Compliance Operator Walkthrough

Install Compliance Operator

$ oc create -f manifests/01-operator

Scan Without Remediation

Perform a compliance scan

$ oc create -f manifests/02-compliance-scan

Monitor compliance scan

$ oc get compliancescan -w -n openshift-compliance

Check scan results

$ oc get compliancecheckresults -n openshift-compliance

Scan With Auto Remediation

IMPORTANT: DON'T RUN THIS ON A CLUSTER YOU CARE ABOUT! IT WILL ENFORCE EVERYTHING!

NOTE: If you scanned without remediation, delete the ScanSettingBinding with:

$ oc delete -f manifests/02-compliance-scan

Perform a compliance scan with remediation

$ oc create -f manifests/03-compliance-remediation

Monitor compliance scan

$ oc get compliancescan -w -n openshift-compliance

Check scan results

$ oc get compliancecheckresults -n openshift-compliance

Force compliance Re-scan

$ oc annotate compliancescans/ocp4-cis compliance.openshift.io/rescan=
$ oc annotate compliancescans/ocp4-cis-node-master compliance.openshift.io/rescan=
$ oc annotate compliancescans/ocp4-cis-node-worker compliance.openshift.io/rescan=

Monitor compliance scan

$ oc get compliancescan -w -n openshift-compliance

Check scan results

$ oc get compliancecheckresults -n openshift-compliance

RyanMillerC / compliance-operator-example

Compliance Operator Walkthrough

Install Compliance Operator

Scan Without Remediation

Perform a compliance scan

Monitor compliance scan

Check scan results

Scan With Auto Remediation

Perform a compliance scan with remediation

Monitor compliance scan

Check scan results

Force compliance Re-scan

Monitor compliance scan

Check scan results

About