You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _posts/2024-11-11-howto-develop-openshift-application.md
+32-2Lines changed: 32 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -12,11 +12,19 @@ Since OpenShift's container runtime poses constraints, one can't simply create a
12
12
13
13
One possible approach (subject to limitations described below) is installing an all-in-one version of OpenShift and proceeding with the deployment, testing, and debugging cycles on the local machine.
14
14
15
-
Using a local instance of OpenShift can save a considerable amount of time by eliminating the step of pushing large container images to a container registry. This allows you to create a container image locally and perform an OpenShift application deployment directly from that local image. However, this all-in-one version of OpenShift has limitations compared to a full-fledged OpenShift deployment across multiple nodes with dedicated hardware. For more details, see the [Red Hat CodeReady Containers documentation](https://docs.redhat.com/en/documentation/red_hat_codeready_containers/1.0/html/getting_started_guide/getting-started-with-codeready-containers_gsg#differences_with_a_production_openshift_install).
15
+
Using a local instance of OpenShift can save a considerable amount of time by eliminating the step of pushing large container images to a container registry. This allows you to create a container image locally and perform an OpenShift application deployment directly from that local image. However, this all-in-one version of OpenShift has limitations compared to a full-fledged OpenShift deployment across multiple nodes with dedicated hardware. For more details, see the [Red Hat CodeReady Containers documentation](https://docs.redhat.com/en/documentation/red_hat_codeready_containers/2.0/html/getting_started_guide/introducing-codeready-containers_gsg#differences-from-production-openshift-install_gsg).
16
16
17
17
If your application requires features that are not supported by the all-in-one version, this method may not work for those applications (or may not test all the features of the application). Nevertheless, it can be useful for an initial kickstart and a subset of features.
18
18
19
-
With that said, follow the steps to deploy CRC locally as outlined in the [Red Hat OpenShift Local documentation](https://docs.redhat.com/en/documentation/red_hat_openshift_local/2.43/html/getting_started_guide/index).
19
+
With that said, follow the steps to deploy CRC locally as outlined in the [Red Hat OpenShift Local documentation](https://docs.redhat.com/en/documentation/red_hat_codeready_containers/2.0/html/getting_started_guide/index). I have choosen to authorize RedHat SSO:
20
+
21
+
```
22
+
"Red Hat SSO by rh-sso wants to access your github_user account"
23
+
```
24
+
25
+
and after filling a short form with details required to create a RedHat account, I was able to download the latest version of the OpenShift Local along with `pull secret`.
26
+
27
+
20
28
21
29
22
30
@@ -78,6 +86,28 @@ SCCs can either be predefined or custom-made by cluster administrators. Here’s
78
86
-**Restricted SCC**: This built-in SCC in OpenShift enforces strict limitations. It drops most capabilities and restricts user and group permissions, ensuring minimal access beyond default settings.
79
87
-**Custom SCC**: Administrators can create tailored SCCs that provide specific permissions, such as allowing a user ID range (e.g., 1000-2000) or granting additional capabilities.
80
88
89
+
90
+
```yaml
91
+
containers:
92
+
- resources: {}
93
+
terminationMessagePath: /dev/termination-log
94
+
name: demo
95
+
command:
96
+
- tox
97
+
- -v
98
+
- -e dev
99
+
securityContext:
100
+
capabilities:
101
+
drop:
102
+
- ALL
103
+
runAsUser: 1234
104
+
runAsGroup: 5678
105
+
runAsNonRoot: true
106
+
allowPrivilegeEscalation: false
107
+
```
108
+
109
+
Let me know if you need any additional formatting or edits!
110
+
81
111
## Conclusion
82
112
83
113
SCCs are essential for maintaining a secure and controlled environment in OpenShift. While containers by default limit access to protect system integrity, SCCs provide the flexibility needed when applications require elevated permissions. This balance ensures that cluster administrators can grant necessary permissions while maintaining overall security.
0 commit comments