Remove ManagedClusterConditionAvailable

Signed-off-by: Dale Haiducek <[email protected]> (cherry picked from commit f9590a7)
stolostron · Apr 17, 2024 · 54f9714 · 54f9714
1 parent b274bba
commit 54f9714
Show file tree

Hide file tree

Showing 135 changed files with 2,682 additions and 3,134 deletions.
diff --git a/README.md b/README.md
@@ -36,10 +36,8 @@ for details on installing the Application addon.
 not require the Application Lifecycle addon.
 
 The policies are applied to all managed clusters that are available, and have the `environment` set
-to `dev`. Specifically, an available managed cluster has the `status` parameter set to `true` by the
-system, for the `ManagedClusterConditionAvailable` condition. If policies need to be applied to
-another set of clusters, update the `PlacementRule.spec.clusterSelector.matchExpressions` section in
-the policies.
+to `dev`. If policies need to be applied to another set of clusters, update the 
+`PlacementRule.spec.clusterSelector.matchExpressions` section in the policies.
 
 **Note**: As new clusters are added that fit the criteria previously mentioned, the policies are
 applied automatically.

diff --git a/community/AC-Access-Control/policy-configure-appworkloads-rbac-sample.yaml b/community/AC-Access-Control/policy-configure-appworkloads-rbac-sample.yaml
@@ -173,18 +173,15 @@ placementRef:
   kind: PlacementRule
   apiGroup: apps.open-cluster-management.io
 subjects:
-- name: policy-configure-appworkloads-rbac
-  kind: Policy
-  apiGroup: policy.open-cluster-management.io
+  - name: policy-configure-appworkloads-rbac
+    kind: Policy
+    apiGroup: policy.open-cluster-management.io
 ---
 apiVersion: apps.open-cluster-management.io/v1
 kind: PlacementRule
 metadata:
   name: placement-policy-configure-appworkloads-rbac
 spec:
-  clusterConditions:
-  - status: "True"
-    type: ManagedClusterConditionAvailable
   clusterSelector:
     matchExpressions:
       - {key: environment, operator: In, values: ["dev"]}
diff --git a/community/AC-Access-Control/policy-configure-clusterlevel-rbac.yaml b/community/AC-Access-Control/policy-configure-clusterlevel-rbac.yaml
@@ -88,7 +88,7 @@ spec:
                 roleRef:
                   apiGroup: rbac.authorization.k8s.io
                   kind: ClusterRole
-                  name: admin   
+                  name: admin
 ---
 apiVersion: policy.open-cluster-management.io/v1
 kind: PlacementBinding
@@ -108,9 +108,6 @@ kind: PlacementRule
 metadata:
   name: placement-policy-configure-clusterlevel-rbac
 spec:
-  clusterConditions:
-    - status: "True"
-      type: ManagedClusterConditionAvailable
   clusterSelector:
     matchExpressions:
-      - {key: local-cluster, operator: In, values: ['true']}
+      - {key: local-cluster, operator: In, values: ['true']}
diff --git a/community/AC-Access-Control/policy-gatekeeper-disallow-anonymous.yaml b/community/AC-Access-Control/policy-gatekeeper-disallow-anonymous.yaml
@@ -7,7 +7,7 @@ metadata:
     policy.open-cluster-management.io/categories: AC Access Control
     policy.open-cluster-management.io/controls: AC-2 Account Management
 spec:
-  remediationAction: enforce 
+  remediationAction: enforce
   disabled: false
   policy-templates:
     - objectDefinition:
@@ -18,7 +18,7 @@ spec:
         spec:
           remediationAction: enforce
           severity: low
-          object-templates: 
+          object-templates:
             - complianceType: musthave
               objectDefinition:
                 apiVersion: templates.gatekeeper.sh/v1beta1
@@ -47,7 +47,7 @@ spec:
 
                         review(subject) = true {
                           subject.name == "system:anonymous"
-                        }                
+                        }
             - complianceType: musthave
               objectDefinition:
                 apiVersion: constraints.gatekeeper.sh/v1beta1
@@ -98,7 +98,7 @@ spec:
                     constraint_action: deny
                     constraint_kind: K8sDisallowAnonymous
                     constraint_name: no-anonymous
-                    event_type: violation       
+                    event_type: violation
 ---
 apiVersion: policy.open-cluster-management.io/v1
 kind: PlacementBinding
@@ -118,9 +118,6 @@ kind: PlacementRule
 metadata:
   name: placement-policy-gatekeeper-disallow-anonymous
 spec:
-  clusterConditions:
-    - status: "True"
-      type: ManagedClusterConditionAvailable
   clusterSelector:
     matchExpressions:
-      - { key: environment, operator: In, values: ["dev"] }
+      - {key: environment, operator: In, values: ["dev"]}
diff --git a/community/AC-Access-Control/policy-rbac-adminiterpolicies-sample.yaml b/community/AC-Access-Control/policy-rbac-adminiterpolicies-sample.yaml
@@ -139,18 +139,15 @@ placementRef:
   kind: PlacementRule
   apiGroup: apps.open-cluster-management.io
 subjects:
-- name: policy-rbac-adminiterpolicies
-  kind: Policy
-  apiGroup: policy.open-cluster-management.io
+  - name: policy-rbac-adminiterpolicies
+    kind: Policy
+    apiGroup: policy.open-cluster-management.io
 ---
 apiVersion: apps.open-cluster-management.io/v1
 kind: PlacementRule
 metadata:
   name: placement-policy-rbac-adminiterpolicies
 spec:
-  clusterConditions:
-    - status: 'True'
-      type: ManagedClusterConditionAvailable
   clusterSelector:
     matchExpressions:
       - key: local-cluster

diff --git a/community/AC-Access-Control/policy-roles-no-wildcards.yaml b/community/AC-Access-Control/policy-roles-no-wildcards.yaml
@@ -42,18 +42,15 @@ placementRef:
   kind: PlacementRule
   apiGroup: apps.open-cluster-management.io
 subjects:
-- name: policy-disallowed-roles
-  kind: Policy
-  apiGroup: policy.open-cluster-management.io
+  - name: policy-disallowed-roles
+    kind: Policy
+    apiGroup: policy.open-cluster-management.io
 ---
 apiVersion: apps.open-cluster-management.io/v1
 kind: PlacementRule
 metadata:
   name: placement-policy-disallowed-roles
 spec:
-  clusterConditions:
-  - status: "True"
-    type: ManagedClusterConditionAvailable
   clusterSelector:
     matchExpressions:
       - {key: environment, operator: In, values: ["dev"]}
diff --git a/community/AU-Audit-and-Accountability/policy-openshift-audit-logs-sample.yaml b/community/AU-Audit-and-Accountability/policy-openshift-audit-logs-sample.yaml
@@ -27,13 +27,12 @@ spec:
                   name: cluster
                 spec:
                   audit:
-                    customRules:                        
-                    - group: system:authenticated:oauth
-                      profile: WriteRequestBodies
-                    - group: system:authenticated
-                      profile: AllRequestBodies
-                  profile: Default  
-
+                    customRules:
+                      - group: system:authenticated:oauth
+                        profile: WriteRequestBodies
+                      - group: system:authenticated
+                        profile: AllRequestBodies
+                  profile: Default
 ---
 apiVersion: policy.open-cluster-management.io/v1
 kind: PlacementBinding
@@ -53,13 +52,9 @@ kind: PlacementRule
 metadata:
   name: placement-config-audit
 spec:
-  clusterConditions:
-    - status: 'True'
-      type: ManagedClusterConditionAvailable
   clusterSelector:
     matchExpressions:
       - key: environment
         operator: In
         values:
           - dev
-
diff --git a/community/CA-Security-Assessment-and-Authorization/policy-check-fips.yaml b/community/CA-Security-Assessment-and-Authorization/policy-check-fips.yaml
@@ -10,35 +10,35 @@ spec:
   remediationAction: inform
   disabled: false
   policy-templates:
-  - objectDefinition:
-      apiVersion: policy.open-cluster-management.io/v1
-      kind: ConfigurationPolicy
-      metadata:
-        name: 'checkfipscompliance'
-      spec:
-        remediationAction: inform
-        severity: low
-        object-templates:
-          - complianceType: musthave
-            objectDefinition:
-              apiVersion: machineconfiguration.openshift.io/v1
-              kind: MachineConfig
-              metadata:
-                labels:
-                  machineconfiguration.openshift.io/role: worker
-                name: 99-worker-fips
-              spec:
-                fips: true
-          - complianceType: musthave
-            objectDefinition:
-              apiVersion: machineconfiguration.openshift.io/v1
-              kind: MachineConfig
-              metadata:
-                labels:
-                  machineconfiguration.openshift.io/role: master
-                name: 99-master-fips
-              spec:
-                fips: true
+    - objectDefinition:
+        apiVersion: policy.open-cluster-management.io/v1
+        kind: ConfigurationPolicy
+        metadata:
+          name: 'checkfipscompliance'
+        spec:
+          remediationAction: inform
+          severity: low
+          object-templates:
+            - complianceType: musthave
+              objectDefinition:
+                apiVersion: machineconfiguration.openshift.io/v1
+                kind: MachineConfig
+                metadata:
+                  labels:
+                    machineconfiguration.openshift.io/role: worker
+                  name: 99-worker-fips
+                spec:
+                  fips: true
+            - complianceType: musthave
+              objectDefinition:
+                apiVersion: machineconfiguration.openshift.io/v1
+                kind: MachineConfig
+                metadata:
+                  labels:
+                    machineconfiguration.openshift.io/role: master
+                  name: 99-master-fips
+                spec:
+                  fips: true
 ---
 apiVersion: policy.open-cluster-management.io/v1
 kind: PlacementBinding
@@ -49,18 +49,15 @@ placementRef:
   kind: PlacementRule
   apiGroup: apps.open-cluster-management.io
 subjects:
-- name: checkfipscompliance
-  kind: Policy
-  apiGroup: policy.open-cluster-management.io
+  - name: checkfipscompliance
+    kind: Policy
+    apiGroup: policy.open-cluster-management.io
 ---
 apiVersion: apps.open-cluster-management.io/v1
 kind: PlacementRule
 metadata:
   name: placement-checkfipscompliance
 spec:
-  clusterConditions:
-  - status: "True"
-    type: ManagedClusterConditionAvailable
   clusterSelector:
     matchExpressions:
       - {key: environment, operator: In, values: ["dev"]}
diff --git a/...CA-Security-Assessment-and-Authorization/policy-compliance-operator-install-upstream.yaml b/...CA-Security-Assessment-and-Authorization/policy-compliance-operator-install-upstream.yaml
@@ -102,18 +102,15 @@ placementRef:
   kind: PlacementRule
   apiGroup: apps.open-cluster-management.io
 subjects:
-- name: policy-comp-operator
-  kind: Policy
-  apiGroup: policy.open-cluster-management.io
+  - name: policy-comp-operator
+    kind: Policy
+    apiGroup: policy.open-cluster-management.io
 ---
 apiVersion: apps.open-cluster-management.io/v1
 kind: PlacementRule
 metadata:
   name: placement-policy-comp-operator
 spec:
-  clusterConditions:
-  - status: "True"
-    type: ManagedClusterConditionAvailable
   clusterSelector:
     matchExpressions:
       - {key: vendor, operator: In, values: ["OpenShift"]}