Red Hat OpenShift compliance operator is available under Red Hat operators inside the operator hub. It can be installed via the web console or CLI. In this post, In this post, we will install the operator using both the methods.
For overview of compliance operator check my previous post here: Red Hat OpenShift Compliance Operator – Overview
In order to install Red Hat OpenShift compliance operator, you will need to have
admin access to an OpenShift cluster. If you are running a cluster in connected mode, operator hub will connect to Red Hat registry to download and install the operator.
NOTE: Not all operators are supported in disconnected mode. You can refer to the link: Red Hat Operators Supported in Disconnected Mode or check the Red Hat software catalog for the list of operators supported in disconnected mode.
For disconnected clusters, this operator should be available in operator hub based on how you mirror the catalog source. If the operator isn’t available under operator hub, refer to this link: Mirroring images for a disconnected installation using the oc-mirror plugin to mirror/update the catalog.
In OpenShift, all the user installed operators are managed by OLM (operator lifecycle manager). For every operator to be installed, a
subscription object has to be created under the operator namespace, which then downloads and install the operator. Simple flow of the operator objects created:
In order to install the operator using web console, follow the below steps:
Operators -> OperatorHub
filter by keywordsearch box, type
complianceto search for the operator
A specific namespace on the cluster
Operator recommended namespace
If the operator is successfully installed, you see below image:
You can also check the installation status by navigating to the compliance operator under
Operators -> Installed Operators
In order to install the operator using CLI, you will have to create
subscription object required to install the operator manually using YAML file. To create the subscription object, you will need to create a
operatorgroup for the
$ vi compliance-operator.yaml
apiVersion: v1 kind: Namespace metadata: name: openshift-compliance --- apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: compliance-operator namespace: openshift-compliance spec: targetNamespaces: - openshift-compliance --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: compliance-operator-sub namespace: openshift-compliance spec: channel: "release-0.1" installPlanApproval: Automatic name: compliance-operator source: redhat-operators sourceNamespace: openshift-marketplace
Create the resources using the below command:
$ oc create -f compliance-operator.yaml
NOTE: If you are running in disconnected mode, in the above YAML, change
redhat-operators to the name of catalogsource in your environment for the
To verify if the operator is installed successfully, check the status of installplan object and verify if the operator pod is successfully started.
$ oc get installplan -n openshift-compliance
NAME CSV APPROVAL APPROVED
install-mr6nc compliance-operator.v0.1.48 Automatic true
$ oc get csv -n openshift-compliance
NAME DISPLAY VERSION REPLACES PHASE
compliance-operator.v0.1.48 Compliance Operator 0.1.48 Succeeded
$ oc get pods -n openshift-compliance
NAME READY STATUS RESTARTS AGE
compliance-operator-85f955b5f-6t8gr 1/1 Running 1 (5m44s ago) 6m27s
ocp4-openshift-compliance-pp-7785bff67c-2pmsz 1/1 Running 0 5m3s
rhcos4-openshift-compliance-pp-c84d79c7-86dps 1/1 Running 0 5m3s
Incase, you run into issues during the installation, where in the compliance operator pods don’t come up, you can check the status of
csv objects by running the command:
$ oc get installplan, csv -n openshift-compliance
If the output of
CSV is not shown as
succeeded, then run the
oc describe command on these object to check the
events for any issues reported.
In this post we have successfully installed the compliance operator. In the next post, we will see how to trigger a scan and view the results.
The views expressed and the content shared in all published articles on this website are solely those of the respective authors, and they do not necessarily reflect the views of the author’s employer or the techbeatly platform. We strive to ensure the accuracy and validity of the content published on our website. However, we cannot guarantee the absolute correctness or completeness of the information provided. It is the responsibility of the readers and users of this website to verify the accuracy and appropriateness of any information or opinions expressed within the articles. If you come across any content that you believe to be incorrect or invalid, please contact us immediately so that we can address the issue promptly.