Openshift

Understanding Red Hat Advanced Cluster Security for Kubernetes (RHACS) admission control can be challenging. This article takes a closer look at admission control, and the different configuration settings.

Red Hat Advanced Cluster Security for Kubernetes 4.6 has landed, with one of the mostly hotly requested features - policy-as-code!

In this article I look at some approaches to "tame" OpenShift audit and event data, and show how you can use Red Hat Advanced Cluster Security for Kubernetes (RHACS) to create immediate alerts from OpenShift audit events.

GPUs are the tools-of-the-trade for artificial intelligence and machine learning. In this article I look at how to use NVIDIA GPUs on OpenShift, and expose GPUs to both containers and virtual machines.

Recently I've been involved in a project to run a healthcare data service on OpenShift. It's been really interesting learning about FHIR, SNOMED CT, and all manner of health-related application protocols and frameworks.

Red Hat Advanced Cluster Security for Kubernetes (RHACS) v4.4 introduces a new container image scanning capability, Scanner V4. This article takes a closer look at Scanner V4 and how it compares with the existing RHACS scanning capability.

Phishing-resistant multi-factor authentication is a critical security control in 2024, and this article takes you through configuring it for OpenShift with Keycloak

A detailed look at my OpenShift Virtualization lab build.

Can you install OpenShift and OpenShift Virtualization in your home lab? The answer is a definitive *yes*

Over the last few months I have been busily building out the Kacti open source project. This is an intro to the project, its goals and roadmap, and a quick-start tutorial.

A deep dive into Red Hat Advanced Cluster Security for Kubernetes (RHACS), Red Hat Security Advisories (RHSAs), and Common Vulnerabilities and Exposures (CVEs). No mention of lions, tigers, or bears.

A couple of months ago I wrote an article on StackRox and another open source project, GTFOBins. The first article looked at identifying GTFOBins components during development, and this article looks at identifying GTFOBins execution inside containers at runtime.

Recently I picked up a QMK-compatible keyboard, and wanted to see how I could modify my OpenShift development workflows to suit.

The OpenShift release image is a critical component of the software supply-chain for OpenShift. In this article I want to take a closer look at the release image, and how it's verified.

A few weeks I wrote an article on 'Living off the Land' and containers. GTFOBins is an open source project tracking binaries that could be used to support a 'Living off the Land' strategy, and this article explores integrations with StackRox.

What do you do when you need to give away swag, but don't have a wheel? You build one on OpenShift!

Did you know that you can scan the internal OpenShift registry for security issues? Read on to find out how.

A quick guide on how to integrate a Kubernetes-native security platform with quay.io private repositories

What does it mean to be "Kubernetes-native"? And what does Kubernetes-native security look like?

Application control seems to be one of those elusive security controls that organisations spend years chasing. How can we validate which processes are authorised to run on a system, and then enforce this?