Book Image

OpenShift Multi-Cluster Management Handbook

By : Giovanni Fontana, Rafael Pecora
5 (1)
Book Image

OpenShift Multi-Cluster Management Handbook

5 (1)
By: Giovanni Fontana, Rafael Pecora

Overview of this book

For IT professionals working with Red Hat OpenShift Container Platform, the key to maximizing efficiency is understanding the powerful and resilient options to maintain the software development platform with minimal effort. OpenShift Multi-Cluster Management Handbook is a deep dive into the technology, containing knowledge essential for anyone who wants to work with OpenShift. This book starts by covering the architectural concepts and definitions necessary for deploying OpenShift clusters. It then takes you through designing Red Hat OpenShift for hybrid and multi-cloud infrastructure, showing you different approaches for multiple environments (from on-premises to cloud providers). As you advance, you’ll learn container security strategies to protect pipelines, data, and infrastructure on each layer. You’ll also discover tips for critical decision making once you understand the importance of designing a comprehensive project considering all aspects of an architecture that will allow the solution to scale as your application requires. By the end of this OpenShift book, you’ll know how to design a comprehensive Red Hat OpenShift cluster architecture, deploy it, and effectively manage your enterprise-grade clusters and other critical components using tools in OpenShift Plus.
Table of Contents (23 chapters)
Part 1 – Design Architectures for Red Hat OpenShift
Part 2 – Leverage Enterprise Products with Red Hat OpenShift
Part 3 – Multi-Cluster CI/CD on OpenShift Using GitOps
Part 4 – A Taste of Multi-Cluster Implementation and Security Compliance
Part 5 – Continuous Learning

Adding security checks in the building and deployment process

This time, we will add a new step to perform a security check in the image that has been built. We are going to use Advanced Cluster Security for that. To successfully use it, you should have Advanced Cluster Security installed and the local cluster configured as a secured cluster. Check Chapter 12, OpenShift Multi-Cluster Security, to see how to do it.

See next what our pipeline looks like now:

Figure 14.14 – Pipeline with security checks

Therefore, the following task has been added to the pipeline:

  • security-check: Uses ACS APIs to check the image against existing security policies defined in ACS.

To simulate security issues, we will also use a custom s2i-java task that uses an old ubi-openjdk version, which contains many known vulnerabilities. To fix the issues, we will change the build strategy to use a Dockerfile that uses the latest version of the RHEL UBI image and...