jmhbnz/workshops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refine wording in exercise 2 & 3.

Browse Source
This commit is contained in:
James Blair
2024-10-30 07:43:58 +13:00
parent 4a8d8b409b
commit ca73036cd3
3 changed files with 47 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
data/workshop/README.org
View File

@ -27,6 +27,32 @@ spec:
key: logo.png key: logo.png
name: console-custom-logo name: console-custom-logo
customProductName: ACME Financial Services OpenShift Console customProductName: ACME Financial Services OpenShift Console
perspectives:
- id: admin
visibility:
state: Disabled
- id: dev
visibility:
state: Enabled
EOF
#+end_src
* Add an interesting notification banner
#+begin_src tmux
cat << EOF | oc apply --filename -
apiVersion: console.openshift.io/v1
kind: ConsoleNotification
metadata:
name: acme-banner
spec:
text: ACME Financial Services Production OpenShift
location: BannerTop
link:
href: 'https://www.youtube.com/watch?v=W31e9meX9S4'
text: Cluster Security Dashboard
color: '#fff'
backgroundColor: '#0000FF'
EOF EOF
#+end_src #+end_src

2
data/workshop/exercise2.mdx
View File

@ -50,7 +50,7 @@ Documentation you may find helpful is:
## 2.3 Generating an init bundle ## 2.3 Generating an init bundle
Alright, you've given Angie a quick tour around the Red Hat Advanced Cluster Security Console, now it's time to secure this hub cluster by generating an init bundle named `prd-acme-hub` and applying it to the cluster. Alright, you've given Angie a quick tour around the Red Hat Advanced Cluster Security Console, now it's time to secure this hub cluster by generating an init bundle named `prd-acme-hub`.
You remember from the documentation that before you install the `SecuredCluster` resource on a cluster, you must create an init bundle. The cluster that has `SecuredCluster` resource then uses this bundle to authenticate with Central. You remember from the documentation that before you install the `SecuredCluster` resource on a cluster, you must create an init bundle. The cluster that has `SecuredCluster` resource then uses this bundle to authenticate with Central.

21
data/workshop/exercise3.mdx
View File

@ -38,7 +38,26 @@ Documentation you may find helpful is:
- https://docs.openshift.com/container-platform/4.16/networking/network_security/configuring-ipsec-ovn.html - https://docs.openshift.com/container-platform/4.16/networking/network_security/configuring-ipsec-ovn.html
## 3.2 - Check your work ## 3.2 Observing cluster network rollout
Your change window on the ACME cluster is 30 minutes for the cluster network update. You've advised the ACME team there could be some minor disruption to the cluster while the cluster network operator is progressing the update.
The cluster network update can take around ten minutes to complete. Observe the progress of the operator using the **Administration** > **Cluster Settings** > **Cluster Operators** view.
You can also verify ipsec status using the following command:
```bash
oc --namespace openshift-ovn-kubernetes rsh ovnkube-node-<XXXXX> ovn-nbctl --no-leader-only get nb_global . ipsec
```
<Zoom>
|![cluster network](/static/images/security/cluster-network.png) |
|:-----------------------------------------------------------------------------:|
| *Cluster operators administration* |
</Zoom>
## 3.3 - Check your work
If you've kept Brent happy by enabling encryption for internal cluster traffic please post a message in `#event-anz-ocp-security-hackathon` with the message: If you've kept Brent happy by enabling encryption for internal cluster traffic please post a message in `#event-anz-ocp-security-hackathon` with the message: