mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-06 06:46:26 +01:00
2b61d4e038
typo1 typo2 syntax corrections typo3 feedback1 morecorrections correctionss syntax fix peer review feedback applied further peer review feedback final qe requested changes
25 lines
1.1 KiB
Plaintext
25 lines
1.1 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/compliance_operator/compliance-operator-manage.adoc
|
|
|
|
[id="compliance-update_{context}"]
|
|
= Updating security content
|
|
|
|
Security content is shipped as container images that the `ProfileBundle` objects refer to. To accurately track updates to `ProfileBundles` and the CustomResources parsed from the bundles such as Rules or Profiles, identify the container image with the compliance content using a digest instead of a tag:
|
|
|
|
.Example output
|
|
[source,yaml]
|
|
----
|
|
apiVersion: compliance.openshift.io/v1alpha1
|
|
kind: ProfileBundle
|
|
metadata:
|
|
name: rhcos4
|
|
spec:
|
|
contentImage: quay.io/user/ocp4-openscap-content@sha256:a1749f5150b19a9560a5732fe48a89f07bffc79c0832aa8c49ee5504590ae687 <1>
|
|
contentFile: ssg-rhcos4-ds.xml
|
|
----
|
|
|
|
<1> Security container image.
|
|
|
|
Each `ProfileBundle` is backed by a deployment. When the Compliance Operator detects that the container image digest has changed, the deployment is updated to reflect the change and parse the content again. Using the digest instead of a tag ensures that you use a stable and predictable set of profiles.
|