The OpenShift Security Guide Book Download

Updated -

The OpenShift Security Guide was created to help those in cloud infrastructure and security engineering roles address the many security challenges facing them. Cloud security is complex, and Red Hat understands that users need more than just guidance in technical system configurations. The authors have identified approaches that aid in the triaging of security trade-offs and risk, policy enforcement, reporting, and the validation of system configuration.

Cloud infrastructure and security engineering roles are central to establishing and preserving security postures. It is the book’s intent to support these roles by providing the proper mixture of conceptual, organizational, and technical guidance, thereby increasing the security vigilance and effectiveness of those with such responsibilities.

For the cloud security auditor, whether in an internal role or as a third-party assessment organization, this book intends to provide the technical guidance needed to verify, validate, and enforce security controls. For technology professionals charged with security policy management, this book should offer insight into related organizational policy, functional testing, and data stewardship tasks while augmenting knowledge in these areas.

While the book speaks to OpenShift from a holistic infrastructure perspective, it does cover areas that application developers and reliability engineers may find valuable. With the ever evolving trends in container-based microservices, baking security into the continuous integration and delivery pipelines is a fundamental requirement. Build and runtime security features are discussed, and advantages of a secure container baseline image are covered as well.

Readers are not expected to have expert-level knowledge of core OpenShift concepts. However, basic knowledge of Linux, Containers, and Kubernetes from a user or administrative perspective will certainly be useful, especially when reading through some of the technical implementation described in the chapters.

The initial version of the OpenShift Security Guide was created with the following collaborators:
Gabriel Alford, Keith Basil, Bruce Benson, Erica von Buelow, François Duthilleul, Christopher Grimm, Frédéric Herrmann, Ben Howard, Jakub Hrozek, Nathan Kinder, Khary Mendez, Pierre-André Morey, Christopher Negus, Kirsten Newcomer, Kevin O’Donell, Juan Antonio Osorio Robles, Bryan Parry, Matt Rogers, Ava Shulman, and Shawn Wells.

We would also like to thank our Book Sprints Ltd collaborators, who facilitated the creation of this book during a two-week sprint:
Barbara Rühling, Faith Bosworth, Karina Piersig, Juliana Secchi, Raewyn Whyte, Manuel Vazquez, Henrik Van Leeuwen, Lennart Wolfert

You can download the Book below:

Name PDF Version EPUB Version
OpenShift Security Guide PDF Download EPUB .Zip Download

Note: You will have to unzip the .epub file before use.


Page 263 reads, "Additional protection for secrets at-rest can be provided by encrypting the etcd datastore. Once enabled, encryption cannot be disabled."

However, the linked documentation - - contains the process for subsequent decryption.

How would you answer auditor questions related to monitoring baseline configuration compliance and vulnerability scanning?

I wanted to refer them back to this document, however, the RHCOS actually opens up the possibility of doing changes manually/cluster wide use machine configs, which brings the question that this could be not locked down OS, and changes could be not in compliance or cause vulnerabilities due to misconfigurations.