2.3.2.2. 证书策略示例
当在 hub 集群上创建证书策略控制器时,会在受管集群上创建复制策略。受管集群上的证书策略可能类似以下文件:
apiVersion: policy.open-cluster-management.io/v1 kind: CertificatePolicy metadata: name: certificate-policy-1 namespace: kube-system label: category: "System-Integrity" spec: namespaceSelector: include: ["default", "kube-*"] exclude: ["kube-system"] remediationAction: inform minimumDuration: 100h minimumCADuration: 200h maximumDuration: 2161h maximumCADuration: 43920h allowedSANPattern: "[[:alpha:]]" disallowedSANPattern: "[\\*]"