An Open Source Load Balancer for OpenShift

An Open Source Load Balancer for OpenShift

Introduction A highly-available deployment of OpenShift needs at least two load balancers: One to load balance the control plane (the master API endpoints) and one for the data plane (the application routers). In most on-premise deployments, we use appliance-based load balancers (such as F5 or Netscaler). The architecture looks like the following: In this architecture, […]

Read More...

OpenShift and Network Security Zones: Coexistence Approaches

OpenShift and Network Security Zones: Coexistence Approaches

Introduction Kubernetes and consequently OpenShift adopt a flat Software Defined Network (SDN) model, which means that all pods in the SDN are in the same logical network. Traditional network implementations adopt a zoning model in which different networks or zones are dedicated to specific purposes, with very strict communication rules between each zone. When implementing […]

Read More...

NetworkPolicies and Microsegmentation

NetworkPolicies and Microsegmentation

Introduction Kubernetes introduced NetworkPolicies in 1.6 and in OpenShift this feature was made GA in 3.7. Microsegmentation is the idea of protecting each host with host-specific firewall rules. In this blog post, we will examine approaches for using NetworkPolicies to implement microsegmentation. NetworkPolicy SDN OpenShift installation requires you to choose the SDN implementation that is […]

Read More...

Managing Secrets on OpenShift – Vault Integration

Managing Secrets on OpenShift - Vault Integration

Credentials are environment dependent configurations that need to be kept secret and should be read only by subjects with a need-to-know. In this article, I present an integration with Vault from Hashicorp as one approach to solving the problem of strict secret management requirements. This orchestration was built on the work previously done by Kelsey Hightower.

Read More...