What Red Hat OpenShift Online and OpenShift Dedicated Customers Should Know About the June 2019 Kernel Network Stack Flaws

What Red Hat OpenShift Online and OpenShift Dedicated Customers Should Know About the June 2019 Kernel Network Stack Flaws

On Monday, June 17, 2019, details were made public about security flaws that impact systems hosting Red Hat OpenShift Online (Starter and Pro) and Red Hat OpenShift Dedicated. For information on the CVEs, visit  CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479.  The vulnerability article can be found here.   The intent of this blog is to notify our […]

Read More...

Using Kubernetes Operators to Manage Let’s Encrypt SSL/TLS Certificates for Red Hat OpenShift Dedicated

Using Kubernetes Operators to Manage Let’s Encrypt SSL/TLS Certificates for Red Hat OpenShift Dedicated

Overview Red Hat OpenShift Dedicated is an enterprise Kubernetes application platform hosted on public cloud providers and managed by Red Hat Site Reliability Engineering (SRE). OpenShift Dedicated enables companies to implement a flexible, hybrid cloud IT strategy by connecting to their datacenter with minimal infrastructure and operating expenses. Valid SSL certificates are part of the […]

Read More...

What Red Hat OpenShift Online and OpenShift Dedicated customers should know about Fallout and RIDL/ZombieLoad/MDS

Earlier this week, details were made public about four CVEs related to microprocessor flaws that impact systems hosting Red Hat OpenShift Online (Starter and Pro) and Red Hat OpenShift Dedicated. Some organizations are referring to these as “Fallout”, “ZombieLoad”, “RIDL”, or collectively as MDS (Microarchitectural Data Sampling). Read additional technical details at these links (CVE-2018-12127, […]

Read More...

Requesting and installing Let’s Encrypt Certificates for OpenShift 4

Requesting and installing Let's Encrypt Certificates for OpenShift 4

Overview Red Hat OpenShift uses certificates to encrypt the communication with the Web Console as well as applications exposed as Routes. Without any further customization the install process will create self-signed certificates. While these work they usually trigger severe security warnings about unknown certificates in Web Browsers when accessing either the Web Console or any […]

Read More...

Considerations on OpenShift PKIs and Certificates

Considerations on OpenShift PKIs and Certificates

OpenShift features several Public Key Infrastructures (PKIs) that manage certificates for specific purposes. To help deploy OpenShift more securely, it’s necessary to know what each of these infrastructures does and how to best configure them. Note that the information discussed in this article refers to OpenShift 3.x and it is subject to change in the […]

Read More...

OpenShift Commons Briefing: State of Open Source Security Report Review with Liran Tal (Snyk)

  OpenShift Commons Briefing Summary In this briefing, Snyk’s Liran Tal shows the results of his company’s State of Open Source Security 2019 Report. Liran explains each step of the process, from development, to testing, to deployment, and follows the chains of responsibility across those domains. Who is responsible for the security of container images? […]

Read More...

About the February 2019 Cri-O / RunC / Docker vulnerability

What OpenShift Online and OpenShift Dedicated customers should know about the recently announced vulnerability of runc/docker/CRI-O On February 11th, 2019, details of a vulnerability that researchers have confirmed is present on certain versions of runc (impacting docker and CRI-O) was published.  These tools are deployed as part of the OpenShift product and impact the Red […]

Read More...

[Podcast] PodCTL – Kube Security, Kube 1.13 and KubeCon

[Podcast] PodCTL  - Kube Security, Kube 1.13 and KubeCon

Heading into the week of KubeCon, we wanted to make sure that listeners had some basics to prepare them for a week of learning and announcements. We discussed the severe Kubernetes bug (Kubernetes Privilege Escalation Flaw) and available patches, all of the new features in Kubernetes 1.13, as some previews of things to expect from […]

Read More...