Skip to content

Latest commit

 

History

History
17 lines (14 loc) · 3.66 KB

File metadata and controls

17 lines (14 loc) · 3.66 KB

PolicySets -- Community

PolicySets in this folder are organized by name. Each PolicySet requires the policy generator for deployment. See the Policy Generator Kustomize plugin for more information on using the policy generator.

PolicySet details

Policy Description Prerequisites
Advanced Cluster Security Secured Clusters Applies the Advanced Cluster Security Secured Cluster operator to all managed clusters The default placement applies the Secured Cluster resources to all OpenShift clusters except the hub cluster.
OpenShift Best Practices Applies the OpenShift management best practices to OpenShift clusters. Requires placement on OpenShift 4.6 clusters or newer. The PolicySet uses cluster Placement and not the PlacementRule placement mechanism.
OpenShift Platform Plus (moved to stable) The OpenShift Platform Plus policy set applies several policies that installs the OpenShift Platform Plus products using best practices that allow them to work well together. The OpenShift Platform Plus policy set works with OpenShift managed clusters and installs many components to the hub cluster. See the policy set README.md for more information on prerequisites. The PolicySet uses cluster Placement and not the PlacementRule placement mechanism.
Kyverno Policy Sets The Kyverno policy sets are provided to help you apply best practices around security, multitenancy and applications. See the details for each each of the policy sets in the kyverno subdirectories. The Kyverno PolicySets require the Kyverno helm chart to be installed on each managed cluster where you want to install the PolicySets. Use the policy policy-install-kyverno to install kyverno and the policy policy-kyverno-config-exclude-resources to update Kyverno resource filters. The PolicySet uses cluster Placement and not the PlacementRule placement mechanism. For more details on Kyverno PolicySet installation, see the README.md.
Zettaset Xcrypt The zettaset policy set deploys the policies for encryption of disk devices See the [Zettaset README (https://github.com/zettaset/zettaset-public/) to learn more about Zettaset Xcrypt Deployment.
Setup for OpenShift Platform Plus The Setup for OpenShift Platform Plus policy set applies several policies that prepares the Red Had Advancend Cluster Management for Kubernetes hub cluster for OpenShift Platform Plus components. The Setup for OpenShift Platform Plus policy set works with only the hub cluster. See the policy set README.md for more information on prerequisites. The PolicySet uses cluster Placement and not the PlacementRule placement mechanism. Red Hat Advanced Cluster Management version 2.7 is required to install this PolicySet.
PolicyGenerator Download Configures a webserver to host the PolicyGenerator and adds the download to the OpenShift CLI Download page on the OpenShift Console. This ensures the version downloaded matches the version of Red Hat Advanced Cluster Management running on the hub. Red Hat Advanced Cluster Management version 2.8 is required to install this Policy.