다음 정책 및 절차는 AWS 클러스터에서 검색된 모든 OpenShift 서비스를 자동으로 가져오는 방법의 예입니다.
CLI에서 hub 클러스터에 로그인하여 다음 절차를 완료합니다.
다음 예제를 사용하여 YAML 파일을 생성하고 참조되는 변경 사항을 적용합니다.
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
name: policy-rosa-autoimport
annotations:
policy.open-cluster-management.io/standards: NIST SP 800-53
policy.open-cluster-management.io/categories: CM Configuration Management
policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
policy.open-cluster-management.io/description: OpenShift Service on AWS discovered clusters can be automatically imported into
Red Hat Advanced Cluster Management as managed clusters with this policy. You can select and configure those managed clusters so you can import. Configure filters or add an annotation if you do not want all of your OpenShift Service on AWS clusters to be automatically imported.
spec:
remediationAction: inform
disabled: false
policy-templates:
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: rosa-autoimport-config
spec:
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: v1
kind: ConfigMap
metadata:
name: discovery-config
namespace: open-cluster-management-global-set
data:
rosa-filter: ""
remediationAction: enforce
severity: low
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: policy-rosa-autoimport
spec:
remediationAction: enforce
severity: low
object-templates-raw: |
{{- /* find the ROSA DiscoveredClusters */ -}}
{{- range $dc := (lookup "discovery.open-cluster-management.io/v1" "DiscoveredCluster" "" "").items }}
{{- /* Check for the flag that indicates the import should be skipped */ -}}
{{- $skip := "false" -}}
{{- range $key, $value := $dc.metadata.annotations }}
{{- if and (eq $key "discovery.open-cluster-management.io/previously-auto-imported")
(eq $value "true") }}
{{- $skip = "true" }}
{{- end }}
{{- end }}
{{- /* if the type is ROSA and the status is Active */ -}}
{{- if and (eq $dc.spec.status "Active")
(contains (fromConfigMap "open-cluster-management-global-set" "discovery-config" "rosa-filter") $dc.spec.displayName)
(eq $dc.spec.type "ROSA")
(eq $skip "false") }}
- complianceType: musthave
objectDefinition:
apiVersion: discovery.open-cluster-management.io/v1
kind: DiscoveredCluster
metadata:
name: {{ $dc.metadata.name }}
namespace: {{ $dc.metadata.namespace }}
spec:
importAsManagedCluster: true
{{- end }}
{{- end }}
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: policy-rosa-managedcluster-status
spec:
remediationAction: enforce
severity: low
object-templates-raw: |
{{- /* Use the same DiscoveredCluster list to check ManagedCluster status */ -}}
{{- range $dc := (lookup "discovery.open-cluster-management.io/v1" "DiscoveredCluster" "" "").items }}
{{- /* Check for the flag that indicates the import should be skipped */ -}}
{{- $skip := "false" -}}
{{- range $key, $value := $dc.metadata.annotations }}
{{- if and (eq $key "discovery.open-cluster-management.io/previously-auto-imported")
(eq $value "true") }}
{{- $skip = "true" }}
{{- end }}
{{- end }}
{{- /* if the type is ROSA and the status is Active */ -}}
{{- if and (eq $dc.spec.status "Active")
(contains (fromConfigMap "open-cluster-management-global-set" "discovery-config" "rosa-filter") $dc.spec.displayName)
(eq $dc.spec.type "ROSA")
(eq $skip "false") }}
- complianceType: musthave
objectDefinition:
apiVersion: cluster.open-cluster-management.io/v1
kind: ManagedCluster
metadata:
name: {{ $dc.spec.displayName }}
namespace: {{ $dc.spec.displayName }}
status:
conditions:
- type: ManagedClusterConditionAvailable
status: "True"
{{- end }}
{{- end }}
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:name: policy-rosa-autoimport
annotations:policy.open-cluster-management.io/standards: NIST SP 800-53policy.open-cluster-management.io/categories: CM Configuration Management
policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
policy.open-cluster-management.io/description: OpenShift Service on AWS discovered clusters can be automatically imported into
Red Hat Advanced Cluster Management as managed clusters with this policy. You can select and configure those managed clusters so you can import. Configure filters or add an annotation if you do not want all of your OpenShift Service on AWS clusters to be automatically imported.
spec:remediationAction: inform
remediationAction: enforce
severity: low
-objectDefinition:apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:name: policy-rosa-autoimport
spec:remediationAction: enforce
severity: low
object-templates-raw:|
{{- /* find the ROSA DiscoveredClusters */ -}}
{{- range $dc := (lookup "discovery.open-cluster-management.io/v1" "DiscoveredCluster" "" "").items }}
{{- /* Check for the flag that indicates the import should be skipped */ -}}
{{- $skip := "false" -}}
{{- range $key, $value := $dc.metadata.annotations }}
{{- if and (eq $key "discovery.open-cluster-management.io/previously-auto-imported")
(eq $value "true") }}
{{- $skip = "true" }}
{{- end }}
{{- end }}
{{- /* if the type is ROSA and the status is Active */ -}}
{{- if and (eq $dc.spec.status "Active")
(contains (fromConfigMap "open-cluster-management-global-set" "discovery-config" "rosa-filter") $dc.spec.displayName)
(eq $dc.spec.type "ROSA")
(eq $skip "false") }}
- complianceType: musthave
objectDefinition:
apiVersion: discovery.open-cluster-management.io/v1
kind: DiscoveredCluster
metadata:
name: {{ $dc.metadata.name }}
namespace: {{ $dc.metadata.namespace }}
spec:
importAsManagedCluster: true
{{- end }}
{{- end }}-objectDefinition:apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:name: policy-rosa-managedcluster-status
spec:remediationAction: enforce
severity: low
object-templates-raw:|
{{- /* Use the same DiscoveredCluster list to check ManagedCluster status */ -}}
{{- range $dc := (lookup "discovery.open-cluster-management.io/v1" "DiscoveredCluster" "" "").items }}
{{- /* Check for the flag that indicates the import should be skipped */ -}}
{{- $skip := "false" -}}
{{- range $key, $value := $dc.metadata.annotations }}
{{- if and (eq $key "discovery.open-cluster-management.io/previously-auto-imported")
(eq $value "true") }}
{{- $skip = "true" }}
{{- end }}
{{- end }}
{{- /* if the type is ROSA and the status is Active */ -}}
{{- if and (eq $dc.spec.status "Active")
(contains (fromConfigMap "open-cluster-management-global-set" "discovery-config" "rosa-filter") $dc.spec.displayName)
(eq $dc.spec.type "ROSA")
(eq $skip "false") }}
- complianceType: musthave
objectDefinition:
apiVersion: cluster.open-cluster-management.io/v1
kind: ManagedCluster
metadata:
name: {{ $dc.spec.displayName }}
namespace: {{ $dc.spec.displayName }}
status:
conditions:
- type: ManagedClusterConditionAvailable
status: "True"
{{- end }}
{{- end }}
Copy to ClipboardCopied!Toggle word wrapToggle overflow
선택 사항: 여기에서 값을 지정하여 검색된 클러스터 이름을 기반으로 하는 AWS 클러스터에서 일치하는 OpenShift Service의 하위 집합을 선택합니다. rosa-filter 는 기본적으로 값이 없으므로 필터는 하위 집합 값 없이 클러스터 이름을 제한하지 않습니다.
oc apply -f <filename>.yaml -n <namespace >를 실행하여 파일을 적용합니다.
Red Hat Summit
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}