Skip to content

Commit

Permalink
Create a policy to automatically import discovered ROSA clusters
Browse files Browse the repository at this point in the history
This policy monitors DiscoveredCluster resources for ROSA clusters and
configures matching discovered clusters to be automatically imported.
Status is shown for any that have been configured to be automatically
imported.  Filtering by the discovered cluster display name can be
updated in the policy by editing the ConfigMap.

Refs:
 - https://issues.redhat.com/browse/ACM-10304

Signed-off-by: Gus Parvin <[email protected]>
  • Loading branch information
gparvin committed Apr 27, 2024
1 parent f9590a7 commit 572453a
Show file tree
Hide file tree
Showing 2 changed files with 102 additions and 0 deletions.
101 changes: 101 additions & 0 deletions community/CM-Configuration-Management/policy-rosa-autoimport.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
name: policy-rosa-autoimport
annotations:
policy.open-cluster-management.io/standards: NIST SP 800-53
policy.open-cluster-management.io/categories: CM Configuration Management
policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
policy.open-cluster-management.io/description: Discovered clusters that are of
type ROSA can be automatically imported into ACM as managed clusters. This
policy helps you select those managed clusters and configure them so the import
will happen. If you do not want all of your ROSA clusters to be automatically
imported, you can configure filters or add an annotation.
spec:
remediationAction: inform
disabled: false
policy-templates:
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: policy-rosa-autoimport
spec:
remediationAction: inform
severity: low
object-templates-raw: |
- complianceType: musthave
objectDefinition:
apiVersion: v1
kind: ConfigMap
metadata:
name: discovery-config
namespace: open-cluster-management-global-set
data:
rosa-filter: ""
{{- /* find the ROSA DiscoveredClusters */ -}}
{{- range $dc := (lookup "discovery.open-cluster-management.io/v1" "DiscoveredCluster" "" "").items }}
{{- /* Check for the flag that indicates the import should be skipped */ -}}
{{- $skip := "false" -}}
{{- range $key, $value := $dc.metadata.annotations }}
{{- if and (eq $key "discovery.open-cluster-management.io/previously-auto-imported")
(eq $value "true") }}
{{- $skip = "true" }}
{{- end }}
{{- end }}
{{- /* if the type is ROSA and the status is Active */ -}}
{{- if and (eq $dc.spec.status "Active")
(contains (fromConfigMap "open-cluster-management-global-set" "discovery-config" "rosa-filter") $dc.spec.displayName)
(eq $dc.spec.type "ROSA")
(eq $skip "false") }}
- complianceType: musthave
objectDefinition:
apiVersion: discovery.open-cluster-management.io/v1
kind: DiscoveredCluster
metadata:
name: {{ $dc.metadata.name }}
namespace: {{ $dc.metadata.namespace }}
spec:
importAsManagedCluster: true
{{- end }}
{{- end }}
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: policy-rosa-managedcluster-status
spec:
remediationAction: inform
severity: low
object-templates-raw: |
{{- /* Use the same DiscoveredCluster list to check ManagedCluster status */ -}}
{{- range $dc := (lookup "discovery.open-cluster-management.io/v1" "DiscoveredCluster" "" "").items }}
{{- /* Check for the flag that indicates the import should be skipped */ -}}
{{- $skip := "false" -}}
{{- range $key, $value := $dc.metadata.annotations }}
{{- if and (eq $key "discovery.open-cluster-management.io/previously-auto-imported")
(eq $value "true") }}
{{- $skip = "true" }}
{{- end }}
{{- end }}
{{- /* if the type is ROSA and the status is Active */ -}}
{{- if and (eq $dc.spec.status "Active")
(contains (fromConfigMap "open-cluster-management-global-set" "discovery-config" "rosa-filter") $dc.spec.displayName)
(eq $dc.spec.type "ROSA")
(eq $skip "false") }}
- complianceType: musthave
objectDefinition:
apiVersion: cluster.open-cluster-management.io/v1
kind: ManagedCluster
metadata:
name: {{ $dc.spec.displayName }}
namespace: {{ $dc.spec.displayName }}
annotations:
cluster.open-cluster-management.io/clusterset: default
status:
conditions:
- type: ManagedClusterAvailable
status: "True"
{{- end }}
{{- end }}
1 change: 1 addition & 0 deletions community/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,7 @@ Policy | Description | Prerequisites
[Policy to install and configure OADP operator for stateful application backup](./CM-Configuration-Management/acm-app-pv-backup/resources/policies/oadp-hdr-app-install.yaml) | First of 3 policies, used to backup or restore stateful applications on managed clusters. Used to install OADP on managed clusters and configure the connection to the storage location and installed on both backup and restore operations. | For more information, see [ACM Application Backup and Restore policy readme](./CM-Configuration-Management/acm-app-pv-backup/README.md)
[Policy to backup a stateful application with OADP](./CM-Configuration-Management/acm-app-pv-backup/resources/policies/oadp-hdr-app-backup.yaml) | Second of 3 policies, used to backup stateful applications on managed clusters. | For more information, see [ACM Application Backup and Restore policy readme](./CM-Configuration-Management/acm-app-pv-backup/README.md)
[Policy to restore a stateful application with OADP](./CM-Configuration-Management/acm-app-pv-backup/resources/policies/oadp-hdr-app-restore.yaml) | Last of 3 policies, used to restore stateful applications on managed clusters. | For more information, see [ACM Application Backup and Restore policy readme](./CM-Configuration-Management/acm-app-pv-backup/README.md)
[Policy to automatically import ROSA clusters](./CM-Configuration-Management/policy-rosa-autoimport.yaml) | Use this policy to automatically import discovered ROSA clusters as a managed cluster. | By default this policy will configure ROSA discovered clusters to be automatically imported as a managed cluster. Edit the ConfigMap to adjust the discovered cluster filter. Edit the managed cluster resource to change the default ManagedClusterSet the mananged cluster is added to.


### Contingency Planning
Expand Down

0 comments on commit 572453a

Please sign in to comment.