IT organizations are using container technology and DevOps processes to bring new-found agility to delivering applications that create business value. However, enterprise use requires strong security at every stage of the life cycle. Nothing is secure by default—security takes work. You need defense in depth. Red Hat delivers multiple layers of security controls throughout your Read more about Best practices for securing the container life cycle[…]
Red Hat Virtualization and the OpenShift Container Platform go far back. Both products are very well integrated and share security features like svirt and cgroups which are a core security component of Red Hat Enterprise Linux. Svirt allows you to run your virtual instances as well as containers in full tenant isolation mode whereas cgroups Read more about OpenShift on RHV Automated, Secure and Transparent[…]
Attached find the deck I presented at the VTUG in the New England Patriots stadium. It was a great experience. Thank you very much for attending my talk!
The current apb-1.0.4-1.el7.noarch in OpenShift 3.7 enterprise from the rhel-7-server-ose-3.7-rpms channel is currently broken. When you try to list apb’s you will get the following error:
apb push Exception occurred! unsupported operand type(s) for +: 'NoneType' and 'str'
Now I will show you how you can fix this. It is important to follow the steps in the order. If not you will get another “missing configuration Read more about Building RocketChat as an ansible playbook bundle on OpenShift Container platform (fix for ocp 3.7)[…]
Let say you want to prove to your security team that running a pod in Red Hat OpenShift is really removing capabilities from the running container. There is not much documentation out there which explains how to find what capabilities get stripped so I will walk you through how you can make the case. Step Read more about OpenShift Seccomp – Securing Containers by Stripping Capabilities[…]
In May 2015 banyan published that they found over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities. In August 2015, FlawCheck surveyed enterprises asking which piece of the security equation was their top concern about running containers in production environments. At 42%, Vulnerabilities & Malware in container workloads was the top Read more about How CloudForms Performs OpenScap Image Scans[…]
I’ve been waiting for this feature since quite a while and its finally here and working. CloudForms 4.2 and OpenShift 3.4 have the ability combined of scanning docker images and define if the images are compliant or not. If the image is not compliant CloudForms annotates the image in OpenShift with images.openshift.io/deny-execution: true and if Read more about Deny container image execution via CloudForms 4.2 / OpenShift 3.4[…]
I had multiple requests if CloudForms is able to provision containers via self service to the Red Hat OpenShift container platform. I liked the idea as you can not expect from every developer in your company to know how to create templates or build configs. I will walk you through, step by step how this Read more about Deploy and build containers on Red Hat OpenShift Container Platform 3.4 via CloudForms 4.2 self service[…]