Kubecon Europe As Kubecon Europe continues, Red Hat is pushing StackRox, the Kubernetes security product it acquired the first year, as an open-source project that will be upwards for Advanced Cluster Security for OpenShift.
The StackRox product is itself deployed as a Toilet application and has many components, which aim to pick up vulnerabilities in both the container images and in the Toilet, look for incorrect configurations such as unnecessarily elevated privileges, perform threat -based rule, and more.
StackRox technology is the basis of Red Hat Advanced Cluster Security, which was recently introduced as part of the company focus on OpenShift, its distribution of Kubernetes.
Red Hat OpenShift gears at the top to pin the future to the ‘open hybrid cloud’
Now Red Hat hopes to engage the open source community to improve both StackRox and Red Hat Advanced Cluster Security. It looks like StackRox will play a similar role to Fedora and CentOS Stream for Red Hat Linux: providing a preview and testbed for new features that will end up in the enterprise product, while also a project that can be used in the making. “We hope the project will help drive future product roadmaps,” Red Hat said today. The new open source project will also cover KubeLinter, a static analysis tool for YAML files and Help charts, used to configure and deploy Kubernetes applications.
Red Hat has also made new features in OpenShift commonly available. OpenShift GitOps is based on Argo CD, a continuous delivery tool for Kubernetes, and lets organizations automate deployment based on configuration code checked in a Git Repository.
OpenShift Pipelines, based on Tekton, automates application placement including generating container images from source code and pushing images to container registers. The two are designed to work together.
Both previewed the same, but are now fully released complete with new features such as integration with OpenShift centralized log management.
Finally, Red Hat and IBM Research have created an open -source project – or group of projects – for migrating applications called Conveyor. It meets many needs. The first is the migration of virtual machines (VMs) to Kubernetes in cases where organizations lack the time or skills to re -architect an application. A Conveyor project called Forklift will move VMs with “minimal downtime,” Red Hat said.
One second, called Crane, is for moving applications between Kubernetes clusters. Reasons to do this include moving to a newer version of Kubernetes or to a deployment to a different infrastructure. “In an ideal scenario, it would be an application re -addition,” Red Hat said, but Crane aims to move both data and Cabinet objects as a quick solution.
Another component, called Move2Kube, is for moving artifacts such as Cloud Foundry manifests and Docker Compose files to Kubernetes artifacts such as YAML and Helm charts. Two other Conveyor projects are Pelorus, which aims to “measure software delivery performance on Kubernetes,” and Tackle, for refacting applications that run on Kubernetes.
Refacting applications for Kubernetes is probably one of the main challenges facing developers, though the extent to which a tool can help here remains an open question. Both Pelorus and Tackle appear to be working in progress, judging by the sketchy information currently available. ®