Enabling Peer Pods on IBM Z and LinuxONE with Red Hat OpenShift sandboxed containers

Red Hat OpenShift sandboxed containers version 1.5.0, introduces Peer Pods to IBM Z and LinuxONE. This update is the product of a cooperation between IBM and Red Hat, and is an important step in improving sandboxed containers, paving the way for Confidential Containers.
By integrating with IBM Z and LinuxONE, OpenShift sandboxed containers help tackle the challenges of providing more secure and efficient containerized applications in complex IT infrastructures.
Understanding Peer Pods in OpenShift Peer Pods have expanded the capabilities of OpenShift, allowing for the use of Kata Containers on cloud-based clusters without the need for nested virtualization.
This is particularly significant as it opens up opportunities to deploy sandboxed containers in environments where nested virtual machines are either impractical or undesirable.
By leveraging the cloud-api-adaptor and its libvirt provider, Peer Pods manage Kata Containers directly, avoiding the complexities of nested VMs. This innovation enhances the flexibility and adaptability of OpenShift sandboxed containers across various cloud platforms.
In the case of IBM Z and LinuxONE, it employs the libvirt provider, which connects to a libvirt daemon instance.
This approach allows for more precise control and management of VMs, aligning them more seamlessly with the needs of the containerized environment in OpenShift.
For those interested in a deeper understanding of Peer Pods, this introductory blog post provides a comprehensive look into their benefits and how they function.
Ensure your environment meets these prerequisites Before starting, confirm that your IBM Z and LinuxONE environment meets all the prerequisites for OpenShift sandboxed containers, which are aligned with OpenShift's requirements.
Deploy the OpenShift sandbox containers Operator Install the OSC Operator and set enablePeerPods: true when creating the KataConfig.
This step activates the Peer Pods feature in your environment.
Configure Peer Pods Follow the instructions in the documentation to set up Peer Pods.
This action configures your nodes for the kata-remote RuntimeClass and triggers the necessary installations and settings adjustments by the OpenShift sandboxed containers Operator.
Openshift.io/v1 kind: KataConfig metadata: name: cluster-kataconfig spec: enablePeerPods: true Apply this configuration using the OpenShift CLI, and prepare for the worker nodes to reboot, which is part of the installation process.
Run an example workload with Fedora Pod Finally, deploy an example workload to test the Peer Pods environment.
Here's an example of a Fedora pod using the RuntimeClassName: kata-remote.
This update marks a step forward for container environments on the platform and sets the stage for integrating Confidential Containers, enhancing isolation further based on IBM Secure Execution for Linux technology.
Deploying these containers is straightforward, requiring minimal changes from a non-peer pod deployment.
Adding the runtimeClassName to the deployment spec or pod template is all it takes.
This showcases Red Hat's commitment to enabling the use of advanced container isolation and Confidential Computing with minimal changes during pod deployment.


This Cyber News was published on www.redhat.com. Publication date: Wed, 24 Jan 2024 21:43:04 +0000


Cyber News related to Enabling Peer Pods on IBM Z and LinuxONE with Red Hat OpenShift sandboxed containers

Enabling Peer Pods on IBM Z and LinuxONE with Red Hat OpenShift sandboxed containers - Red Hat OpenShift sandboxed containers version 1.5.0, introduces Peer Pods to IBM Z and LinuxONE. This update is the product of a cooperation between IBM and Red Hat, and is an important step in improving sandboxed containers, paving the way for ...
10 months ago Redhat.com
CVE of the month, the supply chain attack hidden for 10 years CVE-2024-38368 - CVE-2024-38368 is a vulnerability that affects the open-source supply chain of iOS and MacOS applications. CocoaPod is a dependency manager for Swift and Objective-C, essentially it is the NPM, RubyGems or PyPi equivalent of Swift and Objective-C. ...
5 months ago Securityboulevard.com
What Is Container Security? Definition, Benefits, and Risks - Container security is a vital factor for all companies that use containers for running their software, as an alternative to using virtual machines. Container security is a total of policies and tools that are applied to maintain a container running ...
1 year ago Heimdalsecurity.com
Red Hat OpenShift Service on AWS obtains FedRAMP "Ready" designation - This means that Red Hat is now listed on the FedRAMP Marketplace as actively pursuing JAB authorization, with additional updates showing our progress and achievements across the two paths for authorization: The existing Agency Authority to Operate ...
8 months ago Redhat.com
10 reasons why securing software supply chains needs to start with containers - Containers and Kubernetes are table stakes for multi-cloud app development, and they're also among the least protected of any areas of software supply chains. Kubernetes commands 92% of the container orchestration platform market, despite DevOps ...
10 months ago Venturebeat.com
Rootkit Turns Kubernetes from Orchestration to Subversion - As software development focuses on continuous integration and deployment, orchestration platforms like Kubernetes have taken off, but that popularity has put them in attackers' crosshairs. Most successful attacks - at least those publicly reported - ...
1 year ago Darkreading.com
Black Hat Europe 2023 Closes on Record-Breaking Event in London - PRESS RELEASE. LONDON, Dec. 20, 2023 - Black Hat, the cybersecurity industry's most established and in-depth security event series, today announced the successful completion of the in-person component of Black Hat Europe 2023. The event welcomed more ...
11 months ago Darkreading.com
Apple CocoaPods Bugs Expose Millions of Apps to Code Injection - A near inconceivable number of Apple apps have been exposed to critical vulnerabilities in a popular dependency manager for years now. CocoaPods is a platform that developers in Apple's ecosystem use to add and manage external libraries. This makes ...
5 months ago Darkreading.com
Your personal data all over the web - Sir Tim says a particular problem is the way personal data is handled. When you log in and store data in a website, it can only be used within that website. The idea of Solid is that people have a private data store, and they get to choose which ...
8 months ago Bbc.com
A Handbook for Managing Containers on Amazon Web Services - Container management is a way to help you create, govern, and maintain your containers. There are tools and services available that can automate the creation, deployment, maintenance, scaling, and monitoring of application or system containers. In ...
1 year ago Trendmicro.com
What's next on the horizon for telecommunications service providers? A look at 2024 with Red Hat. - In 2023, Red Hat met with so many customers and partners - from industry event interactions and individual meeting rooms to cross country visits and late-night service calls, we've learned so much from our trusted ecosystem. Now, service providers ...
10 months ago Redhat.com
Red Hat Enterprise Linux 7: End of compliance content on June 30, 2024 - As of Jun 30, 2024, the Red Hat Enterprise Linux 7 maintenance support 2 phase ends and Red Hat will no longer update compliance content for RHEL 7. Many policy providers, such as CIS and DISA, will no longer update their policies once maintenance ...
7 months ago Redhat.com
CVE-2013-2165 - ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through ...
1 year ago
CVE-2008-3844 - Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. ...
7 years ago
Fortifying confidential computing in Microsoft Azure - I wrote about how Microsoft used Intel's secure extensions to its processor instruction sets to provide a foundation for confidential computing in Azure a few years ago. In the years since, the confidential computing market has taken a few steps ...
11 months ago Infoworld.com
Generative AI Takes on SIEM - With more vendors adding support for generative AI to their platforms and products, life for security analysts seems to be getting deceptively easier. While adding generative AI capabilities to security information and event management is still in ...
1 year ago Darkreading.com
IBM Heron Quantum Chip, Quantum System Two - Next generation quantum processor dubbed 'Heron', and the modular IBM Quantum System Two unveiled by Big Blue. IBM has unveiled two new quantum developments, with a new series of utility-scale processors housed within a modular quantum system. At its ...
11 months ago Silicon.co.uk
CVE-2024-29018 - Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP ...
8 months ago
Red Canary Announces Full Coverage of All Major Cloud Providers - PRESS RELEASE. DENVER, March 5, 2024 - Red Canary today announced full coverage of its detection and response capabilities to include all major cloud infrastructure and platform services providers, such as Amazon Web Services, Microsoft Azure, and ...
8 months ago Darkreading.com
Linux Distros Hit by RCE Vulnerability in Shim Bootloader - Linux shim, a small piece of code that many major Linux distros use during the secure boot process, has a remote code execution vulnerability in it that gives attackers a way to take complete control of affected systems. All Linux distributions that ...
9 months ago Darkreading.com
CVE-2024-3177 - A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with ...
7 months ago
CVE-2012-5626 - EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores ...
4 years ago
'Almost every Apple device' vulnerable to CocoaPods The Register - CocoaPods, an open-source dependency manager used in over three million applications coded in Swift and Objective-C, left thousands of packages exposed and ready for takeover for nearly a decade - thereby creating opportunities for supply chain ...
5 months ago Packetstormsecurity.com
Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain Attacks - Critical vulnerabilities in the CocoaPods dependency manager could have allowed threat actors to take over thousands of orphaned packages, execute shell commands, and take over accounts, potentially impacting millions of iOS and macOS applications, ...
5 months ago Securityweek.com
CVE-2021-21334 - In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)