This guide shows you how to set up tenant projects on Openshift clusters. If you try to provision tenant projects using the normal provisioning flow, Central Console cannot reach the host where Supervisor Console runs. Failing to follow these steps can lead an 'Internal Server Error', even when everything seems to be set up properly.
In this example provisioning flow, the DNS names for Central Console and Supervisor Console are:
OpenShift external routes to both Consoles' TCP port 8083 (Prisma Cloud UI and API), with the TLS termination type set to passthrough, already exist.
The to-be Central and Supervisor Consoles are already licensed and you’ve created initial admin users.
Designate one Console to be Supervisor and the other to be Central.
Log into the Supervisor Console with your admin user.
Add the FQDN of the Supervisor Console to the Subject Alternative Name field of the Supervisor Console’s certificate.
In the Supervisor Console, go to Manage > Defenders > Names.
Click Add SAN.
Add the Supervisor Console’s FQDN. In this example, it is console.39apps.jonathan.lab.twistlock.com.
Log into the Central Console with your admin user.
Enable Projects by going to Manage > Projects > Manage and setting Use Projects to On.
Click the Provision tab and to provision a tenant Console.
Under Select Project type, choose Tenant.
In Project name, give your project a name.
In Supervisor address, add the FQDN of the Supervisor. In this example, it is https://console.39apps.jonathan.lab.twistlock.com.
Add the Admin credentials for Supervisor.
Your Supervisor Console should be successfully provisioned.