Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade to RHACM 2.6 #11

Open
ch-stark opened this issue Nov 28, 2022 · 6 comments
Open

upgrade to RHACM 2.6 #11

ch-stark opened this issue Nov 28, 2022 · 6 comments

Comments

@ch-stark
Copy link

will work on PR
@michaelkotelnikov
Copy link
Owner

Thanks @ch-stark

@ch-stark
Copy link
Author

hi @michaelkotelnikov do you think we should add a tutorial for

  1. PolicyGenerator
  2. TemplatizedPolicies
  3. deploy Policies using ArgoCD using previous options
  4. Having a Kyverno-Policy
  5. Deploy-ApplicationSets
  6. ClusterSets (including GlobalClusterSets)

@michaelkotelnikov
Copy link
Owner

@ch-stark It's definitely something we need to implement.

I started working on a PolicyGenerator section a while back but got distracted with some other projects.

(slide 164) https://docs.google.com/presentation/d/1LCPvIT_nF5hwnrfYdlD0Zie4zdDxc0kxZtW3Io5jfFk/edit?usp=sharing
(generator demo policy) https://github.com/michaelkotelnikov/rhacm-workshop/tree/master/06.Advanced-Policy-Management/demo-policy-generator

It's something that needs to evolve into something practical that a participant may implement as part of the workshop

@ch-stark
Copy link
Author

ch-stark commented Dec 1, 2022

thanks @michaelkotelnikov

we can use this example and I'll discuss it with ACS team!
maybe you can have a look at:
https://github.com/ch-stark/argocdpoliciesblog/blob/main/blog.md

You can use PolicyGenerator (at Runtime) which also can be used for integration of Kyverno and Gatekeeper

PolicyGenerator can be used in ArgoCD to transform yaml-resources to Policies at Runtime. The integration works via
CustomTooling as you see [here](https://argo-cd.readthedocs.io/en/stable/operator-manual/custom_tools/).

Let's take the following example. You want to deploy the following resources together:

Deployment: define which image to run.
Service: component can be reached over the network.
Ingress: the outside world can access our Service.
ConfigMap: configure the component (often makes sense to make this templatized).
Secret: supply credentials to the component (often makes sense to make this templatized).
NetworkPolicy: restrict the component's attack surface.

so some deployment bundle together with this checks

@michaelkotelnikov
Copy link
Owner

@ch-stark Sounds great, we could definitely generate some exercises out of this, show all of the things add up to a complete integration story between all components.

@ch-stark
Copy link
Author

ch-stark commented Feb 1, 2023

@michaelkotelnikov let's close this and I work on ACM 2.7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michaelkotelnikov @ch-stark