Release Notes
This page lists notable changes in OpenShift releases which we find important. Reading release notes for you as a service. |
OpenShift 4.19
OpenShift version 4.19 is available since 2025-06-17. This version is based on Kubernetes 1.32 and CRI-O 1.32. The RHCOS image uses RHEL 9.6 packages. Find the release notes in the upstream documentation at OpenShift Container Platform 4.19 release notes. The Red Hat unveils OpenShift 4.19 blog post is also a valuable resource.
- Routes with externally managed certificates are becoming Generally Available
-
With this release, OpenShift Container Platform routes can be configured with third-party certificate management solutions, utilizing the
.spec.tls.externalCertificate
field in the route API. In this way, an externally managed TLS certificate can be referenced through secrets.For more information, see Creating a route with externally managed certificate.
- Gateway API support for configuring cluster ingress traffic is becoming Generally Available
-
With this release, ingress cluster traffic can be managed using Gateway API resources. Gateway API provides a robust networking solution within the transport layer, L4, and the application layer, L7, for OpenShift Container Platform clusters using a standardized open source ecosystem.
For further information, see Gateway API with OpenShift Container Platform networking.
- The Control Plane now supports TLS 1.3 and the Modern TLS security profile
-
For further information see Configuring the TLS security profile for the control plane.
- Customization options for control plane machine names
-
This release enables specifying a prefix for machine names in the control plane machine set by setting
spec.machineNamePrefix
in theControlPlaneMachineSet
resource.For further information see Adding a custom prefix to control plane machine names.
- New CLI command to show PVC usage
-
With 4.19, the
oc
CLI supports a new admin command to see PVC usage:oc adm top pvc
- Major version upgrade for Prometheus
-
In this release, Prometheus is upgraded from v2 to v3. This incurs some breaking changes that may affect user-managed configuration.
-
The
le
andquantile
labels for classic histograms and summaries are now normalized during ingestion.For instance,
le="10"
is ingested asle="10.0"
- as a result, queries that reference these labels as integers may no longer work as intended. -
Configurations that send alerts to additional Alertmanager instances through
additionalAlertmanagerConfigs
through the Alertmanager v1 API are no longer supported.
-
- cgroup v1 is removed
-
With 4.19, support for the deprecated cgroup v1 mode is dropped entirely.
- Removal of deprecated APIs in Kubernetes 1.32
-
The following APIs are no longer available in Kubernetes 1.32 and need to be migrated:
-
FlowSchema
needs to be migrated fromflowcontrol.apiserver.k8s.io/v1beta3
toflowcontrol.apiserver.k8s.io/v1
-
PriorityLevelConfiguration
needs to be migrated fromflowcontrol.apiserver.k8s.io/v1beta3
toflowcontrol.apiserver.k8s.io/v1
.This migration includes one notable change in the
spec.limited.nominalConcurrencyShares
field, which now only defaults to30
when unspecified - an explicit value of0
is left unchanged.For more information, see APIs removed from Kubernetes 1.32.
-
OpenShift 4.18
OpenShift version 4.18 is available since 2025-02-25. This version is based on Kubernetes 1.31 and CRI-O 1.31. The RHCOS image still uses RHEL 9.4 packages. Find the release notes in the upstream documentation at OpenShift Container Platform 4.18 release notes. The Red Hat unveils OpenShift 4.18 blog post is also a valuable resource.
- Improved OLM v1 now Generally Available
-
The original OLM is now renamed to
OLM (Classic)
. Starting with OpenShift 4.18, the new OLM v1 is enabled by default, alongside the old OLM (Classic). OLM (Classic) remains fully supported.OLM v1 provides a better declarative workflow with a simplified API compared to OLM (Classic), and introduces some new features like continuous reconciliation and rollbacks, granular update control, and user-provided service accounts.
At the moment, OLM v1 only supports installing certain cluster extensions. See OLM v1 supported extensions.
Although the acronym "OLM" still stands for "Operator Lifecycle Manager," Red Hat is now using the term "Extensions" or "Cluster Extensions" to refer to OLM-managed Operators.
See Red Hat documentation on Extensions for further information on this feature.
- Secret Store CSI Driver Operator is becoming Generally Available
-
The Secret Store CSI Driver Operator allows OCP to mount secrets, keys or certificates stored in external secret stores directly into pods. Supported secret store providers include AWS Secrets Manager, Azure Key Vault, Google Secret Manager, and HashiCorp Vault.
See Secrets Store CSI Driver for further information on this feature.
- Deploy OpenShift across multiple vSphere vCenters now Generally Available
-
Deploying OCP across multiple vCenter clusters can be helpful for high availability. This feature has to be configured during installation and can’t be enabled after the fact on an already running cluster. There is no support for shared storage between multiple vCenters using this feature.
- User workload monitoring improvements
-
OpenShift 4.18 brings multiple improvements in the user-workload monitoring stack:
-
User workload alerting and recording rules can query multiple projects (namespaces) at the same time
-
Scrape and rule evaluation intervals are configurable
-
- Route annotation updates
-
OpenShift 4.18 deprecates the
haproxy.router.openshift.io/ip_whitelist
andhaproxy.router.openshift.io/ip_blacklist
annotations in favor ofhaproxy.router.openshift.io/ip_allowlist
andhaproxy.router.openshift.io/ip_denylist
.These annotations can also be used on Ingress
objects. crun
is the default container runtime for new clusters-
New clusters setup with OpenShift 4.18 use
crun
as the container runtime by default.runC
is still supported, and upgrading existing clusters from OpenShift 4.17 to 4.18 doesn’t change the container runtime.