With Red Hat’s Kubernetes platform holding a 44% market share, more and more enterprises and agencies are faced with the challenge of OpenShift security and compliance. Lucky for us, Red Hat has introduced new features to address common compliance concerns in OpenShift 4. This article will take a look at what those options are and some common compliance problems that can be easily addressed.

FIPS 140–2

The (in)famous Security Requirements for Cryptographic Modules by NIST is at the heart of some of the more stringent compliance and security assessments (think FedRAMP, DoD Impact Levels, FISMA, and HITECH). Usually, having a new production service running in so-called “FIPS mode” is an absolute nightmare riddled with mystery crashes, unexpected behavior, and a lengthy back-and-forth with the vendor’s engineers to sort it all out. Starting with Red Hat OpenShift 4.3, FIPS mode can be enabled with a single deployment flag. No mess, no pulling hair out; it just works.

Vulnerability Scanning

OpenShift 4.3 had several security-focused enhancements and one of my personal favorites is the Container Security Operator. This container scanning easy-button pulls in Quay and Clair vulnerability metadata into OpenShift to alert you to security issues your active containers may have.

List of outstanding container image vulnerabilities
A list of vulnerabilities for a specific image
List of vulnerability IDs and affected packages to reference

Platform Updates

In OpenShift 4.5, it’s incredibly easy, one-click process to upgrade to the latest minor release. This is an essential part of maintaining a secure cluster and, in the past, was a real headache likely resulting in some measurable service disruption.

An OpenShift minor version update is ready to be installed
Upgrading OpenShift is now a one-click process

Branding

The DoD Banner is usually a requirement across several compliance frameworks.

DoD Banner on an OpenShift 4.5 login page

Cloud, Crypto, Containers, and Coffee

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store