Installation and RHACS Cloud Service

Module goals

Goals

  • Deploy RHACS Cloud Service Central Instance

  • Remove the existing RHACS operator

  • Use the ACS Cloud Service to reinstall the Secured Cluster Services

Setting Up Red Hat Account and Creating Central Instance on ACS

Procedure

  1. Head on over to Red Hat Advanced Cluster Security Trial

  2. Click on the Start Your Trial button.

  3. Sign up for a Red Hat account if you don’t have one. (Make sure to remember your username and password!)

  4. Once you are in "Getting Started" tab select "Create Instance".

11 setup 01
You will be redirected to the ACS Instances page where you can view all of the central services that have been deployed.
11 setup 02

  1. Click on Create ACS instance.

11 setup 03

  1. Fill in your name, and select your cloud region (US East or Europe).

  2. Wait for the creation process to complete. Typically it is 7-10 minutes.

You need ACS Central Services to be available to deploy ACS Secured Cluster Services into the EKS Cluster. Time to stretch your legs a bit.

Checking and Accessing the Central Instance

Once the RHACS Central instance is available, we will check on it’s status.

Procedure

  1. Ensure the Ready status is showing

11 setup 04

  1. Click on the Name of your Central Service instance. You will be redirected to a page with all of the Central Services details and a few extra resources.

Take note of the API and roxctl URL’s. It will be useful for connecting to the service later.
11 setup 04

  1. Click on the Name of your Central Service instance. You will be redirected to a page with all of the Central Services details and a few extra resources.

11 setup 05

  1. Click on Open ACS Console and login to your account.

11 setup 06
You should be redirected to your ACS instance at a page that looks like the one above. Ask for help if you have not reached this step.

Uninstall the "On-Prem" RHACS Operator

While you’re waiting for the Central Services to spin up, head over to the OpenShift console to unstall the existing operator.

Procedure

  1. Log into the OCP console at https://console-openshift-console.apps.cluster-sample.sample.sandboxsample.opentlc.com

  2. Click on Operators - Installed Operators

11 uninstall 00

  1. Locate the Advanced Cluster Security for Kubernetes Operator and select it.

  2. Click on Actions, then click Uninstall Operator

11 uninstall 01

  1. Select "Delete all operand instances for this operator"

  2. Click uninstall.

11 uninstall 02
11 uninstall 03
If successfull, you will have no access to the RHACS console at https://central-stackrox.apps.cluster-sample.sample.sandboxsample.opentlc.com
11 uninstall 04

Let’s check out the RHACS Cloud Service instance.

Access the Cloud Service and Install the Secured Cluster Services

Red Hat Advanced Cluster Security for Kubernetes (RHACS) provides security services for self-managed RHACS on platforms such as Amazon Elastic Kubernetes Service (Amazon EKS), Google Kubernetes Engine (Google GKE), and Microsoft Azure Kubernetes Service (Microsoft AKS).

If you want to learn more about the installation methods before proceeding you can review the resource below:

Setup the SCS certificates

Procedure

  1. Head back over to your RHACS instance.

11 cs 00

  1. Click on your instance then select, "Open ACS Console".

11 cs 01

  1. Click on your instance then select, "Open ACS Console".

  2. Login using your Red Hat credentials

Ask for help from you instructor if you are having issues with the RHACS Cloud Service instance or access.
11 cs 02

  1. Select "View installation methods".

11 cs 03
Since we have an OpenShift Cluster, you will be using the Operator method to install the Secured Cluster Services in OpenShift.

To install the Operator two things have to be done

  1. In the Red Hat OpenShift Container Platform web console on the cluster that you are securing, you have installed the RHACS Operator.

  2. In the RHACS web portal, you have created an init bundle and downloaded the YAML file for the init bundle.

Let’s start by grabbing the init secrets

Procedure

  1. In your RHACS Cloud Service instance, select "Platform Configuration - Cluster Init Bundle"

11 cs 04

  1. Select "Create bundle".

  2. Name the bundle "new-cluster"

  3. Ensure OpenShift & Operator are selected

11 cs 05

  1. Click Download

  2. Next you need to copy the file contents and save it in a new file named init-bundle.yaml

nano init-bundle.yaml
Hit ctrl + x to exit nano.

  1. Run the following on your command line:

oc delete -f init-bundle.yaml -n rhacs-operator
oc create -f init-bundle.yaml -n rhacs-operator
You are running the delete command to ensure the previous certificates are removed.

Install the operator

Procedure

  1. Log into the OCP console at https://console-openshift-console.apps.cluster-sample.sample.sandboxsample.opentlc.com

  2. Click on Operators - Operator Hub

  3. Search for RHACS and click on the one with the "Red Hat" source

11 cs 06

  1. Click Install

  2. Ensure the existing Red Hat OpenShift Container Platform project rhacs-operator is selected.

  3. Click Install

11 cs 07
With the init-bundle deployed and the operator ready, it’s time to install the Secured Cluster

  1. Click on the Secured Cluster tab then select "Create SecuredCluster"

11 cs 08

  1. Use all of the defaults but change the cluster name to new-cluster

  2. Add the Central Endpoint of your ACS Cloud Service. This can be foudn in the console.openshift or the URL at the top of the page.

  3. Click "Install"

11 cs 09
After a few minutes you should see everything light up green in the Cloud Service console.
11 cs 10

Summary

giphy