This document describes how to install the OpsSight solution in Google's GKE (Google Kubernetes Engine). This page summarizes the /wiki/spaces/BDLM/pages/34242566, and adds additional information specifically relevant to GKE. Synopsys recommends familiarizing yourself with the installation documents, because they cover a broad range of topics that are not covered in this document.
Note: You must have purchased an OpsSight license to use OpsSight with Black Duck.
OpsSight helps manage open-source risks associated with containers in orchestrated environments. The OpsSight solution consists of Synopsys Operator, OpsSight Connector, and a Black Duck server.
OpsSight Connector works with Black Duck to scan images deployed to your EKS cluster for open-source security vulnerabilities. The OpsSight Connector does the following tasks:
Black Duck provides the 'brain' of the OpsSight scanner, and detailed scan results are available in your Black Duck instance. When an image is scanned, OpsSight annotates and labels the associated containers with information, such as Black Duck policy violations and the number of vulnerabilities found. You can use these container annotations to enforce security policies, and to ensure that vulnerable containers are not deployed in production environments.
Before you get started with OpsSight on GKE, you must satisfy the following requirements:
Synopsys recommends that you read the /wiki/spaces/BDLM/pages/34537683 and /wiki/spaces/BDLM/pages/34275718 sections of the OpsSight documentation to become familiar with the solution before you start the installation. |
The Synopsys recommended method for installing the OpsSight solution in GKE is by using /wiki/spaces/BDLM/pages/34373652. Synopsys Operator is a cloud-native administration utility for Synopsys software that assists in the deployment and management of Synopsys software in orchestrated environments such as GKE. Learn about Synopsys Operator /wiki/spaces/BDLM/pages/34373652. To install all components of the OpsSight solution using the Synopsys Operator, follow the steps /wiki/spaces/BDLM/pages/34406790.
OpsSight cannot pull images that are stored in a private Google Container Registry.
Contact your authorized support representative for more information.
The following information provides details about post-deployment activities:
When the OpsSight Connector is up and running, it automatically scans containers.
If you deployed the sample application as part of the GKE quickstart, you can see it being scanned.
Refer to the /wiki/spaces/BDLM/pages/34308463 to learn how to manage OpsSight data.
View pod annotations and labels on the Kubernetes Dashboard.
The OpsSight Connector can be customized at every level. Tune OpsSight for your cluster by manipulating logging, memory usage, CPU, timeouts and other parameters.
When you first install OpsSight, typical defaults are pre-selected and taken in from your command line input. After OpsSight is running, you can manually edit the configuration parameters for OpsSight.
Refer to the /wiki/spaces/BDLM/pages/34373997 for more information.
If you have questions, email opssight-info@synopsys.com