Chapter 11. Security

 

This chapter covers

  • Learning how SELinux isolates container resources
  • Understanding security contexts and application permissions
  • Scanning container images for security issues
  • Using security context constraints
  • Analyzing OpenSCAP security scan reports

Each topic in this chapter is specific to security and to making OpenShift a secure platform for your applications. This chapter isn’t a comprehensive summary of OpenShift’s security features—that would take 100 pages or more and is a great idea for another OpenShift book. What we’ll do in this chapter is walk through the fundamentals of OpenShift security. We want to give you examples of what we think are the most crucial concepts, and we’ll do our best to point you in the right direction for the topics we don’t have room to cover.

We began discussing important security concepts and making OpenShift secure not long after page 1 of this book:

11.1. Understanding SELinux core concepts

11.2. Investigating pod security contexts in OpenShift

11.3. Scanning container images

11.4. Annotating images with security information

11.5. Summary