Installing the Compliance Operator
Before you can use the Compliance Operator, you must ensure it is deployed in the cluster.
Installing the Compliance Operator through the web console
Prerequisites
- You must have
admin
privileges.
Procedure
In the OKD web console, navigate to Operators → OperatorHub.
Search for the Compliance Operator, then click Install.
Keep the default selection of Installation mode and namespace to ensure that the Operator will be installed to the
openshift-compliance
namespace.Click Install.
Verification
To confirm that the installation is successful:
Navigate to the Operators → Installed Operators page.
Check that the Compliance Operator is installed in the
openshift-compliance
namespace and its status isSucceeded
.
If the Operator is not installed successfully:
Navigate to the Operators → Installed Operators page and inspect the
Status
column for any errors or failures.Navigate to the Workloads → Pods page and check the logs in any pods in the
openshift-compliance
project that are reporting issues.
If the You can create a custom SCC for the Compliance Operator scanner pod service account. For more information, see Creating a custom SCC for the Compliance Operator. |
Installing the Compliance Operator using the CLI
Prerequisites
- You must have
admin
privileges.
Procedure
Define a
Namespace
object:Example
namespace-object.yaml
apiVersion: v1
kind: Namespace
metadata:
labels:
openshift.io/cluster-monitoring: "true"
pod-security.kubernetes.io/enforce: privileged (1)
name: openshift-compliance
1 In OKD 4.12, the pod security label must be set to privileged
at the namespace level.Create the
Namespace
object:$ oc create -f namespace-object.yaml
Define an
OperatorGroup
object:Example
operator-group-object.yaml
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: compliance-operator
namespace: openshift-compliance
spec:
targetNamespaces:
- openshift-compliance
Create the
OperatorGroup
object:$ oc create -f operator-group-object.yaml
Define a
Subscription
object:Example
subscription-object.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: compliance-operator-sub
namespace: openshift-compliance
spec:
channel: "release-0.1"
installPlanApproval: Automatic
name: compliance-operator
source: redhat-operators
sourceNamespace: openshift-marketplace
Create the
Subscription
object:$ oc create -f subscription-object.yaml
If you are setting the global scheduler feature and enable |
Verification
Verify the installation succeeded by inspecting the CSV file:
$ oc get csv -n openshift-compliance
Verify that the Compliance Operator is up and running:
$ oc get deploy -n openshift-compliance
If the You can create a custom SCC for the Compliance Operator scanner pod service account. For more information, see Creating a custom SCC for the Compliance Operator. |
Additional resources
- The Compliance Operator is supported in a restricted network environment. For more information, see Using Operator Lifecycle Manager on restricted networks.