telco-hub: alertmanager route copy policy

Author: abraham2512

telco-hub/configuration/reference-crs/required/acm/acmAlertmanagerRouteCopy.yaml

@@ -0,0 +1,66 @@
+---
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+    annotations:
+        policy.open-cluster-management.io/categories: CM Configuration Management
+        policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
+        policy.open-cluster-management.io/standards: NIST SP 800-53
+        ran.openshift.io/ztp-deploy-wave: "1"
+    name: copy-acm-route
+    namespace: open-cluster-management-observability
+spec:
+    remediationAction: enforce
+    disabled: false
+    policy-templates:
+        - objectDefinition:
+              apiVersion: policy.open-cluster-management.io/v1
+              kind: ConfigurationPolicy
+              metadata:
+                  name: copy-acm-route
+              spec:
+                  remediationAction: enforce
+                  severity: low
+                  namespaceselector:
+                      exclude:
+                          - kube-*
+                      include:
+                          - '*'
+                  object-templates-raw: |
+                    {{- range (lookup "cluster.open-cluster-management.io/v1" "ManagedCluster" "" "").items }}
+                    - metadataComplianceType: musthave
+                      objectDefinition:
+                        apiVersion: cluster.open-cluster-management.io/v1
+                        kind: ManagedCluster
+                        metadata:
+                          name: {{ .metadata.name }}
+                          annotations:
+                            acm-alertmanager-route: '{{ (lookup "route.openshift.io/v1" "Route" "open-cluster-management-observability" "alertmanager").spec.host }}'
+                    {{- end }}
+---
+apiVersion: apps.open-cluster-management.io/v1
+kind: PlacementRule
+metadata:
+    name: acm-route-copy-placementrules
+    namespace: open-cluster-management-observability
+spec:
+    clusterSelector:
+        matchExpressions:
+            - key: local-cluster
+              operator: In
+              values:
+                  - "true"
+---
+apiVersion: policy.open-cluster-management.io/v1
+kind: PlacementBinding
+metadata:
+    name: acm-route-copy-placementbinding
+    namespace: open-cluster-management-observability
+placementRef:
+    name: acm-route-copy-placementrules
+    kind: PlacementRule
+    apiGroup: apps.open-cluster-management.io
+subjects:
+    - name: copy-acm-route
+      kind: Policy
+      apiGroup: policy.open-cluster-management.io

telco-hub/configuration/reference-crs/required/acm/observabilityRoutePolicy.yaml

@@ -0,0 +1,66 @@
+---
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+    annotations:
+        policy.open-cluster-management.io/categories: CM Configuration Management
+        policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
+        policy.open-cluster-management.io/standards: NIST SP 800-53
+        ran.openshift.io/ztp-deploy-wave: "1"
+    name: copy-acm-route
+    namespace: open-cluster-management-observability
+spec:
+    remediationAction: enforce
+    disabled: false
+    policy-templates:
+        - objectDefinition:
+              apiVersion: policy.open-cluster-management.io/v1
+              kind: ConfigurationPolicy
+              metadata:
+                  name: copy-acm-route
+              spec:
+                  remediationAction: enforce
+                  severity: low
+                  namespaceselector:
+                      exclude:
+                          - kube-*
+                      include:
+                          - '*'
+                  object-templates-raw: |
+                    {{- range (lookup "cluster.open-cluster-management.io/v1" "ManagedCluster" "" "").items }}
+                    - metadataComplianceType: musthave
+                      objectDefinition:
+                        apiVersion: cluster.open-cluster-management.io/v1
+                        kind: ManagedCluster
+                        metadata:
+                          name: {{ .metadata.name }}
+                          annotations:
+                            acm-alertmanager-route: '{{ (lookup "route.openshift.io/v1" "Route" "open-cluster-management-observability" "alertmanager").spec.host }}'
+                    {{- end }}
+---
+apiVersion: apps.open-cluster-management.io/v1
+kind: PlacementRule
+metadata:
+    name: acm-route-copy-placementrules
+    namespace: open-cluster-management-observability
+spec:
+    clusterSelector:
+        matchExpressions:
+            - key: local-cluster
+              operator: In
+              values:
+                  - "true"
+---
+apiVersion: policy.open-cluster-management.io/v1
+kind: PlacementBinding
+metadata:
+    name: acm-route-copy-placementbinding
+    namespace: open-cluster-management-observability
+placementRef:
+    name: acm-route-copy-placementrules
+    kind: PlacementRule
+    apiGroup: apps.open-cluster-management.io
+subjects:
+    - name: copy-acm-route
+      kind: Policy
+      apiGroup: policy.open-cluster-management.io