Red Hat ups OpenShift security, ties in Container Storage platform

Red Hat has released v4.3 of OpenShift, jacking up the Kubernetes platform’s security credentials and opening up its Operator process.

The latest version also coincides with the release of OpenShift Container Storage Platform, which is designed to bring multi-cloud storage for OpenShift users.

Red Hat’s major play with OpenShift Container Platform 4.3 is security, with the addition of FIPS compliant encryption, which is mandatory for US government departments who need to encrypt data.

The new version also delivers support for encryption of etcd, allowing encryption of secrets at rest, and Network-Bound Disk Encryption, allowing automated remote enablement of LUKS-encrypted volumes.

The latest version also adds the ability to register a private catalog within OperatorHub, making it easier for organisations to create their own Operators. At the same time, the Container Security Operator for Red Hat Quay is now available on OperatorHub, meaning Kubernetes admins can monitor container image vulns in their clusters.

The release of OpenShift 4.3 coincides with the debut of Red Hat Container Storage Platform 4.2

This was previously called Container Native Storage, and was initially aimed at solving the issue of persistence as containers, then Kubernetes in particular, grabbed the hearts of minds of developers, said Irshad Raihan, director of product marketing at Red Hat Storage

“Our attempt here is to make storage a first class citizen inside the Kubernetes distribution,” said Raihan.

“From the customer perspective, OpenShift and Storage should really work as one,” he said. ”Developers should be able to manage storage through the OpenShift GUIs without becoming a storage expert.

“In many ways we’re taking the storage admin out of the picture and letting Kubernetes be the control plane for both applications as well as for infrastructure.”

Even where customers were running stateless apps, he said, it made sense to be “Using the same storage for app data, as well as the infrastructure data.”

At the same time, he said, more data heavy, traditional applications were heading towards OpenShift, such as SQL workloads. “As we look ahead, one of the next waves we’re seeing coming to OpenShift is these really massive data hungry apps around AI/ML for instance.”

A key element of the revved platform is the focus on hybrid and multi cloud, something he said that “at aggregate level” was still in the early adopter phase. So, the platform released this week incorporates the Multi-Cloud Object Gateway Red Hat inherited through its acquisition of NooBaa in 2018. “As a developer you’re coding to just a single end point, rather than having to worry about where your data actually resides…With NooBaa we have that consistent S3 endpoint for customers.”

The platform also supports the Container Storage Interface, as well as Rook, which Raihan said was becoming the defacto storage orchestrator for Kubernetes. And of course, it is based on Ceph, the open source storage platform developed by Sage Weil, whose company, InkTank, Red Hat bought in 2014.