Changes in OpenShift 4.9
As part of our ongoing improvement process, we evaluate the requirements and new features of each version of Red Hat OpenShift, not only for our customers, but also for our internal use. Version 4.9 of Red Hat’s flagship container platform was announced October 18th, 2021 and it included some very important changes, some of which are potentially breaking ones.
In this article, targeted towards DevOps engineers and maintenance crews, I will provide a short overview of the most important points to take care before upgrading to this new version.
Kubernetes 1.22
The most important change in OpenShift 4.9 is the update to Kubernetes 1.22. This release of Kubernetes has completely removed APIs marked as v1beta1
. The complete list is available in the Red Hat documentation website, but suffice to say that common objects such as Role
or RoleBinding
(rbac.authorization.k8s.io/v1beta1
) and even Ingress
(networking.k8s.io/v1beta1
) are no more.
This is a major change, and it needs to be taken care of for all users of your clusters before an upgrade takes place, and all manifest files using those resources should be updated accordingly. Red Hat’s Knowledge Base includes a special article explaining all the steps required for upgrading to OpenShift 4.9.
And of course, if you need any help regarding the upgrade process towards OpenShift 4.9, just contact us, we will be glad to help you and your teams.
Mutual TLS Authentication
Mutual TLS is a strong way to secure an application running in the cloud, allowing a server application to authenticate any client connecting to it. It comes with some complexity to setup and manage, as it requires a certificate authority. But thanks to its inclusion as a feature in OpenShift 4.9, its usage is much simpler now.
Please check the release notes section related to Mutual TLS for more information.
Registry Multiple Logins
In previous versions of OpenShift, you could only list one repository from a given registry per project. OpenShift 4.9 includes multiple logins to the same registry, which allows pods to pull images from specific repositories in the same registry, each with different credentials. You can even define a registry with a specific namespace. The documentation contains examples of manifests to use this feature.
Changes to lastTriggeredImageID
Field Update
And finally, here’s a change that can cause unforeseen headaches to your teams: OpenShift 4.9 does not update anymore the buildConfig.spec.triggers[].imageChange.lastTriggeredImageID
field when the ImageStreamTag
changes and references a new image. This subtle change in behavior is easy to overlook, and if your team depends on this feature, beware for trouble.
Learn More about OpenShift 4.9
If you’re interested in knowing what else changed in OpenShift 4.9, here are some selected resources published by Red Hat to help you:
- Red Hat OpenShift 4.9 Is Now Generally Available
- OpenShift Container Platform 4.9 release notes
- Time Is On Your Side: A Change to the OpenShift 4 Lifecycle
- How Customer Feedback Shaped OpenShift 4.9
- Ask an OpenShift Admin Office Hour – What’s new in OpenShift 4.9?
- Kuryr in OpenShift 4.9
- Introducing New Virtualization Features in OpenShift 4.9