David Medinets medined

I hereby claim:

I am medined on github.
I am medined (https://keybase.io/medined) on keybase.
I have a public key ASAisVKwZNRmz62jhQXJAawUhJEHd5Oo3yHwZX29yQj7Tgo

To claim this, I am signing this object:

Eclipse Che

Introduction

I am working to install multi-user Eclipse Che on a three node OKD cluser on AWS. There is one master and two worker nodes on a common security group. Each runs Centos. Single-user Che intalled flawlessly.

$ oc version

	2020-06-19 15:23:50.0718\|1\|INFO\|Microsoft.AspNetCore.Hosting.Internal.WebHost\|Request starting HTTP/1.0 GET http://34.238.89.128/system/5eec2e1b9a09bd00019a911f/?pii=false&filter=low \|url: http://34.238.89.128/system/5eec2e1b9a09bd00019a911f/\|action:
	2020-06-19 15:23:50.0718\|2\|INFO\|Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler\|Successfully validated the token. \|url: http://34.238.89.128/system/5eec2e1b9a09bd00019a911f/\|action:
	2020-06-19 15:23:50.0727\|0\|INFO\|Microsoft.AspNetCore.Routing.EndpointMiddleware\|Executing endpoint 'openrmf_api_compliance.Controllers.ComplianceController.GetCompliancBySystem (openrmf-api-compliance)' \|url: http://34.238.89.128/system/5eec2e1b9a09bd00019a911f/\|action: GetCompliancBySystem
	2020-06-19 15:23:50.0727\|3\|INFO\|Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker\|Route matched with {action = "GetCompliancBySystem", controller = "Compliance"}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResu

	PLAY [Apply STIG] *****************************************************************************************************************************************************************************************

	TASK [Gathering Facts] ************************************************************************************************************************************************************************************
	ok: [34.192.52.20]

	TASK [/data/projects/RHEL7-STIG : Gather distribution info] ***********************************************************************************************************************************************
	skipping: [34.192.52.20]

	TASK [/data/projects/RHEL7-STIG : Check OS version and family] ********************************************************************************************************************************************
	ok: [34.192.52.20] => {

	2020-06-26 15:02:05 Starting Lynis 3.0.0 with PID 11125, build date 2020-03-20
	2020-06-26 15:02:05 ====
	2020-06-26 15:02:05 ### 2007-2020, CISOfy - https://cisofy.com/lynis/ ###
	2020-06-26 15:02:05 Checking permissions of /usr/share/lynis/include/profiles
	2020-06-26 15:02:05 File permissions are OK
	2020-06-26 15:02:05 Reading profile/configuration /etc/lynis/default.prf
	2020-06-26 15:02:05 Action: created temporary file /tmp/lynis.PsCgQxJx67
	2020-06-26 15:02:05 Language set via profile to ''
	2020-06-26 15:02:05 Plugin 'authentication' enabled according profile (/etc/lynis/default.prf)
	2020-06-26 15:02:05 Plugin 'compliance' enabled according profile (/etc/lynis/default.prf)

	You can use `kubectl` as a reverse proxy so that it handles locating the API server and
	authentication. It can run in the background but I like to use the foreground to make it easy
	to stop.

	```bash
	kubectl proxy --port=8080
	```

	Now you can open another terminal to explore the API.

	apiVersion: v1
	kind: Namespace
	metadata:
	name: ingress-nginx
	labels:
	name: ingress-nginx
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:

	---
	apiVersion: policy/v1beta1
	kind: PodSecurityPolicy
	metadata:
	name: privileged
	annotations:
	seccomp.security.alpha.kubernetes.io/allowedProfileNames: "*"
	labels:
	addonmanager.kubernetes.io/mode: EnsureExists
	spec: