Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
What’s new
Highlights of what is new and what has changed in Red Hat OpenShift Service on AWS
Abstract
Chapter 1. What’s new with Red Hat OpenShift Service on AWS
Red Hat OpenShift Service on AWS is a fully-managed, turnkey application platform that allows you to focus on delivering value to your customers by building and deploying applications. Red Hat and AWS site reliability engineering (SRE) experts manage the underlying platform so you do not have to worry about the complexity of infrastructure management. Red Hat OpenShift Service on AWS provides seamless integration with a wide range of AWS compute, database, analytics, machine learning, networking, mobile, and other services to further accelerate the building and delivering of differentiating experiences to your customers.
Red Hat OpenShift Service on AWS clusters are available on the Red Hat Hybrid Cloud Console. With the Red Hat OpenShift Cluster Manager application for Red Hat OpenShift Service on AWS, you can deploy Red Hat OpenShift Service on AWS clusters to cloud environments.
1.1. New changes and updates
1.1.1. Q3 2025
- New cluster deletion policy. Red Hat OpenShift Service on AWS clusters now have a new deletion policy. This policy is based on a set time period of customer non-response to service notifications. For more information, see Deletion policy. For specific revised terms and conditions, refer to Product Appendix 4.
- Shared VPC for ROSA with HCP clusters. You can create Red Hat OpenShift Service on AWS clusters in shared, centrally-managed AWS virtual private clouds (VPCs). For more information, see Configuring a shared VPC for ROSA with HCP clusters.
-
Deprecated
--private-linkflags for Red Hat OpenShift Service on AWS clusters. Architectural changes to the ROSA CLI 1.2.55 make networking more flexible for Red Hat OpenShift Service on AWS clusters. The--private-linkflag previously used when creating a Red Hat OpenShift Service on AWS cluster is now deprecated in favor of the--privateand--default-ingress-privateflags. Now, users can choose to have a combination of a public or private API with a public or private ingress. For more information, see Creating a private cluster on Red Hat OpenShift Service on AWS. - Changed default ingress listening method to begin with Day 1 operations. Previously, the default ingress listening method was a Day 2 operation. Now, the default ingress listening method is a Day 1 operation.
1.1.2. Q2 2025
Updated version requirements for migration from OpenShift SDN to OVN-Kubernetes. Your cluster version must be 4.16.43 or above to initiate live migration from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin.
If your cluster uses the OpenShift SDN network plugin, you cannot upgrade to future major versions of Red Hat OpenShift Service on AWS without migrating to OVN-Kubernetes.
- AWS Trainium and Inferentia instance types now supported. You can now use Amazon Web Services (AWS) Trainium and Inferentia instance types for your Red Hat OpenShift Service on AWS clusters. For more information, see Red Hat OpenShift Service on AWS instance types.
- New version of Red Hat OpenShift Service on AWS available. Red Hat OpenShift Service on AWS version 4.19 is now available for new clusters.
1.1.3. Q1 2025
Red Hat OpenShift Service on AWS region added. Red Hat OpenShift Service on AWS is now available in the following regions:
-
Malaysia (
ap-southeast-5) -
Tel Aviv (
il-central-1) Calgary (
ca-west-1)For more information on region availabilities, see Regions and availability zones.
-
Malaysia (
- New version of Red Hat OpenShift Service on AWS available. Red Hat OpenShift Service on AWS version 4.18 is now available. For more information about upgrading to this latest version, see Upgrading Red Hat OpenShift Service on AWS clusters.
Graphical installer enhancements. You can now use the graphical installer in Red Hat Hybrid Cloud Console to configure the following options when you create your cluster:
-
Configure a
cluster-adminuser and optionally define a custom password. - Configure the root disk size for the default machine pool.
-
Configure a
- Image configuration is now available for Red Hat OpenShift Service on AWS. You can configure registries within a cluster to exclude some registries or allow only a defined list. It also allows to expose additional trusted bundle for registries to pull from. For more information, see Image configuration resources for Red Hat OpenShift Service on AWS.
- Red Hat OpenShift Service on AWS now creates independent security groups for the AWS PrivateLink endpoint and worker nodes. Red Hat OpenShift Service on AWS clusters version 4.17.2 and greater can now add additional AWS security groups to the AWS PrivateLink endpoint to allow additional ingress traffic to the cluster’s API. For more information, see Adding additional AWS security groups to the AWS PrivateLink endpoint.
-
Egress zero is now generally available on Red Hat OpenShift Service on AWS clusters. You can create a fully operational cluster that does not require a public egress by configuring a virtual private cloud (VPC) and using the
--properties zero_egress:trueflag when creating your cluster. For more information, see Creating a Red Hat OpenShift Service on AWS clusters with egress zero.
1.1.4. Q4 2024
-
Create a VPC using the ROSA CLI. The
rosa create networkcommand lets you use the ROSA CLI to create a VPC for your cluster based on an AWS CloudFormation template. You can use this command to create and configure a VPC before creating your cluster. For more information, see create network. - Create additional security groups in Red Hat OpenShift Service on AWS clusters. Starting with ROSA CLI version 1.2.47, you can now create additional security groups using the ROSA CLI when creating Red Hat OpenShift Service on AWS clusters. Note that additional security group IDs attached to the machine pool cannot be modified. To remove or add more security group IDs, replace the entire machine pool with a new one.
-
ROSA CLI update. The ROSA CLI (
rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI. -
VolumeDetachTimeoutconfiguration applied to machine pools for Red Hat OpenShift Service on AWS. Red Hat OpenShift Service on AWS is applying aVolumeDetachTimeoutconfiguration of 5 minutes to all machine pools. This prevents issues with node deletion when volumes fail to detach. - Configure machine pool disk volume for Red Hat OpenShift Service on AWS clusters. You can now configure the disk volume size for machine pools in Red Hat OpenShift Service on AWS clusters. The default disk size is 300 GiB, and you can configure it from a minimum of 75 GiB to a maximum of 16,384 GiB. For more information, see Configuring machine pool disk volume.
- Edit the billing account for existing Red Hat OpenShift Service on AWS clusters. You can now update the billing account associated with your Red Hat OpenShift Service on AWS clusters after cluster creation. For more information, see the OpenShift Cluster Manager documentation: Updating billing accounts for OpenShift Service on AWS Hosted Control Planes clusters.
1.1.5. Q3 2024
- Red Hat OpenShift Service on AWS multi-architecture cluster update. Red Hat OpenShift Service on AWS clusters created before 25 July, 2024 will migrate to a multi-architecture image on their next upgrade allowing you to use Amazon Web Services (AWS) Arm-based Graviton instance types for your workloads. For more information, see Upgrading ROSA with HCP clusters.
- Red Hat OpenShift Service on AWS cluster node limit update. Red Hat OpenShift Service on AWS clusters can now scale to 500 worker nodes. This is an increase from the previous limit of 250 nodes. The 250 node limit is an increase from the previous limit 90 nodes on 26 August, 2024.
- IMDSv2 support in Red Hat OpenShift Service on AWS. You can now enforce the use of the IMDSv2 endpoint for default machine pool worker nodes on new Red Hat OpenShift Service on AWS clusters and for new machine pools on existing clusters. For more information, see Creating a default Red Hat OpenShift Service on AWS cluster using Terraform.
-
Upgrade multiple nodes simultaneously. You can now configure a machine pool to upgrade multiple nodes simultaneously. Two new machine pool parameters,
max-surgeandmax-unavailable, give you greater control over how machine pool upgrades occur. For more information, see Upgrading Red Hat OpenShift Service on AWS clusters. - Red Hat OpenShift Service on AWS Graviton Arm-based instance types. You can now use Amazon Web Services (AWS) Arm-based Graviton instance types for your workloads in Red Hat OpenShift Service on AWS clusters created after 24 July, 2024. For more information, see AWS Graviton Arm-based instance types.
- ROSA with HCP Graviton Arm-based instance types. You can now use Amazon Web Services (AWS) Arm-based Graviton instance types for your workloads in Red Hat OpenShift Service on AWS clusters created after 24 July, 2024. For more information, see AWS Graviton Arm-based instance types.
-
ROSA CLI update. The ROSA CLI (
rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI.
1.1.6. Q2 2024
- Approve additional principals for Red Hat OpenShift Service on AWS clusters. You can approve additional user-roles to connect to your cluster’s private API server endpoint. For more information, see Additional principals on your Red Hat OpenShift Service on AWS cluster.
-
ROSA CLI update. The ROSA CLI (
rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI. Approved Access for Red Hat OpenShift Service on AWS clusters. Red Hat Site Reliability Engineering (SRE) managing and proactively supporting ROSA Clusters will typically not require elevated access to customer clusters as part of the normal operations. In the unlikely event should Red Hat SRE (Site Reliability Engineer) need elevated access, the Approved Access functionality provides an interface for customers to review and approve or deny access requests.
Elevated access requests to ROSA clusters and the corresponding cloud accounts can be created by Red Hat SRE either in response to a customer-initiated support ticket or in response to alerts received by a Red Hat SRE, as part of the standard incident response process. For more information, see Approved Access.
-
rosa`command enhancement. Therosa describecommand has a new optional argument,--get-role-policy-bindings. This new argument allows users to view the policies attached to STS roles assigned to the selected cluster. For more information, see describe cluster. - Expanded customer-managed policy capabilities. You can now attach customer-managed policies to the IAM roles required to run Red Hat OpenShift Service on AWS clusters. Furthermore, these customer-managed policies, including the permissions attached to those policies, are not modified during cluster or role upgrades. For more information, see Customer-managed policies.
Red Hat OpenShift Service on AWS regions added. Red Hat OpenShift Service on AWS is now available in the following regions:
-
Zurich (
eu-central-2) -
Hong Kong (
ap-east-1) -
Osaka (
ap-northeast-3) -
Spain (
eu-south-2) UAE (
me-central-1)For more information on region availabilities, see Regions and availability zones.
-
Zurich (
- Added support for external authentication providers. You can now create clusters configured with external authentication providers, such as Microsoft Entra ID and KeyCloak. For more information, see Creating Red Hat OpenShift Service on AWS clusters with external authentication.
- Added support for external authentication providers. You can now create clusters configured with external authentication providers, such as Microsoft Entra ID and KeyCloak. For more information, see Creating ROSA with HCP clusters with external authentication.
-
Longer cluster names enhancement. You can now specify a cluster name that is longer than 15 characters. For cluster names that are longer than 15 characters, you can customize the domain prefix for the cluster URL by using the
domain-prefixflag in the ROSA CLI (rosa) or by selecting the Create custom domain prefix checkbox in the Red Hat Hybrid Cloud Console. For more information, see create cluster in Managing objects with the ROSA CLI. -
Additional Security Groups for Red Hat OpenShift Service on AWS. Starting with ROSA CLI version 1.2.37, you can now use the
--additional-security-group-ids <sec_group_id>when creating machine pools on ROSA with HCP clusters. For more information, see Creating a machine pool using the ROSA CLI and the create machinepool section of the ROSA CLI reference. - Node management improvements. Now, you can perform specific tasks to make clusters more efficient. You can cordon, uncordon, and drain a specific node. For more information, see Working with nodes.
Node drain grace periods. You can now configure node drain grace periods in ROSA with HCP clusters with the
rosaCLI.For more information about configuring node drain grace periods, see Configuring node drain grace periods in Red Hat OpenShift Service on AWS.
1.1.7. Q1 2024
- Machine pool update. You can now upgrade machine pools that are configured on ROSA with HCP clusters. For more information, see upgrade machinepool.
Red Hat OpenShift Service on AWS regions added. Red Hat OpenShift Service on AWS is now available in the following regions:
-
Hyderabad (
ap-south-2) -
Milan (
eu-south-1) -
London (
eu-west-2) -
Mumbai (
ap-south-1) -
Cape Town (
af-south-1) -
Seoul (
ap-northeast-2) Stockholm (
eu-north-1)For more information on region availabilities, see Regions and availability zones.
-
Hyderabad (
-
ROSA CLI update. The ROSA CLI (
rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI. - Log linking is enabled by default. Beginning with Red Hat OpenShift Service on AWS 4.15, log linking is enabled by default. Log linking gives you access to the container logs for your pods.
- Availability zone update. You can now optionally select a single availability zone (AZ) for machine pools when you have a multi-AZ cluster. For more information, see Creating a machine pool using the ROSA CLI.
- Log linking is enabled by default - Beginning with Red Hat OpenShift Service on AWS 4.15, log linking is enabled by default. Log linking gives you access to the container logs for your pods.
-
Delete cluster command enhancement. With the release of ROSA CLI (
rosa) version 1.2.31, the--best-effortargument was added, which allows you to force-delete clusters when using therosa delete clustercommand. For more information, see delete cluster.
1.2. Known issues
-
The OpenShift Cluster Manager roles (
ocm-role) and user roles (user-role) that are key to the Red Hat OpenShift Service on AWS provisioning wizard might get enabled accidentally in your Red Hat organization by another user. However, this behavior does not affect the usability. -
The
htpasswdidentity provider does not function as expected in all scenarios against therosa create adminfunction.
1.3. Updating the ROSA CLI tool
To use the latest version of the Red Hat OpenShift Service on AWS (ROSA) CLI, rosa, download the ROSA CLI (rosa) from the Hybrid Cloud Console. If you already have this tool, the procedure is the same for updates.
Procedure
- Download the file from the Hybrid Cloud Console.
- Unzip the downloaded file.
Move the file to the
/usr/bin/rosadirectory by running the following command:sudo mv rosa /usr/bin/rosa
$ sudo mv rosa /usr/bin/rosaCopy to Clipboard Copied! Toggle word wrap Toggle overflow Confirm your version by running the following command:
rosa version
$ rosa versionCopy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
<version> Your ROSA CLI is up to date.
<version> Your ROSA CLI is up to date.Copy to Clipboard Copied! Toggle word wrap Toggle overflow
1.4. Deprecated and removed features
Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in Red Hat OpenShift Service on AWS and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.
- Disable workload monitoring. Previously, users could disable workload monitoring on Red Hat OpenShift Service on AWS clusters. However, to allow users to own the full Cluster Monitoring Operator (CMO) stack on Red Hat OpenShift Service on AWS clusters, the ability to disable workload monitoring has been deprecated. For more information, see Preparing to configure the user workload monitoring stack.
- ROSA non-STS deployment mode. ROSA non-STS deployment mode is no longer the preferred method for new clusters. Instead, users must deploy ROSA with the STS mode. This deprecation is in line with our new ROSA provisioning wizard UI experience on the Red Hat Hybrid Cloud Console.
-
Label removal on core namespaces. Red Hat OpenShift Service on AWS is no longer labeling OpenShift core using the
namelabel. Customers should migrate to referencing thekubernetes.io/metadata.namelabel if needed for Network Policies or other use cases.
Legal Notice
Copyright © 2025 Red Hat
OpenShift documentation is licensed under the Apache License 2.0 (https://www.apache.org/licenses/LICENSE-2.0).
Modified versions must remove all Red Hat trademarks.
Portions adapted from https://github.com/kubernetes-incubator/service-catalog/ with modifications by Red Hat.
Red Hat, Red Hat Enterprise Linux, the Red Hat logo, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation’s permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}