Skip to content

Commit

Permalink
Update tests after common rebase
Browse files Browse the repository at this point in the history
  • Loading branch information
@mbaldessari
mbaldessari committed Aug 6, 2024
1 parent 7259ee0 commit 7277ddf
Show file tree
Hide file tree
Showing 25 changed files with 6,439 additions and 601 deletions.
260 changes: 251 additions & 9 deletions tests/common-acm-industrial-edge-factory.expected.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,22 @@ subjects:
apiGroup: policy.open-cluster-management.io
---
# Source: acm/templates/policies/ocp-gitops-policy.yaml
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
name: openshift-gitops-placement-binding-argocd
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
placementRef:
name: openshift-gitops-placement-argocd
kind: PlacementRule
apiGroup: apps.open-cluster-management.io
subjects:
- name: openshift-gitops-policy-argocd
kind: Policy
apiGroup: policy.open-cluster-management.io
---
# Source: acm/templates/policies/ocp-gitops-policy.yaml
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
Expand All @@ -64,6 +80,28 @@ spec:
- 'true'
---
# Source: acm/templates/policies/ocp-gitops-policy.yaml
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
name: openshift-gitops-placement-argocd
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
clusterConditions:
- status: 'True'
type: ManagedClusterConditionAvailable
clusterSelector:
matchExpressions:
- key: vendor
operator: In
values:
- OpenShift
- key: local-cluster
operator: NotIn
values:
- 'true'
---
# Source: acm/templates/policies/ocp-gitops-policy.yaml
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
Expand All @@ -90,15 +128,6 @@ spec:
include:
- default
object-templates:
- complianceType: mustonlyhave
objectDefinition:
kind: ConfigMap
apiVersion: v1
metadata:
name: trusted-ca-bundle
namespace: openshift-gitops
labels:
config.openshift.io/inject-trusted-cabundle: 'true'
- complianceType: mustonlyhave
objectDefinition:
# This is an auto-generated file. DO NOT EDIT
Expand All @@ -119,3 +148,216 @@ spec:
env:
- name: ARGOCD_CLUSTER_CONFIG_NAMESPACES
value: "*"
- complianceType: mustonlyhave
objectDefinition:
kind: ConfigMap
apiVersion: v1
metadata:
name: trusted-ca-bundle
namespace: openshift-gitops
labels:
config.openshift.io/inject-trusted-cabundle: 'true'
---
# Source: acm/templates/policies/ocp-gitops-policy.yaml
# This policy depends on openshift-gitops-policy and the reason is that we need to be
# certain that the trusted-ca-bundle exists before spawning the clusterwide argocd instance
# because the initcontainer references the trusted-ca-bundle and if it starts without the
# configmap being there we risk running an argo instances that won't trust public CAs
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
name: openshift-gitops-policy-argocd
annotations:
policy.open-cluster-management.io/standards: NIST-CSF
policy.open-cluster-management.io/categories: PR.DS Data Security
policy.open-cluster-management.io/controls: PR.DS-1 Data-at-rest
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/compare-options: IgnoreExtraneous
spec:
remediationAction: enforce
disabled: false
dependencies:
- apiVersion: policy.open-cluster-management.io/v1
compliance: Compliant
kind: Policy
name: openshift-gitops-policy
namespace: open-cluster-management
- apiVersion: policy.open-cluster-management.io/v1
compliance: Compliant
kind: Policy
name: hub-argo-ca-openshift-gitops-policy
namespace: open-cluster-management
policy-templates:
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: openshift-gitops-config-argocd
spec:
remediationAction: enforce
severity: medium
namespaceSelector:
include:
- default
object-templates:
- complianceType: mustonlyhave
objectDefinition:
apiVersion: argoproj.io/v1beta1
kind: ArgoCD
metadata:
name: openshift-gitops
namespace: openshift-gitops
spec:
applicationSet:
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 250m
memory: 512Mi
webhookServer:
ingress:
enabled: false
route:
enabled: false
controller:
processors: {}
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: 250m
memory: 1Gi
sharding: {}
grafana:
enabled: false
ingress:
enabled: false
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 250m
memory: 128Mi
route:
enabled: false
ha:
enabled: false
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 250m
memory: 128Mi
initialSSHKnownHosts: {}
monitoring:
enabled: false
notifications:
enabled: false
prometheus:
enabled: false
ingress:
enabled: false
route:
enabled: false
rbac:
defaultPolicy: ""
policy: |-
g, system:cluster-admins, role:admin
g, cluster-admins, role:admin
scopes: '[groups]'
redis:
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 250m
memory: 128Mi
repo:
initContainers:
- command:
- bash
- -c
- cat /var/run/kube-root-ca/ca.crt /var/run/trusted-ca/ca-bundle.crt /var/run/trusted-hub/hub-kube-root-ca.crt > /tmp/ca-bundles/ca-bundle.crt
|| true
image: registry.redhat.io/ubi9/ubi-minimal:latest
name: fetch-ca
resources: {}
volumeMounts:
- mountPath: /var/run/kube-root-ca
name: kube-root-ca
- mountPath: /var/run/trusted-ca
name: trusted-ca-bundle
- mountPath: /var/run/trusted-hub
name: trusted-hub-bundle
- mountPath: /tmp/ca-bundles
name: ca-bundles
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 250m
memory: 256Mi
volumeMounts:
- mountPath: /etc/pki/tls/certs
name: ca-bundles
volumes:
- configMap:
name: kube-root-ca.crt
name: kube-root-ca
- configMap:
name: trusted-ca-bundle
optional: true
name: trusted-ca-bundle
- configMap:
name: trusted-hub-bundle
optional: true
name: trusted-hub-bundle
- emptyDir: {}
name: ca-bundles
resourceExclusions: |-
- apiGroups:
- tekton.dev
clusters:
- '*'
kinds:
- TaskRun
- PipelineRun
server:
autoscale:
enabled: false
grpc:
ingress:
enabled: false
ingress:
enabled: false
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 125m
memory: 128Mi
route:
enabled: true
service:
type: ""
sso:
dex:
openShiftOAuth: true
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 250m
memory: 128Mi
provider: dex
tls:
ca: {}
Loading

0 comments on commit 7277ddf

Please sign in to comment.