README
¶
Governance Policy Propagator 
Description
The governance policy propagator is a controller that watches Policies, PlacementBindings, and PlacementRules. It manages replicated Policies in cluster namespaces based on the PlacementBindings and PlacementRules, and it updates the status on Policies to show aggregated cluster compliance results. This controller is a part of the governance-policy-framework.
The operator watches for changes to trigger a reconcile:
- Changes to Policies in non-cluster namespaces trigger a self reconcile.
- Changes to Policies in cluster namespaces trigger a root Policy reconcile.
- Changes to PlacementBindings trigger reconciles on the subject Policies.
- Changes to PlacementRules trigger reconciles on subject Policies.
Every reconcile does the following:
- Creates/updates/deletes replicated policies in cluster namespaces based on PlacementBinding/PlacementRule results.
- Creates/updates/deletes the policy status to show aggregated cluster compliance results.
Go to the Contributing guide to learn how to get involved.
Getting started
Check the Security guide if you need to report a security issue.
Changes to the deploy YAML files
The YAML files in the deploy directory are autogenerated by Kubebuilder and Kustomize. After code
changes that affect the YAML files, the YAML files can be regenerated with
make generate-operator-yaml.
Build and deploy locally
You will need kind installed.
- Create the Kind cluster
make kind-bootstrap-cluster-dev - Start the propagator:
- Run in a pod on the cluster:
make build-images make kind-deploy-controller-dev - Run locally:
make run
- Run in a pod on the cluster:
Running tests
make test-dependencies
make test
make e2e-dependencies
make e2e-test
Clean up
make kind-delete-cluster
Updating Deployment resources
Some of the deployment resources are generated by kubebuilder - the crds are generated into ./deploy/crds and the rbac details from kubebuilder comments are compiled into ./deploy/rbac/role.yaml. Other details are managed independently - in particular, the details in ./deploy/manager/manager.yaml. When any of those details need to be changed, the main deployment yaml ./deploy/operator.yaml must be regenerated through the make generate-operator-yaml target. The ./deploy/operator.yaml SHOULD NOT be manually updated.
Configuration
The following environment variables can be set to configure the controller:
CONTROLLER_CONFIG_CONCURRENCY_PER_POLICY- The maximum number of placement decisions that can be processed concurrently per policy. This defaults to5.CONTROLLER_CONFIG_REQUEUE_ERROR_DELAY- The number of minutes to delay before retrying to process a reconcile event after one or more placement decisions failed to be processed. This is not a blocking delay. This defaults to5.CONTROLLER_CONFIG_RETRY_ATTEMPTS- The number of times to retry a failed Kubernetes API call when processing a placement decision. This defaults to3.
References
- The
governance-policy-propagatoris part of theopen-cluster-managementcommunity. For more information, visit: open-cluster-management.io.
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
api
|
|
|
v1
Package v1 contains API Schema definitions for the policy v1 API group +kubebuilder:object:generate=true +groupName=policy.open-cluster-management.io
|
Package v1 contains API Schema definitions for the policy v1 API group +kubebuilder:object:generate=true +groupName=policy.open-cluster-management.io |
|
v1beta1
Package v1beta1 contains API Schema definitions for the policy v1beta1 API group +kubebuilder:object:generate=true +groupName=policy.open-cluster-management.io
|
Package v1beta1 contains API Schema definitions for the policy v1beta1 API group +kubebuilder:object:generate=true +groupName=policy.open-cluster-management.io |
|
controllers
|
|
|
test
|
|