apiVersion: v1
kind: Namespace
metadata:
labels:
openshift.io/cluster-monitoring: "true"
name: openshift-compliance
Before you can use the Compliance Operator, you must ensure it is deployed in the cluster.
You must have admin
privileges.
In the OpenShift Container Platform web console, navigate to Operators → OperatorHub.
Search for the Compliance Operator, then click Install.
Keep the default selection of Installation mode and namespace to ensure that the Operator will be installed to the openshift-compliance
namespace.
Click Install.
To confirm that the installation is successful:
Navigate to the Operators → Installed Operators page.
Check that the Compliance Operator is installed in the openshift-compliance
namespace and its status is Succeeded
.
If the Operator is not installed successfully:
Navigate to the Operators → Installed Operators page and inspect the Status
column for any errors or failures.
Navigate to the Workloads → Pods page and check the logs in any pods in the openshift-compliance
project that are reporting issues.
If the You can create a custom SCC for the Compliance Operator scanner pod service account. For more information, see Creating a custom SCC for the Compliance Operator. |
You must have admin
privileges.
Define a Namespace
object:
namespace-object.yaml
apiVersion: v1
kind: Namespace
metadata:
labels:
openshift.io/cluster-monitoring: "true"
name: openshift-compliance
Create the Namespace
object:
$ oc create -f namespace-object.yaml
Define an OperatorGroup
object:
operator-group-object.yaml
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: compliance-operator
namespace: openshift-compliance
spec:
targetNamespaces:
- openshift-compliance
Create the OperatorGroup
object:
$ oc create -f operator-group-object.yaml
Define a Subscription
object:
subscription-object.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: compliance-operator-sub
namespace: openshift-compliance
spec:
channel: "release-0.1"
installPlanApproval: Automatic
name: compliance-operator
source: redhat-operators
sourceNamespace: openshift-marketplace
Create the Subscription
object:
$ oc create -f subscription-object.yaml
If you are setting the global scheduler feature and enable |
Verify the installation succeeded by inspecting the CSV file:
$ oc get csv -n openshift-compliance
Verify that the Compliance Operator is up and running:
$ oc get deploy -n openshift-compliance
If the You can create a custom SCC for the Compliance Operator scanner pod service account. For more information, see Creating a custom SCC for the Compliance Operator. |
The Compliance Operator is supported in a restricted network environment. For more information, see Using Operator Lifecycle Manager on restricted networks.