From 6199c221d926af99246ace45bded7afcbe8428ce Mon Sep 17 00:00:00 2001 From: Andrew Taylor Date: Tue, 22 Aug 2023 13:34:36 -0400 Subject: [PATCH] OCPBUGS-17816: Compliance Operator documentation improvements --- _topic_maps/_topic_map.yml | 68 +++++++++++-------- modules/compliance-anatomy.adoc | 2 +- ...pliance-apply-remediations-from-scans.adoc | 2 +- ...applying-resource-requests-and-limits.adoc | 2 +- modules/compliance-applying.adoc | 2 +- .../compliance-auto-update-remediations.adoc | 2 +- ...mpliance-crd-advanced-compliance-scan.adoc | 2 +- ...ompliance-crd-compliance-check-result.adoc | 2 +- ...compliance-crd-compliance-remediation.adoc | 2 +- modules/compliance-crd-compliance-suite.adoc | 2 +- modules/compliance-crd-profile-bundle.adoc | 2 +- modules/compliance-crd-profile.adoc | 2 +- modules/compliance-crd-rule.adoc | 2 +- .../compliance-crd-scan-setting-binding.adoc | 2 +- modules/compliance-crd-scan-setting.adoc | 2 +- modules/compliance-crd-tailored-profile.adoc | 2 +- modules/compliance-crd-workflow.adoc | 2 +- modules/compliance-custom-node-pools.adoc | 2 +- modules/compliance-custom-scc.adoc | 4 +- modules/compliance-custom-storage.adoc | 2 +- ...mpliance-evaluate-kubeletconfig-rules.adoc | 2 +- modules/compliance-filtering-results.adoc | 2 +- modules/compliance-imagestreams.adoc | 2 +- modules/compliance-inconsistent.adoc | 2 +- ...compliance-increasing-operator-limits.adoc | 2 +- ...ce-kubeletconfig-sub-pool-remediation.adoc | 2 +- modules/compliance-manual.adoc | 2 +- modules/compliance-new-tailored-profiles.adoc | 2 +- modules/compliance-objects.adoc | 2 +- .../compliance-operator-cli-installation.adoc | 2 +- .../compliance-operator-cli-uninstall.adoc | 2 +- ...pliance-operator-console-installation.adoc | 2 +- modules/compliance-operator-hcp-install.adoc | 2 +- modules/compliance-operator-uninstall.adoc | 2 +- modules/compliance-priorityclass.adoc | 2 +- modules/compliance-profilebundle.adoc | 2 +- modules/compliance-profiles.adoc | 4 +- modules/compliance-raw-tailored.adoc | 2 +- .../compliance-removing-kubeletconfig.adoc | 2 +- modules/compliance-rescan.adoc | 2 +- modules/compliance-results.adoc | 2 +- modules/compliance-review.adoc | 2 +- modules/compliance-scansetting-cr.adoc | 2 +- ...cheduling-pods-with-resource-requests.adoc | 2 +- modules/compliance-tailored-profiles.adoc | 2 +- modules/compliance-timeout.adoc | 2 +- modules/compliance-unapplying.adoc | 2 +- modules/compliance-update.adoc | 2 +- modules/compliance-updating.adoc | 2 +- ...tching-compliance-remediation-details.adoc | 2 +- .../oc-compliance-fetching-raw-results.adoc | 2 +- modules/oc-compliance-installing.adoc | 2 +- modules/oc-compliance-printing-controls.adoc | 2 +- modules/oc-compliance-rerunning-scans.adoc | 2 +- ...ompliance-using-scan-setting-bindings.adoc | 2 +- ...ewing-compliance-check-result-details.adoc | 2 +- modules/operator-resource-constraints.adoc | 2 +- .../running-compliance-scans-worker-node.adoc | 2 +- modules/running-compliance-scans.adoc | 4 +- modules/support.adoc | 2 +- .../co-concepts/_attributes | 1 + .../compliance-operator-crd.adoc | 0 .../compliance-operator-understanding.adoc | 2 +- .../compliance_operator/co-concepts/images | 1 + .../compliance_operator/co-concepts/modules | 1 + .../compliance_operator/co-concepts/snippets | 1 + .../co-management/_attributes | 1 + .../compliance-operator-installation.adoc | 10 +-- .../compliance-operator-manage.adoc | 2 +- .../compliance-operator-uninstallation.adoc | 2 +- .../compliance-operator-updating.adoc | 2 +- .../compliance_operator/co-management/images | 1 + .../compliance_operator/co-management/modules | 1 + .../co-management/snippets | 1 + security/compliance_operator/co-overview.adoc | 50 ++++++++++++++ .../compliance_operator/co-scans/_attributes | 1 + .../compliance-operator-advanced.adoc | 2 +- .../compliance-operator-raw-results.adoc | 0 .../compliance-operator-remediation.adoc | 2 +- ...ompliance-operator-supported-profiles.adoc | 4 +- .../compliance-operator-tailor.adoc | 0 .../compliance-operator-troubleshooting.adoc | 0 .../{ => co-scans}/compliance-scans.adoc | 0 security/compliance_operator/co-scans/images | 1 + security/compliance_operator/co-scans/modules | 1 + .../oc-compliance-plug-in-using.adoc | 2 +- .../compliance_operator/co-scans/snippets | 1 + .../compliance-operator-release-notes.adoc | 24 +++---- security/index.adoc | 2 +- virt/about_virt/about-virt.adoc | 2 +- 90 files changed, 190 insertions(+), 120 deletions(-) create mode 120000 security/compliance_operator/co-concepts/_attributes rename security/compliance_operator/{ => co-concepts}/compliance-operator-crd.adoc (100%) rename security/compliance_operator/{ => co-concepts}/compliance-operator-understanding.adoc (84%) create mode 120000 security/compliance_operator/co-concepts/images create mode 120000 security/compliance_operator/co-concepts/modules create mode 120000 security/compliance_operator/co-concepts/snippets create mode 120000 security/compliance_operator/co-management/_attributes rename security/compliance_operator/{ => co-management}/compliance-operator-installation.adoc (67%) rename security/compliance_operator/{ => co-management}/compliance-operator-manage.adoc (78%) rename security/compliance_operator/{ => co-management}/compliance-operator-uninstallation.adoc (89%) rename security/compliance_operator/{ => co-management}/compliance-operator-updating.adoc (90%) create mode 120000 security/compliance_operator/co-management/images create mode 120000 security/compliance_operator/co-management/modules create mode 120000 security/compliance_operator/co-management/snippets create mode 100644 security/compliance_operator/co-overview.adoc create mode 120000 security/compliance_operator/co-scans/_attributes rename security/compliance_operator/{ => co-scans}/compliance-operator-advanced.adoc (89%) rename security/compliance_operator/{ => co-scans}/compliance-operator-raw-results.adoc (100%) rename security/compliance_operator/{ => co-scans}/compliance-operator-remediation.adoc (92%) rename security/compliance_operator/{ => co-scans}/compliance-operator-supported-profiles.adoc (74%) rename security/compliance_operator/{ => co-scans}/compliance-operator-tailor.adoc (100%) rename security/compliance_operator/{ => co-scans}/compliance-operator-troubleshooting.adoc (100%) rename security/compliance_operator/{ => co-scans}/compliance-scans.adoc (100%) create mode 120000 security/compliance_operator/co-scans/images create mode 120000 security/compliance_operator/co-scans/modules rename security/compliance_operator/{ => co-scans}/oc-compliance-plug-in-using.adoc (63%) create mode 120000 security/compliance_operator/co-scans/snippets diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index 39b72d6233..1b566c702f 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -929,37 +929,47 @@ Topics: - Name: Compliance Operator Dir: compliance_operator Topics: + - Name: Compliance Operator overview + File: co-overview - Name: Compliance Operator release notes File: compliance-operator-release-notes - - Name: Supported compliance profiles - File: compliance-operator-supported-profiles - - Name: Installing the Compliance Operator - File: compliance-operator-installation - - Name: Updating the Compliance Operator - File: compliance-operator-updating - - Name: Compliance Operator scans - File: compliance-scans - - Name: Understanding the Compliance Operator - File: compliance-operator-understanding - - Name: Managing the Compliance Operator - File: compliance-operator-manage - - Name: Tailoring the Compliance Operator - File: compliance-operator-tailor - - Name: Retrieving Compliance Operator raw results - File: compliance-operator-raw-results - - Name: Managing Compliance Operator remediation - File: compliance-operator-remediation - - Name: Performing advanced Compliance Operator tasks - File: compliance-operator-advanced - - Name: Troubleshooting the Compliance Operator - File: compliance-operator-troubleshooting - - Name: Uninstalling the Compliance Operator - File: compliance-operator-uninstallation - - Name: Using the oc-compliance plugin - File: oc-compliance-plug-in-using - - Name: Understanding the Custom Resource Definitions - File: compliance-operator-crd - + - Name: Compliance Operator concepts + Dir: co-concepts + Topics: + - Name: Understanding the Compliance Operator + File: compliance-operator-understanding + - Name: Understanding the Custom Resource Definitions + File: compliance-operator-crd + - Name: Compliance Operator management + Dir: co-management + Topics: + - Name: Installing the Compliance Operator + File: compliance-operator-installation + - Name: Updating the Compliance Operator + File: compliance-operator-updating + - Name: Managing the Compliance Operator + File: compliance-operator-manage + - Name: Uninstalling the Compliance Operator + File: compliance-operator-uninstallation + - Name: Compliance Operator scan management + Dir: co-scans + Topics: + - Name: Supported compliance profiles + File: compliance-operator-supported-profiles + - Name: Compliance Operator scans + File: compliance-scans + - Name: Tailoring the Compliance Operator + File: compliance-operator-tailor + - Name: Retrieving Compliance Operator raw results + File: compliance-operator-raw-results + - Name: Managing Compliance Operator remediation + File: compliance-operator-remediation + - Name: Performing advanced Compliance Operator tasks + File: compliance-operator-advanced + - Name: Troubleshooting the Compliance Operator + File: compliance-operator-troubleshooting + - Name: Using the oc-compliance plugin + File: oc-compliance-plug-in-using - Name: File Integrity Operator Dir: file_integrity_operator Topics: diff --git a/modules/compliance-anatomy.adoc b/modules/compliance-anatomy.adoc index c19f299fd4..2106b834ad 100644 --- a/modules/compliance-anatomy.adoc +++ b/modules/compliance-anatomy.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-troubleshooting.adoc +// * security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc [id="compliance-anatomy_{context}"] = Anatomy of a scan diff --git a/modules/compliance-apply-remediations-from-scans.adoc b/modules/compliance-apply-remediations-from-scans.adoc index 712384bcf3..d8e3ecbc22 100644 --- a/modules/compliance-apply-remediations-from-scans.adoc +++ b/modules/compliance-apply-remediations-from-scans.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-advanced.adoc +// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc :_content-type: PROCEDURE [id="installing-compliance-operator-cli_{context}"] diff --git a/modules/compliance-applying-resource-requests-and-limits.adoc b/modules/compliance-applying-resource-requests-and-limits.adoc index 00f52953e2..8ebba04a70 100644 --- a/modules/compliance-applying-resource-requests-and-limits.adoc +++ b/modules/compliance-applying-resource-requests-and-limits.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-scans.adoc +// * security/compliance_operator/co-scans/compliance-scans.adoc :_content-type: CONCEPT [id="compliance-applying-resource-requests-and-limits_{context}"] diff --git a/modules/compliance-applying.adoc b/modules/compliance-applying.adoc index d448f850ff..5394f1284d 100644 --- a/modules/compliance-applying.adoc +++ b/modules/compliance-applying.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-remediation.adoc +// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc [id="compliance-applying_{context}"] = Applying a remediation diff --git a/modules/compliance-auto-update-remediations.adoc b/modules/compliance-auto-update-remediations.adoc index 90e920ed85..3a5209cf3e 100644 --- a/modules/compliance-auto-update-remediations.adoc +++ b/modules/compliance-auto-update-remediations.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-advanced.adoc +// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc :_content-type: PROCEDURE [id="automatically-update-remediations_{context}"] diff --git a/modules/compliance-crd-advanced-compliance-scan.adoc b/modules/compliance-crd-advanced-compliance-scan.adoc index d758a15c98..90eabd315d 100644 --- a/modules/compliance-crd-advanced-compliance-scan.adoc +++ b/modules/compliance-crd-advanced-compliance-scan.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-crd.adoc +// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc :_content-type: CONCEPT [id="advance-compliance-scan-object_{context}"] diff --git a/modules/compliance-crd-compliance-check-result.adoc b/modules/compliance-crd-compliance-check-result.adoc index c5ff012bb2..d1ddc6c7cc 100644 --- a/modules/compliance-crd-compliance-check-result.adoc +++ b/modules/compliance-crd-compliance-check-result.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-crd.adoc +// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc :_content-type: CONCEPT [id="compliance-check-result_{context}"] diff --git a/modules/compliance-crd-compliance-remediation.adoc b/modules/compliance-crd-compliance-remediation.adoc index 9a8341e17f..93b59a679f 100644 --- a/modules/compliance-crd-compliance-remediation.adoc +++ b/modules/compliance-crd-compliance-remediation.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-crd.adoc +// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc :_content-type: CONCEPT [id="compliance-remediation-object_{context}"] diff --git a/modules/compliance-crd-compliance-suite.adoc b/modules/compliance-crd-compliance-suite.adoc index 604e7e2343..b5dad44e74 100644 --- a/modules/compliance-crd-compliance-suite.adoc +++ b/modules/compliance-crd-compliance-suite.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-crd.adoc +// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc :_content-type: CONCEPT [id="compliance-suite-object_{context}"] diff --git a/modules/compliance-crd-profile-bundle.adoc b/modules/compliance-crd-profile-bundle.adoc index 971f4ceb9b..ad48250b67 100644 --- a/modules/compliance-crd-profile-bundle.adoc +++ b/modules/compliance-crd-profile-bundle.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-crd.adoc +// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc :_content-type: CONCEPT [id="profile-bundle-object_{context}"] diff --git a/modules/compliance-crd-profile.adoc b/modules/compliance-crd-profile.adoc index 9dbb9ba919..402e40a835 100644 --- a/modules/compliance-crd-profile.adoc +++ b/modules/compliance-crd-profile.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-crd.adoc +// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc :_content-type: CONCEPT [id="profile-object_{context}"] diff --git a/modules/compliance-crd-rule.adoc b/modules/compliance-crd-rule.adoc index 1ee2b9c460..965e8973f9 100644 --- a/modules/compliance-crd-rule.adoc +++ b/modules/compliance-crd-rule.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-crd.adoc +// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc :_content-type: CONCEPT [id="rule-object_{context}"] diff --git a/modules/compliance-crd-scan-setting-binding.adoc b/modules/compliance-crd-scan-setting-binding.adoc index 974d0fa583..a39efa2337 100644 --- a/modules/compliance-crd-scan-setting-binding.adoc +++ b/modules/compliance-crd-scan-setting-binding.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-crd.adoc +// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc :_content-type: CONCEPT [id="scan-setting-binding-object_{context}"] diff --git a/modules/compliance-crd-scan-setting.adoc b/modules/compliance-crd-scan-setting.adoc index 13d3f8883a..9b843928c4 100644 --- a/modules/compliance-crd-scan-setting.adoc +++ b/modules/compliance-crd-scan-setting.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-crd.adoc +// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc :_content-type: CONCEPT [id="scan-setting-object_{context}"] diff --git a/modules/compliance-crd-tailored-profile.adoc b/modules/compliance-crd-tailored-profile.adoc index 96408f9856..578f55229a 100644 --- a/modules/compliance-crd-tailored-profile.adoc +++ b/modules/compliance-crd-tailored-profile.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-crd.adoc +// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc :_content-type: CONCEPT [id="tailored-profile-object_{context}"] diff --git a/modules/compliance-crd-workflow.adoc b/modules/compliance-crd-workflow.adoc index a5f4cff799..0b5c3cd551 100644 --- a/modules/compliance-crd-workflow.adoc +++ b/modules/compliance-crd-workflow.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-crd.adoc +// * security/compliance_operator/co-concepts/compliance-operator-crd.adoc :_content-type: CONCEPT [id="custom-resource-definitions-workflow_{context}"] diff --git a/modules/compliance-custom-node-pools.adoc b/modules/compliance-custom-node-pools.adoc index e0c7bd03c0..08c2f3f4d9 100644 --- a/modules/compliance-custom-node-pools.adoc +++ b/modules/compliance-custom-node-pools.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-remediation.adoc +// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc :_content-type: PROCEDURE [id="compliance-custom-node-pools_{context}"] diff --git a/modules/compliance-custom-scc.adoc b/modules/compliance-custom-scc.adoc index fbb0ad1189..1c11baa5f4 100644 --- a/modules/compliance-custom-scc.adoc +++ b/modules/compliance-custom-scc.adoc @@ -1,12 +1,12 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-advanced.adoc +// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc :_content-type: PROCEDURE [id="compliance-custom-scc_{context}"] = Creating a custom SCC for the Compliance Operator -In some environments, you must create a custom Security Context Constraints (SCC) file to ensure the correct permissions are available to the Compliance Operator `api-resource-collector`. +In some environments, you must create a custom Security Context Constraints (SCC) file to ensure the correct permissions are available to the Compliance Operator `api-resource-collector`. .Prerequisites diff --git a/modules/compliance-custom-storage.adoc b/modules/compliance-custom-storage.adoc index ccb7299dd9..4e975afb9d 100644 --- a/modules/compliance-custom-storage.adoc +++ b/modules/compliance-custom-storage.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-advanced.adoc +// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc [id="compliance-custom-storage_{context}"] = Setting custom storage size for results diff --git a/modules/compliance-evaluate-kubeletconfig-rules.adoc b/modules/compliance-evaluate-kubeletconfig-rules.adoc index 181e9a42a3..119086b343 100644 --- a/modules/compliance-evaluate-kubeletconfig-rules.adoc +++ b/modules/compliance-evaluate-kubeletconfig-rules.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-remediation.adoc +// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc :_content-type: CONCEPT [id="compliance-evaluate-kubeletconfig-rules_{context}"] diff --git a/modules/compliance-filtering-results.adoc b/modules/compliance-filtering-results.adoc index 6f3356d5fd..e33b0db985 100644 --- a/modules/compliance-filtering-results.adoc +++ b/modules/compliance-filtering-results.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-remediation.adoc +// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc :_content-type: PROCEDURE [id="filtering-compliance-check-results_{context}"] diff --git a/modules/compliance-imagestreams.adoc b/modules/compliance-imagestreams.adoc index 4d7c883701..8469cacaa4 100644 --- a/modules/compliance-imagestreams.adoc +++ b/modules/compliance-imagestreams.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-manage.adoc +// * security/compliance_operator/co-management/compliance-operator-manage.adoc :_content-type: PROCEDURE [id="compliance-imagestreams_{context}"] diff --git a/modules/compliance-inconsistent.adoc b/modules/compliance-inconsistent.adoc index d0d7348772..895c7c4c2d 100644 --- a/modules/compliance-inconsistent.adoc +++ b/modules/compliance-inconsistent.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-remediation.adoc +// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc :_content-type: PROCEDURE [id="compliance-inconsistent_{context}"] diff --git a/modules/compliance-increasing-operator-limits.adoc b/modules/compliance-increasing-operator-limits.adoc index 77c8f5bd17..e3beec6f60 100644 --- a/modules/compliance-increasing-operator-limits.adoc +++ b/modules/compliance-increasing-operator-limits.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-troubleshooting.adoc +// * security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc :_content-type: PROCEDURE [id="compliance-increasing-operator-limits_{context}"] diff --git a/modules/compliance-kubeletconfig-sub-pool-remediation.adoc b/modules/compliance-kubeletconfig-sub-pool-remediation.adoc index 471299ca99..311d5fbb6d 100644 --- a/modules/compliance-kubeletconfig-sub-pool-remediation.adoc +++ b/modules/compliance-kubeletconfig-sub-pool-remediation.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-remediation.adoc +// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc :_content-type: PROCEDURE [id="compliance-kubeletconfig-sub-pool-remediation_{context}"] diff --git a/modules/compliance-manual.adoc b/modules/compliance-manual.adoc index 52ef596ecb..5832b7cb7a 100644 --- a/modules/compliance-manual.adoc +++ b/modules/compliance-manual.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-remediation.adoc +// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc :_content-type: PROCEDURE [id="compliance-manual_{context}"] diff --git a/modules/compliance-new-tailored-profiles.adoc b/modules/compliance-new-tailored-profiles.adoc index d3850dc495..4748cd0712 100644 --- a/modules/compliance-new-tailored-profiles.adoc +++ b/modules/compliance-new-tailored-profiles.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-tailor.adoc +// * security/compliance_operator/co-scans/compliance-operator-tailor.adoc :_content-type: PROCEDURE [id="compliance-new-tailored-profiles_{context}"] diff --git a/modules/compliance-objects.adoc b/modules/compliance-objects.adoc index bb4269d1e1..59d712faf4 100644 --- a/modules/compliance-objects.adoc +++ b/modules/compliance-objects.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-advanced.adoc +// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc [id="compliance-objects_{context}"] = Using the ComplianceSuite and ComplianceScan objects directly diff --git a/modules/compliance-operator-cli-installation.adoc b/modules/compliance-operator-cli-installation.adoc index f9cb58f3f4..d821fe71ef 100644 --- a/modules/compliance-operator-cli-installation.adoc +++ b/modules/compliance-operator-cli-installation.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-installation.adoc +// * security/compliance_operator/co-management/compliance-operator-installation.adoc :_content-type: PROCEDURE [id="installing-compliance-operator-cli_{context}"] diff --git a/modules/compliance-operator-cli-uninstall.adoc b/modules/compliance-operator-cli-uninstall.adoc index 95abb1cba1..a12c3ebd90 100644 --- a/modules/compliance-operator-cli-uninstall.adoc +++ b/modules/compliance-operator-cli-uninstall.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// security/compliance_operator/compliance-operator-uninstallation.adoc +// security/compliance_operator/co-management/compliance-operator-uninstallation.adoc :_content-type: PROCEDURE [id="compliance-operator-uninstall-cli_{context}"] diff --git a/modules/compliance-operator-console-installation.adoc b/modules/compliance-operator-console-installation.adoc index c0dd1e7ac2..12cdf6d2e9 100644 --- a/modules/compliance-operator-console-installation.adoc +++ b/modules/compliance-operator-console-installation.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-installation.adoc +// * security/compliance_operator/co-management/compliance-operator-installation.adoc :_content-type: PROCEDURE [id="installing-compliance-operator-web-console_{context}"] diff --git a/modules/compliance-operator-hcp-install.adoc b/modules/compliance-operator-hcp-install.adoc index ebce17db3e..b7a29be525 100644 --- a/modules/compliance-operator-hcp-install.adoc +++ b/modules/compliance-operator-hcp-install.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-installation.adoc +// * security/compliance_operator/co-management/compliance-operator-installation.adoc :_content-type: PROCEDURE [id="installing-compliance-operator-hcp_{context}"] diff --git a/modules/compliance-operator-uninstall.adoc b/modules/compliance-operator-uninstall.adoc index d45269360b..ee39f49a02 100644 --- a/modules/compliance-operator-uninstall.adoc +++ b/modules/compliance-operator-uninstall.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// security/compliance_operator/compliance-operator-uninstallation.adoc +// security/compliance_operator/co-management/compliance-operator-uninstallation.adoc :_content-type: PROCEDURE [id="compliance-operator-uninstall_{context}"] diff --git a/modules/compliance-priorityclass.adoc b/modules/compliance-priorityclass.adoc index fc62847beb..6d74856310 100644 --- a/modules/compliance-priorityclass.adoc +++ b/modules/compliance-priorityclass.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-advanced.adoc +// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc :_content-type: PROCEDURE [id="compliance-priorityclass_{context}"] diff --git a/modules/compliance-profilebundle.adoc b/modules/compliance-profilebundle.adoc index efad4006ac..7a6f6e2e5c 100644 --- a/modules/compliance-profilebundle.adoc +++ b/modules/compliance-profilebundle.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-manage.adoc +// * security/compliance_operator/co-management/compliance-operator-manage.adoc :_content-type: CONCEPT [id="compliance-profilebundle_{context}"] diff --git a/modules/compliance-profiles.adoc b/modules/compliance-profiles.adoc index dbcbf8c396..a8f76e2fd9 100644 --- a/modules/compliance-profiles.adoc +++ b/modules/compliance-profiles.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-understanding.adoc +// * security/compliance_operator/co-concepts/compliance-operator-understanding.adoc :_content-type: CONCEPT [id="compliance_profiles_{context}"] @@ -193,7 +193,7 @@ warning: Manual editing of these files may indicate nefarious activity, such as ---- ==== -[id="compliance_profile_types{context}"] +[id="compliance_profile_types_{context}"] == Compliance Operator profile types There are two types of compliance profiles available: Platform and Node. diff --git a/modules/compliance-raw-tailored.adoc b/modules/compliance-raw-tailored.adoc index a9b9b183cb..a278e99f1e 100644 --- a/modules/compliance-raw-tailored.adoc +++ b/modules/compliance-raw-tailored.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-advanced.adoc +// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc :_content-type: PROCEDURE [id="compliance-raw-tailored_{context}"] diff --git a/modules/compliance-removing-kubeletconfig.adoc b/modules/compliance-removing-kubeletconfig.adoc index be84a1b811..6efc709330 100644 --- a/modules/compliance-removing-kubeletconfig.adoc +++ b/modules/compliance-removing-kubeletconfig.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-remediation.adoc +// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc :_content-type: PROCEDURE [id="compliance-removing-kubeletconfig_{context}"] diff --git a/modules/compliance-rescan.adoc b/modules/compliance-rescan.adoc index 331f7deea8..46c54cead3 100644 --- a/modules/compliance-rescan.adoc +++ b/modules/compliance-rescan.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-advanced.adoc +// * security/compliance_operator/co-scans/compliance-operator-advanced.adoc [id="compliance-rescan_{context}"] = Performing a rescan diff --git a/modules/compliance-results.adoc b/modules/compliance-results.adoc index 72d171cef7..7b0b45d3bd 100644 --- a/modules/compliance-results.adoc +++ b/modules/compliance-results.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-raw-results.adoc +// * security/compliance_operator/co-scans/compliance-operator-raw-results.adoc :_content-type: PROCEDURE [id="compliance-results_{context}"] diff --git a/modules/compliance-review.adoc b/modules/compliance-review.adoc index 111ac9faa5..cf3cd1fc4b 100644 --- a/modules/compliance-review.adoc +++ b/modules/compliance-review.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-remediation.adoc +// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc [id="compliance-review_{context}"] = Reviewing a remediation diff --git a/modules/compliance-scansetting-cr.adoc b/modules/compliance-scansetting-cr.adoc index a76b1da48e..c3feb962f8 100644 --- a/modules/compliance-scansetting-cr.adoc +++ b/modules/compliance-scansetting-cr.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-scans.adoc +// * security/compliance_operator/co-scans/compliance-scans.adoc :_content-type: CONCEPT [id="compliance-scansetting-cr_{context}"] diff --git a/modules/compliance-scheduling-pods-with-resource-requests.adoc b/modules/compliance-scheduling-pods-with-resource-requests.adoc index 2afb461050..c39f0197d3 100644 --- a/modules/compliance-scheduling-pods-with-resource-requests.adoc +++ b/modules/compliance-scheduling-pods-with-resource-requests.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-scans.adoc +// * security/compliance_operator/co-scans/compliance-scans.adoc :_content-type: CONCEPT [id="compliance-scheduling-pods-with-resource-requests_{context}"] diff --git a/modules/compliance-tailored-profiles.adoc b/modules/compliance-tailored-profiles.adoc index 620f2f0824..30bb344768 100644 --- a/modules/compliance-tailored-profiles.adoc +++ b/modules/compliance-tailored-profiles.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-tailor.adoc +// * security/compliance_operator/co-scans/compliance-operator-tailor.adoc :_content-type: PROCEDURE [id="compliance-tailored-profiles_{context}"] diff --git a/modules/compliance-timeout.adoc b/modules/compliance-timeout.adoc index 31d75ba139..5415a176a1 100644 --- a/modules/compliance-timeout.adoc +++ b/modules/compliance-timeout.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-troubleshooting.adoc +// * security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc :_content-type: PROCEDURE [id="compliance-timeout_{context}"] diff --git a/modules/compliance-unapplying.adoc b/modules/compliance-unapplying.adoc index d214ca6ea3..4234e2e254 100644 --- a/modules/compliance-unapplying.adoc +++ b/modules/compliance-unapplying.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-remediation.adoc +// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc :_content-type: PROCEDURE [id="compliance-unapplying_{context}"] diff --git a/modules/compliance-update.adoc b/modules/compliance-update.adoc index 2ed2be580e..352ec2b992 100644 --- a/modules/compliance-update.adoc +++ b/modules/compliance-update.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-manage.adoc +// * security/compliance_operator/co-management/compliance-operator-manage.adoc :_content-type: CONCEPT [id="compliance-update_{context}"] diff --git a/modules/compliance-updating.adoc b/modules/compliance-updating.adoc index 6b0673e270..fa216daf47 100644 --- a/modules/compliance-updating.adoc +++ b/modules/compliance-updating.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-remediation.adoc +// * security/compliance_operator/co-scans/compliance-operator-remediation.adoc :_content-type: PROCEDURE [id="compliance-updating_{context}"] diff --git a/modules/oc-compliance-fetching-compliance-remediation-details.adoc b/modules/oc-compliance-fetching-compliance-remediation-details.adoc index 128365ec59..1813f618f0 100644 --- a/modules/oc-compliance-fetching-compliance-remediation-details.adoc +++ b/modules/oc-compliance-fetching-compliance-remediation-details.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/oc_compliance_plug_in/oc-compliance-plug-in-using.adoc +// * security/oc_compliance_plug_in/co-scans/oc-compliance-plug-in-using.adoc :_content-type: PROCEDURE [id="fetching-compliance-remediation-details_{context}"] diff --git a/modules/oc-compliance-fetching-raw-results.adoc b/modules/oc-compliance-fetching-raw-results.adoc index 7fa44f9e00..ef2a4303bd 100644 --- a/modules/oc-compliance-fetching-raw-results.adoc +++ b/modules/oc-compliance-fetching-raw-results.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/oc_compliance_plug_in/oc-compliance-plug-in-using.adoc +// * security/oc_compliance_plug_in/co-scans/oc-compliance-plug-in-using.adoc :_content-type: PROCEDURE [id="fetching-raw-results_{context}"] diff --git a/modules/oc-compliance-installing.adoc b/modules/oc-compliance-installing.adoc index 589a1e69e1..aacb7b8189 100644 --- a/modules/oc-compliance-installing.adoc +++ b/modules/oc-compliance-installing.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/oc_compliance_plug_in/oc-compliance-plug-in-using.adoc +// * security/oc_compliance_plug_in/co-scans/oc-compliance-plug-in-using.adoc :_content-type: PROCEDURE [id="installing-oc-compliance_{context}"] diff --git a/modules/oc-compliance-printing-controls.adoc b/modules/oc-compliance-printing-controls.adoc index 418e9cec9e..6f3b653f8c 100644 --- a/modules/oc-compliance-printing-controls.adoc +++ b/modules/oc-compliance-printing-controls.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/oc_compliance_plug_in/oc-compliance-plug-in-using.adoc +// * security/oc_compliance_plug_in/co-scans/oc-compliance-plug-in-using.adoc :_content-type: PROCEDURE [id="printing-controls_{context}"] diff --git a/modules/oc-compliance-rerunning-scans.adoc b/modules/oc-compliance-rerunning-scans.adoc index 96472183b5..94130d33c7 100644 --- a/modules/oc-compliance-rerunning-scans.adoc +++ b/modules/oc-compliance-rerunning-scans.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/oc_compliance_plug_in/oc-compliance-plug-in-using.adoc +// * security/oc_compliance_plug_in/co-scans/oc-compliance-plug-in-using.adoc :_content-type: PROCEDURE [id="re-running-scans_{context}"] diff --git a/modules/oc-compliance-using-scan-setting-bindings.adoc b/modules/oc-compliance-using-scan-setting-bindings.adoc index edbb92e376..bb00064f3a 100644 --- a/modules/oc-compliance-using-scan-setting-bindings.adoc +++ b/modules/oc-compliance-using-scan-setting-bindings.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/oc_compliance_plug_in/oc-compliance-plug-in-using.adoc +// * security/oc_compliance_plug_in/co-scans/oc-compliance-plug-in-using.adoc :_content-type: PROCEDURE [id="using-scan-setting-bindings_{context}"] diff --git a/modules/oc-compliance-viewing-compliance-check-result-details.adoc b/modules/oc-compliance-viewing-compliance-check-result-details.adoc index 0f9b65c57a..adee155eec 100644 --- a/modules/oc-compliance-viewing-compliance-check-result-details.adoc +++ b/modules/oc-compliance-viewing-compliance-check-result-details.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/oc_compliance_plug_in/oc-compliance-plug-in-using.adoc +// * security/oc_compliance_plug_in/co-scans/oc-compliance-plug-in-using.adoc :_content-type: PROCEDURE [id="viewing-compliance-remediation-details_{context}"] diff --git a/modules/operator-resource-constraints.adoc b/modules/operator-resource-constraints.adoc index f0594e2b6b..32e05baf50 100644 --- a/modules/operator-resource-constraints.adoc +++ b/modules/operator-resource-constraints.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-troubleshooting.adoc +// * security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc :_content-type: REFERENCE [id="operator-resource-constraints_{context}"] diff --git a/modules/running-compliance-scans-worker-node.adoc b/modules/running-compliance-scans-worker-node.adoc index e581c86f2a..c542736059 100644 --- a/modules/running-compliance-scans-worker-node.adoc +++ b/modules/running-compliance-scans-worker-node.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-scans.adoc +// * security/compliance_operator/co-scans/compliance-scans.adoc :_content-type: PROCEDURE [id="running-compliance-scans-worker-node_{context}"] diff --git a/modules/running-compliance-scans.adoc b/modules/running-compliance-scans.adoc index 059bc729a5..99bc20b6c6 100644 --- a/modules/running-compliance-scans.adoc +++ b/modules/running-compliance-scans.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-scans.adoc +// * security/compliance_operator/co-scans/compliance-scans.adoc :_content-type: PROCEDURE [id="running-compliance-scans_{context}"] @@ -208,4 +208,4 @@ At this point in the process, the `ScanSettingBinding` object is reconciled and $ oc get compliancescan -w -n openshift-compliance ---- + -The scans progress through the scanning phases and eventually reach the `DONE` phase when complete. In most cases, the result of the scan is `NON-COMPLIANT`. You can review the scan results and start applying remediations to make the cluster compliant. See xref:../../security/compliance_operator/compliance-operator-remediation.adoc#compliance-operator-remediation[Managing Compliance Operator remediation] for more information. +The scans progress through the scanning phases and eventually reach the `DONE` phase when complete. In most cases, the result of the scan is `NON-COMPLIANT`. You can review the scan results and start applying remediations to make the cluster compliant. See _Managing Compliance Operator remediation_ for more information. diff --git a/modules/support.adoc b/modules/support.adoc index 3cf1bff08a..b97a62f724 100644 --- a/modules/support.adoc +++ b/modules/support.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * security/compliance_operator/compliance-operator-troubleshooting.adoc +// * security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc // * support/getting-support.adoc // * distr_tracing/distributed-tracing-release-notes.adoc // * service_mesh/v2x/ossm-support.adoc diff --git a/security/compliance_operator/co-concepts/_attributes b/security/compliance_operator/co-concepts/_attributes new file mode 120000 index 0000000000..bf7c2529fd --- /dev/null +++ b/security/compliance_operator/co-concepts/_attributes @@ -0,0 +1 @@ +../../../_attributes/ \ No newline at end of file diff --git a/security/compliance_operator/compliance-operator-crd.adoc b/security/compliance_operator/co-concepts/compliance-operator-crd.adoc similarity index 100% rename from security/compliance_operator/compliance-operator-crd.adoc rename to security/compliance_operator/co-concepts/compliance-operator-crd.adoc diff --git a/security/compliance_operator/compliance-operator-understanding.adoc b/security/compliance_operator/co-concepts/compliance-operator-understanding.adoc similarity index 84% rename from security/compliance_operator/compliance-operator-understanding.adoc rename to security/compliance_operator/co-concepts/compliance-operator-understanding.adoc index 2d955a35c5..1c5ff48794 100644 --- a/security/compliance_operator/compliance-operator-understanding.adoc +++ b/security/compliance_operator/co-concepts/compliance-operator-understanding.adoc @@ -19,4 +19,4 @@ include::modules/compliance-profiles.adoc[leveloffset=+1] [role="_additional-resources"] == Additional resources -* xref:../../security/compliance_operator/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[Supported compliance profiles] +* xref:../../../security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[Supported compliance profiles] diff --git a/security/compliance_operator/co-concepts/images b/security/compliance_operator/co-concepts/images new file mode 120000 index 0000000000..4399cbb3c0 --- /dev/null +++ b/security/compliance_operator/co-concepts/images @@ -0,0 +1 @@ +../../../images/ \ No newline at end of file diff --git a/security/compliance_operator/co-concepts/modules b/security/compliance_operator/co-concepts/modules new file mode 120000 index 0000000000..7e8b50bee7 --- /dev/null +++ b/security/compliance_operator/co-concepts/modules @@ -0,0 +1 @@ +../../../modules/ \ No newline at end of file diff --git a/security/compliance_operator/co-concepts/snippets b/security/compliance_operator/co-concepts/snippets new file mode 120000 index 0000000000..ce62fd7c41 --- /dev/null +++ b/security/compliance_operator/co-concepts/snippets @@ -0,0 +1 @@ +../../../snippets/ \ No newline at end of file diff --git a/security/compliance_operator/co-management/_attributes b/security/compliance_operator/co-management/_attributes new file mode 120000 index 0000000000..bf7c2529fd --- /dev/null +++ b/security/compliance_operator/co-management/_attributes @@ -0,0 +1 @@ +../../../_attributes/ \ No newline at end of file diff --git a/security/compliance_operator/compliance-operator-installation.adoc b/security/compliance_operator/co-management/compliance-operator-installation.adoc similarity index 67% rename from security/compliance_operator/compliance-operator-installation.adoc rename to security/compliance_operator/co-management/compliance-operator-installation.adoc index a6ecfed991..3ae4e04452 100644 --- a/security/compliance_operator/compliance-operator-installation.adoc +++ b/security/compliance_operator/co-management/compliance-operator-installation.adoc @@ -19,7 +19,7 @@ include::modules/compliance-operator-console-installation.adoc[leveloffset=+1] ==== If the `restricted` Security Context Constraints (SCC) have been modified to contain the `system:authenticated` group or has added `requiredDropCapabilities`, the Compliance Operator may not function properly due to permissions issues. -You can create a custom SCC for the Compliance Operator scanner pod service account. For more information, see xref:../../security/compliance_operator/compliance-operator-advanced.adoc#compliance-custom-scc_compliance-advanced[Creating a custom SCC for the Compliance Operator]. +You can create a custom SCC for the Compliance Operator scanner pod service account. For more information, see xref:../../../security/compliance_operator/co-scans/compliance-operator-advanced.adoc#compliance-custom-scc_compliance-advanced[Creating a custom SCC for the Compliance Operator]. ==== include::modules/compliance-operator-cli-installation.adoc[leveloffset=+1] @@ -28,7 +28,7 @@ include::modules/compliance-operator-cli-installation.adoc[leveloffset=+1] ==== If the `restricted` Security Context Constraints (SCC) have been modified to contain the `system:authenticated` group or has added `requiredDropCapabilities`, the Compliance Operator may not function properly due to permissions issues. -You can create a custom SCC for the Compliance Operator scanner pod service account. For more information, see xref:../../security/compliance_operator/compliance-operator-advanced.adoc#compliance-custom-scc_compliance-advanced[Creating a custom SCC for the Compliance Operator]. +You can create a custom SCC for the Compliance Operator scanner pod service account. For more information, see xref:../../../security/compliance_operator/co-scans/compliance-operator-advanced.adoc#compliance-custom-scc_compliance-advanced[Creating a custom SCC for the Compliance Operator]. ==== // only applies to 4.11+ @@ -38,13 +38,13 @@ include::modules/compliance-operator-hcp-install.adoc[leveloffset=+1] .Additional resources // 4.13+ -* xref:../../hosted_control_planes/index.adoc#hcp-overview[Hosted control planes overview] +* xref:../../../hosted_control_planes/index.adoc#hcp-overview[Hosted control planes overview] // // 4.11-4.12, commenting out of 4.13-main -//* xref:../../architecture/control-plane.adoc#hosted-control-planes-overview_control-plane[Overview of hosted control planes (Technology Preview)] +//* xref:../../../architecture/control-plane.adoc#hosted-control-planes-overview_control-plane[Overview of hosted control planes (Technology Preview)] [id="additional-resources-installing-the-compliance-operator"] [role="_additional-resources"] == Additional resources -* The Compliance Operator is supported in a restricted network environment. For more information, see xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks]. +* The Compliance Operator is supported in a restricted network environment. For more information, see xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks]. diff --git a/security/compliance_operator/compliance-operator-manage.adoc b/security/compliance_operator/co-management/compliance-operator-manage.adoc similarity index 78% rename from security/compliance_operator/compliance-operator-manage.adoc rename to security/compliance_operator/co-management/compliance-operator-manage.adoc index f37d672cc4..8e20d16500 100644 --- a/security/compliance_operator/compliance-operator-manage.adoc +++ b/security/compliance_operator/co-management/compliance-operator-manage.adoc @@ -16,4 +16,4 @@ include::modules/compliance-update.adoc[leveloffset=+1] [role="_additional-resources"] == Additional resources -* The Compliance Operator is supported in a restricted network environment. For more information, see xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks]. +* The Compliance Operator is supported in a restricted network environment. For more information, see xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks]. diff --git a/security/compliance_operator/compliance-operator-uninstallation.adoc b/security/compliance_operator/co-management/compliance-operator-uninstallation.adoc similarity index 89% rename from security/compliance_operator/compliance-operator-uninstallation.adoc rename to security/compliance_operator/co-management/compliance-operator-uninstallation.adoc index 38f7718d73..782743ce09 100644 --- a/security/compliance_operator/compliance-operator-uninstallation.adoc +++ b/security/compliance_operator/co-management/compliance-operator-uninstallation.adoc @@ -1,5 +1,5 @@ :_content-type: ASSEMBLY -[id="compliance-operator-uninstallation_{context}"] +[id="compliance-operator-uninstallation"] = Uninstalling the Compliance Operator include::_attributes/common-attributes.adoc[] :context: compliance-operator-uninstallation diff --git a/security/compliance_operator/compliance-operator-updating.adoc b/security/compliance_operator/co-management/compliance-operator-updating.adoc similarity index 90% rename from security/compliance_operator/compliance-operator-updating.adoc rename to security/compliance_operator/co-management/compliance-operator-updating.adoc index 525eb3f3f5..bcd7f57d28 100644 --- a/security/compliance_operator/compliance-operator-updating.adoc +++ b/security/compliance_operator/co-management/compliance-operator-updating.adoc @@ -16,4 +16,4 @@ include::modules/olm-approving-pending-upgrade.adoc[leveloffset=+1] // [role="_additional-resources"] // == Additional resources // -// * For more information, see xref:../../operators/admin/ \ No newline at end of file +// * For more information, see xref:../../../operators/admin/ \ No newline at end of file diff --git a/security/compliance_operator/co-management/images b/security/compliance_operator/co-management/images new file mode 120000 index 0000000000..4399cbb3c0 --- /dev/null +++ b/security/compliance_operator/co-management/images @@ -0,0 +1 @@ +../../../images/ \ No newline at end of file diff --git a/security/compliance_operator/co-management/modules b/security/compliance_operator/co-management/modules new file mode 120000 index 0000000000..7e8b50bee7 --- /dev/null +++ b/security/compliance_operator/co-management/modules @@ -0,0 +1 @@ +../../../modules/ \ No newline at end of file diff --git a/security/compliance_operator/co-management/snippets b/security/compliance_operator/co-management/snippets new file mode 120000 index 0000000000..ce62fd7c41 --- /dev/null +++ b/security/compliance_operator/co-management/snippets @@ -0,0 +1 @@ +../../../snippets/ \ No newline at end of file diff --git a/security/compliance_operator/co-overview.adoc b/security/compliance_operator/co-overview.adoc new file mode 100644 index 0000000000..b9efb1d22f --- /dev/null +++ b/security/compliance_operator/co-overview.adoc @@ -0,0 +1,50 @@ +:_content-type: ASSEMBLY +[id="co-overview"] += Compliance Operator overview +include::_attributes/common-attributes.adoc[] +:context: co-overview + +{product-title} Compliance Operator (CO) runs compliance scans and provides remediations to assist users in meeting compliance standards. For the latest updates, see the xref:../../security/compliance_operator/compliance-operator-release-notes.adoc#compliance-operator-release-notes[Compliance Operator release notes]. If needed, you can engage link:https://access.redhat.com/support/[Red Hat support]. + +[IMPORTANT] +==== +The Compliance Operator does not automatically perform remediations. Ensuring compliance standards are met is required by the user. +==== + +[discrete] +==== Compliance Operator concepts + +xref:../../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#compliance-operator-understanding[Understanding the Compliance Operator] + +xref:../../security/compliance_operator/co-concepts/compliance-operator-crd.adoc#custom-resource-definitions[Understanding the Custom Resource Definitions] +//[new page] Quick start? + +[discrete] +==== Compliance Operator management + +xref:../../security/compliance_operator/co-management/compliance-operator-installation.adoc#compliance-operator-installation[Installing the Compliance Operator] + +xref:../../security/compliance_operator/co-management/compliance-operator-updating.adoc#compliance-operator-updating[Updating the Compliance Operator] + +xref:../../security/compliance_operator/co-management/compliance-operator-manage.adoc#compliance-operator-understanding[Managing the Compliance Operator] + +xref:../../security/compliance_operator/co-management/compliance-operator-uninstallation.adoc#compliance-operator-uninstallation[Uninstalling the Compliance Operator] + +[discrete] +==== Compliance Operator scan management + +xref:../../security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[Supported compliance profiles] + +xref:../../security/compliance_operator/co-scans/compliance-scans.adoc#compliance-operator-scans[Compliance Operator scans] + +xref:../../security/compliance_operator/co-scans/compliance-operator-tailor.adoc#compliance-operator-tailor[Tailoring the Compliance Operator] + +xref:../../security/compliance_operator/co-scans/compliance-operator-raw-results.adoc#compliance-operator-raw-results[Retrieving Compliance Operator raw results] + +xref:../../security/compliance_operator/co-scans/compliance-operator-remediation.adoc#compliance-operator-remediation[Managing Compliance Operator remediation] + +xref:../../security/compliance_operator/co-scans/compliance-operator-advanced.adoc#compliance-operator-advanced[Performing advanced Compliance Operator tasks] + +xref:../../security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc#compliance-operator-troubleshooting[Troubleshooting the Compliance Operator] + +xref:../../security/compliance_operator/co-scans/oc-compliance-plug-in-using.adoc#using-oc-compliance-plug-in[Using the oc-compliance plugin] \ No newline at end of file diff --git a/security/compliance_operator/co-scans/_attributes b/security/compliance_operator/co-scans/_attributes new file mode 120000 index 0000000000..bf7c2529fd --- /dev/null +++ b/security/compliance_operator/co-scans/_attributes @@ -0,0 +1 @@ +../../../_attributes/ \ No newline at end of file diff --git a/security/compliance_operator/compliance-operator-advanced.adoc b/security/compliance_operator/co-scans/compliance-operator-advanced.adoc similarity index 89% rename from security/compliance_operator/compliance-operator-advanced.adoc rename to security/compliance_operator/co-scans/compliance-operator-advanced.adoc index a7aa0af280..b085ac9ce3 100644 --- a/security/compliance_operator/compliance-operator-advanced.adoc +++ b/security/compliance_operator/co-scans/compliance-operator-advanced.adoc @@ -27,4 +27,4 @@ include::modules/compliance-custom-scc.adoc[leveloffset=+1] [id="additional-resources_compliance-operator-advanced"] [role="_additional-resources"] == Additional resources -* xref:../../authentication/managing-security-context-constraints.adoc[Managing security context constraints] +* xref:../../../authentication/managing-security-context-constraints.adoc[Managing security context constraints] diff --git a/security/compliance_operator/compliance-operator-raw-results.adoc b/security/compliance_operator/co-scans/compliance-operator-raw-results.adoc similarity index 100% rename from security/compliance_operator/compliance-operator-raw-results.adoc rename to security/compliance_operator/co-scans/compliance-operator-raw-results.adoc diff --git a/security/compliance_operator/compliance-operator-remediation.adoc b/security/compliance_operator/co-scans/compliance-operator-remediation.adoc similarity index 92% rename from security/compliance_operator/compliance-operator-remediation.adoc rename to security/compliance_operator/co-scans/compliance-operator-remediation.adoc index 9ac66caae5..ef5762ec0f 100644 --- a/security/compliance_operator/compliance-operator-remediation.adoc +++ b/security/compliance_operator/co-scans/compliance-operator-remediation.adoc @@ -35,4 +35,4 @@ include::modules/compliance-inconsistent.adoc[leveloffset=+1] [role="_additional-resources"] == Additional resources -* xref:../../nodes/nodes/nodes-nodes-managing.adoc#nodes-nodes-managing-about_nodes-nodes-managing[Modifying nodes]. +* xref:../../../nodes/nodes/nodes-nodes-managing.adoc#nodes-nodes-managing-about_nodes-nodes-managing[Modifying nodes]. diff --git a/security/compliance_operator/compliance-operator-supported-profiles.adoc b/security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc similarity index 74% rename from security/compliance_operator/compliance-operator-supported-profiles.adoc rename to security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc index c543f0a0d1..29f4ac3dda 100644 --- a/security/compliance_operator/compliance-operator-supported-profiles.adoc +++ b/security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc @@ -18,6 +18,4 @@ include::modules/compliance-supported-profiles.adoc[leveloffset=+1] [role="_additional-resources"] == Additional resources -* xref:../../security/compliance_operator/compliance-operator-understanding.adoc#compliance_profiles_understanding-compliance[Compliance Operator profiles] - -* xref:../../security/compliance_operator/compliance-operator-understanding.adoc#compliance_profile_typesunderstanding-compliance[Compliance Operator profile types] \ No newline at end of file +* xref:../../../security/compliance_operator/co-concepts/compliance-operator-understanding.html#compliance_profile_types_understanding-compliance[Compliance Operator profile types] \ No newline at end of file diff --git a/security/compliance_operator/compliance-operator-tailor.adoc b/security/compliance_operator/co-scans/compliance-operator-tailor.adoc similarity index 100% rename from security/compliance_operator/compliance-operator-tailor.adoc rename to security/compliance_operator/co-scans/compliance-operator-tailor.adoc diff --git a/security/compliance_operator/compliance-operator-troubleshooting.adoc b/security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc similarity index 100% rename from security/compliance_operator/compliance-operator-troubleshooting.adoc rename to security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc diff --git a/security/compliance_operator/compliance-scans.adoc b/security/compliance_operator/co-scans/compliance-scans.adoc similarity index 100% rename from security/compliance_operator/compliance-scans.adoc rename to security/compliance_operator/co-scans/compliance-scans.adoc diff --git a/security/compliance_operator/co-scans/images b/security/compliance_operator/co-scans/images new file mode 120000 index 0000000000..4399cbb3c0 --- /dev/null +++ b/security/compliance_operator/co-scans/images @@ -0,0 +1 @@ +../../../images/ \ No newline at end of file diff --git a/security/compliance_operator/co-scans/modules b/security/compliance_operator/co-scans/modules new file mode 120000 index 0000000000..7e8b50bee7 --- /dev/null +++ b/security/compliance_operator/co-scans/modules @@ -0,0 +1 @@ +../../../modules/ \ No newline at end of file diff --git a/security/compliance_operator/oc-compliance-plug-in-using.adoc b/security/compliance_operator/co-scans/oc-compliance-plug-in-using.adoc similarity index 63% rename from security/compliance_operator/oc-compliance-plug-in-using.adoc rename to security/compliance_operator/co-scans/oc-compliance-plug-in-using.adoc index 11a16b45f7..d8d7a672d5 100644 --- a/security/compliance_operator/oc-compliance-plug-in-using.adoc +++ b/security/compliance_operator/co-scans/oc-compliance-plug-in-using.adoc @@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[] toc::[] -Although the xref:../../security/compliance_operator/compliance-operator-understanding.adoc#understanding-compliance-operator[Compliance Operator] automates many of the checks and remediations for the cluster, the full process of bringing a cluster into compliance often requires administrator interaction with the Compliance Operator API and other components. The `oc-compliance` plugin makes the process easier. +Although the xref:../../../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#understanding-compliance-operator[Compliance Operator] automates many of the checks and remediations for the cluster, the full process of bringing a cluster into compliance often requires administrator interaction with the Compliance Operator API and other components. The `oc-compliance` plugin makes the process easier. include::modules/oc-compliance-installing.adoc[leveloffset=+1] diff --git a/security/compliance_operator/co-scans/snippets b/security/compliance_operator/co-scans/snippets new file mode 120000 index 0000000000..ce62fd7c41 --- /dev/null +++ b/security/compliance_operator/co-scans/snippets @@ -0,0 +1 @@ +../../../snippets/ \ No newline at end of file diff --git a/security/compliance_operator/compliance-operator-release-notes.adoc b/security/compliance_operator/compliance-operator-release-notes.adoc index 15b726dd96..28d252d552 100644 --- a/security/compliance_operator/compliance-operator-release-notes.adoc +++ b/security/compliance_operator/compliance-operator-release-notes.adoc @@ -11,9 +11,9 @@ The Compliance Operator lets {product-title} administrators describe the require These release notes track the development of the Compliance Operator in the {product-title}. -For an overview of the Compliance Operator, see xref:../../security/compliance_operator/compliance-operator-understanding.adoc#understanding-compliance-operator[Understanding the Compliance Operator]. +For an overview of the Compliance Operator, see xref:../../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#understanding-compliance-operator[Understanding the Compliance Operator]. -To access the latest release, see xref:../../security/compliance_operator/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator]. +To access the latest release, see xref:../../security/compliance_operator/co-management/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator]. [id="compliance-operator-release-notes-1-3-0"] == OpenShift Compliance Operator 1.3.0 @@ -25,7 +25,7 @@ The following advisory is available for the OpenShift Compliance Operator 1.3.0: [id="compliance-operator-1-3-0-new-features-and-enhancements"] === New features and enhancements -* The Defense Information Systems Agency Security Technical Implementation Guide (DISA-STIG) for {product-title} is now available from Compliance Operator 1.3.0. See xref:../../security/compliance_operator/compliance-operator-supported-profiles.adoc#compliance-supported-profiles_compliance-operator-supported-profiles[Supported compliance profiles] for additional information. +* The Defense Information Systems Agency Security Technical Implementation Guide (DISA-STIG) for {product-title} is now available from Compliance Operator 1.3.0. See xref:../../security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc#compliance-supported-profiles_compliance-operator-supported-profiles[Supported compliance profiles] for additional information. * Compliance Operator 1.3.0 now supports {ibmpowerProductName} and {ibmzproductname} for NIST 800-53 Moderate-Impact Baseline for {product-title} platform and node profiles. @@ -62,7 +62,7 @@ The following advisory is available for the OpenShift Compliance Operator 1.1.0: * A start and end timestamp is now available in the `ComplianceScan` custom resource definition (CRD) status. -* The Compliance Operator can now be deployed on Hosted Control Planes using the OperatorHub by creating a `Subscription` file. For more information, see xref:../../security/compliance_operator/compliance-operator-installation.adoc#installing-compliance-operator-hcp_compliance-operator-installation[Installing the Compliance Operator on Hosted Control Planes]. +* The Compliance Operator can now be deployed on Hosted Control Planes using the OperatorHub by creating a `Subscription` file. For more information, see xref:../../security/compliance_operator/co-management/compliance-operator-installation.adoc#installing-compliance-operator-hcp_compliance-operator-installation[Installing the Compliance Operator on Hosted Control Planes]. [id="compliance-operator-1-1-0-bug-fixes"] === Bug fixes @@ -106,7 +106,7 @@ The following advisory is available for the OpenShift Compliance Operator 1.0.0: [id="compliance-operator-1-0-0-new-features-and-enhancements"] === New features and enhancements -* The Compliance Operator is now stable and the release channel is upgraded to `stable`. Future releases will follow link:https://semver.org/[Semantic Versioning]. To access the latest release, see xref:../../security/compliance_operator/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator]. +* The Compliance Operator is now stable and the release channel is upgraded to `stable`. Future releases will follow link:https://semver.org/[Semantic Versioning]. To access the latest release, see xref:../../security/compliance_operator/co-management/compliance-operator-updating.adoc#olm-preparing-upgrade_compliance-operator-updating[Updating the Compliance Operator]. [id="compliance-operator-1-0-0-bug-fixes"] === Bug fixes @@ -130,7 +130,7 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.61 [id="compliance-operator-0-1-61-new-features-and-enhancements"] === New features and enhancements -* The Compliance Operator now supports timeout configuration for Scanner Pods. The timeout is specified in the `ScanSetting` object. If the scan is not completed within the timeout, the scan retries until the maximum number of retries is reached. See xref:../../security/compliance_operator/compliance-operator-troubleshooting.adoc#compliance-timeout_compliance-troubleshooting[Configuring ScanSetting timeout] for more information. +* The Compliance Operator now supports timeout configuration for Scanner Pods. The timeout is specified in the `ScanSetting` object. If the scan is not completed within the timeout, the scan retries until the maximum number of retries is reached. See xref:../../security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc#compliance-timeout_compliance-troubleshooting[Configuring ScanSetting timeout] for more information. [id="compliance-operator-0-1-61-bug-fixes"] === Bug fixes @@ -193,18 +193,18 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.57 [id="compliance-operator-0-1-57-new-features-and-enhancements"] === New features and enhancements -* `KubeletConfig` checks changed from `Node` to `Platform` type. `KubeletConfig` checks the default configuration of the `KubeletConfig`. The configuration files are aggregated from all nodes into a single location per node pool. See xref:../../security/compliance_operator/compliance-operator-remediation.adoc#compliance-evaluate-kubeletconfig-rules_compliance-remediation[Evaluating `KubeletConfig` rules against default configuration values]. +* `KubeletConfig` checks changed from `Node` to `Platform` type. `KubeletConfig` checks the default configuration of the `KubeletConfig`. The configuration files are aggregated from all nodes into a single location per node pool. See xref:../../security/compliance_operator/co-scans/compliance-operator-remediation.adoc#compliance-evaluate-kubeletconfig-rules_compliance-remediation[Evaluating `KubeletConfig` rules against default configuration values]. -* The `ScanSetting` Custom Resource now allows users to override the default CPU and memory limits of scanner pods through the `scanLimits` attribute. For more information, see xref:../../security/compliance_operator/compliance-operator-troubleshooting.adoc#compliance-increasing-operator-limits_compliance-troubleshooting[Increasing Compliance Operator resource limits]. +* The `ScanSetting` Custom Resource now allows users to override the default CPU and memory limits of scanner pods through the `scanLimits` attribute. For more information, see xref:../../security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc#compliance-increasing-operator-limits_compliance-troubleshooting[Increasing Compliance Operator resource limits]. -* A `PriorityClass` object can now be set through `ScanSetting`. This ensures the Compliance Operator is prioritized and minimizes the chance that the cluster falls out of compliance. For more information, see xref:../../security/compliance_operator/compliance-operator-advanced.adoc#compliance-priorityclass_compliance-advanced[Setting `PriorityClass` for `ScanSetting` scans]. +* A `PriorityClass` object can now be set through `ScanSetting`. This ensures the Compliance Operator is prioritized and minimizes the chance that the cluster falls out of compliance. For more information, see xref:../../security/compliance_operator/co-scans/compliance-operator-advanced.adoc#compliance-priorityclass_compliance-advanced[Setting `PriorityClass` for `ScanSetting` scans]. [id="compliance-operator-0-1-57-bug-fixes"] === Bug fixes * Previously, the Compliance Operator hard-coded notifications to the default `openshift-compliance` namespace. If the Operator were installed in a non-default namespace, the notifications would not work as expected. Now, notifications work in non-default `openshift-compliance` namespaces. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2060726[*BZ#2060726*]) -* Previously, the Compliance Operator was unable to evaluate default configurations used by kubelet objects, resulting in inaccurate results and false positives. xref:../../security/compliance_operator/compliance-operator-remediation.adoc#compliance-evaluate-kubeletconfig-rules_compliance-remediation[This new feature] evaluates the kubelet configuration and now reports accurately. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2075041[*BZ#2075041*]) +* Previously, the Compliance Operator was unable to evaluate default configurations used by kubelet objects, resulting in inaccurate results and false positives. xref:../../security/compliance_operator/co-scans/compliance-operator-remediation.adoc#compliance-evaluate-kubeletconfig-rules_compliance-remediation[This new feature] evaluates the kubelet configuration and now reports accurately. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2075041[*BZ#2075041*]) * Previously, the Compliance Operator reported the `ocp4-kubelet-configure-event-creation` rule in a `FAIL` state after applying an automatic remediation because the `eventRecordQPS` value was set higher than the default value. Now, the `ocp4-kubelet-configure-event-creation` rule remediation sets the default value, and the rule applies correctly. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2082416[*BZ#2082416*]) @@ -286,7 +286,7 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.52 [id="compliance-operator-0-1-52-new-features-and-enhancements"] === New features and enhancements -* The FedRAMP high SCAP profile is now available for use in {product-title} environments. For more information, See xref:../../security/compliance_operator/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[Supported compliance profiles]. +* The FedRAMP high SCAP profile is now available for use in {product-title} environments. For more information, See xref:../../security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[Supported compliance profiles]. [id="compliance-operator-0-1-52-bug-fixes"] === Bug fixes @@ -458,4 +458,4 @@ The following advisory is available for the OpenShift Compliance Operator 0.1.39 [id="compliance-operator-release-notes_additional-resources"] [role="_additional-resources"] == Additional resources -* xref:../../security/compliance_operator/compliance-operator-understanding.adoc#understanding-compliance-operator[Understanding the Compliance Operator] +* xref:../../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#understanding-compliance-operator[Understanding the Compliance Operator] diff --git a/security/index.adoc b/security/index.adoc index a83be283cf..002c266e02 100644 --- a/security/index.adoc +++ b/security/index.adoc @@ -78,7 +78,7 @@ For many {product-title} customers, regulatory readiness, or compliance, on some [id="compliance-checking"] === Compliance checking -Administrators can use the xref:../security/compliance_operator/compliance-operator-understanding.adoc#understanding-compliance-operator[Compliance Operator] to run compliance scans and recommend remediations for any issues found. The xref:../security/compliance_operator/oc-compliance-plug-in-using.adoc#using-oc-compliance-plug-in[`oc-compliance` plugin] is an OpenShift CLI (`oc`) plugin that provides a set of utilities to easily interact with the Compliance Operator. +Administrators can use the xref:../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#understanding-compliance-operator[Compliance Operator] to run compliance scans and recommend remediations for any issues found. The xref:../security/compliance_operator/co-scans/oc-compliance-plug-in-using.adoc#using-oc-compliance-plug-in[`oc-compliance` plugin] is an OpenShift CLI (`oc`) plugin that provides a set of utilities to easily interact with the Compliance Operator. [discrete] [id="file-integrity-checking"] diff --git a/virt/about_virt/about-virt.adoc b/virt/about_virt/about-virt.adoc index db53442922..268e9ac5ef 100644 --- a/virt/about_virt/about-virt.adoc +++ b/virt/about_virt/about-virt.adoc @@ -26,7 +26,7 @@ include::modules/virt-what-you-can-do-with-virt.adoc[leveloffset=+1] You can use {VirtProductName} with xref:../../networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc#about-ovn-kubernetes[OVN-Kubernetes], xref:../../networking/openshift_sdn/about-openshift-sdn.adoc#about-openshift-sdn[OpenShift SDN], or one of the other certified network plugins listed in link:https://access.redhat.com/articles/5436171[Certified OpenShift CNI Plug-ins]. -You can check your {VirtProductName} cluster for compliance issues by installing the xref:../../security/compliance_operator/compliance-operator-understanding.adoc#understanding-compliance[Compliance Operator] and running a scan with the `ocp4-moderate` and `ocp4-moderate-node` xref:../../security/compliance_operator/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[profiles]. The Compliance Operator uses OpenSCAP, a link:https://www.nist.gov/[NIST-certified tool], to scan and enforce security policies. +You can check your {VirtProductName} cluster for compliance issues by installing the xref:../../security/compliance_operator/co-concepts/compliance-operator-understanding.adoc#understanding-compliance[Compliance Operator] and running a scan with the `ocp4-moderate` and `ocp4-moderate-node` xref:../../security/compliance_operator/co-scans/compliance-operator-supported-profiles.adoc#compliance-operator-supported-profiles[profiles]. The Compliance Operator uses OpenSCAP, a link:https://www.nist.gov/[NIST-certified tool], to scan and enforce security policies. include::modules/virt-supported-cluster-version.adoc[leveloffset=+2]