OpenShift Commons Briefing #76: Security Practices in OpenShift Container Platform @ Amadeus

Step-by-Step Tutorial: Implementing Security Practices in OpenShift Container Platform

1. Introduction to Security Practices in OpenShift:

   • In this OpenShift Commons briefing, the focus is on discussing security practices in OpenShift with Amadeus, a company experienced in deploying OpenShift at scale.

2. Understanding the Industry and Security Requirements:

   • Amadeus operates in the travel industry, dealing with flight reservations, e-commerce websites, payment processing, and compliance with regulations like GDPR and PCI DSS.

3. Key Security Concerns:

   • Security measures are crucial to protect assets, personal information, and comply with industry standards. OpenShift deployment raises questions about security practices.

4. Roles in Security Implementation:

   • Security practices involve collaboration between system administrators, DevOps, developers, and security compliance teams to ensure a holistic approach to security.

5. Infrastructure Setup and Deployment:

   • Deploying OpenShift involves setting up infrastructure, network design, security groups, access control, and defining upgrade policies for maintaining the platform.

6. Upgrade Strategies:

   • Upgrade strategies can involve rebuilding instances or performing rolling upgrades to keep the platform up-to-date while minimizing downtime.

7. Internal OpenShift Architecture:

   • Understanding the architecture of OpenShift within the company's premises, including network separation and security group configurations.

8. Access Control and User Roles:

   • Implementing role-based access control (RBAC) to define user permissions and roles within OpenShift, ensuring secure access to the platform.

9. Securing Secrets:

   • Utilizing OpenShift secrets to manage sensitive information securely, separating secrets from applications, and ensuring secure delivery to nodes.

10. Monitoring and Compliance:

    • Implementing monitoring tools, auditing processes, and compliance measures to detect security breaches, unauthorized access, and ensure regulatory compliance.

11. Container Security:

    • Implementing resource limits, security context constraints, and secure container deployment practices to prevent security vulnerabilities in containerized applications.

12. Image Security and Catalog:

    • Ensuring image security by validating images, monitoring for vulnerabilities, and utilizing container catalogs like Red Hat's Container Catalog for secure image management.

13. Future Security Enhancements:

    • Discussing upcoming security enhancements like encryption for secrets, network policies, and image inspection tools to further enhance security measures in OpenShift.

14. Community Engagement and Learning:

    • Engaging with the OpenShift community, attending briefings, webcasts, and staying updated on new security features and best practices in container security.

By following these steps and best practices, users can enhance the security of their OpenShift deployments and ensure a robust and secure container platform environment.