Tag: security

A lot of enterprise companies have there own CA and PKI . The main issue on a own Cloud Infrastructure like kubernetes and openshift is to distribute the CA on every machine.

The main reason why this blog post exist is that OpenShift V3 and Kubernetes is very close binded to port 8443. This could be changed in the future.

UPDATE: Since OpenShift Enterprise 3.4 are both ports openshift_master_api_port and openshift_master_console_port documented Configuring Master API and Console Ports.

I used several times a dedicated haproxy pod to provide access to the OpenShift v3 Web console and api on port 443 (https).

This concept could also be used for different services in the PaaS which are able to talk via SNI.

There is a interesting discussion on Hacker News about the Redhat Blog post about Docker 0-Day Stopped Cold by SELinux. There are a responses from the founder of Docker (shykes) and the Director of securtiy (bigmac) which makes this thread interesting.