mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 21:46:22 +01:00
100 lines
2.2 KiB
Plaintext
100 lines
2.2 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/compliance_operator/compliance-operator-installation.adoc
|
|
|
|
[id="installing-compliance-operator-cli_{context}"]
|
|
= Installing the Compliance Operator using the CLI
|
|
|
|
.Prerequisites
|
|
|
|
* You must have `admin` privileges.
|
|
|
|
.Procedure
|
|
|
|
. Create a `Namespace` object YAML file by running:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f <file-name>.yaml
|
|
----
|
|
+
|
|
.Example output
|
|
[source,yaml]
|
|
----
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: openshift-compliance
|
|
----
|
|
|
|
. Create the `OperatorGroup` object YAML file by running:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f <file-name>.yaml
|
|
----
|
|
+
|
|
.Example output
|
|
[source,yaml]
|
|
----
|
|
apiVersion: operators.coreos.com/v1
|
|
kind: OperatorGroup
|
|
metadata:
|
|
name: compliance-operator
|
|
namespace: openshift-compliance
|
|
spec:
|
|
targetNamespaces:
|
|
- openshift-compliance
|
|
----
|
|
|
|
. Set the {product-title} major and minor version as an environment variable, which is used as the channel value in the next step:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ OC_VERSION=$(oc version -o yaml | grep openshiftVersion | grep -o '[0-9]*[.][0-9]*' | head -1)
|
|
----
|
|
|
|
. Create the `Subscription` object YAML file by running:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f <file-name>.yaml
|
|
----
|
|
+
|
|
.Example output
|
|
[source,yaml]
|
|
----
|
|
apiVersion: operators.coreos.com/v1alpha1
|
|
kind: Subscription
|
|
metadata:
|
|
name: compliance-operator-sub
|
|
namespace: openshift-compliance
|
|
spec:
|
|
channel: "${OC_VERSION}"
|
|
installPlanApproval: Automatic
|
|
name: compliance-operator
|
|
source: redhat-operators
|
|
sourceNamespace: openshift-marketplace
|
|
----
|
|
|
|
[NOTE]
|
|
====
|
|
If you are setting the global scheduler feature and enable `defaultNodeSelector`, you must create the namespace manually and update the annotations of the `openshift-compliance` namespace, or the namespace where the Compliance Operator was installed, with `openshift.io/node-selector: “”`. This removes the default node selector and prevents deployment failures.
|
|
====
|
|
|
|
.Verification
|
|
|
|
. Verify the installation succeeded by inspecting the CSV file:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get csv -n openshift-compliance
|
|
----
|
|
|
|
. Verify that the Compliance Operator is up and running:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get deploy -n openshift-compliance
|
|
----
|