Configure the OpenShift Container Platform

The Tenable integration for the Red Hat OpenShift Container Platform requires a service account configured with appropriate permissions. Complete the following steps to create the service account, and configure access:

1. Create a service account:

   $ oc create sa <service-account-name>

   serviceaccount "audit" created

2. Describe the service account to list the tokens:

   $ oc describe sa <service-account-name>

   Name: audit

   Tokens: audit-token-f4khf audit-token-z8h44

3. Retrieve the token for API authentication. The token value is used as the Token in the OpenShift Container Platform Nessus credential.

   $ oc describe secret <service-account-name>-token-z8h44

   Name: robot-token-uzkbh

   Labels: <none>

   Annotations:

   kubernetes.io/service-account.name=audit,kubernetes.io/service-account.uid=49f19e2e-16c6-11e5-afdc-3c970e4b7ffe

   Type: kubernetes.io/service-account-token

   Data token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...

4. Grant the service account appropriate permissions by logging in to your OpenShift cluster console: https://console-openshift-console.apps.openshift.<your-domain>

5. Create the following role, and add the role to the service account created in step 1:

   apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: audit-viewonly rules: - apiGroups: - '*' resources: - '*' verbs: - get - watch - list - view