You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/patterns/layered-zero-trust/lzt-getting-started.adoc
+67-2Lines changed: 67 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,10 +27,10 @@ Follow these instructions to configure and deploy the Layered Zero Trust pattern
27
27
28
28
* Fulfill the general link:https://validatedpatterns.io/learn/quickstart/#_prerequisites[prerequisites for Validated Patterns].
29
29
30
-
* Depending on the characteristics of your cluster, you might need additional hardware resources for the Advanced Cluster Management (ACM) component.
30
+
* Depending on the characteristics of your cluster, you might need additional hardware resources for the {rh-rhacm-first} component.
31
31
For a single-node cluster, you can start with 4 vCPUs, 16 GB of memory, and 120 GB of storage.
32
32
+
33
-
For more details about ACM sizing, see link:https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.14/html-single/install/index#sizing-your-cluster[Sizing your cluster].
33
+
For more details about {rh-rhacm} sizing, see link:https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.14/html-single/install/index#sizing-your-cluster[Sizing your cluster].
34
34
35
35
* (Optional) The Helm binary, for instructions, see link:https://helm.sh/docs/intro/install/[Installing Helm].
The Layered Zero Trust pattern's default deployment assumes that none of its components have been installed previously. Verify that your {ocp} environment does not already contain any of xref:/patterns/layered-zero-trust/index.html#architecture [the listed components] before proceeding.
92
+
====
93
+
89
94
. Create a local copy of the secret values file that can safely include
90
95
credentials. Run the following command:
91
96
+
@@ -177,3 +182,63 @@ The Layered Zero-Trust pattern installs the following two {ocp} GitOps instances
177
182
. **Hub Argo CD**: Manages Cluster Argo CD instance and the individual components that belong to the pattern on the hub {ocp} instance.
178
183
179
184
If every Argo CD application reports a **Healthy** status, the pattern has been deployed successfully.
185
+
186
+
187
+
[id="lzt-importing-existing-clusters"]
188
+
== Importing existing clusters
189
+
190
+
The pattern supports importing pre-existing {ocp} clusters into the Hub cluster, converting them into *Managed Clusters*.
191
+
192
+
[WARNING]
193
+
====
194
+
Do not use the `ClusterPools` configuration settings for {rh-rhacm} chart provisioning. The `ClusterPools` technology is limited to cloud environments.
195
+
196
+
Instead, use the `acm-managed-clusters` chart to import your existing standalone clusters.
197
+
====
198
+
199
+
.Procedure
200
+
201
+
. Copy the `kubeconfig` file of the cluster you want to import to your local system.
202
+
203
+
. In the `values-secret.yaml` file, define the `kubeconfig` secret by providing the local file system path to the `kubeconfig` file you copied in Step 1.
204
+
+
205
+
[source,yaml]
206
+
----
207
+
- name: kubeconfig-spoke
208
+
vaultPrefixes:
209
+
- hub
210
+
fields:
211
+
- name: content
212
+
path: ~/.kube/kubeconfig-ztvp-spoke
213
+
----
214
+
215
+
. In the `values-hub.yaml` file, add a new entry in the `clusterGroup.managedClusterGroups` key.
216
+
+
217
+
[source,yaml]
218
+
----
219
+
managedClusterGroups:
220
+
exampleRegion:
221
+
name: group-one
222
+
acmlabels:
223
+
- name: clusterGroup
224
+
value: group-one
225
+
helmOverrides:
226
+
- name: clusterGroup.isHubCluster
227
+
value: false
228
+
----
229
+
230
+
. Also in the `values-hub.yaml` file, add your cluster definition in the `acmManagedClusters.clusters` key.
0 commit comments