Skip to content

Latest commit

 

History

History

openshift-plus

README.md

OpenShift Plus PolicySet

Prerequisites

To install OpenShift Plus using this PolicySet, you must first have:

Installation

The OpenShift Plus PolicySet contains two PolicySets that will be deployed. The OpenShift Plus PolicySet installs everything onto the Open Cluster Management hub cluster. The Advanced Cluster Security Secured Cluster Services and the Compliance Operator are deployed onto all OpenShift managed clusters.

Prior to applying the PolicySet, perform these steps:

  1. To allow for subscriptions to be applied below you must apply and set to enforce the policy policy-configure-subscription-admin-hub.yaml.
  2. Install the Policy generator Kustomize plugin by following the installation instructions. It is recommended to use Kustomize v4.5+.
  3. Policies are installed to the policies namespace. Make sure the placement bindings match this namespace for the hub and other managed clusters. Example yaml to apply a ManagedClusterSetBinding for the policies namespace. 
    kind: ManagedClusterSetBinding
metadata:
    name: default
    namespace: policies
spec:
    clusterSet: default

    oc apply -f managed-cluster.yaml

Apply the policies using the kustomize command or subscribing to a fork of the repository and pointing to this directory. See the details for using the Policy Generator for more information. The command to run is kustomize build --enable-alpha-plugins | oc apply -f -

Note: For any components of OpenShift Plus that you do not wish to install, edit the policyGenerator.yaml file and remove or comment out the policies for those components.

Sample Setup for OpenShift Plus

A community PolicySet has been created to configure a cluster for the needed prerequisites for OpenShift Plus. Review this PolicySet to make sure you have prepared the hub cluster properly or apply this PolicySet to use the recommended configuration settings for the hub cluster.