From 050af1207a682a5a5bd93dbb7f610fced90ecefe Mon Sep 17 00:00:00 2001 From: James Blair Date: Mon, 2 Sep 2024 07:34:31 +1200 Subject: [PATCH] Re-order exercises, more work on 6. --- data/workshop/exercise6.mdx | 73 ++++++++++++++----------------------- data/workshop/exercise8.mdx | 62 +++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+), 45 deletions(-) create mode 100644 data/workshop/exercise8.mdx diff --git a/data/workshop/exercise6.mdx b/data/workshop/exercise6.mdx index c2048a8..977b857 100644 --- a/data/workshop/exercise6.mdx +++ b/data/workshop/exercise6.mdx @@ -1,62 +1,45 @@ --- -title: Installing red hat developer hub -exercise: 6 +title: Retrieving raw compliance results +exercise: 7 date: '2024-09-02' tags: ['openshift','containers','kubernetes','disconnected'] draft: false authors: ['default'] -summary: "Upping our dx in a disconnected environment" +summary: "Need to integrate results with another platform?" --- -We've had a good dig into cluster compliance. Let's change gears for this next exercise to get some experience deploying [Red Hat Developer Hub](https://developers.redhat.com/rhdh/overview) in a disconnected cluster. +Often organisations will have dedicated software for managing governance, risk and compliance or need to provide results to external auditors. In these situations while the dashboards within Red Hat Advanced Cluster Security, or `ComplianceCheckResult` objects in the OpenShift APIServer are helpful, what we really need to do is integrate these results into our third party compliance management platform or pass results in a standardised format to third parties. + +In this exercise, we'll briefly step through retrieving raw compliance results, in the well known **Asset Reporting Framework** (ARF) format. + +The Asset Reporting Format is a data model to express the transport format of information about assets, and the relationships between assets and reports. The standardized data model facilitates the reporting, correlating, and fusing of asset information throughout and between organizations. ARF is vendor and technology neutral, flexible, and suited for a wide variety of reporting applications. + +For more details on the format specification refer to https://www.nist.gov/publications/specification-asset-reporting-format-11 -## 6.1 - Deploying red hat developer hub +## 7.1 - Understanding raw result storage -Earlier in exercise 3 we deployed the Red Hat Developer Hub Operator. We'll now instruct that operator to deploy an instance of Developer Hub for us by creating a `Backstage` custom resource. +When the Compliance Operator runs a scan, raw results are stored in a `PersistentVolume`. The following `oc` command shows the mapping `PersistentVolume` name for a given scan name. -Run the following command in your highside terminal session: +Let's use our scan name that we set up previously, `daily-nist-800-53-moderate`: ```bash -cat << EOF | oc apply --filename - ---- -apiVersion: v1 -kind: Namespace -metadata: - name: rhdh -spec: - finalizers: - - kubernetes - ---- -apiVersion: rhdh.redhat.com/v1alpha1 -kind: Backstage -metadata: - name: developer-hub - namespace: rhdh -spec: - application: - appConfig: - mountPath: /opt/app-root/src - extraFiles: - mountPath: /opt/app-root/src - replicas: 1 - route: - enabled: true - database: - enableLocalDb: true -EOF + oc get --namespace openshift-compliance compliancesuites daily-nist-800-53-moderate --output json | jq '.status.scanStatuses[].resultsStorage' ``` -Once the pods in the `rhdh` namespace are `Ready` we can retrieve and open the `Route` for our new Developer Hub instance and complete our first time login. +We should see results showing the name of each `PersistentVolume` for each profile that was scanned, below is an example: -```bash -oc get route --namespace rhdh backstage-developer-hub --output jsonpath='{.spec.host}' +```json +{ + "name": "ocp4-moderate", + "namespace": "openshift-compliance" +} +{ + "name": "ocp4-moderate-node-master", + "namespace": "openshift-compliance" +} +{ + "name": "ocp4-moderate-node-worker", + "namespace": "openshift-compliance" +} ``` - - -|![workshop](/static/images/compliance/developer-hub.gif) | -|:-----------------------------------------------------------------------------:| -| *First login for Red Hat Developer Hub* | - - diff --git a/data/workshop/exercise8.mdx b/data/workshop/exercise8.mdx new file mode 100644 index 0000000..c5f6b1d --- /dev/null +++ b/data/workshop/exercise8.mdx @@ -0,0 +1,62 @@ +--- +title: Bonus - Installing red hat developer hub +exercise: 8 +date: '2024-09-02' +tags: ['openshift','containers','kubernetes','disconnected'] +draft: false +authors: ['default'] +summary: "Upping our dx in a disconnected environment" +--- + +We've had a good dig into cluster compliance. Let's change gears for this next exercise to get some experience deploying [Red Hat Developer Hub](https://developers.redhat.com/rhdh/overview) in a disconnected cluster. + + +## 8.1 - Deploying red hat developer hub + +Earlier in exercise 3 we deployed the Red Hat Developer Hub Operator. We'll now instruct that operator to deploy an instance of Developer Hub for us by creating a `Backstage` custom resource. + +Run the following command in your highside terminal session: + +```bash +cat << EOF | oc apply --filename - +--- +apiVersion: v1 +kind: Namespace +metadata: + name: rhdh +spec: + finalizers: + - kubernetes + +--- +apiVersion: rhdh.redhat.com/v1alpha1 +kind: Backstage +metadata: + name: developer-hub + namespace: rhdh +spec: + application: + appConfig: + mountPath: /opt/app-root/src + extraFiles: + mountPath: /opt/app-root/src + replicas: 1 + route: + enabled: true + database: + enableLocalDb: true +EOF +``` + +Once the pods in the `rhdh` namespace are `Ready` we can retrieve and open the `Route` for our new Developer Hub instance and complete our first time login. + +```bash +oc get route --namespace rhdh backstage-developer-hub --output jsonpath='{.spec.host}' +``` + + +|![workshop](/static/images/compliance/developer-hub.gif) | +|:-----------------------------------------------------------------------------:| +| *First login for Red Hat Developer Hub* | + +