We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Best way to setup the example and to provide a nice onboarding experience to to apply three policies:
apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: name: openshift-gitops-installed annotations: policy.open-cluster-management.io/standards: NIST SP 800-53 policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration spec: remediationAction: enforce disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: openshift-gitops-installed spec: remediationAction: enforce severity: medium object-templates: - complianceType: musthave objectDefinition: # This is an auto-generated file. DO NOT EDIT apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: openshift-gitops-operator namespace: openshift-operators labels: operators.coreos.com/openshift-gitops-operator.openshift-operators: '' spec: channel: stable installPlanApproval: Automatic name: openshift-gitops-operator source: redhat-operators sourceNamespace: openshift-marketplace --- apiVersion: policy.open-cluster-management.io/v1 kind: PlacementBinding metadata: name: binding-argo-development placementRef: name: all-openshift kind: PlacementRule apiGroup: apps.open-cluster-management.io subjects: - name: openshift-gitops-installed kind: Policy apiGroup: policy.open-cluster-management.io --- --- apiVersion: apps.open-cluster-management.io/v1 kind: PlacementRule metadata: name: all-openshift spec: clusterConditions: - status: "True" type: ManagedClusterConditionAvailable clusterSelector: matchExpressions: - {key: environment, operator: In, values: ["dev"]}`
apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: name: openshift-gitops-policygenerator annotations: policy.open-cluster-management.io/standards: NIST SP 800-53 policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration spec: remediationAction: inform disabled: false dependencies: - apiVersion: policy.open-cluster-management.io/v1 compliance: Compliant kind: Policy name: openshift-gitops-installed policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: openshift-gitops-policygenerator spec: dependencies: - name: openshift-gitops-policygenerator apiVersion: policy.open-cluster-management.io/v1 compliance: Compliant kind: Policy remediationAction: inform severity: medium object-templates: - complianceType: musthave objectDefinition: apiVersion: argoproj.io/v1alpha1 kind: ArgoCD metadata: name: openshift-gitops namespace: openshift-gitops spec: repo: env: - name: KUSTOMIZE_PLUGIN_HOME value: /etc/kustomize/plugin initContainers: - args: - -c - cp /etc/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator/PolicyGenerator /policy-generator/PolicyGenerator command: - /bin/bash image: registry.redhat.io/rhacm2/multicluster-operators-subscription-rhel8:v2.7 name: policy-generator-install volumeMounts: - mountPath: /policy-generator name: policy-generator volumeMounts: - mountPath: /etc/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator name: policy-generator volumes: - emptyDir: {} name: policy-generator kustomizeBuildOptions: --enable-alpha-plugins - complianceType: musthave objectDefinition: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: openshift-gitops-policy-admin rules: - verbs: - get - list - watch - create - update - patch - delete apiGroups: - policy.open-cluster-management.io resources: - policies - placementbindings - verbs: - get - list - watch - create - update - patch - delete apiGroups: - apps.open-cluster-management.io resources: - placementrules - verbs: - get - list - watch - create - update - patch - delete apiGroups: - cluster.open-cluster-management.io resources: - placements - placements/status - placementdecisions - placementdecisions/status - complianceType: musthave objectDefinition: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: openshift-gitops-policy-admin subjects: - kind: ServiceAccount name: openshift-gitops-argocd-application-controller namespace: openshift-gitops roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: openshift-gitops-policy-admin --- apiVersion: policy.open-cluster-management.io/v1 kind: PlacementBinding metadata: name: binding-openshift-gitops-policygenerator placementRef: name: placement-openshift-gitops-policygenerator kind: PlacementRule apiGroup: apps.open-cluster-management.io subjects: - name: openshift-gitops-policygenerator kind: Policy apiGroup: policy.open-cluster-management.io --- apiVersion: apps.open-cluster-management.io/v1 kind: PlacementRule metadata: name: placement-openshift-gitops-policygenerator spec: clusterSelector: matchExpressions: - {key: name, operator: In, values: ["local-cluster"]}
apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: name: policy-gatekeeper-application namespace: default annotations: policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/standards: NIST SP 800-53 policy.open-cluster-management.io/controls: CM-2 Baseline Configuration spec: disabled: false dependencies: - apiVersion: policy.open-cluster-management.io/v1 compliance: Compliant kind: Policy name: openshift-gitops-policygenerator policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: policy-application-gatekeeper spec: remediationAction: inform severity: low namespaceSelector: exclude: - kube-* include: - default object-templates: - complianceType: musthave objectDefinition: apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: policiesgatekeeper namespace: openshift-gitops spec: destination: namespace: openshift-gitops server: https://kubernetes.default.svc project: default source: path: . repoURL: https://github.com/ch-stark/gatekeeper-examples targetRevision: HEAD syncPolicy: syncOptions: - CreateNamespace=true automated: selfHeal: false prune: true pruneObjectBehavior: DeleteIfCreated --- apiVersion: policy.open-cluster-management.io/v1 kind: PlacementBinding metadata: name: gatekeeper-application-placement namespace: default placementRef: name: placement-openshift-gitops-policygenerator apiGroup: apps.open-cluster-management.io kind: PlacementRule subjects: - name: gatekeeper-application apiGroup: policy.open-cluster-management.io kind: Policy
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Best way to setup the example and to provide a nice onboarding experience to to apply three policies:
The text was updated successfully, but these errors were encountered: