From the Enterprisers Project: What Are Kubernetes Secrets?

From the Enterprisers Project: What Are Kubernetes Secrets?

The Enterprisers Project always has terrific information that can help you and your team communicate those complex cloud computing concepts to the C-levels. This past week, they published an excellent article describing what exactly secrets are in Kubernetes, how to manage them and what security benefits they provide. From the article: Kubernetes Secrets defined, three […]

Read More...

Self-Serviced, End-to-End Encryption for Kubernetes Applications, Part 2:  a Practical Example

Self-Serviced, End-to-End Encryption for Kubernetes Applications, Part 2:  a Practical Example

Introduction In part one of this series, we saw three approaches to fully automate the provisioning of certificates and create end-to-end encryption. Based on feedback from the community suggesting the post was a bit too theoretical and not immediately actionable, this article will illustrate a practical example. You can see a recording of the demo […]

Read More...

Federation V2 is now KubeFed

Some time ago we talked about how Federation V2 on Red Hat OpenShift 3.11 enables users to spread their applications and services across multiple locales or clusters. As a fast moving project, lots of changes happened since our last blog post. Among those changes, Federation V2 has been renamed to KubeFed and we have released […]

Read More...

How to backup, clone and migrate Persistent Volume Claims on OpenShift

How to backup, clone and migrate Persistent Volume Claims on OpenShift

I recently implemented a complete backup solution for our Red Hat OpenShift clusters. I wanted to share the challenges we faced in putting together the OpenShift backups, restores, hardware migrations, and cluster-cloning features we needed to preserve users’ Persistent Volume Claims (PVCs). At the moment, these features are not implemented directly in Kubernetes, and it […]

Read More...

What Red Hat OpenShift Online and OpenShift Dedicated Customers Should Know About the June 2019 Kernel Network Stack Flaws

What Red Hat OpenShift Online and OpenShift Dedicated Customers Should Know About the June 2019 Kernel Network Stack Flaws

On Monday, June 17, 2019, details were made public about security flaws that impact systems hosting Red Hat OpenShift Online (Starter and Pro) and Red Hat OpenShift Dedicated. For information on the CVEs, visit  CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479.  The vulnerability article can be found here.   The intent of this blog is to notify our […]

Read More...

What Red Hat OpenShift Online and OpenShift Dedicated customers should know about Fallout and RIDL/ZombieLoad/MDS

Earlier this week, details were made public about four CVEs related to microprocessor flaws that impact systems hosting Red Hat OpenShift Online (Starter and Pro) and Red Hat OpenShift Dedicated. Some organizations are referring to these as “Fallout”, “ZombieLoad”, “RIDL”, or collectively as MDS (Microarchitectural Data Sampling). Read additional technical details at these links (CVE-2018-12127, […]

Read More...

From the Enterprisers Project: 5 Kubernetes Security Mistakes to Avoid

From the Enterprisers Project: 5 Kubernetes Security Mistakes to Avoid

Over on the Enterprisers Project, Kevin Casey has written a great little piece listing 5 Kubernetes security mistakes you should watch out for. From the piece: Consider the rise of Kubernetes in the enterprise: Like any tool or technology, it comes with security considerations. That’s not because Kubernetes is inherently risky or insecure – far from it. […]

Read More...

Requesting and installing Let’s Encrypt Certificates for OpenShift 4

Requesting and installing Let's Encrypt Certificates for OpenShift 4

Overview Red Hat OpenShift uses certificates to encrypt the communication with the Web Console as well as applications exposed as Routes. Without any further customization the install process will create self-signed certificates. While these work they usually trigger severe security warnings about unknown certificates in Web Browsers when accessing either the Web Console or any […]

Read More...

Considerations on OpenShift PKIs and Certificates

Considerations on OpenShift PKIs and Certificates

OpenShift features several Public Key Infrastructures (PKIs) that manage certificates for specific purposes. To help deploy OpenShift more securely, it’s necessary to know what each of these infrastructures does and how to best configure them. Note that the information discussed in this article refers to OpenShift 3.x and it is subject to change in the […]

Read More...