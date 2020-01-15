What is Kubernetes?

If they don’t work with Linux, Red Hat makes it clear that task one is the hybrid cloud via Kubernetes. In its final steps to support this, Red Hat is publishing its Kubernetes-based Red Hat OpenShift 4.3 and Red Hat OpenShift Container Storage 4 to provide Kubernetes container support with multiple cloud servers.

OpenShift 4.3 is based on Kubernetes 1.16. Red Hat supports customer upgrades from OpenShift 4.2 to 4.3.

Building on last year’s developer-friendly OpenShift 4.2, the new OpenShift release offers the Kubernetes version of Red Hat stronger platform security. In particular, it brings the FIPS-compatible encryption (FIPS 140-2 Level 1) that meets the Federal Information Processing Standard (FIPS 140-2) to OpenShift. FIPS validated cryptography is mandatory for US federal departments that encrypt sensitive data.

When OpenShift is running on Red Hat Enterprise Linux (RHEL) started in FIPS mode, OpenShift invokes the RHEL FIPS validated cryptographic libraries. The go-toolset that makes this functionality possible was already available to all Red Hat customers, but this makes use of OpenShift.

The new OpenShift also supports etcd encryption. Etcd is a popular distributed key value storage for storing data between clusters. This protects secrets at rest. Customers can encrypt sensitive data stored in etcd, making them better protected against malicious parties trying to access data such as secrets and configuration cards.

OpenShift now also supports Network-Bound Disk Encryption (NBDE). You can use this to automate the encryption of external Linux Unified Key Setup-on-disk format (LUKS). Even if someone steals your physical storage devices, they still don’t have access to your data.

In addition to security enhancements, the OpenShift 4.3 installer can implement OpenShift clusters in customer-managed, pre-existing Virtual Private Networks and Virtual Private Clouds (VPN / VPC) and subnets on Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). You can also install OpenShift clusters with privately targeted load balancer endpoints on AWS, Azure, and GCP. This allows you to use public cloud resources and block our Joe Random Cloud user.

With your own VPN / VPC roll and support for unconnected installations, you have more detailed control over your OpenShift installations. This also makes it easier to implement your own security best practices in the hybrid cloud of your organization, on whatever platforms you use it.

In addition, OpenShift administrators have access to a new encryption configuration application programming interface (API). This allows them to select the encryption suites for the Ingress controller, API server, and OAuth Operator for Transport Layer Security (TLS).

OpenShift 4.3 also makes it easier to manage the basics with automated health check and recovery. It also supports Kubernetes operators. These are methods for packaging, implementing and managing a Kubernetes application. Customers already have access to certified and community operators created by Red Hat and ISVs, but you can now register a private operator catalog within OperatorHub for your own approved operators. Red Hat claims: “Customers with installations with air holes may find this particularly useful for taking advantage of Operators for highly safe or sensitive environments.”

To make Operators more secure, Container Security Operator for Red Hat Quay is now available on OperatorHub.io and embedded in OpenShift’s OperatorHub. This means that you can use vulnerability scans on Quay and Clair on your Kubernetes-managed container images. This allows you to discover known vulnerabilities in containers before they can bite you in operations.

With Operators, you can use Red Hat OpenShift Container Storage 4 to manage container storage across multiple public clouds from a single Kubernetes-based control plane. Returning to the security theme of this OpenShift release, the latest Container Storage also offers enhanced built-in data protection features, such as encryption, anonymization, key separation, and multi-cloud deletion.

Based on Red Hat Ceph Storage, the new Container Storage 4 also has:

Easier implementation and greater automation through Rook’s storage orchestration capabilities. With the Rook.io Operator, developers have automated support from Kubernetes for easier implementation, packaging and expansion of storage on Red Hat OpenShift.

Faster sustained volume creation, allowing developers to build, test and release applications faster by shortening construction time and improving the efficiency of the continuous integration / continuous implementation (CI / CD).

Sounds good right?

Eric Sheppard, IDC’s Vice President of Infrastructure Platforms and Technologies Group, said: “Container storage is a rapidly evolving space. Red Hat integrated its permanent storage services as first-class citizens in the OpenShift Container Platform, allowing customers the next generation of storage-intensive application technology.”

With these releases, Red Hat remains a good argument for being your hybrid cloud platform of choice.

