Versions Compared

Old Version 4

changes.mady.by.user Ray O'Meara

Saved on

compared with

New Version Current

changes.mady.by.user Chris Potts

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

This document describes how to install the OpsSight solution in Google's GKE (Google Kubernetes Engine). This page summarizes the OpsSight installation documentation/wiki/spaces/BDLM/pages/34242566, and adds additional information specifically relevant to GKE. Synopsys recommends familiarizing yourself with the installation documents, because they cover a broad range of topics that are not covered in this document.

Note: You must have purchased an OpsSight license to use OpsSight with Black Duck.

What is OpsSight?

OpsSight helps manage open-source risks associated with containers in orchestrated environments. The OpsSight solution consists of Synopsys Operator, OpsSight Connector, and a Black Duck server.

OpsSight Connector works with Black Duck to scan images deployed to your EKS cluster for open-source security vulnerabilities. The OpsSight Connector does the following tasks:

  • Discovers new objects in your cluster.
  • Determines content of objects in your cluster and sends signature information to one or more Black Duck instances.
  • Receives security-scan information back from Black Duck.
  • Annotates and labels cluster objects with security status.
  • Provides metrics about security scanning rates.

Black Duck provides the 'brain' of the OpsSight scanner, and detailed scan results are available in your Black Duck instance. When an image is scanned, OpsSight annotates and labels the associated containers with information, such as Black Duck policy violations and the number of vulnerabilities found. You can use these container annotations to enforce security policies, and to ensure that vulnerable containers are not deployed in production environments.

...

Info

Synopsys recommends that you read the Before You Begin and Overview/wiki/spaces/BDLM/pages/34537683 and /wiki/spaces/BDLM/pages/34275718 sections of the OpsSight documentation to become familiar with the solution before you start the installation.

OpsSight installation

The Synopsys recommended method for installing the OpsSight solution in GKE is by using Synopsys Operator/wiki/spaces/BDLM/pages/34373652.  Synopsys Operator is a cloud-native administration utility for Synopsys software that assists in the deployment and management of Synopsys software in orchestrated environments such as GKE. Learn about Synopsys Operator here/wiki/spaces/BDLM/pages/34373652To install all components of the OpsSight solution using the Synopsys Operator, follow the steps here/wiki/spaces/BDLM/pages/34406790.

Authenticating with a private GCR

...

Post-Deployment: results, and performance tuning

The following information provides details about post-deployment activities:


Manually trigger your first scan

...

Consuming the results

Refer to the OpsSight Usage Guide/wiki/spaces/BDLM/pages/34308463 to learn how to manage OpsSight data.
View pod annotations and labels on the Kubernetes Dashboard.

Performance tuning for the OpsSight Connector

The OpsSight Connector can be customized at every level. Tune OpsSight for your cluster by manipulating logging, memory usage, CPU, timeouts and other parameters.
When you first install OpsSight, typical defaults are pre-selected , and taken in from your command line input. After OpsSight is running, you can manually edit the configuration parameters for OpsSight.

Refer to the OpsSight Configuration Guide/wiki/spaces/BDLM/pages/34373997 for more information.

Support

If you have questions, email opssight-info@synopsys.com

...