Approval strategy

The IBM® Security QRadar® EDR operator can be upgraded automatically when new compatible versions are available. However, you can control whether an operator is upgraded automatically by setting an approval strategy.

Two approval strategies are available:

  • Automatic (default) - New operator versions are installed automatically when they are available on the subscription channel.
  • Manual - When a new operator version is available on the subscription channel, the subscription indicates that an update is available, but you must approve the update manually.

When you install the QRadar EDR operator, you can choose to install it with Manual approval. However, setting any operator in the QRadar EDR namespace to Manual means that all operators in the QRadar EDR namespace are treated as though they are set to Manual.

Modifying the approval strategy

You can change the approval strategy as needed.

Before you begin

Make sure that Red Hat® OpenShift® CLI 4.14 or later is installed.

Procedure

  1. Log in to your Red Hat OpenShift Container Platform cluster as a cluster administrator by typing one of the following commands, where <openshift_url> is the URL for your Red Hat OpenShift Container Platform environment.
    • Using a username and password.
      oc login <openshift_url> -u <cluster_admin_user> -p <cluster_admin_password>
    • Using a token.
      oc login --token=<token> --server=<openshift_url>
  2. Set the $QRADAR_EDR_NAMESPACE environment variable by typing the following command, where <qradar_edr_namespace> is the namespace where QRadar EDR is installed.
    export QRADAR_EDR_NAMESPACE=<qradar_edr_namespace>
  3. Optional: If QRadar EDR is installed in the All namespace mode, run the following command.
    export ALL_NAMESPACE_NS=openshift-operators
    1. To determine whether QRadar EDR is running in the All namespace mode, run the following command.
      oc get pod -lapp.kubernetes.io/instance=ibm-security-edr-operator --all-namespaces -o custom-columns='NAMESPACE:.metadata.namespace' 
      If the command returns the following output, QRadar EDR is running in the All namespace mode.
      NAMESPACE
      openshift-operators 
  4. Modify the approval strategy in the QRadar EDR operator subscription by typing one of the following commands, where <approval_strategy> is either Automatic or Manual.
    1. If QRadar EDR is deployed in the All namespace mode, use the following command.
      for sub in $(oc get sub -n $ALL_NAMESPACE_NS -o name) 
      do 
        oc patch -n $ALL_NAMESPACE_NS $sub --type merge -p '{"spec":{"installPlanApproval":"<approval_strategy>"}}' done
    2. If QRadar EDR is not deployed in the All namespace mode, use the following command.
      for sub in $(oc get sub -n $QRADAR_EDR_NAMESPACE -o name)
      do
        oc patch -n $QRADAR_EDR_NAMESPACE $sub --type merge -p '{"spec":{"installPlanApproval":"<approval_strategy>"}}'
      done 
  5. Modify the approval strategy for the foundational services subscription in the foundational services namespace by typing the following command, where <approval_strategy> is either Automatic or Manual.
    csns=$(oc get cm -n $QRADAR_EDR_NAMESPACE cp4s-config -o jsonpath="{.data.CSNamespace}")
    echo "Patching subscriptions in common service namespace: ${csns}" 
    for sub in $(oc get sub -n $csns -o name)
    do
      oc patch -n $csns $sub --type merge -p '{"spec":{"installPlanApproval":"<approval_strategy>"}}'
    done