Provision tenant projects in OpenShift
This guide shows you how to set up tenant projects on Openshift clusters.
If you try to provision tenant projects using the normal provisioning flow, Central Console cannot reach the host where Supervisor Console runs.
Failing to follow these steps can lead an 'Internal Server Error', even when everything seems to be set up properly.
In this example provisioning flow, the DNS names for Central Console and Supervisor Console are:
- Central Console — https://console.apps.jonathan.lab.twistlock.com
- Supervisor Console to be provisioned — https://console.39apps.jonathan.lab.twistlock.com
Prerequisites:
- Two fully operational Prisma Cloud Consoles are already deployed. For more information, see the Prisma Cloud OpenShift 3.11 and OpenShift 4 deployment guides.
- OpenShift external routes to both Consoles' TCP port 8083 (Prisma Cloud UI and API), with the TLS termination type set to passthrough, already exist.
- The to-be Central and Supervisor Consoles are already licensed and you’ve created initial admin users.
- Designate one Console to be Supervisor and the other to be Central.
- Log into the Supervisor Console with your admin user.
- Add the FQDN of the Supervisor Console to the Subject Alternative Name field of the Supervisor Console’s certificate.
- In the Supervisor Console, go toManage > Defenders > Names.
- ClickAdd SAN.
- Add the Supervisor Console’s FQDN. In this example, it isconsole.39apps.jonathan.lab.twistlock.com.
- ClickAdd.
- Log into the Central Console with your admin user.
- Enable Projects by going toManage > Projects > Manageand settingUse ProjectstoOn.
- Click theProvisiontab and to provision a tenant Console.
- UnderSelect Project type, chooseTenant.
- InProject name, give your project a name.
- InSupervisor address, add the FQDN of the Supervisor. In this example, it is https://console.39apps.jonathan.lab.twistlock.com.
- Add theAdmin credentials for Supervisor.
- ClickProvision.Your Supervisor Console should be successfully provisioned.
