More and more companies are migrating their applications to the Red Hat OpenShift Container Platform (RHOCP). This enterprise-grade container platform is secure and comprehensive, based on industry standards including those related to Docker and Kubernetes. However, due to the tightened security restrictions, containers that run on Docker and Kubernetes might not run successfully on Red Hat OpenShift without modification.
Red Hat OpenShift Container Platform is a fully managed Red Hat OpenShift service that takes advantage of enterprise-ready scaling and security. It is directly integrated with Kubernetes and provides several models for application deployment. For example, OpenShift can mitigate the risk that processes running in a container might be given escalated privileges on the host machine, due to security vulnerabilities in the container engine. For this reason, containers are run using an arbitrarily assigned user ID.
In contrast, in Docker and Kubernetes containers are run either as the user specified by the USER directive in the Dockerfile, or as the root user if a USER directive is not specified. Containerized applications designed to run as the root user might not run as expected on OpenShift.
Continue reading “Adapting Docker and Kubernetes containers to run on Red Hat OpenShift Container Platform”
I recently worked on a project that required using a mobile number for user authentication, instead of the traditional username and password. Almost everyone has a unique mobile number, so the requirement made sense. Our authentication tool is Keycloak, which does not ship with an option for mobile-based authentication. Instead, my team developed a custom authentication executor to meet the requirement.
In this article, I show you how to use Keycloak’s authentication service provider interface (SPI) to write a custom
MobileAuthenticator class and then instantiate it with an
AuthenticationFactory. I also show you how to package and compile the mobile authentication project using Maven and how to create a custom mobile authentication flow for Keycloak.
Continue reading “Use mobile numbers for user authentication in Keycloak”
Red Hat is heading to NodeConf Remote 2020 with IBM to demonstrate a few of our favorite production-quality tools and solutions, all designed to help developers maintain their productivity while successfully navigating the vast and rapidly-changing cloud-native landscape.
Continue reading Red Hat talks and workshops at NodeConf Remote 2020
Red Hat OpenShift is an enterprise-ready Kubernetes platform that provides a number of different models you can use to deploy an application. OpenShift 4.x uses Operators to deploy Kubernetes-native applications. It also supports Helm and traditional template-based deployments. Whatever deployment method you choose, it will be deployed as a wrapper to one or more existing OpenShift resources. Examples include BuildConfig, DeploymentConfig, and ImageStream.
Continue reading Persistent storage in action: Understanding Red Hat OpenShift’s persistent volume framework
In April, the Node.js development team released Node.js 14. This major version release, code-named Fermium, will become a long-term support (LTS) release in October 2020.
Continue reading Get started with Node.js 14 on Red Hat OpenShift
We are always looking for ways to understand better how developers create, build, manage, test, and deploy applications on and for Red Hat OpenShift. An important part of that effort is the annual OpenShift Developer Survey, which we’ve just released for 2020.
Keep reading to learn more about the survey, including highlights of the 2019 survey results and what to expect from the survey this year. We also invite you to participate in our OpenShift developer experience office hours and one-to-one feedback sessions for our developer community and customers.
Continue reading “Let’s collaborate! Take the 2020 Red Hat OpenShift Developer Survey now”
The release of Red Hat Data Grid 8.1 offers new features for securing applications deployed on Red Hat OpenShift. Naturally, I wanted to check them out for Quarkus. Using the Quarkus Data Grid extension made that easy to do.
Data Grid is an in-memory, distributed, NoSQL datastore solution based on Infinispan. Since it manages your data, Data Grid should be as secure as possible. For this reason, it uses a default property realm that requires HTTPS and automatically enforces user authentication on remote endpoints. As an additional layer of security on OpenShift, Data Grid presents certificates signed by the OpenShift Service Signer. In practice, this means that Data Grid is as secure as possible out of the box, requiring encrypted connections and authentication from the first request. Data Grid generates a default set of credentials (which, of course, you can override), but unauthenticated access is denied.
In this article, I show you how to configure a Quarkus application with Data Grid and deploy it on OpenShift.
Continue reading “Securely connect Quarkus and Red Hat Data Grid on Red Hat OpenShift”
When OpenJDK‘s Java virtual machine (JVM) runs a Java application, it loads a dozen or so classes before it starts the main class. It runs a method several hundred times before it invokes the optimizing compiler on that method. This preparation is a critical component of Java’s “write once, run anywhere” power, but it comes at the cost of long startup times.
Continue reading Checkpointing Java from outside of Java
In the first half of this article, I introduced Tekton as a framework for cloud-native CI/CD pipelines, and Argo CD as its perfect partner for GitOps on Red Hat OpenShift. Our example for the demonstration is a Knative service that deploys and serves a Quarkus application. Our goal is to develop a complete continuous integration and delivery process, which begins when a commit is initiated in the application’s GitHub repository and ends with the new application version deployed in the development, staging, and production environments.
Continue reading Building modern CI/CD workflows for serverless applications with Red Hat OpenShift Pipelines and Argo CD, Part 2
Red Hat CodeReady Workspaces 2.4 is now available. For this release, we focused on adding support for IBM Z and improving the IDE editor and configuration elements.
Continue reading Support for IBM Z and more in CodeReady Workspaces 2.4