Red Hat OpenShift
DevOps Tool
Red Hat OpenShift
Overview
Red Hat OpenShift is an enterprise Kubernetes platform that adds developer tools, security, and operational features to Kubernetes, creating a comprehensive container platform for enterprise environments.
Details
Red Hat OpenShift is an enterprise container application platform developed and provided by Red Hat. Built on Kubernetes, it balances developer productivity with enterprise-level security and operability. Features include Source-to-Image (S2I) automated builds, integrated developer console, rich CI/CD tools, and advanced security features (SELinux, RBAC, Pod Security Standards). Following IBM's acquisition (2019), OpenShift is positioned as core to their hybrid cloud strategy, enabling consistent operations across on-premises, public cloud, and edge environments. Available in multiple forms including OpenShift Container Platform (OCP), OpenShift Dedicated, and Red Hat OpenShift Service on AWS (ROSA), it supports enterprise cloud-native transformation. Adoption is expanding in mission-critical workloads across finance, manufacturing, and government sectors, particularly among enterprises prioritizing support and manageability in Kubernetes deployments.
Advantages and Disadvantages
Advantages
- Enterprise support: 24/7 support from Red Hat
- Developer experience: High productivity through Web UI, CLI, and IDE integration
- Security: Secure-by-default configuration and compliance ready
- Automation features: Continuous deployment via S2I and GitOps
- Hybrid cloud: Consistent platform across multiple environments
- Operability: Integrated monitoring, log management, and automated updates
- Vendor support: Enterprise-level SLA guarantees
- Rich templates: Numerous ready-to-use application templates
Disadvantages
- Cost: Subscription fees and resource overhead
- Vendor lock-in: Dependency on Red Hat ecosystem
- Learning curve: Kubernetes + OpenShift-specific features to master
- Resource consumption: Requires more resources than standard Kubernetes
- Customization limitations: Some constraints due to enterprise features
- Version management: Dependency on Red Hat's release schedule
- Configuration complexity: Many configuration options due to feature richness
Key Links
- Red Hat OpenShift Official Website
- OpenShift Official Documentation
- OpenShift Developer Console
- OpenShift GitHub Repository
- Red Hat Hybrid Cloud
- OpenShift Learning Portal
Code Examples
Project Creation and Application Deployment
# Create project (Namespace)
oc new-project my-application
# Deploy from Git repository using Source-to-Image
oc new-app https://github.com/sclorg/nodejs-ex.git
oc expose service nodejs-ex
# Check build status
oc logs -f bc/nodejs-ex
DeploymentConfig (OpenShift-specific)
# deploymentconfig.yaml
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
name: web-app-dc
spec:
replicas: 3
selector:
app: web-app
template:
metadata:
labels:
app: web-app
spec:
containers:
- name: web-app
image: web-app:latest
ports:
- containerPort: 8080
triggers:
- type: ConfigChange
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- web-app
from:
kind: ImageStreamTag
name: web-app:latest
ImageStream and BuildConfig
# imagestream.yaml
apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
name: my-app-image
spec:
tags:
- name: latest
from:
kind: DockerImage
name: my-registry/my-app:latest
---
# buildconfig.yaml
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
name: my-app-build
spec:
source:
type: Git
git:
uri: https://github.com/user/my-app.git
ref: main
strategy:
type: Source
sourceStrategy:
from:
kind: ImageStreamTag
name: nodejs:16-ubi8
output:
to:
kind: ImageStreamTag
name: my-app-image:latest
triggers:
- type: GitHub
github:
secret: github-webhook-secret
- type: ConfigChange
Route (External Exposure)
# route.yaml
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: web-app-route
spec:
host: web-app.apps.cluster.example.com
to:
kind: Service
name: web-app-service
port:
targetPort: 8080
tls:
termination: edge
insecureEdgeTerminationPolicy: Redirect
Security Context Constraints (SCC)
# scc.yaml
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: custom-scc
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegedContainer: false
allowedCapabilities: []
defaultAddCapabilities: []
requiredDropCapabilities:
- KILL
- MKNOD
- SETUID
- SETGID
runAsUser:
type: MustRunAsRange
uidRangeMin: 1000000000
uidRangeMax: 2000000000
seLinuxContext:
type: MustRunAs
fsGroup:
type: MustRunAs
Database Deployment using Operator
# postgresql-operator.yaml
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres-cluster
spec:
instances: 3
postgresql:
parameters:
max_connections: "200"
shared_buffers: "256MB"
bootstrap:
initdb:
database: myapp
owner: appuser
secret:
name: postgres-credentials
storage:
size: 10Gi
storageClass: fast-ssd
oc CLI Basic Operations
# Login and project management
oc login https://api.cluster.example.com:6443
oc projects
oc project my-project
# Application management
oc get all # Show all resources
oc new-app --name=myapp --image=nginx:latest
oc expose service myapp # Create Route
oc scale dc/myapp --replicas=5 # Scale
# Build and deployment management
oc start-build myapp # Start build
oc rollout latest dc/myapp # Deploy latest version
oc rollback dc/myapp # Rollback
# Monitoring and debugging
oc logs -f bc/myapp # Build logs
oc logs -f dc/myapp # Application logs
oc rsh <pod-name> # Pod shell
oc port-forward service/myapp 8080:8080
# Security and permission management
oc adm policy add-scc-to-user anyuid system:serviceaccount:myproject:default
oc create sa myservice-account # Create ServiceAccount
oc policy add-role-to-user view user1 # Grant permissions