An introduction to OpenShift 4

Red Hat® OpenShift® is a critical component of creating a secure cloud-native development environment. As our history of Kubernetes and OpenShift blog post suggested last year, the recent release of OpenShift 4 is the best enterprise platform for building production-ready applications today and for the decade ahead. And now, OpenShift 4.3 is available on IBM Cloud.

In this article, I highlight some of the new features of OpenShift 4 that I find most helpful for building secure cloud-native applications. The diagram below higlights a few of the new features in OpenShift 4.3 that I think are most valuable to enterprise developer features:

OpenShift 4 layers

New dashboard

OpenShift 4 came with a visual refresh of the user interface that’s cleaner and more organized — more focus, less noise. Red Hat open sources their design process, which I find inspiring. You can read more about the design intentions of the dashboards and even plug into the the ongoing design process for OpenShift.

Here’s a screen capture of the dashboard for our Example Bank app that we developed to explore some of the new features of OpenShift 4.

New dashboard

And here’s a screen capture of the cool new topology view that helps visualize the microservice architecture of a cloud native app, again showing the deployed components of the Example Bank credit card app.

New topology

To learn more, see OpenShift 4.3 Dashboard refinements and the new Project dashboard. I’m finding that the dashboard makes it easier for me to navigate and use OpenShift 4.3.

OperatorHub

The Operator Framework is an open source toolkit to manage Kubernetes native applications, called operators, in an effective, automated, and scalable way. OpenShift 4 was re-architected around operators. Where Kubernetes enables developers to methodically containerize applications, Operators enable developers to automate the management of related components of an application (like databases or other stateful elements) in a consistent, repeatable, and scalable way.

In addition to operators as a part of the Kubernetes fabric in OpenShift 4, Red Hat introduced a marketplace for finding Operators that can accelerate development of an application. This new OperatorHub is also part of OpenShift.

Find out more in the Fun with OperatorHub tutorial.

OpenShift Service Mesh

Service meshes can instill a consistent development approach, and infuse inter-service communication with security and other features. I noticed that it is a choice approach for solving problems of scale and problems of order in big applications, and across large companies, described in KubeCon North America presentations last year.

OpenShift 4 adopted Istio, the emerging service mesh of choice for Kubernetes-based systems, building its own service mesh on that technology. In addition, the latest version of Istio offers helpful security features, which will be explored further in a new code pattern.

Check out the Microservices with the OpenShift Service Mesh code pattern to see the steps needed to deploy OpenShift Service Mesh (based on Istio) for our Example Bank app.

OpenShift serverless computing

Serverless computing is increasing in developer appeal because it can offer reliability and scale of cloud computing. Code is typically written as small executable functions, an approach that sometimes requires a bit of lateral thinking to achieve a significant outcome. Serverless development is enabled on OpenShift 4 through the adoption of the open source Knative project.

Read our OpenShift tutorial, Build serverless Node.js applications with the OpenShift Serverless Operator, to see how this new feature works when used to create an example banking application.

OpenShift pipelines

Cloud-native continuous integration (CI) and continuous delivery (CD) pipelines were introduced in OpenShift 4.1.

OpenShift pipelines build on the Tekton open source project, enabling teams to build cloud-native delivery pipelines that they can fully control. Your team can own the complete lifecycle of your microservices without having to rely on central teams to maintain and manage a CI server, plugins, and its configurations.

There is a new pipeline UI available that simplifies use of the pipelines.

Read our tutorial, Build a Tekton Pipeline to deploy a mobile app back end to OpenShift 4, where we show you how we built in a rudimentary scanning step into a deployment pipeline, to demonstrate the potential for baking in security steps, with this emerging approach, too.

Enhanced security

Data security is an enormous concern these days, especially for enterprise businesses that handle tens or hundreds of thousands of client records.

OpenShift 4.3 delivers Federal Information Processing Standard (FIPS) compliant encryption and additional security enhancements. When OpenShift runs on Red Hat Enterprise Linux booted in FIPS mode, OpenShift calls into the Red Hat Enterprise Linux FIPS validated cryptographic libraries. The Go language toolset that enables this functionality is available to all Red Hat customers.

While the built-in security features of OpenShift 4 give your applications a solid security foundation, using additional security measures for buliding cloud-native applications is a good idea. As my team began exploring the use of OpenShift, we focused on enhancing cloud application security by using threat modeling.

Check out these resources related to threat modeling and OpenShift:

Next steps

We created a collection of content that introduces some of the main new features of the Red Hat OpenShift 4.3 platform, while also thinking about how to build secure applications in the cloud. To help with that, we built the Example Bank credit card transaction application to illustrate how to use microservices and highlight the new OpenShift features.

Credit card app screen captures

Check out the rest of our content series that explores new features in OpenShift 4 in light of security, and demonstrates how we built the Example Bank application.

Find software certified for OpenShift 4

If you plan to run OpenShift 4 in production, check out Red Hat Marketplace, a one-stop-shop to find, try, buy, deploy, and manage enterprise applications across an organization’s hybrid IT infrastructure, including on-premises and multicloud environments. Red Hat Marketplace gives developers a streamlined view of software that is certified to work in Kubernetes container environments and minimizes red tape for developer managers.