Re: OpenShift environment in Prod: Security: pro and cons

2017-11-18 Thread Graham Dumpleton
You could start out by reading the OpenShift Security Container Guide if you haven't already. * https://docs.openshift.com/container-platform/latest/security/index.html There was also this Tech N’ Talk briefing about

OpenShift environment in Prod: Security: pro and cons

2017-11-18 Thread Den Cowboy
I would like to know the pro and cons of openshift in a production environment from a security standpoint. I am used to the three-tier architecture or separation via VLAN (presentation, Application, database), can you apply the same types of controls in a containerized environment and more

Re: How to pull images from a remote registry with the actual layers instead of just metadata?

2017-11-18 Thread Ben Parees
On Sat, Nov 18, 2017 at 3:16 PM, Joel Pearson wrote: > It would introduce a new final layer right? Because after every build, > OpenShift automatically adds a bunch of labels? yeah that's true, sorry completely blanked on that. > > On Sun, 19 Nov 2017 at 7:13

Re: How to pull images from a remote registry with the actual layers instead of just metadata?

2017-11-18 Thread Joel Pearson
It would introduce a new final layer right? Because after every build, OpenShift automatically adds a bunch of labels? On Sun, 19 Nov 2017 at 7:13 am, Ben Parees wrote: > On Sat, Nov 18, 2017 at 2:54 AM, Joel Pearson < > japear...@agiledigital.com.au> wrote: > >> Ahh ok. Is

Re: How to pull images from a remote registry with the actual layers instead of just metadata?

2017-11-18 Thread Ben Parees
On Sat, Nov 18, 2017 at 2:54 AM, Joel Pearson wrote: > Ahh ok. Is there some way to abuse build config‘s to push existing images > to remote OpenShift registries? technically you could probably have a dockerfile that just says "FROM imagex" and nothing else, and

RE: How to pull images from a remote registry with the actual layers instead of just metadata?

2017-11-18 Thread Lars Milland
Hi This limitation or ”design” of the oc import-image and also the limitations of Docker push where one needs to have the image locally to be able to push it, is the reason why we have shifted to use Skopeo for all such Docker image importing. We have two OpenShift environments with

Re: How to pull images from a remote registry with the actual layers instead of just metadata?

2017-11-18 Thread Joel Pearson
Wow! Thanks Lars, I’ll try out your ideas on Monday. On Sat, 18 Nov 2017 at 10:34 pm, Lars Milland wrote: > Hi > > > > This limitation or ”design” of the oc import-image and also the > limitations of Docker push where one needs to have the image locally to be > able to push it,