Skip to content

Latest commit

 

History

History
71 lines (66 loc) · 3.1 KB

cp4s-recipe.md

File metadata and controls

71 lines (66 loc) · 3.1 KB
Raw

Deploy Cloud Pak for Security

Infrastructure - Kustomization.yaml

  1. Edit the Infrastructure layer ${GITOPS_PROFILE}/1-infra/kustomization.yaml and un-comment the following: 
    - argocd/consolenotification.yaml
- argocd/namespace-ibm-common-services.yaml
- argocd/namespace-tools.yaml
- argocd/namespace-openshift-serverless.yaml
- argocd/namespace-knative-eventing.yaml
- argocd/namespace-knative-serving.yaml
- argocd/namespace-knative-serving-ingress.yaml

Services - Kustomization.yaml

  1. Edit the CP4SThreatManagements custom resource instance and specify a block or file storage class ${GITOPS_PROFILE}/2-services/argocd/instances/ibm-cp4sthreatmanagements-instance.yaml. The default is set to managed-nfs-storage.

      - name: spec.basicDeploymentConfiguration.storageClass
    value: managed-nfs-storage
  - name: spec.extendedDeploymentConfiguration.backupStorageClass
    value: managed-nfs-storage

  2. Edit the Services layer ${GITOPS_PROFILE}/2-services/kustomization.yaml uncomment the following:

    - argocd/operators/ibm-cp4s-operator.yaml
- argocd/instances/ibm-cp4sthreatmanagements-instance.yaml
- argocd/operators/ibm-foundations.yaml
- argocd/instances/ibm-foundational-services-instance.yaml
- argocd/operators/ibm-automation-foundation-core-operator.yaml
- argocd/operators/ibm-catalogs.yaml
- argocd/operators/openshift-serverless.yaml
- argocd/instances/openshift-serverless-knative-serving-instance.yaml

Validation

  1. Check the status of the CommonService and PlatformNavigator custom resource.

    oc get CP4SThreatManagement threatmgmt -n tools -o jsonpath='{.status.conditions}'
# Expected output = Cloudpak for Security Deployment is successful

  2. Before users can log in to the console for Cloud Pak for Security, an identity provider must be configured. The documentation provides further instructions. For DEMO purposes, OpenLDAP can be deployed and instructions are provided below.

  3. Download the cpctl utility

    1. Log in to the OpenShift cluster
    oc login --token=<token> --server=<openshift_url> -n <namespace>
    1. Retrieve the pod that contains the utility
    POD=$(oc get pod --no-headers -lrun=cp-serviceability | cut -d' ' -f1)
    1. Copy the utility locally
    oc cp $POD:/opt/bin/<operatingsystem>/cpctl ./cpctl && chmod +x ./cpctl

  4. Install OpenLDAP

    1. Start a session
    ./cpctl load
    1. Install OpenLDAP
    cpctl tools deploy_openldap --token $(oc whoami -t) --ldap_usernames 'adminUser,user1,user2,user3' --ldap_password cloudpak

  5. Initial user log in

    1. Retrieve Cloud Pak for Security Console URL
    oc get route isc-route-default --no-headers -n <CP4S_NAMESPACE> | awk '{print $2}'
    1. Log in with the user ID and password specified (ie. adminUser / cloudpak).