Skip to content

Commit

Permalink
Update framework manifests
Browse files Browse the repository at this point in the history 
Signed-off-by: Dale Haiducek <[email protected]>
  • Loading branch information
@dhaiducek
dhaiducek committed Mar 27, 2024
1 parent efa791a commit be54130
Show file tree
Hide file tree
Showing 9 changed files with 398 additions and 311 deletions.
75 changes: 75 additions & 0 deletions pkg/cmd/install/hubaddon/scenario/addon/policy/addon-controller_clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,16 @@ rules:
- clustermanagementaddons/finalizers
verbs:
- update
- apiGroups:
- addon.open-cluster-management.io
resourceNames:
- config-policy-controller
- governance-policy-framework
resources:
- clustermanagementaddons/status
verbs:
- patch
- update
- apiGroups:
- addon.open-cluster-management.io
resources:
Expand Down Expand Up @@ -93,6 +103,14 @@ rules:
- signers
verbs:
- approve
- apiGroups:
- cluster.open-cluster-management.io
resourceNames:
- id.k8s.io
resources:
- clusterclaims
verbs:
- get
- apiGroups:
- cluster.open-cluster-management.io
resources:
Expand Down Expand Up @@ -147,16 +165,53 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- apiGroups:
- ""
resourceNames:
- governance-policy-database
- policy-encryption-key
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resourceNames:
- open-cluster-management-compliance-history-api-recorder
resources:
- secrets
verbs:
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- apiGroups:
- ""
resourceNames:
- open-cluster-management-compliance-history-api-recorder
resources:
- serviceaccounts
verbs:
- delete
- get
- patch
- update
- apiGroups:
- policy.open-cluster-management.io
resources:
Expand Down Expand Up @@ -192,6 +247,7 @@ rules:
- apiGroups:
- rbac.authorization.k8s.io
resourceNames:
- open-cluster-management:compliance-history-api-recorder
- open-cluster-management:config-policy-controller-hub
- open-cluster-management:policy-framework-hub
resources:
Expand All @@ -210,6 +266,7 @@ rules:
- apiGroups:
- rbac.authorization.k8s.io
resourceNames:
- open-cluster-management:compliance-history-api-recorder
- open-cluster-management:config-policy-controller-hub
- open-cluster-management:policy-framework-hub
resources:
Expand All @@ -219,6 +276,24 @@ rules:
- get
- patch
- update
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- create
- apiGroups:
- route.openshift.io
resourceNames:
- governance-history-api
resources:
- routes
verbs:
- delete
- get
- list
- update
- watch
- apiGroups:
- work.open-cluster-management.io
resources:
Expand Down
12 changes: 0 additions & 12 deletions pkg/cmd/install/hubaddon/scenario/addon/policy/addon-controller_role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,6 @@ metadata:
name: policy-addon-ctrl-leader-election-role
namespace: {{ .Namespace }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
Expand Down
26 changes: 12 additions & 14 deletions ...l/hubaddon/scenario/addon/policy/policy.open-cluster-management.io_placementbindings.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.1
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.14.0
name: placementbindings.policy.open-cluster-management.io
spec:
group: policy.open-cluster-management.io
Expand All @@ -23,9 +22,11 @@ spec:
description: PlacementBinding is the Schema for the placementbindings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
bindingOverrides:
description: BindingOverrides defines the overrides to the Subjects
Expand All @@ -39,9 +40,12 @@ spec:
type: string
type: object
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
Expand Down Expand Up @@ -112,9 +116,3 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
84 changes: 44 additions & 40 deletions ...md/install/hubaddon/scenario/addon/policy/policy.open-cluster-management.io_policies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.1
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.14.0
name: policies.policy.open-cluster-management.io
spec:
group: policy.open-cluster-management.io
Expand Down Expand Up @@ -33,33 +32,38 @@ spec:
description: Policy is the Schema for the policies API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: PolicySpec defines the desired state of Policy
properties:
copyPolicyMetadata:
description: If set to true (default), all the policy's labels and
annotations will be copied to the replicated policy. If set to false,
only the policy framework specific policy labels and annotations
will be copied to the replicated policy.
description: |-
If set to true (default), all the policy's labels and annotations will be copied to the replicated policy.
If set to false, only the policy framework specific policy labels and annotations will be copied to the
replicated policy.
type: boolean
dependencies:
description: PolicyDependencies that apply to each template in this
Policy
items:
description: Each PolicyDependency defines an object reference which
must be in a certain compliance state before the policy should
be created.
description: |-
Each PolicyDependency defines an object reference which must be in a certain compliance
state before the policy should be created.
oneOf:
- properties:
kind:
Expand All @@ -75,10 +79,11 @@ spec:
pattern: ^(?:(?:Certificate|Configuration|Iam)Policy)$
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
compliance:
description: The ComplianceState (at path .status.compliant)
Expand All @@ -89,10 +94,12 @@ spec:
- NonCompliant
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: The name of the object to be checked
Expand All @@ -119,9 +126,9 @@ spec:
description: Additional PolicyDependencies that only apply to
this template
items:
description: Each PolicyDependency defines an object reference
which must be in a certain compliance state before the policy
should be created.
description: |-
Each PolicyDependency defines an object reference which must be in a certain compliance
state before the policy should be created.
oneOf:
- properties:
kind:
Expand All @@ -137,10 +144,11 @@ spec:
pattern: ^(?:(?:Certificate|Configuration|Iam)Policy)$
properties:
apiVersion:
description: 'APIVersion defines the versioned schema
of this representation of an object. Servers should
convert recognized schemas to the latest internal value,
and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
compliance:
description: The ComplianceState (at path .status.compliant)
Expand All @@ -151,10 +159,12 @@ spec:
- NonCompliant
type: string
kind:
description: 'Kind is a string value representing the
REST resource this object represents. Servers may infer
this from the endpoint the client submits requests to.
Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: The name of the object to be checked
Expand Down Expand Up @@ -278,9 +288,3 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
Loading

0 comments on commit be54130

Please sign in to comment.