Chapter 3. Enhancements

Single Stack IPv6 is now supported in Red Hat OpenShift Data Foundation. For more information, see Single Stack IPv6 support.

This release introduces support for Key Management System (KMS) providers using Key Management Interoperability Protocol (KMIP) which uses client certificate for authentication. Thales CipherTrust Manager works well with OpenShift Data Foundation 4.12. For more information, see CipherTrust Manager.

The amount of space consumed by debugging logs can become a significant issue. With this update, it is possible to adjust and therefore control the amount of storage that can be consumed by debugging logs as the space consumed by the debugging logs can be a significant issue at times. For more information, see Adjusting verbosity level of logs.

With this enhancement, the IPsec framework provides Encryption in transit for a virtualized network that is used for pods and services. The virtualized network is provided by the Open Virtual Network (OVN)-Kubernetes Container Network Interface (CNI) plug-in. For more information, see Encryption in transit.

This enhancement enables you to fine-tune the performance of backingstores that are based on Multicloud Object Gateway (MCG) persistent volume (PV) pools. It provides the ability to modify the CPU and memory resource and limit for PV pool based backingstores to improve MCG’s performance for their workloads.

For more information, see Creating a local Persistent Volume-backed backingstore.

With this enhancement, it is possible to deploy Multicloud Object Gateway (MCG) in a secure mode and restricts any external access. This provides fine grained control over subnets that have access to MCG deployment. For more information, see Enabling secure mode deployment for Multicloud Object Gateway.

Permissions of newly created volumes now defaults to a more secure 755 instead of 777. FSGroupPolicy is now set to File (instead of ReadWriteOnceWithFSType in ODF 4.11) to allow application access to volumes based on FSGroup. This involves Kubernetes using fsGroup to change permissions and ownership of the volume to match user requested fsGroup in the pod’s SecurityPolicy.

For more information, see this knowledgebase solution.