OpenShift - Basic information

Kubernetes prior basic knowledge

Before working with OpenShift, ensure you are comfortable with the Kubernetes environment. The entire OpenShift chapter assumes you have prior knowledge of Kubernetes.

OpenShift - Basic Information

Introduction

OpenShift is Red Hat’s container application platform that offers a superset of Kubernetes features. OpenShift has stricter security policies. For instance, it is forbidden to run a container as root. It also offers a secure-by-default option to enhance security. OpenShift, features an web console which includes a one-touch login page.

CLI

OpenShift come with a it's own CLI, that can be found here:

Getting started with the OpenShift CLI - OpenShift CLI (oc) | CLI tools | OpenShift Container Platform 4.11OpenShift

To login using the CLI:

oc login -u=<username> -p=<password> -s=<server>
oc login -s=<server> --token=<bearer token>

OpenShift - Security Context Constraints

In addition to the RBAC resources that control what a user can do, OpenShift Container Platform provides security context constraints (SCC) that control the actions that a pod can perform and what it has the ability to access.

SCC is a policy object that has special rules that correspond with the infrastructure itself, unlike RBAC that has rules that correspond with the Platform. It helps us define what Linux access-control features the container should be able to request/run. Example: Linux Capabilities, SECCOMP profiles, Mount localhost dirs, etc.

pageOpenshift - SCC

Authorization - Additional Concepts | Architecture | OpenShift Container Platform 3.11OpenShift

PreviousOpenShift Pentesting NextOpenshift - SCC

Last updated 11 days ago