diff --git a/README.md b/README.md index 7225b231..570119aa 100644 --- a/README.md +++ b/README.md @@ -50,8 +50,8 @@ similar script [argoDeploy.sh](deploy/argoDeploy.sh) is provided that does not r Application Lifecycle addon. The policies are applied to all managed clusters that are available, and have the `environment` set -to `dev`. If policies need to be applied to another set of clusters, update the -`PlacementRule.spec.clusterSelector.matchExpressions` section in the policies. +to `dev`. If policies need to be applied to another set of clusters, update the +`Placement.spec.predicates.requiredClusterSelector.labelSelector.matchExpressions` section in the policies. **Note**: As new clusters are added that fit the criteria previously mentioned, the policies are applied automatically. diff --git a/community/AC-Access-Control/policy-configure-appworkloads-rbac-sample.yaml b/community/AC-Access-Control/policy-configure-appworkloads-rbac-sample.yaml index 1b984984..ca532412 100644 --- a/community/AC-Access-Control/policy-configure-appworkloads-rbac-sample.yaml +++ b/community/AC-Access-Control/policy-configure-appworkloads-rbac-sample.yaml @@ -163,25 +163,3 @@ spec: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: view ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-configure-appworkloads-rbac -placementRef: - name: placement-policy-configure-appworkloads-rbac - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-configure-appworkloads-rbac - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-configure-appworkloads-rbac -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/AC-Access-Control/policy-configure-clusterlevel-rbac.yaml b/community/AC-Access-Control/policy-configure-clusterlevel-rbac.yaml index c08d56db..4a91da2d 100644 --- a/community/AC-Access-Control/policy-configure-clusterlevel-rbac.yaml +++ b/community/AC-Access-Control/policy-configure-clusterlevel-rbac.yaml @@ -89,25 +89,3 @@ spec: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: admin ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-configure-clusterlevel-rbac -placementRef: - name: placement-policy-configure-clusterlevel-rbac - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-configure-clusterlevel-rbac - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-configure-clusterlevel-rbac -spec: - clusterSelector: - matchExpressions: - - {key: local-cluster, operator: In, values: ['true']} diff --git a/community/AC-Access-Control/policy-gatekeeper-disallow-anonymous.yaml b/community/AC-Access-Control/policy-gatekeeper-disallow-anonymous.yaml index 940501cf..1c520403 100644 --- a/community/AC-Access-Control/policy-gatekeeper-disallow-anonymous.yaml +++ b/community/AC-Access-Control/policy-gatekeeper-disallow-anonymous.yaml @@ -99,25 +99,3 @@ spec: constraint_kind: K8sDisallowAnonymous constraint_name: no-anonymous event_type: violation ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-gatekeeper-disallow-anonymous -placementRef: - name: placement-policy-gatekeeper-disallow-anonymous - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-gatekeeper-disallow-anonymous - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-gatekeeper-disallow-anonymous -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/AC-Access-Control/policy-rbac-adminiterpolicies-sample.yaml b/community/AC-Access-Control/policy-rbac-adminiterpolicies-sample.yaml index c0385e8d..902d2dde 100644 --- a/community/AC-Access-Control/policy-rbac-adminiterpolicies-sample.yaml +++ b/community/AC-Access-Control/policy-rbac-adminiterpolicies-sample.yaml @@ -129,28 +129,3 @@ spec: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: admin ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-rbac-adminiterpolicies -placementRef: - name: placement-policy-rbac-adminiterpolicies - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-rbac-adminiterpolicies - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-rbac-adminiterpolicies -spec: - clusterSelector: - matchExpressions: - - key: local-cluster - operator: In - values: - - 'true' diff --git a/community/AC-Access-Control/policy-roles-no-wildcards.yaml b/community/AC-Access-Control/policy-roles-no-wildcards.yaml index ee9105d0..e0927f06 100644 --- a/community/AC-Access-Control/policy-roles-no-wildcards.yaml +++ b/community/AC-Access-Control/policy-roles-no-wildcards.yaml @@ -32,25 +32,3 @@ spec: - '*' verbs: - '*' ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-disallowed-roles -placementRef: - name: placement-policy-disallowed-roles - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-disallowed-roles - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-disallowed-roles -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/AU-Audit-and-Accountability/policy-openshift-audit-logs-sample.yaml b/community/AU-Audit-and-Accountability/policy-openshift-audit-logs-sample.yaml index 2d2698b1..576c374c 100644 --- a/community/AU-Audit-and-Accountability/policy-openshift-audit-logs-sample.yaml +++ b/community/AU-Audit-and-Accountability/policy-openshift-audit-logs-sample.yaml @@ -33,28 +33,3 @@ spec: - group: system:authenticated profile: AllRequestBodies profile: Default ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-config-audit -placementRef: - name: placement-config-audit - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-config-audit - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-config-audit -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CA-Security-Assessment-and-Authorization/policy-check-fips.yaml b/community/CA-Security-Assessment-and-Authorization/policy-check-fips.yaml index 8d69402f..afab081c 100644 --- a/community/CA-Security-Assessment-and-Authorization/policy-check-fips.yaml +++ b/community/CA-Security-Assessment-and-Authorization/policy-check-fips.yaml @@ -39,25 +39,3 @@ spec: name: 99-master-fips spec: fips: true ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-checkfipscompliance -placementRef: - name: placement-checkfipscompliance - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: checkfipscompliance - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-checkfipscompliance -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CA-Security-Assessment-and-Authorization/policy-compliance-operator-install-upstream.yaml b/community/CA-Security-Assessment-and-Authorization/policy-compliance-operator-install-upstream.yaml index 0f99e72c..4ad8e3f9 100644 --- a/community/CA-Security-Assessment-and-Authorization/policy-compliance-operator-install-upstream.yaml +++ b/community/CA-Security-Assessment-and-Authorization/policy-compliance-operator-install-upstream.yaml @@ -92,25 +92,3 @@ spec: name: compliance-operator source: compliance-operator sourceNamespace: openshift-marketplace ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-comp-operator -placementRef: - name: placement-policy-comp-operator - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-comp-operator - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-comp-operator -spec: - clusterSelector: - matchExpressions: - - {key: vendor, operator: In, values: ["OpenShift"]} diff --git a/community/CM-Configuration-Management/policy-acs-operator-central.yaml b/community/CM-Configuration-Management/policy-acs-operator-central.yaml index 5b05e496..d81b2f54 100644 --- a/community/CM-Configuration-Management/policy-acs-operator-central.yaml +++ b/community/CM-Configuration-Management/policy-acs-operator-central.yaml @@ -102,25 +102,3 @@ spec: minReplicas: 2 replicas: 3 scannerComponent: Enabled ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-advanced-cluster-security-central -placementRef: - name: placement-policy-advanced-cluster-security-central - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-advanced-cluster-security-central - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-advanced-cluster-security-central -spec: - clusterSelector: - matchExpressions: - - {key: local-cluster, operator: In, values: ["true"]} diff --git a/community/CM-Configuration-Management/policy-acs-operator-secured-clusters.yaml b/community/CM-Configuration-Management/policy-acs-operator-secured-clusters.yaml index 148f3318..187d1e0e 100644 --- a/community/CM-Configuration-Management/policy-acs-operator-secured-clusters.yaml +++ b/community/CM-Configuration-Management/policy-acs-operator-secured-clusters.yaml @@ -102,26 +102,3 @@ spec: collector: collection: EBPF imageFlavor: Regular - taintToleration: TolerateTaints ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-advanced-managed-cluster-security -placementRef: - name: placement-policy-advanced-managed-cluster-security - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-advanced-managed-cluster-security - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-advanced-managed-cluster-security -spec: - clusterSelector: - matchExpressions: - - {key: vendor, operator: In, values: ["OpenShift"]} diff --git a/community/CM-Configuration-Management/policy-ansible-awx-operator.yaml b/community/CM-Configuration-Management/policy-ansible-awx-operator.yaml index 6e4dc18a..40cc549b 100644 --- a/community/CM-Configuration-Management/policy-ansible-awx-operator.yaml +++ b/community/CM-Configuration-Management/policy-ansible-awx-operator.yaml @@ -49,28 +49,3 @@ spec: source: redhat-operators sourceNamespace: openshift-marketplace startingCSV: awx-resource-operator.v0.1.1 ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-awx-resource-operator -placementRef: - name: placement-policy-awx-resource-operator - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-awx-resource-operator - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-awx-resource-operator -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CM-Configuration-Management/policy-automation-operator.yaml b/community/CM-Configuration-Management/policy-automation-operator.yaml index 57e0a9c6..a1fa9c84 100644 --- a/community/CM-Configuration-Management/policy-automation-operator.yaml +++ b/community/CM-Configuration-Management/policy-automation-operator.yaml @@ -129,28 +129,3 @@ spec: displayName: Ansible Automation Platform status: phase: Succeeded # check the csv status to determine if operator is running or not ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-ansible-automation-operator -placementRef: - name: placement-policy-ansible-automation-operator - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-ansible-automation-operator - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-ansible-automation-operator -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CM-Configuration-Management/policy-autoscaler-templatized.yaml b/community/CM-Configuration-Management/policy-autoscaler-templatized.yaml index 2d26dc16..652231b7 100644 --- a/community/CM-Configuration-Management/policy-autoscaler-templatized.yaml +++ b/community/CM-Configuration-Management/policy-autoscaler-templatized.yaml @@ -138,34 +138,3 @@ spec: namespace: spec: # disable is set to true if policy status != complaint else it is set to false , disabled: '{{ ne (lookup "policy.open-cluster-management.io/v1" "Policy" "" "policy-autoscaler-templatized-config").status.compliant "Compliant" | print | toBool }}' ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-autoscaler-templatized-common -placementRef: - name: placement-policy-autoscaler-templatized-common - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-autoscaler-templatized - kind: Policy - apiGroup: policy.open-cluster-management.io - - name: policy-autoscaler-templatized-config - kind: Policy - apiGroup: policy.open-cluster-management.io - - name: policy-autoscaler-templatized-enabler - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-autoscaler-templatized-common -spec: - clusterSelector: - matchExpressions: - - key: local-cluster - operator: In - values: - - 'true' diff --git a/community/CM-Configuration-Management/policy-autoscaler.yaml b/community/CM-Configuration-Management/policy-autoscaler.yaml index 090a6492..77dbd939 100644 --- a/community/CM-Configuration-Management/policy-autoscaler.yaml +++ b/community/CM-Configuration-Management/policy-autoscaler.yaml @@ -48,28 +48,3 @@ spec: delayAfterDelete: 5m delayAfterFailure: 30s unneededTime: 5m ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-autoscaler -placementRef: - name: placement-policy-autoscaler - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-autoscaler - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-autoscaler -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - 'dev' diff --git a/community/CM-Configuration-Management/policy-aws-machine-sets.yaml b/community/CM-Configuration-Management/policy-aws-machine-sets.yaml index f7e447d8..4a2c044d 100644 --- a/community/CM-Configuration-Management/policy-aws-machine-sets.yaml +++ b/community/CM-Configuration-Management/policy-aws-machine-sets.yaml @@ -233,25 +233,3 @@ spec: name: worker-user-data versions: kubelet: "" ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-ocs-machinesets -placementRef: - name: placement-policy-ocs-machinesets - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: -- name: policy-ocs-machinesets - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-ocs-machinesets -spec: - clusterSelector: - matchLabels: - local-cluster: 'true' diff --git a/community/CM-Configuration-Management/policy-cert-manager-operator.yaml b/community/CM-Configuration-Management/policy-cert-manager-operator.yaml index 0d2a53d3..0188e5e4 100644 --- a/community/CM-Configuration-Management/policy-cert-manager-operator.yaml +++ b/community/CM-Configuration-Management/policy-cert-manager-operator.yaml @@ -34,25 +34,3 @@ spec: name: cert-manager source: community-operators sourceNamespace: openshift-marketplace ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-cert-manager-operator -placementRef: - name: placement-policy-cert-manager-operator - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-cert-manager-operator - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-cert-manager-operator -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-check-policyreports.yaml b/community/CM-Configuration-Management/policy-check-policyreports.yaml index 0ff29968..4834dde1 100644 --- a/community/CM-Configuration-Management/policy-check-policyreports.yaml +++ b/community/CM-Configuration-Management/policy-check-policyreports.yaml @@ -50,25 +50,3 @@ spec: kind: ClusterPolicyReport results: - result: fail ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-check-policyreports -placementRef: - name: placement-policy-check-policyreports - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-check-policyreports - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-check-policyreports -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-check-reports.yaml b/community/CM-Configuration-Management/policy-check-reports.yaml index 2af33c09..28048478 100644 --- a/community/CM-Configuration-Management/policy-check-reports.yaml +++ b/community/CM-Configuration-Management/policy-check-reports.yaml @@ -50,25 +50,3 @@ spec: kind: ClusterPolicyReport results: - status: fail ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-check-reports -placementRef: - name: placement-policy-check-reports - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-check-reports - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-check-reports -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-cluster-dns-sample.yaml b/community/CM-Configuration-Management/policy-cluster-dns-sample.yaml index 17b0f199..05552265 100644 --- a/community/CM-Configuration-Management/policy-cluster-dns-sample.yaml +++ b/community/CM-Configuration-Management/policy-cluster-dns-sample.yaml @@ -31,25 +31,3 @@ spec: tags: Name: -int kubernetes.io/cluster/-wfpg4: owned ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-config-dns -placementRef: - name: placement-policy-config-dns - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-config-dns - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-config-dns -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-cluster-logforwarder-templatized.yaml b/community/CM-Configuration-Management/policy-cluster-logforwarder-templatized.yaml index 9463d8aa..81b2e5c3 100644 --- a/community/CM-Configuration-Management/policy-cluster-logforwarder-templatized.yaml +++ b/community/CM-Configuration-Management/policy-cluster-logforwarder-templatized.yaml @@ -38,28 +38,3 @@ spec: outputRefs: - audit-logs - default ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-enableclusterlogforwarder-templated -placementRef: - name: placement-policy-enableclusterlogforwarder-templated - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-enableclusterlogforwarder-templated - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-enableclusterlogforwarder-templated -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CM-Configuration-Management/policy-cluster-network-sample.yaml b/community/CM-Configuration-Management/policy-cluster-network-sample.yaml index 52d0a11f..dbd42f2d 100644 --- a/community/CM-Configuration-Management/policy-cluster-network-sample.yaml +++ b/community/CM-Configuration-Management/policy-cluster-network-sample.yaml @@ -42,28 +42,3 @@ spec: proxyArguments: iptables-min-sync-period: - 0s ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-config-network -placementRef: - name: placement-policy-config-network - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-config-network - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-config-network -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CM-Configuration-Management/policy-cluster-proxy-sample.yaml b/community/CM-Configuration-Management/policy-cluster-proxy-sample.yaml index 809c69d6..125f329c 100644 --- a/community/CM-Configuration-Management/policy-cluster-proxy-sample.yaml +++ b/community/CM-Configuration-Management/policy-cluster-proxy-sample.yaml @@ -53,25 +53,3 @@ spec: data: ca-bundle.crt: |- 'CONTENT' ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-config-pod -placementRef: - name: placement-policy-config-pod - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-config-proxy - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-config-pod -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-compliance-operator-high-scan.yaml b/community/CM-Configuration-Management/policy-compliance-operator-high-scan.yaml index f757ec31..df891732 100644 --- a/community/CM-Configuration-Management/policy-compliance-operator-high-scan.yaml +++ b/community/CM-Configuration-Management/policy-compliance-operator-high-scan.yaml @@ -76,25 +76,3 @@ spec: labels: compliance.openshift.io/check-status: FAIL compliance.openshift.io/suite: high ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-high-scan -placementRef: - name: placement-policy-high-scan - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-high-scan - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-high-scan -spec: - clusterSelector: - matchExpressions: - - {key: vendor, operator: In, values: ["OpenShift"]} diff --git a/community/CM-Configuration-Management/policy-compliance-operator-hypershift-hosted-cluster.yaml b/community/CM-Configuration-Management/policy-compliance-operator-hypershift-hosted-cluster.yaml index 5fabb4d9..518ef542 100644 --- a/community/CM-Configuration-Management/policy-compliance-operator-hypershift-hosted-cluster.yaml +++ b/community/CM-Configuration-Management/policy-compliance-operator-hypershift-hosted-cluster.yaml @@ -192,28 +192,3 @@ spec: labels: compliance.openshift.io/check-status: FAIL compliance.openshift.io/suite: cis ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-hypershift-cis-scan -placementRef: - name: hypershift-cis-scan-placement - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-hypershift-scan - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: hypershift-cis-scan-placement -spec: - clusterSelector: - matchExpressions: - - key: name - operator: In - values: - - local-cluster diff --git a/community/CM-Configuration-Management/policy-compliance-operator-moderate-scan.yaml b/community/CM-Configuration-Management/policy-compliance-operator-moderate-scan.yaml index bc679663..25127b6e 100644 --- a/community/CM-Configuration-Management/policy-compliance-operator-moderate-scan.yaml +++ b/community/CM-Configuration-Management/policy-compliance-operator-moderate-scan.yaml @@ -76,25 +76,3 @@ spec: labels: compliance.openshift.io/check-status: FAIL compliance.openshift.io/suite: moderate ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-moderate-scan -placementRef: - name: placement-policy-moderate-scan - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-moderate-scan - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-moderate-scan -spec: - clusterSelector: - matchExpressions: - - {key: vendor, operator: In, values: ["OpenShift"]} diff --git a/community/CM-Configuration-Management/policy-compliance-operator-nerc-cip-scan.yaml b/community/CM-Configuration-Management/policy-compliance-operator-nerc-cip-scan.yaml index 24917e4a..84925b5a 100644 --- a/community/CM-Configuration-Management/policy-compliance-operator-nerc-cip-scan.yaml +++ b/community/CM-Configuration-Management/policy-compliance-operator-nerc-cip-scan.yaml @@ -76,25 +76,3 @@ spec: labels: compliance.openshift.io/check-status: FAIL compliance.openshift.io/suite: nerc-cip ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-nerc-cip-scan -placementRef: - name: placement-policy-nerc-cip-scan - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-nerc-cip-scan - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-nerc-cip-scan -spec: - clusterSelector: - matchExpressions: - - {key: vendor, operator: In, values: ["OpenShift"]} diff --git a/community/CM-Configuration-Management/policy-compliance-operator-pci-dss-scan.yaml b/community/CM-Configuration-Management/policy-compliance-operator-pci-dss-scan.yaml index a905de6d..7c06482d 100644 --- a/community/CM-Configuration-Management/policy-compliance-operator-pci-dss-scan.yaml +++ b/community/CM-Configuration-Management/policy-compliance-operator-pci-dss-scan.yaml @@ -76,25 +76,3 @@ spec: labels: compliance.openshift.io/check-status: FAIL compliance.openshift.io/suite: pci-dss ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-pci-dss-scan -placementRef: - name: placement-policy-pci-dss-scan - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-pci-dss-scan - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-pci-dss-scan -spec: - clusterSelector: - matchExpressions: - - {key: vendor, operator: In, values: ["OpenShift"]} diff --git a/community/CM-Configuration-Management/policy-configure-logforwarding.yaml b/community/CM-Configuration-Management/policy-configure-logforwarding.yaml index aa09fe05..a833d718 100644 --- a/community/CM-Configuration-Management/policy-configure-logforwarding.yaml +++ b/community/CM-Configuration-Management/policy-configure-logforwarding.yaml @@ -57,25 +57,3 @@ spec: outputRefs: - audit-logs - default ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-enableclusterlogforwarder -placementRef: - name: placement-policy-enableclusterlogforwarder - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-enableclusterlogforwarder - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-enableclusterlogforwarder -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-configure-subscription-admin-hub.yaml b/community/CM-Configuration-Management/policy-configure-subscription-admin-hub.yaml index 4d910f26..cd7bdffd 100644 --- a/community/CM-Configuration-Management/policy-configure-subscription-admin-hub.yaml +++ b/community/CM-Configuration-Management/policy-configure-subscription-admin-hub.yaml @@ -63,25 +63,3 @@ spec: - apiGroup: rbac.authorization.k8s.io kind: User name: system:admin ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-configure-subscription-admin-hub -placementRef: - name: placement-policy-configure-subscription-admin-hub - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-configure-subscription-admin-hub - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-configure-subscription-admin-hub -spec: - clusterSelector: - matchExpressions: - - {key: name, operator: In, values: ["local-cluster"]} diff --git a/community/CM-Configuration-Management/policy-continuous-restore-backup-triliovault-for-kubernetes.yaml b/community/CM-Configuration-Management/policy-continuous-restore-backup-triliovault-for-kubernetes.yaml index 60de0015..804a8681 100644 --- a/community/CM-Configuration-Management/policy-continuous-restore-backup-triliovault-for-kubernetes.yaml +++ b/community/CM-Configuration-Management/policy-continuous-restore-backup-triliovault-for-kubernetes.yaml @@ -188,33 +188,3 @@ spec: namespace: '{{hub fromConfigMap "" "tvk-cr-backup-configmap" "backupNS" hub}}' status: status: Available ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: tvk-cr-backup-placement -spec: - clusterSelector: - matchExpressions: - - key: protected-by - operator: In - values: - - triliovault - - key: tvk-continuous-restore-cluster - operator: In - values: - - source ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: tvk-cr-backup-placement -placementRef: - name: tvk-cr-backup-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: tvk-continuous-restore-backup - apiGroup: policy.open-cluster-management.io - kind: Policy - diff --git a/community/CM-Configuration-Management/policy-continuous-restore-event-target-triliovault-for-kubernetes.yaml b/community/CM-Configuration-Management/policy-continuous-restore-event-target-triliovault-for-kubernetes.yaml index ca69bc12..b09c4149 100644 --- a/community/CM-Configuration-Management/policy-continuous-restore-event-target-triliovault-for-kubernetes.yaml +++ b/community/CM-Configuration-Management/policy-continuous-restore-event-target-triliovault-for-kubernetes.yaml @@ -98,33 +98,3 @@ spec: thresholdCapacity: '{{hub fromConfigMap "" "aws-s3-configmap" "thresholdCapacity" hub}}' status: status: Available ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: tvk-cr-event-target-placement -spec: - clusterSelector: - matchExpressions: - - key: protected-by - operator: In - values: - - triliovault - - key: tvk-continuous-restore - operator: In - values: - - enabled ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: tvk-cr-event-target-placement -placementRef: - name: tvk-cr-event-target-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: tvk-continuous-restore-event-target - apiGroup: policy.open-cluster-management.io - kind: Policy - diff --git a/community/CM-Configuration-Management/policy-continuous-restore-triliovault-for-kubernetes.yaml b/community/CM-Configuration-Management/policy-continuous-restore-triliovault-for-kubernetes.yaml index 19ecdc83..f3aa47a3 100644 --- a/community/CM-Configuration-Management/policy-continuous-restore-triliovault-for-kubernetes.yaml +++ b/community/CM-Configuration-Management/policy-continuous-restore-triliovault-for-kubernetes.yaml @@ -88,33 +88,4 @@ spec: skipIfAlreadyExists: true status: status: Completed ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: tvk-cr-restore-placement -spec: - clusterSelector: - matchExpressions: - - key: protected-by - operator: In - values: - - triliovault - - key: tvk-continuous-restore-cluster - operator: In - values: - - target ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: tvk-cr-restore-placement -placementRef: - name: tvk-cr-restore-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: tvk-continuous-restore - apiGroup: policy.open-cluster-management.io - kind: Policy diff --git a/community/CM-Configuration-Management/policy-create-helm-backup-triliovault-for-kubernetes.yaml b/community/CM-Configuration-Management/policy-create-helm-backup-triliovault-for-kubernetes.yaml index fb29ba39..9172cd40 100644 --- a/community/CM-Configuration-Management/policy-create-helm-backup-triliovault-for-kubernetes.yaml +++ b/community/CM-Configuration-Management/policy-create-helm-backup-triliovault-for-kubernetes.yaml @@ -215,29 +215,4 @@ spec: namespace: '{{hub fromConfigMap "" "aws-s3-configmap" "backupNS" hub}}' status: status: Available ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: tvk-helm-backup-placement -spec: - clusterSelector: - matchExpressions: - - key: protected-by - operator: In - values: - - triliovault ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: tvk-helm-backup-placement -placementRef: - name: tvk-helm-backup-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: create-tvk-helm-backup - apiGroup: policy.open-cluster-management.io - kind: Policy diff --git a/community/CM-Configuration-Management/policy-create-label-backup-triliovault-for-kubernetes.yaml b/community/CM-Configuration-Management/policy-create-label-backup-triliovault-for-kubernetes.yaml index b0238064..b13c962a 100644 --- a/community/CM-Configuration-Management/policy-create-label-backup-triliovault-for-kubernetes.yaml +++ b/community/CM-Configuration-Management/policy-create-label-backup-triliovault-for-kubernetes.yaml @@ -219,29 +219,4 @@ spec: namespace: '{{hub fromConfigMap "" "aws-s3-configmap" "backupNS" hub}}' status: status: Available ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: tvk-label-backup-placement -spec: - clusterSelector: - matchExpressions: - - key: protected-by - operator: In - values: - - triliovault ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: tvk-label-backup-placement -placementRef: - name: tvk-label-backup-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: create-tvk-label-backup - apiGroup: policy.open-cluster-management.io - kind: Policy diff --git a/community/CM-Configuration-Management/policy-create-license-triliovault-for-kubernetes-upstream.yaml b/community/CM-Configuration-Management/policy-create-license-triliovault-for-kubernetes-upstream.yaml index 4d3d78eb..1a514ad9 100644 --- a/community/CM-Configuration-Management/policy-create-license-triliovault-for-kubernetes-upstream.yaml +++ b/community/CM-Configuration-Management/policy-create-license-triliovault-for-kubernetes-upstream.yaml @@ -39,32 +39,3 @@ spec: key: xYsNDgwKD3jajZFPj4IwEMXv/RRN9tyEUlxgEw6KzYbIohFwz0M77DZRJPwx67df1MMaMGbn0ENf573pb14+UdN5/0WpoJy/2fabY1Hbsm0SNgidOVZL6JD+VXARmeUxSxCpzeUFHVWwgNYoAqozJ6QTtWt6JHujsGpxh0177xDY5ANM1WEFlUL5U5vmfBvgkutec10SHg81VOeJc7aN4mjNVvlCbhOZyZTFUSiTVLJ3mbDFPI1CkvSHApt1mbdD9F0v4yTF5oRNtBzblgIKbTsuA1cgc7gHzHN8l5VKixJnjnacoVkm9EEFwz3zZ4V2PB8ZF3w4OGpWCBADQiV0wX3kIEh8IzKOD7LdPI+zm4dvw1OPKzCY7OSe3aZv1De0+GStqTrW+OArat+33UDtImuy6gvMJ7D+SSuEGpTpxisM+KtFw03e/gL3OqHJMC0CFHH459/Qe76ztoGQGLcHHWb1X1zYAhUAj0X1sX2KJDgewP/aaCML+WiMJwE=X02gc status: status: Active ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: tvk-license-placement -spec: - clusterSelector: - matchExpressions: - - key: vendor - operator: NotIn - values: - - OpenShift - - key: protected-by - operator: In - values: - - triliovault ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: tvk-license-placement -placementRef: - name: tvk-license-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: add-tvk-license - apiGroup: policy.open-cluster-management.io - kind: Policy diff --git a/community/CM-Configuration-Management/policy-create-ns-backup-triliovault-for-kubernetes-templatized.yaml b/community/CM-Configuration-Management/policy-create-ns-backup-triliovault-for-kubernetes-templatized.yaml index ed2bfe05..9873dfa5 100644 --- a/community/CM-Configuration-Management/policy-create-ns-backup-triliovault-for-kubernetes-templatized.yaml +++ b/community/CM-Configuration-Management/policy-create-ns-backup-triliovault-for-kubernetes-templatized.yaml @@ -222,33 +222,4 @@ spec: backupPlan: name: tvk-{{ `{{request.object.metadata.name}}` }}-backupplan namespace: "{{ `{{request.object.metadata.name}}` }}" ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: policy-kyverno-tvk-create-ns-backup-placement -spec: - clusterSelector: - matchExpressions: - - key: protected-by - operator: In - values: - - triliovault - - key: vendor - operator: In - values: - - OpenShift ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: policy-kyverno-tvk-create-ns-backup-placement -placementRef: - name: policy-kyverno-tvk-create-ns-backup-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: policy-kyverno-tvk-create-ns-backup - apiGroup: policy.open-cluster-management.io - kind: Policy diff --git a/community/CM-Configuration-Management/policy-create-ns-backup-triliovault-for-kubernetes.yaml b/community/CM-Configuration-Management/policy-create-ns-backup-triliovault-for-kubernetes.yaml index c0bb5a52..d959a287 100644 --- a/community/CM-Configuration-Management/policy-create-ns-backup-triliovault-for-kubernetes.yaml +++ b/community/CM-Configuration-Management/policy-create-ns-backup-triliovault-for-kubernetes.yaml @@ -213,33 +213,4 @@ spec: namespace: '{{hub fromConfigMap "" "aws-s3-configmap" "backupNS" hub}}' status: status: Available ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: tvk-backup-placement -spec: - clusterSelector: - matchExpressions: - - key: protected-by - operator: In - values: - - triliovault - - key: vendor - operator: In - values: - - OpenShift ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: tvk-backup-placement -placementRef: - name: tvk-backup-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: create-tvk-backup - apiGroup: policy.open-cluster-management.io - kind: Policy diff --git a/community/CM-Configuration-Management/policy-create-operator-backup-triliovault-for-kubernetes.yaml b/community/CM-Configuration-Management/policy-create-operator-backup-triliovault-for-kubernetes.yaml index 54fb24e6..0e2f791d 100644 --- a/community/CM-Configuration-Management/policy-create-operator-backup-triliovault-for-kubernetes.yaml +++ b/community/CM-Configuration-Management/policy-create-operator-backup-triliovault-for-kubernetes.yaml @@ -228,29 +228,3 @@ spec: namespace: '{{hub fromConfigMap "" "aws-s3-configmap" "backupNS" hub}}' status: status: Available ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: tvk-operator-backup-placement -spec: - clusterSelector: - matchExpressions: - - key: protected-by - operator: In - values: - - triliovault ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: tvk-operator-backup-placement -placementRef: - name: tvk-operator-backup-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: create-tvk-operator-backup - apiGroup: policy.open-cluster-management.io - kind: Policy - diff --git a/community/CM-Configuration-Management/policy-custom-catalog.yaml b/community/CM-Configuration-Management/policy-custom-catalog.yaml index 113c01a5..d1173d66 100644 --- a/community/CM-Configuration-Management/policy-custom-catalog.yaml +++ b/community/CM-Configuration-Management/policy-custom-catalog.yaml @@ -29,28 +29,3 @@ spec: spec: address: acm-custom-registry.open-cluster-management.svc:50051 sourceType: grpc ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-acm-catalogsource -placementRef: - name: placement-policy-acm-catalogsource - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-acm-catalogsource - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-acm-catalogsource -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CM-Configuration-Management/policy-egress-firewall-sample.yaml b/community/CM-Configuration-Management/policy-egress-firewall-sample.yaml index dbb31850..a58a9bc1 100644 --- a/community/CM-Configuration-Management/policy-egress-firewall-sample.yaml +++ b/community/CM-Configuration-Management/policy-egress-firewall-sample.yaml @@ -42,25 +42,3 @@ spec: - type: Deny to: cidrSelector: 0.0.0.0/0 ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-egress-example -placementRef: - name: placement-egress-example - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: egress-example - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-egress-example -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-enable-if-etcd-encrypted-templatized.yaml b/community/CM-Configuration-Management/policy-enable-if-etcd-encrypted-templatized.yaml index 11d10e42..6a5a0465 100644 --- a/community/CM-Configuration-Management/policy-enable-if-etcd-encrypted-templatized.yaml +++ b/community/CM-Configuration-Management/policy-enable-if-etcd-encrypted-templatized.yaml @@ -73,31 +73,3 @@ spec: spec: # disable is set to true if encryption.type != aescbc else it is set to false , disabled: '{{ ne (lookup "config.openshift.io/v1" "APIServer" "" "cluster").spec.encryption.type "aescbc" | print | toBool }}' ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-conditionalsecret-common -placementRef: - name: placement-policy-conditionalsecret-common - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-conditionalsecret - kind: Policy - apiGroup: policy.open-cluster-management.io - - name: policy-conditionalsecret-enabler - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-conditionalsecret-common -spec: - clusterSelector: - matchExpressions: - - key: local-cluster - operator: In - values: - - 'true' diff --git a/community/CM-Configuration-Management/policy-enable-if-ns-exists-templatized.yaml b/community/CM-Configuration-Management/policy-enable-if-ns-exists-templatized.yaml index 15269081..b21d71b6 100644 --- a/community/CM-Configuration-Management/policy-enable-if-ns-exists-templatized.yaml +++ b/community/CM-Configuration-Management/policy-enable-if-ns-exists-templatized.yaml @@ -72,31 +72,3 @@ spec: spec: # disable is set to true if namespace does not exist else it is set to false , disabled: '{{ ne (lookup "v1" "Namespace" "" "test").metadata.name "test" | print | toBool }}' ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-conditionalconfigmap-common -placementRef: - name: placement-policy-conditionalconfigmap-common - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-conditionalconfigmap - kind: Policy - apiGroup: policy.open-cluster-management.io - - name: policy-conditionalconfigmap-enabler - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-conditionalconfigmap-common -spec: - clusterSelector: - matchExpressions: - - key: local-cluster - operator: In - values: - - 'true' diff --git a/community/CM-Configuration-Management/policy-engineering-configmap.yaml b/community/CM-Configuration-Management/policy-engineering-configmap.yaml index 01afdf90..481e30bf 100644 --- a/community/CM-Configuration-Management/policy-engineering-configmap.yaml +++ b/community/CM-Configuration-Management/policy-engineering-configmap.yaml @@ -49,25 +49,3 @@ spec: Company = company prod value Place = Place prod value Country = Country prod value ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-configmap-example -placementRef: - name: placement-configmap-example - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-configmap-example - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-configmap-example -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-engineering-pod-disruption-budget.yaml b/community/CM-Configuration-Management/policy-engineering-pod-disruption-budget.yaml index c9db7dcc..b02cb376 100644 --- a/community/CM-Configuration-Management/policy-engineering-pod-disruption-budget.yaml +++ b/community/CM-Configuration-Management/policy-engineering-pod-disruption-budget.yaml @@ -54,25 +54,3 @@ spec: selector: matchLabels: foo: bar ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-example-pod-disruption-budget -placementRef: - name: placement-policy-example-pod-disruption-budget - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-example-pod-disruption-budget - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-example-pod-disruption-budget -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-etcd-backup.yaml b/community/CM-Configuration-Management/policy-etcd-backup.yaml index 44ee884d..8a35d311 100644 --- a/community/CM-Configuration-Management/policy-etcd-backup.yaml +++ b/community/CM-Configuration-Management/policy-etcd-backup.yaml @@ -240,25 +240,3 @@ spec: remediationAction: inform severity: low remediationAction: inform ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-etcd-backup -placementRef: - name: placement-policy-etcd-backup - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-etcd-backup - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-etcd-backup -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-file-integrity-operator.yaml b/community/CM-Configuration-Management/policy-file-integrity-operator.yaml index 7b85c6b8..3d30bf50 100644 --- a/community/CM-Configuration-Management/policy-file-integrity-operator.yaml +++ b/community/CM-Configuration-Management/policy-file-integrity-operator.yaml @@ -109,25 +109,3 @@ spec: namespace: openshift-file-integrity results: - condition: Failed ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-file-integrity-operator -placementRef: - name: placement-policy-file-integrity-operator - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-file-integrity-operator - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-file-integrity-operator -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-gatekeeper-allowed-external-ips.yaml b/community/CM-Configuration-Management/policy-gatekeeper-allowed-external-ips.yaml index 12ddae1f..7ebcae27 100644 --- a/community/CM-Configuration-Management/policy-gatekeeper-allowed-external-ips.yaml +++ b/community/CM-Configuration-Management/policy-gatekeeper-allowed-external-ips.yaml @@ -103,25 +103,3 @@ spec: constraint_kind: K8sExternalIPs constraint_name: external-ips event_type: violation ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-gatekeeper-allowed-external-ips -placementRef: - name: placement-policy-gatekeeper-allowed-external-ips - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-gatekeeper-allowed-external-ips - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-gatekeeper-allowed-external-ips -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-gatekeeper-annotation-owner.yaml b/community/CM-Configuration-Management/policy-gatekeeper-annotation-owner.yaml index 78048ac4..2f05548f 100644 --- a/community/CM-Configuration-Management/policy-gatekeeper-annotation-owner.yaml +++ b/community/CM-Configuration-Management/policy-gatekeeper-annotation-owner.yaml @@ -35,25 +35,3 @@ spec: parameters: assign: value: "admin" ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-gatekeeper-annotation-owner -placementRef: - name: placement-policy-gatekeeper-annotation-owner - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-gatekeeper-annotation-owner - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-gatekeeper-annotation-owner -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-gatekeeper-config-exclude-namespaces.yaml b/community/CM-Configuration-Management/policy-gatekeeper-config-exclude-namespaces.yaml index 8504a291..ed40ad02 100644 --- a/community/CM-Configuration-Management/policy-gatekeeper-config-exclude-namespaces.yaml +++ b/community/CM-Configuration-Management/policy-gatekeeper-config-exclude-namespaces.yaml @@ -43,25 +43,3 @@ spec: - stackrox processes: - '*' ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-gatekeeper-config-exclude-namespaces -placementRef: - name: placement-policy-gatekeeper-config-exclude-namespaces - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-gatekeeper-config-exclude-namespaces - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-gatekeeper-config-exclude-namespaces -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-gatekeeper-container-image-latest.yaml b/community/CM-Configuration-Management/policy-gatekeeper-container-image-latest.yaml index bf56416e..c873a0f2 100644 --- a/community/CM-Configuration-Management/policy-gatekeeper-container-image-latest.yaml +++ b/community/CM-Configuration-Management/policy-gatekeeper-container-image-latest.yaml @@ -432,25 +432,3 @@ spec: constraint_kind: ContainerImageLatest constraint_name: containerimagelatest event_type: violation ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-gatekeeper-containerimagelatest -placementRef: - name: placement-policy-gatekeeper-containerimagelatest - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-gatekeeper-containerimagelatest - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-gatekeeper-containerimagelatest -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-gatekeeper-container-livenessprobenotset.yaml b/community/CM-Configuration-Management/policy-gatekeeper-container-livenessprobenotset.yaml index 0fb1ea2d..a9c8e82a 100644 --- a/community/CM-Configuration-Management/policy-gatekeeper-container-livenessprobenotset.yaml +++ b/community/CM-Configuration-Management/policy-gatekeeper-container-livenessprobenotset.yaml @@ -432,25 +432,3 @@ spec: constraint_kind: ContainerLivenessprobeNotset constraint_name: containerlivenessprobenotset event_type: violation ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-gatekeeper-containerlivenessprobenotset -placementRef: - name: placement-policy-gatekeeper-containerlivenessprobenotset - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-gatekeeper-containerlivenessprobenotset - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-gatekeeper-containerlivenessprobenotset -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-gatekeeper-container-readinessprobenotset.yaml b/community/CM-Configuration-Management/policy-gatekeeper-container-readinessprobenotset.yaml index e00ee101..34d14973 100644 --- a/community/CM-Configuration-Management/policy-gatekeeper-container-readinessprobenotset.yaml +++ b/community/CM-Configuration-Management/policy-gatekeeper-container-readinessprobenotset.yaml @@ -432,25 +432,3 @@ spec: constraint_kind: ContainerReadinessprobeNotset constraint_name: containerreadinessprobenotset event_type: violation ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-gatekeeper-containerreadinessprobenotset -placementRef: - name: placement-policy-gatekeeper-containerreadinessprobenotset - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-gatekeeper-containerreadinessprobenotset - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-gatekeeper-containerreadinessprobenotset -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-gatekeeper-container-tgps.yaml b/community/CM-Configuration-Management/policy-gatekeeper-container-tgps.yaml index 7744c59b..1b6d5d7a 100644 --- a/community/CM-Configuration-Management/policy-gatekeeper-container-tgps.yaml +++ b/community/CM-Configuration-Management/policy-gatekeeper-container-tgps.yaml @@ -39,25 +39,3 @@ spec: parameters: assign: value: 40 ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-gatekeeper-container-tgps -placementRef: - name: placement-policy-gatekeeper-container-tgps - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-gatekeeper-container-tgps - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-gatekeeper-container-tgps -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-gatekeeper-image-pull-policy.yaml b/community/CM-Configuration-Management/policy-gatekeeper-image-pull-policy.yaml index 60211a27..f3e4abc1 100644 --- a/community/CM-Configuration-Management/policy-gatekeeper-image-pull-policy.yaml +++ b/community/CM-Configuration-Management/policy-gatekeeper-image-pull-policy.yaml @@ -39,25 +39,3 @@ spec: parameters: assign: value: Always ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-gatekeeper-image-pull-policy -placementRef: - name: placement-policy-gatekeeper-image-pull-policy - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-gatekeeper-image-pull-policy - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-gatekeeper-image-pull-policy -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-gatekeeper-sample.yaml b/community/CM-Configuration-Management/policy-gatekeeper-sample.yaml index 98dfdab6..f6b51508 100644 --- a/community/CM-Configuration-Management/policy-gatekeeper-sample.yaml +++ b/community/CM-Configuration-Management/policy-gatekeeper-sample.yaml @@ -101,25 +101,3 @@ spec: constraint_kind: K8sRequiredLabels constraint_name: ns-must-have-gk event_type: violation ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-gatekeeper -placementRef: - name: placement-policy-gatekeeper - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-gatekeeper - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-gatekeeper -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-github-oauth-sample.yaml b/community/CM-Configuration-Management/policy-github-oauth-sample.yaml index 26c121dd..79c679ef 100644 --- a/community/CM-Configuration-Management/policy-github-oauth-sample.yaml +++ b/community/CM-Configuration-Management/policy-github-oauth-sample.yaml @@ -55,25 +55,3 @@ spec: type: Opaque data: clientSecret: PUTSECRETHERE ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-github-oauth -placementRef: - name: placement-policy-github-oauth - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-github-oauth - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-github-oauth -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-idp-operator.yaml b/community/CM-Configuration-Management/policy-idp-operator.yaml index 0aec994a..d4df20c1 100644 --- a/community/CM-Configuration-Management/policy-idp-operator.yaml +++ b/community/CM-Configuration-Management/policy-idp-operator.yaml @@ -54,28 +54,3 @@ spec: remediationAction: inform severity: medium remediationAction: enforce ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-idp-operator -placementRef: - apiGroup: apps.open-cluster-management.io - kind: PlacementRule - name: placement-policy-idp-operator -subjects: - - apiGroup: policy.open-cluster-management.io - kind: Policy - name: policy-idp-operator ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-idp-operator -spec: - clusterSelector: - matchExpressions: - - key: local-cluster - operator: In - values: - - 'true' diff --git a/community/CM-Configuration-Management/policy-idp-sample-github.yaml b/community/CM-Configuration-Management/policy-idp-sample-github.yaml index a36c3992..d85e9a59 100644 --- a/community/CM-Configuration-Management/policy-idp-sample-github.yaml +++ b/community/CM-Configuration-Management/policy-idp-sample-github.yaml @@ -93,28 +93,3 @@ spec: remediationAction: inform severity: medium remediationAction: enforce ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-idp-sample-github -placementRef: - apiGroup: apps.open-cluster-management.io - kind: PlacementRule - name: placement-policy-idp-sample-github -subjects: - - apiGroup: policy.open-cluster-management.io - kind: Policy - name: policy-idp-sample-github ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-idp-sample-github -spec: - clusterSelector: - matchExpressions: - - key: local-cluster - operator: In - values: - - 'true' diff --git a/community/CM-Configuration-Management/policy-image-policy-sample.yaml b/community/CM-Configuration-Management/policy-image-policy-sample.yaml index 4fda3f6d..2a406216 100644 --- a/community/CM-Configuration-Management/policy-image-policy-sample.yaml +++ b/community/CM-Configuration-Management/policy-image-policy-sample.yaml @@ -32,25 +32,3 @@ spec: - registry.redhat.io - registry.access.redhat.com - quay.io ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-image-policy -placementRef: - name: placement-image-policy - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: image-policy - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-image-policy -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-ingress-controller.yaml b/community/CM-Configuration-Management/policy-ingress-controller.yaml index 0cc6bdd7..141d798e 100644 --- a/community/CM-Configuration-Management/policy-ingress-controller.yaml +++ b/community/CM-Configuration-Management/policy-ingress-controller.yaml @@ -36,28 +36,3 @@ spec: operator: Exists - effect: NoExecute operator: Exists ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-ingress-controller -placementRef: - name: placement-policy-ingress-controller - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-ingress-controller - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-ingress-controller -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CM-Configuration-Management/policy-install-triliovault-for-kubernetes.yaml b/community/CM-Configuration-Management/policy-install-triliovault-for-kubernetes.yaml index aff7c1fc..2ebb3f73 100644 --- a/community/CM-Configuration-Management/policy-install-triliovault-for-kubernetes.yaml +++ b/community/CM-Configuration-Management/policy-install-triliovault-for-kubernetes.yaml @@ -146,32 +146,3 @@ spec: remediationAction: inform severity: high remediationAction: enforce ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: install-trilio-placement -spec: - clusterSelector: - matchExpressions: - - key: protected-by - operator: In - values: - - trilio - - key: vendor - operator: In - values: - - OpenShift ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: install-trilio-placement -placementRef: - name: install-trilio-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: install-trilio - apiGroup: policy.open-cluster-management.io - kind: Policy diff --git a/community/CM-Configuration-Management/policy-integrity-shield-events.yaml b/community/CM-Configuration-Management/policy-integrity-shield-events.yaml index 14198ad1..eff53987 100644 --- a/community/CM-Configuration-Management/policy-integrity-shield-events.yaml +++ b/community/CM-Configuration-Management/policy-integrity-shield-events.yaml @@ -35,25 +35,3 @@ spec: annotations: integrityshield.io/eventType: verify-result integrityshield.io/eventResult: deny ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-integrity-shield-events -placementRef: - name: placement-policy-integrity-shield-events - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-integrity-shield-events - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-integrity-shield-events -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-integrity-shield-observer.yaml b/community/CM-Configuration-Management/policy-integrity-shield-observer.yaml index e155f4cd..0b1f56e4 100644 --- a/community/CM-Configuration-Management/policy-integrity-shield-observer.yaml +++ b/community/CM-Configuration-Management/policy-integrity-shield-observer.yaml @@ -30,28 +30,3 @@ spec: integrityshield.io/verifyResourceViolation: "true" remediationAction: inform severity: low ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-integrity-shield-observer -placementRef: - apiGroup: apps.open-cluster-management.io - kind: PlacementRule - name: placement-policy-integrity-shield-observer -subjects: - - apiGroup: policy.open-cluster-management.io - kind: Policy - name: policy-integrity-shield-observer ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-integrity-shield-observer -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CM-Configuration-Management/policy-integrity-shield.yaml b/community/CM-Configuration-Management/policy-integrity-shield.yaml index 2a1df964..bdb7e6cd 100644 --- a/community/CM-Configuration-Management/policy-integrity-shield.yaml +++ b/community/CM-Configuration-Management/policy-integrity-shield.yaml @@ -659,25 +659,3 @@ spec: - users: - system:serviceaccount:open-cluster-management-agent:* - system:serviceaccount:open-cluster-management-agent-addon:* ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-integrity-shield -placementRef: - name: placement-policy-integrity-shield - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-integrity-shield - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-integrity-shield -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-kernel-devel.yaml b/community/CM-Configuration-Management/policy-kernel-devel.yaml index 70a93610..a70d25ee 100644 --- a/community/CM-Configuration-Management/policy-kernel-devel.yaml +++ b/community/CM-Configuration-Management/policy-kernel-devel.yaml @@ -53,25 +53,3 @@ spec: spec: extensions: - kernel-devel ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-kernel-devel -placementRef: - name: placement-policy-kernel-devel - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-kernel-devel - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-kernel-devel -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-kyverno-add-network-policy.yaml b/community/CM-Configuration-Management/policy-kyverno-add-network-policy.yaml index 36f73837..8f3d3fca 100644 --- a/community/CM-Configuration-Management/policy-kyverno-add-network-policy.yaml +++ b/community/CM-Configuration-Management/policy-kyverno-add-network-policy.yaml @@ -62,25 +62,3 @@ spec: policyTypes: - Ingress - Egress ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-kyverno-add-network-policy -placementRef: - name: placement-policy-kyverno-add-network-policy - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-kyverno-add-network-policy - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-kyverno-add-network-policy -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-kyverno-add-quota.yaml b/community/CM-Configuration-Management/policy-kyverno-add-quota.yaml index fa528e29..a8d67622 100644 --- a/community/CM-Configuration-Management/policy-kyverno-add-quota.yaml +++ b/community/CM-Configuration-Management/policy-kyverno-add-quota.yaml @@ -80,25 +80,3 @@ spec: cpu: 200m memory: 256Mi type: Container ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-kyverno-add-quota -placementRef: - name: placement-policy-kyverno-add-quota - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-kyverno-add-quota - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-kyverno-add-quota -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-kyverno-config-exclude-resources.yaml b/community/CM-Configuration-Management/policy-kyverno-config-exclude-resources.yaml index 4f59736d..95528b07 100644 --- a/community/CM-Configuration-Management/policy-kyverno-config-exclude-resources.yaml +++ b/community/CM-Configuration-Management/policy-kyverno-config-exclude-resources.yaml @@ -41,25 +41,3 @@ spec: data: # specify all filters you need to exclude resourceFilters: '[*,kyverno,*][Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][SelfSubjectAccessReview,*,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*][ClusterRole,*,kyverno:*][ClusterRoleBinding,*,kyverno:*][ServiceAccount,kyverno,kyverno][ConfigMap,kyverno,kyverno][ConfigMap,kyverno,kyverno-metrics][Deployment,kyverno,kyverno][Job,kyverno,kyverno-hook-pre-delete][NetworkPolicy,kyverno,kyverno][PodDisruptionBudget,kyverno,kyverno][Role,kyverno,kyverno:*][RoleBinding,kyverno,kyverno:*][Secret,kyverno,kyverno-svc.kyverno.svc.*][Service,kyverno,kyverno-svc][Service,kyverno,kyverno-svc-metrics][ServiceMonitor,kyverno,kyverno-svc-service-monitor][Pod,kyverno,kyverno-test][*,openshift-*,*][*,open-cluster-*,*][*,stackrox,*][*,ansible-automation-platform,*][*,hive,*][*,multicluster-engine,*][*,rhacs-operator,*][*,local-quay,*]' webhooks: '[{"namespaceSelector": {"matchExpressions": [{"key":"kubernetes.io/metadata.name","operator":"NotIn","values":["kyverno"]}]}}]' ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-kyverno-config-exclude-resources -placementRef: - name: placement-policy-kyverno-config-exclude-resources - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-kyverno-config-exclude-resources - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-kyverno-config-exclude-resources -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-kyverno-container-tgps.yaml b/community/CM-Configuration-Management/policy-kyverno-container-tgps.yaml index 002c74e4..12256fdb 100644 --- a/community/CM-Configuration-Management/policy-kyverno-container-tgps.yaml +++ b/community/CM-Configuration-Management/policy-kyverno-container-tgps.yaml @@ -51,25 +51,3 @@ spec: patchStrategicMerge: spec: terminationGracePeriodSeconds: 50 ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-kyverno-container-tgps -placementRef: - name: placement-policy-kyverno-container-tgps - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-kyverno-container-tgps - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-kyverno-container-tgps -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-kyverno-image-pull-policy.yaml b/community/CM-Configuration-Management/policy-kyverno-image-pull-policy.yaml index 44efca20..95458f9d 100644 --- a/community/CM-Configuration-Management/policy-kyverno-image-pull-policy.yaml +++ b/community/CM-Configuration-Management/policy-kyverno-image-pull-policy.yaml @@ -50,25 +50,3 @@ spec: containers: - (name): "?*" imagePullPolicy: Always ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-kyverno-image-pull-policy -placementRef: - name: placement-policy-kyverno-image-pull-policy - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-kyverno-image-pull-policy - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-kyverno-image-pull-policy -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-kyverno-operator.yaml b/community/CM-Configuration-Management/policy-kyverno-operator.yaml index 64825183..ea7f57dc 100644 --- a/community/CM-Configuration-Management/policy-kyverno-operator.yaml +++ b/community/CM-Configuration-Management/policy-kyverno-operator.yaml @@ -291,25 +291,3 @@ spec: webhooksCleanup: enable: false image: 'bitnami/kubectl:latest' ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-kyverno-operator -placementRef: - name: placement-policy-kyverno-operator - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: -- name: policy-kyverno-operator - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-kyverno-operator -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-kyverno-sample.yaml b/community/CM-Configuration-Management/policy-kyverno-sample.yaml index e5de81fe..bf6efc1a 100644 --- a/community/CM-Configuration-Management/policy-kyverno-sample.yaml +++ b/community/CM-Configuration-Management/policy-kyverno-sample.yaml @@ -39,25 +39,3 @@ spec: metadata: labels: app.kubernetes.io/name: "?*" ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-kyverno-sample -placementRef: - name: placement-policy-kyverno-sample - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-kyverno-sample - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-kyverno-sample -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-kyverno-sync-secrets.yaml b/community/CM-Configuration-Management/policy-kyverno-sync-secrets.yaml index 970dd84a..518c6e1e 100644 --- a/community/CM-Configuration-Management/policy-kyverno-sync-secrets.yaml +++ b/community/CM-Configuration-Management/policy-kyverno-sync-secrets.yaml @@ -56,25 +56,3 @@ spec: clone: namespace: default name: regcred ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-kyverno-sync-secrets -placementRef: - name: placement-policy-kyverno-sync-secrets - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-kyverno-sync-secrets - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-kyverno-sync-secrets -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-label-cluster.yaml b/community/CM-Configuration-Management/policy-label-cluster.yaml index 0be6260d..6d9f2a94 100644 --- a/community/CM-Configuration-Management/policy-label-cluster.yaml +++ b/community/CM-Configuration-Management/policy-label-cluster.yaml @@ -29,25 +29,3 @@ spec: name: demo-cluster-label spec: hubAcceptsClient: true ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-label-cluster -placementRef: - name: placement-policy-label-cluster - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-label-cluster - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-label-cluster -spec: - clusterSelector: - matchExpressions: - - {key: name, operator: In, values: ["local-cluster"]} diff --git a/community/CM-Configuration-Management/policy-label-worker-nodes.yaml b/community/CM-Configuration-Management/policy-label-worker-nodes.yaml index 52492d47..3cfcf8aa 100644 --- a/community/CM-Configuration-Management/policy-label-worker-nodes.yaml +++ b/community/CM-Configuration-Management/policy-label-worker-nodes.yaml @@ -45,25 +45,3 @@ spec: ptp/slave: "" name: cnf11-worker-0.dev5.kni.lab.eng.bos.redhat.com severity: low ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-clustercnf10-tag-workers -placementRef: - name: cluster-cnf10 - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-clustercnf10-tag-workers - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: cluster-cnf10 -spec: - clusterSelector: - matchLabels: - name: cnf10 diff --git a/community/CM-Configuration-Management/policy-local-storage-operator.yaml b/community/CM-Configuration-Management/policy-local-storage-operator.yaml index 8a4db95d..8d8970bf 100644 --- a/community/CM-Configuration-Management/policy-local-storage-operator.yaml +++ b/community/CM-Configuration-Management/policy-local-storage-operator.yaml @@ -50,28 +50,3 @@ spec: sourceNamespace: openshift-marketplace remediationAction: enforce severity: low ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-local-storage-operator -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-local-storage-operator -placementRef: - apiGroup: apps.open-cluster-management.io - kind: PlacementRule - name: placement-policy-local-storage-operator -subjects: - - apiGroup: policy.open-cluster-management.io - kind: Policy - name: policy-local-storage-operator diff --git a/community/CM-Configuration-Management/policy-lvm-operator.yaml b/community/CM-Configuration-Management/policy-lvm-operator.yaml index 485d76bd..6ce1f20e 100644 --- a/community/CM-Configuration-Management/policy-lvm-operator.yaml +++ b/community/CM-Configuration-Management/policy-lvm-operator.yaml @@ -76,28 +76,3 @@ spec: overprovisionRatio: 10 remediationAction: enforce severity: low ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-install-odf-lvm-operator -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-install-odf-lvm-operator -placementRef: - apiGroup: apps.open-cluster-management.io - kind: PlacementRule - name: placement-install-odf-lvm-operator -subjects: - - apiGroup: policy.open-cluster-management.io - kind: Policy - name: policy-odf-lvm-operator diff --git a/community/CM-Configuration-Management/policy-machineconfig-chrony.yaml b/community/CM-Configuration-Management/policy-machineconfig-chrony.yaml index 8979a696..4cbc297b 100644 --- a/community/CM-Configuration-Management/policy-machineconfig-chrony.yaml +++ b/community/CM-Configuration-Management/policy-machineconfig-chrony.yaml @@ -39,25 +39,3 @@ spec: remediationAction: enforce severity: low remediationAction: inform ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-add-chrony -placementRef: - name: placement-add-chrony - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: add-chrony - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-add-chrony -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-managedclusterinfo-templatized.yaml b/community/CM-Configuration-Management/policy-managedclusterinfo-templatized.yaml index c40926ed..b7ad0ab7 100644 --- a/community/CM-Configuration-Management/policy-managedclusterinfo-templatized.yaml +++ b/community/CM-Configuration-Management/policy-managedclusterinfo-templatized.yaml @@ -42,25 +42,3 @@ spec: namespace: default remediationAction: inform severity: low ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-managedclusterinfo-templatized -placementRef: - name: placement-policy-managedclusterinfo-templatized - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-managedclusterinfo-templatized - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-managedclusterinfo-templatized -spec: - clusterSelector: - matchExpressions: - - {key: vendor, operator: In, values: ["OpenShift"]} diff --git a/community/CM-Configuration-Management/policy-managedclustersetbinding.yaml b/community/CM-Configuration-Management/policy-managedclustersetbinding.yaml index 07420f47..de4f3f75 100644 --- a/community/CM-Configuration-Management/policy-managedclustersetbinding.yaml +++ b/community/CM-Configuration-Management/policy-managedclustersetbinding.yaml @@ -38,28 +38,3 @@ spec: clusterSet: default remediationAction: enforce severity: low ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-managed-clusterset-binding -spec: - clusterSelector: - matchExpressions: - - key: name - operator: In - values: - - local-cluster ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-managed-clusterset-binding -placementRef: - apiGroup: apps.open-cluster-management.io - kind: PlacementRule - name: placement-policy-managed-clusterset-binding -subjects: - - apiGroup: policy.open-cluster-management.io - kind: Policy - name: policy-managed-clusterset-binding diff --git a/community/CM-Configuration-Management/policy-network-policy-samples.yaml b/community/CM-Configuration-Management/policy-network-policy-samples.yaml index 07c79ed8..988a2eb7 100644 --- a/community/CM-Configuration-Management/policy-network-policy-samples.yaml +++ b/community/CM-Configuration-Management/policy-network-policy-samples.yaml @@ -112,25 +112,3 @@ spec: severity: low remediationAction: inform remediationAction: inform ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-sample-network-policy -placementRef: - name: placement-sample-network-policy - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: sample-network-policy-99 - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-sample-network-policy -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-nginx-deployment-templatized.yaml b/community/CM-Configuration-Management/policy-nginx-deployment-templatized.yaml index e367d61d..41da25e1 100644 --- a/community/CM-Configuration-Management/policy-nginx-deployment-templatized.yaml +++ b/community/CM-Configuration-Management/policy-nginx-deployment-templatized.yaml @@ -57,25 +57,3 @@ spec: value: '{{- fromSecret "open-cluster-management-agent" "hub-kubeconfig-secret" "tls.crt" | base64dec -}}' - name: hub.tls.key value: '{{- fromSecret "open-cluster-management-agent" "hub-kubeconfig-secret" "tls.key" | base64dec -}}' ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-nginx-deployment-templatized -placementRef: - name: placement-policy-nginx-deployment-templatized - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-nginx-deployment-templatized - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-nginx-deployment-templatized -spec: - clusterSelector: - matchExpressions: - - {key: vendor, operator: In, values: ["OpenShift"]} diff --git a/community/CM-Configuration-Management/policy-nginx-deployment.yaml b/community/CM-Configuration-Management/policy-nginx-deployment.yaml index 0c3d13d6..a9840371 100644 --- a/community/CM-Configuration-Management/policy-nginx-deployment.yaml +++ b/community/CM-Configuration-Management/policy-nginx-deployment.yaml @@ -45,25 +45,3 @@ spec: image: 'nginx:1.21.4' ports: - containerPort: 80 ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-deployment -placementRef: - name: placement-policy-deployment - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-deployment - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-deployment -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-oadp.yaml b/community/CM-Configuration-Management/policy-oadp.yaml index 2d8172d7..2606c5f1 100644 --- a/community/CM-Configuration-Management/policy-oadp.yaml +++ b/community/CM-Configuration-Management/policy-oadp.yaml @@ -92,28 +92,3 @@ spec: remediationAction: inform severity: low remediationAction: enforce ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-oadp-operator -placementRef: - apiGroup: apps.open-cluster-management.io - kind: PlacementRule - name: placement-policy-oadp-operator -subjects: - - apiGroup: policy.open-cluster-management.io - kind: Policy - name: policy-oadp-operator ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-oadp-operator -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CM-Configuration-Management/policy-oauth-config.yaml b/community/CM-Configuration-Management/policy-oauth-config.yaml index 10c6cc28..73a0edb5 100644 --- a/community/CM-Configuration-Management/policy-oauth-config.yaml +++ b/community/CM-Configuration-Management/policy-oauth-config.yaml @@ -32,25 +32,3 @@ spec: tokenConfig: accessTokenInactivityTimeout: 10m0s accessTokenMaxAgeSeconds: 28800 ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-oauth-config -placementRef: - name: placement-policy-oauth-config - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-oauth-config - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-oauth-config -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-oauth-htpasswd.yaml b/community/CM-Configuration-Management/policy-oauth-htpasswd.yaml index e43b0659..74df82b0 100644 --- a/community/CM-Configuration-Management/policy-oauth-htpasswd.yaml +++ b/community/CM-Configuration-Management/policy-oauth-htpasswd.yaml @@ -63,28 +63,3 @@ spec: remediationAction: inform severity: high remediationAction: inform ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: policy-oauth-htpasswd-placement -placementRef: - name: policy-oauth-htpasswd-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: policy-oauth-htpasswd - apiGroup: policy.open-cluster-management.io - kind: Policy ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: policy-oauth-htpasswd-placement -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CM-Configuration-Management/policy-oauth-ldapsync.yaml b/community/CM-Configuration-Management/policy-oauth-ldapsync.yaml index f7ba6e79..943b2138 100644 --- a/community/CM-Configuration-Management/policy-oauth-ldapsync.yaml +++ b/community/CM-Configuration-Management/policy-oauth-ldapsync.yaml @@ -273,28 +273,3 @@ spec: remediationAction: inform severity: high remediationAction: inform ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: policy-oauth-ldap-placement -placementRef: - name: policy-oauth-ldap-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: policy-oauth-ldap - apiGroup: policy.open-cluster-management.io - kind: Policy ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: policy-oauth-ldap-placement -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CM-Configuration-Management/policy-oc-client-cronjob.yaml b/community/CM-Configuration-Management/policy-oc-client-cronjob.yaml index 4829ce61..192a465a 100644 --- a/community/CM-Configuration-Management/policy-oc-client-cronjob.yaml +++ b/community/CM-Configuration-Management/policy-oc-client-cronjob.yaml @@ -85,25 +85,3 @@ spec: suspend: false remediationAction: inform severity: low ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-oc-client -placementRef: - name: placement-oc-client - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-oc-client - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-oc-client -spec: - clusterSelector: - matchExpressions: - - {key: vendor, operator: In, values: ["OpenShift"]} diff --git a/community/CM-Configuration-Management/policy-odf.yaml b/community/CM-Configuration-Management/policy-odf.yaml index c02ac280..cc0e1c9d 100644 --- a/community/CM-Configuration-Management/policy-odf.yaml +++ b/community/CM-Configuration-Management/policy-odf.yaml @@ -115,28 +115,3 @@ spec: remediationAction: inform severity: low remediationAction: inform ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-odf-operator -placementRef: - apiGroup: apps.open-cluster-management.io - kind: PlacementRule - name: placement-policy-odf-operator -subjects: - - apiGroup: policy.open-cluster-management.io - kind: Policy - name: policy-odf-operator ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-odf-operator -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CM-Configuration-Management/policy-opa-sample.yaml b/community/CM-Configuration-Management/policy-opa-sample.yaml index c60cc558..c883a211 100644 --- a/community/CM-Configuration-Management/policy-opa-sample.yaml +++ b/community/CM-Configuration-Management/policy-opa-sample.yaml @@ -37,25 +37,3 @@ spec: kind: ConfigMap metadata: name: nopod ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-opa -placementRef: - name: placement-policy-opa - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-opa-sample - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-opa -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-openshift-gitops-policygenerator.yaml b/community/CM-Configuration-Management/policy-openshift-gitops-policygenerator.yaml index 5dadd254..658f2cf2 100644 --- a/community/CM-Configuration-Management/policy-openshift-gitops-policygenerator.yaml +++ b/community/CM-Configuration-Management/policy-openshift-gitops-policygenerator.yaml @@ -113,25 +113,3 @@ spec: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: openshift-gitops-policy-admin ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-openshift-gitops-policygenerator -placementRef: - name: placement-openshift-gitops-policygenerator - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: openshift-gitops-policygenerator - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-openshift-gitops-policygenerator -spec: - clusterSelector: - matchExpressions: - - {key: name, operator: In, values: ["local-cluster"]} diff --git a/community/CM-Configuration-Management/policy-openshift-gitops.yaml b/community/CM-Configuration-Management/policy-openshift-gitops.yaml index 72113c02..d74042c8 100644 --- a/community/CM-Configuration-Management/policy-openshift-gitops.yaml +++ b/community/CM-Configuration-Management/policy-openshift-gitops.yaml @@ -34,25 +34,3 @@ spec: name: openshift-gitops-operator source: redhat-operators sourceNamespace: openshift-marketplace ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-openshift-gitops-installed -placementRef: - name: placement-openshift-gitops-installed - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: openshift-gitops-installed - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-openshift-gitops-installed -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-openshift-serverless.yaml b/community/CM-Configuration-Management/policy-openshift-serverless.yaml index 7a3c54a2..d2eb2257 100644 --- a/community/CM-Configuration-Management/policy-openshift-serverless.yaml +++ b/community/CM-Configuration-Management/policy-openshift-serverless.yaml @@ -91,25 +91,3 @@ spec: metadata: name: knative-serving namespace: knative-serving ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-openshift-serverless -placementRef: - name: placement-policy-openshift-serverless - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-openshift-serverless - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-openshift-serverless -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-openshift-servicemesh.yaml b/community/CM-Configuration-Management/policy-openshift-servicemesh.yaml index dec6128e..3cbb121d 100644 --- a/community/CM-Configuration-Management/policy-openshift-servicemesh.yaml +++ b/community/CM-Configuration-Management/policy-openshift-servicemesh.yaml @@ -271,28 +271,3 @@ spec: remediationAction: inform severity: high remediationAction: inform ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: policy-openshift-servicemesh-placement -placementRef: - name: policy-openshift-servicemesh-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: policy-openshift-servicemesh - apiGroup: policy.open-cluster-management.io - kind: Policy ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: policy-openshift-servicemesh-placement -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CM-Configuration-Management/policy-pao-operator.yaml b/community/CM-Configuration-Management/policy-pao-operator.yaml index 92ffe4ba..50673d9f 100644 --- a/community/CM-Configuration-Management/policy-pao-operator.yaml +++ b/community/CM-Configuration-Management/policy-pao-operator.yaml @@ -73,25 +73,3 @@ spec: nodeSelector: matchLabels: node-role.kubernetes.io/worker-cnf: "" ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-pao -placementRef: - name: placement-policy-pao - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-pao-operator - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-pao -spec: - clusterSelector: - matchExpressions: - - {key: pao, operator: In, values: ["true"]} diff --git a/community/CM-Configuration-Management/policy-persistent-data-management.yaml b/community/CM-Configuration-Management/policy-persistent-data-management.yaml index 9d918755..b334fddf 100644 --- a/community/CM-Configuration-Management/policy-persistent-data-management.yaml +++ b/community/CM-Configuration-Management/policy-persistent-data-management.yaml @@ -108,53 +108,5 @@ spec: image: registry.redhat.io/rhacm2/volsync-mover-restic-rhel8:v0.4 rsync: image: registry.redhat.io/rhacm2/volsync-mover-rsync-rhel8:v0.4 - placement: - placementRef: - name: volsync-placement - kind: PlacementRule remediationAction: enforce severity: low - - objectDefinition: - apiVersion: policy.open-cluster-management.io/v1 - kind: ConfigurationPolicy - metadata: - name: volsync-replication-placement - spec: - object-templates: - - complianceType: musthave - objectDefinition: - apiVersion: apps.open-cluster-management.io/v1 - kind: PlacementRule - metadata: - name: volsync-placement - namespace: volsync-system - labels: - app: volsync - spec: - clusterSelector: - matchLabels: - vendor: OpenShift - remediationAction: enforce - severity: low ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-volsync-policy-app -placementRef: - apiGroup: apps.open-cluster-management.io - kind: PlacementRule - name: placement-volsync-policy-app -subjects: - - apiGroup: policy.open-cluster-management.io - kind: Policy - name: volsync-policy ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-volsync-policy-app -spec: - clusterSelector: - matchLabels: - name: local-cluster diff --git a/community/CM-Configuration-Management/policy-pod-disruption-budget-templatized.yaml b/community/CM-Configuration-Management/policy-pod-disruption-budget-templatized.yaml index 64a07d20..335cac36 100644 --- a/community/CM-Configuration-Management/policy-pod-disruption-budget-templatized.yaml +++ b/community/CM-Configuration-Management/policy-pod-disruption-budget-templatized.yaml @@ -45,25 +45,3 @@ spec: selector: matchLabels: app: nginx ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-pod-disruption-budget-templatized -placementRef: - name: placement-policy-pod-disruption-budget-templatized - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-pod-disruption-budget-templatized - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-pod-disruption-budget-templatized -spec: - clusterSelector: - matchExpressions: - - {key: vendor, operator: In, values: ["OpenShift"]} diff --git a/community/CM-Configuration-Management/policy-proxy-protocol.yaml b/community/CM-Configuration-Management/policy-proxy-protocol.yaml index 85dacf78..a8443d5c 100644 --- a/community/CM-Configuration-Management/policy-proxy-protocol.yaml +++ b/community/CM-Configuration-Management/policy-proxy-protocol.yaml @@ -32,28 +32,3 @@ spec: type: HostNetwork remediationAction: inform severity: low ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: policy-proxy-protocol-placement -spec: - clusterSelector: - matchExpressions: - - key: local-cluster - operator: In - values: - - "true" ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: policy-proxy-protocol-placement -placementRef: - name: policy-proxy-protocol-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: policy-proxy-protocol - apiGroup: policy.open-cluster-management.io - kind: Policy diff --git a/community/CM-Configuration-Management/policy-ptp-operator.yaml b/community/CM-Configuration-Management/policy-ptp-operator.yaml index 7f7931c8..c8bd3887 100644 --- a/community/CM-Configuration-Management/policy-ptp-operator.yaml +++ b/community/CM-Configuration-Management/policy-ptp-operator.yaml @@ -116,25 +116,3 @@ spec: nodeSelector: matchLabels: node-role.kubernetes.io/worker-cnf: "" ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-ptp -placementRef: - name: placement-policy-ptp - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-ptp-operator - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-ptp -spec: - clusterSelector: - matchExpressions: - - {key: ptp, operator: In, values: ["true"]} diff --git a/community/CM-Configuration-Management/policy-resiliency-image-pruner.yaml b/community/CM-Configuration-Management/policy-resiliency-image-pruner.yaml index 34fddda6..45e3893a 100644 --- a/community/CM-Configuration-Management/policy-resiliency-image-pruner.yaml +++ b/community/CM-Configuration-Management/policy-resiliency-image-pruner.yaml @@ -37,28 +37,3 @@ spec: successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 3 logLevel: Normal ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-resiliency-image-pruner -placementRef: - name: placement-policy-resiliency-image-pruner - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-resiliency-image-pruner - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-resiliency-image-pruner -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CM-Configuration-Management/policy-rhoda-operator.yaml b/community/CM-Configuration-Management/policy-rhoda-operator.yaml index f2b6596a..f3f795c3 100644 --- a/community/CM-Configuration-Management/policy-rhoda-operator.yaml +++ b/community/CM-Configuration-Management/policy-rhoda-operator.yaml @@ -65,28 +65,3 @@ spec: remediationAction: inform severity: medium remediationAction: enforce ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-rhoda-operator -placementRef: - apiGroup: apps.open-cluster-management.io - kind: PlacementRule - name: placement-policy-rhoda-operator -subjects: - - apiGroup: policy.open-cluster-management.io - kind: Policy - name: policy-rhoda-operator ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-rhoda-operator -spec: - clusterSelector: - matchExpressions: - - key: local-cluster - operator: In - values: - - 'true' diff --git a/community/CM-Configuration-Management/policy-rhsso-configure-mc-hubresources.yaml b/community/CM-Configuration-Management/policy-rhsso-configure-mc-hubresources.yaml index 8988346f..362395ea 100644 --- a/community/CM-Configuration-Management/policy-rhsso-configure-mc-hubresources.yaml +++ b/community/CM-Configuration-Management/policy-rhsso-configure-mc-hubresources.yaml @@ -94,37 +94,4 @@ spec: metadata: name: rhsso-ca-crt namespace: rhsso - remediationAction: enforce ---- - -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - labels: - app: sso - name: placement-configure-mc-rhsso-hubresources - namespace: rhsso-policies -spec: - clusterSelector: - matchExpressions: - - key: local-cluster - operator: In - values: - - "true" ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - labels: - app: sso - name: binding-configure-mc-rhsso-hubresources - namespace: rhsso-policies -placementRef: - apiGroup: apps.open-cluster-management.io - kind: PlacementRule - name: placement-configure-mc-rhsso-hubresources -subjects: -- apiGroup: policy.open-cluster-management.io - kind: Policy - name: configure-mc-rhsso-hubresources ---- \ No newline at end of file + remediationAction: enforce \ No newline at end of file diff --git a/community/CM-Configuration-Management/policy-rhsso-configure-mc-spokeresources.yaml b/community/CM-Configuration-Management/policy-rhsso-configure-mc-spokeresources.yaml index bcfb6866..5c823834 100644 --- a/community/CM-Configuration-Management/policy-rhsso-configure-mc-spokeresources.yaml +++ b/community/CM-Configuration-Management/policy-rhsso-configure-mc-spokeresources.yaml @@ -87,36 +87,4 @@ spec: issuer: '{{hub (lookup "keycloak.org/v1alpha1" "Keycloak" "rhsso" "rhsso").status.externalURL hub}}/auth/realms/acm' remediationAction: enforce severity: medium - remediationAction: enforce ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - labels: - app: sso - name: placement-configure-mc-rhsso-spokeresources - namespace: rhsso -spec: - clusterSelector: - matchExpressions: - - key: rhsso - operator: In - values: - - "true" ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - labels: - app: sso - name: binding-configure-mc-rhsso-spokeresources - namespace: rhsso -placementRef: - apiGroup: apps.open-cluster-management.io - kind: PlacementRule - name: placement-configure-mc-rhsso-spokeresources -subjects: -- apiGroup: policy.open-cluster-management.io - kind: Policy - name: configure-mc-rhsso-spokeresources ---- \ No newline at end of file + remediationAction: enforce \ No newline at end of file diff --git a/community/CM-Configuration-Management/policy-rhsso-install-operator.yaml b/community/CM-Configuration-Management/policy-rhsso-install-operator.yaml index a9e82131..8034af75 100644 --- a/community/CM-Configuration-Management/policy-rhsso-install-operator.yaml +++ b/community/CM-Configuration-Management/policy-rhsso-install-operator.yaml @@ -56,36 +56,4 @@ spec: startingCSV: rhsso-operator.7.6.2-opr-001 remediationAction: enforce severity: medium - remediationAction: enforce ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - labels: - app: sso - name: placement-install-rhsso-operator - namespace: rhsso-policies -spec: - clusterSelector: - matchExpressions: - - key: local-cluster - operator: In - values: - - "true" ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - labels: - app: sso - name: binding-install-rhsso-operator - namespace: rhsso-policies -placementRef: - apiGroup: apps.open-cluster-management.io - kind: PlacementRule - name: placement-install-rhsso-operator -subjects: -- apiGroup: policy.open-cluster-management.io - kind: Policy - name: install-rhsso-operator ---- \ No newline at end of file + remediationAction: enforce \ No newline at end of file diff --git a/community/CM-Configuration-Management/policy-rhsso-operator.yaml b/community/CM-Configuration-Management/policy-rhsso-operator.yaml index 65c34971..b3fd8eab 100644 --- a/community/CM-Configuration-Management/policy-rhsso-operator.yaml +++ b/community/CM-Configuration-Management/policy-rhsso-operator.yaml @@ -114,26 +114,3 @@ spec: external: enabled: true instances: 1 ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-rhsso-operator -placementRef: - name: placement-policy-rhsso-operator - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-rhsso-operator - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-rhsso-operator -spec: - clusterSelector: - matchExpressions: [] # selects all clusters if not specified - matchLabels: - name: local-cluster diff --git a/community/CM-Configuration-Management/policy-rhsso-setup-for-acm.yaml b/community/CM-Configuration-Management/policy-rhsso-setup-for-acm.yaml index e6398a91..99946c2f 100644 --- a/community/CM-Configuration-Management/policy-rhsso-setup-for-acm.yaml +++ b/community/CM-Configuration-Management/policy-rhsso-setup-for-acm.yaml @@ -72,36 +72,4 @@ spec: realm: acm remediationAction: enforce severity: medium - remediationAction: enforce ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - labels: - app: sso - name: placement-setup-rhsso-for-acm - namespace: rhsso-policies -spec: - clusterSelector: - matchExpressions: - - key: local-cluster - operator: In - values: - - "true" ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - labels: - app: sso - name: binding-setup-rhsso-for-acm - namespace: rhsso-policies -placementRef: - apiGroup: apps.open-cluster-management.io - kind: PlacementRule - name: placement-setup-rhsso-for-acm -subjects: -- apiGroup: policy.open-cluster-management.io - kind: Policy - name: setup-rhsso-for-acm ---- \ No newline at end of file + remediationAction: enforce \ No newline at end of file diff --git a/community/CM-Configuration-Management/policy-scheduler.yaml b/community/CM-Configuration-Management/policy-scheduler.yaml index 4b2d9388..dbbd384a 100644 --- a/community/CM-Configuration-Management/policy-scheduler.yaml +++ b/community/CM-Configuration-Management/policy-scheduler.yaml @@ -29,28 +29,3 @@ spec: mastersSchedulable: false policy: name: '' ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-scheduler -placementRef: - name: placement-policy-scheduler - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-scheduler - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-scheduler -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CM-Configuration-Management/policy-sriov-operator.yaml b/community/CM-Configuration-Management/policy-sriov-operator.yaml index fb1be28a..accdcbdb 100644 --- a/community/CM-Configuration-Management/policy-sriov-operator.yaml +++ b/community/CM-Configuration-Management/policy-sriov-operator.yaml @@ -139,25 +139,3 @@ spec: nodeSelector: matchLabels: node-role.kubernetes.io/worker-cnf: "" ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-sriov -placementRef: - name: placement-policy-sriov - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-sriov-operator - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-sriov -spec: - clusterSelector: - matchExpressions: - - {key: sriov, operator: In, values: ["true"]} diff --git a/community/CM-Configuration-Management/policy-trusted-container.yaml b/community/CM-Configuration-Management/policy-trusted-container.yaml index 7047c582..222e9704 100644 --- a/community/CM-Configuration-Management/policy-trusted-container.yaml +++ b/community/CM-Configuration-Management/policy-trusted-container.yaml @@ -21,25 +21,3 @@ spec: include: ["default"] remediationAction: inform imageRegistry: quay.io ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-trusted-container -placementRef: - name: placement-policy-trusted-container - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-trusted-container - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-trusted-container -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-trusted-node.yaml b/community/CM-Configuration-Management/policy-trusted-node.yaml index 2a1f9f5e..ad7fd644 100644 --- a/community/CM-Configuration-Management/policy-trusted-node.yaml +++ b/community/CM-Configuration-Management/policy-trusted-node.yaml @@ -20,25 +20,3 @@ spec: namespaceSelector: include: ["default"] remediationAction: inform ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-trusted-node -placementRef: - name: placement-policy-trusted-node - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-trusted-node - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-trusted-node -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-update-service-openshift-cluster.yaml b/community/CM-Configuration-Management/policy-update-service-openshift-cluster.yaml index 3c669867..92c25db8 100644 --- a/community/CM-Configuration-Management/policy-update-service-openshift-cluster.yaml +++ b/community/CM-Configuration-Management/policy-update-service-openshift-cluster.yaml @@ -55,25 +55,3 @@ spec: graphDataImage: 'quay.io/openshifttest/cincinnati-graph-data-container:4.6' releases: quay.io/openshift-release-dev/ocp-release replicas: 2 ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-update-service -placementRef: - name: placement-policy-update-service - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-update-service - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-update-service -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-upgrade-openshift-cluster.yaml b/community/CM-Configuration-Management/policy-upgrade-openshift-cluster.yaml index e7b5a1f3..b06c8b3e 100644 --- a/community/CM-Configuration-Management/policy-upgrade-openshift-cluster.yaml +++ b/community/CM-Configuration-Management/policy-upgrade-openshift-cluster.yaml @@ -65,28 +65,3 @@ spec: - status: 'True' type: Degraded remediationAction: inform ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-upgrade-cluster -placementRef: - name: placement-upgrade-cluster - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: upgrade-cluster - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-upgrade-cluster -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CM-Configuration-Management/policy-vsphere-machine-set.yaml b/community/CM-Configuration-Management/policy-vsphere-machine-set.yaml index ca8e404b..6994874e 100644 --- a/community/CM-Configuration-Management/policy-vsphere-machine-set.yaml +++ b/community/CM-Configuration-Management/policy-vsphere-machine-set.yaml @@ -85,28 +85,3 @@ spec: server: pruneObjectBehavior: DeleteIfCreated remediationAction: inform ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: policy-vsphere-machineset-infra-placement -placementRef: - name: policy-vsphere-machineset-infra-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: policy-vsphere-machineset-infra - apiGroup: policy.open-cluster-management.io - kind: Policy ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: policy-vsphere-machineset-infra-placement -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/CM-Configuration-Management/policy-web-terminal-operator.yaml b/community/CM-Configuration-Management/policy-web-terminal-operator.yaml index e85bb125..140cf0d8 100644 --- a/community/CM-Configuration-Management/policy-web-terminal-operator.yaml +++ b/community/CM-Configuration-Management/policy-web-terminal-operator.yaml @@ -38,28 +38,3 @@ spec: remediationAction: inform severity: medium remediationAction: inform ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: policy-web-terminal-operator-placement -spec: - clusterSelector: - matchExpressions: - - key: local-cluster - operator: In - values: - - "true" ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: policy-web-terminal-operator-placement -placementRef: - name: policy-web-terminal-operator-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: policy-web-terminal-operator - apiGroup: policy.open-cluster-management.io - kind: Policy diff --git a/community/CM-Configuration-Management/policy-ztp-node-add-static.yaml b/community/CM-Configuration-Management/policy-ztp-node-add-static.yaml index c2f10c77..781d3b4c 100644 --- a/community/CM-Configuration-Management/policy-ztp-node-add-static.yaml +++ b/community/CM-Configuration-Management/policy-ztp-node-add-static.yaml @@ -89,28 +89,3 @@ spec: remediationAction: inform severity: medium remediationAction: inform ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: policy-ztp-node-add-static-placement -spec: - clusterSelector: - matchExpressions: - - key: local-cluster - operator: In - values: - - "true" ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: policy-ztp-node-add-static-placement -placementRef: - name: policy-ztp-node-add-static-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: policy-ztp-node-add-static - apiGroup: policy.open-cluster-management.io - kind: Policy diff --git a/community/CM-Configuration-Management/policy-ztp-node-add.yaml b/community/CM-Configuration-Management/policy-ztp-node-add.yaml index b5ea964d..a42f45cb 100644 --- a/community/CM-Configuration-Management/policy-ztp-node-add.yaml +++ b/community/CM-Configuration-Management/policy-ztp-node-add.yaml @@ -50,28 +50,3 @@ spec: remediationAction: inform severity: medium remediationAction: inform ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: policy-ztp-node-add-placement -spec: - clusterSelector: - matchExpressions: - - key: local-cluster - operator: In - values: - - "true" ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: policy-ztp-node-add-placement -placementRef: - name: policy-ztp-node-add-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: policy-ztp-node-add - apiGroup: policy.open-cluster-management.io - kind: Policy diff --git a/community/CM-Configuration-Management/policy-zts-cmc-deployment.yaml b/community/CM-Configuration-Management/policy-zts-cmc-deployment.yaml index ecde0f0b..dccd8ef9 100644 --- a/community/CM-Configuration-Management/policy-zts-cmc-deployment.yaml +++ b/community/CM-Configuration-Management/policy-zts-cmc-deployment.yaml @@ -115,25 +115,3 @@ spec: - containerPort: 8080 imagePullSecrets: - name: zts-dockerhub-token ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-deployment-zts-cmc -placementRef: - name: placement-policy-deployment-zts-cmc - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-zts-cmc - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-deployment-zts-cmc -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-zts-xcrypt-deployment.yaml b/community/CM-Configuration-Management/policy-zts-xcrypt-deployment.yaml index 57a1721d..5f8c64ab 100644 --- a/community/CM-Configuration-Management/policy-zts-xcrypt-deployment.yaml +++ b/community/CM-Configuration-Management/policy-zts-xcrypt-deployment.yaml @@ -142,25 +142,3 @@ spec: namespace: zts-xcrypt spec: replicas: 1 ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-zts-xcrypt-deployment -placementRef: - name: placement-policy-zts-xcrypt-deployment - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-zts-xcrypt-deployment - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-zts-xcrypt-deployment -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/policy-zts-xcrypt-rbac.yaml b/community/CM-Configuration-Management/policy-zts-xcrypt-rbac.yaml index caa37b9c..65b32619 100644 --- a/community/CM-Configuration-Management/policy-zts-xcrypt-rbac.yaml +++ b/community/CM-Configuration-Management/policy-zts-xcrypt-rbac.yaml @@ -241,25 +241,3 @@ spec: kind: ClusterRole name: zts-external-attacher-role apiGroup: rbac.authorization.k8s.io ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-zts-xcrypt-rbac -placementRef: - name: placement-policy-zts-xcrypt-rbac - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-zts-xcrypt-rbac - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-zts-xcrypt-rbac -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/CM-Configuration-Management/terminating-configpolicies.yaml b/community/CM-Configuration-Management/terminating-configpolicies.yaml index 8b5e4027..dcb2c396 100644 --- a/community/CM-Configuration-Management/terminating-configpolicies.yaml +++ b/community/CM-Configuration-Management/terminating-configpolicies.yaml @@ -28,31 +28,3 @@ spec: kind: ConfigurationPolicy status: compliant: Terminating ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: terminating-configpolicies-placement - namespace: default -placementRef: - name: terminating-configpolicies-placement - apiGroup: apps.open-cluster-management.io - kind: PlacementRule -subjects: - - name: terminating-configpolicies - apiGroup: policy.open-cluster-management.io - kind: Policy ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: terminating-configpolicies-placement - namespace: default -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev - clusterConditions: [] diff --git a/community/SC-System-and-Communications-Protection/policy-checkclusteroperator.yaml b/community/SC-System-and-Communications-Protection/policy-checkclusteroperator.yaml index 5f286bfd..f6c50833 100644 --- a/community/SC-System-and-Communications-Protection/policy-checkclusteroperator.yaml +++ b/community/SC-System-and-Communications-Protection/policy-checkclusteroperator.yaml @@ -50,25 +50,3 @@ spec: conditions: - status: 'True' type: Degraded ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-checkclusteroperator -placementRef: - name: placement-policy-checkclusteroperator - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-checkclusteroperator - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-checkclusteroperator -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/SC-System-and-Communications-Protection/policy-checknamespaces-terminating.yaml b/community/SC-System-and-Communications-Protection/policy-checknamespaces-terminating.yaml index b9b64274..8fbaf5db 100644 --- a/community/SC-System-and-Communications-Protection/policy-checknamespaces-terminating.yaml +++ b/community/SC-System-and-Communications-Protection/policy-checknamespaces-terminating.yaml @@ -25,28 +25,3 @@ spec: kind: Namespace status: phase: Terminating ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-checknamespaces-terminating -placementRef: - name: placement-checknamespaces-terminating - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-checknamespaces-terminating - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-checknamespaces-terminating -spec: - clusterSelector: - matchExpressions: - - key: environment - operator: In - values: - - dev diff --git a/community/SC-System-and-Communications-Protection/policy-disable-self-provisioner.yaml b/community/SC-System-and-Communications-Protection/policy-disable-self-provisioner.yaml index 2815dd50..4f325d23 100644 --- a/community/SC-System-and-Communications-Protection/policy-disable-self-provisioner.yaml +++ b/community/SC-System-and-Communications-Protection/policy-disable-self-provisioner.yaml @@ -32,25 +32,3 @@ spec: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: self-provisioner ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-remove-self-provisioner -placementRef: - name: placement-remove-self-provisioner - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-remove-self-provisioner - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-remove-self-provisioner -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/SC-System-and-Communications-Protection/policy-ocp4-certs.yaml b/community/SC-System-and-Communications-Protection/policy-ocp4-certs.yaml index 33dfee05..a3d2d26d 100644 --- a/community/SC-System-and-Communications-Protection/policy-ocp4-certs.yaml +++ b/community/SC-System-and-Communications-Protection/policy-ocp4-certs.yaml @@ -94,25 +94,3 @@ spec: remediationAction: inform minimumDuration: 24h severity: low ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-cert-ocp4 -placementRef: - name: placement-policy-cert-ocp4 - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-cert-ocp4 - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-cert-ocp4 -spec: - clusterSelector: - matchExpressions: - - {key: vendor, operator: In, values: ["OpenShift"]} diff --git a/community/SC-System-and-Communications-Protection/policy-remove-kubeadmin.yaml b/community/SC-System-and-Communications-Protection/policy-remove-kubeadmin.yaml index 36bca525..80f55e9c 100644 --- a/community/SC-System-and-Communications-Protection/policy-remove-kubeadmin.yaml +++ b/community/SC-System-and-Communications-Protection/policy-remove-kubeadmin.yaml @@ -27,25 +27,3 @@ spec: name: kubeadmin namespace: kube-system type: Opaque ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-remove-kubeadmin -placementRef: - name: placement-remove-kubeadmin - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-remove-kubeadmin - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-remove-kubeadmin -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/SI-System-and-Information-Integrity/policy-blackduck.yaml b/community/SI-System-and-Information-Integrity/policy-blackduck.yaml index e0cddc86..e91ee0a5 100644 --- a/community/SI-System-and-Information-Integrity/policy-blackduck.yaml +++ b/community/SI-System-and-Information-Integrity/policy-blackduck.yaml @@ -170,26 +170,3 @@ spec: kind: Pod metadata: labels: - com.blackducksoftware.com.pod.overall-status: IN_VIOLATION - namespace: default ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-blackduck-operator -placementRef: - name: placement-blackduck-operator - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: blackduck-operator - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-blackduck-operator -spec: - clusterSelector: - matchExpressions: [] # selects all clusters if not specified diff --git a/community/SI-System-and-Information-Integrity/policy-crowdstrike-falcon-rhmp.yaml b/community/SI-System-and-Information-Integrity/policy-crowdstrike-falcon-rhmp.yaml index c232b97a..bf546bf5 100644 --- a/community/SI-System-and-Information-Integrity/policy-crowdstrike-falcon-rhmp.yaml +++ b/community/SI-System-and-Information-Integrity/policy-crowdstrike-falcon-rhmp.yaml @@ -129,28 +129,3 @@ spec: operator: Exists updateStrategy: type: RollingUpdate ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-crowdstrike-falcon-rhmp -placementRef: - name: placement-policy-crowdstrike-falcon-rhmp - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-crowdstrike-falcon-rhmp - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-crowdstrike-falcon-rhmp -spec: - clusterSelector: - matchExpressions: - - key: Vendor - operator: In - values: - - OpenShift diff --git a/community/SI-System-and-Information-Integrity/policy-falco-auditing.yaml b/community/SI-System-and-Information-Integrity/policy-falco-auditing.yaml index 6d8c35e0..6beb8cff 100644 --- a/community/SI-System-and-Information-Integrity/policy-falco-auditing.yaml +++ b/community/SI-System-and-Information-Integrity/policy-falco-auditing.yaml @@ -78,25 +78,3 @@ spec: apiServerArguments: audit-webhook-config-file: - /var/log/kube-apiserver/webhook-config.yaml ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-falco-auditing -placementRef: - name: placement-policy-falco-auditing - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-falco-auditing - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-falco-auditing -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/SI-System-and-Information-Integrity/policy-falco.yaml b/community/SI-System-and-Information-Integrity/policy-falco.yaml index 54d7fae2..e97e3826 100644 --- a/community/SI-System-and-Information-Integrity/policy-falco.yaml +++ b/community/SI-System-and-Information-Integrity/policy-falco.yaml @@ -106,25 +106,3 @@ spec: name: falco-enforcement namespace: falco-operator spec: {} ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-falco -placementRef: - name: placement-policy-falco - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-falco - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-falco -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/community/SI-System-and-Information-Integrity/policy-sysdig.yaml b/community/SI-System-and-Information-Integrity/policy-sysdig.yaml index 8833e0f3..aaa1601f 100644 --- a/community/SI-System-and-Information-Integrity/policy-sysdig.yaml +++ b/community/SI-System-and-Information-Integrity/policy-sysdig.yaml @@ -103,25 +103,3 @@ spec: sysdig: #Set access key accessKey: "XXX" ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-sysdig -placementRef: - name: placement-policy-sysdig - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-sysdig - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-sysdig -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/stable/AC-Access-Control/policy-role.yaml b/stable/AC-Access-Control/policy-role.yaml index 29e9fb54..75ee3296 100644 --- a/stable/AC-Access-Control/policy-role.yaml +++ b/stable/AC-Access-Control/policy-role.yaml @@ -31,25 +31,3 @@ spec: - apiGroups: ["extensions", "apps"] resources: ["deployments"] verbs: ["get", "list", "watch", "delete", "patch"] ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-role -placementRef: - name: placement-policy-role - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-role - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-role -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/stable/AC-Access-Control/policy-rolebinding.yaml b/stable/AC-Access-Control/policy-rolebinding.yaml index 84b95af2..1cc6f74e 100644 --- a/stable/AC-Access-Control/policy-rolebinding.yaml +++ b/stable/AC-Access-Control/policy-rolebinding.yaml @@ -35,25 +35,3 @@ spec: kind: Role #this must be Role or ClusterRole name: operator # this must match the name of the Role or ClusterRole you wish to bind to apiGroup: rbac.authorization.k8s.io ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-rolebinding -placementRef: - name: placement-policy-rolebinding - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-rolebinding - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-rolebinding -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/stable/CA-Security-Assessment-and-Authorization/policy-compliance-operator-install.yaml b/stable/CA-Security-Assessment-and-Authorization/policy-compliance-operator-install.yaml index 816a45be..414195bb 100644 --- a/stable/CA-Security-Assessment-and-Authorization/policy-compliance-operator-install.yaml +++ b/stable/CA-Security-Assessment-and-Authorization/policy-compliance-operator-install.yaml @@ -90,25 +90,3 @@ spec: displayName: Compliance Operator status: phase: Succeeded # check the csv status to determine if operator is running or not ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-comp-operator -placementRef: - name: placement-policy-comp-operator - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-comp-operator - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-comp-operator -spec: - clusterSelector: - matchExpressions: - - {key: vendor, operator: In, values: ["OpenShift"]} diff --git a/stable/CM-Configuration-Management/policy-compliance-operator-cis-scan.yaml b/stable/CM-Configuration-Management/policy-compliance-operator-cis-scan.yaml index 5ed3e6a2..4bbde8df 100644 --- a/stable/CM-Configuration-Management/policy-compliance-operator-cis-scan.yaml +++ b/stable/CM-Configuration-Management/policy-compliance-operator-cis-scan.yaml @@ -76,25 +76,3 @@ spec: labels: compliance.openshift.io/check-status: FAIL compliance.openshift.io/suite: cis ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-cis-scan -placementRef: - name: placement-policy-cis-scan - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-cis-scan - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-cis-scan -spec: - clusterSelector: - matchExpressions: - - {key: vendor, operator: In, values: ["OpenShift"]} diff --git a/stable/CM-Configuration-Management/policy-compliance-operator-e8-scan.yaml b/stable/CM-Configuration-Management/policy-compliance-operator-e8-scan.yaml index bf16fa72..b2952c37 100644 --- a/stable/CM-Configuration-Management/policy-compliance-operator-e8-scan.yaml +++ b/stable/CM-Configuration-Management/policy-compliance-operator-e8-scan.yaml @@ -76,25 +76,3 @@ spec: labels: compliance.openshift.io/check-status: FAIL compliance.openshift.io/suite: e8 ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-e8-scan -placementRef: - name: placement-policy-e8-scan - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-e8-scan - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-e8-scan -spec: - clusterSelector: - matchExpressions: - - {key: vendor, operator: In, values: ["OpenShift"]} diff --git a/stable/CM-Configuration-Management/policy-gatekeeper-operator-downstream.yaml b/stable/CM-Configuration-Management/policy-gatekeeper-operator-downstream.yaml index b524573f..a8eb2ed0 100644 --- a/stable/CM-Configuration-Management/policy-gatekeeper-operator-downstream.yaml +++ b/stable/CM-Configuration-Management/policy-gatekeeper-operator-downstream.yaml @@ -110,25 +110,3 @@ spec: control-plane: controller-manager status: phase: Running # check the pod status to determine if operator is running or not ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-gatekeeper-operator -placementRef: - name: placement-policy-gatekeeper-operator - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-gatekeeper-operator - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-gatekeeper-operator -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/stable/CM-Configuration-Management/policy-namespace.yaml b/stable/CM-Configuration-Management/policy-namespace.yaml index b697eda2..e6d457f2 100644 --- a/stable/CM-Configuration-Management/policy-namespace.yaml +++ b/stable/CM-Configuration-Management/policy-namespace.yaml @@ -24,26 +24,3 @@ spec: kind: Namespace # must have namespace 'prod' apiVersion: v1 metadata: - name: prod ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-namespace -placementRef: - name: placement-policy-namespace - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-namespace - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-namespace -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/stable/CM-Configuration-Management/policy-pod.yaml b/stable/CM-Configuration-Management/policy-pod.yaml index 50c5cfd5..39fd7707 100644 --- a/stable/CM-Configuration-Management/policy-pod.yaml +++ b/stable/CM-Configuration-Management/policy-pod.yaml @@ -33,25 +33,3 @@ spec: name: nginx ports: - containerPort: 80 ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-pod -placementRef: - name: placement-policy-pod - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-pod - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-pod -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/stable/CM-Configuration-Management/policy-zts-cmc.yaml b/stable/CM-Configuration-Management/policy-zts-cmc.yaml index f8ac263d..3ea86db7 100644 --- a/stable/CM-Configuration-Management/policy-zts-cmc.yaml +++ b/stable/CM-Configuration-Management/policy-zts-cmc.yaml @@ -93,25 +93,3 @@ spec: - containerPort: 8080 imagePullSecrets: - name: zts-dockerhub-token ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-zts-cmc -placementRef: - name: placement-policy-zts-cmc - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-zts-cmc - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-zts-cmc -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/stable/SC-System-and-Communications-Protection/policy-certificate.yaml b/stable/SC-System-and-Communications-Protection/policy-certificate.yaml index 5c525479..72a204b6 100644 --- a/stable/SC-System-and-Communications-Protection/policy-certificate.yaml +++ b/stable/SC-System-and-Communications-Protection/policy-certificate.yaml @@ -21,25 +21,3 @@ spec: remediationAction: inform # the policy-template spec.remediationAction is overridden by the preceding parameter value for spec.remediationAction. severity: low minimumDuration: 300h ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-certificate -placementRef: - name: placement-policy-certificate - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-certificate - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-certificate -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/stable/SC-System-and-Communications-Protection/policy-etcdencryption.yaml b/stable/SC-System-and-Communications-Protection/policy-etcdencryption.yaml index b2d2d471..aa99e69c 100644 --- a/stable/SC-System-and-Communications-Protection/policy-etcdencryption.yaml +++ b/stable/SC-System-and-Communications-Protection/policy-etcdencryption.yaml @@ -47,25 +47,3 @@ spec: conditions: - message: 'All resources encrypted: secrets, configmaps' reason: EncryptionCompleted ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-etcdencryption -placementRef: - name: placement-policy-etcdencryption - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-etcdencryption - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-etcdencryption -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/stable/SC-System-and-Communications-Protection/policy-limitmemory.yaml b/stable/SC-System-and-Communications-Protection/policy-limitmemory.yaml index c8df1b9a..e7bf8bd7 100644 --- a/stable/SC-System-and-Communications-Protection/policy-limitmemory.yaml +++ b/stable/SC-System-and-Communications-Protection/policy-limitmemory.yaml @@ -34,25 +34,3 @@ spec: defaultRequest: memory: 256Mi type: Container ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-limitmemory -placementRef: - name: placement-policy-limitmemory - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-limitmemory - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-limitmemory -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/stable/SC-System-and-Communications-Protection/policy-psp.yaml b/stable/SC-System-and-Communications-Protection/policy-psp.yaml index 958452be..73e1d1e1 100644 --- a/stable/SC-System-and-Communications-Protection/policy-psp.yaml +++ b/stable/SC-System-and-Communications-Protection/policy-psp.yaml @@ -50,25 +50,3 @@ spec: rule: 'RunAsAny' fsGroup: rule: 'RunAsAny' ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-podsecuritypolicy -placementRef: - name: placement-policy-podsecuritypolicy - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-podsecuritypolicy - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-podsecuritypolicy -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/stable/SC-System-and-Communications-Protection/policy-scc.yaml b/stable/SC-System-and-Communications-Protection/policy-scc.yaml index 7f3ee3c2..42a1b845 100644 --- a/stable/SC-System-and-Communications-Protection/policy-scc.yaml +++ b/stable/SC-System-and-Communications-Protection/policy-scc.yaml @@ -57,25 +57,3 @@ spec: - persistentVolumeClaim - projected - secret ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-securitycontextconstraints -placementRef: - name: placement-policy-securitycontextconstraints - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-securitycontextconstraints - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-securitycontextconstraints -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]} diff --git a/stable/SI-System-and-Information-Integrity/policy-imagemanifestvuln.yaml b/stable/SI-System-and-Information-Integrity/policy-imagemanifestvuln.yaml index 739d3ce3..b4d7edf8 100644 --- a/stable/SI-System-and-Information-Integrity/policy-imagemanifestvuln.yaml +++ b/stable/SI-System-and-Information-Integrity/policy-imagemanifestvuln.yaml @@ -67,25 +67,3 @@ spec: objectDefinition: apiVersion: secscan.quay.redhat.com/v1alpha1 kind: ImageManifestVuln # checking for a kind ---- -apiVersion: policy.open-cluster-management.io/v1 -kind: PlacementBinding -metadata: - name: binding-policy-imagemanifestvuln -placementRef: - name: placement-policy-imagemanifestvuln - kind: PlacementRule - apiGroup: apps.open-cluster-management.io -subjects: - - name: policy-imagemanifestvuln - kind: Policy - apiGroup: policy.open-cluster-management.io ---- -apiVersion: apps.open-cluster-management.io/v1 -kind: PlacementRule -metadata: - name: placement-policy-imagemanifestvuln -spec: - clusterSelector: - matchExpressions: - - {key: environment, operator: In, values: ["dev"]}