Authentication and Authorization Create local htpasswd file: htpasswd -c -B -b ./htpasswd admin redhat htpasswd -b ./htpasswd developer developer Then login as admin and create secret: oc create secret generic localusers \ --from-file htpasswd=./htpasswd \ -n openshift-config Can also use set to udpate secret: oc set data secret/localusers -n openshift-config --from-file htpasswd=./htpasswd Add cluster-admin role to new admin account, and it’s ok to ignore warnings since admin is not existed in the system yet:
Openshift comes with enforced security context design which aims to solve security issues that normal Kubernetes cluster ignores. In a non-prod environment, the default Kubernetes approach is capible to deploy simple application and providing access to the service, but such design often introduce challenges to enterprise companies like banks or teleco which cause them hasitate to migrate data to the cloud. Build A Openshift Compatible Image Normal docker image which uses root level action like following would cause trouble in Openshift:
All config and cmd in this blog has been verified and tested against Openshift 4.5 release Openshift 4.5 introduced new way to deploy kubernetes by using Coreos with Igition, this solution makes sure all nodes in a cluster share same image and end-users are not encouraged to modify anything on OS level, everything(nic changes, troubleshoot, ssl injection) should be done through Openshift itself by defining yaml(Machineconfig for OS files, nmstate can mod nic).
All config and cmd in this blog has been verified and tested against Openshift 3.11 release Openshift is Redhat Container Platform, it mainly uses Kubernetes as its PaaS underlay and added more feature such as CICD, app store, etc. How to Install Similar as Kubespray, it uses a toolbox which has root access to all nodes and run ansible scripts to install and deploy everything. Few prerequisites before install: