Red Hat® OpenShift® is a critical component of creating a secure cloud-native development environment. As our history of Kubernetes and OpenShift blog post suggested last year, the recent release of OpenShift 4 is the best enterprise platform for building production-ready applications today and for the decade ahead. And now, OpenShift 4.3 is available on IBM Cloud.
In this article, I highlight some of the new features of OpenShift 4 that I find most helpful for building secure cloud-native applications. The diagram below higlights a few of the new features in OpenShift 4.3 that I think are most valuable to enterprise developer features:
OpenShift 4 came with a visual refresh of the user interface that’s cleaner and more organized — more focus, less noise. Red Hat open sources their design process, which I find inspiring. You can read more about the design intentions of the dashboards and even plug into the the ongoing design process for OpenShift.
Here’s a screen capture of the dashboard for our Example Bank app that we developed to explore some of the new features of OpenShift 4.
And here’s a screen capture of the cool new topology view that helps visualize the microservice architecture of a cloud native app, again showing the deployed components of the Example Bank credit card app.
To learn more, see OpenShift 4.3 Dashboard refinements and the new Project dashboard. I’m finding that the dashboard makes it easier for me to navigate and use OpenShift 4.3.
The Operator Framework is an open source toolkit to manage Kubernetes native applications, called operators, in an effective, automated, and scalable way. OpenShift 4 was re-architected around operators. Where Kubernetes enables developers to methodically containerize applications, Operators enable developers to automate the management of related components of an application (like databases or other stateful elements) in a consistent, repeatable, and scalable way.
In addition to operators as a part of the Kubernetes fabric in OpenShift 4, Red Hat introduced a marketplace for finding Operators that can accelerate development of an application. This new OperatorHub is also part of OpenShift.
Find out more in the Fun with OperatorHub tutorial.
OpenShift Service Mesh
Service meshes can instill a consistent development approach, and infuse inter-service communication with security and other features. I noticed that it is a choice approach for solving problems of scale and problems of order in big applications, and across large companies, described in KubeCon North America presentations last year.
OpenShift 4 adopted Istio, the emerging service mesh of choice for Kubernetes-based systems, building its own service mesh on that technology. In addition, the latest version of Istio offers helpful security features, which will be explored further in a new code pattern.
Check out the Microservices with the OpenShift Service Mesh code pattern to see the steps needed to deploy OpenShift Service Mesh (based on Istio) for our Example Bank app.
OpenShift serverless computing
Serverless computing is increasing in developer appeal because it can offer reliability and scale of cloud computing. Code is typically written as small executable functions, an approach that sometimes requires a bit of lateral thinking to achieve a significant outcome. Serverless development is enabled on OpenShift 4 through the adoption of the open source Knative project.
Read our OpenShift tutorial, Build serverless Node.js applications with the OpenShift Serverless Operator, to see how this new feature works when used to create an example banking application.
Cloud-native continuous integration (CI) and continuous delivery (CD) pipelines were introduced in OpenShift 4.1.
OpenShift pipelines build on the Tekton open source project, enabling teams to build cloud-native delivery pipelines that they can fully control. Your team can own the complete lifecycle of your microservices without having to rely on central teams to maintain and manage a CI server, plugins, and its configurations.
There is a new pipeline UI available that simplifies use of the pipelines.
Read our tutorial, Build a Tekton Pipeline to deploy a mobile app back end to OpenShift 4, where we show you how we built in a rudimentary scanning step into a deployment pipeline, to demonstrate the potential for baking in security steps, with this emerging approach, too.
Data security is an enormous concern these days, especially for enterprise businesses that handle tens or hundreds of thousands of client records.
OpenShift 4.3 delivers Federal Information Processing Standard (FIPS) compliant encryption and additional security enhancements. When OpenShift runs on Red Hat Enterprise Linux booted in FIPS mode, OpenShift calls into the Red Hat Enterprise Linux FIPS validated cryptographic libraries. The Go language toolset that enables this functionality is available to all Red Hat customers.
While the built-in security features of OpenShift 4 give your applications a solid security foundation, using additional security measures for buliding cloud-native applications is a good idea. As my team began exploring the use of OpenShift, we focused on enhancing cloud application security by using threat modeling.
Check out these resources related to threat modeling and OpenShift:
- Threat modeling in the context of microservice architectures: Introductory thoughts on designing for privacy and security.
- Focus on data privacy with a back end for a mobile bank app: Build and deploy a microservice-based back end on Red Hat OpenShift on IBM Cloud with this code pattern.
We created a collection of content that introduces some of the main new features of the Red Hat OpenShift 4.3 platform, while also thinking about how to build secure applications in the cloud. To help with that, we built the Example Bank credit card transaction application to illustrate how to use microservices and highlight the new OpenShift features.
Check out the rest of our content series that explores new features in OpenShift 4 in light of security, and demonstrates how we built the Example Bank application.
Find software certified for OpenShift 4
If you plan to run OpenShift 4 in production, check out Red Hat Marketplace, a one-stop-shop to find, try, buy, deploy, and manage enterprise applications across an organization’s hybrid IT infrastructure, including on-premises and multicloud environments. Red Hat Marketplace gives developers a streamlined view of software that is certified to work in Kubernetes container environments and minimizes red tape for developer managers.