Red Hat SummitChapter 2. Select your installation platform
As as systems administrator, you can select two different installation platforms to run Red Hat Trusted Profile Analyzer (RHTPA). You can deploy RHTPA to Red Hat OpenShift Container Platform using Amazon Web Services (AWS) or other service providers with a Helm chart from Red Hat. You can also deploy RHTPA to Red Hat Enterprise Linux by using Ansible.
Deploying RHTPA to Red Hat Enterprise Linux is currently a Technical Preview feature.
Select your target installation platform:
2.1. Installing Trusted Profile Analyzer by using Ansible
You can install the Red Hat Trusted Profile Analyzer (RHTPA) on Red Hat Enterprise Linux by using a Red Hat provided Ansible Playbook. This Ansible deployment of RHTPA allows you to specify your own PostgreSQL database, OpenID Connect (OIDC) provider, Simple Storage Service (S3), and Simple Queue Service (SQS) infrastructure.
Deploying RHTPA on Red Hat Enterprise Linux by using Ansible is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs), might not be functionally complete, and Red Hat does not recommend to use them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. See the support scope for Red Hat Technology Preview features for more details.
Prerequisites
- Red Hat Enterprise Linux version 9.3 or later.
- A Red Hat user account to access the Red Hat Hybrid Cloud Console.
Procedure
- Log in to the Red Hat Hybrid Cloud Console with your Red Hat credentials.
- From the home page, click the Services drop-down menu, and click Red Hat Ansible Automation Platform.
- From the navigational menu, expand Automation Hub, and click Collections.
- In the search field type rhtpa and press enter.
- Click the trusted_profile_analyzer link on the Red Hat Trusted Profile Analyzer tile.
Click the Documentation tab, and follow the steps there to complete the installation of RHTPA on Red Hat Enterprise Linux.
NoteFor a detailed overview of all the configuration parameters, click the tpa_single_node link under the Roles section.
2.2. Installing Trusted Profile Analyzer by using Helm with Amazon Web Services
You can install Red Hat’s Trusted Profile Analyzer (RHTPA) service on OpenShift by using a Helm chart from Red Hat. This procedure guides you on integrating Amazon Web Services (AWS) with RHTPA by using a customized values file for Helm.
If the secret values change after the installation, OpenShift redeploys RHTPA.
Prerequisites
A Red Hat OpenShift Container Platform cluster running version 4.14 or later.
- Support for the Ingress resource to serve publicly trusted certificates that use HTTPS.
- The ability to provision Transport Layer Security (TLS) certificates for Helm.
An AWS account with access to the following services:
- Simple Storage Service (S3)
- Simple Queue Service (SQS)
- Relational Database Service (RDS) using a PostgreSQL database instance.
- Cognito with an existing Cognito domain.
Have the following unversioned S3 bucket names created:
-
bombastic-UNIQUE_ID -
vexination-UNIQUE_ID v11y-UNIQUE_IDImportantThese bucket names must be unique across all AWS accounts in all AWS regions within the same partition. See Amazon’s S3 documentation for more information on bucket naming rules.
-
Have the following standard SQS queue names created:
-
bombastic-failed-default -
bombastic-indexed-default -
bombastic-stored-default -
vexination-failed-default -
vexination-indexed-default -
vexination-stored-default -
v11y-failed-default -
v11y-indexed-default -
v11y-stored-default
-
-
Access to the OpenShift web console with the
cluster-adminrole. -
A workstation with the
oc, and thehelmbinaries installed.
Procedure
On your workstation, open a terminal, and log in to OpenShift by using the command-line interface:
Syntax
oc login --token=TOKEN --server=SERVER_URL_AND_PORT
oc login --token=TOKEN --server=SERVER_URL_AND_PORTCopy to Clipboard Copied! Example
oc login --token=sha256~ZvFDBvoIYAbVECixS4-WmkN4RfnNd8Neh3y1WuiFPXC --server=https://example.com:6443
$ oc login --token=sha256~ZvFDBvoIYAbVECixS4-WmkN4RfnNd8Neh3y1WuiFPXC --server=https://example.com:6443Copy to Clipboard Copied! NoteYou can find your login token and URL from the OpenShift web console to use on the command line. Log in to the OpenShift web console. Click your user name, and click Copy login command. Offer your user name and password again, and click Display Token to view the command.
Create a new project for the RHTPA deployment:
Syntax
oc new-project PROJECT_NAME
oc new-project PROJECT_NAMECopy to Clipboard Copied! Example
oc new-project trusted-profile-analyzer
$ oc new-project trusted-profile-analyzerCopy to Clipboard Copied! Open a new file for editing:
Example
vi values-rhtpa-aws.yaml
$ vi values-rhtpa-aws.yamlCopy to Clipboard Copied! -
Copy and paste the RHTPA values file template into the new
values-rhtpa-aws.yamlfile. Update the
values-rhtpa-aws.yamlfile with your relevant AWS information.- Replace REGIONAL_ENDPOINT with your Amazon S3 storage, and Amazon SQS endpoint URLs.
- Replace COGNITO_DOMAIN_URL with your Amazon Cognito URL. You can find this information in the AWS Cognito Console, under the App Integration tab.
- Replace REGION, USER_POOL_ID, and FRONTEND_CLIENT_ID and WALKER_CLIENT_ID with your relevant Amazon Cognito information. You can find this information in the AWS Cognito Console, in the User pool overview section, and in the App clients and analytics section under the App Integration tab.
-
Replace UNIQUE_ID with your unique bucket names for
bombastic-,vexination-, andv11y-. - Save the file, and quit the editor.
Create the S3 storage secret resource by using your AWS credentials:
Syntax
apiVersion: v1 kind: Secret metadata: name: storage-credentials namespace: PROJECT_NAME type: Opaque data: aws_access_key_id: AWS_ACCESS_KEY aws_secret_access_key: AWS_SECRET_KEY
apiVersion: v1 kind: Secret metadata: name: storage-credentials namespace: PROJECT_NAME type: Opaque data: aws_access_key_id: AWS_ACCESS_KEY aws_secret_access_key: AWS_SECRET_KEYCopy to Clipboard Copied! Example
cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: storage-credentials namespace: trusted-profile-analyzer type: Opaque data: aws_access_key_id: RHTPASTORAGE1EXAMPLE aws_secret_access_key: xBalrKUtnFEMI/K7RDENG/aPxRfzCYEXAMPLEKEY EOF
$ cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: storage-credentials namespace: trusted-profile-analyzer type: Opaque data: aws_access_key_id: RHTPASTORAGE1EXAMPLE aws_secret_access_key: xBalrKUtnFEMI/K7RDENG/aPxRfzCYEXAMPLEKEY EOFCopy to Clipboard Copied! Create the SQS event bus secret resource by using your AWS credentials:
Syntax
apiVersion: v1 kind: Secret metadata: name: event-bus-credentials namespace: PROJECT_NAME type: Opaque data: aws_access_key_id: AWS_ACCESS_KEY aws_secret_access_key: AWS_SECRET_KEY
apiVersion: v1 kind: Secret metadata: name: event-bus-credentials namespace: PROJECT_NAME type: Opaque data: aws_access_key_id: AWS_ACCESS_KEY aws_secret_access_key: AWS_SECRET_KEYCopy to Clipboard Copied! Example
cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: event-bus-credentials namespace: trusted-profile-analyzer type: Opaque data: aws_access_key_id: RHTPAEVENTBS1EXAMPLE aws_secret_access_key: mBaliKUtnFEMI/K6RDENG/aPxRfzCYEXAMPLEKEY EOF
$ cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: event-bus-credentials namespace: trusted-profile-analyzer type: Opaque data: aws_access_key_id: RHTPAEVENTBS1EXAMPLE aws_secret_access_key: mBaliKUtnFEMI/K6RDENG/aPxRfzCYEXAMPLEKEY EOFCopy to Clipboard Copied! Create a OpenID Connect (OIDC) walker client secret resource:
Syntax
apiVersion: v1 kind: Secret metadata: name: oidc-walker namespace: PROJECT_NAME type: Opaque data: client-secret: SECRET
apiVersion: v1 kind: Secret metadata: name: oidc-walker namespace: PROJECT_NAME type: Opaque data: client-secret: SECRETCopy to Clipboard Copied! Example
cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: oidc-walker namespace: trusted-profile-analyzer type: Opaque data: client-secret: 5460cc91-4e20-4edd-881c-b15b169f8a79 EOF
$ cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: oidc-walker namespace: trusted-profile-analyzer type: Opaque data: client-secret: 5460cc91-4e20-4edd-881c-b15b169f8a79 EOFCopy to Clipboard Copied! Create two PostgreSQL database secret resources by using your Amazon RDS credentials.
A PostgreSQL standard user secret resource:
Syntax
apiVersion: v1 kind: Secret metadata: name: postgresql-credentials namespace: PROJECT_NAME type: Opaque data: db.host: DB_HOST db.name: DB_NAME db.user: USERNAME db.password: PASSWORD db.port: PORT
apiVersion: v1 kind: Secret metadata: name: postgresql-credentials namespace: PROJECT_NAME type: Opaque data: db.host: DB_HOST db.name: DB_NAME db.user: USERNAME db.password: PASSWORD db.port: PORTCopy to Clipboard Copied! Example
cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: postgresql-credentials namespace: trusted-profile-analyzer type: Opaque data: data: db.host: rds.us-east-1.amazonaws.com db.name: rhtpadb db.user: jdoe db.password: example1234 db.port: 5432 EOF
$ cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: postgresql-credentials namespace: trusted-profile-analyzer type: Opaque data: data: db.host: rds.us-east-1.amazonaws.com db.name: rhtpadb db.user: jdoe db.password: example1234 db.port: 5432 EOFCopy to Clipboard Copied! A PostgreSQL administrator secret resource:
Syntax
apiVersion: v1 kind: Secret metadata: name: postgresql-admin-credentials namespace: PROJECT_NAME type: Opaque data: db.host: DB_HOST db.name: DB_NAME db.user: USERNAME db.password: PASSWORD db.port: PORT
apiVersion: v1 kind: Secret metadata: name: postgresql-admin-credentials namespace: PROJECT_NAME type: Opaque data: db.host: DB_HOST db.name: DB_NAME db.user: USERNAME db.password: PASSWORD db.port: PORTCopy to Clipboard Copied! Example
cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: postgresql-admin-credentials namespace: trusted-profile-analyzer type: Opaque data: data: db.host: rds.us-east-1.amazonaws.com db.name: rhtpadb db.user: admin db.password: example1234 db.port: 5432 EOF
$ cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: postgresql-admin-credentials namespace: trusted-profile-analyzer type: Opaque data: data: db.host: rds.us-east-1.amazonaws.com db.name: rhtpadb db.user: admin db.password: example1234 db.port: 5432 EOFCopy to Clipboard Copied! - From the AWS Management Console, configure the Amazon Virtual Private Cloud (VPC) security group to allow port 5432.
Set up your shell environment:
Syntax
export NAMESPACE=PROJECT_NAME export APP_DOMAIN_URL=-$NAMESPACE.$(oc -n openshift-ingress-operator get ingresscontrollers.operator.openshift.io default -o jsonpath='{.status.domain}')export NAMESPACE=PROJECT_NAME export APP_DOMAIN_URL=-$NAMESPACE.$(oc -n openshift-ingress-operator get ingresscontrollers.operator.openshift.io default -o jsonpath='{.status.domain}')Copy to Clipboard Copied! Example
export NAMESPACE=trusted-profile-analyzer export APP_DOMAIN_URL=-$NAMESPACE.$(oc -n openshift-ingress-operator get ingresscontrollers.operator.openshift.io default -o jsonpath='{.status.domain}')$ export NAMESPACE=trusted-profile-analyzer $ export APP_DOMAIN_URL=-$NAMESPACE.$(oc -n openshift-ingress-operator get ingresscontrollers.operator.openshift.io default -o jsonpath='{.status.domain}')Copy to Clipboard Copied! Add the OpenShift Helm chart repository:
Example
helm repo add openshift-helm-charts https://charts.openshift.io/
$ helm repo add openshift-helm-charts https://charts.openshift.io/Copy to Clipboard Copied! Get the latest chart information from the Helm chart repositories:
Example
helm repo update
$ helm repo updateCopy to Clipboard Copied! Run the Helm chart:
Syntax
helm install redhat-trusted-profile-analyzer openshift-helm-charts/redhat-trusted-profile-analyzer -n $NAMESPACE --values PATH_TO_VALUES_FILE --set-string appDomain=$APP_DOMAIN_URL
helm install redhat-trusted-profile-analyzer openshift-helm-charts/redhat-trusted-profile-analyzer -n $NAMESPACE --values PATH_TO_VALUES_FILE --set-string appDomain=$APP_DOMAIN_URLCopy to Clipboard Copied! Example
helm install redhat-trusted-profile-analyzer openshift-helm-charts/redhat-trusted-profile-analyzer -n $NAMESPACE --values values-rhtpa-aws.yaml --set-string appDomain=$APP_DOMAIN_URL
$ helm install redhat-trusted-profile-analyzer openshift-helm-charts/redhat-trusted-profile-analyzer -n $NAMESPACE --values values-rhtpa-aws.yaml --set-string appDomain=$APP_DOMAIN_URLCopy to Clipboard Copied! NoteYou can run this Helm chart many times to apply the currently configured state from the values file.
Once the installation finishes, you can log in to the RHTPA console by using a user’s credentials from the Cognito user pool. You can find the RHTPA console URL by running the following command:
Example
oc -n $NAMESPACE get route --selector app.kubernetes.io/name=spog-ui -o jsonpath='https://{.items[0].status.ingress[0].host}{"\n"}'$ oc -n $NAMESPACE get route --selector app.kubernetes.io/name=spog-ui -o jsonpath='https://{.items[0].status.ingress[0].host}{"\n"}'Copy to Clipboard Copied! A scheduled Cron job runs each day to gather the latest Common Vulnerabilities and Exposures (CVE) data for RHTPA. Instead of waiting, you can manually start this Cron job by running the following command:
Example
oc -n $NAMESPACE create job --from=cronjob/v11y-walker v11y-walker-now
$ oc -n $NAMESPACE create job --from=cronjob/v11y-walker v11y-walker-nowCopy to Clipboard Copied! Once the Cron job finishes, delete this Cron job:
Example
oc -n $NAMESPACE delete job v11y-walker-now
$ oc -n $NAMESPACE delete job v11y-walker-nowCopy to Clipboard Copied!
2.3. Installing Trusted Profile Analyzer by using Helm with other services
You can install Red Hat’s Trusted Profile Analyzer (RHTPA) service on OpenShift by using a Helm chart from Red Hat. You need to have a Simple Storage Service (S3) compatible storage infrastructure, an OpenID Connect (OIDC) provider, a PostgreSQL database, and use Red Hat AMQ Streams for OpenShift. This procedure guides you on integrating these various services with RHTPA by using a customized values file for Helm.
If the secret values change after the installation, OpenShift redeploys RHTPA.
Prerequisites
A Red Hat OpenShift Container Platform cluster running version 4.14 or later.
- Support for the Ingress resource to serve publicly trusted certificates that use HTTPS.
Have the following unversioned S3 bucket names created:
-
bombastic-default -
vexination-default -
v11y-default
-
The AMQ Streams on OpenShift service with the following topic names created:
-
bombastic-failed-default -
bombastic-indexed-default -
bombastic-stored-default -
vexination-failed-default -
vexination-indexed-default -
vexination-stored-default -
v11y-failed-default -
v11y-indexed-default -
v11y-stored-default
-
- An OIDC provider for authentication.
- A new PostgreSQL database.
-
Access to the OpenShift web console with the
cluster-adminrole. -
A workstation with the
oc, and thehelmbinaries installed.
Procedure
On your workstation, open a terminal, and log in to OpenShift by using the command-line interface:
Syntax
oc login --token=TOKEN --server=SERVER_URL_AND_PORT
oc login --token=TOKEN --server=SERVER_URL_AND_PORTCopy to Clipboard Copied! Example
oc login --token=sha256~ZvFDBvoIYAbVECixS4-WmkN4RfnNd8Neh3y1WuiFPXC --server=https://example.com:6443
$ oc login --token=sha256~ZvFDBvoIYAbVECixS4-WmkN4RfnNd8Neh3y1WuiFPXC --server=https://example.com:6443Copy to Clipboard Copied! NoteYou can find your login token and URL from the OpenShift web console to use on the command line. Log in to the OpenShift web console. Click your user name, and click Copy login command. Offer your user name and password again, and click Display Token to view the command.
Create a new project for the RHTPA deployment:
Syntax
oc new-project PROJECT_NAME
oc new-project PROJECT_NAMECopy to Clipboard Copied! Example
oc new-project trusted-profile-analyzer
$ oc new-project trusted-profile-analyzerCopy to Clipboard Copied! Open a new file for editing:
Example
vi values-rhtpa.yaml
$ vi values-rhtpa.yamlCopy to Clipboard Copied! -
Copy and paste the RHTPA values file template into the new
values-rhtpa.yamlfile. Update the
values-rhtpa.yamlfile with your information.- Replace S3_ENDPOINT_URL with your relevant S3 storage information.
- Replace AMQ_ENDPOINT_URL, and USER_NAME with your relevant AMQ Streams information.
- Replace OIDC_ISSUER_URL, FRONTEND_CLIENT_ID and WALKER_CLIENT_ID with your relevant OIDC information.
- Save the file, and quit the editor.
Create the S3 storage secret resource with your credentials:
Syntax
apiVersion: v1 kind: Secret metadata: name: s3-credentials namespace: PROJECT_NAME type: Opaque data: user: USER_NAME password: PASSWORD
apiVersion: v1 kind: Secret metadata: name: s3-credentials namespace: PROJECT_NAME type: Opaque data: user: USER_NAME password: PASSWORDCopy to Clipboard Copied! Example
cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: s3-credentials namespace: trusted-profile-analyzer type: Opaque data: user: root password: example123 EOF
$ cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: s3-credentials namespace: trusted-profile-analyzer type: Opaque data: user: root password: example123 EOFCopy to Clipboard Copied! Create the AMQ Streams secret resource with your credentials:
Syntax
apiVersion: v1 kind: Secret metadata: name: kafka-credentials namespace: PROJECT_NAME type: Opaque data: client_password: PASSWORD
apiVersion: v1 kind: Secret metadata: name: kafka-credentials namespace: PROJECT_NAME type: Opaque data: client_password: PASSWORDCopy to Clipboard Copied! Example
cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: kafka-credentials namespace: trusted-profile-analyzer type: Opaque data: client_password: example123 EOF
$ cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: kafka-credentials namespace: trusted-profile-analyzer type: Opaque data: client_password: example123 EOFCopy to Clipboard Copied! Create a OIDC walker client secret resource:
Syntax
apiVersion: v1 kind: Secret metadata: name: oidc-walker namespace: PROJECT_NAME type: Opaque data: client-secret: SECRET
apiVersion: v1 kind: Secret metadata: name: oidc-walker namespace: PROJECT_NAME type: Opaque data: client-secret: SECRETCopy to Clipboard Copied! Example
cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: oidc-walker namespace: trusted-profile-analyzer type: Opaque data: client-secret: 5460cc91-4e20-4edd-881c-b15b169f8a79 EOF
$ cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: oidc-walker namespace: trusted-profile-analyzer type: Opaque data: client-secret: 5460cc91-4e20-4edd-881c-b15b169f8a79 EOFCopy to Clipboard Copied! Create the two PostgreSQL database secret resources with your database credentials.
A PostgreSQL standard user secret resource:
Syntax
apiVersion: v1 kind: Secret metadata: name: postgresql-credentials namespace: PROJECT_NAME type: Opaque data: db.host: DB_HOST db.name: DB_NAME db.user: USERNAME db.password: PASSWORD db.port: PORT
apiVersion: v1 kind: Secret metadata: name: postgresql-credentials namespace: PROJECT_NAME type: Opaque data: db.host: DB_HOST db.name: DB_NAME db.user: USERNAME db.password: PASSWORD db.port: PORTCopy to Clipboard Copied! Example
cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: postgresql-credentials namespace: trusted-profile-analyzer type: Opaque data: data: db.host: postgresql.example.com db.name: rhtpadb db.user: jdoe db.password: example1234 db.port: 5432 EOF
$ cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: postgresql-credentials namespace: trusted-profile-analyzer type: Opaque data: data: db.host: postgresql.example.com db.name: rhtpadb db.user: jdoe db.password: example1234 db.port: 5432 EOFCopy to Clipboard Copied! A PostgreSQL administrator secret resource:
Syntax
apiVersion: v1 kind: Secret metadata: name: postgresql-admin-credentials namespace: PROJECT_NAME type: Opaque data: db.host: DB_HOST db.name: DB_NAME db.user: USERNAME db.password: PASSWORD db.port: PORT
apiVersion: v1 kind: Secret metadata: name: postgresql-admin-credentials namespace: PROJECT_NAME type: Opaque data: db.host: DB_HOST db.name: DB_NAME db.user: USERNAME db.password: PASSWORD db.port: PORTCopy to Clipboard Copied! Example
cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: postgresql-admin-credentials namespace: trusted-profile-analyzer type: Opaque data: data: db.host: postgresql.example.com db.name: rhtpadb db.user: admin db.password: example1234 db.port: 5432 EOF
$ cat <<EOF | oc apply -f - apiVersion: v1 kind: Secret metadata: name: postgresql-admin-credentials namespace: trusted-profile-analyzer type: Opaque data: data: db.host: postgresql.example.com db.name: rhtpadb db.user: admin db.password: example1234 db.port: 5432 EOFCopy to Clipboard Copied!
Set up your shell environment:
Syntax
export NAMESPACE=PROJECT_NAME export APP_DOMAIN_URL=-$NAMESPACE.$(oc -n openshift-ingress-operator get ingresscontrollers.operator.openshift.io default -o jsonpath='{.status.domain}')export NAMESPACE=PROJECT_NAME export APP_DOMAIN_URL=-$NAMESPACE.$(oc -n openshift-ingress-operator get ingresscontrollers.operator.openshift.io default -o jsonpath='{.status.domain}')Copy to Clipboard Copied! Example
export NAMESPACE=trusted-profile-analyzer export APP_DOMAIN_URL=-$NAMESPACE.$(oc -n openshift-ingress-operator get ingresscontrollers.operator.openshift.io default -o jsonpath='{.status.domain}')$ export NAMESPACE=trusted-profile-analyzer $ export APP_DOMAIN_URL=-$NAMESPACE.$(oc -n openshift-ingress-operator get ingresscontrollers.operator.openshift.io default -o jsonpath='{.status.domain}')Copy to Clipboard Copied! Add the OpenShift Helm chart repository:
Example
helm repo add openshift-helm-charts https://charts.openshift.io/
$ helm repo add openshift-helm-charts https://charts.openshift.io/Copy to Clipboard Copied! Get the latest chart information from the Helm chart repositories:
Example
helm repo update
$ helm repo updateCopy to Clipboard Copied! Run the Helm chart:
Syntax
helm install redhat-trusted-profile-analyzer openshift-helm-charts/redhat-trusted-profile-analyzer -n $NAMESPACE --values PATH_TO_VALUES_FILE --set-string appDomain=$APP_DOMAIN_URL
helm install redhat-trusted-profile-analyzer openshift-helm-charts/redhat-trusted-profile-analyzer -n $NAMESPACE --values PATH_TO_VALUES_FILE --set-string appDomain=$APP_DOMAIN_URLCopy to Clipboard Copied! Example
helm install redhat-trusted-profile-analyzer openshift-helm-charts/redhat-trusted-profile-analyzer -n $NAMESPACE --values values-rhtpa.yaml --set-string appDomain=$APP_DOMAIN_URL
$ helm install redhat-trusted-profile-analyzer openshift-helm-charts/redhat-trusted-profile-analyzer -n $NAMESPACE --values values-rhtpa.yaml --set-string appDomain=$APP_DOMAIN_URLCopy to Clipboard Copied! NoteYou can run this Helm chart many times to apply the currently configured state from the values file.
Once the installation finishes, you can log in to the RHTPA console by using a user’s credentials from your OIDC provider. You can find the RHTPA console URL by running the following command:
Example
oc -n $NAMESPACE get route --selector app.kubernetes.io/name=spog-ui -o jsonpath='https://{.items[0].status.ingress[0].host}{"\n"}'$ oc -n $NAMESPACE get route --selector app.kubernetes.io/name=spog-ui -o jsonpath='https://{.items[0].status.ingress[0].host}{"\n"}'Copy to Clipboard Copied! A scheduled Cron job runs each day to gather the latest Common Vulnerabilities and Exposures (CVE) data for RHTPA. Instead of waiting, you can manually start this Cron job by running the following command:
Example
oc -n $NAMESPACE create job --from=cronjob/v11y-walker v11y-walker-now
$ oc -n $NAMESPACE create job --from=cronjob/v11y-walker v11y-walker-nowCopy to Clipboard Copied! Once the Cron job finishes, delete this Cron job:
Example
oc -n $NAMESPACE delete job v11y-walker-now
$ oc -n $NAMESPACE delete job v11y-walker-nowCopy to Clipboard Copied!
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}