$ oc get route central -n stackrox
Before you install the SecuredCluster
resource on a cluster, you must create an init bundle. The cluster that has SecuredCluster
installed and configured then uses this bundle to authenticate with the ACS Console. You can create an init bundle by using either the RHACS portal or the roxctl
CLI. You then apply the init bundle by using it to create resources.
You can create an init bundle containing secrets by using the RHACS portal.
You must have the |
Find the address of the RHACS portal based on your exposure method:
For a route:
$ oc get route central -n stackrox
For a load balancer:
$ oc get service central-loadbalancer -n stackrox
For port forward:
Run the following command:
$ oc port-forward svc/central 18443:443 -n stackrox
Navigate to https://localhost:18443/
.
On the RHACS portal, navigate to Platform Configuration → Integrations.
Navigate to the Authentication Tokens section and click on Cluster Init Bundle.
Click Generate bundle.
Enter a name for the cluster init bundle and click Generate.
If you are installing using Helm charts, click Download Helm Values File to download the generated bundle.
If you are installing using the Operator, click Download Kubernetes Secret File to download the generated bundle.
Store this bundle securely because it contains secrets. You can use the same bundle to create multiple secured clusters. |
Apply the init bundle by creating a resource on the secured cluster.
Install secured cluster services on each cluster.
You can create an init bundle with secrets by using the roxctl
CLI.
You must have the |
You have configured the ROX_API_TOKEN
and the ROX_CENTRAL_ADDRESS
environment variables:
Set the ROX_API_TOKEN
by running the following command:
$ export ROX_API_TOKEN=<api_token>
Set the ROX_CENTRAL_ADDRESS
environment variable by running the following command:
$ export ROX_CENTRAL_ADDRESS=<address>:<port_number>
In RHACS Cloud service, when using |
To generate a cluster init bundle containing secrets for Helm installations, run the following command:
$ roxctl -e "$ROX_CENTRAL_ADDRESS" \
central init-bundles generate <cluster_init_bundle_name> \
--output cluster_init_bundle.yaml
To generate a cluster init bundle containing secrets for Operator installations, run the following command:
$ roxctl -e "$ROX_CENTRAL_ADDRESS" \
central init-bundles generate <cluster_init_bundle_name> \
--output-secrets cluster_init_bundle.yaml
Ensure that you store this bundle securely because it contains secrets. You can use the same bundle to set up multiple secured clusters. |