Release Notes

OpenShift 4.21 improves autoscaling. The Cluster Resource Override Operator, Cluster Autoscaler, Vertical Pod Autoscaler, and Horizontal Pod Autoscaler now include network policies that restrict Operator and operand pod traffic to explicitly allowed communication only. The Vertical Pod Autoscaler can also use InPlaceOrRecreate mode to apply resource recommendations without recreating pods where possible, falling back to pod recreation when needed. In addition, the Cluster Autoscaler can now be configured to cordon nodes before draining and removing them, giving administrators safer control over scale-down operations.

Linux Pressure Stall Information is a kernel feature that measures how much time tasks spend stalled because they can’t get CPU, memory, or I/O when they need it. This will be helpful to detect clusters at risk of overload, especially in shared environments.

The default openshift cluster image policy is now GA and enabled by default. Clusters upgrading from OCP 4.20 or earlier that already have a custom ClusterImagePolicy named openshift will be marked Upgradeable=False. Rename or recreate the custom policy under a different name, then remove the old openshift policy before upgrading. You can find more information here.

Broadcom has ended general support for VMware vSphere 7 and VMware Cloud Foundation (VCF) 4. If your existing OpenShift Container Platform cluster is running on either of these platforms, you must plan to migrate or upgrade your VMware infrastructure to a supported version.

OpenShift 4.20 now enables direct integration with external OIDC identity providers for issuing auth tokens. This gives more control over the authentication system to the cluster administrators and can simplify user management.

The External Secrets Operator is a cluster service that provides lifecycle management for secrets fetched from external secret management systems (such as AWS Secrets Manager, HashiCorp Vault, and Azure Key Vault). The operator provisions, fetches and refreshes the secret within the cluster, ensuring a secure and efficient secrets flow without direct application involvement.

OpenShift Container Platform 4.20 brings several new capabilities to OpenShift AI that improve the scalability of AI workflows, such as simplified deployments of distributed AI workloads (leveraging the LeaderWorkerSet resource), and improved load balancing for distributed inference with llm-d (leveraging the Kubernetes Gateway API Inference Extensions).

For clusters on VMware vSphere, it has been possible since OpenShift 4.18 to set up the cluster with multiple network interface controllers for one node. This feature is now becoming Generally Available.

Support for deploying pods into Linux user namespaces is now generally available and enabled by default. This feature improves isolation, mitigating security vulnerabilities that one compromised container can pose to other pods and the node itself.

Support for Docker v2 registries will be removed in a future release. At that point, all mirroring operations will require a registry that supports the OCI specification.

The Red Hat Marketplace index for OLM-based cluster operators is being sunset. Customers using software from the Marketplace should reach out to the software vendor to find out how to migrate away from the Marketplace Operator.

The following APIs are no longer available in Kubernetes 1.32 and need to be migrated: