Initial sign-on prompts the user for credentials, and gets a Kerberos ticket-granting ticket (TGT).
Additional software applications requiring authentication, such as email clients, wikis, and revision-control systems, use the ticket-granting ticket to acquire service tickets, proving the user’s identity to the mailserver / wiki server / etc. without prompting the user to re-enter credentials.
Unix/Linux environment — Log in via Kerberos PAM modules fetches TGT. Kerberized client applications such as Evolution, Firefox, and SVN use service tickets, so the user is not prompted to re-authenticate.
This document is going to explain how to configure an NFS service with Kerberos authentication…
If you been working in the Kubernetes Management world then you probably already know that you need a good scripting language to manage your infrastructure.
Bash in that sense will only get you so far (with oc/kubectl )and Ansible is a very powerful automation tool but if you want to be able to write complex Self service operators (with operator-sdk) or a very reach multi micro services application then Go is you why to go …
In this tutorial we are going to use podman/buildah to build our image.
I think the best place to start is with a very…
Well… for many reasons.
I have been working for a long time in the disconnected environment and I have not found a web application for community/communities communication as good as Rocket Chat.
In Rocket Chat I can create a channel for each group and gave permission (as admin) to anyone I wanted to.
More so I notice that the communication within the organization is better and intermediate communication between different teams have increased significantly.
In this tutorial I will do a walk through about how to run a small deployment of Rocket chat in our OpenShift environment and how to…
Well, for Many Reasons… While going through the transition from Modular Application to Micro Service Application the authentication methods had changed as well..
while in the old days we would connect our application to Ldap or even a Kerberos Server (and more Active directory a like) in today’s world we are using HTTP based protocols for authentication such as SAML2 and OpenID Connect.
In some cases the overhead of migrating the application to the new way of authentication is a lot of work. …
When working in a disconnected environment more then once a multiple set of clusters are required to be installed by the organization.
In order to deploy Openshift 4 we need to create the “openshift-install” command and point it to our internal registry.
the official document stat that you need to be connected to the internet to be able to generate the “openshift-install” binary but this is incorrect.
we can extract the “openshift-install” binary in a disconnected (Air Gaped) environment but this will require us to do a little bit of trickerring.
When we are working with Openshift’s Internal registry in a large organization (especially in an Air Gaped Environment) it is important to create A consistency in General available Container images.
Another thing we would like to avoid is multiple copies of the same image in our registry and for that we can create A namespace (we will call it “public”) and add permissions to make it available for all the authenticated users in our cluster :
The following task only can only be performed as a cluster admin.
One of the must important things when transitioning into Micro Services is to make sure we provide a solution for edge scenarios such as Multicast communication or random clients request from a specific scope.
For those type of scenarios (and more) in Openshift 4 we can setup a CNI named “Multus” which enables us to add another interface to our running pod and those connecting it to another network other then OpenShift SDN.
Basically because Multus is already part of OpenShift 4 we need to take a few simple steps :
Being a PAAS admin one of the thing that kept me must interested is the ability to create automation for my customers depending on there needs without me having to do all the heavy lifting for each request.
Ever sense Admission Controller came along it was clear to me that this is the way I want to go in case I want to enforce policies (validate) or add complex requirements while my customers need to do next to none (mutate).
I am basing this tutorial on my git repository which you can find here
You need to be Cluster…
While working in a Disconnected (Air Gaped) environment and OpenShift 4 we want make the must of our OpenShift. For that we would like to have OLM accessible for us but unfortunately this case is not so easy to achieve and maintain.
For that I would suggest to take one Operator at the time and ask our self what operators do we actually need and pick them up one by one.
In this tutorial we will take the keepalived operator and make it available in our air gaped environment.
for our operation we will need :
more then once I came across a document or two (2) which either provides a very goo explanation about OpenShift 4 and how to connect it to an LDAP as an Identity provider or either a very good document about how to setup Red Hat but very few of then also focus on security in that matter and to make sure your environment is actually secure.
this tutorial already assume that you have OpenShift 4 cluster running and that you already have a RHEL machine already installed
In this tutorial I will use RHEL7…