2.0 KiB
OpenShift - Basic information
Kubernetes prior basic knowledge
Before working with OpenShift, ensure you are comfortable with the Kubernetes environment. The entire OpenShift chapter assumes you have prior knowledge of Kubernetes.
OpenShift - Basic Information
Introduction
OpenShift is Red Hat’s container application platform that offers a superset of Kubernetes features. OpenShift has stricter security policies. For instance, it is forbidden to run a container as root. It also offers a secure-by-default option to enhance security. OpenShift, features an web console which includes a one-touch login page.
CLI
OpenShift come with a it's own CLI, that can be found here:
{% embed url="https://docs.openshift.com/container-platform/4.11/cli_reference/openshift_cli/getting-started-cli.html" %}
To login using the CLI:
oc login -u=<username> -p=<password> -s=<server>
oc login -s=<server> --token=<bearer token>
OpenShift - Security Context Constraints
In addition to the RBAC resources that control what a user can do, OpenShift Container Platform provides security context constraints (SCC) that control the actions that a pod can perform and what it has the ability to access.
SCC is a policy object that has special rules that correspond with the infrastructure itself, unlike RBAC that has rules that correspond with the Platform. It helps us define what Linux access-control features the container should be able to request/run. Example: Linux Capabilities, SECCOMP profiles, Mount localhost dirs, etc.
{% content-ref url="openshift-scc.md" %} openshift-scc.md {% endcontent-ref %}
{% embed url="https://docs.openshift.com/container-platform/3.11/architecture/additional_concepts/authorization.html#security-context-constraints" %}