Release Notes

This page lists notable changes in OpenShift releases which we find important. Reading release notes for you as a service.

OpenShift 4.19

OpenShift version 4.19 is available since 2025-06-17. This version is based on Kubernetes 1.32 and CRI-O 1.32. The RHCOS image uses RHEL 9.6 packages. Find the release notes in the upstream documentation at OpenShift Container Platform 4.19 release notes. The Red Hat unveils OpenShift 4.19 blog post is also a valuable resource.

Routes with externally managed certificates are becoming Generally Available

With this release, OpenShift Container Platform routes can be configured with third-party certificate management solutions, utilizing the .spec.tls.externalCertificate field in the route API. In this way, an externally managed TLS certificate can be referenced through secrets.

Gateway API support for configuring cluster ingress traffic is becoming Generally Available

With this release, ingress cluster traffic can be managed using Gateway API resources. Gateway API provides a robust networking solution within the transport layer, L4, and the application layer, L7, for OpenShift Container Platform clusters using a standardized open source ecosystem.

The Control Plane now supports TLS 1.3 and the Modern TLS security profile

For further information see Configuring the TLS security profile for the control plane.

Customization options for control plane machine names

This release enables specifying a prefix for machine names in the control plane machine set by setting spec.machineNamePrefix in the ControlPlaneMachineSet resource.

New CLI command to show PVC usage

With 4.19, the oc CLI supports a new admin command to see PVC usage: oc adm top pvc

Major version upgrade for Prometheus

In this release, Prometheus is upgraded from v2 to v3. This incurs some breaking changes that may affect user-managed configuration.

  • The le and quantile labels for classic histograms and summaries are now normalized during ingestion.

    For instance, le="10" is ingested as le="10.0" - as a result, queries that reference these labels as integers may no longer work as intended.

  • Configurations that send alerts to additional Alertmanager instances through additionalAlertmanagerConfigs through the Alertmanager v1 API are no longer supported.

cgroup v1 is removed

With 4.19, support for the deprecated cgroup v1 mode is dropped entirely.

Removal of deprecated APIs in Kubernetes 1.32

The following APIs are no longer available in Kubernetes 1.32 and need to be migrated:

  • FlowSchema needs to be migrated from flowcontrol.apiserver.k8s.io/v1beta3 to flowcontrol.apiserver.k8s.io/v1

  • PriorityLevelConfiguration needs to be migrated from flowcontrol.apiserver.k8s.io/v1beta3 to flowcontrol.apiserver.k8s.io/v1.

    This migration includes one notable change in the spec.limited.nominalConcurrencyShares field, which now only defaults to 30 when unspecified - an explicit value of 0 is left unchanged.

    For more information, see APIs removed from Kubernetes 1.32.

OpenShift 4.18

OpenShift version 4.18 is available since 2025-02-25. This version is based on Kubernetes 1.31 and CRI-O 1.31. The RHCOS image still uses RHEL 9.4 packages. Find the release notes in the upstream documentation at OpenShift Container Platform 4.18 release notes. The Red Hat unveils OpenShift 4.18 blog post is also a valuable resource.

Improved OLM v1 now Generally Available

The original OLM is now renamed to OLM (Classic). Starting with OpenShift 4.18, the new OLM v1 is enabled by default, alongside the old OLM (Classic). OLM (Classic) remains fully supported.

OLM v1 provides a better declarative workflow with a simplified API compared to OLM (Classic), and introduces some new features like continuous reconciliation and rollbacks, granular update control, and user-provided service accounts.

At the moment, OLM v1 only supports installing certain cluster extensions. See OLM v1 supported extensions.

Although the acronym "OLM" still stands for "Operator Lifecycle Manager," Red Hat is now using the term "Extensions" or "Cluster Extensions" to refer to OLM-managed Operators.

See Red Hat documentation on Extensions for further information on this feature.

Secret Store CSI Driver Operator is becoming Generally Available

The Secret Store CSI Driver Operator allows OCP to mount secrets, keys or certificates stored in external secret stores directly into pods. Supported secret store providers include AWS Secrets Manager, Azure Key Vault, Google Secret Manager, and HashiCorp Vault.

See Secrets Store CSI Driver for further information on this feature.

Deploy OpenShift across multiple vSphere vCenters now Generally Available

Deploying OCP across multiple vCenter clusters can be helpful for high availability. This feature has to be configured during installation and can’t be enabled after the fact on an already running cluster. There is no support for shared storage between multiple vCenters using this feature.

User workload monitoring improvements

OpenShift 4.18 brings multiple improvements in the user-workload monitoring stack:

  • User workload alerting and recording rules can query multiple projects (namespaces) at the same time

  • Scrape and rule evaluation intervals are configurable

Route annotation updates

OpenShift 4.18 deprecates the haproxy.router.openshift.io/ip_whitelist and haproxy.router.openshift.io/ip_blacklist annotations in favor of haproxy.router.openshift.io/ip_allowlist and haproxy.router.openshift.io/ip_denylist.

These annotations can also be used on Ingress objects.
crun is the default container runtime for new clusters

New clusters setup with OpenShift 4.18 use crun as the container runtime by default. runC is still supported, and upgrading existing clusters from OpenShift 4.17 to 4.18 doesn’t change the container runtime.