|
2 | 2 |
|
3 | 3 | [](https://opensource.org/licenses/Apache-2.0) |
4 | 4 |
|
| 5 | +<!-- |
5 | 6 | [Live build status](https://validatedpatterns.io/ci/?pattern=mcgitops) |
6 | 7 |
|
7 | | -## Start Here |
| 8 | +--> |
8 | 9 |
|
9 | | -If you've followed a link to this repository, but are not really sure what it contains |
10 | | -or how to use it, head over to [Layered Zero Trust Pattern](https://validatedpatterns.io/patterns/layered-zero-trust/) |
11 | | -for additional context and installation instructions |
| 10 | +## About the Layered Zero Trust Pattern |
12 | 11 |
|
13 | | -## Rationale |
| 12 | +Showcases the Zero Trust capabilities across Red Hat's product portfolio in a reproducible manner. |
14 | 13 |
|
15 | | -The goal for this pattern is to: |
| 14 | +## Getting Started |
16 | 15 |
|
17 | | -* Demonstrate how Zero Trust principles and capabilities are applied within OpenShift |
| 16 | +The basis of this pattern leverages the foundation provided by the [Multicloud GitOps Validated Pattern](https://validatedpatterns.io/patterns/multicloud-gitops/). |
| 17 | + |
| 18 | +### Prerequisites |
| 19 | + |
| 20 | +1. An OpenShift Cluster |
| 21 | + * Create a cluster either through the [Red Hat Hybrid Cloud Console](https://console.redhat.com) or manually using any of the available [installation methods](https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/architecture/architecture-installation) |
| 22 | + * A default `StorageClass` which provides dynamic `PersistentVolume` storage |
| 23 | +2. [Validated Patterns Tooling](https://validatedpatterns.io/learn/quickstart) |
| 24 | + |
| 25 | +### Prepare for Deployment |
| 26 | + |
| 27 | +1. From the [layered-zero-trust](https://github.com/validatedpatterns/layered-zero-trust) repository on GitHub, click the [Fork button](https://github.com/validatedpatterns/layered-zero-trust/fork). |
| 28 | +2. Clone the forked copy of this repository by running the following command. |
| 29 | + |
| 30 | +```shell |
| 31 | +git clone git@github.com:<your-username>/layered-zero-trust.git |
| 32 | +``` |
| 33 | + |
| 34 | +3. Navigate to your repository: Ensure you are in the root directory of your Git repository by using: |
| 35 | + |
| 36 | +```shell |
| 37 | +cd /path/to/your/repository |
| 38 | +``` |
| 39 | + |
| 40 | +4. Run the following command to set the upstream repository: |
| 41 | + |
| 42 | +```shell |
| 43 | +git remote add -f upstream git@github.com/validatedpatterns/layered-zero-trust.git |
| 44 | +``` |
| 45 | + |
| 46 | +5. Verify the setup of your remote repositories by running the following command: |
| 47 | + |
| 48 | +```shell |
| 49 | +git remote -v |
| 50 | +``` |
| 51 | + |
| 52 | +Example Output: |
| 53 | + |
| 54 | +```shell |
| 55 | +origin git@github.com:<your-username>/layered-zero-trust.git (fetch) |
| 56 | +origin git@github.com:<your-username>/layered-zero-trust.git (push) |
| 57 | +upstream https://github.com/validatedpatterns/layered-zero-trust.git (fetch) |
| 58 | +upstream https://github.com/validatedpatterns/layered-zero-trust.git (push) |
| 59 | +``` |
| 60 | + |
| 61 | +6. Create a local copy of the secret values file that can safely include credentials. Run the following command : |
| 62 | + |
| 63 | +```shell |
| 64 | +cp values-secret.yaml.template ~/values-secret-layered-zero-trust.yaml |
| 65 | +``` |
| 66 | + |
| 67 | +[!NOTE] |
| 68 | +Putting the `values-secret.yaml` in your home directory ensures that it does not get pushed to your git repository. It is based on the `values-secrets.yaml.template` file provided by the pattern in the top level directory. When you create your own patterns you will add your secrets to this file and save. At the moment the focus is on getting started and familiar with this pattern. |
| 69 | + |
| 70 | +7. Create a new feature branch, for example `my-branch` from the `main` branch for your content: |
| 71 | + |
| 72 | +```shell |
| 73 | +git checkout -b my-branch main |
| 74 | +``` |
| 75 | + |
| 76 | +8. Perform any desired changes to the Helm _values_ files to customize the execution of the pattern (optional). Commit the changes |
| 77 | + |
| 78 | +```shell |
| 79 | +git add <file(s)> |
| 80 | +git commit -m "Pattern customization" |
| 81 | +``` |
| 82 | + |
| 83 | +9. Push the changes in the branch to your forked repository |
| 84 | + |
| 85 | +```shell |
| 86 | +git push origin my-branch |
| 87 | +``` |
| 88 | + |
| 89 | +### Deploy the pattern |
| 90 | + |
| 91 | +The [pattern.sh](pattern.sh) script is used to deploy the Layered Zero Trust Validated pattern. |
| 92 | + |
| 93 | +1. Login to your OpenShift cluster |
| 94 | + a. Obtain an API token by visiting [https://oauth-openshift.apps.<your-cluster>.<domain>/oauth/token/request](https://oauth-openshift.apps.<your-cluster>.<domain>/oauth/token/request). |
| 95 | + b. Log in with this retrieved token by running the following command: |
| 96 | + |
| 97 | + ```shell |
| 98 | + oc login --token=<retrieved-token> --server=https://api.<your-cluster>.<domain>:6443 |
| 99 | + ``` |
| 100 | +2. Alternatively log in by referencing an existing _KUBECONFIG_ file: |
| 101 | + |
| 102 | +```shell |
| 103 | +export KUBECONFIG=~/<path_to_kubeconfig> |
| 104 | +``` |
| 105 | + |
| 106 | +3. Deploy the pattern |
| 107 | + |
| 108 | +```shell |
| 109 | +./pattern.sh make install |
| 110 | +``` |
| 111 | + |
| 112 | +4. Verify the deployment |
| 113 | + a. To verify, in the OpenShift web console, navigate to **Operators → Installed Operators** page. |
| 114 | + b. Check that **Red Hat OpenShift GitOps Operator** is installed in the `openshift-operators` namespace and its status is `Succeeded`. |
| 115 | + c. Use the Application Selector (box with 9 squares) within the OpenShift console to confirm that all _Applications_ have been synchronized successfully to both _Hub_ and _Cluster_ Argo CD instances. |
0 commit comments