Red Hat Blog

Deploying a Red Hat OpenShift Operator in an environment with internet access is typically straightforward. However, in industries like cyber security or the military sector, where security concerns often prohibit internet access, the process becomes more complex. In a disconnected or air-gapped environment, internet access is usually restricted or unavailable.In this article, I demonstrate the process of deploying an operator in a disconnected environment. I use the recent Red Hat OpenShift AI operator for this example, because the use of artificial intelligence is becoming crucial to many en

The Automatic Certificate Management Environment (ACME) protocol allows automated interactions between certificate authorities and your servers. This means you can automate the deployment of your public key infrastructure at a low cost, with relatively little effort. ACME provides automated identifier validation and certificate issuance, and its goal is to improve security by providing certificates with a short lifespan (3 months by default, in line with the Let’s Encrypt specification), and by avoiding manual (and error-prone) processes from certificate lifecycle management. The Let’s Enc

Red Hat OpenShift sandboxed containers, built on Kata Containers, now provide the additional capability to run confidential containers (CoCo). Confidential Containers are containers deployed within an isolated hardware enclave protecting data and code from privileged users such as cloud or cluster administrators. The CNCF Confidential Containers project is the foundation for the OpenShift CoCo solution. You can read more about the CNCF CoCo project in our previous blog What is the Confidential Containers project?Confidential Containers are available from OpenShift sandboxed containers release

Red Hat OpenShift sandboxed containers, built on Kata Containers, provide the additional capability to run confidential containers (CoCo). This article continues our previous one, Exploring the OpenShift confidential containers solution and looks at different CoCo use cases and the ecosystem around the confidential compute attestation operator.Use cases for OpenShift confidential containersLet’s go over a few CoCo use cases.Secrets retrieval by the workload (pod)A workload (pod) may require secrets to perform different operations. For example, assume your workload runs a fine-tuned large lan

Red Hat Identity Management (IdM) is a centralized and comprehensive identity management solution that provides a wide range of features designed to help manage user identities, enforce security policies and facilitate access management. IdM offers a number of tailored and customizable features that will support the organization in implementing a 360-degree solution for managing identities, users and host security at scale, and it is included with a Red Hat Enterprise Linux (RHEL) subscription.In this article we spotlight some of the features that IdM can bring to your organization.User and gr

Red Hat Summit, the premier open source event, reached new heights this past May by ascending to the Mile High City of Denver Colorado. The mix of Red Hat customers, enthusiasts and members of the open source community made for an ideal location for the latest OpenShift Commons Gathering. Similar to other OpenShift Commons Gathering events, it occurred as a day-0 event prior to the actual start of Red Hat Summit. But, what made this event extra special was that it also coincided with the first ever Community Day that brought together the communities driving Red Hat OpenShift, Red Hat Enterpris

One of the key components of a container-based architecture is security.There are many facets to it (just have a look at the list of topics in the official OpenShift documentation here), but some of the most basic requirements are authentication and authorization. In this article, I explain how authentication and authorization work in Kubernetes and Red Hat OpenShift. I cover interactions between the different layers of a Kubernetes ecosystem, including the infrastructure layer, Kubernetes layer, and the containerized applications layer.What is authentication and authorization?In simple terms,

Confidential containers are containers deployed within a Trusted Execution Environment (TEE), which allows you to protect your application code and secrets when deployed in untrusted environments. In our previous articles, we introduced the Red Hat OpenShift confidential containers (CoCo) solution and relevant use cases. We demonstrated how components of the CoCo solution, spread across trusted and untrusted environments, including confidential virtual machine (CVM), guest components, TEEs, Confidential compute attestation operator, Trustee agents, and more, work together as part of the soluti

Quay.io is Red Hat’s hosted container registry service that serves enterprise users, open source community projects, and Red Hat customers worldwide. One of the most used features of Quay.io, besides storing and serving container images, is the comprehensive security vulnerability reporting for any uploaded image. Because Red Hat is committed to making open source software more accessible, this functionality is also available on the free tier, provided by the Clair static vulnerability analyzer project.Clair allows users to analyze millions of container images and billions of layers, and pr

With the advent of Confidential Virtual Machines (CVMs) in RHEL, a new challenge has emerged: Extending the Red Hat UKI (Unified Kernel Image) more safely and without compromising its security footprint. Starting with Red Hat 9.4, the systemd package (252-31 and onwards) supports UKI addons, which aim to solve this issue.In this blog, I explore the addons that enable safer extension of the UKI kernel command line.What is the Unified Kernel Image (UKI)?The linux kernel is the core of any Linux operating system. It's the interface between the hardware and the processes running on it, providing m