Skip to content

Commit 07906b5

Browse files
stencellstencell
committed
updates for 2.0
1 parent 1e0c2b2 commit 07906b5

6 files changed

+76
-72
lines changed

apps/etherpad/dev-placement-rule.yaml

+2-2
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,8 @@ metadata:
55
namespace: etherpad
66
spec:
77
clusterConditions:
8-
- type: OK
8+
- type: ManagedClusterConditionAvailable
9+
status: "True"
910
clusterSelector:
10-
matchExpressions: []
1111
matchLabels:
1212
environment: dev

resources/policies/cert_expiration.yaml

+18-21
Original file line numberDiff line numberDiff line change
@@ -1,31 +1,28 @@
1-
apiVersion: policy.mcm.ibm.com/v1alpha1
1+
---
2+
apiVersion: policy.open-cluster-management.io/v1
23
kind: Policy
34
metadata:
45
name: policy-certificate
56
namespace: rhacm-policies
67
spec:
7-
complianceType: musthave
8+
remediationAction: inform
89
disabled: false
9-
namespaces: {}
1010
policy-templates:
11-
- objectDefinition:
12-
apiVersion: policies.ibm.com/v1alpha1
13-
kind: CertificatePolicy
14-
metadata:
15-
name: policy-certificatepolicy-example
16-
spec:
17-
minimumDuration: 2200h
18-
namespaceSelector:
19-
exclude: []
20-
include:
21-
- openshift-ingress
22-
remediationAction: inform
23-
severity: low
24-
status:
25-
Validity: {}
26-
remediationAction: inform
11+
- objectDefinition:
12+
apiVersion: policy.open-cluster-management.io/v1
13+
kind: CertificatePolicy
14+
metadata:
15+
name: policy-certificate-example
16+
spec:
17+
namespaceSelector:
18+
include:
19+
- openshift-ingress
20+
exclude: []
21+
remediationAction: inform
22+
severity: low
23+
minimumDuration: 2200h
2724
---
28-
apiVersion: mcm.ibm.com/v1alpha1
25+
apiVersion: policy.open-cluster-management.io/v1
2926
kind: PlacementBinding
3027
metadata:
3128
name: certificate-placement-binding
@@ -37,4 +34,4 @@ placementRef:
3734
subjects:
3835
- name: policy-certificate
3936
kind: Policy
40-
apiGroup: policy.mcm.ibm.com
37+
apiGroup: policy.open-cluster-management.io

resources/policies/config_limitrange.yaml

+43-36
Original file line numberDiff line numberDiff line change
@@ -1,42 +1,49 @@
1-
apiVersion: policy.mcm.ibm.com/v1alpha1
1+
apiVersion: policy.open-cluster-management.io/v1
22
kind: Policy
33
metadata:
4-
name: policy-configuration
5-
namespace: rhacm-policies
4+
name: policy-limitmemory
5+
namespace: rhacm-policies
66
spec:
7-
complianceType: musthave
87
remediationAction: enforce
9-
namespaces:
10-
exclude:
11-
- kube-*
12-
- openshift-*
13-
- openshift
14-
- default
15-
- multicluster-endpoint
16-
include:
17-
- '*'
18-
object-templates:
19-
- complianceType: musthave
20-
namespaces:
21-
exclude:
22-
objectDefinition:
23-
apiVersion: v1
24-
kind: LimitRange
8+
disabled: false
9+
policy-templates:
10+
- objectDefinition:
11+
apiVersion: policy.open-cluster-management.io/v1
12+
kind: ConfigurationPolicy
2513
metadata:
26-
name: default-limit-range
14+
name: policy-limitrange
2715
spec:
28-
limits:
29-
- type: Container
30-
default:
31-
cpu: 500m
32-
memory: 512Mi
33-
defaultRequest:
34-
cpu: 50m
35-
memory: 256Mi
36-
max:
37-
cpu: 2
38-
memory: 4Gi
39-
- type: Pod
40-
max:
41-
cpu: 4
42-
memory: 8Gi
16+
severity: medium
17+
namespaceSelector:
18+
exclude:
19+
- kube-*
20+
- openshift-*
21+
- openshift
22+
- open-cluster*
23+
- default
24+
- multicluster-endpoint
25+
include:
26+
- '*'
27+
object-templates:
28+
- complianceType: musthave
29+
objectDefinition:
30+
apiVersion: v1
31+
kind: LimitRange
32+
metadata:
33+
name: default-limit-range
34+
spec:
35+
limits:
36+
- type: Container
37+
default:
38+
cpu: 500m
39+
memory: 512Mi
40+
defaultRequest:
41+
cpu: 50m
42+
memory: 256Mi
43+
max:
44+
cpu: 2
45+
memory: 4Gi
46+
- type: Pod
47+
max:
48+
cpu: 4
49+
memory: 8Gi

resources/policies/config_placement_binding.yaml

+4-4
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
1-
apiVersion: mcm.ibm.com/v1alpha1
1+
apiVersion: policy.open-cluster-management.io/v1
22
kind: PlacementBinding
33
metadata:
4-
name: config-placement-binding
4+
name: binding-policy-limitmemory
55
namespace: rhacm-policies
66
placementRef:
77
name: dev-clusters
88
kind: PlacementRule
99
apiGroup: apps.open-cluster-management.io
1010
subjects:
11-
- name: policy-configuration
11+
- name: policy-limitmemory
1212
kind: Policy
13-
apiGroup: policy.mcm.ibm.com
13+
apiGroup: policy.open-cluster-management.io

resources/policies/config_placement_rule.yaml

+2-1
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,8 @@ metadata:
55
namespace: rhacm-policies
66
spec:
77
clusterConditions:
8-
- type: OK
8+
- type: ManagedClusterConditionAvailable
9+
status: "True"
910
clusterSelector:
1011
matchExpressions:
1112
- key: environment

resources/policies/iam.yaml

+7-8
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,25 @@
1-
apiVersion: policy.mcm.ibm.com/v1alpha1
1+
apiVersion: policy.open-cluster-management.io/v1
22
kind: Policy
33
metadata:
4-
name: policy-iam
4+
name: policy-limitclusteradmin
55
namespace: rhacm-policies
66
spec:
77
complianceType: musthave
88
remediationAction: inform
99
disabled: false
10-
namespaces: {}
1110
policy-templates:
1211
- objectDefinition:
13-
apiVersion: iam.policies.ibm.com/v1alpha1
12+
apiVersion: policy.open-cluster-management.io/v1
1413
kind: IamPolicy
1514
metadata:
16-
name: policy-clusteradmin
15+
name: policy-limitclusteradmin-example
1716
spec:
1817
severity: medium
1918
namespaceSelector: {}
2019
remediationAction: inform
21-
maxClusterRoleBindingUsers: 3
20+
maxClusterRoleBindingUsers: 5
2221
---
23-
apiVersion: mcm.ibm.com/v1alpha1
22+
apiVersion: policy.open-cluster-management.io/v1
2423
kind: PlacementBinding
2524
metadata:
2625
name: binding-policy-iam
@@ -32,4 +31,4 @@ placementRef:
3231
subjects:
3332
- name: policy-iam
3433
kind: Policy
35-
apiGroup: policy.mcm.ibm.com
34+
apiGroup: policy.open-cluster-management.io

0 commit comments

Comments
 (0)