diff --git a/compliance-demo/compliance.yaml b/compliance-demo/compliance.yaml new file mode 100644 index 0000000..48c3b6f --- /dev/null +++ b/compliance-demo/compliance.yaml @@ -0,0 +1,29 @@ +apiVersion: compliance.mcm.ibm.com/v1alpha1 +kind: Compliance +metadata: + name: compliance1 + namespace: mcm +spec: + runtime-rules: + - apiVersion: policy.mcm.ibm.com/v1alpha1 + kind: Policy + metadata: + name: policy01 + spec: + remediationAction: "enforce" # or inform + namespaces: + include: ["default"] + exclude: ["kube*"] + role-templates: + - kind: RoleTemplate + apiVersion: roletemplate.mcm.ibm.com/v1alpha1 + complianceType: "musthave" # at this level, it means the role must exist with the rules that it musthave below + metadata: + namespace: "" # will be inferred + name: operator + rules: + - complianceType: "musthave" # at this level, it means if the role exists the rule is a musthave + policyRule: + apiGroups: ["extensions", "apps"] + resources: ["deployments"] + verbs: ["get", "list", "watch", "create", "delete","patch"] diff --git a/compliance-demo/placementBinding.yaml b/compliance-demo/placementBinding.yaml new file mode 100644 index 0000000..0b75714 --- /dev/null +++ b/compliance-demo/placementBinding.yaml @@ -0,0 +1,14 @@ +apiVersion: mcm.ibm.com/v1alpha1 +kind: PlacementPolicy +metadata: + name: placement1 + namespace: mcm +spec: + clusterNames: + - "icp3" +# clusterLabels: +# matchLabels: +# cloud: "IBM" +# clusterConditions: +# - type: "OK" +# status: "True" diff --git a/compliance-demo/placementPolicy.yaml b/compliance-demo/placementPolicy.yaml new file mode 100644 index 0000000..db64c12 --- /dev/null +++ b/compliance-demo/placementPolicy.yaml @@ -0,0 +1,12 @@ +apiVersion: mcm.ibm.com/v1alpha1 +kind: PlacementBinding +metadata: + name: binding1 + namespace: mcm +placementRef: + name: placement1 +subjects: +- name: compliance1 + kind: Compliance +- name: deployable-simple + kind: DestinationPolicy