OpenShift

This article was originally published at What to consider when using Azure AD as IDP? | Red Hat Cloud Experts In this guide, we will discuss key considerations when using Azure Active Directory (AAD) as the Identity Provider (IDP) for your ARO or ROSA cluster. Below are some helpful references: Configure ARO to Use Azure AD Configuring IDP for ROSA, OSD, and ARO Default Access for All Users in Azure Active Directory Once you set up AAD as the IDP for your cluster, it’s important to note that by default, all users in your Azure Active Directory instance will have access to the cluster. They can log in using their AAD credentials through the OpenShift Web Console endpoint: ...

Introduction OpenShift, developed by Red Hat, extends Kubernetes to provide a more robust platform for deploying and managing containerized applications in a complete application platform. It integrates the core features of Kubernetes with additional tools and services to enhance developer productivity and operational efficiency. This guide aims to introduce beginners to deploying applications on OpenShift Local, a streamlined method to run OpenShift clusters locally for development and testing. Using a local OpenShift environment, offers several benefits, especially for developers who are new to OpenShift or Kubernetes: ...

Just sharing an awesome learning resource I found recently. It will introduce you to the application development cycle leveraging OpenShift’s tooling & features with a special focus on securing your environment using Advanced Cluster Security for Kubernetes (ACS). You will get a brief introduction in several OpenShift features like OpenShift Pipelines, OpenShift GitOps, and OpenShift DevSpaces. Check out at https://devsecops-workshop.github.io/

UBI stands for Universal Base Image. It’s a type of container-based image that Red Hat has created and maintains. UBI images are derived from Red Hat Enterprise Linux (RHEL) and are designed to be a foundation for building containerized applications. Here’s why UBI is significant and why you might consider to use it: Compatibility with RHEL: UBI is based on RHEL, which means it inherits the reliability, security, and performance of RHEL. This compatibility is crucial for organizations that already rely on RHEL for their enterprise applications. Open and Freely Distributable: Unlike RHEL, which requires a subscription, UBI can be used freely. This means you can build your container images on UBI and redistribute them without worrying about RHEL licensing, while still benefiting from the stability and security of a RHEL base. Security and Compliance: UBI images benefit from Red Hat’s commitment to security and compliance. They receive regular updates and patches, which is essential for maintaining security in containerized environments. Broad Ecosystem and Support: Since UBI is based on RHEL, it has broad support from software vendors and the open-source community. This extensive ecosystem ensures compatibility with a wide range of applications and tools. Ease of Certification: For software vendors, using UBI can simplify the process of certifying their applications for RHEL, as UBI containers can be run on both RHEL and non-RHEL hosts. Container Portability: Containers built on UBI can run anywhere that supports container workloads, including Red Hat OpenShift, Kubernetes, and even non-Red Hat platforms. This portability is crucial for organizations adopting a hybrid or multi-cloud strategy. Consistency Across Environments: UBI helps maintain consistency across development, testing, and production environments, reducing the “it works on my machine” problem. Support for Different Architectures: UBI images are available for multiple architectures, including x86_64, s390x, and others, which is important for organizations with diverse infrastructure needs. In summary, UBI combines the reliability and security of RHEL with the flexibility and freedom of a container-based image that can be freely shared and redistributed. It’s an excellent choice for organizations looking to build containerized applications that are secure, compliant, and compatible with a wide range of environments and platforms. See more here

This article was originally published at https://cloud.redhat.com/experts/aro/prereq-list/ Before deploying an ARO cluster, ensure you meet the following prerequisites: Setup Tools Install Azure CLI: Essential for managing Azure resources. Refer to the official documentation Verify Resources Core Quota: Confirm availability of at least 40 cores to create and run an OpenShift Cluster. Permissions RBAC Settings: Ensure you have Contributor and User Access Administrator roles on the cluster resource group. Assign Network Contributor role on the virtual network, if using a separate resource group. For stricter security policies, create a custom role with necessary permissions. Reference link. Microsoft Entra (Former Azure AD): Have a member user of the tenant or a guest with Application administrator role for the tooling to create an application and service principal on your behalf for the cluster. Terraform: If you plan to use Terraform for the deployment of the cluster, see here the required permissions. Azure Integration Resource Provider: Register the Microsoft.RedHatOpenshift resource provider. Reference link. Red Hat Integration: Obtain a Red Hat pull secret (Recommended for access to additional content like Operators and Container Registries). Domain Configuration This step is optional since you can use the built-in domain. ...