Ensuring Security in OpenShift

Objectives

• Understand security contexts and roles.

• Implement security best practices for applications.

Task 1: Setup and Manage Security Contexts for Pods

Objective

Set up and manage security contexts for pods.

Explanation

Security contexts define the operating system-level security settings for a pod or container. Properly configuring them enhances the security posture of applications.

apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
    - name: mycontainer
      image: nginx
      securityContext:
        runAsUser: 1000
        capabilities:
          add: ["NET_ADMIN"]

Task 2: Define Roles and Role Bindings for Fine-Grained Access Control

Objective

Define roles and role bindings for fine-grained access control.

Explanation

Roles and role bindings in OpenShift enable granular access control, ensuring that users or entities have the minimum necessary permissions.

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: example
  namespace: baltistan-dev
rules:
  - apiGroups:
      - ''
    resources:
      - pods
    verbs:
      - get
      - watch
      - list

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: Test
  namespace: baltistan-dev
subjects:
  - kind: User
    apiGroup: rbac.authorization.k8s.io
    name: Test
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: example