mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
104 lines
2.4 KiB
Plaintext
104 lines
2.4 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/compliance_operator/co-management/compliance-operator-installation.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="installing-compliance-operator-cli_{context}"]
|
|
= Installing the Compliance Operator using the CLI
|
|
|
|
.Prerequisites
|
|
|
|
* You must have `admin` privileges.
|
|
* You must have a `StorageClass` resource configured.
|
|
|
|
.Procedure
|
|
|
|
. Define a `Namespace` object:
|
|
+
|
|
.Example `namespace-object.yaml`
|
|
[source,yaml]
|
|
----
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
labels:
|
|
openshift.io/cluster-monitoring: "true"
|
|
pod-security.kubernetes.io/enforce: privileged <1>
|
|
name: openshift-compliance
|
|
----
|
|
<1> In {product-title} {product-version}, the pod security label must be set to `privileged` at the namespace level.
|
|
|
|
. Create the `Namespace` object:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f namespace-object.yaml
|
|
----
|
|
|
|
. Define an `OperatorGroup` object:
|
|
+
|
|
.Example `operator-group-object.yaml`
|
|
[source,yaml]
|
|
----
|
|
apiVersion: operators.coreos.com/v1
|
|
kind: OperatorGroup
|
|
metadata:
|
|
name: compliance-operator
|
|
namespace: openshift-compliance
|
|
spec:
|
|
targetNamespaces:
|
|
- openshift-compliance
|
|
----
|
|
|
|
. Create the `OperatorGroup` object:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f operator-group-object.yaml
|
|
----
|
|
|
|
. Define a `Subscription` object:
|
|
+
|
|
.Example `subscription-object.yaml`
|
|
[source,yaml]
|
|
----
|
|
apiVersion: operators.coreos.com/v1alpha1
|
|
kind: Subscription
|
|
metadata:
|
|
name: compliance-operator-sub
|
|
namespace: openshift-compliance
|
|
spec:
|
|
channel: "stable"
|
|
installPlanApproval: Automatic
|
|
name: compliance-operator
|
|
source: redhat-operators
|
|
sourceNamespace: openshift-marketplace
|
|
----
|
|
. Create the `Subscription` object:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f subscription-object.yaml
|
|
----
|
|
|
|
[NOTE]
|
|
====
|
|
If you are setting the global scheduler feature and enable `defaultNodeSelector`, you must create the namespace manually and update the annotations of the `openshift-compliance` namespace, or the namespace where the Compliance Operator was installed, with `openshift.io/node-selector: “”`. This removes the default node selector and prevents deployment failures.
|
|
====
|
|
|
|
.Verification
|
|
|
|
. Verify the installation succeeded by inspecting the CSV file:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get csv -n openshift-compliance
|
|
----
|
|
|
|
. Verify that the Compliance Operator is up and running:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get deploy -n openshift-compliance
|
|
----
|