Closed nastacio closed 12 months ago
Looking into RHACM docs, there is a way to copy data from the hub cluster to the managed clusters: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.8/html/governance/governance#template-comparison-table).
Note the {{hub ... hub}}
notation.
In that sense, a Policy like this copies a Secret from the hub to a managed cluster (I just tested it) :
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
name: entkey-test
namespace: openshift-gitops
annotations:
policy.open-cluster-management.io/categories: CM Configuration Management
policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
policy.open-cluster-management.io/standards: NIST SP 800-53
spec:
disabled: false
policy-templates:
- objectDefinition:
apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: policy-entkey
spec:
namespaceSelector:
exclude:
- kube-*
include:
- default
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: v1
data:
.dockerconfigjson: '{{hub index (lookup "v1" "Secret" "openshift-gitops"
"ibm-entitlement-key").data ".dockerconfigjson" hub}}'
kind: Secret
metadata:
name: ibm-entitled-key
namespace: openshift-gitops
type: kubernetes.io/dockerconfigjson
remediationAction: inform
severity: low
remediationAction: enforce
With the previous comment, the solution to this issue would be:
ibm-entitlement-key
in the openshift-gitops
namespace. That is already a requirement in the install.md page for other clusters, so we can just copy that entire block.rhacm-seeds
project, bound using a file similar to placement-cp-shared.yaml
:tada: This issue has been resolved in version 0.30.4 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
Describe the bug The RHACM policies for Cloud Paks deploy OpenShift GitOps and Cloud Paks to clusters, but not the IBM entitlement key.
To Reproduce N/A
Expected behavior The policies should copy the IBM entitlement key from the RHACM cluster to the labeled clusters before adding the
Application
resources for the respective Cloud Paks to the clusters.Screenshots If applicable, add screenshots to help explain your problem.
Additional context Add any other context about the problem here.