Skip to main content

OKD 4.21 Release Notes

· 5 min read
Prashanth Sundararaman
Prashanth Sundararaman
Red Hat

Release Notes: 4.21.0-okd-scos.0

This release introduces significant updates to storage management, security hardening via read-only filesystems, and the promotion of several Tech Preview features to General Availability (GA). 4.21.0-okd-scos.0 is the source of this information.

info

These release notes are non-exhaustive. OKD contains many component project and you can ue the CI produced notes to fully review all the changes that have been made. Let us know if you see any errors or large omissions!

Storage

  • Azure File Volume Cloning (GA): Cloning Azure File volumes by referencing a source PersistentVolumeClaim (PVC) is now Generally Available, supporting both SMB and NFS protocols (STOR-1945).

  • VolumeAttributesClass (GA): Admins can now define and modify storage attributes (like IOPS or throughput) on provisioned volumes after creation (STOR-2533).

  • Mutable CSI Node Allocatable Property (Tech Preview): Allows the number of attachable volumes per node to be dynamically updated based on node capacity changes (e.g., adding a new network interface on AWS) (STOR-2627).

  • vSphere with Bare Metal Nodes (Tech Preview): Environments can now include bare metal nodes, requiring the vSphere CSI driver to be disabled to avoid a degraded state (STOR-2620, STOR-2634).

  • API and Diagnostics:

  • Volume Group Snapshots API updated to v1beta2; v1beta1 is removed (STOR-2534).

  • must-gather now collects VolumeAttributesClass, VolumeGroupSnapshotClass, and VolumeGroupSnapshotContent resources (STOR-2691, STOR-2692).

  • Security Hardening: CSI driver containers and the Cluster Storage Operator now utilize read-only root filesystems and enhanced Network Policies (STOR-2340, STOR-2560).

  • Driver Updates: AWS EBS and EFS CSI drivers migrated to AWS SDK v2 (STOR-2538). The oVirt CSI Driver has been removed (STOR-2297).

Platform and Installation

vSphere Enhancements

  • vSphere 7.x Deprecation: Support for vSphere 7.x is entering deprecation. Non-blocking warnings will appear during IPI installations unless an extended support contract is detected (SPLAT-2347, SPLAT-2511).
  • Secure Boot: The installer no longer disables Secure Boot if it is enabled in the underlying OVA template (OKD-279).

AWS and GCP Updates

  • AWS Network Load Balancers (NLB): Support added for NLBs with associated Security Groups (SPLAT-2137).
  • AWS EC2 Dedicated Hosts (Tech Preview): Support is being introduced for provisioning nodes on managed or BYO dedicated hosts (SPLAT-2193).
  • GCP Spot VMs: Users can now create worker nodes using GCP Spot VMs by setting provisioningModel: "Spot" (OCPCLOUD-3173).
  • GCP Private Service Connect: Support added for private connections to Google APIs, including private DNS zone creation (CORS-4258). Legacy custom endpoints have been removed (CORS-4281).

Agent-based Installer

  • Disconnected Environments: Introduction of the InternalReleaseImage (IRI) API to manage local registries on nodes for installations without external registries (AGENT-1282, AGENT-1330).
  • Offline OLM: Facilitates operator installation in offline environments via the agent-olm-operators ConfigMap (AGENT-1248).

Networking

  • Static IP and MAC for VMs (GA): Persistent network identity is now supported for Virtual Machines on secondary Layer 2 User-Defined Networks (UDNs) (CORENET-6005).
  • MAC Conflict Detection: OVN-Kubernetes now automatically prevents duplicate MAC address assignments (CORENET-6160).
  • Gateway API: Upgraded to v1.3.0. Supports the Gateway API Inference Extension (GIE) for RHOAI workloads (NE-2161, NE-2050).
  • Core Components: CoreDNS rebased to v1.13.1. Networking components updated to align with Kubernetes 1.34 (NE-2194).

Node and Machine Management

  • Dynamic Resource Allocation (DRA) (GA): The v1 DRA API is now standard and enabled by default (OCPNODE-3779).

  • Machine Config Operator (MCO):

  • Dual OS Stream (Tech Preview): Allows different machine pools to use different OS versions (e.g., RHEL 9 and 10) in the same cluster (MCO-1927).

  • Boot Image Skew Enforcement (Tech Preview): Manages boot image versions across nodes to prevent configuration drift (MCO-1962).

  • Resource Reservations: autoSizingReserved in KubeletConfig is now enabled by default for new clusters to optimize system resource reservation (OCPNODE-3719).

  • Container Runtime: OKD clusters now default to the crun container runtime; the temporary runc override has been removed (OKD-294).

Operator Lifecycle Manager (OLM) and Console

  • OLMv1 Promotions: SingleNamespace and OwnNamespace install modes, and the Webhook Provider, are now Generally Available (OPRUN-4131, OPRUN-4156).
  • Console Modernization: * Developer monitoring views (Dashboards, Targets) are now integrated into the Admin Perspective (OU-1130).
  • List pages have been updated to the new DataView component for better performance.
  • The Monaco Code Editor now supports theme and font size customization.