apiVersion: policy.open-cluster-management.io/v1 kind: PolicyGenerator metadata: name: install-gatekeeper placementBindingDefaults: name: gatekeeper-placement-binding policyDefaults: namespace: demo-policies placement: placementName: gatekeeper-placement remediationAction: inform policySets: - gatekeeper-policyset - gatekeeper-hub informGatekeeperPolicies: false pruneObjectBehavior: DeleteIfCreated severity: medium ignorePending: true policySetDefaults: # Optional. The placement configuration for the policy sets. This defaults to a placement configuration that matches # all clusters. If a placement.name is not provided here for placement consolidation, it will fall back to # policyDefaults.placement.name, if provided there. (See policyDefaults.placement for description.) placement: placementName: gatekeeper-placement # Optional. Whether to generate placement manifests for policy sets. This defaults to "true". generatePolicySetPlacement: true policies: - name: policy-install-gatekeeper manifests: - path: gatekeeperinstall remediationAction: enforce policySets: - gatekeeper-policyset - gatekeeper-hub - name: policy-check-gatekeeper manifests: - path: gatekeeperchecks remediationAction: enforce dependencies: - name: "policy-install-gatekeeper" compliance: "Compliant" kind: "Policy" policySets: - gatekeeper-policyset - gatekeeper-hub - name: policy-configure-gatekeeper manifests: - path: gatekeeperconfig remediationAction: enforce dependencies: - name: "policy-check-gatekeeper" compliance: "Compliant" kind: "Policy" policySets: - gatekeeper-policyset - gatekeeper-hub - name: policy-gatekeeperlibrary manifests: - path: gatekeeperlibrary dependencies: - name: "policy-check-gatekeeper" compliance: "Compliant" kind: "Policy" ignorePending: true remediationAction: enforce policySets: - gatekeeper-policyset - name: policy-extraconstraints manifests: - path: extracontrainttemplates dependencies: - name: "policy-check-gatekeeper" compliance: "Compliant" kind: "Policy" remediationAction: enforce policySets: - gatekeeper-policyset - name: policy-applyconstraints manifests: - path: gatekeeperconstraint dependencies: - name: "policy-check-gatekeeper" compliance: "Compliant" kind: "Policy" remediationAction: enforce policySets: - gatekeeper-policyset - name: gp-valid-apideprecation remediationAction: enforce manifests: - path: verify-deprecatedapi/verifydeprecatedapi-1.16.yml - path: verify-deprecatedapi/verifydeprecatedapi-1.22.yml - path: verify-deprecatedapi/verifydeprecatedapi-1.25.yml - path: verify-deprecatedapi/verifydeprecatedapi-1.26.yml - path: verify-deprecatedapi/verifydeprecatedapi-1.27.yml - path: verify-deprecatedapi/verifydeprecatedapi-1.29.yml dependencies: - name: "policy-check-gatekeeper" compliance: "Compliant" kind: "Policy" policySets: - gatekeeper-policyset - name: checkadmissionevents remediationAction: enforce manifests: - path: checkadmissionevents dependencies: - name: "policy-check-gatekeeper" compliance: "Compliant" kind: "Policy" policySets: - gatekeeper-policyset - gatekeeper-hub - name: mutation remediationAction: enforce manifests: - path: mutation dependencies: - name: "policy-check-gatekeeper" compliance: "Compliant" kind: "Policy" policySets: - gatekeeper-policyset - name: hubconstrainttemplates remediationAction: enforce manifests: - path: hub/templates policySets: - gatekeeper-hub - name: hubconstraints remediationAction: enforce manifests: - path: hub/constraints policySets: - gatekeeper-hub policySets: - description: The Gatekeeper-Hub set applies several policies name: gatekeeper-hub placement: placementName: gatekeeper-hub-placement - description: The OpenShift Platform Plus policy set applies several policies that install the OpenShift Platform Plus products using best practices that allow them to work well together. This policy set is focused on the components that install to every managed cluster. name: gatekeeper-policyset placement: placementName: gatekeeper-placement