Working with Red Hat OpenShift on IBM Cloud
If you want to use containers in either either the VPC or Satellite reference architectures, you should use Red Hat OpenShift on IBM Cloud. Red Hat OpenShift on IBM Cloud is a managed offering to create your own Red Hat OpenShift on IBM Cloud cluster of compute hosts to deploy and manage containerized apps on IBM Cloud. Red Hat OpenShift on IBM Cloud provides intelligent scheduling, self-healing, horizontal scaling, service discovery and load balancing, automated rollouts and rollbacks, and secret and configuration management for your apps. Combined with an intuitive user experience, built-in security and isolation, and advanced tools to secure, manage, and monitor your cluster workloads, you can rapidly deliver highly available and secure containerized apps in the public cloud.
Deploying Red Hat OpenShift on IBM Cloud
-
Install the CLI plugins for Red Hat OpenShift on IBM Cloud. For more information, see Installing the Red Hat OpenShift on IBM Cloud CLI.
-
Setup the API for Red Hat OpenShift on IBM Cloud. For more information, see Setting up the API.
-
Create your Red Hat OpenShift on IBM Cloud cluster. For more information, see Creating a Red Hat OpenShift on IBM Cloud cluster in your VPC.
-
Install Red Hat OpenShift on IBM Cloud Service Mesh which is based on the open source Istio project.
Two of the most important reasons for using Red Hat OpenShift on IBM Cloud Service Mesh is to enable you to:
- Encrypt network traffic between microservices running in your cluster. See Data encryption in transit and enable mTLS between containers for more details.
- Implement gateways to specify which traffic you want to enter or leave the mesh (and deny all traffic by default). You can use an egress gateway to control/allowlist all necessary endpoints and domains that your application needs to connect to. For examples, see Expose the app with the Istio Ingress Gateway and Route and Perform traffic management
-
Set up Container Registry and Vulnerability Advisor. For more information, see Container Registry and Vulnerability Advisor.
-
Develop and deploy applications to your cluster. See the following for more details:
Related resources
Related controls in IBM Cloud Framework for Financial Services
The following IBM Cloud Framework for Financial Services controls are most related to this guidance. However, in addition to following the guidance here, do your own due diligence to ensure you meet the requirements.
| Family | Control |
|---|---|
| Identification and Authentication (IA) | IA-2 (1) Identification and Authentication (Organizational Users) | Network Access to Privileged Accounts |
| System and Communications Protection (SC) | SC-7 (5) Boundary Protection | Deny by Default / Allow by Exception SC-8 Transmission Confidentiality and Integrity |
Next steps
If using the VPC reference architecture, see Storage for VPC reference architecture.
If using the Satellite reference architecture, see Storage for Satellite reference architecture.