$ roxctl sensor [command] [flags]
×
roxctl sensor
Deploy Red Hat Advanced Cluster Security for Kubernetes (RHACS) services in secured clusters.
Usage
| Command | Description |
|---|---|
|
Generate files to deploy RHACS services in secured clusters. |
|
Download a YAML file with renewed certificates for Sensor, Collector, and Admission controller. |
|
Download a bundle with the files to deploy RHACS services in a cluster. |
| Option | Description |
|---|---|
|
Set the timeout after which API requests are retried. A value of zero means that the entire request duration is waited for without retrying. The default value is |
|
Set the timeout for API requests representing the maximum duration of a request. The default value is |
roxctl sensor command options inherited from the parent command
The roxctl sensor command supports the following options inherited from the parent roxctl command:
| Option | Description |
|---|---|
|
Specify a custom CA certificate file path for secure connections. Alternatively, you can specify the file path by using the |
|
Set |
|
Set the endpoint for the service to contact. Alternatively, you can set the endpoint by using the |
|
Force the use of HTTP/1 for all connections. Alternatively, by setting the |
|
Enable insecure connection options. Alternatively, by setting the |
|
Skip the TLS certificate validation. Alternatively, by setting the |
|
Disable the color output. Alternatively, by setting the |
|
Specify the password for basic authentication. Alternatively, you can set the password by using the |
|
Use an unencrypted connection. Alternatively, by setting the |
|
Set the TLS server name to use for SNI. Alternatively, you can set the server name by using the |
|
Use the API token provided in the specified file for authentication. Alternatively, you can set the token by using the |
|
These options are applicable to all the sub-commands of the |
roxctl sensor generate
Generate files to deploy RHACS services in secured clusters.
Usage
$ roxctl sensor generate [flags]| Option | Description |
|---|---|
|
Disable the bypass annotations for the admission controller. The default value is |
|
Dynamic enable for enforcing on object creation in the admission controller. The default value is |
|
Enable dynamic enforcement of object updates in the admission controller. The default value is |
|
Configure the admission controller webhook to listen to deployment creation. The default value is |
|
Configure the admission controller webhook to listen to deployment updates. The default value is |
|
Get scans inline when using the admission controller. The default value is |
|
Set the timeout in seconds for the admission controller. The default value is |
|
Set the endpoint to which you want to connect Sensor. The default value is |
|
Specify the collection method that you want to use for runtime support. Collection methods include |
|
Set the image repository that you want to use to deploy Collector. If not specified, a default value corresponding to the effective |
|
Continue with downloading the sensor bundle even if the cluster already exists. The default value is |
|
Decide whether to create the upgrader service account with |
|
Disable tolerations for tainted nodes. The default value is |
|
Create |
|
Generate deployment files that support the specified Istio version. Valid versions include |
|
Specify the image repository that you want to use to deploy Sensor. If not specified, a default value is used. |
|
Set the cluster name to identify the cluster. |
|
Set the output directory for the bundle contents. The default value is an automatically generated directory name inside the current directory. |
|
Use Collector-slim in the deployment bundle. Valid values include |
|
Set the timeout for API requests representing the maximum duration of a request. The default value is |
roxctl sensor generate k8s
Generate the required files to deploy RHACS services in a Kubernetes cluster.
Usage
$ roxctl sensor generate k8s [flags]| Option | Description |
|---|---|
|
Enable admission controller webhook to listen to Kubernetes events. The default value is |
roxctl sensor generate openshift
Generate the required files to deploy RHACS services in a Red Hat OpenShift cluster.
Usage
$ roxctl sensor generate openshift [flags]| Option | Description |
|---|---|
`--admission-controller-listen-on-events false |
true |
auto[=true]` |
|
`--disable-audit-logs false |
true |
auto[=true]` |
Enable or disable audit log collection for runtime detection. The default value is |
|
Specify the Red Hat OpenShift major version for which you want to generate the deployment files. |
roxctl sensor get-bundle
Download a bundle with the files to deploy RHACS services into a cluster.
Usage
$ roxctl sensor get-bundle <cluster_details> [flags] (1)| 1 | For <cluster_details>, specify the cluster name or ID. |
| Option | Description |
|---|---|
|
Specify whether to create the upgrader service account with |
|
Generate deployment files that support the specified Istio version. Valid versions include |
|
Specify the output directory for the bundle contents. The default value is an automatically generated directory name inside the current directory. |
|
Use Collector-slim in the deployment bundle. Valid values include |
|
Set the timeout for API requests representing the maximum duration of a request. The default value is |
roxctl sensor generate-certs
Download a YAML file with renewed certificates for Sensor, Collector, and Admission controller.
Usage
$ roxctl sensor generate-certs <cluster_details> [flags] (1)| 1 | For <cluster_details>, specify the cluster name or ID. |
| Option | Description |
|---|---|
|
Specify the output directory for the YAML file. The default value is |