openshift-applisted

# OpenShift Application Packaging Package, build, secure, and deploy applications on OpenShift Container Platform 4.14-4.21. Covers container images, deployment manifests, CI/CD pipelines, security hardening, operational patterns, and disconnected environments. ## Quick Decision Guide | Task | Go to | |------|-------| | Build a container image for OpenShift | [Container Images](#container-image-essentials) below | | Choose Helm vs Kustomize vs Operator | [Packaging Decision Matrix](#packaging-decision-matrix) below | | Fix SCC / permission errors | `references/security.md` (Restricted-v2 section) | | Set up CI/CD pipeline | `references/cicd-gitops.md` | | Harden supply chain (sign, attest, scan) | `references/security.md` (Supply Chain section) | | Configure Routes, probes, scaling | `references/operations.md` | | Deploy in air-gapped / disconnected env | `references/disconnected.md` | | Migrate from DeploymentConfig | `references/gotchas.md` (DeploymentConfig section) | | Understand OCP version breaking changes | `references/gotchas.md` (Version Timeline section) | ## Critical Gotchas (Read First) ### 1. Arbitrary UID -- The #1 "Works on K8s, Fails on OpenShift" Issue OpenShift assigns a **random UID** from a namespace-specific range but always sets **GID 0** (root group). Hardcoded `USER 1000` in Dockerfiles will fail under `restricted-v2` SCC. ```dockerfile # OpenShift-compatible Dockerfile pattern FROM registry.access.redhat.com/ubi9/ubi-minimal:latest COPY --chow