openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

Merge pull request #103461 from openshift-cherrypick-robot/cherry-pick-103163-to-enterprise-4.21

Browse Source 
[enterprise-4.21] OSDOCS-17512:Moduralized Whats new OSD assembly.
This commit is contained in:
Aedín Collins
2025-12-05 13:07:19 +00:00
committed by GitHub
parent 57bc52e7e3 6d22b47fa3
commit 755fa3ff10
10 changed files with 183 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
modules/osd-release-notes-Q1-2024.adoc Normal file
View File

@@ -0,0 +1,13 @@
// Module included in the following assemblies:
// * osd-whats-new.adoc
:_mod-docs-content-type: REFERENCE
[id="osd-q1-2024_{context}"]
= Q1 2024
[role="_abstract"]
The following items were added during the first quarter of 2024.
* **{product-title} regions added.** {product-title} on {GCP} is now available in the Delhi, India (`asia-south2`) region. For more information on region availabilities, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/introduction_to_openshift_dedicated/policies-and-service-definition#regions-availability-zones_osd-service-definition[Regions and availability zones].
* **Policy constraint update.** {product-title} on {GCP} users are now allowed to deploy clusters with the `constraints/iam.allowedPolicyMemberDomains` constraint in place. This feature allows users to restrict the set of identities that are allowed to be used in Identity and Access Management policies, further enhancing overall security for their resources.

30
modules/osd-release-notes-Q1-2025.adoc Normal file
View File

@@ -0,0 +1,30 @@
// Module included in the following assemblies:
// * osd-whats-new.adoc
:_mod-docs-content-type: REFERENCE
[id="osd-q1-2025_{context}"]
= Q1 2025
[role="_abstract"]
The following items were added during the first quarter of 2025.
* **Support for new {gcp-short} instances.** {product-title} version 4.18 and later now supports `n4` and `c3` instance types on {gcp-full}. For more information, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/introduction_to_openshift_dedicated/policies-and-service-definition#gcp-compute-types_osd-service-definition[{gcp-full} compute types].
* **New version of {product-title} available.** {product-title} on {gcp} and {product-title} on {aws} versions 4.18 are now available. For more information about upgrading to this latest version, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/upgrading/osd-upgrades[OpenShift Dedicated cluster upgrades].
* **Support for assigning newly created machine pools to specific availability zones within a Multi-AZ cluster.**
{product-title} on {GCP} users can now assign machine pools to specific availability zones using the {cluster-manager} CLI (`ocm`). For more information, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/cluster_administration/managing-compute-nodes-using-machine-pools#deploying-a-machine-pool-in-a-single-availability-zone-within-a-multi-az-cluster[Deploying a machine pool in a single availability zone within a Multi-AZ cluster].
* ** Support for specifying {product-title} versions when creating or updating a Workload Identity Federation (WIF) configuration.**
{product-title} on {GCP} users can now specify minor versions when creating or updating a WIF configuration. For more information, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/openshift_dedicated_clusters_on_google_cloud/osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Creating a Workload Identity Federation cluster using the OCM CLI].
* **Cluster node limit update.** {product-title} clusters versions 4.14.14 and greater can now scale to 249 worker nodes. This is an increase from the previous limit of 180 nodes. For more information, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/planning_your_environment/osd-limits-scalability[Limits and scalability].
// * **{product-title} SDN network plugin blocks future major upgrades**
* **Initiate live migration from OpenShift SDN to OVN-Kubernetes.**
As part of the {product-title} move to OVN-Kubernetes as the only supported network plugin starting with {product-title} version 4.17, users can now initiate live migration from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin.
+
If your cluster uses the OpenShift SDN network plugin, you cannot upgrade to future major versions of {product-title} without migrating to OVN-Kubernetes.
+
For more information about migrating to OVN-Kubernetes, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/ovn-kubernetes_network_plugin/migrate-from-openshift-sdn-osd[Migrating from OpenShift SDN network plugin to OVN-Kubernetes network plugin].
* **Red{nbsp}Hat SRE log-based alerting endpoints have been updated.** {product-title} customers who are using a firewall to control egress traffic can now remove all references to `*.osdsecuritylogs.splunkcloud.com:9997` from your firewall allowlist. {product-title} clusters still require the `http-inputs-osdsecuritylogs.splunkcloud.com:443` log-based alerting endpoint to be accessible from the cluster.

17
modules/osd-release-notes-Q2-2024.adoc Normal file
View File

@@ -0,0 +1,17 @@
// Module included in the following assemblies:
// * osd-whats-new.adoc
:_mod-docs-content-type: REFERENCE
[id="osd-q2-2024_{context}"]
= Q2 2024
[role="_abstract"]
The following items were added during the second quarter of 2024.
* **Cluster delete protection.** {product-title} on {GCP} users can now enable the cluster delete protection option, which helps to prevent users from accidentally deleting a cluster.
//Removed link as is no longer valid. Need to decide if we need a link here and if so, what it will be.
// For more information, see xref:../osd_gcp_clusters/creating-a-gcp-cluster.adoc#osd-create-gcp-cluster-ccs_osd-creating-a-cluster-on-gcp[Creating a cluster on GCP with CCS].
* **CSI Operator update.** {product-title} is capable of provisioning persistent volumes (PVs) using the Container Storage Interface (CSI) driver for Google Compute Platform (GCP) Filestore Storage. For more information, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/storage/using-container-storage-interface-csi#persistent-storage-csi-google-cloud-file[Google Cloud Filestore CSI Driver Operator].
* **Support for new {gcp-short} instances.** {product-title} now supports more worker node types and sizes on {gcp-full}. For more information, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/introduction_to_openshift_dedicated/policies-and-service-definition#gcp-compute-types_osd-service-definition[{gcp-full} instance types].

22
modules/osd-release-notes-Q2-2025.adoc Normal file
View File

@@ -0,0 +1,22 @@
// Module included in the following assemblies:
// * osd-whats-new.adoc
:_mod-docs-content-type: REFERENCE
[id="osd-q2-2025_{context}"]
= Q2 2025
[role="_abstract"]
The following items were added during the second quarter of 2025.
// * **{product-title} SDN network plugin blocks future major upgrades**
* **Updated version requirements for migration from OpenShift SDN to OVN-Kubernetes.**
Your cluster version must be 4.16.43 or above to initiate live migration from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin.
+
If your cluster uses the OpenShift SDN network plugin, you cannot upgrade to future major versions of {product-title} without migrating to OVN-Kubernetes.
+
For more information about migrating to OVN-Kubernetes, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/ovn-kubernetes_network_plugin/migrate-from-openshift-sdn-osd[Migrating from OpenShift SDN network plugin to OVN-Kubernetes network plugin].
* **New version of {product-title} available.** {product-title} on {gcp} and {product-title} on {aws} versions 4.19 are now available for new clusters.
* **Support for enabling and disabling Secure Boot for Shielded VMs on a per machine basis.**
{product-title} on {GCP} users can now enable or disable Secure Boot for Shielded VMs on a per machine basis. For more information, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/cluster_administration/managing-compute-nodes-using-machine-pools#osd-managing-worker-nodes[Managing compute nodes].

28
modules/osd-release-notes-Q3-2024.adoc Normal file
View File

@@ -0,0 +1,28 @@
// Module included in the following assemblies:
// * osd-whats-new.adoc
:_mod-docs-content-type: REFERENCE
[id="osd-q3-2024_{context}"]
= Q3 2024
[role="_abstract"]
The following items were added during the third quarter of 2024.
* ** Support for {gcp-short} A2 instance types with A100 80GB GPUs.** {product-title} on {GCP} now supports A2 instance types with A100 80GB GPUs. These instance types meet the specific requirements listed by IBM Watsonx.ai. For more information, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/introduction_to_openshift_dedicated/policies-and-service-definition#gcp-compute-types_osd-service-definition[{gcp-full} instance types].
* **Expanded support for {gcp-short} standard instance types.** {product-title} on {GCP} now supports standard instance types for control plane and infrastructure nodes.
For more information, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/planning_your_environment/osd-limits-scalability#control-plane-and-infra-node-sizing-and-scaling-sd_osd-limits-scalability[Control plane and infrastructure node sizing and scaling].
* **{product-title} regions added.** {product-title} on {GCP} is now available in the following additional regions:
+
--
** Melbourne (`australia-southeast2`)
** Milan (`europe-west8`)
** Turin (`europe-west12`)
** Madrid (`europe-southwest1`)
** Santiago (`southamerica-west1`)
** Doha (`me-central1`)
** Dammam (`me-central2`)
--
+
For more information about region availabilities, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/introduction_to_openshift_dedicated/policies-and-service-definition#regions-availability-zones_osd-service-definition[Regions and availability zones].

24
modules/osd-release-notes-Q3-2025.adoc Normal file
View File

@@ -0,0 +1,24 @@
// Module included in the following assemblies:
// * osd-whats-new.adoc
:_mod-docs-content-type: REFERENCE
[id="osd-q3-2025_{context}"]
= Q3 2025
[role="_abstract"]
The following items were added during the third quarter of 2025.
* **Updates to Workload Identity Federation (WIF) permissions and roles.**
The default IAM permissions for WIF in the link:https://github.com/openshift/managed-cluster-config/blob/master/resources/wif/4.19/vanilla.yaml[managed-cluster-config] template have been updated. This means newly created WIF configurations will have fewer, less overly permissive permissions by default.
** The `sd-sre-platform-gcp-access@redhat.com` principal no longer needs the `compute.firewalls.create` permission. If Red{nbsp}Hat SREs ever need this permission, they will reach out through a support case.
** The `osd-deployer` service account no longer requires the `resourcemanager.projects.setIamPolicy` permission, which has been removed.
** The `osd-deployer` service account no longer uses the `iam.serviceAccounts.signBlob` permission. This has been replaced with the `iam.serviceAccountTokenCreator` role, which is now specifically assigned to the service accounts that require it.
** The `osd-deployer` service account no longer uses the `iam.serviceAccounts.actAs` permission. This has been replaced with the `iam.serviceAccountUser` role, which is now specifically assigned to the service accounts that require it.
If you have existing `wif-config` instances, you can get these new, less permissive permissions by running the `ocm gcp update wif-config` command. For more information, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/openshift_dedicated_clusters_on_google_cloud/osd-creating-a-cluster-on-gcp-with-workload-identity-federation#wif-configuration-update_osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Updating a Workload Identify Federation configuration].
* **Workload Identify Federation (WIF) is now the default authentication type for {product-title} clusters on {GCP}.**
In alignment with the principle of least privilege as well as {gcp-full}'s preferred method of credential authentication, WIF is now the default authentication type when creating an {product-title} cluster on {GCP}. WIF greatly improves an {product-title} cluster's resilience against unauthorized access by using short-lived, least-privilege credentials and eliminating the need for static service account keys. For more information, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/openshift_dedicated_clusters_on_google_cloud/osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Creating a cluster on {gcp-short} with Workload Identity Federation authentication].
* **Support for managing workload identity pools and providers in a dedicated {GCP} project.**
{product-title} on {GCP} now supports the option of creating and managing workload identity pools and providers in a specified dedicated project during the creation of a WIF configuration. Red{nbsp}Hat plans on offering this option for existing WIF configurations in an upcoming release. For more information, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/openshift_dedicated_clusters_on_google_cloud/osd-creating-a-cluster-on-gcp-with-workload-identity-federation#create-wif-configuration_osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Creating a Workload Identify Federation configuration].

15
modules/osd-release-notes-Q4-2023.adoc Normal file
View File

@@ -0,0 +1,15 @@
// Module included in the following assemblies:
// * osd-whats-new.adoc
:_mod-docs-content-type: REFERENCE
[id="osd-q4-2023_{context}"]
= Q4 2023
[role="_abstract"]
The following items were added during the fourth quarter of 2023.
* **Policy constraint update.** {product-title} on {gcp-full} users can now enable UEFISecureBoot during cluster installation, as required by the {gcp-full} ShieldVM policy. This new feature adds further protection from boot or kernel-level malware or rootkits.
* **Cluster install update.** {product-title} clusters can now be installed on {gcp-full} shared VPCs.
* **{product-title} on {gcp-full} Marketplace availability.** When creating an {product-title} cluster on {gcp-full} through the Hybrid Cloud Console, customers can now select {gcp-full} Marketplace as their preferred billing model. This billing model allows Red{nbsp}Hat customers to take advantage of their link:https://cloud.google.com/docs/cuds[Google Committed Use Discounts (CUD)] towards {product-title} purchased through the {gcp-full} Marketplace.

23
modules/osd-release-notes-Q4-2024.adoc Normal file
View File

@@ -0,0 +1,23 @@
// Module included in the following assemblies:
// * osd-whats-new.adoc
:_mod-docs-content-type: REFERENCE
[id="osd-q4-2024_{context}"]
= Q4 2024
[role="_abstract"]
The following items were added during the fourth quarter of 2024.
* **Workload Identity Federation (WIF) authentication type is now available.** {product-title} on {gcp-first} customers can now use WIF as an authentication type when creating a cluster. WIF is a {gcp-short} Identity and Access Management (IAM) feature that provides third parties a secure method to access resources on a customer's cloud account.
WIF is {gcp-full}'s preferred method for credential authentication.
+
For more information, see
link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/openshift_dedicated_clusters_on_google_cloud/osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Creating a cluster on {gcp-short} with Workload Identity Federation authentication].
* **Private Service Connect (PSC) networking feature is now available.** You can now create a private {product-title} cluster on {gcp-first} using {gcp-full}'s security-enhanced networking feature Private Service Connect (PSC).
+
PSC is a capability of {gcp-full} networking that enables private communication between services across different {gcp-short} projects or organizations. Implementing PSC as part of your network connectivity allows you to deploy OpenShift Dedicated clusters in a private and secured environment within {gcp-short} without using any public-facing cloud resources.
+
For more information, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/openshift_dedicated_clusters_on_google_cloud/creating-a-gcp-psc-enabled-private-cluster[Private Service Connect overview].
* ** Support for {gcp-short} A3 instances with NVIDIA H100 80GB GPUs.** {product-title} on {GCP} now supports A3 instance types with NVIDIA H100 80GB GPUs. The {gcp-short} A3 instance type is available in all three zones of a {gcp-short} region, which is a prerequisite for multi-AZ deployment. For more information, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/introduction_to_openshift_dedicated/policies-and-service-definition#gcp-compute-types_osd-service-definition[{gcp-full} instance types].

3
modules/osd-release-notes-Q4-2025.adoc
View File

@@ -5,6 +5,9 @@
[id="osd-q4-2025_{context}"]
= Q4 2025
[role="_abstract"]
The following items were added during the fourth quarter of 2025.
* **Support for managing workload identity pools and providers in a dedicated {GCP} project.**
{product-title} on {GCP} now lets you update an existing Workload Identity Federation (WIF) configuration to use a dedicated project for managing workload identity pools and providers.
For more information, see link:http://docs.redhat.com/en/documentation/openshift_dedicated/4/html-single/openshift_dedicated_clusters_on_google_cloud/index#wif-configuration-update_osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Updating a Workload Identity Federation configuration].

141
osd_whats_new/osd-whats-new.adoc
View File

@@ -16,137 +16,12 @@ With its foundation in Kubernetes, {product-title} is a complete {OCP} cluster p
Find new additions, recent changes, and relevant updates for {product-title} listed below in quarterly increments.
include::modules/osd-release-notes-Q4-2025.adoc[leveloffset=+1]
include::modules/osd-release-notes-Q3-2025.adoc[leveloffset=+1]
include::modules/osd-release-notes-Q2-2025.adoc[leveloffset=+1]
include::modules/osd-release-notes-Q1-2025.adoc[leveloffset=+1]
include::modules/osd-release-notes-Q4-2024.adoc[leveloffset=+1]
include::modules/osd-release-notes-Q3-2024.adoc[leveloffset=+1]
include::modules/osd-release-notes-Q2-2024.adoc[leveloffset=+1]
include::modules/osd-release-notes-Q1-2024.adoc[leveloffset=+1]
include::modules/osd-release-notes-Q4-2023.adoc[leveloffset=+1]
[id="osd-q3-2025_{context}"]
== Q3 2025
* **Updates to Workload Identity Federation (WIF) permissions and roles.**
The default IAM permissions for WIF in the link:https://github.com/openshift/managed-cluster-config/blob/master/resources/wif/4.19/vanilla.yaml[managed-cluster-config] template have been updated. This means newly created WIF configurations will have fewer, less overly permissive permissions by default.
** The `sd-sre-platform-gcp-access@redhat.com` principal no longer needs the `compute.firewalls.create` permission. If Red{nbsp}Hat SREs ever need this permission, they will reach out through a support case.
** The `osd-deployer` service account no longer requires the `resourcemanager.projects.setIamPolicy` permission, which has been removed.
** The `osd-deployer` service account no longer uses the `iam.serviceAccounts.signBlob` permission. This has been replaced with the `iam.serviceAccountTokenCreator` role, which is now specifically assigned to the service accounts that require it.
** The `osd-deployer` service account no longer uses the `iam.serviceAccounts.actAs` permission. This has been replaced with the `iam.serviceAccountUser` role, which is now specifically assigned to the service accounts that require it.
If you have existing `wif-config` instances, you can get these new, less permissive permissions by running the `ocm gcp update wif-config` command. For more information, see xref:../osd_gcp_clusters/creating-a-gcp-cluster-with-workload-identity-federation.adoc#wif-configuration-update_osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Updating a Workload Identity Federation configuration].
//Commented out as feature has not gone live yet.
//* **Workload Identify Federation (WIF) is now the default authentication type for {product-title} clusters on {GCP}.**
//In alignment with the principle of least privilege as well as {gcp-full}'s preferred method of credential authentication, WIF is now the default authentication type when creating an {product-title} cluster on {GCP}. WIF greatly improves an {product-title} cluster's resilience against unauthorized access by using short-lived, least-privilege credentials and eliminating the need for static service account keys. For more information, see xref:../osd_gcp_clusters/creating-a-gcp-cluster-with-workload-identity-federation.adoc#creating-a-gcp-cluster-with-workload-identity-federation[Creating a cluster on {gcp-short} with Workload Identity Federation authentication].
* **Support for managing workload identity pools and providers in a dedicated {GCP} project.**
{product-title} on {GCP} now supports the option of creating and managing workload identity pools and providers in a specified dedicated project during the creation of a WIF configuration. Red{nbsp}Hat plans on offering this option for existing WIF configurations in an upcoming release. For more information, see xref:../osd_gcp_clusters/creating-a-gcp-cluster-with-workload-identity-federation.adoc#create-wif-configuration_osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Creating a WIF configuration].
[id="osd-q2-2025_{context}"]
== Q2 2025
// * **{product-title} SDN network plugin blocks future major upgrades**
* **Updated version requirements for migration from OpenShift SDN to OVN-Kubernetes.**
Your cluster version must be 4.16.43 or above to initiate live migration from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin.
+
If your cluster uses the OpenShift SDN network plugin, you cannot upgrade to future major versions of {product-title} without migrating to OVN-Kubernetes.
+
For more information about migrating to OVN-Kubernetes, see xref:../networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn-osd.adoc#migrate-from-openshift-sdn[Migrating from OpenShift SDN network plugin to OVN-Kubernetes network plugin].
* **New version of {product-title} available.** {product-title} on {gcp} and {product-title} on {aws} versions 4.19 are now available for new clusters.
* **Support for enabling and disabling Secure Boot for Shielded VMs on a per machine basis.**
{product-title} on {GCP} users can now enable or disable Secure Boot for Shielded VMs on a per machine basis. For more information, see xref:../osd_cluster_admin/osd_nodes/osd-managing-worker-nodes.adoc#osd-managing-worker-nodes[Managing compute nodes].
[id="osd-q1-2025_{context}"]
== Q1 2025
* **Support for new {gcp-short} instances.** {product-title} version 4.18 and later now supports `n4` and `c3` instance types on {gcp-full}. For more information, see xref:../osd_architecture/osd_policy/osd-service-definition.adoc#gcp-compute-types_osd-service-definition[{gcp-full} compute types].
* **New version of {product-title} available.** {product-title} on {gcp} and {product-title} on {aws} versions 4.18 are now available. For more information about upgrading to this latest version, see xref:../upgrading/osd-upgrades.adoc#osd-upgrades[Red Hat OpenShift Dedicated cluster upgrades].
* **Support for assigning newly created machine pools to specific availability zones within a Multi-AZ cluster.**
{product-title} on {GCP} users can now assign machine pools to specific availability zones using the {cluster-manager} CLI (`ocm`). For more information, see xref:../osd_cluster_admin/osd_nodes/osd-nodes-machinepools-about.adoc#deploying-a-machine-pool-in-a-single-availability-zone-within-a-multi-az-cluster[Deploying a machine pool in a single availability zone within a Multi-AZ cluster].
* ** Support for specifying {product-title} versions when creating or updating a Workload Identity Federation (WIF) configuration.**
{product-title} on {GCP} users can now specify minor versions when creating or updating a WIF configuration. For more information, see xref:../osd_gcp_clusters/creating-a-gcp-cluster-with-workload-identity-federation.adoc#create-wif-cluster-cli_osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Creating a Workload Identity Federation cluster using the OCM CLI].
* **Cluster node limit update.** {product-title} clusters versions 4.14.14 and greater can now scale to 249 worker nodes. This is an increase from the previous limit of 180 nodes. For more information, see xref:../osd_planning/osd-limits-scalability.adoc#osd-limits-scalability[limits and scalability].
// * **{product-title} SDN network plugin blocks future major upgrades**
* **Initiate live migration from OpenShift SDN to OVN-Kubernetes.**
As part of the {product-title} move to OVN-Kubernetes as the only supported network plugin starting with {product-title} version 4.17, users can now initiate live migration from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin.
+
If your cluster uses the OpenShift SDN network plugin, you cannot upgrade to future major versions of {product-title} without migrating to OVN-Kubernetes.
+
For more information about migrating to OVN-Kubernetes, see xref:../networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn-osd.adoc#migrate-from-openshift-sdn[Migrating from OpenShift SDN network plugin to OVN-Kubernetes network plugin].
* **Red{nbsp}Hat SRE log-based alerting endpoints have been updated.** {product-title} customers who are using a firewall to control egress traffic can now remove all references to `*.osdsecuritylogs.splunkcloud.com:9997` from your firewall allowlist. {product-title} clusters still require the `http-inputs-osdsecuritylogs.splunkcloud.com:443` log-based alerting endpoint to be accessible from the cluster.
[id="osd-q4-2024_{context}"]
== Q4 2024
* **Workload Identity Federation (WIF) authentication type is now available.** {product-title} on {gcp-first} customers can now use WIF as an authentication type when creating a cluster. WIF is a {gcp-short} Identity and Access Management (IAM) feature that provides third parties a secure method to access resources on a customer's cloud account.
WIF is {gcp-full}'s preferred method for credential authentication.
+
For more information, see
xref:../osd_gcp_clusters/creating-a-gcp-cluster-with-workload-identity-federation.adoc[Creating a cluster on {gcp-short} with Workload Identity Federation authentication].
* **Private Service Connect (PSC) networking feature is now available.** You can now create a private {product-title} cluster on {gcp-first} using {gcp-full}'s security-enhanced networking feature Private Service Connect (PSC).
+
PSC is a capability of {gcp-full} networking that enables private communication between services across different {gcp-short} projects or organizations. Implementing PSC as part of your network connectivity allows you to deploy OpenShift Dedicated clusters in a private and secured environment within {gcp-short} without using any public-facing cloud resources.
+
For more information, see xref:../osd_gcp_clusters/creating-a-gcp-psc-enabled-private-cluster.adoc#creating-a-gcp-psc-enabled-private-cluster[Private Service Connect overview].
* ** Support for {gcp-short} A3 instances with NVIDIA H100 80GB GPUs.** {product-title} on {GCP} now supports A3 instance types with NVIDIA H100 80GB GPUs. The {gcp-short} A3 instance type is available in all three zones of a {gcp-short} region, which is a prerequisite for multi-AZ deployment. For more information, see xref:../osd_architecture/osd_policy/osd-service-definition.adoc#gcp-compute-types_osd-service-definition[{gcp-full} compute types].
[id="osd-q3-2024_{context}"]
== Q3 2024
* ** Support for {gcp-short} A2 instance types with A100 80GB GPUs.** {product-title} on {GCP} now supports A2 instance types with A100 80GB GPUs. These instance types meet the specific requirements listed by IBM Watsonx.ai. For more information, see xref:../osd_architecture/osd_policy/osd-service-definition.adoc#gcp-compute-types_osd-service-definition[{gcp-full} compute types].
* **Expanded support for {gcp-short} standard instance types.** {product-title} on {GCP} now supports standard instance types for control plane and infrastructure nodes.
For more information, see xref:../osd_planning/osd-limits-scalability.adoc#control-plane-and-infra-node-sizing-and-scaling-sd_osd-limits-scalability[Control plane and infrastructure node sizing and scaling].
* **{product-title} regions added.** {product-title} on {GCP} is now available in the following additional regions:
+
--
** Melbourne (`australia-southeast2`)
** Milan (`europe-west8`)
** Turin (`europe-west12`)
** Madrid (`europe-southwest1`)
** Santiago (`southamerica-west1`)
** Doha (`me-central1`)
** Dammam (`me-central2`)
--
+
For more information about region availabilities, see xref:../osd_architecture/osd_policy/osd-service-definition.adoc#regions-availability-zones_osd-service-definition[Regions and availability zones].
[id="osd-q2-2024_{context}"]
== Q2 2024
* **Cluster delete protection.** {product-title} on {GCP} users can now enable the cluster delete protection option, which helps to prevent users from accidentally deleting a cluster.
//Removed link as is no longer valid. Need to decide if we need a link here and if so, what it will be.
// For more information, see xref:../osd_gcp_clusters/creating-a-gcp-cluster.adoc#osd-create-gcp-cluster-ccs_osd-creating-a-cluster-on-gcp[Creating a cluster on GCP with CCS].
* **CSI Operator update.** {product-title} is capable of provisioning persistent volumes (PVs) using the Container Storage Interface (CSI) driver for Google Compute Platform (GCP) Filestore Storage. For more information, see xref:../storage/container_storage_interface/persistent-storage-csi-google-cloud-file.adoc#persistent-storage-csi-google-cloud-file-overview[Google Compute Platform Filestore CSI Driver Operator].
* **Support for new {gcp-short} instances.** {product-title} now supports more worker node types and sizes on {gcp-full}. For more information, see xref:../osd_architecture/osd_policy/osd-service-definition.adoc#gcp-compute-types_osd-service-definition[{gcp-full} compute types].
[id="osd-q1-2024_{context}"]
== Q1 2024
* **{product-title} regions added.** {product-title} on {GCP} is now available in the Delhi, India (`asia-south2`) region. For more information on region availabilities, see xref:../osd_architecture/osd_policy/osd-service-definition.adoc#regions-availability-zones_osd-service-definition[Regions and availability zones].
* **Policy constraint update.** {product-title} on {GCP} users are now allowed to deploy clusters with the `constraints/iam.allowedPolicyMemberDomains` constraint in place. This feature allows users to restrict the set of identities that are allowed to be used in Identity and Access Management policies, further enhancing overall security for their resources.
[id="osd-q4-2023_{context}"]
== Q4 2023
* **Policy constraint update.** {product-title} on {GCP} users can now enable UEFISecureBoot during cluster installation, as required by the {gcp-short} ShieldVM policy. This new feature adds further protection from boot or kernel-level malware or rootkits.
* **Cluster install update.** {product-title} clusters can now be installed on {GCP} shared VPCs.
//Removed link as is no longer valid. Need to decide if we need a link here and if so, what it will be.
// For more information, see xref:../osd_gcp_clusters/creating-a-gcp-cluster.adoc#osd-create-gcp-cluster-ccs_osd-creating-a-cluster-on-gcp[Creating a cluster on GCP with CCS].
* **{product-title} on {gcp-full} Marketplace availability.** When creating an {product-title} (OSD) cluster on {gcp-full} through the {hybrid-console-second}, customers can now select {gcp-full} Marketplace as their preferred billing model. This billing model allows Red Hat customers to take advantage of their link:https://cloud.google.com/docs/cuds[Google Committed Use Discounts (CUD)] towards {product-title} purchased through the {gcp-full} Marketplace.
//Removed link as is no longer valid. Need to decide if we need a link here and if so, what it will be.
// For more information, see xref:../osd_gcp_clusters/creating-a-gcp-cluster.adoc#osd-create-gcp-cluster-ccs_osd-creating-a-cluster-on-gcp[Creating a cluster on GCP with CCS].
[id="osd-known-issues_{context}"]
== Known issues
* {OCP} 4.14 introduced an updated HAProxy image from 2.2 to 2.6. This update created a change in behavior enforcing strict RFC 7230 compliance, rejecting requests with multiple `Transfer-Encoding` headers. This may cause exposed pods in {product-title} 4.14 clusters sending multiple `Transfer-Encoding` headers to respond with a `502 Bad Gateway` or `400 Bad Request error`. To avoid this issue, ensure that your applications are not sending multiple `Transfer-Encoding` headers. For more information, see link:https://access.redhat.com/solutions/7055002[Red Hat Knowledgebase article]. (link:https://issues.redhat.com/browse/OCPBUGS-43095[*OCPBUGS-43095*])