open-cluster-management.io/governance-policy-propagator@v0.13.0/test/resources/case9_templates/case9-test-policy_encrypted.yaml

open-cluster-management.io/governance-policy-propagator@v0.13.0/test/resources/case9_templates/case9-test-policy_encrypted.yaml (about)

     1  apiVersion: policy.open-cluster-management.io/v1
     2  kind: Policy
     3  metadata:
     4    name: case9-test-policy-encrypted
     5  spec:
     6    remediationAction: inform
     7    disabled: false
     8    policy-templates:
     9      - objectDefinition:
    10          apiVersion: policy.open-cluster-management.io/v1
    11          kind: ConfigurationPolicy
    12          metadata:
    13            name: case9-test-configpolicy
    14          spec:
    15            remediationAction: inform
    16            namespaceSelector:
    17              exclude: ["kube-*"]
    18              include: ["default"]
    19            object-templates:
    20              - complianceType: musthave
    21                objectDefinition:
    22                  kind: ConfigMap
    23                  apiVersion: v1
    24                  metadata:
    25                    name: case9-test-configmap
    26                    namespace: test
    27                  data:
    28                    # Configuration values can be set as key-value properties
    29                    Clustername: '{{hub .ManagedClusterName hub}}'
    30                    Clusterid: '{{ fromClusterClaim id.openshift.io }}'
    31                    Vlanid: |-
    32                      {{hub printf "%s-vlanid" .ManagedClusterName | fromConfigMap "policy-propagator-test" "case9-config" | protect hub}}
    33                    someTopSecretThing: |-
    34                      {{hub fromSecret "policy-propagator-test" "case9-secret" "token" hub}}
    35      - objectDefinition:
    36          apiVersion: policy.open-cluster-management.io/v1
    37          kind: ConfigurationPolicy
    38          metadata:
    39            name: case9-test-configpolicy
    40          spec:
    41            remediationAction: inform
    42            namespaceSelector:
    43              exclude: ["kube-*"]
    44              include: ["default"]
    45            object-templates:
    46              - complianceType: mustnothave
    47                objectDefinition:
    48                  kind: ConfigMap
    49                  apiVersion: v1
    50                  metadata:
    51                    name: case9-test-configmap2
    52                    namespace: test
    53                  data:
    54                    # Configuration values can be set as key-value properties
    55                    thisOtherThing: |-
    56                      {{hub printf "%s" .ManagedClusterName | protect hub}}
    57  ---
    58  apiVersion: policy.open-cluster-management.io/v1
    59  kind: PlacementBinding
    60  metadata:
    61    name: case9-test-policy-encrypted-pb
    62  placementRef:
    63    apiGroup: apps.open-cluster-management.io
    64    kind: PlacementRule
    65    name: case9-test-policy-encrypted-plr
    66  subjects:
    67  - apiGroup: policy.open-cluster-management.io
    68    kind: Policy
    69    name: case9-test-policy-encrypted
    70  ---
    71  apiVersion: apps.open-cluster-management.io/v1
    72  kind: PlacementRule
    73  metadata:
    74    name: case9-test-policy-encrypted-plr
    75  spec:
    76    clusterConditions:
    77    - status: "True"
    78      type: ManagedClusterConditionAvailable
    79    clusterSelector:
    80      matchExpressions:
    81        []
    82  ---
    83  apiVersion: v1
    84  kind: ConfigMap
    85  metadata:
    86    name: case9-config
    87  data:
    88    managed1-vlanid: "123"
    89    managed2-vlanid: "456"
    90  ---
    91  apiVersion: v1
    92  kind: Secret
    93  metadata:
    94    name: case9-secret
    95  data:
    96    token: RG8uCk9yIGRvIG5vdC4KVGhlcmUgaXMgbm8gdHJ5Lgo=