As part of the Policy sync RFC implementation, a new field in the gateway class params has been added to configure policies to be synced to the spoke clusters, watches are dynamically created for the policies that are included in this field.
Currently the watch events do nothing, add the logic to place the policy using ManifestWorks among the spoke clusters
The placed policy is a copy of the original hub policy with the following changes:
The TargetRef of the policy is changed to reference the downstream Gateway
The kuadrant.io/policy-synced annotation is set
The kuadrant.io/origin-creation: <timestamp> annotation is set, propagating the timestamp of the hub policy
When configuring the gateway class params to include a policy (for example AuthPolicy), any newly created and updated AuthPolicies are placed in the spoke clusters
What
As part of the Policy sync RFC implementation, a new field in the gateway class params has been added to configure policies to be synced to the spoke clusters, watches are dynamically created for the policies that are included in this field.
Currently the watch events do nothing, add the logic to place the policy using ManifestWorks among the spoke clusters
The placed policy is a copy of the original hub policy with the following changes:
kuadrant.io/policy-synced
annotation is setkuadrant.io/origin-creation: <timestamp>
annotation is set, propagating the timestamp of the hub policySee Policy sync RFC for more details
Done