mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
91 lines
3.0 KiB
Plaintext
91 lines
3.0 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/pod-vulnerability-scan.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="security-pod-scan-cso_{context}"]
|
|
= Installing the {rhq-cso}
|
|
|
|
You can install the {rhq-cso} from the {product-title} web console Operator Hub, or by using the CLI.
|
|
|
|
.Prerequisites
|
|
|
|
* You have installed the `oc` CLI.
|
|
* You have access to the web console as a user with `cluster-admin` privileges.
|
|
* You have containers that come from a {quay} or Quay.io registry running on your cluster.
|
|
|
|
.Procedure
|
|
|
|
. You can install the {rhq-cso} by using the {product-title} web console:
|
|
|
|
.. On the web console, navigate to *Ecosystem* -> *Software Catalog* and select *Security*.
|
|
|
|
.. Select the *{rhq-cso}* Operator, and then select *Install*.
|
|
|
|
.. On the *{rhq-cso}* page, select *Install*. *Update channel*, *Installation mode*, and *Update approval* are selected automatically. The *Installed Namespace* field defaults to `openshift-operators`. You can adjust these settings as needed.
|
|
|
|
.. Select *Install*. The *{rhq-cso}* appears after a few moments on the *Installed Operators* page.
|
|
|
|
.. Optional: You can add custom certificates to the {rhq-cso}. For example, create a certificate named `quay.crt` in the current directory. Then, run the following command to add the custom certificate to the {rhq-cso}:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create secret generic container-security-operator-extra-certs --from-file=quay.crt -n openshift-operators
|
|
----
|
|
|
|
.. Optional: If you added a custom certificate, restart the {rhq-cso} pod for the new certificates to take effect.
|
|
|
|
. Alternatively, you can install the {rhq-cso} by using the CLI:
|
|
|
|
.. Retrieve the latest version of the Container Security Operator and its channel by entering the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get packagemanifests container-security-operator \
|
|
-o jsonpath='{range .status.channels[*]}{@.currentCSV} {@.name}{"\n"}{end}' \
|
|
| awk '{print "STARTING_CSV=" $1 " CHANNEL=" $2 }' \
|
|
| sort -Vr \
|
|
| head -1
|
|
----
|
|
+
|
|
.Example output
|
|
+
|
|
[source,terminal]
|
|
----
|
|
STARTING_CSV=container-security-operator.v3.8.9 CHANNEL=stable-3.8
|
|
----
|
|
|
|
.. Using the output from the previous command, create a `Subscription` custom resource for the {rhq-cso} and save it as `container-security-operator.yaml`. For example:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: operators.coreos.com/v1alpha1
|
|
kind: Subscription
|
|
metadata:
|
|
name: container-security-operator
|
|
namespace: openshift-operators
|
|
spec:
|
|
channel: ${CHANNEL} <1>
|
|
installPlanApproval: Automatic
|
|
name: container-security-operator
|
|
source: redhat-operators
|
|
sourceNamespace: openshift-marketplace
|
|
startingCSV: ${STARTING_CSV} <2>
|
|
----
|
|
<1> Specify the value you obtained in the previous step for the `spec.channel` parameter.
|
|
<2> Specify the value you obtained in the previous step for the `spec.startingCSV` parameter.
|
|
|
|
.. Enter the following command to apply the configuration:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc apply -f container-security-operator.yaml
|
|
----
|
|
+
|
|
.Example output
|
|
+
|
|
[source,terminal]
|
|
----
|
|
subscription.operators.coreos.com/container-security-operator created
|
|
----
|