diff --git a/data/workshop/exercise4.mdx b/data/workshop/exercise4.mdx index 6ef210c..433aaa9 100644 --- a/data/workshop/exercise4.mdx +++ b/data/workshop/exercise4.mdx @@ -8,7 +8,7 @@ authors: ['default'] summary: "Time to up our security & compliance game! 🔒" --- -With our Red Hat Advanced Cluster Security Operator installed and standing by to do some work for us, let's give it some work to do by telling it to deploy Red Hat Advanced Cluster Security for us. +With our Red Hat Advanced Cluster Security Operator installed and standing by to do some work for us, let's give it some work to do by telling it to deploy Red Hat Advanced Cluster Security onto our cluster. ## 4.1 - Getting familiar with rhacs @@ -26,7 +26,7 @@ Fundamentally you install RHACS as a set of containers in your OpenShift Contain | *Red Hat Advanced Cluster Security high level architecture* | -> Note: For an overview of which sources Red Hat Advanced Cluster Security uses for vulnerability information and a more detailed walkthrough of each compoent, take a moment to review https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.5/html-single/architecture/index. +> Note: For an overview of which sources Red Hat Advanced Cluster Security uses for vulnerability information and a more detailed walkthrough of each component, take a moment to review https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.5/html-single/architecture/index. ## 4.2 - Deploying central services @@ -75,7 +75,7 @@ Once all pods are `Running` and `Ready` you can move on to the next step. ## 4.3 - Logging into rhacs dashboard -Time to bring up our RHACS dashboard. We'll first retrieve the `admin` user password which was auto generated by the operator and stored in a `Secret`. Then we can open the `Route` for RHACS in a new browser tab and log in. +Time to bring up our RHACS dashboard. We'll first retrieve the `admin` user password which was auto generated by the operator and stored in a **Secret**. Then we can open the **Route** for RHACS in a new browser tab and log in. 1. Return to your vnc session and the open tab with our OpenShift Web Console. 2. Click **Workloads** > **Secrets**, ensuring you are looking at the `acs-central` **Project**. @@ -95,3 +95,16 @@ Time to bring up our RHACS dashboard. We'll first retrieve the `admin` user pass +## 4.4 Securing our hub cluster + +To begin securing our OpenShift "hub" cluster with RHACS we need to: + +1. Generate an init bundle to download and apply to the cluster. +2. Create and apply a `SecuredCluster` custom resource. + +We'll start with generating the init bundle. Just for future familiarity for this step we'll use and follow the official RHACS documentation: https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.5/html/installing/installing-rhacs-on-red-hat-openshift#portal-generate-init-bundle_init-bundle-ocp + +Follow the steps in `4.3.1.1` to generate an init bundle named `hub` using the RHACS dashboard, selecting the **Operator** based installation method. + +Once the `hub-Operator-secrets-cluster-init-bundle.yaml` file has been downloaded we'll apply it to the cluster using the OpenShift Web Console **Import YAML** feature. +