Skip to content

Commit

Permalink
update namespace for gatekeeper related policies (#68)
Browse files Browse the repository at this point in the history 
* update gatekeeper policy to openshift-gatekeeper-system

* use different namespace for gatekeeper operator
  • Loading branch information
Yu Cao authored Dec 19, 2020
1 parent ca6d599 commit 8153562
Show file tree
Hide file tree
Showing 6 changed files with 10 additions and 15 deletions.
2 changes: 1 addition & 1 deletion community/CM-Configuration-Management/policy-gatekeeper-allowed-external-ips.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ spec:
apiVersion: v1
kind: Event
metadata:
namespace: gatekeeper-system
namespace: openshift-gatekeeper-system # set it to the actual namespace where gatekeeper is running if different
annotations:
constraint_action: deny
constraint_kind: K8sExternalIPs
Expand Down
3 changes: 1 addition & 2 deletions community/CM-Configuration-Management/policy-gatekeeper-container-image-latest.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -411,7 +411,6 @@ spec:
name: containerimagelatest
status:
totalViolations: 0
violations: []
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
Expand All @@ -426,7 +425,7 @@ spec:
apiVersion: v1
kind: Event
metadata:
namespace: gatekeeper-system
namespace: openshift-gatekeeper-system # set it to the actual namespace where gatekeeper is running if different
annotations:
constraint_action: deny
constraint_kind: ContainerImageLatest
Expand Down
3 changes: 1 addition & 2 deletions community/CM-Configuration-Management/policy-gatekeeper-container-livenessprobenotset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -411,7 +411,6 @@ spec:
name: containerlivenessprobenotset
status:
totalViolations: 0
violations: []
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
Expand All @@ -426,7 +425,7 @@ spec:
apiVersion: v1
kind: Event
metadata:
namespace: gatekeeper-system
namespace: openshift-gatekeeper-system # set it to the actual namespace where gatekeeper is running if different
annotations:
constraint_action: deny
constraint_kind: ContainerLivenessprobeNotset
Expand Down
3 changes: 1 addition & 2 deletions community/CM-Configuration-Management/policy-gatekeeper-container-readinessprobenotset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -411,7 +411,6 @@ spec:
name: containerreadinessprobenotset
status:
totalViolations: 0
violations: []
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
Expand All @@ -426,7 +425,7 @@ spec:
apiVersion: v1
kind: Event
metadata:
namespace: gatekeeper-system
namespace: openshift-gatekeeper-system # set it to the actual namespace where gatekeeper is running if different
annotations:
constraint_action: deny
constraint_kind: ContainerReadinessprobeNotset
Expand Down
11 changes: 5 additions & 6 deletions community/CM-Configuration-Management/policy-gatekeeper-operator.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ spec:
apiVersion: v1
kind: Namespace
metadata:
name: gatekeeper-system
name: openshift-gatekeeper-operator
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
Expand All @@ -40,7 +40,7 @@ spec:
kind: CatalogSource
metadata:
name: gatekeeper-operator
namespace: gatekeeper-system
namespace: openshift-gatekeeper-operator
spec:
displayName: Gatekeeper Operator Upstream
publisher: github.com/font/gatekeeper-operator
Expand All @@ -64,7 +64,7 @@ spec:
kind: OperatorGroup
metadata:
name: gatekeeper-operator
namespace: gatekeeper-system
namespace: openshift-gatekeeper-operator
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
Expand All @@ -80,12 +80,12 @@ spec:
kind: Subscription
metadata:
name: gatekeeper-operator-sub
namespace: gatekeeper-system
namespace: openshift-gatekeeper-operator
spec:
channel: alpha
name: gatekeeper-operator
source: gatekeeper-operator
sourceNamespace: gatekeeper-system
sourceNamespace: openshift-gatekeeper-operator
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
Expand All @@ -101,7 +101,6 @@ spec:
kind: Gatekeeper
metadata:
name: gatekeeper
namespace: gatekeeper-system
spec:
audit:
logLevel: INFO
Expand Down
3 changes: 1 addition & 2 deletions community/CM-Configuration-Management/policy-gatekeeper-sample.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,6 @@ spec:
name: ns-must-have-gk
status:
totalViolations: 0
violations: []
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
Expand All @@ -92,7 +91,7 @@ spec:
apiVersion: v1
kind: Event
metadata:
namespace: gatekeeper-system
namespace: openshift-gatekeeper-system # set it to the actual namespace where gatekeeper is running if different
annotations:
constraint_action: deny
constraint_kind: K8sRequiredLabels
Expand Down

0 comments on commit 8153562

Please sign in to comment.