Compare commits
2 Commits
83c84851f4
...
96ebf493f9
| Author | SHA1 | Date | |
|---|---|---|---|
| 96ebf493f9 | |||
| 0fe8ba04b9 |
@ -1,27 +1,25 @@
|
||||
---
|
||||
title: Understanding our lab environment
|
||||
exercise: 1
|
||||
date: '2024-12-18'
|
||||
date: '2024-08-22'
|
||||
tags: ['openshift','containers','kubernetes','disconnected']
|
||||
draft: false
|
||||
authors: ['default']
|
||||
summary: "Let's get familiar with our lab setup."
|
||||
---
|
||||
|
||||
Welcome to the OpenShift 4 Disconnected Workshop! Here you'll learn about operating an OpenShift 4 cluster in a disconnected network, for our purposes today that will be a network without access to the internet (even through a proxy or firewall).
|
||||
Welcome to the OpenShift 4 Disconnected security & compliance workshop! Here you'll learn about operating a secure and compliant OpenShift 4 cluster in a disconnected network using the following key OpenShift features:
|
||||
|
||||
To level set, Red Hat [OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) is a unified platform to build, modernize, and deploy applications at scale. OpenShift supports running in disconnected networks, though this does change the way the cluster operates because key ingredients like container images, operator bundles, and helm charts must be brought into the environment from the outside world via mirroring.
|
||||
- [Red Hat Advanced Cluster Security](https://www.redhat.com/en/technologies/cloud-computing/openshift/advanced-cluster-security-kubernetes)
|
||||
- [Red Hat OpenShift Compliance Operator](https://www.redhat.com/en/blog/a-guide-to-openshift-compliance-operator-best-practices)
|
||||
- [Red Hat Developer Hub](https://developers.redhat.com/rhdh/overview)
|
||||
|
||||
There are of course many different options for installing OpenShift in a restricted network; this workshop will primarily cover one opinionated approach. We'll do our best to point out where there's the potential for variability along the way.
|
||||
To level set, [Red Hat OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) is a unified platform to build, modernize, and deploy applications at scale. OpenShift supports running in disconnected networks, though this does change the way the cluster operates because key ingredients like container images, operator bundles, and helm charts must be brought into the environment from the outside world via mirroring.
|
||||
|
||||
There are of course many different options for installing OpenShift in a restricted network; this workshop will not cover the deployment of a cluster, instead you will have an existing installed cluster allocated to you which has been created in advance. Your tasks during this workshop will be to improve the security and compliance of the cluster and workloads running on it.
|
||||
|
||||
**Let's get started!**
|
||||
|
||||
## 1.1 - Obtaining your environment
|
||||
## 1.1 - Login to lab environment
|
||||
|
||||
To get underway open your web browser and navigate to this etherpad link to reserve yourself a user https://etherpad.wikimedia.org/p/OpenShiftDisco_2023_12_20. You can reserve a user by noting your name or initials next to a user that has not yet been claimed.
|
||||
|
||||
<Zoom>
|
||||
| |
|
||||
|:-----------------------------------------------------------------------------:|
|
||||
| *Etherpad collaborative editor* |
|
||||
</Zoom>
|
||||
An OpenShift `4.16` cluster has already been provisioned for you to complete these excercises. Open your web browser and navigate to the workshop guide page https://rhdemo.win.
|
||||
|
||||
62
data/workshop/exercise2.mdx
Normal file
62
data/workshop/exercise2.mdx
Normal file
@ -0,0 +1,62 @@
|
||||
---
|
||||
title: Mirror required content
|
||||
exercise: 2
|
||||
date: '2024-08-23'
|
||||
tags: ['openshift','containers','kubernetes','disconnected']
|
||||
draft: false
|
||||
authors: ['default']
|
||||
summary: "You want features? Mirror them in!🪞"
|
||||
---
|
||||
|
||||
The disconnected OpenShift cluster you have been allocated is the result of a very standard installation, and does not have any post installation features added.
|
||||
|
||||
During this workshop we want to secure the cluster with Advanced Cluster Security, understand our compliance posture against NIST 800-53 with the OpenShift Compliance Operator and then make it easy for our Developers to do the right thing with Red Hat Developer Hub.
|
||||
|
||||
To install and configure these features we first need to mirror some additional content into our disconnected environment, let's get started.
|
||||
|
||||
## 2.1 - Open a terminal on your low side
|
||||
|
||||
Our first step to prepare to mirror content is to get connected to our low side jump host via `ssh`. Replace the placeholder ip address below with the actual ip address you've been allocated for your environment.
|
||||
|
||||
```bash
|
||||
ssh lab-user@<placeholder>
|
||||
```
|
||||
You'll be prompted to enter a password which you can find in your allocated environment details.
|
||||
|
||||
After connecting change directory to the low side workspace where the intial cluster installation was already completed for you and review the folder contents:
|
||||
|
||||
```bash
|
||||
cd /mnt/low-side-data
|
||||
|
||||
ls -lah
|
||||
```
|
||||
|
||||
Your workspace will look similar to the one below:
|
||||
|
||||
```bash
|
||||
[lab-user@jump low-side-data]$ ls -lah
|
||||
total 25G
|
||||
drwxr-xr-x. 4 lab-user lab-user 4.0K Aug 22 00:22 .
|
||||
drwxr-xr-x. 3 root root 27 Aug 19 04:10 ..
|
||||
-rw-r--r--. 1 lab-user lab-user 473 Aug 22 00:10 imageset-config.yaml
|
||||
-rw-r--r--. 1 lab-user lab-user 696M Aug 21 23:57 mirror-registry.tar.gz
|
||||
-rw-r--r--. 1 lab-user lab-user 24G Aug 22 00:22 mirror_seq1_000000.tar
|
||||
-rwxr-xr-x. 1 lab-user lab-user 146M Mar 26 22:17 oc
|
||||
-rwxr-x--x. 1 lab-user lab-user 144M Mar 22 18:34 oc-mirror
|
||||
-rw-------. 1 lab-user lab-user 183K Aug 22 00:16 .oc-mirror.log
|
||||
drwxr-xr-x. 3 lab-user lab-user 17 Aug 22 00:13 oc-mirror-workspace
|
||||
-rwxr-xr-x. 1 lab-user lab-user 630M Mar 22 19:32 openshift-install
|
||||
drwxr-x---. 2 lab-user lab-user 28 Aug 22 00:22 publish
|
||||
```
|
||||
|
||||
## 2.2 - Get familiar with oc-mirror
|
||||
|
||||
To mirror content into our disconnected environment we will be using the [`oc-mirror`](https://github.com/openshift/oc-mirror) openshift client utility.
|
||||
|
||||
To configure what content `oc-mirror` will download and mirror for us we use a YAML formatted file called an `ImageSetConfiguration`. This file declares:
|
||||
|
||||
1. **What to download** which can include (OpenShift itself, operator bundles, helm charts, or specific container images)
|
||||
2. **What versions**
|
||||
3. **Where to store the downloaded content**
|
||||
|
||||
As part of the initial installation of OpenShift an `ImageSetConfiguration` file has already been created for you.
|
||||
Reference in New Issue
Block a user