Assisted Cloud

OpenShift Compliance Operator

by

Dhinesh Kumar
in

Installing the Compliance Operator

  1. Access the OpenShift Console:
    • Log in to the OpenShift Console.
  2. Navigate to the Operator Hub:
    • In the OpenShift web console, go to the “Operators” section and select “OperatorHub”.
  3. Search for the Compliance Operator:
    • Use the search function to find the “Compliance Operator”.
  4. Install the Compliance Operator:
    • Click on the Compliance Operator to view its information and then click “Install”.
    • Select the namespace (project) where you want to install the operator. You can choose the default option to install it for all namespaces.
    • Click “Subscribe” to start the installation.
  5. Verify Installation:
    • Go to “Installed Operators” to ensure that the Compliance Operator is installed.

Configuring and Executing Scans

  1. Create a ComplianceSuite and ComplianceScan Objects:
    • Use YAML files to define ComplianceSuite and ComplianceScan objects. These define what you want to scan and how.
  2. Define Compliance Scan:
    • Specify the nodes to scan, the profile to use (like a security standard), and other parameters.
  3. Apply the Configuration:
    • Use the oc apply -f [YAML file name] command to apply your configuration.
  4. Monitor the Scan:
    • You can monitor the progress of the scan through the OpenShift Console or by using the oc get compliancescans command.
  5. View the Results:
    • Once the scan is complete, view the results in the OpenShift Console or using CLI commands like oc get compliancecheckresults.
  6. Remediate Issues:
    • Based on the results, you might need to create and apply ComplianceRemediation objects to fix any identified issues.

Example YAML for ComplianceScan:

apiVersion: compliance.openshift.io/v1alpha1
kind: ComplianceScan
metadata:
  name: example-scan
spec:
  profile: xccdf_org.ssgproject.content_profile_moderate
  content: ssg-ocp4-ds.xml
  rule: ‘ocp4-cis-node’
  nodeSelector:
    node-role.kubernetes.io/master: “”

Tips:

  • Profiles and Standards: Ensure you choose the correct security standard/profile for your organization’s needs.
  • Node Selector: Adjust the nodeSelector in the YAML to target specific nodes.
  • Documentation and Help: Refer to the OpenShift documentation for detailed guidance and examples.

Remember, the steps may vary slightly depending on the specific OpenShift version and your cluster configuration. Always refer to the latest OpenShift documentation for the most accurate and detailed instructions.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *