Fortinet black logo

Version:

Version:

Version:

Version:


Table of Contents

Online Help

Openshift Account Configuration

Follow each section below to configure Openshift cluster account before adding the Openshift account credential to Container Protection. The Openshift account user needs to be the cluster administrator.

Obtain Openshift Cluster API Address

Create OpenShift Service Account

Create a Cluster Role

Create RoleBindings

Obtain Service Account Token

 

Obtain Openshift Cluster API Address

  1. Log into the OpenShift cluster console with your administrator account.
  2. From OpenShift cluster console navigation pane, go to Home > Overview.
  3. Make a note of the Cluster API address.

 

Create OpenShift Service Account

  1. From OpenShift cluster console navigation pane, go to User Management > ServiceAccounts.
  2. Click Create ServiceAccount.
  3. Fill in a name and a namespace for the service account, and keep the rest of the YAML definitions as is.
  4. Click Create to create the service account.

Note: Make a note of the service account created and use it later in other configuration.

 

Create a Cluster Role

  1. From OpenShift cluster console navigation pane, go to User Management > Roles to enter Roles page.
  2. Click Create Role to create role.
  3. Use the minimum YAML definitions requirement below except the role name. Please enter a role name of your choice.
  4. Click Create to finish creating role.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
	name: (user-defined)
rules:
	- verbs:
		- get
		- watch
		- list
	  apiGroups:
		- image.openshift.io
	  resources:
		- images
		- imagestreamimages
		- imagestreams
		- imagestreams/layers
		

Note: Make a note of the role name and use it later in other configuration.

 

Create RoleBindings

  1. From OpenShift cluster console navigation pane, go to User Management > RoleBindings to enter RoleBindings page.
  2. Click Create binding to create role binding with the service account.
  3. In Binding type, select "Cluster-wide role binding (ClusterRoleBinding)".
  4. Fill in a RoleBinding name of your choice. Click Role name drop down button and select the role created earlier.
  5. In Subject, select ServiceAccount. Click namespace drop down menu and select the namespace of the service account created earlier.
  6. In Subject name field, enter the name of the service account created earlier
  7. Click Create to finish.

 

Obtain Service Account Token

  1. From OpenShift cluster console navigation pane, go to User Management > Service Accounts to enter ServiceAccounts page.
  2. Click on the service account created previously. Scroll down to Secrets section, and click on the secret with the type "kubernetes.io/service-account-token".
  3. In Secret Details page, scroll down and locate the token, click on Copy to Clipboard to copy the token for later use.

 

 

 

 

Openshift Account Configuration

Follow each section below to configure Openshift cluster account before adding the Openshift account credential to Container Protection. The Openshift account user needs to be the cluster administrator.

Obtain Openshift Cluster API Address

Create OpenShift Service Account

Create a Cluster Role

Create RoleBindings

Obtain Service Account Token

 

Obtain Openshift Cluster API Address

  1. Log into the OpenShift cluster console with your administrator account.
  2. From OpenShift cluster console navigation pane, go to Home > Overview.
  3. Make a note of the Cluster API address.

 

Create OpenShift Service Account

  1. From OpenShift cluster console navigation pane, go to User Management > ServiceAccounts.
  2. Click Create ServiceAccount.
  3. Fill in a name and a namespace for the service account, and keep the rest of the YAML definitions as is.
  4. Click Create to create the service account.

Note: Make a note of the service account created and use it later in other configuration.

 

Create a Cluster Role

  1. From OpenShift cluster console navigation pane, go to User Management > Roles to enter Roles page.
  2. Click Create Role to create role.
  3. Use the minimum YAML definitions requirement below except the role name. Please enter a role name of your choice.
  4. Click Create to finish creating role.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
	name: (user-defined)
rules:
	- verbs:
		- get
		- watch
		- list
	  apiGroups:
		- image.openshift.io
	  resources:
		- images
		- imagestreamimages
		- imagestreams
		- imagestreams/layers
		

Note: Make a note of the role name and use it later in other configuration.

 

Create RoleBindings

  1. From OpenShift cluster console navigation pane, go to User Management > RoleBindings to enter RoleBindings page.
  2. Click Create binding to create role binding with the service account.
  3. In Binding type, select "Cluster-wide role binding (ClusterRoleBinding)".
  4. Fill in a RoleBinding name of your choice. Click Role name drop down button and select the role created earlier.
  5. In Subject, select ServiceAccount. Click namespace drop down menu and select the namespace of the service account created earlier.
  6. In Subject name field, enter the name of the service account created earlier
  7. Click Create to finish.

 

Obtain Service Account Token

  1. From OpenShift cluster console navigation pane, go to User Management > Service Accounts to enter ServiceAccounts page.
  2. Click on the service account created previously. Scroll down to Secrets section, and click on the secret with the type "kubernetes.io/service-account-token".
  3. In Secret Details page, scroll down and locate the token, click on Copy to Clipboard to copy the token for later use.