apiVersion: v1
kind: Namespace
metadata:
name: openshift-security-profiles
labels:
openshift.io/cluster-monitoring: "true"
Before you can use the Security Profiles Operator, you must ensure the Operator is deployed in the cluster.
The Security Profiles Operator supports only Red Hat Enterprise Linux CoreOS (RHCOS) worker nodes. Red Hat Enterprise Linux (RHEL) nodes are not supported. |
The Security Profiles Operator only supports |
You must have admin
privileges.
In the OKD web console, navigate to Operators → OperatorHub.
Search for the Security Profiles Operator, then click Install.
Keep the default selection of Installation mode and namespace to ensure that the Operator will be installed to the openshift-security-profiles
namespace.
Click Install.
To confirm that the installation is successful:
Navigate to the Operators → Installed Operators page.
Check that the Security Profiles Operator is installed in the openshift-security-profiles
namespace and its status is Succeeded
.
If the Operator is not installed successfully:
Navigate to the Operators → Installed Operators page and inspect the Status
column for any errors or failures.
Navigate to the Workloads → Pods page and check the logs in any pods in the openshift-security-profiles
project that are reporting issues.
You must have admin
privileges.
Define a Namespace
object:
namespace-object.yaml
apiVersion: v1
kind: Namespace
metadata:
name: openshift-security-profiles
labels:
openshift.io/cluster-monitoring: "true"
Create the Namespace
object:
$ oc create -f namespace-object.yaml
Define an OperatorGroup
object:
operator-group-object.yaml
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: security-profiles-operator
namespace: openshift-security-profiles
Create the OperatorGroup
object:
$ oc create -f operator-group-object.yaml
Define a Subscription
object:
subscription-object.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: security-profiles-operator-sub
namespace: openshift-security-profiles
spec:
channel: release-alpha-rhel-8
installPlanApproval: Automatic
name: security-profiles-operator
source: redhat-operators
sourceNamespace: openshift-marketplace
Create the Subscription
object:
$ oc create -f subscription-object.yaml
If you are setting the global scheduler feature and enable |
Verify the installation succeeded by inspecting the following CSV file:
$ oc get csv -n openshift-security-profiles
Verify that the Security Profiles Operator is operational by running the following command:
$ oc get deploy -n openshift-security-profiles
The Security Profiles Operator supports the default logging verbosity of 0
and an enhanced verbosity of 1
.
To enable enhanced logging verbosity, patch the spod
configuration and adjust the value by running the following command:
$ oc -n openshift-security-profiles patch spod \
spod --type=merge -p '{"spec":{"verbosity":1}}'
securityprofilesoperatordaemon.security-profiles-operator.x-k8s.io/spod patched