This tutorial is details how to onboard Openshift cluster to CloudGuard native using automation scripts.
(Manual onboarding guide is here. The original repo is forked from Dean Houari's Repo.
- Register for a CloudGuard native account. https://secure.dome9.com/v2/register/invite
- Generate CloudGuard API key and secret here https://secure.dome9.com/v2/settings/credentials
git clone https://github.com/jaydenaung/cloudguard-onboard-openshift
- Make sure that uid1000.json and cp-cloudguard-openshift.yaml are in the same directory as onboard-1.sh.
- Edit variables and run onboard-1.sh to onboard the cluster.
./onboard-1.sh
Alternatively, you can follow the instructions below and execute command lines manually.
You can use the python script onboard_oc_1.py to onboard or remove an OpenShift cluster to and from CloudGuard.
# Install requirements
pip3 install -r requirements.txt
# Execute script
python3 onboard_oc_1.py onboard
For cluster onboarding you will need to provide:
- Your Cluster Name (e.g. my_cluster)
- Namespace (e.g. checkpoint)
- CloudGuard API Key (you can export environment variable CHKP_CLOUDGUARD_ID and script will detect it)
- CloudGUard API Secret (you can export environment variable CHKP_CLOUDGUARD_SECRET and script will detect it)
For cluster removal you will need to provide:
- The path to the yaml file that was generated during onboarding. The script will try to find a yaml file in the current directory.
- CloudGuard API Key (Alternatively, can export environment variable CHKP_CLOUDGUARD_ID and the script will detect it)
- CloudGUard API Secret (you can also export environment. variable CHKP_CLOUDGUARD_SECRET and the script will detect it.)
Log onto CloudGuard native and wait for the initial sync process to be completed.