jmhbnz/workshops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
3512aebbb0aad7e722b009ef71d1d16a6279a84c
workshops/data/workshop/exercise2.mdx
James Blair 3512aebbb0 Progress on exercise 2.
2024-10-17 09:43:29 +13:00

50 lines
2.6 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Laying the foundations for cluster security
exercise: 2
date: '2024-10-17'
tags: ['openshift','security']
draft: false
authors: ['default']
summary: ""
---
Its your first day of the consulting engagement with ACME. Youve paired up with one of their Senior Platform Engineers Angie who has just given you a tour of their newly deployed OpenShift cluster which is looking healthy 🥦 (whew!) .
Time to tackle the first task on our consulting engagement list, installing [Red Hat Advanced Cluster Security](https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.5/html-single/installing/index) via the operator.
Ultimately the ACME team wants to manage everything with GitOps, but for today Angie would prefer a guided walkthrough on how to do things using the OpenShift Web Console so she has an opportunity to learn more about each step of the process.
<Zoom>
|![cluster](/static/images/security/pairing.png) |
|:-----------------------------------------------------------------------------:|
| *Time for a pair session at ACME Financial Services* |
</Zoom>
## 2.1 Installing the rhacs operator
Youre in front of a screen together with the Web Console open. The first step of installing the operator should be easy, better get started!
The only requirement Angie has requested for the Advanced Cluster Security operator installation is that all future operator updates must be approved **Manually**. She explains that several platform team members have PTSD from previous upgrades happening automatically and bringing down ACME's EFTPOS platform so now automatic updates are disabled everywhere.
Documentation you may find helpful is:
- https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.5/html-single/installing/index#install-acs-operator_install-central-ocp
## 2.2 Deploying central services
With the operator installed and healthy we now need to deploy an instance of **Central** for Angie. This Central instance will provide the management interface, API and secure the full fleet of ACMEs OpenShift clusters along with some EKS clusters ACME are currently running in AWS.
Angie has shared a high level design with you that states the Central services need to be deployed to the `prd-acme-rhacs` namespace.
<Zoom>
|![cluster](/static/images/security/central.png) |
|:-----------------------------------------------------------------------------:|
| *Architecture for Red Hat Advanced Cluster Security* |
</Zoom>
Reference in New Issue View Git Blame Copy Permalink