This example (WIP) will show ACM Gatekeeper Integration
As a prerequisite execute the setup-gitops folder.
It will create an ArgoCD Instance on the Hub-Cluster in a namespace called 'policies' and create ACM-Policies which are wrapping Gatekeeper Policies
The following features are highlighted
- Dependency between policies
- First Gatekeeper will be installed
- then an instance will be configured and namespaces excluded
- we check Gatekeeper is running fine
- then we install a Gatekeeper-library
- then we install Custom Contraint Templates
- then we install a Custom Contraint
- Policy Templates, e.g. we check only Kubernetes Clusters with a certain version
- Placement. Gatekeeper-Files will be distributed to all Clusters with a Certain label Gatekeeper Operator and Contraints will be installed on any ManagedCluster with label gatekeeper=true
All configuration is done in a central file:
https://github.com/stolostron/policy-generator-plugin/blob/main/docs/policygenerator-reference.yaml
With informGatekeeperPolicies: true, the policy expander kicks in and wraps everything in ConfigurationPolicies. Otherwise it leaves it just as a Gatekeeper manifest.