主页
产品
Red Hat Advanced Cluster Management for Kubernetes
2.4
监管
2.3.4. 创建自定义策略控制器（已弃用）

2.3.4. 创建自定义策略控制器（已弃用）

了解如何编写、应用、查看和更新您的自定义策略控制器。您可以为策略控制器创建 YAML 文件，以部署到集群中。查看以下部分以创建策略控制器：

2.3.4.1. 编写一个策略控制器
复制链接

使用位于 governance-policy-framework 存储库中的策略控制器框架。完成以下步骤来创建策略控制器：

运行以下命令克隆 governance-policy-framework 存储库：

git clone git@github.com:stolostron/governance-policy-framework.git

git clone git@github.com:stolostron/governance-policy-framework.git

Copy to Clipboard

Toggle word wrap

通过更新策略模式定义自定义控制器策略。您的策略可能类似以下内容：

metadata:
  name: samplepolicies.policies.open-cluster-management.io
spec:
  group: policy.open-cluster-management.io
  names:
    kind: SamplePolicy
    listKind: SamplePolicyList
    plural: samplepolicies
    singular: samplepolicy

metadata:
  name: samplepolicies.policies.open-cluster-management.io
spec:
  group: policy.open-cluster-management.io
  names:
    kind: SamplePolicy
    listKind: SamplePolicyList
    plural: samplepolicies
    singular: samplepolicy

Copy to Clipboard

Toggle word wrap

更新策略控制器以监视 SamplePolicy kind。运行以下命令：

for file in $(find . -name "*.go" -type f); do  sed -i "" "s/SamplePolicy/g" $file; done
for file in $(find . -name "*.go" -type f); do  sed -i "" "s/samplepolicy-controller/samplepolicy-controller/g" $file; done

for file in $(find . -name "*.go" -type f); do  sed -i "" "s/SamplePolicy/g" $file; done
for file in $(find . -name "*.go" -type f); do  sed -i "" "s/samplepolicy-controller/samplepolicy-controller/g" $file; done

Copy to Clipboard

Toggle word wrap

通过完成以下步骤重新编译并运行策略控制器：

登录到您的集群。
选择用户图标，然后点击 Configure client。
将配置信息复制并粘贴到您的命令行中，然后按 Enter 键。

运行以下命令以应用您的策略 CRD 并启动控制器：

export GO111MODULE=on

kubectl apply -f deploy/crds/policy.open-cluster-management.io_samplepolicies_crd.yaml

export WATCH_NAMESPACE=<cluster_namespace_on_hub>

go run cmd/manager/main.go

export GO111MODULE=on

kubectl apply -f deploy/crds/policy.open-cluster-management.io_samplepolicies_crd.yaml

export WATCH_NAMESPACE=<cluster_namespace_on_hub>

go run cmd/manager/main.go

Copy to Clipboard

Toggle word wrap

您可能会收到以下输出来表示控制器在运行：

{“level”:”info”,”ts”:1578503280.511274,”logger”:”controller-runtime.manager”,”msg”:”starting metrics server”,”path”:”/metrics”}
{“level”:”info”,”ts”:1578503281.215883,”logger”:”controller-runtime.controller”,”msg”:”Starting Controller”,”controller”:”samplepolicy-controller”}
{“level”:”info”,”ts”:1578503281.3203468,”logger”:”controller-runtime.controller”,”msg”:”Starting workers”,”controller”:”samplepolicy-controller”,”worker count”:1}
Waiting for policies to be available for processing…

{“level”:”info”,”ts”:1578503280.511274,”logger”:”controller-runtime.manager”,”msg”:”starting metrics server”,”path”:”/metrics”}
{“level”:”info”,”ts”:1578503281.215883,”logger”:”controller-runtime.controller”,”msg”:”Starting Controller”,”controller”:”samplepolicy-controller”}
{“level”:”info”,”ts”:1578503281.3203468,”logger”:”controller-runtime.controller”,”msg”:”Starting workers”,”controller”:”samplepolicy-controller”,”worker count”:1}
Waiting for policies to be available for processing…

Copy to Clipboard

Toggle word wrap

创建策略，验证控制器是否已检索策略，并在集群中应用策略。运行以下命令：
```
kubectl apply -f deploy/crds/policy.open-cluster-management.io_samplepolicies_crd.yaml
```
```
kubectl apply -f deploy/crds/policy.open-cluster-management.io_samplepolicies_crd.yaml
```
Copy to Clipboard Toggle word wrap
应用策略时，会出现一条消息来指示您的自定义控制器监控并检测到策略。这个信息可能类似以下内容：

{"level":"info","ts":1578503685.643426,"logger":"controller_samplepolicy","msg":"Reconciling SamplePolicy","Request.Namespace":"default","Request.Name":"example-samplepolicy"}
{"level":"info","ts":1578503685.855259,"logger":"controller_samplepolicy","msg":"Reconciling SamplePolicy","Request.Namespace":"default","Request.Name":"example-samplepolicy"}
Available policies in namespaces:
namespace = kube-public; policy = example-samplepolicy
namespace = default; policy = example-samplepolicy
namespace = kube-node-lease; policy = example-samplepolicy

{"level":"info","ts":1578503685.643426,"logger":"controller_samplepolicy","msg":"Reconciling SamplePolicy","Request.Namespace":"default","Request.Name":"example-samplepolicy"}
{"level":"info","ts":1578503685.855259,"logger":"controller_samplepolicy","msg":"Reconciling SamplePolicy","Request.Namespace":"default","Request.Name":"example-samplepolicy"}
Available policies in namespaces:
namespace = kube-public; policy = example-samplepolicy
namespace = default; policy = example-samplepolicy
namespace = kube-node-lease; policy = example-samplepolicy

Copy to Clipboard

Toggle word wrap

运行以下命令，检查 status 字段中的合规详情：

kubectl describe SamplePolicy example-samplepolicy -n default

kubectl describe SamplePolicy example-samplepolicy -n default

Copy to Clipboard

Toggle word wrap

您的输出可能类似以下内容：

status:
  compliancyDetails:
    example-samplepolicy:
      cluster-wide:
      - 5 violations detected in namespace `cluster-wide`, there are 0 users violations
        and 5 groups violations
      default:
      - 0 violations detected in namespace `default`, there are 0 users violations
        and 0 groups violations
      kube-node-lease:
      - 0 violations detected in namespace `kube-node-lease`, there are 0 users violations
        and 0 groups violations
      kube-public:
      - 1 violations detected in namespace `kube-public`, there are 0 users violations
        and 1 groups violations
  compliant: NonCompliant

status:
  compliancyDetails:
    example-samplepolicy:
      cluster-wide:
      - 5 violations detected in namespace `cluster-wide`, there are 0 users violations
        and 5 groups violations
      default:
      - 0 violations detected in namespace `default`, there are 0 users violations
        and 0 groups violations
      kube-node-lease:
      - 0 violations detected in namespace `kube-node-lease`, there are 0 users violations
        and 0 groups violations
      kube-public:
      - 1 violations detected in namespace `kube-public`, there are 0 users violations
        and 1 groups violations
  compliant: NonCompliant

Copy to Clipboard

Toggle word wrap

更改策略规则和策略逻辑，为您的策略控制器引入新规则。完成以下步骤：

通过更新 SamplePolicySpec 在 YAML 文件中添加新字段。您的规格应该和以下类似：

spec:
  description: SamplePolicySpec defines the desired state of SamplePolicy
  properties:
    labelSelector:
      additionalProperties:
        type: string
      type: object
    maxClusterRoleBindingGroups:
      type: integer
    maxClusterRoleBindingUsers:
      type: integer
    maxRoleBindingGroupsPerNamespace:
      type: integer
    maxRoleBindingUsersPerNamespace:
      type: integer

spec:
  description: SamplePolicySpec defines the desired state of SamplePolicy
  properties:
    labelSelector:
      additionalProperties:
        type: string
      type: object
    maxClusterRoleBindingGroups:
      type: integer
    maxClusterRoleBindingUsers:
      type: integer
    maxRoleBindingGroupsPerNamespace:
      type: integer
    maxRoleBindingUsersPerNamespace:
      type: integer

Copy to Clipboard

Toggle word wrap

使用新字段更新 samplepolicy_controller.go 中的 SamplePolicySpec 结构。
使用新的路径更新 samplepolicy_controller.go 文件中的 PeriodicallyExecSamplePolicies 函数来运行策略控制器。查看 PeriodicallyExecSamplePolicies 字段的示例，请参阅 stolostron/multicloud-operators-policy-controller。
重新编译并运行策略控制器。请参阅编写策略控制器

您的策略控制器可以正常工作。

返回顶部

2.3.4. 创建自定义策略控制器（已弃用）

2.3.4.1. 编写一个策略控制器
复制链接

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

2.3.4. 创建自定义策略控制器（已弃用）

2.3.4.1. 编写一个策略控制器复制链接链接已复制到粘贴板!

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

2.3.4.1. 编写一个策略控制器
复制链接