README
¶
To run it on a standalone kubernetes cluster
- Configure
kubectlto point to a kubernetes cluster - Run following command to apply
trustednodepolicies.policies.ibm.comCRD
kubectl apply -f deploy/crds/deploy/crds/policies.ibm.com_samplepolicies_crd.yaml
- Run following command to update clusterrolebinding required by
Trusted Container Policy Controller. Replace<namespace>in the command with the namespace where the controller is going to be deployed.
sed -i "" 's|namespace: default|namespace: <namespace>|g' deploy/cluster_role_binding.yaml
- Run following command to deploy
Trusted Container Policy Controller
kubectl apply -f deploy/
- Run following command to create a sample trusted container policy
kubectl apply -f deploy/crds/policies.ibm.com_samplepolicies_cr.yaml
- Label a node with
trusted=falseor use intel secl k8s controller to do so. This will trigger an event.
To run it with IBM Multicloud Manager
- Repeat step 1 to 4 on the managed cluster. Make sure you deploy them to cluster namespace. The namespace name is usually your cluster name
- Run following command to create a MCM policy on hub cluster
kubectl -n <namespace> apply -f deploy/crds/mcm-trustednodepolicy.yaml
- Run step 6 on managed cluster to generate a violation
- Then you should be able to see the policy and violation status on MCM console
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
pkg
|
|
|
apis/policies
Package policies contains policies API versions.
|
Package policies contains policies API versions. |
|
apis/policies/v1alpha1
Package v1alpha1 contains API Schema definitions for the policies v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=policies.ibm.com
|
Package v1alpha1 contains API Schema definitions for the policies v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=policies.ibm.com |
Click to show internal directories.
Click to hide internal directories.