updated to add customer certs

accelerators/kubernetes/ocp/gcp/00_cluster_installation/cluster_installation.md

@@ -1,12 +1,12 @@
 # OpenShift Compliant Financial Infrastructure
 
-## Cluster Installation 
+## GCP Project setup and Cluster Installation 
 
-The OpenShift (OCP) Installer supports two installtion methods, Installer Provisioned Infrastructure(IPI) and User Provisioned Infrastructure(UPI). IPI is an opinionated automated installation, this is the installation menthod that will be used. UPI gives uses more flexibility to install OCP on pre-provisioned infrastructure, for example an on-premises installation where a firm's IT standards and policies prevent the use of an opinionated and automated installation. More details on OpenShift Installation can be found [here](https://docs.openshift.com/container-platform/4.10/installing/index.html).
+The OpenShift (OCP) Installer supports two installation methods, Installer Provisioned Infrastructure(IPI) and User Provisioned Infrastructure(UPI). IPI is an opinionated automated installation, this is the installation menthod that will be used. UPI gives users more flexibility to install OCP on pre-provisioned infrastructure, for example an on-premises installation where a firm's IT standards and policies prevent the use of an opinionated and automated installation. More details on OpenShift Installation can be found [here](https://docs.openshift.com/container-platform/4.10/installing/index.html).
 
-It is possile for OCP to be installed into a disconnected or air-gapped environment or be configured to have no public endpoints. To meet the current service accelerator requirements this is not required, the following instructions will implement a cluster thats is internet connected and have public end-points. 
+It is possile for OCP to be installed into a disconnected or air-gapped environment or be configured to have no public endpoints. To meet the current service accelerator requirements this is not required, the following instructions will implement a cluster that is internet connected and has public end-points. 
 
-The following provides an overview of the steps needed to install OCP on GCP. To meet the requirements of the service accelerator customisation needs to be made both at install time and as a day two change. To make the changes at install time we will use the [Installing a Cluster on GCP with Customisations] (https://docs.openshift.com/container-platform/4.10/installing/installing_gcp/installing-gcp-customizations.html) installation method.
+The following provides an overview of the steps needed to install OCP on GCP, to meet the requirements of the service accelerator customisation needs to be made both at install time and as a day two change. To make the changes at install time we will use the [Installing a Cluster on GCP with Customisations] (https://docs.openshift.com/container-platform/4.10/installing/installing_gcp/installing-gcp-customizations.html) installation method.
 
 Following are the high level steps to complete OCP installation, including the service accelerator polices to implement [FIPS cryptography](https://docs.openshift.com/container-platform/4.10/installing/installing-fips.html) and [OVNKubernetes Container Network Interface (CNI) plugin](https://docs.openshift.com/container-platform/4.10/networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.html#about-ovn-kubernetes). It is planned that in the future code to automate these steps will be provided. 
 
@@ -15,9 +15,8 @@ Following are the high level steps to complete OCP installation, including the s
 - Enabling the API's that the OCP Installer requires
 - Create a DNS public zone
 - Increasing GCP quotas (if needed)
-- Create a GCP service account for the OCP Installer and give it required permissions
-
-2. Complete installation setup, [download installer and service account key](https://docs.openshift.com/container-platform/4.10/installing/installing_gcp/installing-gcp-customizations.html) 
+- Creating a GCP service account for the OCP Installer and give it required permissions
+- [download installer and service account key](https://docs.openshift.com/container-platform/4.10/installing/installing_gcp/installing-gcp-customizations.html) onto local machine or a bastion where the installer is run and the installer state files can be stored.   
 
 3. Create the [installation configuration file](https://docs.openshift.com/container-platform/4.10/installing/installing_gcp/installing-gcp-customizations.html#installation-initializing_installing-gcp-customizations)
 - Create an OCP installation directory

accelerators/kubernetes/ocp/gcp/01_htpasswd_identity_provider/oauth.yaml

@@ -0,0 +1,32 @@
+apiVersion: v1
+items:
+- apiVersion: config.openshift.io/v1
+  kind: OAuth
+  metadata:
+    annotations:
+      include.release.openshift.io/ibm-cloud-managed: "true"
+      include.release.openshift.io/self-managed-high-availability: "true"
+      include.release.openshift.io/single-node-developer: "true"
+      release.openshift.io/create-only: "true"
+    creationTimestamp: "2022-06-01T06:55:19Z"
+    generation: 1
+    name: cluster
+    ownerReferences:
+    - apiVersion: config.openshift.io/v1
+      kind: ClusterVersion
+      name: version
+      uid: 8a116173-10df-4edd-811d-3ba835e2a6e8
+    resourceVersion: "1734"
+    uid: 184c4371-5f2f-4d41-aa6b-d0373186b29c
+  spec:
+    identityProviders:
+    - name: my_htpasswd_provider 
+      mappingMethod: claim 
+      type: HTPasswd
+      htpasswd:
+        fileData:
+          name: htpass-secret 
+kind: List
+metadata:
+  resourceVersion: ""
+  selfLink: ""

accelerators/kubernetes/ocp/gcp/01_htpasswd_identity_provider/sample_htpasswd_provider_oauth.yaml

@@ -0,0 +1,9 @@
+
+spec:
+  identityProviders:
+  - name: my_htpasswd_provider 
+    mappingMethod: claim 
+    type: HTPasswd
+    htpasswd:
+      fileData:
+        name: htpass-secret 

accelerators/kubernetes/ocp/gcp/03_day2_customisation/00-namespace-object.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    openshift.io/cluster-monitoring: "true"
+  name: openshift-compliance

accelerators/kubernetes/ocp/gcp/03_day2_customisation/01-operator-group-object.yaml

@@ -0,0 +1,8 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: compliance-operator
+  namespace: openshift-compliance
+spec:
+  targetNamespaces:
+  - openshift-compliance

accelerators/kubernetes/ocp/gcp/03_day2_customisation/02-subscription-object.yaml

@@ -0,0 +1,11 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: compliance-operator-sub
+  namespace: openshift-compliance
+spec:
+  channel: "release-0.1"
+  installPlanApproval: Automatic
+  name: compliance-operator
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace

accelerators/kubernetes/ocp/gcp/03_day2_customisation/03-finos-ocp4-profilebundle.yaml

@@ -0,0 +1,8 @@
+apiVersion: compliance.openshift.io/v1alpha1
+kind: ProfileBundle
+metadata:
+  name: ocp4-finos
+  namespace: openshift-compliance
+spec:
+  contentFile: ssg-ocp4-ds.xml
+  contentImage: quay.io/jhrozek/ocp4-openscap-content:finos-wip

accelerators/kubernetes/ocp/gcp/03_day2_customisation/04-finos-rhcos4-profilebundle.yaml

@@ -0,0 +1,8 @@
+apiVersion: compliance.openshift.io/v1alpha1
+kind: ProfileBundle
+metadata:
+  name: rhcos4-finos
+  namespace: openshift-compliance
+spec:
+  contentFile: ssg-rhcos4-ds.xml
+  contentImage: quay.io/jhrozek/ocp4-openscap-content:finos-wip

accelerators/kubernetes/ocp/gcp/02_day2_customisation/cis.yaml → accelerators/kubernetes/ocp/gcp/03_day2_customisation/05-scansetting-finos-ocp4-default.yaml

@@ -1,18 +1,15 @@
 apiVersion: compliance.openshift.io/v1alpha1
 kind: ScanSettingBinding
 metadata:
-  name: cis
-  namespace: openshift-compliance
+  name: finos-compliance-ocp4
 profiles:
-  # Node checks
-  - name: ocp4-cis-nodes
+  - name: ocp4-finos-finos
     kind: Profile
     apiGroup: compliance.openshift.io/v1alpha1
-  # Platform checks
-  - name: ocp4-cis
+  - name: ocp4-finos-finos-node
     kind: Profile
     apiGroup: compliance.openshift.io/v1alpha1
 settingsRef:
-  name: finos-setting
+  name: default-auto-apply
   kind: ScanSetting
-  apiGroup: compliance.openshift.io/v1alpha1
+  apiGroup: compliance.openshift.io/v1alpha1

accelerators/kubernetes/ocp/gcp/03_day2_customisation/06-scansetting-finos-rhcos4-default.yaml

@@ -0,0 +1,12 @@
+apiVersion: compliance.openshift.io/v1alpha1
+kind: ScanSettingBinding
+metadata:
+  name: finos-compliance-rhcos4
+profiles:
+  - name: rhcos4-finos-finos
+    kind: Profile
+    apiGroup: compliance.openshift.io/v1alpha1
+settingsRef:
+  name: default-auto-apply
+  kind: ScanSetting
+  apiGroup: compliance.openshift.io/v1alpha1