- Documentation
- Red Hat Advanced Cluster Security for Kubernetes
- Integrating
- Integrating with S3 API compatible services history bug_report picture_as_pdf
- About
- Release notes
- RHACS Cloud Service
- Service description
- Overview of responsibilities for RHACS Cloud Service
- RHACS Cloud Service architecture
- Getting started with RHACS Cloud Service
- Default resource requirements for RHACS Cloud Service
- Recommended resource requirements for RHACS Cloud Service
- Setting up RHACS Cloud Service with Red Hat OpenShift secured clusters
- Creating a RHACS Cloud Service instance on Red Hat Cloud
- Creating a project on your Red Hat OpenShift secured cluster
- Generating an init bundle for secured clusters
- Applying an init bundle for secured clusters
- Installing the RHACS Operator for RHACS Cloud Service
- Installing secured cluster services from RHACS Cloud Service
- Configuring the proxy for secured cluster services in RHACS Cloud Service
- Verifying installation of secured clusters
- Setting up RHACS Cloud Service with Kubernetes secured clusters
- Creating a RHACS Cloud Service instance for Kubernetes clusters
- Generating an init bundle for Kubernetes secured clusters
- Applying an init bundle for Kubernetes secured clusters
- Installing secured cluster services from RHACS Cloud Service on Kubernetes clusters
- Verifying installation of secured clusters
- Upgrading RHACS Cloud Service
- Architecture
- Installing
- High-level RHACS installation overview
- Default resource requirements for RHACS
- Recommended resource requirements for RHACS
- Installing RHACS on Red Hat OpenShift
- Installing Central services for RHACS on Red Hat OpenShift
- Configuring Central configuration options for RHACS using the Operator
- Generating and applying an init bundle for RHACS on Red Hat OpenShift
- Installing Secured Cluster services for RHACS on Red Hat OpenShift
- Configuring Secured Cluster services options for RHACS using the Operator
- Verifying installation of RHACS on Red Hat OpenShift
- Installing RHACS on other platforms
- Uninstalling Red Hat Advanced Cluster Security for Kubernetes
- Configuring
- Adding custom certificates
- Adding trusted certificate authorities
- Reissuing internal certificates
- Adding security notices
- Enabling offline mode
- Enabling alert data retention
- Exposing the RHACS portal over HTTP
- Configuring automatic upgrades for secured clusters
- Configuring automatic removal of nonactive clusters
- Configuring a proxy for external network access
- Generating a diagnostic bundle
- Configuring endpoints
- Monitoring
- Enabling audit logging
- Configuring API tokens
- Using declarative configuration
- Inviting users to your RHACS instance
- Managing preview features
- Operating
- Viewing the dashboard
- Using Compliance Operator with RHACS
- Managing compliance
- Evaluating security risks
- Using admission controller enforcement
- Managing security policies
- Managing network policies
- Build-time network policy tools
- Visualizing external entities
- Auditing listening endpoints
- Reviewing cluster configuration
- Examining images for vulnerabilities
- Verifying image signatures
- Managing vulnerabilities
- Responding to violations
- Using deployment collections
- Searching and filtering
- Managing user access
- Using the system health dashboard
- Using the administration events page
- Integrating
- Integrating with image registries
- Integrating with CI systems
- Integrating with PagerDuty
- Integrating with Slack
- Integrating by using generic webhooks
- Integrating with QRadar
- Integrating with ServiceNow
- Integrating with Sumo Logic
- Integrating with Google Cloud Storage
- Integrating by using the syslog protocol
- Integrating with Amazon S3
- Integrating with S3 API compatible services
- Integrating with Google Cloud Security Command Center
- Integrating with Splunk
- Integrating with image vulnerability scanners
- Integrating with Jira
- Integrating with email
- Integrating with cloud management platforms
- Integrating using short-lived tokens
- Integrating with Microsoft Sentinel notifier
- Backup and restore
- Upgrading
- roxctl CLI
- Troubleshooting Collector
- Troubleshooting Central
- Telemetry
- Support
- API reference
- AdministrationEventService
- AdministrationUsageService
- AlertService
- APITokenService
- AuthProviderService
- AuthService
- CentralHealthService
- CloudSourcesService
- ClusterCVEService
- ClusterInitService
- ClustersService
- CollectionService
- ComplianceManagementService
- ComplianceService
- ConfigService
- CredentialExpiryService
- DBService
- DebugService
- DeclarativeConfigHealthService
- DelegatedRegistryConfigService
- DeploymentService
- DetectionService
- DiscoveredClustersService
- ExternalBackupService
- FeatureFlagService
- GroupService
- GRPCPreferencesService
- ImageCVEService
- ImageIntegrationService
- ImageService
- IntegrationHealthService
- ListeningEndpointsService
- MetadataService
- MitreAttackService
- NamespaceService
- NetworkBaselineService
- NetworkGraphService
- NetworkPolicyService
- GetAllowedPeersFromCurrentPolicyForDeployment
- ApplyNetworkPolicy
- ApplyNetworkPolicyYamlForDeployment
- GetDiffFlowsBetweenPolicyAndBaselineForDeployment
- GetNetworkGraph
- GetBaselineGeneratedNetworkPolicyForDeployment
- GenerateNetworkPolicies
- GetNetworkPolicies
- GetNetworkGraphEpoch
- GetNetworkPolicy
- SendNetworkPolicyYAML
- SimulateNetworkGraph
- GetDiffFlowsFromUndoModificationForDeployment
- GetUndoModification
- GetUndoModificationForDeployment
- NodeCVEService
- NodeService
- NotifierService
- PingService
- PodService
- PolicyCategoryService
- PolicyService
- ProbeUploadService
- ProcessBaselineService
- ProcessService
- RbacService
- ReportConfigurationService
- ReportService
- RoleService
- ComputeEffectiveAccessScope
- GetMyPermissions
- ListPermissionSets
- DeletePermissionSet
- GetPermissionSet
- PutPermissionSet
- PostPermissionSet
- GetResources
- GetRoles
- DeleteRole
- GetRole
- CreateRole
- UpdateRole
- GetNamespacesForClusterAndPermissions
- GetClustersForPermissions
- ListSimpleAccessScopes
- DeleteSimpleAccessScope
- GetSimpleAccessScope
- PutSimpleAccessScope
- PostSimpleAccessScope
- SearchService
- SecretService
- SensorUpgradeService
- ServiceAccountService
- ServiceIdentityService
- SignatureIntegrationService
- SummaryService
- TelemetryService
- UserService
- VulnerabilityRequestService
- VulnMgmtService
Integrating with S3 API compatible services
Red Hat Advanced Cluster Security for Kubernetes can be integrated with S3 API compatible services to enable data backups. These backups can be used for data restoration in the case of an infrastructure disaster or corrupt data. After integrating with the S3 API compatible provider, you can schedule daily or weekly backups and do manual on-demand backups.
The backup includes the entire RHACS database, which includes all configurations, resources, events, and certificates. Make sure that backups are stored securely.
|
Configuring S3 API compatible integrations in Red Hat Advanced Cluster Security for Kubernetes
To configure S3 API compatible backups, create a new integration in Red Hat Advanced Cluster Security for Kubernetes.
-
You have configured an existing S3 bucket. To create a new bucket with required permissions, see your S3 provider documentation.
-
You have
read,write, anddeletepermissions for the S3 bucket, the Access key ID, and the Secret access key.
-
In the RHACS portal, go to Platform Configuration → Integrations.
-
Scroll down to the External backups section and select S3 API Compatible.
-
Click New Integration.
-
Enter a name for Integration Name.
-
Enter the number of backups to retain in the Backups To Retain box.
-
For Schedule, select the backup frequency as daily or weekly, and select the time to run the backup process.
-
Enter the Bucket name where you want to store the backup.
-
Optionally, enter an Object Prefix if you want to save the backups in a specific folder structure.
-
Enter the Endpoint under which the S3 compatible service is reachable. If no scheme is specified, the default,
https, is used. -
Enter the Region for the bucket. Consult your provider’s documentation to enter the correct region.
-
Select the URL style:
-
Virtual hosted style buckets are addressed as https://<bucket>.<endpoint>.
-
Path style buckets are addressed as https://<endpoint>/<bucket>.
-
-
Enter the Access Key ID and the Secret Access Key.
-
Select Test to confirm that the integration with the S3 is working.
-
Select Create to generate the configuration.
After the integration is configured, RHACS automatically backs up all data according to the specified schedule.
Performing on-demand backups on an S3 API compatible bucket
Use the Red Hat Advanced Cluster Security for Kubernetes portal to trigger manual backups of RHACS to an S3 API compatible bucket.
-
You have integrated RHACS with an S3 API compatible service.
-
In the RHACS portal, go to Platform Configuration → Integrations.
-
In the External backups section, click S3 API Compatible.
-
Select the integration name for the S3 bucket where you want to do a backup.
-
Click Trigger backup.
|
When you select Trigger backup, there is no notification. However, RHACS begins the backup task in the background. |