{"id":18637029,"url":"https://github.com/openshift/managed-cluster-config","last_synced_at":"2026-01-27T17:36:44.963Z","repository":{"id":37493140,"uuid":"172795545","full_name":"openshift/managed-cluster-config","owner":"openshift","description":"Static deployable artifacts for managed OSD clusters","archived":false,"fork":false,"pushed_at":"2024-10-29T12:48:07.000Z","size":69539,"stargazers_count":55,"open_issues_count":12,"forks_count":206,"subscribers_count":42,"default_branch":"master","last_synced_at":"2024-10-29T15:17:02.597Z","etag":null,"topics":["osdv4"],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/openshift.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-02-26T21:44:58.000Z","updated_at":"2024-10-29T12:48:14.000Z","dependencies_parsed_at":"2023-09-21T21:34:12.219Z","dependency_job_id":"778886a7-62ac-4ad7-977f-79289277b713","html_url":"https://github.com/openshift/managed-cluster-config","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fmanaged-cluster-config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fmanaged-cluster-config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fmanaged-cluster-config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fmanaged-cluster-config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/openshift","download_url":"https://codeload.github.com/openshift/managed-cluster-config/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239433908,"owners_count":19637806,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["osdv4"],"created_at":"2024-11-07T05:32:42.201Z","updated_at":"2026-01-27T17:36:44.957Z","avatar_url":"https://github.com/openshift.png","language":"HTML","readme":"# managed-cluster-config repository\n\nThis repo contains static configuration specific to a \"managed\" OpenShift Dedicated (OSD) cluster.\n## How to use this repo\nhttps://issues.redhat.com/browse/SDE-2786 has change the repo slightly: /deploy holds the sources of truth, and /generated_deploy holds the configurations that will be applied by Hive.\nTo add a new SelectorSyncSet, add your yaml manifest to the `deploy` dir, then run the `make` command.\n\nAlternatively you can enable GitHub Actions on your fork and `make` will be ran automatically. Additionally,\nthe action will create a new commit with the generated files.\n\nTo add an ACM (Governance) Policy\n- If the manifest of the object you want to convert to policy already exists in `deploy` : in the object config.yaml, add a field `policy: `destination: \"acm-policies\"` (example: https://github.com/openshift/managed-cluster-config/blob/master/deploy/backplane/cee/config.yaml) \n- If the manifest of the object does not exist: add your manifests with a config.yaml file. If you only want this object to be deployed as Policy, see [this example](https://github.com/openshift/managed-cluster-config/tree/bad140663d088cbce06edaf2527f69651db5a80b/deploy/hs-mgmt-route-monitor-operator)\n\n`make` will look for `config.yaml` files, runs it with the PolicyGenerator binary and save the output to `generated_deploy/acm-policies` directory. `make` will then automatically\nadd the policy as a new SelectorySyncSet.\n\n# Building\n\n## Dependencies\n\n- oyaml: `pip install oyaml`\n\n# Configuration\n\nAll resources in `generated_deploy/` are bundled into a template that is used by config management to apply to target \"hive\" clusters.  The configuration is deployed to the \"hive\" cluster inside a SelectorSyncSet.\n\nSelectorSyncSet deployment supports resources that are synced down to OSD clusters.  Each are explained in detail here.  The general configuration is managed in a `config.yaml` file in each deploy directory.  Key things of note:\n\n* This file is now mandatory in the scope of OSD-15267 and have been added to all folders. In case it is not define, `make` will fail\n```\n+ scripts/generate_template.py -t scripts/templates/ -y deploy -d /Users/bdematte/git/managed-cluster-config/hack/ -r managed-cluster-config\nERROR : Missing config.yaml for resource defined in deploy/acm-policies\nSome config.yaml files are missing, exiting...\nmake: *** [generate-hive-templates] Error 1\n```\n* Configuration is _not_ inherited by sub-directories!  Every (EVERY) directory in the `deploy/` hierarchy must define a `config.yaml` file.\n\nYou must specify a `deploymentMode` property in `config.yaml`.\n\n* `deploymentMode` (optional, default = `\"SelectorSyncSet\"`) - either \"Policy\" or \"SelectorSyncSet\".\n\n## Direct Deployment\n\nDirect deployments to Hive clusters should be done via [app-interface](https://gitlab.cee.redhat.com/service/app-interface#manage-openshift-resources-via-app-interface-openshiftnamespace-1yml).\n\n## SelectorSyncSet Deployment\n\nIn the `config.yaml` file you define a top level property `selectorSyncSet`.  Within this configuration is supported for `matchLabels`, `matchExpressions`, `matchLabelsApplyMode`, `resourceApplyMode` and `applyBehavior`.\n\n* `matchLabels` (optional, default: `{}`) - adds additional `matchLabels` conditions to the SelectorSyncSet's `clusterDeploymentSelector`\n* `matchExpressions` (optional, default: `[]`) - adds `matchExpressions` conditions to the SelectoSyncSet's `clusterDeploymentSelector`\n* `resourceApplyMode` (optional, default: `\"Sync\"`) - sets the SelectorSyncSet's `resourceApplyMode`\n* `matchLabelsApplyMode` (optional, default: `\"AND\"`) - When set as `\"OR\"` generates a separate SSS per `matchLabels` conditions. Default behavior creates a single SSS with all `matchLabels` conditions.  This is to tackle a situation where we want to apply configuration for one of many label conditions.\n* `applyBehavior` (optional, default: None, [see hive default](https://github.com/openshift/hive/blob/master/config/crds/hive.openshift.io_selectorsyncsets.yaml)) - sets the SelectorSyncSet's `applyBehavior`\n\nYou can also define a top level property `policy` to specify the behaviour of `./scripts/generate-policy-config.py` for the resource. Supported sub-properties :\n* `complianceType` (optional, default: `\"mustonlyhave\"`, [see operator values](https://github.com/open-cluster-management-io/config-policy-controller/blob/main/api/v1/configurationpolicy_types.go) - select the compliance type for the policy when used by `./scripts/generate-policy-config.py`)\n* `metadataComplianceType` (optional, default: `\"musthave\"`, [see operator values](https://github.com/open-cluster-management-io/config-policy-controller/blob/main/api/v1/configurationpolicy_types.go) - select the compliance type for metadata for the policy when used by `./scripts/generate-policy-config.py`)\n\nExample to apply a directory for any of a set of label conditions using Upsert:\n```yaml\ndeploymentMode: \"SelectorSyncSet\"\nselectorSyncSet:\n    matchLabels:\n        myAwesomeLabel: \"some value\"\n        someOtherLabel: \"something else\"\n    resourceApplyMode: \"Upsert\"\n    matchLabelsApplyMode: \"OR\"\npolicy:\n    complianceType: \"mustonlyhave\"\n    metadataComplianceType: \"musthave\"\n```\n\n# Selector Sync Sets included in this repo\n\n## Prometheus\n\nA set of rules and alerts that SRE requires to ensure a cluster is functioning.  There are two categories of rules and alerts found here:\n\n1. SRE specific, will never be part of OCP\n2. Temporary addition until made part of OCP\n\n## Prometheus and Alertmanager persistent storage\n\nPersistent storage is configured using the configmap `cluster-monitoring-config`, which is read by the cluster-monitoring-operator to generate PersistentVolumeClaims and attach them to the Prometheus and Alertmanager pods.\n\n## Curated Operators\n\nInitially OSD will support a subset of operators only.  These are managed by patching the OCP shipped OperatorSource CRs.  See `deploy/osd-curated-operators`.\n\nNOTE that ClusterVersion is being patched to add overrides.  If other overrides are needed we'll have to tune how we do this patching.  It must be done along with the OperatorSource patching to ensure CVO doesn't revert the OperatorSource patching.\n\n## Console Branding\n\nIn OSD, managed-cluster-config sets a [key named `branding` to `dedicated`](https://github.com/openshift/managed-cluster-config/blob/master/deploy/osd-console-branding/osd-branding.console.Patch.yaml) in the [Console operator](https://github.com/openshift/api/blob/master/operator/v1/types_console.go#L89-L135). This value is in turn read by code that applies the [logo](https://github.com/openshift/console/blob/1572a985cc0753d7e2630984c5163170765e9487/frontend/public/components/masthead.jsx) and [other branding elements](https://github.com/openshift/console/search?p=2\u0026q=dedicated) predefined for that value.\n\n## OAuth Templates\n\nThe OAuth templates are HTML files that are used to customize the login page of the OpenShift web console. These templates are built from the [oauth-templates](https://github.com/openshift/oauth-templates/) repository. managed-cluster-config overrides the default templates with custom ones that are stored in this repository. To update the templates, refer to the REAMDE in the [OSD](./source/html/osd/README.md) and [ROSA](./source/html/rosa/README.md) directories for more information.\n\n## Resource Quotas\n\nRefer to [deploy/resource-quotas/README.md](deploy/resource-quotas/README.md).\n\n## Image Pruning\n\nDocs TBA.\n\n# Dependencies\n\npyyaml\n\n\n# Additional Scripts\n\nThere are additional scripts in this repo as a holding place for a better place or a better solution / process.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenshift%2Fmanaged-cluster-config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenshift%2Fmanaged-cluster-config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenshift%2Fmanaged-cluster-config/lists"}