1. Documentation
    2. history
×

Generating and applying an init bundle for RHACS Cloud Service on other platforms

Before you install the SecuredCluster resource on a cluster, you must create an init bundle. The cluster that has SecuredCluster installed and configured then uses this bundle to authenticate with Central. You can create an init bundle by using either the RHACS portal or the roxctl CLI. You then apply the init bundle by using it to create resources.

You must have the Admin user role to create an init bundle.

Generating an init bundle

Generating an init bundle by using the RHACS portal

You can create an init bundle containing secrets by using the RHACS portal, also called the ACS Console.

You must have the Admin user role to create an init bundle.
Procedure

  1. On the RHACS portal, navigate to Platform ConfigurationIntegrations.

  2. Navigate to the Authentication Tokens section and click on Cluster Init Bundle.

  3. Click Generate bundle.

  4. Enter a name for the cluster init bundle and click Generate.

    1. If you are installing using Helm charts, click Download Helm Values File to download the generated bundle.

    2. If you are installing using the Operator, click Download Kubernetes Secret File to download the generated bundle.

Store this bundle securely because it contains secrets. You can use the same bundle to create multiple secured clusters.
Next steps

  1. Apply the init bundle by creating a resource on the secured cluster.

  2. Install secured cluster services on each cluster.

Generating an init bundle by using the roxctl CLI

You can create an init bundle with secrets by using the roxctl CLI.

You must have the Admin user role to create init bundles.
Prerequisites

You have configured the ROX_API_TOKEN and the ROX_CENTRAL_ADDRESS environment variables.

  • Set the ROX_API_TOKEN and the ROX_CENTRAL_ADDRESS environment variables:

    $ export ROX_API_TOKEN=<api_token>
    $ export ROX_CENTRAL_ADDRESS=<address>:<port_number>
Procedure

  • Run the following command to generate a cluster init bundle containing secrets:

    For Helm installations:

    $ roxctl -e "$ROX_CENTRAL_ADDRESS" \
  central init-bundles generate <cluster_init_bundle_name> \
  --output cluster_init_bundle.yaml

    For Operator installations:

    $ roxctl -e "$ROX_CENTRAL_ADDRESS" \
  central init-bundles generate <cluster_init_bundle_name> \
  --output-secrets cluster_init_bundle.yaml

    Ensure that you store this bundle securely because it contains secrets. You can use the same bundle to set up multiple secured clusters.
Next Step

  • Use the kubectl CLI to create resources using the init bundle.

Applying an init bundle by creating a resource

Creating resources by using the init bundle

Before you install secured clusters, you must use the init bundle to create the required resources on the cluster that will allow the services on the secured clusters to communicate with Central.

If you are installing by using Helm charts, do not perform this step.
Prerequisites

  • You must have generated an init bundle containing secrets.

Procedure

  • Using the kubectl CLI, run the following commands to create the resources:

    $ kubectl create namespace stackrox
$ kubectl create -f <init_bundle>.yaml \ (1)
  -n <stackrox> (2)
    1 Specify the file name of the init bundle containing the secrets.
    2 Specify the name of the project where secured cluster services will be installed.
Next Step

  • Install RHACS secured cluster services in all clusters that you want to monitor.