Fernando Lozano

Fernando lives in Rio de Janeiro, Brazil, and works on Red Hat's certification training for middleware, containers, and DevOps.

Areas of Expertise

Java, JBoss EAP, Fuse, Containers, OpenShift

Recent Posts

Verifying signatures of Red Hat container images

Verifying signatures of Red Hat container images

Security-conscious organizations are accustomed to using digital signatures to validate application content from the Internet. A common example is RPM package signing. Red Hat Enterprise Linux (RHEL) validates signatures of RPM packages by default.

In the container world, a similar paradigm should be adhered to. In fact, all container images from Red Hat have been digitally signed and have been for several years. Many users are not aware of this because early container tooling was not designed to support digital signatures.

In this article, I’ll demonstrate how to configure a container engine to validate signatures of container images from the Red Hat registries for increased security of your containerized applications.

Continue reading “Verifying signatures of Red Hat container images”

Share
Using Red Hat OpenShift image streams with Kubernetes deployments

Using Red Hat OpenShift image streams with Kubernetes deployments

This article demonstrates an application update scenario which leverages Red Hat OpenShift image streams together with standard Kubernetes native resources. It also shows how image streams automatically redeploy application pods after an update to their container image.

Best of all, Kubernetes resources enhanced with OpenShift image streams are still compatible with standard Kubernetes clusters. This fact enables the use of the same resource definitions to support multiple Kubernetes distributions, and at the same time take advantage of features unique to OpenShift.

At the end of this article, we present a few considerations around using image IDs and image name tags to manage your ability to roll back to previous versions of an application.

Continue reading “Using Red Hat OpenShift image streams with Kubernetes deployments”

Share
Troubleshooting Red Hat OpenShift applications with throwaway containers

Troubleshooting Red Hat OpenShift applications with throwaway containers

Imagine this scenario: Your cool microservice works fine from your local machine but fails when deployed into your Red Hat OpenShift cluster. You cannot see anything wrong with the code or anything wrong in your services, configuration maps, secrets, and other resources. But, you know something is not right. How do you look at things from the same perspective as your containerized application? How do you compare the runtime environment from your local application with the one from your container?

If you performed your due diligence, you wrote unit tests. There are no hard-coded configurations or hidden assumptions about the runtime environment. The cause should be related to the configuration your application receives inside OpenShift. Is it time to run your app under a step-by-step debugger or add tons of logging statements to your code?

We’ll show how two features of the OpenShift command-line client can help: the oc run and oc debug commands.

Continue reading “Troubleshooting Red Hat OpenShift applications with throwaway containers”

Share
Working with Red Hat Enterprise Linux Universal Base Images (UBI)

Working with Red Hat Enterprise Linux Universal Base Images (UBI)

If you’re like me—a developer who works with customers who rely on the tried-and-true Red Hat Enterprise Linux (RHEL), works with containerized applications, and also prefers to work with Fedora Linux as their desktop operating system—you’re excited by the announcement of the Universal Base Images (UBI). This article shows how UBI actually works, by building the container image for a simple PHP application.

With UBI, you can build and redistribute container images based on Red Hat Enterprise Linux without requiring a Red Hat subscription. Users of UBI-based container images do not need Red Hat subscriptions. No more extra work creating CentOS-based container images for your community projects or for your customers that prefer self-support.

I tested all these steps on my personal Fedora 29 system, and they should work on any Linux distribution. I am also a big fan of the new container tools such as Podman, which should be available to your favorite Linux distribution. If you are working on a Windows or MacOS system, you can replace the Podman commands with Docker.

Continue reading “Working with Red Hat Enterprise Linux Universal Base Images (UBI)”

Share
Source versus binary S2I workflows with Red Hat OpenShift Application Runtimes

Source versus binary S2I workflows with Red Hat OpenShift Application Runtimes

Red Hat OpenShift supports two workflows for building container images for applications: the source and the binary workflows. The binary workflow is the primary focus of the Red Hat OpenShift Application Runtimes and Red Hat Fuse product documentation and training, while the source workflow is the focus of most of the Red Hat OpenShift Container Platform product documentation and training. All of the standard OpenShift Quick Application Templates are based on the source workflow.

A developer might ask, “Can I use both workflows on the same project?” or, “Is there a reason to prefer one workflow over the other?” As a member of the team that developed Red Hat certification training for OpenShift and Red Hat Fuse, I had these questions myself and I hope that this article helps you find your own answers to these questions.

Continue reading “Source versus binary S2I workflows with Red Hat OpenShift Application Runtimes”

Share