Red Hat this week moved to make it easier to operationalize IT environments based on Kubernetes by making the latest versions of Red Hat OpenShift and Red Hat OpenShift Container Storage generally available.
Based on version 1.16 of Kubernetes, Red Hat OpenShift 4.3 adds a range of encryption enhancements, including support for remote enablement of Linux Unified Key Setup-on-disk-format (LUKS) encrypted volumes and the ability to encrypt data at rest. The latest version also meets the encryption requirements specified in the Federal Information Processing Standard (FIPS 140-2 Level 1).
At the same time, Red Hat is making it easier for Kubernetes clusters to access external storage residing on public clouds that support the S3 application programming interface (API). To achieve that goal, Red Hat added a multi-cloud object gateway to Red Hat OpenShift Container Storage 4 based on storage technology it gained with the acquisition last year of NooBaa.
In addition, Red Hat OpenShift Container Storage 4 adds support for Rook, an instance of Operator software for Kubernetes environments that simplifies software deployment on a Kubernetes cluster.
Brian Gracely, senior director for product strategy at Red Hat, says now that developers have brought Kubernetes into enterprise IT environments, the focus is shifting to how to operationalize and secure Kubernetes clusters at scale, especially now that stateful containerized applications that need to access persistent storage are being deployed. Initially, that may require IT organizations to dedicate personnel specifically to managing Kubernetes clusters. However, the longer-term goal should be to eliminate the need for Kubernetes specialists, he says.
To facilitate that transition, Red Hat OpenShift 4.3 now includes a configuration API that allows IT administrators to select the cipher suites that are used by the Ingress controller, API server and OAuth Operator for Transport Layer Security (TLS). That API makes it easier to adhere to existing security and networking standards defined by the IT organization.
Other Red Hat OpenShift 4.3 features include support for open source Prometheus monitoring tools, the ability to forward logs off cluster based on log type, access to a Node Topology Manager and the ability to resize persistent volumes. IT organizations can also extend and customize the OpenShift console.
OpenShift is at the core of the hybrid cloud computing strategy being implemented by Red Hat. IT organizations, for example, can install OpenShift clusters to customer-managed pre-existing VPN/VPC (virtual private network/virtual private cloud) and subnets on Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform, or alternatively install a cluster with private-facing load balancer endpoints that are not publicly exposed to the internet.
Regardless of the approach, Red Hat along with parent company IBM is making a case for retaining control over Kubernetes deployments running on-premises or in the cloud. Naturally, it remains to be seen to what degree Kubernetes will transform what is today a multi-cloud environment into a truly hybrid environment managed via a single control plane. At the very least, however, as Kubernetes continues to evolve and mature the opportunity to create a real hybrid cloud computing environment based on open source platforms spanning multiple clouds has finally arrived.