Skip to content

Commit 15e2cbd

Browse files
committed
Update the post
1 parent 6acb5c5 commit 15e2cbd

File tree

1 file changed

+32
-2
lines changed

1 file changed

+32
-2
lines changed

_posts/2024-11-11-howto-develop-openshift-application.md

Lines changed: 32 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,11 +12,19 @@ Since OpenShift's container runtime poses constraints, one can't simply create a
1212

1313
One possible approach (subject to limitations described below) is installing an all-in-one version of OpenShift and proceeding with the deployment, testing, and debugging cycles on the local machine.
1414

15-
Using a local instance of OpenShift can save a considerable amount of time by eliminating the step of pushing large container images to a container registry. This allows you to create a container image locally and perform an OpenShift application deployment directly from that local image. However, this all-in-one version of OpenShift has limitations compared to a full-fledged OpenShift deployment across multiple nodes with dedicated hardware. For more details, see the [Red Hat CodeReady Containers documentation](https://docs.redhat.com/en/documentation/red_hat_codeready_containers/1.0/html/getting_started_guide/getting-started-with-codeready-containers_gsg#differences_with_a_production_openshift_install).
15+
Using a local instance of OpenShift can save a considerable amount of time by eliminating the step of pushing large container images to a container registry. This allows you to create a container image locally and perform an OpenShift application deployment directly from that local image. However, this all-in-one version of OpenShift has limitations compared to a full-fledged OpenShift deployment across multiple nodes with dedicated hardware. For more details, see the [Red Hat CodeReady Containers documentation](https://docs.redhat.com/en/documentation/red_hat_codeready_containers/2.0/html/getting_started_guide/introducing-codeready-containers_gsg#differences-from-production-openshift-install_gsg).
1616

1717
If your application requires features that are not supported by the all-in-one version, this method may not work for those applications (or may not test all the features of the application). Nevertheless, it can be useful for an initial kickstart and a subset of features.
1818

19-
With that said, follow the steps to deploy CRC locally as outlined in the [Red Hat OpenShift Local documentation](https://docs.redhat.com/en/documentation/red_hat_openshift_local/2.43/html/getting_started_guide/index).
19+
With that said, follow the steps to deploy CRC locally as outlined in the [Red Hat OpenShift Local documentation](https://docs.redhat.com/en/documentation/red_hat_codeready_containers/2.0/html/getting_started_guide/index). I have choosen to authorize RedHat SSO:
20+
21+
```
22+
"Red Hat SSO by rh-sso wants to access your github_user account"
23+
```
24+
25+
and after filling a short form with details required to create a RedHat account, I was able to download the latest version of the OpenShift Local along with `pull secret`.
26+
27+
2028

2129

2230

@@ -78,6 +86,28 @@ SCCs can either be predefined or custom-made by cluster administrators. Here’s
7886
- **Restricted SCC**: This built-in SCC in OpenShift enforces strict limitations. It drops most capabilities and restricts user and group permissions, ensuring minimal access beyond default settings.
7987
- **Custom SCC**: Administrators can create tailored SCCs that provide specific permissions, such as allowing a user ID range (e.g., 1000-2000) or granting additional capabilities.
8088

89+
90+
```yaml
91+
containers:
92+
- resources: {}
93+
terminationMessagePath: /dev/termination-log
94+
name: demo
95+
command:
96+
- tox
97+
- -v
98+
- -e dev
99+
securityContext:
100+
capabilities:
101+
drop:
102+
- ALL
103+
runAsUser: 1234
104+
runAsGroup: 5678
105+
runAsNonRoot: true
106+
allowPrivilegeEscalation: false
107+
```
108+
109+
Let me know if you need any additional formatting or edits!
110+
81111
## Conclusion
82112
83113
SCCs are essential for maintaining a secure and controlled environment in OpenShift. While containers by default limit access to protect system integrity, SCCs provide the flexibility needed when applications require elevated permissions. This balance ensures that cluster administrators can grant necessary permissions while maintaining overall security.

0 commit comments

Comments
 (0)