Historically, Helm and the "manifest installation" methods were the only way to install the community, StackRox-branded build. An operator was available only for the "Red Hat Advanced Cluster Security"-branded build.
This is changing. Due to significant maintenance burden of three installation methods, we are planning to consolidate on just one: the operator.
As the first step, in the 4.10 release we proved the simplest possible, temporary way to install the community StackRox-branded operator. We hope this is useful to the community for getting to know the operator.
See this document in the release-4.10 branch for instructions for the above.
The following text describes the installation for the upcoming 4.11 release.
Once 4.11 is released, installing the operator is simply a matter of:
helm repo add stackrox https://raw.githubusercontent.com/stackrox/helm-charts/main/opensource/
helm install --wait --namespace stackrox-operator-system --create-namespace stackrox-operator stackrox/stackrox-operatorWarning
If you are upgrading from a 4.10.x operator manifest-based installation, include --take-ownership in the helm command line.
You'll want at least helm 3.18 (released May 19, 2025) for this to work correctly with CRDs.
Once the operator is running, to actually deploy StackRox you need to create a Central and/or a SecuredCluster custom resource.
Please have a look at the samples directory.
Before applying the SecuredCluster CR you need to retrieve from central and apply on the cluster a cluster registration secret.
Documentation for the custom resource schema - the way to customize your StackRox deployment - is currently only available at the Red Hat documentation portal.
You may encounter a few references to RH ACS when using the operator in places such as:
- the descriptions of a few fields in the OpenAPI schema of the custom resources
- the
UserAgentheader used by the operator controller when talking to the kube API server - central web UI when generating cluster registration secrets
These will be cleaned up in a future release.