Release Notes

Clusters which use OpenShift SDN as the network plugin can’t be upgraded past OpenShift 4.16.

This release changes the proxy service for monitoring components from OpenShift OAuth to kube-rbac-proxy.

This OpenShift release uses HProxy 2.8. Starting from this release, the OpenShift ingress HAProxy is configured to disallow SHA-1 certificates.

In previous OpenShift releases, a legacy API token secret was created for each service account to enable access to the integrated OpenShift image registry. Starting with this release, these legacy API token secrets aren’t generated anymore. Instead, each service account’s image pull secret for the integrated image registry uses a bound service account token which is automatically refreshed before it expires.

In RHEL 9 and RHCOS 9, the default mode is cgroupv2. In RHEL 10 and RHCOS 10, booting into cgroupv1 won’t be supported anymore. Therefore, cgroupv1 is deprecated in OpenShift 4.16 and later. cgroupv1 will be removed in a future OpenShift Container Platform release.

OpenShift will create event messages for pods still using iptables rules, since iptables support will be removed in RHEL 10 and RHCOS 10. If your software still uses iptables, please make sure to update your software to use nftables or eBPF.

OpenShift 4.16 makes the ReadWriteOncePod access mode for PVs and PVCs generally available. In contrast to RWO where a PVC can be used by many pods on a single node, RWOP PVCs can only be used by a single pod on a single node. For CSI drivers which support RWOP, the SELinux context mount from the pod or container is used to mount the volume directly with the correct SELinux labels. This eliminates the need to recursively relabel the volume and can make pod startup significantly faster.

Kubernetes removed the following deprecated APIs:

This release removes prometheus-adapter and introduces metrics-server to provide the metrics.k8s.io API. This should reduce load on the cluster monitoring Prometheus stack.

This release brings new dashboards to the OpenShift console, which display networking metrics. They can be found under Observe -→ Dashboards.

With this release, three new life cycle classifications for cluster operators are introduced: Platform Aligned, for operators whose maintenance streams align with the OpenShift version; Platform Agnostic, for operators who make use of maintenance streams but they don’t need to align with the OpenShift version; and Rolling Stream, for operators which use a single stream of rolling updates.

With this release, OpenShift Container Platform is updated to CoreDNS 1.11.1.

OpenShift SDN CNI is deprecated as of OCP 4.14. Starting with this release, Openshift SDN is no longer an option for new installations. In a subsequent future release, the OpenShift SDN network plugin is planned to be be removed and no longer supported. Red Hat will provide bug fixes and support for this feature until removed, but this feature will no longer receive enhancements.