Azure Red Hat OpenShift now in preview in Azure Government
Today we’re announcing the public preview release of Azure Red Hat OpenShift in Azure Government. With this release, we will be bringing the world class Azure infrastructure with leading enterprise Kubernetes platform as a jointly operated and supported service for Azure Government customers.
Launched in 2019, Azure Red Hat OpenShift was the first co-developed, jointly-operated Red Hat OpenShift service on the public cloud, offering a powerful on-ramp to the hybrid cloud by extending the same enterprise-grade Kubernetes used in private datacenters to the scale of Microsoft Azure.
Along with this preview, we are also enabling key workload and data security driven features.
New virtual machine options and disk encryption capabilities
- Azure Red Hat OpenShift now supports creating MachineSets for worker nodes using Azure Spot Virtual Machines. Using Azure Spot Virtual Machines allows you to take advantage of our unused capacity at a significant cost savings.
- Previously, customers could encrypt the OS disks with auto-generated keys managed by Microsoft Azure. Today, we are releasing bring your own key (BYOK) for OS disk encryption in preview. This feature enables customers to provide their own key for encrypting data on the OS disk enabling them to encrypt their confidential data by using keys they manage and store in Azure Key Vault. The cache of OS and data disks are also encrypted with user provided key.
- End-to-end encryption using encryption at host encrypts the data stored on the VM host in the cluster nodes at rest and during flow to the Azure Storage services using platform-managed keys. This feature is now available in public preview.
On the roadmap
As we’re always listening for our customers’ feedback, we’d like to share some of what we have planned from our public roadmap.
- When using Azure Red Hat OpenShift behind a firewall, customers need to allow certain egress traffic required for installation, telemetry, registry access, and cluster operations for proper functioning of the cluster. With the upcoming release of egress lockdown feature, there will be no outbound traffic requirement for all new and existing clusters. This capability along with private API and ingress visibility allows for network isolated clusters.
- To meet customer compliance and regulatory requirements, Azure Red Hat OpenShift will support compute isolation through Isolated Virtual Machines. Azure Compute offers virtual machine sizes that are isolated to a specific hardware type and dedicated to a single customer. Utilizing an isolated size guarantees that your virtual machine will be the only one running on that specific server instance.
- We’ll be adding support for using storage optimized virtual machine sizes (L-series) in worker node MachineSets. Storage optimized VM sizes offer high disk throughput and IO, and are ideal for Big Data, SQL, NoSQL databases, data warehousing, and large transactional databases.
How to get started
- Follow our documentation to kickstart your Azure Red Hat OpenShift journey in Azure Government.
- Stay in touch with us on our GitHub, connect with us on Q&A, and follow our roadmap. We would love to hear from you.