Introduction
This document describes how to install the OpsSight solution in Google's GKE (Google Kubernetes Engine). This page summarizes the OpsSight installation documentation, and adds additional information specifically relevant to GKE. Synopsys recommends familiarizing yourself with the installation documents, because they cover a broad range of topics that are not covered in this document.
Note: You must have purchased an OpsSight license to use OpsSight with Black Duck.
What is OpsSight?
OpsSight helps manage open-source risks associated with containers in orchestrated environments. The OpsSight solution consists of Synopsys Operator, OpsSight Connector, and a Black Duck server.
OpsSight Connector works with Black Duck to scan images deployed to your EKS cluster for open-source security vulnerabilities. The OpsSight Connector does the following tasks:
- Discovers new objects in your cluster
- Determines thier content Determines content of objects in your cluster and sends signature information to one or more Black Duck instances
- Receives security-scan information back from Black Duck
- Annotates and labels cluster objects with security status
- Provides metrics about security scanning rates
...
| Info |
|---|
Synopsys recommends that you read the Before You Begin and Overview sections of the OpsSight documentation to become familiar with the solution before you start the installation. |
OpsSight installation
The Synopsys recommended method for installing the OpsSight solution in GKE is by using Synopsys Operator. Synopsys Operator is a cloud-native administration utility for Synopsys software that assists in the deployment and management of Synopsys software in orchestrated environments such as GKE. Learn about Synopsys Operator here. To install all components of the OpsSight solution using the Synopsys Operator, follow the steps here.
Authenticating with a private GCR
OpsSight cannot pull images that are stored in a Private private Google Container Registry.
Contact your authorized support representative for more information.
Post-
...
Deployment: results, and performance tuning
The following information provides details about post-deployment activities:
Manually trigger your first scan
When the OpsSight Connector is up and running, it automatically scans containers.
If you deployed the sample application as part of the GKE quickstart, you can see it being scanned.
...
Performance tuning for the OpsSight Connector
The OpsSight Connector can be customized at every level. Tune OpsSight for your cluster by manipulating logging, memory usage, CPU, timeouts and other parameters.
When you first install OpsSight, typical defaults are pre-selected, and taken in from your command line input. After OpsSight is running, you can manually edit the configuration parameters for OpsSight.
Refer to the OpsSight Configuration Guide for more information.
Support
If you have questions, email opssight-info@synopsys.com
...