Security

Securing Cloud-init User Data with External Secrets and OpenShift Virtualization

Storing Virtual Machines as Kubernetes resources in git for automated deployment promotes consistency, resilency, and accountability, but commiting secrets to git is risky and should be avoided. Use the External Secrets Operator to securely store cloud-init and other data, and sleep soundly!

Continue reading

Generate a Kubeconfig to Enable OpenShift Service Account Authentication

This post demonstrates how to properly generate kubeconfig files for OpenShift ServiceAccounts, enabling secure token-based authentication and TLS connections. You will learn how to create ServiceAccounts, generate time-limited tokens, bundle CA certificates, and package everything into a distributable kubeconfig file that can be stored as a Secret for download.

Continue reading

Storing OpenShift Credentials with 1Password

If you find yourself frequently rebuilding OpenShift clusters and potentially reusing cluster names, you may find it challanging to manage the credentials consistently and securely. Here is a solution using 1Password.

Continue reading

Extracting TLS CA Certificates from Kubeconfig File

OpenShift creates a number of Certificate Authorities to sign TLS certificates which secure functions including load balancing of the API and Ingress services. Recent versions of openshift-install will place all the CA certificates in the generated auth/kubeconfig file.

Here is how to extract and split those certificates into individual files which eases the process of trusting them particularly on a Mac.

Continue reading