From 9a77b69d9082bd644baaaf2e2e7f1de951fa4644 Mon Sep 17 00:00:00 2001 From: Alexey Roytman Date: Sun, 18 Nov 2018 10:11:40 +0200 Subject: [PATCH 1/2] remove icp3 from destinations --- mcm/compliance-v0.2.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mcm/compliance-v0.2.yaml b/mcm/compliance-v0.2.yaml index 5459536..3ea0dfe 100644 --- a/mcm/compliance-v0.2.yaml +++ b/mcm/compliance-v0.2.yaml @@ -8,7 +8,7 @@ spec: matchNames: - "icp1" - "icp2" - - "icp3" +# - "icp3" # matchLabels: # cloud: "IBM" # hippa: "true" From f13723b9c900f71555389fb04894ba7a12b68094 Mon Sep 17 00:00:00 2001 From: Alexey Roytman Date: Sun, 18 Nov 2018 10:13:26 +0200 Subject: [PATCH 2/2] remove compliance --- mcm/compliance-v0.2.yaml | 89 ---------------------------------------- 1 file changed, 89 deletions(-) delete mode 100644 mcm/compliance-v0.2.yaml diff --git a/mcm/compliance-v0.2.yaml b/mcm/compliance-v0.2.yaml deleted file mode 100644 index 3ea0dfe..0000000 --- a/mcm/compliance-v0.2.yaml +++ /dev/null @@ -1,89 +0,0 @@ -apiVersion: compliance.mcm.ibm.com/v1alpha1 -kind: Compliance -metadata: - name: compliance1 - namespace: mcm -spec: - clusterSelector: - matchNames: - - "icp1" - - "icp2" -# - "icp3" -# matchLabels: -# cloud: "IBM" -# hippa: "true" -# matchExpressions: -# - key: key1 -# operator: "NotIn" -# values: -# - "cl3" -# - "cl4" -# matchConditions: -# - type: "OK" -# status: "True" - runtime-rules: - - apiVersion: policy.mcm.ibm.com/v1alpha1 - kind: Policy - metadata: - name: policy01 - description: Instance descriptor for policy resource - spec: - remediationAction: "inform" # or inform - namespaces: - include: ["default"] - exclude: ["kube*"] - role-templates: - - kind: RoleTemplate - apiVersion: roletemplate.mcm.ibm.com/v1alpha1 - complianceType: "musthave" # at this level, it means the role must exist with the rules that it musthave below - metadata: - namespace: "" # will be inferred - name: dev - selector: - # matchLabels: - # hipaa: "true" - rules: - - complianceType: "musthave" # at this level, it means if the role exists the rule is a musthave - policyRule: - apiGroups: ["extensions", "apps"] - resources: ["deployments"] - verbs: ["get", "list", "watch", "create", "delete","patch"] - - apiVersion: policy.mcm.ibm.com/v1alpha1 - kind: Policy - metadata: - name: policy02 - description: Instance descriptor for policy resource - spec: - remediationAction: "enforce" # or inform - namespaces: - include: ["default"] - exclude: ["kube*"] - role-templates: - - kind: RoleTemplate - apiVersion: roletemplate.mcm.ibm.com/v1alpha1 - complianceType: "musthave" # at this level, it means the role must exist with the rules that it musthave below - metadata: - namespace: "" # will be inferred - name: operator - selector: - matchLabels: - hipaa: "true" - rules: - - complianceType: "musthave" # at this level, it means if the role exists the rule is a musthave - policyRule: - apiGroups: ["extensions", "apps"] - resources: ["deployments"] - verbs: ["get", "list", "watch", "delete"] - - complianceType: "mustnothave" # at this level, it means if the role exists the rule is a mustnothave - policyRule: - apiGroups: ["core"] - resources: ["pods"] - verbs: ["create", "update", "patch"] - - policyRule: - apiGroups: ["core"] - resources: ["secrets"] - verbs: ["get", "watch", "list", "create", "delete", "update", "patch"] - - - -