openshift-docs/modules/zero-trust-manager-install-cli.adoc

// Module included in the following assemblies:
//
// * security/zero_trust_workload_identity_manageer/zero-trust-manager-install.adoc

:_mod-docs-content-type: PROCEDURE
[id="zero-trust-manager-install-cli_{context}"]
= Installing the {zero-trust-full} by using the CLI

.Prerequisites

* You have access to the cluster with `cluster-admin` privileges.

[NOTE]
====
A minimum of 1Gi persistent volume is required to install the SPIRE Server.
====

.Procedure

. Create a new project named `zero-trust-workload-identity-manager` by running the following command:
+
[source, terminal]
----
$ oc new-project zero-trust-workload-identity-manager
----

. Create an `OperatorGroup` object:

.. Create a YAML file, for example, `operatorGroup.yaml`, with the following content:
+
.Example `operatorGroup.yaml`
+
[source, yaml]
----
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: openshift-zero-trust-workload-identity-manager
  namespace: zero-trust-workload-identity-manager
spec:
  upgradeStrategy: Default
----

.. Create the `OperatorGroup` object by running the following command:
+
[source, terminal]
----
$ oc create -f operatorGroup.yaml
----

. Create a `Subscription` object:

.. Create a YAML file, for example, `subscription.yaml`, that defines the `Subscription` object:
+
.Example `subscription.yaml`
+
[source, yaml]
----
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: openshift-zero-trust-workload-identity-manager
  namespace: zero-trust-workload-identity-manager
spec:
  channel: stable-v1
  name: openshift-zero-trust-workload-identity-manager
  source: redhat-operators
  sourceNamespace: openshift-marketplace
  installPlanApproval: Automatic
----

.. Create the `Subscription` object by running the following command:
+
[source, terminal]
----
$ oc create -f subscription.yaml
----

.Verification

* Verify that the OLM subscription is created by running the following command:
+
[source, terminal]
----
$ oc get subscription -n zero-trust-workload-identity-manager
----
+
.Example output
[source, terminal]
----
NAME                                             PACKAGE                                SOURCE             CHANNEL
openshift-zero-trust-workload-identity-manager   zero-trust-workload-identity-manager   redhat-operators   stable-v1
----

* Verify whether the Operator is successfully installed by running the following command:
+
[source, terminal]
----
$ oc get csv -n zero-trust-workload-identity-manager
----
+
.Example output
[source, terminal]
----
NAME                                         DISPLAY                                VERSION  PHASE
zero-trust-workload-identity-manager.v1.0.0   Zero Trust Workload Identity Manager   1.0.0    Succeeded
----

* Verify that the {zero-trust-full} controller manager is ready by running the following command:
+
[source, terminal]
----
$ oc get deployment -l name=zero-trust-workload-identity-manager -n zero-trust-workload-identity-manager
----
+
.Example output
[source, terminal]
----
NAME                                                      READY   UP-TO-DATE   AVAILABLE   AGE
zero-trust-workload-identity-manager-controller-manager   1/1     1            1           43m
----