diff --git a/data/workshop/README.org b/data/workshop/README.org index aaf43b2..52e5d01 100644 --- a/data/workshop/README.org +++ b/data/workshop/README.org @@ -27,6 +27,32 @@ spec: key: logo.png name: console-custom-logo customProductName: ACME Financial Services OpenShift Console + perspectives: + - id: admin + visibility: + state: Disabled + - id: dev + visibility: + state: Enabled +EOF +#+end_src + +* Add an interesting notification banner + +#+begin_src tmux +cat << EOF | oc apply --filename - +apiVersion: console.openshift.io/v1 +kind: ConsoleNotification +metadata: + name: acme-banner +spec: + text: ACME Financial Services Production OpenShift + location: BannerTop + link: + href: 'https://www.youtube.com/watch?v=W31e9meX9S4' + text: Cluster Security Dashboard + color: '#fff' + backgroundColor: '#0000FF' EOF #+end_src diff --git a/data/workshop/exercise2.mdx b/data/workshop/exercise2.mdx index ddb5a59..bbe2c2c 100644 --- a/data/workshop/exercise2.mdx +++ b/data/workshop/exercise2.mdx @@ -50,7 +50,7 @@ Documentation you may find helpful is: ## 2.3 Generating an init bundle -Alright, you've given Angie a quick tour around the Red Hat Advanced Cluster Security Console, now it's time to secure this hub cluster by generating an init bundle named `prd-acme-hub` and applying it to the cluster. +Alright, you've given Angie a quick tour around the Red Hat Advanced Cluster Security Console, now it's time to secure this hub cluster by generating an init bundle named `prd-acme-hub`. You remember from the documentation that before you install the `SecuredCluster` resource on a cluster, you must create an init bundle. The cluster that has `SecuredCluster` resource then uses this bundle to authenticate with Central. diff --git a/data/workshop/exercise3.mdx b/data/workshop/exercise3.mdx index 37b731f..6f9c923 100644 --- a/data/workshop/exercise3.mdx +++ b/data/workshop/exercise3.mdx @@ -38,7 +38,26 @@ Documentation you may find helpful is: - https://docs.openshift.com/container-platform/4.16/networking/network_security/configuring-ipsec-ovn.html -## 3.2 - Check your work +## 3.2 Observing cluster network rollout + +Your change window on the ACME cluster is 30 minutes for the cluster network update. You've advised the ACME team there could be some minor disruption to the cluster while the cluster network operator is progressing the update. + +The cluster network update can take around ten minutes to complete. Observe the progress of the operator using the **Administration** > **Cluster Settings** > **Cluster Operators** view. + +You can also verify ipsec status using the following command: + +```bash +oc --namespace openshift-ovn-kubernetes rsh ovnkube-node- ovn-nbctl --no-leader-only get nb_global . ipsec +``` + + +|![cluster network](/static/images/security/cluster-network.png) | +|:-----------------------------------------------------------------------------:| +| *Cluster operators administration* | + + + +## 3.3 - Check your work If you've kept Brent happy by enabling encryption for internal cluster traffic please post a message in `#event-anz-ocp-security-hackathon` with the message: