Historically, Helm and the "manifest installation" methods were the only way to install the community, StackRox-branded build. An operator was available only for the "Red Hat Advanced Cluster Security"-branded build.
This is changing. Due to significant maintenance burden of three installation methods, we are planning to consolidate on just one: the operator.
As the first step, in the 4.10 release we proved the simplest possible, temporary way to install the community StackRox-branded operator. We hope this is useful to the community for getting to know the operator.
See this document in the release-4.10 branch for instructions for the above.
The following text describes the installation for the upcoming 4.11 release.
Once 4.11 is released, installing the operator is simply a matter of:
helm repo add stackrox https://raw.githubusercontent.com/stackrox/helm-charts/main/opensource/
helm install --wait --namespace stackrox-operator-system --create-namespace stackrox-operator stackrox/stackrox-operatorOnce the operator is running, to actually deploy StackRox you need to create a Central and/or a SecuredCluster custom resource.
Please have a look at the samples directory.
Before applying the SecuredCluster CR you need to retrieve from central and apply on the cluster a cluster registration secret.
Documentation for the custom resource schema - the way to customize your StackRox deployment - is currently only available at the Red Hat documentation portal.
You may encounter a few references to RH ACS when using the operator in places such as:
- the descriptions of a few fields in the OpenAPI schema of the custom resources
- the
UserAgentheader used by the operator controller when talking to the kube API server - central web UI when generating cluster registration secrets
These will be cleaned up in a future release.