// Module included in the following assemblies: // // * security/security_profiles_operator/spo-enabling.adoc :_mod-docs-content-type: PROCEDURE [id="spo-installing-cli_{context}"] = Installing the Security Profiles Operator using the CLI .Prerequisites * You must have `cluster-admin` privileges. .Procedure . Define a `Namespace` object: + .Example `namespace-object.yaml` [source,yaml] ---- apiVersion: v1 kind: Namespace metadata: name: openshift-security-profiles labels: openshift.io/cluster-monitoring: "true" ---- . Create the `Namespace` object: + [source,terminal] ---- $ oc create -f namespace-object.yaml ---- . Define an `OperatorGroup` object: + .Example `operator-group-object.yaml` [source,yaml] ---- apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: security-profiles-operator namespace: openshift-security-profiles ---- . Create the `OperatorGroup` object: + [source,terminal] ---- $ oc create -f operator-group-object.yaml ---- . Define a `Subscription` object: + .Example `subscription-object.yaml` [source,yaml] ---- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: security-profiles-operator-sub namespace: openshift-security-profiles spec: channel: release-alpha-rhel-8 installPlanApproval: Automatic name: security-profiles-operator source: redhat-operators sourceNamespace: openshift-marketplace ---- . Create the `Subscription` object: + [source,terminal] ---- $ oc create -f subscription-object.yaml ---- [NOTE] ==== If you are setting the global scheduler feature and enable `defaultNodeSelector`, you must create the namespace manually and update the annotations of the `openshift-security-profiles` namespace, or the namespace where the Security Profiles Operator was installed, with `openshift.io/node-selector: “”`. This removes the default node selector and prevents deployment failures. ==== .Verification . Verify the installation succeeded by inspecting the following CSV file: + [source,terminal] ---- $ oc get csv -n openshift-security-profiles ---- . Verify that the Security Profiles Operator is operational by running the following command: + [source,terminal] ---- $ oc get deploy -n openshift-security-profiles ----