Release Notes

An API has been removed in Kubernetes 1.27. Before updating a cluster to OpenShift 4.14, check for usage of the following API:

With OpenShift Container Platform 4.14, a new oc command-line interface (CLI) flag, --web is now available for the oc login command.

With this release, OpenShift Container Platform is updated to HAProxy 2.6.

With this release, the monitoring pages in the Observe section of the OpenShift Container Platform web console are deployed as a dynamic plugin. With this change, the Cluster Monitoring Operator (CMO) is now the component that deploys the OpenShift Container Platform web console monitoring plugin resources.

With this release, you can now specify resource requests and limits for all monitoring components, including the following:

As of OpenShift Container Platform 4.14, DeploymentConfig objects are deprecated. DeploymentConfig objects are still supported, but aren’t recommended for new installations. Only security-related and critical issues will be fixed.

OpenShift SDN CNI is deprecated as of OpenShift Container Platform 4.14. It’s currently planned that the network plugin won’t be an option for new installations in the next minor release of OpenShift Container Platform. In a subsequent future release, the OpenShift SDN network plugin is planned to be be removed and no longer supported. Red Hat will provide bug fixes and support for this feature until removed, but this feature will no longer receive enhancements. As an alternative to OpenShift SDN CNI, you can use OVN Kubernetes CNI instead.

Multiple APIs are deprecated in Kubernetes 1.26. Before updating a cluster to OpenShift 4.13, check for usage of the following APIs:

OpenShift 4.13 supports installation across multiple vSphere datacenters and clusters. Defining logic failure domains allows reducing the risk of data loss and downtime.

Cgroup v2 is now generally available in OpenShift 4.13. It provides a more robust and flexible mechanism for allocating resources to containers.

The developer view in the OpenShift web console provides multiple new features. Serverless functions can now be added to the cluster by either importing them from a Git repository or by creating them from a template. The topology view, the pod details and the pod list now shows which pods receive traffic.

OpenShift 4.13 includes an operated version of cert-manager.

The RHCOS image layering feature is now generally available. This feature should make it easier to add additional packages and configuration to the RHCOS image.

Pod Security Admission runs globally with restricted audit logging and API warnings. This means while everything should still run as it did before, if users rely on security contexts being set by OpenShift’s SCCs they’ll encounter warnings like the following:

Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "nginx" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "nginx" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "nginx" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nginx" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")