mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 21:46:22 +01:00
99 lines
2.2 KiB
Plaintext
99 lines
2.2 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/security_profiles_operator/spo-enabling.adoc
|
|
|
|
:_content-type: PROCEDURE
|
|
[id="spo-installing-cli_{context}"]
|
|
= Installing the Security Profiles Operator using the CLI
|
|
|
|
.Prerequisites
|
|
|
|
* You must have `admin` privileges.
|
|
|
|
.Procedure
|
|
|
|
. Define a `Namespace` object:
|
|
+
|
|
.Example `namespace-object.yaml`
|
|
[source,yaml]
|
|
----
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: openshift-security-profiles
|
|
labels:
|
|
openshift.io/cluster-monitoring: "true"
|
|
----
|
|
|
|
. Create the `Namespace` object:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f namespace-object.yaml
|
|
----
|
|
|
|
. Define an `OperatorGroup` object:
|
|
+
|
|
.Example `operator-group-object.yaml`
|
|
[source,yaml]
|
|
----
|
|
apiVersion: operators.coreos.com/v1
|
|
kind: OperatorGroup
|
|
metadata:
|
|
name: security-profiles-operator
|
|
namespace: openshift-security-profiles
|
|
----
|
|
|
|
. Create the `OperatorGroup` object:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f operator-group-object.yaml
|
|
----
|
|
|
|
. Define a `Subscription` object:
|
|
+
|
|
.Example `subscription-object.yaml`
|
|
[source,yaml]
|
|
----
|
|
apiVersion: operators.coreos.com/v1alpha1
|
|
kind: Subscription
|
|
metadata:
|
|
name: security-profiles-operator-sub
|
|
namespace: openshift-security-profiles
|
|
spec:
|
|
channel: release-alpha-rhel-8
|
|
installPlanApproval: Automatic
|
|
name: security-profiles-operator
|
|
source: redhat-operators
|
|
sourceNamespace: openshift-marketplace
|
|
----
|
|
|
|
. Create the `Subscription` object:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f subscription-object.yaml
|
|
----
|
|
|
|
[NOTE]
|
|
====
|
|
If you are setting the global scheduler feature and enable `defaultNodeSelector`, you must create the namespace manually and update the annotations of the `openshift-security-profiles` namespace, or the namespace where the Security Profiles Operator was installed, with `openshift.io/node-selector: “”`. This removes the default node selector and prevents deployment failures.
|
|
====
|
|
|
|
.Verification
|
|
|
|
. Verify the installation succeeded by inspecting the following CSV file:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get csv -n openshift-security-profiles
|
|
----
|
|
|
|
. Verify that the Security Profiles Operator is operational by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get deploy -n openshift-security-profiles
|
|
----
|