$ roxctl sensor [command] [flags]
Deploy Red Hat Advanced Cluster Security for Kubernetes (RHACS) services in secured clusters.
$ roxctl sensor [command] [flags]
Command | Description |
---|---|
|
Generate files to deploy RHACS services in secured clusters. |
|
Download a YAML file with renewed certificates for Sensor, Collector, and Admission controller. |
|
Download a bundle with the files to deploy RHACS services in a cluster. |
Option | Description |
---|---|
|
Set the timeout after which API requests are retried. A value of zero means that the entire request duration is waited for without retrying. The default value is |
|
Set the timeout for API requests representing the maximum duration of a request. The default value is |
The roxctl sensor
command supports the following options inherited from the parent roxctl
command:
Option | Description |
---|---|
|
Specify a custom CA certificate file path for secure connections. Alternatively, you can specify the file path by using the |
|
Set |
|
Set the endpoint for the service to contact. Alternatively, you can set the endpoint by using the |
|
Force the use of HTTP/1 for all connections. Alternatively, by setting the |
|
enable insecure connection options. Alternatively, by setting the |
|
Skip the TLS certificate validation. Alternatively, by setting the |
|
Disable the color output. Alternatively, by setting the |
|
Specify the password for basic authentication. Alternatively, you can set the password by using the |
|
Use an unencrypted connection. Alternatively, by setting the |
|
Set the TLS server name to use for SNI. Alternatively, you can set the server name by using the |
|
Use the API token provided in the specified file for authentication. Alternatively, you can set the token by using the |
These options are applicable to all the sub-commands of the |
Generate files to deploy RHACS services in secured clusters.
$ roxctl sensor generate [flags]
Option | Description |
---|---|
|
Disable the bypass annotations for the admission controller. The default value is |
|
Dynamic enable for enforcing on object creation in the admission controller. The default value is |
|
enable dynamic enforcement of object updates in the admission controller. The default value is |
|
Configure the admission controller webhook to listen to deployment creation. The default value is |
|
Configure the admission controller webhook to listen to deployment updates. The default value is |
|
Get scans inline when using the admission controller. The default value is |
|
Set the timeout in seconds for the admission controller. The default value is |
|
Set the endpoint to which you want to connect Sensor. The default value is |
|
Specify the collection method that you want to use for runtime support. Collection methods include |
|
Set the image repository that you want to use to deploy Collector. If not specified, a default value corresponding to the effective |
|
Continue with downloading the sensor bundle even if the cluster already exists. The default value is |
|
Decide whether to create the upgrader service account with |
|
Disable tolerations for tainted nodes. The default value is |
|
Create |
|
Generate deployment files that support the specified Istio version. Valid versions include |
|
Specify the image repository that you want to use to deploy Sensor. If not specified, a default value is used. |
|
Set the cluster name to identify the cluster. |
|
Set the output directory for the bundle contents. The default value is an automatically generated directory name inside the current directory. |
|
Use Collector-slim in the deployment bundle. Valid values include |
|
Set the timeout for API requests representing the maximum duration of a request. The default value is |
Generate the required files to deploy RHACS services in a Kubernetes cluster.
$ roxctl sensor generate k8s [flags]
Option | Description |
---|---|
|
enable admission controller webhook to listen to Kubernetes events. The default value is |
Generate the required files to deploy RHACS services in a Red Hat OpenShift cluster.
$ roxctl sensor generate openshift [flags]
Option | Description |
---|---|
`--admission-controller-listen-on-events false |
true |
auto[=true]` |
|
`--disable-audit-logs false |
true |
auto[=true]` |
enable or disable audit log collection for runtime detection. The default value is |
|
Specify the Red Hat OpenShift major version for which you want to generate the deployment files. |
Download a bundle with the files to deploy RHACS services into a cluster.
$ roxctl sensor get-bundle <cluster_details> [flags] (1)
1 | For <cluster_details> , specify the cluster name or ID. |
Option | Description |
---|---|
|
Specify whether to create the upgrader service account with |
|
Generate deployment files that support the specified Istio version. Valid versions include |
|
Specify the output directory for the bundle contents. The default value is an automatically generated directory name inside the current directory. |
|
Use Collector-slim in the deployment bundle. Valid values include |
|
Set the timeout for API requests representing the maximum duration of a request. The default value is |
Download a YAML file with renewed certificates for Sensor, Collector, and Admission controller.
$ roxctl sensor generate-certs <cluster_details> [flags] (1)
1 | For <cluster_details> , specify the cluster name or ID. |
Option | Description |
---|---|
|
Specify the output directory for the YAML file. The default value is |