Skip to main content
Yet another useless blog_
  • What's New
    • Helm Charts Repository Updates
    • What's new in OpenShift, 4.20 Edition
  • Compliance
    • oc compliance command line plugin
    • Compliance Operator
  • GitOps Episodes
    • Introducing the GitOps Approach
    • GitOps - Choosing the right Git repository structure
    • Setup OpenShift GitOps/Argo CD
    • Configure App-of-Apps
    • Setup & Configure Compliance Operator using GitOps
    • Setup & Configure Advanced Cluster Security using GitOps
    • Configure Buckets in MinIO using GitOps
    • Installing OpenShift Logging using GitOps
    • Multiple Sources for Applications in Argo CD
    • Update Cluster Version using GitOps approach
    • Managing Certificates using GitOps approach
    • Using Kustomize to post render a Helm Chart
    • Using ApplicationSet with Matrix Generator and define individual Namespaces
    • Reusable Argo CD Application Helm Template
  • OpenShift
    • A second look into the Kubernetes Gateway API on OpenShift
    • A first look into the Kubernetes Gateway API on OpenShift
    • Cert-Manager Policy Approver in OpenShift
    • Single log out from Keycloak and OpenShift
    • Step by Step - Using Keycloak Authentication in OpenShift
    • Introducing AdminNetworkPolicies
    • OpenShift Data Foundation - Noobaa Bucket Data Retention (Lifecycle)
    • Running Falco on OpenShift 4.12
    • Quay Deployment and Configuration using GitOps
    • Setting up Falco on OpenShift 4.12
    • How to force a MachineConfig rollout
    • Operator installation with Argo CD
    • SSL Certificate Management for OpenShift on AWS
    • Using ServerSideApply with ArgoCD
    • Secrets Management - Vault on OpenShift
    • Overview of Red Hat's Multi Cloud Gateway (Noobaa)
    • Secure your secrets with Sealed Secrets
    • Understanding RWO block device handling in OpenShift
    • Writing Operator using Ansible
    • Thanos Querier vs Thanos Querier
    • GitOps - Argo CD
    • OpenShift Pipelines - Tekton Introduction
    • Helpful oc / kubectl commands
  • OpenShift Day-2
    • etcd
      • Automated ETCD Backup
    • Labels & Environments
      • Working with Environments
    • Observability
      • The Hitchhiker's Guide to Observability Introduction - Part 1
      • The Hitchhiker's Guide to Observability - Grafana Tempo - Part 2
      • The Hitchhiker's Guide to Observability - Central Collector - Part 3
      • The Hitchhiker's Guide to Observability - Example Applications - Part 4
      • The Hitchhiker's Guide to Observability - Understanding Traces - Part 5
      • The Hitchhiker's Guide to Observability - Adding A New Tenant - Part 6
      • The Hitchhiker's Guide to Observability - Here Comes Grafana - Part 7
      • The Hitchhiker's Guide to Observability - Limit Read Access to Traces - Part 8
    • Pod Placement
      • Introduction
      • NodeSelector
      • Pod Affinity/Anti-Affinity
      • Node Affinity
      • Taints and Tolerations
      • Topology Spread Constraints
      • Using Descheduler
  • Secure Supply Chain
    • Introduction to a Secure Supply Chain
    • Step 1 - Listen to Events
    • Step 2 - Pipelines
    • Step 3 - SonarQube
    • Step 4 - Verify Git Commit
    • Step 5 - Build and Sign Image
    • Step 6 - Scanning with ACS
    • Step 7 - Generating a SBOM
    • Step 8 - Updating Kubernetes Manifests
    • Step 9 - Linting Kubernetes Manifests
    • Step 10 - The Example Application
    • Step 11 - ACS Deployment Check
    • Step 12 - Verify TLog Signature
    • Step 13 - Bring it to Production
  • General
    • Basic usage of git
    • Red Hat Satellite Cheat Sheet
  • Ansible
    • Ansible Style Guide
    • Automation Controller and LDAP Authentication
    • Ansible Tower and downloading collections
    • Ansible - Azure Resource Manager Example
    • DO410 Ansible and Ansible Tower training notes
  • Service Mesh
    • Enable Automatic Route Creation
    • Authorization (RBAC)
    • Deploy Example Bookinfo Application
    • Service Mesh 1.1 released
    • Authentication JWT
    • Mutual TLS Authentication
    • Fault Injection
    • Limit Egress/External Traffic
    • Advanced Routing Example
    • Routing Example
    • Ingress with custom domain
    • Ingress Traffic
    • Deploy Microservices
    • Installation
  • Advanced Cluster Security
    • Advanced Cluster Security - Authentication
  • Azure
    • Stumbling into Azure Part II: Setting up a private ARO cluster
    • Stumbling into Azure Part I: Building a site-to-site VPN tunnel for testing
  • Java
    • Adventures in Java Land: JPA disconnected entities
  • Quay
    • Red Hat Quay Registry - Integrate Keycloak
    • Stumbling into Quay: Upgrading from 3.3 to 3.4 with the quay-operator
    • Red Hat Quay Registry - Overview and Installation
  • Helm Repository
  • Legal Disclosure
  • RSS Feeds

Saved Articles 0

No saved articles yet.

Click the "Save" button on any article to bookmark it for later.

    • Home
    • About Us
      Thomas Jungbauer Toni Schmidbauer Legal Disclosure
    • Categories
    • Tags
    • History
    • Helm Charts

     navi

    navigation YAUB Yet Another Useless Blog > Categories > Compliance

    Compliance

    OpenShift GitOps Security Compliance

    Setup & Configure Compliance Operator using GitOps

    April 25, 2024 - Thomas Jungbauer Thomas Jungbauer - 8 min

    In the previous articles, we have discussed the Git repository folder structure and the configuration of the App-Of-Apps. Now it is time to deploy our first configuration. One of the first things I usually deploy is the Compliance Operator. This Operator is recommended for any cluster and can be deployed without any addition to the Subscription.

    In this article, I will describe how it is installed and how the Helm Chart is configured.

    Read More ...
    OpenShift Compliance Security

    oc compliance command line plugin

    July 20, 2021 - Thomas Jungbauer Thomas Jungbauer - 5 min

    As described at Compliance Operator the Compliance Operator can be used to scan the OpenShift cluster environment against security benchmark, like CIS. Fetching the actual results might be a bit tricky tough.

    With OpenShift 4.8 plugins to the oc command are allowed. One of these plugin os oc compliance, which allows you to easily fetch scan results, re-run scans and so on. Let’s install and try it out.

    Read More ...
    OpenShift Compliance Security

    Compliance Operator

    July 19, 2021 - Thomas Jungbauer Thomas Jungbauer - 8 min

    OpenShift comes out of the box with a highly secure operating system, called Red Hat CoreOS. This OS is immutable, which means that no direct changes are done inside the OS, instead any configuration is managed by OpenShift itself using MachineConfig objects. Nevertheless, hardening certain settings must still be considered. Red Hat released a hardening guide (CIS Benchmark) which can be downloaded at https://www.cisecurity.org/.

    Read More ...

    Copyright © 2020 - 2025 Toni Schmidbauer & Thomas Jungbauer

    ← Previous
    Use arrow keys to navigate
    Next →
    ←
    →