Skip to content

Instantly share code, notes, and snippets.

@JustinKuli

JustinKuli/#PolicyOrderingWithGenerator.md

Last active April 20, 2023 15:01
Show Gist options
  • Save JustinKuli/74925db4e885a4f1cf3dbc86a7c6d9f6 to your computer and use it in GitHub Desktop.
Save JustinKuli/74925db4e885a4f1cf3dbc86a7c6d9f6 to your computer and use it in GitHub Desktop.
Download ZIP
An example of ordering policies with the policy generator
Raw
#PolicyOrderingWithGenerator.md
Raw
policyGenerator.yaml
apiVersion: policy.open-cluster-management.io/v1
kind: PolicyGenerator
metadata:
name: blog-generator
policyDefaults:
categories: []
controls: []
standards: []
namespace: default
consolidateManifests: false
orderManifests: true
orderPolicies: true
generatePolicyPlacement: false
policies:
- name: myapp-strimzi-operator
manifests:
- path: "./strimzi_operatorgroup.yaml"
- path: "./strimzi_subscription.yaml"
- path: "./strimzi_csv-check.yaml"
- name: myapp-kafka
manifests:
- path: "./z_kafka.yaml"
Raw
strimzi_csv-check.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: ClusterServiceVersion
metadata:
namespace: myapp
spec:
displayName: Strimzi
status:
phase: Succeeded
reason: InstallSucceeded
Raw
strimzi_operatorgroup.yaml
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: myapp-strimzi
namespace: myapp
spec:
targetNamespaces:
- myapp
upgradeStrategy: Default
Raw
strimzi_subscription.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: strimzi-kafka-operator
namespace: myapp
spec:
channel: stable
installPlanApproval: Automatic
name: strimzi-kafka-operator
source: community-operators
sourceNamespace: openshift-marketplace
startingCSV: strimzi-cluster-operator.v0.32.0
Raw
z_kafka.yaml
apiVersion: kafka.strimzi.io/v1beta2
kind: Kafka
metadata:
name: my-cluster
namespace: myapp
spec:
kafka:
config:
offsets.topic.replication.factor: 3
transaction.state.log.replication.factor: 3
transaction.state.log.min.isr: 2
default.replication.factor: 3
min.insync.replicas: 2
inter.broker.protocol.version: "3.3"
storage:
type: ephemeral
listeners:
- name: plain
port: 9092
type: internal
tls: false
- name: tls
port: 9093
type: internal
tls: true
version: 3.3.1
replicas: 3
entityOperator:
topicOperator: {}
userOperator: {}
zookeeper:
storage:
type: ephemeral
replicas: 3
Raw
zz_out.yaml
---
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
annotations:
policy.open-cluster-management.io/categories: ""
policy.open-cluster-management.io/controls: ""
policy.open-cluster-management.io/standards: ""
name: myapp-strimzi-operator
namespace: default
spec:
disabled: false
policy-templates:
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: myapp-strimzi-operator
spec:
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: myapp-strimzi
namespace: myapp
spec:
targetNamespaces:
- myapp
upgradeStrategy: Default
remediationAction: inform
severity: low
- extraDependencies:
- apiVersion: policy.open-cluster-management.io/v1
compliance: Compliant
kind: ConfigurationPolicy
name: myapp-strimzi-operator
objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: myapp-strimzi-operator2
spec:
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: strimzi-kafka-operator
namespace: myapp
spec:
channel: stable
installPlanApproval: Automatic
name: strimzi-kafka-operator
source: community-operators
sourceNamespace: openshift-marketplace
startingCSV: strimzi-cluster-operator.v0.32.0
remediationAction: inform
severity: low
- extraDependencies:
- apiVersion: policy.open-cluster-management.io/v1
compliance: Compliant
kind: ConfigurationPolicy
name: myapp-strimzi-operator2
objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: myapp-strimzi-operator3
spec:
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: operators.coreos.com/v1alpha1
kind: ClusterServiceVersion
metadata:
namespace: myapp
spec:
displayName: Strimzi
status:
phase: Succeeded
reason: InstallSucceeded
remediationAction: inform
severity: low
remediationAction: inform
---
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
annotations:
policy.open-cluster-management.io/categories: ""
policy.open-cluster-management.io/controls: ""
policy.open-cluster-management.io/standards: ""
name: myapp-kafka
namespace: default
spec:
dependencies:
- apiVersion: policy.open-cluster-management.io/v1
compliance: Compliant
kind: Policy
name: myapp-strimzi-operator
namespace: default
disabled: false
policy-templates:
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: myapp-kafka
spec:
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: kafka.strimzi.io/v1beta2
kind: Kafka
metadata:
name: my-cluster
namespace: myapp
spec:
entityOperator:
topicOperator: {}
userOperator: {}
kafka:
config:
default.replication.factor: 3
inter.broker.protocol.version: "3.3"
min.insync.replicas: 2
offsets.topic.replication.factor: 3
transaction.state.log.min.isr: 2
transaction.state.log.replication.factor: 3
listeners:
- name: plain
port: 9092
tls: false
type: internal
- name: tls
port: 9093
tls: true
type: internal
replicas: 3
storage:
type: ephemeral
version: 3.3.1
zookeeper:
replicas: 3
storage:
type: ephemeral
remediationAction: inform
severity: low
remediationAction: inform
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment