Skip to content

Commit

Permalink
Delete placementrule and placementbinding manifest
Browse files Browse the repository at this point in the history 
Signed-off-by: yiraeChristineKim <[email protected]>
  • Loading branch information
@yiraeChristineKim @openshift-merge-bot
yiraeChristineKim authored and openshift-merge-bot[bot] committed Aug 12, 2024
1 parent baa1415 commit c52ba30
Show file tree
Hide file tree
Showing 146 changed files with 6 additions and 3,451 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,8 @@ similar script [argoDeploy.sh](deploy/argoDeploy.sh) is provided that does not r
Application Lifecycle addon.

The policies are applied to all managed clusters that are available, and have the `environment` set
to `dev`. If policies need to be applied to another set of clusters, update the
`PlacementRule.spec.clusterSelector.matchExpressions` section in the policies.
to `dev`. If policies need to be applied to another set of clusters, update the
`Placement.spec.predicates.requiredClusterSelector.labelSelector.matchExpressions` section in the policies.

**Note**: As new clusters are added that fit the criteria previously mentioned, the policies are
applied automatically.
Expand Down
22 changes: 0 additions & 22 deletions community/AC-Access-Control/policy-configure-appworkloads-rbac-sample.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,25 +163,3 @@ spec:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: view
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
name: binding-policy-configure-appworkloads-rbac
placementRef:
name: placement-policy-configure-appworkloads-rbac
kind: PlacementRule
apiGroup: apps.open-cluster-management.io
subjects:
- name: policy-configure-appworkloads-rbac
kind: Policy
apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: placement-policy-configure-appworkloads-rbac
spec:
clusterSelector:
matchExpressions:
- {key: environment, operator: In, values: ["dev"]}
22 changes: 0 additions & 22 deletions community/AC-Access-Control/policy-configure-clusterlevel-rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,25 +89,3 @@ spec:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
name: binding-policy-configure-clusterlevel-rbac
placementRef:
name: placement-policy-configure-clusterlevel-rbac
kind: PlacementRule
apiGroup: apps.open-cluster-management.io
subjects:
- name: policy-configure-clusterlevel-rbac
kind: Policy
apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: placement-policy-configure-clusterlevel-rbac
spec:
clusterSelector:
matchExpressions:
- {key: local-cluster, operator: In, values: ['true']}
22 changes: 0 additions & 22 deletions community/AC-Access-Control/policy-gatekeeper-disallow-anonymous.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,25 +99,3 @@ spec:
constraint_kind: K8sDisallowAnonymous
constraint_name: no-anonymous
event_type: violation
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
name: binding-policy-gatekeeper-disallow-anonymous
placementRef:
name: placement-policy-gatekeeper-disallow-anonymous
kind: PlacementRule
apiGroup: apps.open-cluster-management.io
subjects:
- name: policy-gatekeeper-disallow-anonymous
kind: Policy
apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: placement-policy-gatekeeper-disallow-anonymous
spec:
clusterSelector:
matchExpressions:
- {key: environment, operator: In, values: ["dev"]}
25 changes: 0 additions & 25 deletions community/AC-Access-Control/policy-rbac-adminiterpolicies-sample.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,28 +129,3 @@ spec:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
name: binding-policy-rbac-adminiterpolicies
placementRef:
name: placement-policy-rbac-adminiterpolicies
kind: PlacementRule
apiGroup: apps.open-cluster-management.io
subjects:
- name: policy-rbac-adminiterpolicies
kind: Policy
apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: placement-policy-rbac-adminiterpolicies
spec:
clusterSelector:
matchExpressions:
- key: local-cluster
operator: In
values:
- 'true'
22 changes: 0 additions & 22 deletions community/AC-Access-Control/policy-roles-no-wildcards.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,25 +32,3 @@ spec:
- '*'
verbs:
- '*'
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
name: binding-policy-disallowed-roles
placementRef:
name: placement-policy-disallowed-roles
kind: PlacementRule
apiGroup: apps.open-cluster-management.io
subjects:
- name: policy-disallowed-roles
kind: Policy
apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: placement-policy-disallowed-roles
spec:
clusterSelector:
matchExpressions:
- {key: environment, operator: In, values: ["dev"]}
25 changes: 0 additions & 25 deletions community/AU-Audit-and-Accountability/policy-openshift-audit-logs-sample.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,28 +33,3 @@ spec:
- group: system:authenticated
profile: AllRequestBodies
profile: Default
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
name: binding-config-audit
placementRef:
name: placement-config-audit
kind: PlacementRule
apiGroup: apps.open-cluster-management.io
subjects:
- name: policy-config-audit
kind: Policy
apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: placement-config-audit
spec:
clusterSelector:
matchExpressions:
- key: environment
operator: In
values:
- dev
22 changes: 0 additions & 22 deletions community/CA-Security-Assessment-and-Authorization/policy-check-fips.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,25 +39,3 @@ spec:
name: 99-master-fips
spec:
fips: true
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
name: binding-checkfipscompliance
placementRef:
name: placement-checkfipscompliance
kind: PlacementRule
apiGroup: apps.open-cluster-management.io
subjects:
- name: checkfipscompliance
kind: Policy
apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: placement-checkfipscompliance
spec:
clusterSelector:
matchExpressions:
- {key: environment, operator: In, values: ["dev"]}
22 changes: 0 additions & 22 deletions ...CA-Security-Assessment-and-Authorization/policy-compliance-operator-install-upstream.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,25 +92,3 @@ spec:
name: compliance-operator
source: compliance-operator
sourceNamespace: openshift-marketplace
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
name: binding-policy-comp-operator
placementRef:
name: placement-policy-comp-operator
kind: PlacementRule
apiGroup: apps.open-cluster-management.io
subjects:
- name: policy-comp-operator
kind: Policy
apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: placement-policy-comp-operator
spec:
clusterSelector:
matchExpressions:
- {key: vendor, operator: In, values: ["OpenShift"]}
22 changes: 0 additions & 22 deletions community/CM-Configuration-Management/policy-acs-operator-central.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,25 +102,3 @@ spec:
minReplicas: 2
replicas: 3
scannerComponent: Enabled
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
name: binding-policy-advanced-cluster-security-central
placementRef:
name: placement-policy-advanced-cluster-security-central
kind: PlacementRule
apiGroup: apps.open-cluster-management.io
subjects:
- name: policy-advanced-cluster-security-central
kind: Policy
apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: placement-policy-advanced-cluster-security-central
spec:
clusterSelector:
matchExpressions:
- {key: local-cluster, operator: In, values: ["true"]}
23 changes: 0 additions & 23 deletions community/CM-Configuration-Management/policy-acs-operator-secured-clusters.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,26 +102,3 @@ spec:
collector:
collection: EBPF
imageFlavor: Regular
taintToleration: TolerateTaints
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
name: binding-policy-advanced-managed-cluster-security
placementRef:
name: placement-policy-advanced-managed-cluster-security
kind: PlacementRule
apiGroup: apps.open-cluster-management.io
subjects:
- name: policy-advanced-managed-cluster-security
kind: Policy
apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: placement-policy-advanced-managed-cluster-security
spec:
clusterSelector:
matchExpressions:
- {key: vendor, operator: In, values: ["OpenShift"]}
25 changes: 0 additions & 25 deletions community/CM-Configuration-Management/policy-ansible-awx-operator.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,28 +49,3 @@ spec:
source: redhat-operators
sourceNamespace: openshift-marketplace
startingCSV: awx-resource-operator.v0.1.1
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
name: binding-policy-awx-resource-operator
placementRef:
name: placement-policy-awx-resource-operator
kind: PlacementRule
apiGroup: apps.open-cluster-management.io
subjects:
- name: policy-awx-resource-operator
kind: Policy
apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: placement-policy-awx-resource-operator
spec:
clusterSelector:
matchExpressions:
- key: environment
operator: In
values:
- dev
25 changes: 0 additions & 25 deletions community/CM-Configuration-Management/policy-automation-operator.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,28 +129,3 @@ spec:
displayName: Ansible Automation Platform
status:
phase: Succeeded # check the csv status to determine if operator is running or not
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
name: binding-policy-ansible-automation-operator
placementRef:
name: placement-policy-ansible-automation-operator
kind: PlacementRule
apiGroup: apps.open-cluster-management.io
subjects:
- name: policy-ansible-automation-operator
kind: Policy
apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: placement-policy-ansible-automation-operator
spec:
clusterSelector:
matchExpressions:
- key: environment
operator: In
values:
- dev
31 changes: 0 additions & 31 deletions community/CM-Configuration-Management/policy-autoscaler-templatized.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,34 +138,3 @@ spec:
namespace: <POLICIESNS>
spec: # disable is set to true if policy status != complaint else it is set to false ,
disabled: '{{ ne (lookup "policy.open-cluster-management.io/v1" "Policy" "<POLICIESNS>" "policy-autoscaler-templatized-config").status.compliant "Compliant" | print | toBool }}'
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
name: binding-policy-autoscaler-templatized-common
placementRef:
name: placement-policy-autoscaler-templatized-common
kind: PlacementRule
apiGroup: apps.open-cluster-management.io
subjects:
- name: policy-autoscaler-templatized
kind: Policy
apiGroup: policy.open-cluster-management.io
- name: policy-autoscaler-templatized-config
kind: Policy
apiGroup: policy.open-cluster-management.io
- name: policy-autoscaler-templatized-enabler
kind: Policy
apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: placement-policy-autoscaler-templatized-common
spec:
clusterSelector:
matchExpressions:
- key: local-cluster
operator: In
values:
- 'true'
25 changes: 0 additions & 25 deletions community/CM-Configuration-Management/policy-autoscaler.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,28 +48,3 @@ spec:
delayAfterDelete: 5m
delayAfterFailure: 30s
unneededTime: 5m
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
name: binding-policy-autoscaler
placementRef:
name: placement-policy-autoscaler
kind: PlacementRule
apiGroup: apps.open-cluster-management.io
subjects:
- name: policy-autoscaler
kind: Policy
apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: placement-policy-autoscaler
spec:
clusterSelector:
matchExpressions:
- key: environment
operator: In
values:
- 'dev'
Loading

0 comments on commit c52ba30

Please sign in to comment.