$ git clone git@github.com:<your_username>/layered-zero-trust.git
Deploying the Layered Zero Trust pattern
Follow these instructions to configure and deploy the Layered Zero Trust pattern.
An OpenShift Container Platform cluster with publicly signed certificates for Ingress
A GitHub account and a token for it with repositories permissions, to read from and write to your forks.
Access to Podman (or Docker) for execution of the container images used by
pattern.sh
script for provisioning.Useful additions:
The Helm binary, for instructions, see Installing Helm
Additional installation tool dependencies. For details, see Patterns quick start.
Repository setup
Follow these instructions for setting up the project repository:
Fork the layered-zero-trust repository from GitHub. You must fork the repository because your fork is updated as part of the GitOps and DevOps processes.
Clone your forked repository.
Go to your repository: Ensure you are in the root directory of your Git repository by using the following command:
$ cd </path_to_your_repository>
Set up upstream remote repository:
$ git remote add -f upstream git@github.com/validatedpatterns/layered-zero-trust.git
Verify the setup of your remote repositories by running the following command:
$ git remote -v
Example output:
origin git@github.com:<your_username>/layered-zero-trust.git (fetch) origin git@github.com:<your_username>/layered-zero-trust.git (push) upstream https://github.com/validatedpatterns/layered-zero-trust.git (fetch) upstream https://github.com/validatedpatterns/layered-zero-trust.git (push)
Create a local copy of the secret values file that can safely include credentials. Run the following command:
$ cp values-secret.yaml.template ~/values-secret-layered-zero-trust.yaml
To prevent pushing secrets to your Git repository, the command places the
values-secret.yaml
file in your home directory. You derive this file from thevalues-secrets.yaml.template
file located in the pattern’s top-level directory. When you create new patterns, add your secrets to thevalues-secret.yaml
file in your home directory.Create a new feature branch, for example
my-branch
from themain
branch for your content:$ git checkout -b my-branch main
(Optional) To customize the execution of the pattern, optionally change the Helm values files and then commit the changes.
$ git add <files_you_changed> $ git commit -m "Pattern customization"
The following configuration files define the behavior and settings of the various components in the Layered Zero Trust pattern. You can customize these files to fit your specific deployment needs.
values-global.yaml
: Global pattern configurationvalues-hub.yaml
: Hub cluster specific configurationvalues-secret.yaml
: Secret values (created from template)values-<environment>.yaml
: Environment-specific overrides (AWS, Azure, GCP)
Push the changes from your local branch to your forked repository.
$ git push origin my-branch
Deploying the pattern by using the pattern.sh file
Deploy the Layered Zero Trust pattern by using the pattern.sh
script.
Login to your OpenShift Container Platform cluster:
By using the
oc
CLI:Get an API token by visiting
https://oauth-openshift.apps.
.. /oauth/token/request Log in with the retrieved token:
$ oc login --token=<retrieved_token> --server=https://api.<your_cluster>.<domain>:6443
By using KUBECONFIG:
$ export KUBECONFIG=~/<path_to_kubeconfig>
Run the pattern deployment script:
$ ./pattern.sh make install
Verify the deployment
You can use the OpenShift Container Platform console and ArgoCD applications to verify the deployment.
In the OpenShift Container Platform web console, navigate to the Operators → Installed Operators page.
Check that Red Hat OpenShift GitOps Operator is installed in the
openshift-operators
namespace and its status is Succeeded.Use the Application Launcher within the OpenShift Container Platform console to confirm that all applications have synchronized successfully to both Hub and Cluster Argo CD instances.