With the OpenShift Container Platform, Tekton is included ( https://tekton.dev/) as a tool for CI. However, some companies are using other stacks to build their applications, like Azure DevOps or Gitlab DevOps. While those technologies can be used as a pure managed service, some particular requirements (security, regulatory, etc) or cost-effective deployments may search for using runners on-prem. That is the case of Github Actions, that can implement custom runners, and they can be executed in Kubernetes/OpenShift.

This post is born out of a real-world experience. While deploying a CoreDNS dashboard in Grafana to monitor OpenShift DNS servers, I discovered several quirks that not only impact performance but also explain some puzzling application behaviors driven by Java’s DNS implementation. Let’s dive in. DNS Service Discovery in Kubernetes To understand the basics of what is DNS and his invention, I recommend an interview with Paul Mockapetris. This post focuses on how it is implemented in Kubernetes/OpenShift and how Java resolution interacts.

This article shows how to use a private ipa-server to provide certificates to kubernetes applications. There is a very good post on the subject about how to configure Identity Manager (ipa-server in RHEL) by Josep Font. A developer subscription for RHEL at no cost can be used, or CentOS Stream can be used for playing with the latest ipa-server version. Another really good post about Cert-manager integration is done by another two colleagues, Jose Angel de Bustos and Jorge Tudela.