Kubernetes

Adapting Docker and Kubernetes containers to run on Red Hat OpenShift Container Platform

Adapting Docker and Kubernetes containers to run on Red Hat OpenShift Container Platform

More and more companies are migrating their applications to the Red Hat OpenShift Container Platform (RHOCP). This enterprise-grade container platform is secure and comprehensive, based on industry standards including those related to Docker and Kubernetes. However, due to the tightened security restrictions, containers that run on Docker and Kubernetes might not run successfully on Red Hat OpenShift without modification.

Red Hat OpenShift Container Platform is a fully managed Red Hat OpenShift service that takes advantage of enterprise-ready scaling and security. It is directly integrated with Kubernetes and provides several models for application deployment. For example, OpenShift can mitigate the risk that processes running in a container might be given escalated privileges on the host machine, due to security vulnerabilities in the container engine. For this reason, containers are run using an arbitrarily assigned user ID.

In contrast, in Docker and Kubernetes containers are run either as the user specified by the USER directive in the Dockerfile, or as the root user if a USER directive is not specified. Containerized applications designed to run as the root user might not run as expected on OpenShift.

Continue reading “Adapting Docker and Kubernetes containers to run on Red Hat OpenShift Container Platform”

Share
Persistent storage in action: Understanding Red Hat OpenShift’s persistent volume framework

Persistent storage in action: Understanding Red Hat OpenShift’s persistent volume framework

Red Hat OpenShift is an enterprise-ready Kubernetes platform that provides a number of different models you can use to deploy an application. OpenShift 4.x uses Operators to deploy Kubernetes-native applications. It also supports Helm and traditional template-based deployments. Whatever deployment method you choose, it will be deployed as a wrapper to one or more existing OpenShift resources. Examples include BuildConfig, DeploymentConfig, and ImageStream.

Continue reading Persistent storage in action: Understanding Red Hat OpenShift’s persistent volume framework

Share
Let’s collaborate! Take the 2020 Red Hat OpenShift Developer Survey now

Let’s collaborate! Take the 2020 Red Hat OpenShift Developer Survey now

We are always looking for ways to understand better how developers create, build, manage, test, and deploy applications on and for Red Hat OpenShift. An important part of that effort is the annual OpenShift Developer Survey, which we’ve just released for 2020.

Keep reading to learn more about the survey, including highlights of the 2019 survey results and what to expect from the survey this year. We also invite you to participate in our OpenShift developer experience office hours and one-to-one feedback sessions for our developer community and customers.

Continue reading “Let’s collaborate! Take the 2020 Red Hat OpenShift Developer Survey now”

Share
Securely connect Quarkus and Red Hat Data Grid on Red Hat OpenShift

Securely connect Quarkus and Red Hat Data Grid on Red Hat OpenShift

The release of Red Hat Data Grid 8.1 offers new features for securing applications deployed on Red Hat OpenShift. Naturally, I wanted to check them out for Quarkus. Using the Quarkus Data Grid extension made that easy to do.

Data Grid is an in-memory, distributed, NoSQL datastore solution based on Infinispan. Since it manages your data, Data Grid should be as secure as possible. For this reason, it uses a default property realm that requires HTTPS and automatically enforces user authentication on remote endpoints. As an additional layer of security on OpenShift, Data Grid presents certificates signed by the OpenShift Service Signer. In practice, this means that Data Grid is as secure as possible out of the box, requiring encrypted connections and authentication from the first request. Data Grid generates a default set of credentials (which, of course, you can override), but unauthenticated access is denied.

In this article, I show you how to configure a Quarkus application with Data Grid and deploy it on OpenShift.

Continue reading “Securely connect Quarkus and Red Hat Data Grid on Red Hat OpenShift”

Share
Static analysis with KubeAudit for Red Hat OpenShift

Static analysis with KubeAudit for Red Hat OpenShift

In this article, we introduce a new utility for developers who want to ensure that their code transitions cleanly from upstream Kubernetes to Red Hat OpenShift. OpenShiftKubeAudit (KubeAudit) is a static analyzer that semantically checks a user’s code for known incompatibilities so you can fix them before bringing the code into OpenShift. KubeAudit is also simple to use and easy to extend.

Running an audit

This being the first release, KubeAudit currently offers only a handful of audits, but they’re easy to write. We’re looking for feedback and additional use cases from the community to help make the tool more comprehensive.

Continue reading “Static analysis with KubeAudit for Red Hat OpenShift”

Share
Install a signed certificate with Open Liberty 20.0.0.10’s Automatic Certificate Management Environment Support 2.0

Install a signed certificate with Open Liberty 20.0.0.10’s Automatic Certificate Management Environment Support 2.0

Red Hat Runtimes now supports the new Open Liberty 20.0.0.10 Java runtime. Open Liberty 20.0.0.10 features support for the Automatic Certificate Management Environment (ACME) protocol, which automates the process of obtaining a certificate signed by a certificate authority (CA). The Open Liberty 20.0.0.10 release also includes many bug fixes.

Continue reading Install a signed certificate with Open Liberty 20.0.0.10’s Automatic Certificate Management Environment Support 2.0

Share