remove compliance
This commit is contained in:
parent
90980359e5
commit
693cbe0b0e
|
@ -1,89 +0,0 @@
|
|||
apiVersion: compliance.mcm.ibm.com/v1alpha1
|
||||
kind: Compliance
|
||||
metadata:
|
||||
name: compliance1
|
||||
namespace: mcm
|
||||
spec:
|
||||
clusterSelector:
|
||||
matchNames:
|
||||
- "icp1"
|
||||
- "icp2"
|
||||
- "icp3"
|
||||
# matchLabels:
|
||||
# cloud: "IBM"
|
||||
# hippa: "true"
|
||||
# matchExpressions:
|
||||
# - key: key1
|
||||
# operator: "NotIn"
|
||||
# values:
|
||||
# - "cl3"
|
||||
# - "cl4"
|
||||
# matchConditions:
|
||||
# - type: "OK"
|
||||
# status: "True"
|
||||
runtime-rules:
|
||||
- apiVersion: policy.mcm.ibm.com/v1alpha1
|
||||
kind: Policy
|
||||
metadata:
|
||||
name: policy01
|
||||
description: Instance descriptor for policy resource
|
||||
spec:
|
||||
remediationAction: "inform" # or inform
|
||||
namespaces:
|
||||
include: ["default"]
|
||||
exclude: ["kube*"]
|
||||
role-templates:
|
||||
- kind: RoleTemplate
|
||||
apiVersion: roletemplate.mcm.ibm.com/v1alpha1
|
||||
complianceType: "musthave" # at this level, it means the role must exist with the rules that it musthave below
|
||||
metadata:
|
||||
namespace: "" # will be inferred
|
||||
name: dev
|
||||
selector:
|
||||
# matchLabels:
|
||||
# hipaa: "true"
|
||||
rules:
|
||||
- complianceType: "musthave" # at this level, it means if the role exists the rule is a musthave
|
||||
policyRule:
|
||||
apiGroups: ["extensions", "apps"]
|
||||
resources: ["deployments"]
|
||||
verbs: ["get", "list", "watch", "create", "delete","patch"]
|
||||
- apiVersion: policy.mcm.ibm.com/v1alpha1
|
||||
kind: Policy
|
||||
metadata:
|
||||
name: policy02
|
||||
description: Instance descriptor for policy resource
|
||||
spec:
|
||||
remediationAction: "enforce" # or inform
|
||||
namespaces:
|
||||
include: ["default"]
|
||||
exclude: ["kube*"]
|
||||
role-templates:
|
||||
- kind: RoleTemplate
|
||||
apiVersion: roletemplate.mcm.ibm.com/v1alpha1
|
||||
complianceType: "musthave" # at this level, it means the role must exist with the rules that it musthave below
|
||||
metadata:
|
||||
namespace: "" # will be inferred
|
||||
name: operator
|
||||
selector:
|
||||
matchLabels:
|
||||
hipaa: "true"
|
||||
rules:
|
||||
- complianceType: "musthave" # at this level, it means if the role exists the rule is a musthave
|
||||
policyRule:
|
||||
apiGroups: ["extensions", "apps"]
|
||||
resources: ["deployments"]
|
||||
verbs: ["get", "list", "watch", "delete"]
|
||||
- complianceType: "mustnothave" # at this level, it means if the role exists the rule is a mustnothave
|
||||
policyRule:
|
||||
apiGroups: ["core"]
|
||||
resources: ["pods"]
|
||||
verbs: ["create", "update", "patch"]
|
||||
- policyRule:
|
||||
apiGroups: ["core"]
|
||||
resources: ["secrets"]
|
||||
verbs: ["get", "watch", "list", "create", "delete", "update", "patch"]
|
||||
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue