Red Hat gives an ARM up to OpenShift Kubernetes operations

Red Hat is perhaps best known as a Linux operating system vendor, but it is the company’s OpenShift platform that represents its fastest growing segment.

Today, Red Hat announced the general availability of OpenShift 4.12, bringing a series of new capabilities to the company’s hybrid cloud application delivery platform. OpenShift is based on the open source Kubernetes container orchestration system, originally developed by Google, that has been run as the flagship project of the Linux Foundation’s Cloud Native Computing Foundation (CNCF) since 2014.

OpenShift runs across multiple public cloud providers and is also able to run on-premises in private cloud deployments as well. OpenShift is widely used to run any type of workload and in recent years has found increasing traction with artificial intelligence and machine learning use cases.

With the new release, Red Hat is integrating new capabilities to help improve security and compliance for OpenShift, as well as new deployment options on ARM-based architectures. The OpenShift 4.12 release comes as Red Hat continues to expand its footprint, announcing partnerships with Oracle and SAP this week. 

IBM reveals OpenShift’s value

The financial importance of OpenShift to Red Hat and its parent company IBM has also been revealed, with IBM reporting in its earnings that OpenShift is a $1 billion business.

“Open-source solutions solve major business problems every day, and OpenShift is just another example of how Red Hat brings business and open source together for the benefit of all involved,” Mike Barrett, VP of product management at Red Hat, told VentureBeat. “We’re very proud of what we have accomplished thus far, but we’re not resting at $1B.”

OpenShift 4.12 giving security a new profile

Red Hat OpenShift is based on the open-source Kubernetes project, but it also extends what is available with its own set of open-source features. 

One of the core areas where Red Hat has invested effort in recent years is with a concept known as a Kubernetes Operator. With an Operator, there is a manifest file that defines how a particular set of services should operate within a Kubernetes cluster. Operators are useful both for initial setup as well as for ongoing operations.

Among the new features in OpenShift 4.12 are a pair of Operators designed to help improve security and compliance.

Barrett explained that the new Red Hat OpenShift Security Profiles Operator (SPO) provides a way to define secure computing (seccomp) profiles and security enhanced Linux (SELinux) profiles as custom resources, synchronizing profiles to every node in a given Kubernetes namespace. With Kubernetes, a namespace provides a way to identify different resources running in a cluster.  Both seccomp and SELinux provide a set of controls for how system and application processes can (or cannot) be executed given certain constraints.

The SPO can work together with other security controls that are native to Kubernetes, including the Open Policy Agent (OPA) Gatekeeper open-source project, which is led by startup Styra. Barrett explained that OPA Gatekeeper is what is known as a Kubernetes admission controller plugin. It enables customers to define admission policies using the OPA policy language called Rego. Barrett noted that OPA Gatekeeper can be used to determine whether a new resource is required to have a seccomp profile to be admitted, but it cannot help with defining custom seccomp or SELinux profiles, which is where SPO now fits in. 

Red Hat is also updating its Compliance Operator in the OpenShift 4.12 update. The Compliance Operator has been designed to help ensure that a given deployment meets with an organization’s regulatory compliance requirements. Red Hat has long focused on supporting compliance efforts with its platform, introducing the open-source OpenSCAP back in 2015 for its enterprise Linux platforms. OpenSCAP is a scanner that uses the Security Content Automation Protocol (SCAP) supported by the U.S. National Institute of Standards and Technology (NIST).

With the OpenShift 4.12 update, the Compliance Operator is able to support a longer list of compliance profiles for government and industry-related regulations.

“Red Hat tests and updates the profiles available for the Compliance Operator with every release,” Barrett said.

OpenShift gets an ‘ARM’ up

OpenShift, like many applications developed in the last several decades, originally was built just for the x86 architecture that runs on CPUs from Intel and AMD. That situation is increasingly changing as OpenShift is gaining more support to run on the ARM processor with the OpenShift 4.12 update.

Barrett noted that Red Hat OpenShift announced support for the AWS Graviton ARM architecture in 2022. He added that OpenShift 4.12 expands that offering to Microsoft Azure ARM instances.   

“We find customers with a significant core consumption rate for a singular computational deliverable are gravitating toward ARM first,” Barrett said. 

Overall, Red Hat is looking to expand the footprint of where its technologies are able to run, which also new cloud providers. On Jan. 31, Red Hat announced that for the first time, Red Hat Enterprise Linux (RHEL) would be available as a supported platform on Oracle Cloud Infrastructure (OCI). While RHEL is now coming to OCI, OpenShift isn’t — at least not yet.

“Right now, it’s just RHEL available on OCI,” Mike Evans, vice president, technical business development at Red Hat, told VentureBeat. “We’re evaluating what other Red Hat technologies, including OpenShift, may come to Oracle Cloud Infrastructure but this will ultimately be driven by what our joint customers want.”