Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

Chapter 3. Using the Compliance Operator

You can configure RHACS to use the Compliance Operator for compliance reporting and remediation with OpenShift Container Platform clusters. Results from the Compliance Operator can be reported in the RHACS Compliance Dashboard.

3.1.1. Installing the Compliance Operator
Copiar enlace

Install the Compliance Operator using Operator Hub.

Procedure

Install the Operator by performing the following steps:

  1. Navigate in the web console to the Operators OperatorHub page.
  2. Enter compliance operator into the Filter by keyword box to find the Compliance Operator.
  3. Select the Compliance Operator to view the details page.
  4. Read the information about the Operator, and then click Install.

3.1.2. Configuring the ScanSettingBinding object
Copiar enlace

Create a ScanSettingBinding object in the openshift-compliance namespace to scan the cluster by using the cis and cis-node profiles.

Note

This example uses cis and cis-node profiles, but OpenShift Container Platform provides additional profiles. See "Understanding the Compliance Operator" in the "Additional resources" section for more information.

Procedure

Select one of the following options:

  • Use the CLI to create the YAML file and object. For example:

    1. Create a file called sscan.yaml using the following text: 

      apiVersion: compliance.openshift.io/v1alpha1
kind: ScanSettingBinding
metadata:
  name: cis-compliance
profiles:
  - name: ocp4-cis-node
    kind: Profile
    apiGroup: compliance.openshift.io/v1alpha1
  - name: ocp4-cis
    kind: Profile
    apiGroup: compliance.openshift.io/v1alpha1
settingsRef:
  name: default
  kind: ScanSetting
  apiGroup: compliance.openshift.io/v1alpha1
      Copy to Clipboard Toggle word wrap

    2. Create the ScanSettingBinding object by running the following command: 

      $ oc create -f sscan.yaml -n openshift-compliance
      Copy to Clipboard Toggle word wrap

      If successful, the following message is displayed: 

      $ scansettingbinding.compliance.openshift.io/cis-compliance created
      Copy to Clipboard Toggle word wrap

  • Use the web console to create the object by performing the following steps:

    1. Change the active project to openshift-compliance.
    2. Click + to open the Import YAML page.
    3. Paste the YAML from the previous example and then click Create.

Additional resources

Optional: If you installed the Compliance Operator after installing RHACS, restart Sensor in the secured cluster by performing one of the following options:

  • Run the following command: 

    $ oc -n stackrox delete pod -lapp=sensor
    Copy to Clipboard Toggle word wrap

  • In the OpenShift Container Platform web console, perform the following steps:

    1. Change the active project to stackrox.
    2. Navigate to Workloads Pods.
    3. Locate the pod with the name starting with sensor-, and then click Actions Delete Pod.

Verification

After performing these steps, run a compliance scan in RHACS and ensure that ocp4-cis and ocp4-cis-node results are displayed. See "Running a compliance scan" in the "Additional resources" section for more information.

Additional resources

Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat