Node management improvements. Now, you can perform specific tasks to make clusters more efficient. You can cordon, uncordon, and drain a specific node. For more information, see Working with nodes.
Node drain grace periods. You can now configure node drain grace periods in Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP) clusters with the
rosaCLI.For more information about configuring node drain grace periods, see Configuring node drain grace periods in Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP).
1.1.2. Q1 2024
- Machine pool update. You can now upgrade machine pools that are configured on ROSA with HCP clusters. For more information, see upgrade machinepool.
ROSA with HCP regions added. Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP) is now available in the following regions:
-
Hyderabad (
ap-south-2) -
Milan (
eu-south-1) -
London (
eu-west-2) -
Mumbai (
ap-south-1) -
Cape Town (
af-south-1) -
Seoul (
ap-northeast-2) Stockholm (
eu-north-1)For more information on region availabilities, see Regions and availability zones.
-
Hyderabad (
-
ROSA CLI update. The ROSA CLI (
rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI. - Log linking is enabled by default. Beginning with Red Hat OpenShift Service on AWS 4.15, log linking is enabled by default. Log linking gives you access to the container logs for your pods.
- Availability zone update. You can now optionally select a single availability zone (AZ) for machine pools when you have a multi-AZ cluster. For more information, see Creating a machine pool using the ROSA CLI.
- Log linking is enabled by default - Beginning with Red Hat OpenShift Service on AWS 4.15, log linking is enabled by default. Log linking gives you access to the container logs for your pods.
- Availability zone update. You can now optionally select a single availability zone (AZ) for machine pools when you have a multi-AZ cluster. For more information, see Creating a machine pool using the ROSA CLI.
-
Delete cluster command enhancement. With the release of ROSA CLI (
rosa) version 1.2.31, the--best-effortargument was added, which allows you to force-delete clusters when using therosa delete clustercommand. For more information, see delete cluster.
1.1.3. Q4 2023
-
ROSA CLI update. The ROSA CLI (
rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI. -
Delete cluster command enhancement. With the release of ROSA CLI (
rosa) version 1.2.31, the--best-effortargument was added, which allows you to force-delete clusters when using therosa delete clustercommand. For more information, see delete cluster. - Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP). ROSA with HCP is now generally available. For more information, see Creating ROSA with HCP clusters using the default options.
-
Configurable process identifier (PID) limits. With the release of ROSA CLI (
rosa) version 1.2.31, administrators can use therosa create kubeletconfigandrosa edit kubeletconfigcommands to set the maximum PIDs for an existing cluster. For more information, see Changing the maximum number of process IDs per pod (podPidsLimit) for ROSA. -
Configure custom security groups. With the release of ROSA CLI (
rosa) version 1.2.31, administrators can use therosa createcommand or the OpenShift Cluster Manager to create a new cluster or a new machine pool with up to 5 additional custom security groups. Configuring custom security groups gives administrators greater control over resource access in new clusters and machine pools. For more information, see Security groups. -
Command update. With the release of ROSA CLI (
rosa) version 1.2.28, a new command,rosa describe machinepool, was added that allows you to check detailed information regarding a specific ROSA cluster machine pool. For more information, see describe machinepool. - Documentation update. The Operators section was added to the ROSA documentation. Operators are the preferred method of packaging, deploying, and managing services on the control plane. For more information, see Operators overview.
- OpenShift Virtualization support. The release of OpenShift Virtualization 4.14 added support for running OpenShift Virtualization on ROSA Classic clusters. For more information, see OpenShift Virtualization on AWS bare metal in the OpenShift Container Platform documentation.
1.1.4. Q3 2023
-
ROSA CLI update. The ROSA CLI (
rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI. -
Cluster autoscaling. You can now enable cluster autoscaling using ROSA clusters. Cluster autoscaling automatically adjusts the size of a cluster so that all pods have a place to run, and there are no unneeded nodes. You can enable autoscaling during and after cluster creation using either OpenShift Cluster Manager or the ROSA CLI (
rosa). For more information, see Cluster autoscaling. - Shared virtual private clouds. ROSA now supports installing clusters into VPCs shared among AWS accounts that are part of AWS organizations. AWS account installing ROSA cluster can now use shared subnets owned by a management account. For more information, see Configuring a shared virtual private cloud for ROSA clusters.
- Machine pool disk volume size. You can now configure your machine pool disk volume size for additional flexibility. You can select your own sizing for the disk volumes of their worker machine pool nodes. For more information, see Configuring machine pool disk volume.
- Machine pool update. You can now add taints to the machine pool that is automatically generated during cluster creation. You can also delete this machine pool. This new feature provides more flexibility and cost-effectiveness for cluster administrators, specifically in regards to scaling infrastructure based on changing resource requirements. For more information, see Creating a machine pool.
ROSA regions added. Red Hat OpenShift Service on AWS (ROSA) is now available in the following regions:
-
Spain (
eu-south-2) -
Hyderabad (
ap-south-2) -
Melbourne (
ap-southeast-4) Zurich (
eu-central-2)For more information on region availabilities, see Regions and availability zones.
-
Spain (
- Documentation update. The CLI Tools section was added to the ROSA documentation and includes more detailed information to help you fully use all of the supported CLI tools. The ROSA CLI section can now be found nested inside the CLI Tools heading. For more information, see CLI tools overview.
- Documentation update. The Monitoring section in the documentation was expanded and now includes more detailed information to help you conveniently manage your ROSA clusters. For more information, see About Red Hat OpenShift Service on AWS monitoring.
1.1.5. Q2 2023
-
ROSA CLI update. The ROSA CLI (
rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI. -
ROSA region added. Red Hat OpenShift Service on AWS (ROSA) is now available in the United Arab Emirates (
me-central-1) region. For more information on region availability, see Regions and availability zones.
- Hosted control planes. Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP) clusters are now available as a Technology Preview feature. This new architecture provides a lower-cost, more resilient ROSA architecture. For more information, see Creating ROSA with HCP clusters using the default options.
ROSA with HCP is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.
1.1.6. Q1 2023
- OIDC provider endpoint URL update. Starting with ROSA CLI version 1.2.7, all new cluster OIDC provider endpoint URLs are no longer regional. Amazon CloudFront is part of this implementation to improve access speed, reduce latency, and improve resiliency. This change is only available for new clusters created with ROSA CLI 1.2.7 or later. There are no supported migration paths for existing OIDC provider configurations.
1.2. Known issues
-
If you configure your cluster using external OIDC configuration and set the
--user-authflag todisabled, the console pods might enter a crash loop. (OCPBUGS-29510) -
The OpenShift Cluster Manager roles (
ocm-role) and user roles (user-role) that are key to the ROSA provisioning wizard might get enabled accidentally in your Red Hat organization by another user. However, this behavior does not affect the usability. -
The
htpasswdidentity provider does not function as expected in all scenarios against therosa create adminfunction.
1.3. Updating the ROSA CLI tool
To use the latest version of the Red Hat OpenShift Service on AWS (ROSA) CLI, rosa, download the ROSA CLI (rosa) from the Hybrid Cloud Console. If you already have this tool, the procedure is the same for updates.
Procedure
- Download the file from the Hybrid Cloud Console.
- Unzip the downloaded file.
Move the file to the
/usr/bin/rosadirectory by running the following command:$ sudo mv rosa /usr/bin/rosa
Confirm your version by running the following command:
$ rosa version
Example output
<version> Your ROSA CLI is up to date.
1.4. Deprecated and removed features
Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in ROSA and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.
- ROSA non-STS deployment mode. ROSA non-STS deployment mode is no longer the preferred method for new clusters. Instead, users must deploy ROSA with the STS mode. This deprecation is in line with our new ROSA provisioning wizard UI experience at https://console.redhat.com/openshift/create/rosa/wizard.
-
Label removal on core namespaces. ROSA is no longer labeling OpenShift core using the
namelabel. Customers should migrate to referencing thekubernetes.io/metadata.namelabel if needed for Network Policies or other use cases.
