$ oc create -f <init_bundle>.yaml \(1)
-n <stackrox> (2)
Apply the init bundle by using it to create resources.
You must have the |
Before you configure a secured cluster, you must apply the init bundle by using it to create the required resources on the secured cluster. Applying the init bundle allows the services on the secured cluster to communicate with RHACS Cloud Service.
If you are installing by using Helm charts, do not perform this step. Complete the installation by using Helm; See "Installing RHACS on secured clusters by using Helm charts" in the additional resources section. |
You must have generated an init bundle containing secrets.
You must have created the stackrox
project, or namespace, on the cluster where secured cluster services will be installed. Using stackrox
for the project is not required, but ensures that vulnerabilities for RHACS processes are not reported when scanning your clusters.
To create resources, perform only one of the following steps:
Create resources using the OpenShift Container Platform web console: In the OpenShift Container Platform web console, make sure that you are in the stackrox
namespace. In the top menu, click + to open the Import YAML page. You can drag the init bundle file or copy and paste its contents into the editor, and then click Create. When the command is complete, the display shows that the collector-tls
, sensor-tls
, and admission-control-tls` resources were created.
Create resources using the Red Hat OpenShift CLI: Using the Red Hat OpenShift CLI, run the following command to create the resources:
$ oc create -f <init_bundle>.yaml \(1)
-n <stackrox> (2)
1 | Specify the file name of the init bundle containing the secrets. |
2 | Specify the name of the project where Central services are installed. |
Restart Sensor to pick up the new certificates.
For more information about how to restart Sensor, see "Restarting the Sensor container" in the "Additional resources" section.
On each Red Hat OpenShift cluster, install the RHACS Operator.
Install RHACS secured cluster services in all clusters that you want to monitor.