Blog Entries

10. 10. 2022 Lorenzo Candeago DevOps

My OpenShift Journey #5: Run Unprivileged Containers with systemd in OpenShift: Part 2 – Testing

In my previous blog post, we modified the boot parameters to enable cgroups v2 and the user namespace in CRI-O. In this second part I’ll show you how to run a sample container with systemd and check that the modifications we made actually worked. Setting up a Test Docker To test the new config, let’s…

Read More
06. 10. 2022 Lorenzo Candeago DevOps

My OpenShift Journey #4: Run Unprivileged Containers with systemd in OpenShift: Part 1 – Deployment

For our ongoing transition from Jenkins to OpenShift, we’re currently working on porting our testing infrastructure to OpenShift. Our tests involve installing and running our product, NetEye, in a container. The installation requires a working systemd environment inside the container, and systemd needs to run with PID 1 and as root user (UID 0). Until…

Read More
05. 10. 2022 Alessandro Valentini DevOps

My OpenShift Journey #3: Active Directory Integration and User Management

In our migration journey from multiple VMs to OpenShift, one mandatory step is the integration with our company’s Active Directory. This is the default IdP for our services like Jenkins, NetEye, etc., and we want to centralize authentication and permissions as much as possible. Integration with OpenShift is less straightforward than it is with other…

Read More
14. 07. 2022 Alessandro Valentini DevOps

My OpenShift Journey #2: Nginx Load Balancing and SSL Termination

In a previous blog post I described how we installed our first OpenShift cluster and how we used HA Proxy as a load balancer. Our cluster is meant to host both internal services (like CI and docker registry) and public services, and we thus have to expose them on multiple domains with valid SSL certificates….

Read More
07. 07. 2022 Lorenzo Candeago DevOps

How to Test an ISO with Packer and Change the Root Password at Boot

In a previous blogpost, we showed how to test an ISO using Packer, an open source software tool for creating machine images for multiple platforms. One of the issues we faced was due to a security requirement we have: that the ISO we ship must have its password already expired so that when NetEye is…

Read More
07. 07. 2022 Lorenzo Candeago DevOps

How to Use a Host’s Redhat Subscription to Run Containers Using Docker instead of Podman

In NetEye 4.23 we shifted our base containers from CentOS to RedHat Enterprise Linux. Within our NetEye image and container we ship packages that come from RedHat Enterprise Linux’s private repositories and are thus subject to subscription, hence we need a way to be able to use our subscription when building NetEye containers. RedHat allows…

Read More
07. 07. 2022 Alessandro Valentini DevOps

My OpenShift Journey #1: Getting Started with a Cluster

Within our Research and Development team we maintain a set of both physical and virtual machines for many purposes: internal repository mirrors, CI/CD, testing, internal docker registry, etc… Maintaining them is demanding, especially considering that our infrastructure has grown over the years and was often configured by different colleagues using different software and tools. And…

Read More

Archive