Book Image

OpenShift Multi-Cluster Management Handbook

By : Giovanni Fontana, Rafael Pecora
5 (1)
Book Image

OpenShift Multi-Cluster Management Handbook

5 (1)
By: Giovanni Fontana, Rafael Pecora

Overview of this book

For IT professionals working with Red Hat OpenShift Container Platform, the key to maximizing efficiency is understanding the powerful and resilient options to maintain the software development platform with minimal effort. OpenShift Multi-Cluster Management Handbook is a deep dive into the technology, containing knowledge essential for anyone who wants to work with OpenShift. This book starts by covering the architectural concepts and definitions necessary for deploying OpenShift clusters. It then takes you through designing Red Hat OpenShift for hybrid and multi-cloud infrastructure, showing you different approaches for multiple environments (from on-premises to cloud providers). As you advance, you’ll learn container security strategies to protect pipelines, data, and infrastructure on each layer. You’ll also discover tips for critical decision making once you understand the importance of designing a comprehensive project considering all aspects of an architecture that will allow the solution to scale as your application requires. By the end of this OpenShift book, you’ll know how to design a comprehensive Red Hat OpenShift cluster architecture, deploy it, and effectively manage your enterprise-grade clusters and other critical components using tools in OpenShift Plus.
Table of Contents (23 chapters)
Part 1 – Design Architectures for Red Hat OpenShift
Part 2 – Leverage Enterprise Products with Red Hat OpenShift
Part 3 – Multi-Cluster CI/CD on OpenShift Using GitOps
Part 4 – A Taste of Multi-Cluster Implementation and Security Compliance
Part 5 – Continuous Learning

Network isolation

Firewalls are well known and have been used for a long time in any kind of infrastructure. When it comes to OpenShift, we need to have in mind that we are now working with a software-defined platform and, as such, we have software features to implement some of the same concepts we have had for a long time in a data center—it is no different with a firewall. As we have seen in the previous chapter, Network Policies are nothing more than rules you define to allow or block network communication between pods and projects on OpenShift, similar to what a firewall provides in a physical network.

By default, all pods in a project are accessible from other pods and network endpoints from any project. To isolate pods and projects, you need to create network policies, such as the following:

kind: NetworkPolicy
  name: deny-by-default
  podSelector: {}
  ingress: []

The previous network...