Linux

Secure your Kubernetes secrets with smart cards and libssh

Secure your Kubernetes secrets with smart cards and libssh

In computer security, software implementations of cryptographic algorithms are vulnerable to side-channel attacks. This type of attack seeks to glean information from the computer system rather than from the program that it is running. As examples, Spectre and Meltdown are both side-channel attacks that target the microarchitecture of modern processors. Microarchitecture attacks are only a subset of all side-channel attacks. There are many others.

Continue reading Secure your Kubernetes secrets with smart cards and libssh

Share
Using Microsoft SQL Server on Red Hat OpenShift

Using Microsoft SQL Server on Red Hat OpenShift

In this article, you’ll learn how to deploy Microsoft SQL Server 2019 on Red Hat OpenShift. We’ll then use SQL Server from an ASP.NET Core application that is also deployed on OpenShift. Next, I’ll show you how to connect to SQL Server while working on the application from your local development machine. And finally, we’ll connect to the server using Azure Data Studio.

Continue reading Using Microsoft SQL Server on Red Hat OpenShift

Share
Adapting Docker and Kubernetes containers to run on Red Hat OpenShift Container Platform

Adapting Docker and Kubernetes containers to run on Red Hat OpenShift Container Platform

More and more companies are migrating their applications to the Red Hat OpenShift Container Platform (RHOCP). This enterprise-grade container platform is secure and comprehensive, based on industry standards including those related to Docker and Kubernetes. However, due to the tightened security restrictions, containers that run on Docker and Kubernetes might not run successfully on Red Hat OpenShift without modification.

Red Hat OpenShift Container Platform is a fully managed Red Hat OpenShift service that takes advantage of enterprise-ready scaling and security. It is directly integrated with Kubernetes and provides several models for application deployment. For example, OpenShift can mitigate the risk that processes running in a container might be given escalated privileges on the host machine, due to security vulnerabilities in the container engine. For this reason, containers are run using an arbitrarily assigned user ID.

In contrast, in Docker and Kubernetes containers are run either as the user specified by the USER directive in the Dockerfile, or as the root user if a USER directive is not specified. Containerized applications designed to run as the root user might not run as expected on OpenShift.

Continue reading “Adapting Docker and Kubernetes containers to run on Red Hat OpenShift Container Platform”

Share
Use mobile numbers for user authentication in Keycloak

Use mobile numbers for user authentication in Keycloak

I recently worked on a project that required using a mobile number for user authentication, instead of the traditional username and password. Almost everyone has a unique mobile number, so the requirement made sense. Our authentication tool is Keycloak, which does not ship with an option for mobile-based authentication. Instead, my team developed a custom authentication executor to meet the requirement.

In this article, I show you how to use Keycloak’s authentication service provider interface (SPI) to write a custom MobileAuthenticator class and then instantiate it with an AuthenticationFactory. I also show you how to package and compile the mobile authentication project using Maven and how to create a custom mobile authentication flow for Keycloak.

Continue reading “Use mobile numbers for user authentication in Keycloak”

Share
Checkpointing Java from outside of Java

Checkpointing Java from outside of Java

When OpenJDK‘s Java virtual machine (JVM) runs a Java application, it loads a dozen or so classes before it starts the main class. It runs a method several hundred times before it invokes the optimizing compiler on that method. This preparation is a critical component of Java’s “write once, run anywhere” power, but it comes at the cost of long startup times.

Continue reading Checkpointing Java from outside of Java

Share
Migrating C and C++ applications from Red Hat Enterprise Linux version 7 to version 8

Migrating C and C++ applications from Red Hat Enterprise Linux version 7 to version 8

When moving an application that you’ve compiled on Red Hat Enterprise Linux (RHEL) 7 to RHEL 8, you will likely encounter issues due to changes in the application binary interface (ABI). The ABI describes the low-level binary interface between an application and its operating environment. This interface requires tools such as compilers and linkers, as well as the produced runtime libraries and the operating system itself, to agree upon the following:

Continue reading Migrating C and C++ applications from Red Hat Enterprise Linux version 7 to version 8

Share
Customizing and tuning the Kuryr SDN for Red Hat OpenShift 3.11 on Red Hat OpenStack 13

Customizing and tuning the Kuryr SDN for Red Hat OpenShift 3.11 on Red Hat OpenStack 13

In a previous article, I showed you how to customize Red Hat OpenShift software-defined networking (SDN) for your organization’s requirements and restrictions. In this article, we’ll look at using the Kuryr SDN instead. Using Kuryr with OpenShift 3.11 on Red Hat OpenStack 13 changes the customization requirements because Kuryr works directly with OpenStack Neutron and Octavia.

Note: This article builds on the discussion and examples from my previous one. I recommend reading the previous one first.

Background

Traditional OpenShift installations leverage openshift-sdn, which is specific to OpenShift. Using openshift-sdn means that your containers run on a network within a network. This setup, known as double encapsulation, introduces an additional layer of complexity, which becomes apparent when troubleshooting network issues. Double encapsulation also affects network performance due to the overhead of running a network within a network.

Continue reading “Customizing and tuning the Kuryr SDN for Red Hat OpenShift 3.11 on Red Hat OpenStack 13”

Share
Command-line cluster management with Red Hat OpenShift’s new web terminal (tech preview)

Command-line cluster management with Red Hat OpenShift’s new web terminal (tech preview)

Red Hat OpenShift‘s web console simplifies many development and deployment chores to just a few clicks, but sometimes you need a command-line interface (CLI) to get things done on a cluster. Whether you’re learning by cut-and-paste in a tutorial or troubleshooting a deep bug in production (also often done by cut-and-paste), you’ll likely need to enter at least a line or two at a command prompt.

Starting with version 4.5.3, OpenShift users can try out a tech preview of the new Web Terminal Operator. The new OpenShift web terminal brings indispensable command-line tools right to the web console, and its Linux environment runs in a pod deployed on your OpenShift cluster. The web terminal eliminates the need to install software and configure connections and authentication for your local terminal. It also makes it easier to use OpenShift on devices like tablets and mobile phones, which might lack a native terminal.

Continue reading “Command-line cluster management with Red Hat OpenShift’s new web terminal (tech preview)”

Share
Rootless containers with Podman: The basics

Rootless containers with Podman: The basics

As a developer, you have probably heard a lot about containers. A container is a unit of software that provides a packaging mechanism that abstracts the code and all of its dependencies to make application builds fast and reliable. An easy way to experiment with containers is with the Pod Manager tool (Podman), which is a daemonless, open source, Linux-native tool that provides a command-line interface (CLI) similar to the docker container engine.

In this article, I will explain the benefits of using containers and Podman, introduce rootless containers and why they are important, and then show you how to use rootless containers with Podman with an example. Before we dive into the implementation, let’s review the basics.

Continue reading “Rootless containers with Podman: The basics”

Share