Pod configurations should be created in a kubernetes native manner, the most basic example of a kubernetes native manner of configuration deployment is the use of a ConfigMap CR. ConfigMap CRs can be loaded into Kubernetes and pods can consume the data in a configmap by using the data in the ConfigMap to populate container environment variables or can be consumed as volumes in a container and read by an application.
Interaction with a running pod should be done via oc exec or oc rsh commands. This allows API role-based access control (RBAC) to the pods and command line interaction for debugging.
|
Important
|
Workload requirement
SSH daemons must NOT be used in Openshift for pod interaction. See test case access-control-ssh-daemons Impacts and Risks of Non-Compliance: SSH daemons in containers create additional attack surfaces, violate immutable infrastructure principles, and can be exploited for unauthorized access. |