OCP 4.0 is not out yet but you have the chance to get your hands dirty by going to the following URL https://try.openshift.com. Log in with your redhat account and you should be good to go. You will notice that we are using a new installer called openshift-installer. The installer uses terraform to build the… Read More »OpenShift 4 Developer Preview
IT organizations are using container technology and DevOps processes to bring new-found agility to delivering applications that create business value. However, enterprise use requires strong security at every stage of the life cycle. Nothing is secure by default—security takes work. You need defense in depth. Red Hat delivers multiple layers of security controls throughout your… Read More »Best practices for securing the container life cycle
Red Hat Virtualization and the OpenShift Container Platform go far back. Both products are very well integrated and share security features like svirt and cgroups which are a core security component of Red Hat Enterprise Linux. Svirt allows you to run your virtual instances as well as containers in full tenant isolation mode whereas cgroups… Read More »OpenShift on RHV Automated, Secure and Transparent
Attached find the deck I presented at the VTUG in the New England Patriots stadium. It was a great experience. Thank you very much for attending my talk!
The current apb-1.0.4-1.el7.noarch in OpenShift 3.7 enterprise from the rhel-7-server-ose-3.7-rpms channel is currently broken. When you try to list apb’s you will get the following error: apb push Exception occurred! unsupported operand type(s) for +: ‘NoneType’ and ‘str’ Now I will show you how you can fix this. It is important to follow the steps… Read More »Building RocketChat as an ansible playbook bundle on OpenShift Container platform (fix for ocp 3.7)
Let say you want to prove to your security team that running a pod in Red Hat OpenShift is really removing capabilities from the running container. There is not much documentation out there which explains how to find what capabilities get stripped so I will walk you through how you can make the case. Step… Read More »OpenShift – Securing Containers by Stripping Capabilities
In May 2015 banyan published that they found over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities. In August 2015, FlawCheck surveyed enterprises asking which piece of the security equation was their top concern about running containers in production environments. At 42%, Vulnerabilities & Malware in container workloads was the top… Read More »How CloudForms Performs OpenScap Image Scans
I realized today that the current OpenShift 3.4 documentation around installing the standalone registry is missing an important parameter. Here is the link to the bug openshift_master_default_subdomain missing . Its a small error but has some impact as the route registry-console-default.yourdomain will not be exposed externally. Remember the standalone OpenShift registry is a full OpenShift… Read More »OpenShift 3.4 Standalone Registry (Atomic Registry)
I’ve been waiting for this feature since quite a while and its finally here and working. CloudForms 4.2 and OpenShift 3.4 have the ability combined of scanning docker images and define if the images are compliant or not. If the image is not compliant CloudForms annotates the image in OpenShift with images.openshift.io/deny-execution: true and if… Read More »Deny container image execution via CloudForms 4.2 / OpenShift 3.4
Today I finally finished my Ikea Helmer rack project. The goal of the project was to have enough resources to build a full Red Hat Cloud Suite lab. I am in IT now since 1996 and learned that the only way to stay on top of the game is by playing with the technology. I have… Read More »Red Hat Cloud Suite In A Box