//// Purpose ------- This section should duplicate and consolidate any links to external resources contained elsewhere in this document. The intention is to create a single reference point for all external resources. As of this version the process of consolidating external links is manual. At some point this process may be scripted. (If you take it upon yourself to script the process, please share it with the CER WG so it can be incorporated into the process!) Sample ------ Link to Latest UCS VIC Drivers: https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/vic_drivers/install/Linux/b_Cisco_VIC_Drivers_for_Linux_Installation_Guide.html REST API Example for Starting a VM on RHV https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/rest_api_guide/documents-004_quick_start_example#start_the_virtual_machine //// - Workshop Miro Board https://miro.com/app/board/uXjVLSUPPwU=/ - ROSA Documentation https://docs.openshift.com/rosa/welcome/index.html - Solution Patterns https://www.solutionpatterns.io/patterns/ Q: What is the recommended approach to chargeback on ROSA? A: To implement chargeback on ROSA, set up Red Hat Cost Management with the Metrics Operator and a custom cost model to allocate expenses across clusters or projects. Integrate with AWS cost data if needed, use tagging for granular cost division, and analyze via the Cost Explorer. cf. https://docs.redhat.com/en/documentation/cost_management_service/1-latest/html/getting_started_with_cost_management/index Q: What factors influence the scoring/how they are weighted? A: All risk indicators are listed in the documentation, however it is not explicit about how we evaluate risk but it is an additive process. The more risk factors seen the higher the perceived “Risk” - Policy Violations: The names of the policies that are violated for the selected deployment. - Suspicious Process Executions: Suspicious processes, arguments, and container names that the process ran in. - Image Vulnerabilities: Images including total CVEs with their CVSS scores. - Service Configurations: Aspects of the configurations that are often problematic, such as read-write (RW) capability, whether capabilities are dropped, and the presence of privileged containers. - Service Reachability: Container ports exposed inside or outside the cluster. - Components Useful for Attackers: Discovered software tools that are often used by attackers. - Number of Components in Image: The number of packages found in each image. - Image Freshness: Image names and age, for example, 285 days old. - RBAC Configuration: The level of permissions granted to the deployment in Kubernetes role-based access control (RBAC). cf. https://docs.openshift.com/acs/4.5/operating/evaluate-security-risks.html#risk-indicators-tab_evaluate-security-risks Q: Do updates to policies only come with operator upgrades? A: No, RHACS team may push out a policy if there is a high security vulnerability such as log4shell. Q: Can multi-cluster networking from ACM Managed Clusters to ACM Hub Clusters happen over the public internet? A: IP connectivity must be configured between the Gateway nodes. When connecting two clusters, at least one of the clusters must have a publicly routable IP address designated to the Gateway node. cf. https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/manage_cluster/submariner#preparing-aws Q: Can a managed xKS cluster be upgraded from ACM? A: Not yet cf. https://access.redhat.com/articles/6968787