Wiping the Slate Clean with the OpenShift Container Platform

With traditional virtualized infrastructure or Infrastructure-as-a-Service, it is common practice to regularly refresh instances back to a known good state. This provides confidence that the application workloads have the correct runtime configuration, no deltas are being introduced, and they can be relied upon to provide value for the business. In these cases, you might use tools such as Ansible or Jenkins, but when we move our application workloads to containers running on OpenShift Container Platform, we can use native tools provided by that platform to achieve the same result.

Continue reading “Wiping the Slate Clean with the OpenShift Container Platform”

Share
Docker Authentication Flow

Docker Authentication with Keycloak

Need to lock down your Docker registry?  Keycloak has you covered.

As of version 3.2.0, Keycloak has the ability to act as an “authorization service” for Docker authentication. This means that the Keycloak IDP server can perform identity validation and token issuance when a Docker registry requires authentication. Administrators may now leverage the same user base, audit controls, and configuration mechanisms in Keycloak to extend their SSO ecosystem past OpenID Connect and SAML to cover Docker registries. The chart below illustrates how this flow works:

Docker Authentication Flow

Continue reading “Docker Authentication with Keycloak”

Share
Dynamic Storage

How to configure persistent storage with OpenShift or Kubernetes for development environment

  • We know that containers in Openshift or Kubernetes don’t persist data. Every time we start an application, it is started in a new container with an immutable Docker image.
    Hence, any persisted data in the file systems is lost when the container stops. Hence if an application or container is rebuilt or restarted than we can’t view previous logs or if we are using containers with mysql or any other database then schema, tables, and all data will be lost, if using any messaging broker than if there is journal file than it will also not persist.
    Hence, these ephemeral containers cannot be used in production environment. In a production environment, we must configure a shared storage.
  • But what about the development environment, because we might not always have enough labs and VM’s available. To rescue we have volume type hostPath, which can be easily set up with Minishift and Minikube.
  • This article will provide details how to setup hostPath volume type.

Continue reading “How to configure persistent storage with OpenShift or Kubernetes for development environment”

Share