Red Hat OpenShift Compliance Operator – Installation
Overview
Red Hat OpenShift compliance operator is available under Red Hat operators inside the operator hub. It can be installed via the web console or CLI. In this post, In this post, we will install the operator using both the methods.
For overview of compliance operator check my previous post here: Red Hat OpenShift Compliance Operator – Overview
Pre-requirements
In order to install Red Hat OpenShift compliance operator, you will need to have admin access to an OpenShift cluster. If you are running a cluster in connected mode, operator hub will connect to Red Hat registry to download and install the operator.
NOTE: Not all operators are supported in disconnected mode. You can refer to the link: Red Hat Operators Supported in Disconnected Mode or check the Red Hat software catalog for the list of operators supported in disconnected mode.
For disconnected clusters, this operator should be available in operator hub based on how you mirror the catalog source. If the operator isn’t available under operator hub, refer to this link: Mirroring images for a disconnected installation using the oc-mirror plugin to mirror/update the catalog.
General flow of Operators
In OpenShift, all the user installed operators are managed by OLM (operator lifecycle manager). For every operator to be installed, a subscription object has to be created under the operator namespace, which then downloads and install the operator. Simple flow of the operator objects created:
Installation using web console
In order to install the operator using web console, follow the below steps:
- Login to the OpenShift container platform web console and navigate to
Operators -> OperatorHub - In the
filter by keywordsearch box, typecomplianceto search for the operator - Click on the compliance operator search result, and click
install - In the install operator page, select the below values:
- Update channel –
release-0.1 - Installation mode –
A specific namespace on the cluster - Installed Namespace –
Operator recommended namespace - Update approval –
Automatic
- Update channel –
- Click install
If the operator is successfully installed, you see below image:
You can also check the installation status by navigating to the compliance operator under Operators -> Installed Operators
Installation using CLI
In order to install the operator using CLI, you will have to create subscription object required to install the operator manually using YAML file. To create the subscription object, you will need to create a namespace and operatorgroup for the subscrption.
$ vi compliance-operator.yaml
apiVersion: v1
kind: Namespace
metadata:
name: openshift-compliance
---
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: compliance-operator
namespace: openshift-compliance
spec:
targetNamespaces:
- openshift-compliance
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: compliance-operator-sub
namespace: openshift-compliance
spec:
channel: "release-0.1"
installPlanApproval: Automatic
name: compliance-operator
source: redhat-operators
sourceNamespace: openshift-marketplace
Create the resources using the below command:
$ oc create -f compliance-operator.yaml
NOTE: If you are running in disconnected mode, in the above YAML, change source from redhat-operators to the name of catalogsource in your environment for the subscription object.
To verify if the operator is installed successfully, check the status of installplan object and verify if the operator pod is successfully started.
$ oc get installplan -n openshift-compliance
NAME CSV APPROVAL APPROVED
install-mr6nc compliance-operator.v0.1.48 Automatic true
$ oc get csv -n openshift-compliance
NAME DISPLAY VERSION REPLACES PHASE
compliance-operator.v0.1.48 Compliance Operator 0.1.48 Succeeded
$ oc get pods -n openshift-compliance
NAME READY STATUS RESTARTS AGE
compliance-operator-85f955b5f-6t8gr 1/1 Running 1 (5m44s ago) 6m27s
ocp4-openshift-compliance-pp-7785bff67c-2pmsz 1/1 Running 0 5m3s
rhcos4-openshift-compliance-pp-c84d79c7-86dps 1/1 Running 0 5m3s
Debugging
Incase, you run into issues during the installation, where in the compliance operator pods don’t come up, you can check the status of installplan and csv objects by running the command:
$ oc get installplan, csv -n openshift-compliance
If the output of phase in CSV is not shown as succeeded, then run the oc describe command on these object to check the events for any issues reported.
Conclusion
In this post we have successfully installed the compliance operator. In the next post, we will see how to trigger a scan and view the results.
Disclaimer:
The views expressed and the content shared in all published articles on this website are solely those of the respective authors, and they do not necessarily reflect the views of the author’s employer or the techbeatly platform. We strive to ensure the accuracy and validity of the content published on our website. However, we cannot guarantee the absolute correctness or completeness of the information provided. It is the responsibility of the readers and users of this website to verify the accuracy and appropriateness of any information or opinions expressed within the articles. If you come across any content that you believe to be incorrect or invalid, please contact us immediately so that we can address the issue promptly.
Tags:
Latest posts
Comments
3 Responses
Leave a Reply
[…] my previous posts, I have shared the overview and installation procedure for the compliance operator. Once the installation is completed, we can trigger compliance scans on […]
[…] my previous posts, I have shared the overview, installation procedure and how to trigger compliance scans using the Red Hat OpenShift compliance operator. In this post, […]
[…] my previous posts, I have shared the overview, installation procedure, how to trigger compliance scans and remediations using the Red Hat OpenShift compliance operator. […]