Giter Site home page Giter Site logo

red-hat-demo-use-cases / redhat-advanced-cluster-management-policies Goto Github PK

View Code? Open in Web Editor NEW
0.0 1.0 0.0 35 KB

This is a set of RHACM policies intended for use during demonstrations. Don’t hesitate to use them as bolier plates or take inspiration from them to create your own.

acm advanced-cluster-management demo open-cluster-management openshift redhat

redhat-advanced-cluster-management-policies's Introduction

Red Hat Advanced Cluster Management for Kubernetes governance policies examples

This is a set of RHACM policies intended for use during demonstrations. Don’t hesitate to use them as bolier plates or take inspiration from them to create your own.

Description of the different policies

Install RHACS Operator and Spin a Secured Cluster Instance

(policy-acs-secured-cluster.yaml)

Warning Prior to add this policy, you will need to add the StackRox cluster init bundle secrets into the hub cluster in namespace: openshift-acm-policies

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec quis placerat purus. Aenean viverra est eu finibus fermentum. Duis sit amet tortor vestibulum, lobortis ipsum id, viverra odio. Sed cursus ornare efficitur. Donec nisi ante, fringilla ut pharetra vestibulum, posuere ac lacus. In vitae augue a sem accumsan volutpat. Donec non nisl mollis, egestas leo eu, tincidunt magna. Suspendisse tincidunt, elit porttitor pulvinar tristique, leo justo lobortis quam, quis ornare turpis massa et libero. Aliquam odio velit, volutpat ac ullamcorper nec, dictum at justo. Nullam consectetur ligula vel mollis suscipit.

Check Cert Expiration

(policy-check-certexpiration.yaml)

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec quis placerat purus. Aenean viverra est eu finibus fermentum. Duis sit amet tortor vestibulum, lobortis ipsum id, viverra odio. Sed cursus ornare efficitur. Donec nisi ante, fringilla ut pharetra vestibulum, posuere ac lacus. In vitae augue a sem accumsan volutpat. Donec non nisl mollis, egestas leo eu, tincidunt magna. Suspendisse tincidunt, elit porttitor pulvinar tristique, leo justo lobortis quam, quis ornare turpis massa et libero. Aliquam odio velit, volutpat ac ullamcorper nec, dictum at justo. Nullam consectetur ligula vel mollis suscipit.

Install Compliance Operator

(policy-compliance-operator.yaml)

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec quis placerat purus. Aenean viverra est eu finibus fermentum. Duis sit amet tortor vestibulum, lobortis ipsum id, viverra odio. Sed cursus ornare efficitur. Donec nisi ante, fringilla ut pharetra vestibulum, posuere ac lacus. In vitae augue a sem accumsan volutpat. Donec non nisl mollis, egestas leo eu, tincidunt magna. Suspendisse tincidunt, elit porttitor pulvinar tristique, leo justo lobortis quam, quis ornare turpis massa et libero. Aliquam odio velit, volutpat ac ullamcorper nec, dictum at justo. Nullam consectetur ligula vel mollis suscipit.

Limit Role Binding

(policy-limit-rolebinding.yaml)

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec quis placerat purus. Aenean viverra est eu finibus fermentum. Duis sit amet tortor vestibulum, lobortis ipsum id, viverra odio. Sed cursus ornare efficitur. Donec nisi ante, fringilla ut pharetra vestibulum, posuere ac lacus. In vitae augue a sem accumsan volutpat. Donec non nisl mollis, egestas leo eu, tincidunt magna. Suspendisse tincidunt, elit porttitor pulvinar tristique, leo justo lobortis quam, quis ornare turpis massa et libero. Aliquam odio velit, volutpat ac ullamcorper nec, dictum at justo. Nullam consectetur ligula vel mollis suscipit.

Cluster Must Has Namespace

(policy-musthave-namespace.yaml)

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec quis placerat purus. Aenean viverra est eu finibus fermentum. Duis sit amet tortor vestibulum, lobortis ipsum id, viverra odio. Sed cursus ornare efficitur. Donec nisi ante, fringilla ut pharetra vestibulum, posuere ac lacus. In vitae augue a sem accumsan volutpat. Donec non nisl mollis, egestas leo eu, tincidunt magna. Suspendisse tincidunt, elit porttitor pulvinar tristique, leo justo lobortis quam, quis ornare turpis massa et libero. Aliquam odio velit, volutpat ac ullamcorper nec, dictum at justo. Nullam consectetur ligula vel mollis suscipit.

Network Policy DenyAll by Default

(policy-network-denyall.yaml)

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec quis placerat purus. Aenean viverra est eu finibus fermentum. Duis sit amet tortor vestibulum, lobortis ipsum id, viverra odio. Sed cursus ornare efficitur. Donec nisi ante, fringilla ut pharetra vestibulum, posuere ac lacus. In vitae augue a sem accumsan volutpat. Donec non nisl mollis, egestas leo eu, tincidunt magna. Suspendisse tincidunt, elit porttitor pulvinar tristique, leo justo lobortis quam, quis ornare turpis massa et libero. Aliquam odio velit, volutpat ac ullamcorper nec, dictum at justo. Nullam consectetur ligula vel mollis suscipit.

Push Cetificate in Namespaces

(policy-push-enterpriseCA.yaml)

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec quis placerat purus. Aenean viverra est eu finibus fermentum. Duis sit amet tortor vestibulum, lobortis ipsum id, viverra odio. Sed cursus ornare efficitur. Donec nisi ante, fringilla ut pharetra vestibulum, posuere ac lacus. In vitae augue a sem accumsan volutpat. Donec non nisl mollis, egestas leo eu, tincidunt magna. Suspendisse tincidunt, elit porttitor pulvinar tristique, leo justo lobortis quam, quis ornare turpis massa et libero. Aliquam odio velit, volutpat ac ullamcorper nec, dictum at justo. Nullam consectetur ligula vel mollis suscipit.

Apply Resource Quotas on Namespaces

(policy-tenant-resourcequota.yaml)

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec quis placerat purus. Aenean viverra est eu finibus fermentum. Duis sit amet tortor vestibulum, lobortis ipsum id, viverra odio. Sed cursus ornare efficitur. Donec nisi ante, fringilla ut pharetra vestibulum, posuere ac lacus. In vitae augue a sem accumsan volutpat. Donec non nisl mollis, egestas leo eu, tincidunt magna. Suspendisse tincidunt, elit porttitor pulvinar tristique, leo justo lobortis quam, quis ornare turpis massa et libero. Aliquam odio velit, volutpat ac ullamcorper nec, dictum at justo. Nullam consectetur ligula vel mollis suscipit.

PolicySet and Placement Rules (policyset-and-placement.yaml)

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec quis placerat purus. Aenean viverra est eu finibus fermentum. Duis sit amet tortor vestibulum, lobortis ipsum id, viverra odio. Sed cursus ornare efficitur. Donec nisi ante, fringilla ut pharetra vestibulum, posuere ac lacus. In vitae augue a sem accumsan volutpat. Donec non nisl mollis, egestas leo eu, tincidunt magna. Suspendisse tincidunt, elit porttitor pulvinar tristique, leo justo lobortis quam, quis ornare turpis massa et libero. Aliquam odio velit, volutpat ac ullamcorper nec, dictum at justo. Nullam consectetur ligula vel mollis suscipit.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.