8000 🤖 Sync from open-cluster-management-io/policy-collection: #487 by magic-mirror-bot[bot] · Pull Request #78 · stolostron/policy-collection · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

🤖 Sync from open-cluster-management-io/policy-collection: #487 #78

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 5, 2024
Merged

🤖 Sync from open-cluster-management-io/policy-collection: #487 #78

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
0 ...nt/policy-kyverno-add-network-policy.yaml → ...nt/policy-kyverno-add-network-policy.yaml
View file
Open in desktop
File renamed without changes.
0 ...-Management/policy-kyverno-add-quota.yaml → ...-Management/policy-kyverno-add-quota.yaml
View file
Open in desktop
File renamed without changes.
0 ...nagement/policy-kyverno-sync-secrets.yaml → ...nagement/policy-kyverno-sync-secrets.yaml
View file
Open in desktop
File renamed without changes.
4 changes: 3 additions & 1 deletion community/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,9 @@ Policy | Description | Prerequisites
[Policy to restore a stateful application with OADP](./CM-Configuration-Management/acm-app-pv-backup/resources/policies/oadp-hdr-app-restore.yaml) | Last of 3 policies, used to restore stateful applications on managed clusters. | For more information, see [ACM Application Backup and Restore policy readme](./CM-Configuration-Management/acm-app-pv-backup/README.md)
[Policy to automatically import ROSA clusters](./CM-Configuration-Management/policy-rosa-autoimport.yaml) | Use this policy to automatically import discovered ROSA clusters as a managed cluster. | By default this policy will configure ROSA discovered clusters to be automatically imported as a managed cluster. Edit the ConfigMap to adjust the discovered cluster filter. Edit the managed cluster resource to change the default ManagedClusterSet the mananged cluster is added to.
[Policy to automatically import MultiClusterEngine HCP clusters](./CM-Configuration-Management/policy-mce-hcp-autoimport.yaml) | Use this policy to automatically import discovered MultiClusterEngine HCP clusters as a managed cluster. | By default this policy will configure MultiClusterEngine HCP discovered clusters to be automatically imported as a managed cluster. Edit the ConfigMap to adjust the discovered cluster filter. Edit the managed cluster resource to change the default ManagedClusterSet the mananged cluster is added to.

[Kyverno Generate Network Policies](../CM-Configuration-Management/policy-kyverno-add-network-policy.yaml) | Configures a new `NetworkPolicy` resource named `default-deny` which will deny all traffic anytime a new Namespace is created. | See the [Kyverno project](https://github.com/kyverno/kyverno). **Note**: Kyverno controller must be installed to use the kyverno policy. See the [Policy to install Kyverno](../../community/CM-Configuration-Management/policy-install-kyverno.yaml) in the community folder.
[Kyverno Generate Quota](../CM-Configuration-Management/policy-kyverno-add-quota.yaml) | Configures new `ResourceQuota` and `LimitRange` resources anytime a new Namespace is created. | See the [Kyverno project](https://github.com/kyverno/kyverno). **Note**: Kyverno controller must be installed to use the kyverno policy. See the [Policy to install Kyverno](../../community/CM-Configuration-Management/policy-install-kyverno.yaml) in the community folder.
[Kyverno Sync Secrets](../CM-Configuration-Management/policy-kyverno-sync-secrets.yaml) | This policy will copy a Secret called `regcred` which exists in the `default` Namespace to new Namespaces when they are created and it will keep the secret updated with changes. | See the [Kyverno project](https://github.com/kyverno/kyverno). **Note**: Kyverno controller must be installed to use the kyverno policy. See the [Policy to install Kyverno](../../community/CM-Configuration-Management/policy-install-kyverno.yaml) in the community folder.
### Contingency Planning

Policy | Description | Prerequisites
Expand Down
3 changes: 0 additions & 3 deletions stable/CM-Configuration-Management/README.md
76D0
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,5 @@ Policy | Description | Prerequisites
[policy-pod](../CM-Configuration-Management/policy-pod.yaml) | Ensures that a pod exists as specified. |
[policy-zts-cmc](../CM-Configuration-Management/policy-zts-cmc.yaml) | This example deploys a replica of \`zts-cmc-deployment\`. | See the [Zettaset README.stable(https://github.com/zettaset/zettaset-public/) to learn more about Zettaset CMC Deployment.
[Scan your cluster with the OpenShift CIS security profile](../CM-Configuration-Management/policy-compliance-operator-cis-scan.yaml) | This example creates a ScanSettingBinding that the ComplianceOperator uses to scan the cluster for compliance with the OpenShift CIS benchmark. | See the [Compliance Operator repository](https://github.com/openshift/compliance-operator) to learn more about the operator. **Note**: The Compliance Operator must be installed to use this policy. See the [Compliance operator policy](../CA-Security-Assessment-and-Authorization/policy-compliance-operator-install.yaml) to install the Compliance Operator with a policy.
[Kyverno Generate Network Policies](../CM-Configuration-Management/policy-kyverno-add-network-policy.yaml) | Configures a new `NetworkPolicy` resource named `default-deny` which will deny all traffic anytime a new Namespace is created. | See the [Kyverno project](https://github.com/kyverno/kyverno). **Note**: Kyverno controller must be installed to use the kyverno policy. See the [Policy to install Kyverno](../../community/CM-Configuration-Management/policy-install-kyverno.yaml) in the community folder.
[Kyverno Generate Quota](../CM-Configuration-Management/policy-kyverno-add-quota.yaml) | Configures new `ResourceQuota` and `LimitRange` resources anytime a new Namespace is created. | See the [Kyverno project](https://github.com/kyverno/kyverno). **Note**: Kyverno controller must be installed to use the kyverno policy. See the [Policy to install Kyverno](../../community/CM-Configuration-Management/policy-install-kyverno.yaml) in the community folder.
[Kyverno Sync Secrets](../CM-Configuration-Management/policy-kyverno-sync-secrets.yaml) | This policy will copy a Secret called `regcred` which exists in the `default` Namespace to new Namespaces when they are created and it will keep the secret updated with changes. | See the [Kyverno project](https://github.com/kyverno/kyverno). **Note**: Kyverno controller must be installed to use the kyverno policy. See the [Policy to install Kyverno](../../community/CM-Configuration-Management/policy-install-kyverno.yaml) in the community folder.

You can contribute more policies that map to the Configuration Management catalog. See [Contibuting policies](https://github.com/stolostron/policy-collection/blob/main/docs/CONTRIBUTING.md) for more details.
0