OpenShift and Network Security Zones: Coexistence Approaches

OpenShift and Network Security Zones: Coexistence Approaches

Introduction Kubernetes and consequently OpenShift adopt a flat Software Defined Network (SDN) model, which means that all pods in the SDN are in the same logical network. Traditional network implementations adopt a zoning model in which different networks or zones are dedicated to specific purposes, with very strict communication rules between each zone. When implementing […]

Read More...

NetworkPolicies and Microsegmentation

NetworkPolicies and Microsegmentation

Introduction Kubernetes introduced NetworkPolicies in 1.6 and in OpenShift this feature was made GA in 3.7. Microsegmentation is the idea of protecting each host with host-specific firewall rules. In this blog post, we will examine approaches for using NetworkPolicies to implement microsegmentation. NetworkPolicy SDN OpenShift installation requires you to choose the SDN implementation that is […]

Read More...

Managing Secrets on OpenShift – Vault Integration

Managing Secrets on OpenShift - Vault Integration

Credentials are environment dependent configurations that need to be kept secret and should be read only by subjects with a need-to-know. In this article, I present an integration with Vault from Hashicorp as one approach to solving the problem of strict secret management requirements. This orchestration was built on the work previously done by Kelsey Hightower.

Read More...

Environment-Dependent Property Management Strategies for OpenShift Pipelines

Environment-Dependent Property Management Strategies for OpenShift Pipelines

How an application expects to read its configurations is completely application-dependent. That said, over the course of several projects we have seen some patterns emerge that we have found to be successful. There is no better or worse approach – it is the responsibility of the pipeline designer to choose the best approach for a given context. This blog post focuses on environment-dependent properties, but the same approaches could be potentially used for all properties, whether or not they are environment-dependent.

Read More...