- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
This blog was written in collaboration by Chintan Udeshi from Palo Alto Networks and Marc Curry from Red Hat.
We are pleased to announce the support for Red Hat OpenShift Networking’s OVN-Kubernetes Container Network Interface (CNI) plugin while running CN-Series Container Firewalls on Red Hat OpenShift. With this release, customers can use CN-Series container firewalls to protect applications running on Red Hat OpenShift clusters with the OVN-Kubernetes CNI plug-in.
Red Hat OpenShift is a leading enterprise Kubernetes platform that enables a cloud-like experience everywhere it is deployed. Whether in the cloud, on-premise, or at the edge, Red Hat OpenShift gives you the ability to choose where you build, deploy, and run applications with a consistent experience.
Regardless of whether applications are running on bare metal, virtual machines, or containers using on-premise or cloud infrastructure, applications are all exposed to the same vulnerabilities as they run on the shared network stack. Therefore, containerized apps face the same threats that have traditionally plagued legacy apps. Shift-left security products help to identify and patch known vulnerabilities at scale, but leave applications vulnerable to unknown and unpatched vulnerabilities.
OVN-Kubernetes is based on the Open Virtual Network (OVN) open-source project and leverages OVN, which is vendor-agnostic, to manage network traffic flows. An OpenShift cluster using the OVN-Kubernetes CNI plug-in runs Open vSwitch (OVS) on each node, a multilayer virtual switch, which OVN then configures to implement the declared network configuration. [1]
Red Hat has built upon OVN-Kubernetes' feature parity with feature-frozen OpenShift-SDN and focused exclusively on OVN-Kubernetes for all new networking feature development since its release. Here are the key advantages of OVN-Kubernetes leading to this shift:
CN-Series has been supported on Red Hat OpenShift for a couple of years now with the OpenShift-SDN CNI. After numerous requests from customers to support the OVN-Kubernetes CNI plug-in alongside the existing support for OpenShift-SDN for CN-Series, we are now pleased to announce support for OVN-Kubernetes on OpenShift with Palo Alto Networks CN-Series Firewall to protect applications running on OpenShift clusters leveraging the OVN-Kubernetes CNI plug-in.
CN-Series is the industry’s first NGFW purpose-built for containers and has been designed to protect containerized apps from known and unknown threats while maintaining a consistent security posture across containerized and non-containerized applications running on-prem or in the cloud. Additionally, the network security and DevOps teams can continue to use the processes and tools they use today and ensure a frictionless deployment using Helm charts, Terraform templates, and operators.
With OVN-kubernetes CNI support with CN-Series, customers can:
To learn more about how CN-Series can protect applications running on Red Hat OpenShift, please check out Securing Red Hat Clusters with CN-Series Firewall Video and CN-Series and Red Hat OpenShift Joint Solution Brief . You can deploy CN-Series from Red Hat OpenShift OpertorHub.
Additional Reference Links:
About the OVN-Kubernetes CNI network plugin
[1] OVN-Kubernetes Red Hat Product Documentation
CN-Series Product Documentation
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
5 Likes | |
3 Likes | |
2 Likes | |
1 Like | |
1 Like |