$ export ROX_ENDPOINT=<host:port> (1)
To secure a Kubernetes or an OpenShift Container Platform cluster, you must deploy Red Hat Advanced Cluster Security for Kubernetes (RHACS) services into the cluster. You can generate deployment files in the RHACS portal by navigating to the Platform Configuration → Clusters view, or you can use the roxctl
CLI.
You have configured the ROX_ENDPOINT
environment variable using the following command:
$ export ROX_ENDPOINT=<host:port> (1)
1 | The host and port information that you want to store in the ROX_ENDPOINT environment variable. |
Generate the required sensor configuration for your Kubernetes cluster and associate it with your Central instance by running the following command:
$ roxctl sensor generate k8s --name <cluster_name> --central "$ROX_ENDPOINT"
Generate the required sensor configuration for your OpenShift Container Platform cluster and associate it with your Central instance by running the following command:
$ roxctl sensor generate openshift --openshift-version <ocp_version> --name <cluster_name> --central "$ROX_ENDPOINT" (1)
1 | For the --openshift-version option, specify the major OpenShift Container Platform version number for your cluster. For example, specify 3 for OpenShift Container Platform version 3.x and specify 4 for OpenShift Container Platform version 4.x . |
Read the --help
output to see other options that you might need to use depending on your system architecture.
Verify that the endpoint you provide for --central
can be reached from the cluster where you are deploying Red Hat Advanced Cluster Security for Kubernetes services.
If you are using a non-gRPC capable load balancer, such as HAProxy, AWS Application Load Balancer (ALB), or AWS Elastic Load Balancing (ELB), follow these guidelines:
|
When you generate the Sensor deployment files, roxctl
creates a directory called sensor-<cluster_name>
in your working directory. The script to install Sensor is located in this directory.
Run the sensor installation script to install Sensor:
$ ./sensor-<cluster_name>/sensor.sh
If you get a warning that you do not have the required permissions to install Sensor, follow the on-screen instructions, or contact your cluster administrator for help.
Run the following command to download Sensor bundles for existing clusters by specifying a cluster name
or ID
:
$ roxctl sensor get-bundle <cluster_name_or_id>
Before deleting the cluster, ensure you have the correct cluster name that you want to remove from Central:
$ roxctl cluster delete --name=<cluster_name>
Deleting the cluster integration does not remove the RHACS services running in the cluster, depending on the installation method.
You can remove the services by running the |