mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-06 06:46:26 +01:00
25 lines
1.1 KiB
Plaintext
25 lines
1.1 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/compliance_operator/compliance-operator-manage.adoc
|
|
|
|
[id="compliance-update_{context}"]
|
|
= Updating security content
|
|
|
|
Security content is shipped as container images that the `ProfileBundle` objects refer to. To accurately track updates to `ProfileBundles` and the custom resources parsed from the bundles such as rules or profiles, identify the container image with the compliance content using a digest instead of a tag:
|
|
|
|
.Example output
|
|
[source,yaml]
|
|
----
|
|
apiVersion: compliance.openshift.io/v1alpha1
|
|
kind: ProfileBundle
|
|
metadata:
|
|
name: rhcos4
|
|
spec:
|
|
contentImage: quay.io/user/ocp4-openscap-content@sha256:a1749f5150b19a9560a5732fe48a89f07bffc79c0832aa8c49ee5504590ae687 <1>
|
|
contentFile: ssg-rhcos4-ds.xml
|
|
----
|
|
|
|
<1> Security container image.
|
|
|
|
Each `ProfileBundle` is backed by a deployment. When the Compliance Operator detects that the container image digest has changed, the deployment is updated to reflect the change and parse the content again. Using the digest instead of a tag ensures that you use a stable and predictable set of profiles.
|