Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🤖 Sync from open-cluster-management-io/governance-policy-addon-controller: #156 #555

Merged
merged 1 commit into from
May 29, 2024
Merged

🤖 Sync from open-cluster-management-io/governance-policy-addon-controller: #156 #555

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 37 additions & 6 deletions ...edclusterchart/templates/policy.open-cluster-management.io_configurationpolicies_crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,14 +162,29 @@ spec:
x-kubernetes-preserve-unknown-fields: true
recordDiff:
description: |-
RecordDiff specifies whether (and where) to log the diff between the object on the
cluster and the objectDefinition in the policy. Defaults to "None" when the object kind is
ConfigMap, OAuthAccessToken, OAuthAuthorizeTokens, Route, or Secret. Defaults to "InStatus" otherwise.
RecordDiff specifies whether and where to log the difference between the object on the cluster
and the `objectDefinition` parameter in the policy. The supported options are `InStatus` to record the
difference in the policy status field, `Log` to log the difference in the
`config-policy-controller` pod, and `None` to not log the difference. The default value is `None` for
object kinds that include sensitive data such as `ConfigMap`, `OAuthAccessToken`,
`OAuthAuthorizeTokens`, `Route`, and `Secret`, or when a templated `objectDefinition` references sensitive
data. For all other kinds, the default value is `InStatus`.
enum:
- Log
- InStatus
- None
type: string
recreateOption:
description: |-
RecreateOption describes whether to delete and recreate an object when an update is required. `IfRequired`
will recreate the object when updating an immutable field. `Always` will always recreate the object if a mismatch
is detected. `RecreateOption` has no effect when the `remediationAction` is `inform`. `IfRequired` has no effect
on clusters without dry run update support. The default value is `None`.
enum:
- None
- IfRequired
- Always
type: string
required:
- complianceType
- objectDefinition
Expand Down Expand Up @@ -491,14 +506,30 @@ spec:
x-kubernetes-preserve-unknown-fields: true
recordDiff:
description: |-
RecordDiff specifies whether (and where) to log the diff between the object on the
cluster and the objectDefinition in the policy. Defaults to "None" when the object kind is
ConfigMap, OAuthAccessToken, OAuthAuthorizeTokens, Route, or Secret. Defaults to "InStatus" otherwise.
RecordDiff specifies whether and where to log the difference between the object on the cluster
and the `objectDefinition` parameter in the policy. The supported options are `InStatus` to record the
difference in the policy status field, `Log` to log the difference in the
`config-policy-controller` pod, and `None` to not log the difference. The default value is `None` for
object kinds that include sensitive data such as `ConfigMap`, `OAuthAccessToken`,
`OAuthAuthorizeTokens`, `Route`, and `Secret`, or when a templated `objectDefinition` references sensitive
data. For all other kinds, the default value is `InStatus`.
enum:
- Log
- InStatus
- None
type: string
recreateOption:
default: None
description: |-
RecreateOption describes whether to delete and recreate an object when an update is required. `IfRequired`
will recreate the object when updating an immutable field. `Always` will always recreate the object if a mismatch
is detected. `RecreateOption` has no effect when the `remediationAction` is `inform`. `IfRequired` has no effect
on clusters without dry run update support. The default value is `None`.
enum:
- None
- IfRequired
- Always
type: string
required:
- complianceType
- objectDefinition
Expand Down
21 changes: 21 additions & 0 deletions ...managedclusterchart/templates/policy.open-cluster-management.io_operatorpolicies_crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,16 @@ spec:
https://olm.operatorframework.io/docs/concepts/crds/subscription/
type: object
x-kubernetes-preserve-unknown-fields: true
upgradeApproval:
description: |-
UpgradeApproval determines whether 'upgrade' InstallPlans for the operator will be approved
by the controller when the policy is enforced and in 'musthave' mode. The initial InstallPlan
approval is not affected by this setting. This setting has no effect when the policy is in
'mustnothave' mode. Allowed values are "None" or "Automatic".
enum:
- None
- Automatic
type: string
versions:
description: |-
Versions is a list of nonempty strings that specifies which installed versions are compliant when
Expand All @@ -136,6 +146,7 @@ spec:
required:
- complianceType
- subscription
- upgradeApproval
type: object
status:
description: OperatorPolicyStatus defines the observed state of OperatorPolicy
Expand Down Expand Up @@ -207,6 +218,13 @@ spec:
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
overlappingPolicies:
description: |-
The list of overlapping OperatorPolicies (as name.namespace) which all manage the same
subscription, including this policy. When no overlapping is detected, this list will be empty.
items:
type: string
type: array
relatedObjects:
description: List of resources processed by the policy
items:
Expand Down Expand Up @@ -253,6 +271,9 @@ spec:
type: string
type: object
type: array
resolvedSubscriptionLabel:
description: The resolved name.namespace of the subscription
type: string
type: object
type: object
served: true
Expand Down