Delete placementrule and placementbinding under configurationPolicy

Signed-off-by: yiraeChristineKim <[email protected]>
open-cluster-management-io · Jul 30, 2024 · 49ccb38 · 49ccb38
1 parent 8ac6ec7
commit 49ccb38
Show file tree

Hide file tree

Showing 6 changed files with 2 additions and 305 deletions.
diff --git a/community/CM-Configuration-Management/policy-argocd-kubernetes.yaml b/community/CM-Configuration-Management/policy-argocd-kubernetes.yaml
@@ -57,23 +57,6 @@ spec:
                   packageOverrides:
                     - packageAlias: argo-cd
                       packageName: argo-cd
-                  placement:
-                    placementRef:
-                      name: helmchartargo-placement-1
-                      kind: PlacementRule
-            - complianceType: musthave
-              objectDefinition:
-                apiVersion: apps.open-cluster-management.io/v1
-                kind: PlacementRule
-                metadata:
-                  name: helmchartargo-placement-1
-                  namespace: argocd
-                  labels:
-                    app: helmchartargo
-                spec:
-                  clusterSelector:
-                    matchLabels:
-                      environment: dev
             - complianceType: musthave
               objectDefinition:
                 apiVersion: apps.open-cluster-management.io/v1
@@ -86,28 +69,3 @@ spec:
                 spec:
                   pathname: https://charts.wener.tech
                   type: HelmRepo
----
-apiVersion: policy.open-cluster-management.io/v1
-kind: PlacementBinding
-metadata:
-  name: binding-argocd-kubernetes
-placementRef:
-  name: placement-argocd-kubernetes
-  kind: PlacementRule
-  apiGroup: apps.open-cluster-management.io
-subjects:
-  - name: policy-argocd-kubernetes
-    kind: Policy
-    apiGroup: policy.open-cluster-management.io
----
-apiVersion: apps.open-cluster-management.io/v1
-kind: PlacementRule
-metadata:
-  name: placement-argocd-kubernetes
-spec:
-  clusterSelector:
-    matchExpressions:
-      - key: local-cluster
-        operator: In
-        values:
-          - 'true'
diff --git a/community/CM-Configuration-Management/policy-install-external-secrets.yaml b/community/CM-Configuration-Management/policy-install-external-secrets.yaml
@@ -1,7 +1,5 @@
 # This policy deploys the external secrets helm chart by creating application resources on the
 # Open Cluster Management hub.  The policy must be deployed to the Open Cluster Management hub, 
-# but update the embedded PlacementRule resource in this
-# policy to configure which managed clusters the application will be placed on.
 
 apiVersion: policy.open-cluster-management.io/v1
 kind: Policy
@@ -100,53 +98,5 @@ spec:
                   packageOverrides:
                     - packageAlias: kubernetes-external-secrets
                       packageName: kubernetes-external-secrets
-                  placement:
-                    placementRef:
-                      kind: PlacementRule
-                      name: external-secrets-placement
           remediationAction: enforce
           severity: low
-    - objectDefinition:
-        apiVersion: policy.open-cluster-management.io/v1
-        kind: ConfigurationPolicy
-        metadata:
-          name: external-secrets-replication-placement
-        spec:
-          object-templates:
-            - complianceType: musthave
-              objectDefinition:
-                apiVersion: apps.open-cluster-management.io/v1
-                kind: PlacementRule
-                metadata:
-                  name: external-secrets-placement
-                  namespace: external-secrets-system
-                  labels:
-                    app: external-secrets
-                spec:
-                  clusterSelector:
-                    matchLabels:
-                      environment: dev
-          remediationAction: enforce
-          severity: high
----
-apiVersion: policy.open-cluster-management.io/v1
-kind: PlacementBinding
-metadata:
-  name: binding-external-secrets-policy-app
-placementRef:
-  apiGroup: apps.open-cluster-management.io
-  kind: PlacementRule
-  name: placement-external-secrets-policy-app
-subjects:
-  - apiGroup: policy.open-cluster-management.io
-    kind: Policy
-    name: external-secrets-policy
----
-apiVersion: apps.open-cluster-management.io/v1
-kind: PlacementRule
-metadata:
-  name: placement-external-secrets-policy-app
-spec:
-  clusterSelector:
-    matchLabels:
-      name: local-cluster
diff --git a/community/CM-Configuration-Management/policy-install-kyverno.yaml b/community/CM-Configuration-Management/policy-install-kyverno.yaml
@@ -110,23 +110,6 @@ spec:
                               initialDelaySeconds: 35
                               periodSeconds: 20
                             securityContext: null
-                  placement:
-                    placementRef:
-                      name: kyverno-placement-1
-                      kind: PlacementRule
-            - complianceType: mustonlyhave
-              objectDefinition:
-                apiVersion: apps.open-cluster-management.io/v1
-                kind: PlacementRule
-                metadata:
-                  name: kyverno-placement-1
-                  namespace: kyverno
-                  labels:
-                    app: kyverno
-                spec:
-                  clusterSelector:
-                    matchLabels:
-                      environment: dev
             - complianceType: musthave
               objectDefinition:
                 apiVersion: apps.open-cluster-management.io/v1
@@ -139,28 +122,3 @@ spec:
                 spec:
                   pathname: https://kyverno.github.io/kyverno
                   type: HelmRepo
----
-apiVersion: policy.open-cluster-management.io/v1
-kind: PlacementBinding
-metadata:
-  name: binding-policy-install-kyverno
-placementRef:
-  name: placement-policy-install-kyverno
-  kind: PlacementRule
-  apiGroup: apps.open-cluster-management.io
-subjects:
-  - name: policy-install-kyverno
-    kind: Policy
-    apiGroup: policy.open-cluster-management.io
----
-apiVersion: apps.open-cluster-management.io/v1
-kind: PlacementRule
-metadata:
-  name: placement-policy-install-kyverno
-spec:
-  clusterSelector:
-    matchExpressions:
-      - key: local-cluster
-        operator: In
-        values:
-          - 'true'
diff --git a/...ity/CM-Configuration-Management/policy-install-triliovault-for-kubernetes-using-helm.yaml b/...ity/CM-Configuration-Management/policy-install-triliovault-for-kubernetes-using-helm.yaml
@@ -4,10 +4,6 @@
 # ./CM-Configuration-Management/policy-create-license-triliovault-for-kubernetes-upstream.yaml.  
 # Please conact [email protected] for further support.
 #
-# You must make sure the PlacementRule for the Policy installs the policy on the
-# Open Cluster Management hub. The PlacementRule inside the Policy is what determines which clusters
-# TVK will be installed on.
-#
 # Note that it is set to enforce by default.
 #
 # Please refer product documentation at https://docs.trilio.io/kubernetes/overview/readme 
@@ -127,61 +123,4 @@ spec:
                   packageOverrides:
                   - packageName: k8s-triliovault-operator
                     packageAlias: k8s-triliovault-operator
-                  placement:
-                    placementRef:
-                      name: placement-policy-tvk-1
-                      kind: PlacementRule
-    - objectDefinition:
-        apiVersion: policy.open-cluster-management.io/v1
-        kind: ConfigurationPolicy
-        metadata:
-          name: policy-tvk-placement
-        spec:
-          remediationAction: enforce
-          severity: high
-          object-templates:
-            - complianceType: musthave
-              objectDefinition:
-                apiVersion: apps.open-cluster-management.io/v1
-                kind: PlacementRule
-                metadata:
-                  name: placement-policy-tvk-1
-                  namespace: trilio-system
-                  labels:
-                    app: tvk
-                spec:
-                  clusterSelector:
-                    matchExpressions:
-                      - key: vendor
-                        operator: NotIn
-                        values:
-                          - OpenShift
-                      - key: protected-by
-                        operator: In
-                        values:
-                          - triliovault
----
-apiVersion: apps.open-cluster-management.io/v1
-kind: PlacementRule
-metadata:
-  name: install-tvk-placement
-spec:
-  clusterSelector:
-    matchExpressions:
-      - key: name
-        operator: In
-        values:
-          - local-cluster
----
-apiVersion: policy.open-cluster-management.io/v1
-kind: PlacementBinding
-metadata:
-  name: install-tvk-placement
-placementRef:
-  name: install-tvk-placement
-  apiGroup: apps.open-cluster-management.io
-  kind: PlacementRule
-subjects:
-  - name: install-tvk-helm
-    apiGroup: policy.open-cluster-management.io
-    kind: Policy
+
diff --git a/community/CM-Configuration-Management/policy-sriovnetwork-templatized.yaml b/community/CM-Configuration-Management/policy-sriovnetwork-templatized.yaml
@@ -38,31 +38,6 @@ spec:
                   vlan: '{{hub fromConfigMap "" "site-config"  (printf "%s-vlan" .ManagedClusterName) | toInt hub}}'
 ---
 apiVersion: policy.open-cluster-management.io/v1
-kind: PlacementBinding
-metadata:
-  name: binding-policy-site-nw-templatized-common
-placementRef:
-  name: placement-policy-site-nw-templatized-common
-  kind: PlacementRule
-  apiGroup: apps.open-cluster-management.io
-subjects:
-  - name: policy-site-nw-templatized
-    kind: Policy
-    apiGroup: policy.open-cluster-management.io
----
-apiVersion: apps.open-cluster-management.io/v1
-kind: PlacementRule
-metadata:
-  name: placement-policy-site-nw-templatized-common
-spec:
-  clusterSelector:
-    matchExpressions:
-      - key: local-cluster
-        operator: In
-        values:
-          - 'true'
----
-apiVersion: policy.open-cluster-management.io/v1
 kind: Policy
 metadata:
   name: policy-site-nw-templatized-config
@@ -99,30 +74,4 @@ spec:
                   cluster0002-phc2sysOpts: "-a -r -n 24"
                   cluster0002-resourceName: "du_mh"
                   cluster0002-vlan: "3621"
----
-apiVersion: policy.open-cluster-management.io/v1
-kind: PlacementBinding
-metadata:
-  name: binding-policy-site-nw-templatized-config
-placementRef:
-  name: placement-policy-site-nw-templatized-config
-  kind: PlacementRule
-  apiGroup: apps.open-cluster-management.io
-subjects:
-  - name: policy-site-nw-templatized-config
-    kind: Policy
-    apiGroup: policy.open-cluster-management.io
----
-apiVersion: apps.open-cluster-management.io/v1
-kind: PlacementRule
-metadata:
-  name: placement-policy-site-nw-templatized-config
-spec:
-  clusterSelector:
-    matchExpressions:
-      - key: local-cluster
-        operator: In
-        values:
-          - 'true'
----
 
diff --git a/community/SI-System-and-Information-Integrity/policy-falco-helm.yaml b/community/SI-System-and-Information-Integrity/policy-falco-helm.yaml
@@ -1,9 +1,5 @@
 # Install falco using helm instead of using the operator. 
 
-# You must make sure the PlacementRule for the Policy installs the policy on the
-# Open Cluster Management hub.  The PlacementRule inside the Policy is what determines which clusters
-# falco will be installed on.
-
 # Edit the parameters for the helm chart inside the Subscription resource to
 # customize falco for your needs.  If installing falco on openshift, be aware of
 # the following:
@@ -215,57 +211,4 @@ spec:
                             create: true
                           tolerations:
                           - effect: NoSchedule
-                            key: node-role.kubernetes.io/master
-                  placement:
-                    placementRef:
-                      name: placement-policy-falco-1
-                      kind: PlacementRule
-    - objectDefinition:
-        apiVersion: policy.open-cluster-management.io/v1
-        kind: ConfigurationPolicy
-        metadata:
-          name: policy-falco-placement
-        spec:
-          remediationAction: enforce # the policy-template spec.remediationAction is overridden by the preceding parameter value for spec.remediationAction.
-          severity: high
-          namespaceSelector:
-            exclude: ["kube-*"]
-            include: ["*"]
-          object-templates:
-            - complianceType: musthave
-              objectDefinition:
-                apiVersion: apps.open-cluster-management.io/v1
-                kind: PlacementRule
-                metadata:
-                  name: placement-policy-falco-1
-                  namespace: falco
-                  labels:
-                    app: falco
-                spec:
-                  clusterSelector:
-                    matchLabels:
-                      environment: dev
----
-apiVersion: policy.open-cluster-management.io/v1
-kind: PlacementBinding
-metadata:
-  name: binding-policy-falco-app
-placementRef:
-  name: placement-policy-falco-app
-  kind: PlacementRule
-  apiGroup: apps.open-cluster-management.io
-subjects:
-- name: policy-falco-app
-  kind: Policy
-  apiGroup: policy.open-cluster-management.io
----
-apiVersion: apps.open-cluster-management.io/v1
-kind: PlacementRule
-metadata:
-  name: placement-policy-falco-app
-  labels:
-    app: falco
-spec:
-  clusterSelector:
-    matchLabels:
-      name: local-cluster
+                            key: node-role.kubernetes.io/master