diff --git a/README.md b/README.md index 848676cc..9cbd239b 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ Versions list: [Releases](https://github.com/octarinesec/octarine-operator/relea ### OpenShift Deployment: For OpenShift clusters, follow the OpenShift Deployment instructions: -[OpenShift Deployment](docs/OpenshiftDeployment.md) +[OpenShift Deployment and Uninstall](docs/OpenshiftDeployment.md) * For deploying from the source code, follow the instructions in the [Operator Deployment](docs/OperatorDeployment.md) documentation @@ -92,7 +92,9 @@ spec: ### Uninstalling the Carbon Black Cloud Container Operator ```sh -make undeploy +export OPERATOR_VERSION=v6.0.2 +export OPERATOR_SCRIPT_URL=https://setup.containers.carbonblack.io/$OPERATOR_VERSION/operator-apply.sh +curl -s $OPERATOR_SCRIPT_URL | bash -s -- -u ``` * Notice that the above command will delete the Carbon Black Container custom resources definitions and instances. diff --git a/docs/LegacyCRD.md b/docs/LegacyCRD.md deleted file mode 100644 index 09477b7d..00000000 --- a/docs/LegacyCRD.md +++ /dev/null @@ -1,14 +0,0 @@ -## Utilizing v1beta1 CustomResourceDefinition versions -The operator supports Kubernetes clusters from v1.13+. -The CustomResourceDefinition APIs were in beta stage in those cluster and were later promoted to GA in v1.16. They are no longer served as of v1.22 of Kubernetes. - -To maintain compatibility, this operator offers 2 sets of CustomResourceDefinitions - one under the `apiextensions/v1beta1` API and one under `apiextensons/v1`. - -By default, all operations in the repository like `deploy` or `install` work with the v1 version of the `apiextensions` API. Utilizing `v1beta1` is supported by passing the `CRD_VERSION=v1beta1` option when running make. -Note that both `apiextensions/v1` and `apiextensions/v1beta1` versions of the CRDs are generated and maintained by `make` - only commands that use the final output work with 1 version at a time. - -For example, this command will deploy the operator resources on the current cluster but utilizing the `apiextensions/v1beta1` API version for them. - -``` -make deploy CRD_VERSION=v1beta1 -``` \ No newline at end of file diff --git a/docs/Main.md b/docs/Main.md index f1126349..a3864a23 100644 --- a/docs/Main.md +++ b/docs/Main.md @@ -34,7 +34,7 @@ Then you need to deploy the CBC Agent on top of the operator: For OpenShift clusters, follow the OpenShift Deployment instructions: -[OpenShift Deployment](OpenshiftDeployment.md) +[OpenShift Deployment and Uninstall](OpenshiftDeployment.md) ## Full Uninstall @@ -42,7 +42,9 @@ For OpenShift clusters, follow the OpenShift Deployment instructions: ### Uninstalling the Carbon Black Cloud Container Operator ```sh -make undeploy +export OPERATOR_VERSION=v6.0.2 +export OPERATOR_SCRIPT_URL=https://setup.containers.carbonblack.io/$OPERATOR_VERSION/operator-apply.sh +curl -s $OPERATOR_SCRIPT_URL | bash -s -- -u ``` * Notice that the above command will delete the Carbon Black Container custom resources definitions and instances. @@ -54,7 +56,6 @@ make undeploy 4. [Using HTTP proxy](Proxy.md) 5. [Configuring image sources](ImageSources.md) 6. [RBAC Configuration](rbac.md) -7. [Using legacy v1beta1.CustomResourceDefinition](LegacyCRD.md) ## Developers Guide A developers guide for building and configuring the operator: diff --git a/docs/OpenshiftDeployment.md b/docs/OpenshiftDeployment.md index 4d483cfd..14289023 100644 --- a/docs/OpenshiftDeployment.md +++ b/docs/OpenshiftDeployment.md @@ -84,3 +84,39 @@ volumes: users: - system:serviceaccount:cbcontainers-dataplane:cbcontainers-agent-node ``` +### Uninstalling on Openshift + +Add this SecurityContextConstraints +before running the operator uninstall command + +```yaml +kind: SecurityContextConstraints +apiVersion: security.openshift.io/v1 +metadata: + name: scc-edr-cleaner +runAsUser: + type: RunAsAny +allowHostPID: true +allowHostPorts: false +allowHostNetwork: true +allowHostDirVolumePlugin: true +allowHostIPC: false +allowPrivilegedContainer: true +readOnlyRootFilesystem: false +seLinuxContext: + type: RunAsAny +fsGroup: + type: RunAsAny +supplementalGroups: + type: RunAsAny +volumes: +- configMap +- downwardAPI +- emptyDir +- hostPath +- persistentVolumeClaim +- projected +- secret +users: +- system:serviceaccount:cbcontainers-edr-sensor-cleaners:cbcontainers-edr-sensor-cleaner +``` \ No newline at end of file diff --git a/docs/OperatorDeployment.md b/docs/OperatorDeployment.md index d606660d..a1941e7d 100644 --- a/docs/OperatorDeployment.md +++ b/docs/OperatorDeployment.md @@ -5,7 +5,7 @@ Kubernetes 1.18+ is supported. ### From script: ``` -export OPERATOR_VERSION=v6.0.1 +export OPERATOR_VERSION=v6.0.2 export OPERATOR_SCRIPT_URL=https://setup.containers.carbonblack.io/$OPERATOR_VERSION/operator-apply.sh curl -s $OPERATOR_SCRIPT_URL | bash ``` diff --git a/docs/developers.md b/docs/developers.md index bcdb3dff..02957a1f 100644 --- a/docs/developers.md +++ b/docs/developers.md @@ -34,6 +34,13 @@ spec: Change {MY-ADAPTER-NAME} to your control plane adapter name. The default value is `containers` +### Uninstalling the Carbon Black Cloud Container Operator + +```sh +make undeploy +``` +* note that this does not clean-up the Carbon Black directory from the data-plane nodes + ### Changing the security context settings #### Hardening enforcer/state_reporter security context settings