Installing the File Integrity Operator

Important

All cluster nodes must have the same release version in order for this Operator to function properly. As an example, for nodes running RHCOS, all nodes must have the same RHCOS version.

Installing the File Integrity Operator using the web console

Prerequisites

You must have admin privileges.

Procedure

In the OpenShift Container Platform web console, navigate to Ecosystem → Software Catalog.
Search for the File Integrity Operator, then click Install.
Keep the default selection of Installation mode and namespace to ensure that the Operator will be installed to the openshift-file-integrity namespace.
Click Install.

Verification

To confirm that the installation is successful:

Navigate to the Ecosystem → Installed Operators page.
Check that the Operator is installed in the openshift-file-integrity namespace and its status is Succeeded.

If the Operator is not installed successfully:

Navigate to the Ecosystem → Installed Operators page and inspect the Status column for any errors or failures.
Navigate to the Workloads → Pods page and check the logs in any pods in the openshift-file-integrity project that are reporting issues.

Installing the File Integrity Operator using the CLI

Prerequisites

You must have admin privileges.

Procedure

Create a Namespace object YAML file by running:

$ oc create -f <file-name>.yaml

Example output

apiVersion: v1
kind: Namespace
metadata:
  labels:
    openshift.io/cluster-monitoring: "true"
    pod-security.kubernetes.io/enforce: privileged 
  name: openshift-file-integrity

In OpenShift Container Platform 4.19, the pod security label must be set to privileged at the namespace level.

Create the OperatorGroup object YAML file:

$ oc create -f <file-name>.yaml

Example output

apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: file-integrity-operator
  namespace: openshift-file-integrity
spec:
  targetNamespaces:
  - openshift-file-integrity

Create the Subscription object YAML file:

$ oc create -f <file-name>.yaml

Example output

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: file-integrity-operator
  namespace: openshift-file-integrity
spec:
  channel: "stable"
  installPlanApproval: Automatic
  name: file-integrity-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace

Verification

Verify the installation succeeded by inspecting the CSV file:
```
$ oc get csv -n openshift-file-integrity
```
Verify that the File Integrity Operator is up and running:
```
$ oc get deploy -n openshift-file-integrity
```

Additional resources

The File Integrity Operator is supported in a restricted network environment. For more information, see Using Operator Lifecycle Manager in disconnected environments.