Live Average

Resolving CVEs in containers is a necessary but often soul-crushing task. You’re not alone in drowning under a deluge of alerts from tools like BlackDuck. The key is to focus on what matters, automate the rest, and stop playing whack-a-mole. Here’s how to do it.

If you’re deploying apps with Argo CD, you’re already halfway to a solid GitOps workflow. But when it comes to bundling resources like Gateways, HTTPRoutes, and StorageClasses, confusion sets in fast. Let’s cut through the noise with production-tested patterns.

If you’ve deployed OpenShift on AWS using the IPI (Installer Provisioned Infrastructure) deployment method then you’re aware of the hardline requirement for Route 53 public/private zones, depending on the publish method set in your OpenShift install-config.yaml. This typically doesn’t present a problem for most customers, but select companies disallow use of Route 53 in favor of their own managed DNS (e.g. Infoblox). Unfortunately this limitation forces most customers to pursue…

If you’re running NVIDIA GPU’s & OpenShift/k8s in an unproxied or transparently proxied environment you probably haven’t encountered too many issues deploying NVIDIA’s gpu-operator (lucky you!), but your experience might not be as pleasant if using a traditional proxy with HTTPS/SSL bumping/inspection enabled.

There’s a lot of great documentation on running, administering, consuming, and troubleshooting OpenShift 4, but the installation process is still a bit vague for some admins, and even more obscure if failures are encountered. I recently stepped through general installation troubleshooting for a failed OpenShift 4.6.8 deployment which hit this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1895024 - The core issue relates to low entropy on my VMs, but this bug was repeatable and offered a…