Configure the OpenShift Container Platform

The Tenable integration for the Red Hat OpenShift Container Platform requires a service account configured with appropriate permissions. Complete the following steps to create the service account, and configure access:

  1. Create a service account:

    $ oc create sa <service-account-name>

    serviceaccount "audit" created

  2. Describe the service account to list the tokens:

    $ oc describe sa <service-account-name>

    Name: audit

    Tokens: audit-token-f4khf audit-token-z8h44

  3. Retrieve the token for API authentication. The token value is used as the Token in the OpenShift Container Platform Nessus credential.

    $ oc describe secret <service-account-name>-token-z8h44

    Name: robot-token-uzkbh

    Labels: <none>



    Data token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...

  4. Grant the service account appropriate permissions by logging in to your OpenShift cluster console: https://console-openshift-console.apps.openshift.<your-domain>

  1. Create the following role, and add the role to the service account created in step 1:

    apiVersion: kind: ClusterRole metadata: name: audit-viewonly rules: - apiGroups: - '*' resources: - '*' verbs: - get - watch - list - view