To install Advanced Cluster Security Secured Clusters using this PolicySet, you must have already installed your Advanced Cluster Security Central Server. The policies make the following assumptions:
- RHACS is installed on the RHACM hub and the ACS init bundle secrets are created
in the
stackroxnamespace. - RHACS is installed on the RHACM hub and the ACS Central Server
Routeresource exists in thestackroxnamespace. - An install of Red Hat Advanced Cluster Management for Kubernetes version 2.8 or newer is required.
The ACS PolicySet for Secured Clusters contains two PolicySets that will be deployed.
The PolicySets install RHACS Secured Clusters onto all OpenShift clusters that are
managed by RHACM except for the RHACM hub cluster. If you want to install the RHACS
Secured Cluster component to the RHACM hub, that must be done separately.
Prior to applying the PolicySet, perform these steps:
-
Install the Policy generator Kustomize plugin by following the installation instructions. It is recommended to use Kustomize v4.5+.
-
Policies are installed to the
policiesnamespace. Make sure the placement bindings match this namespace for the hub and other managed clusters. Example yaml to apply a ManagedClusterSetBinding for the policies namespace.apiVersion: cluster.open-cluster-management.io/v1beta2 kind: ManagedClusterSetBinding metadata: name: default namespace: policies spec: clusterSet: default
oc apply -f managed-cluster.yaml
Apply the policies using the kustomize command or subscribing to a fork of the repository and pointing to this directory. See the details for using the Policy Generator for more information. The command to run is kustomize build --enable-alpha-plugins | oc apply -f -
Note: If the RHACS Route or certificate bundles are not available on the RHACM
hub cluster, you must edit the policy resources to make sure these resources are
available in the policies namespace.