-
OpenShift: disabling the web console
2 min read
When running an OpenShift cluster we'll find that it exposes a web-based console that not only allows you to deploy applications, but also managing the cluster. However, since it is an additional way to access the cluster we might have some concerns about it, specially from the security perspective. Specifically, the console can be a potential attack vector to gain unauthorized access to the cluster. Let's see how to disable it.
26/01/2023
Read more... -
OpenShift: Using oc-mirror to create image mirrors for air gapped environments
4 min read
Combining oc-mirror with ImageContentSourcePolicy we can configure image mirrors for container images in OpenShift. We can use it to setup air gapped environments: The images won't be available for the source repository, just from the internal mirror. This way we can audit them before allowing our cluster to use them
16/01/2023
Read more... -
OpenShift route TLS termination: edge, passthrough and reencrypt
2 min read
To be able to expose a service externally on OpenShift we can use the Route object. Generally speaking, Routes can be either secured or unsecured, in case we choose to use a secured route we can configured it to work in three different ways: edge, passthrough and reencrypt.
28/11/2022
Read more... -
Openshift: Project object contains (some) immutable fields
2 min read
There are just slight differences between a Project and a Namespace in OpenShift, what can be shocking is the fact that Project's metadata is (with exceptions) immutable.
04/11/2022
Read more... -
AWS STS: IAM roles for ServiceAccounts on AWS ROSA
2 min read
AWS ROSA it is integrated with the AWS STS that will allow us to setup IRSA just as we would do on an EKS cluster.
25/10/2022
Read more...