chapter fixes, acs workaround

devsecops-workshop · Apr 5, 2024 · 7ea1bca · 7ea1bca
1 parent 00b9be2
commit 7ea1bca
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 18 deletions.
diff --git a/content/1-intro/_index.md b/content/1-intro/_index.md
@@ -42,30 +42,31 @@ The easiest way to provide this environment is through the Red Hat Demo System.
 
 ### Self Hosted
 
-While the workshop is designed to be run on Red Hat Demo System you should be able to run the workshop on a 4.10 cluster of your own.
+While the workshop is designed to be run on Red Hat Demo System (RHDS) and the environment **AWS with OpenShift Open Environment**, you should be able to run the workshop on a 4.14 cluster of your own.
 
 Just make sure :
 
 - You have cluster admin privileges
 - Sizing
   - 3 Controlplane Nodes (Similar to AWS m5.2x.large)
-  - 2 Worker (Similar to AWS m5.4x.large)
+  - 3 Worker (Similar to AWS m5.4x.large)
 - Authentication htpasswd enabled
 - For the ACM chapter you will need AWS credentials to automatically deploy a SingleNode OpenShift
-- Some names in the workshop may need to be customized for your environment (e.g. storage naming)
-
-This workshop was tested with these versions :
-
-- Red Hat OpenShift : 4.12.12
-- Red Hat Advanced Cluster Security for Kubernetes: 3.74.1
-- Red Hat OpenShift Dev Spaces : 3.6.0
-- Red Hat OpenShift Pipelines: 1.10.3
-- Red Hat OpenShift GitOps: 1.8.3
-- Red Hat Quay: 3.8.8
-- Red Hat Quay Bridge Operator: 3.7.11
-- Red Hat Data Foundation : 4.12.03
+- Some configurations in the workshop may need to be customized for your environment (e.g. storage types for ODF)
+
+This workshop was last tested with these versions :
+
+- Red Hat OpenShift : 4.14.18
+- Red Hat Advanced Cluster Security for Kubernetes: 3.74.9
+- Red Hat Advanced Cluster Management for Kubernetes: 2.10
+- Red Hat OpenShift Dev Spaces : 3.12.0
+- Red Hat OpenShift Pipelines: 1.14.3
+- Red Hat OpenShift GitOps: 1.12.3
+- Red Hat Quay: 3.8.15
+- Red Hat Quay Bridge Operator: 3.7.14
+- Red Hat Data Foundation : 4.14.6
 - Gitea Operator: 1.3.0
-- Web Terminal: 1.7.0
+- Web Terminal: 1.9.0
 
 ## Workshop Flow
 

diff --git a/content/12-create-policy/_index.md b/content/12-create-policy/_index.md
@@ -49,6 +49,12 @@ First create a new policy category and the system policy. In the **ACS Portal**
 
 {{< figure src="../images/custom-policy.png?width=30pc&classes=border,shadow" title="Click image to enlarge" >}}
 
+Currently there is an issue with persisting the group change to the central instance. As a workaround run this in your Web Terminal zu restart the central instance:
+
+``` bash
+oc delete pod -n stackrox -l app=central
+```
+
 ## Test the Policy
 
 Start the pipeline with the affected image version:

diff --git a/content/13-rhacs-pipeline/_index.md b/content/13-rhacs-pipeline/_index.md
@@ -36,7 +36,7 @@ Change to the **OpenShift Web Console** and create a secret with the API token i
 - In the UI switch to your `workshop-int` Project
 - Create a new key/value `Secret` named **roxsecrets**
 - Introduce these key/values into the secret:
-  - **rox_central_endpoint**: \<the URL to your **ACS Portal**>
+  - **rox_central_endpoint**: \<the URL to your **ACS Portal**> (without https:// but adding the port, e.g. entral-stackrox.apps.cluster-cqtsh.cqtsh.example.com:443)
     - If the `DOMAIN` placeholder was automatically replaced it should be: central-stackrox.apps.\<DOMAIN>:443
     - If not, replace it manually with your DOMAIN
   - **rox_api_token**: \<the API token you generated>
@@ -57,7 +57,7 @@ Have a look for yourself:
 - Switch to the YAML view
 - Near the top under **annotations** (around lines 11-12) you'll find an annotation `image.openshift.io/triggers`.
 
-Remove exactly these two lines and click **Save**:
+Remove exactly this lines and click **Save**:
 
 ```yaml
 image.openshift.io/triggers: >-
@@ -176,6 +176,7 @@ To fix this we will add a new **oc client Task** that updates the **Deployment**
 - Click on **Add Task**
 - In the search window enter `openshift`and select the **openshift-client** from Red Hat
 - Click on **Add**
+- Click on the new `openshift-client` Task
 - In Task form on the right enter
   - Display name : update-deploy
   - SCRIPT : `oc patch deploy/workshop -p '{"spec":{"template":{"spec":{"containers":[{"name":"workshop","image":"$(params.QUAY_URL)/openshift_workshop-int/workshop@$(tasks.build.results.IMAGE_DIGEST)"}]}}}}'`

diff --git a/content/16-acm/_index.md b/content/16-acm/_index.md
@@ -198,10 +198,12 @@ Now edit the application in the ACM console and change the label to `environment
 
 In this simple example you have seen how to deploy an application to an OpenShift cluster using ACM. All manifests defining the application where kept in a Git repo, ACM then used the manifests to deploy the required objects into the target cluster.
 
-## Pre/Post Tasks with Ansible Automation Platform 2
+## Bonus Chapter : Pre/Post Tasks with Ansible Automation Platform 2
 
 You can integrate Ansible Automation Platform and the Automation Controller (formerly known as Ansible Tower) with ACM to perform pre / post tasks within the application lifecycle engine. The prehook and posthook task allows you to trigger an Ansible playbook before and after the application is deployed, respectively.
 
+Notice that you will need a Red Hat Account with a valid Ansible subscription for this part.
+
 ### Install Automation Controller
 
 To give this a try you need an Automation Controller instance. So let's deploy one on your cluster using the AAP Operator: