Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/open-cluster-management-io/policy-generator-plugin

A Kustomize generator plugin to generate Open Cluster Management policies
https://github.com/open-cluster-management-io/policy-generator-plugin

Last synced: 26 days ago
JSON representation

A Kustomize generator plugin to generate Open Cluster Management policies

Awesome Lists containing this project

README

        

# Policy Generator

## Overview

The Policy Generator constructs Open Cluster Management policies from Kubernetes YAML files provided through a
PolicyGenerator Custom Resource. The Policy Generator is a binary compiled for use as a
[kustomize](https://kustomize.io/) exec plugin.

- [Installing the Policy Generator](#installing-the-policy-generator)
- [Prerequisite](#prerequisite)
- [Install the binary](#install-the-binary)
- [Download a released version](#download-a-released-version)
- [Using `go install` (available for `v1.11.0` and higher)](#using-go-install-available-for-v1110-and-higher)
- [Build from source](#build-from-source)
- [Using the Policy Generator](#using-the-policy-generator)
- [As a Kustomize plugin](#as-a-kustomize-plugin)
- [As a standalone binary](#as-a-standalone-binary)
- [Additional Policy Generator references](#additional-policy-generator-references)

For more about Open Cluster Management and its Policy Framework:

- [Open Cluster Management website](https://open-cluster-management.io/)
- [Governance Policy Framework](https://open-cluster-management.io/getting-started/integration/policy-framework/)
- [Policy Collection repository](https://github.com/open-cluster-management-io/policy-collection)

## Install the Policy Generator

### Prerequisite

Create the plugin directory (optional if using the generator without Kustomize):

```bash
mkdir -p ${HOME}/.config/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator
```

**NOTE:** The default directory for Kustomize plugins is `${HOME}/.config/kustomize/plugin/`, which is used directly in
this readme. You can change this by exporting `KUSTOMIZE_PLUGIN_HOME` to a different path and updating the root of the
paths used in this document.

### Install the binary

#### Download a released version

1. Download the precompiled plugin binary from the
[release](https://github.com/open-cluster-management-io/policy-generator-plugin/releases) of your choice.

2. Make the binary executable and move the binary to the plugin directory:

- Linux:

```bash
chmod +x linux-amd64-PolicyGenerator
mv linux-amd64-PolicyGenerator ${HOME}/.config/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator/PolicyGenerator
```

- MacOS:
```bash
chmod +x darwin-amd64-PolicyGenerator
mv darwin-amd64-PolicyGenerator ${HOME}/.config/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator/PolicyGenerator
```

#### Use `go install` (available for `v1.11.0` and higher)

Set the `GOBIN` to the plugin directory and specify the desired version (this command uses `latest`):

```bash
GOBIN=${HOME}/.config/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator \
go install open-cluster-management.io/policy-generator-plugin/cmd/PolicyGenerator@latest
```

#### Build from source

```bash
make build
```

**NOTE:**

- This defaults to placing the binary in the Kustomize default plugin directory `${HOME}/.config/kustomize/plugin/`. You
can change this by exporting `KUSTOMIZE_PLUGIN_HOME` to a different path.
- Alternatively, you can run `make build-binary` to place the binary at the root of the repository and either use it
directly from there or move it to the plugin directory to use with Kustomize.

## Using the Policy Generator

### As a Kustomize plugin

1. Create a `kustomization.yaml` file that points to `PolicyGenerator` manifest(s), with any additional desired patches
or customizations (see [`examples/policyGenerator.yaml`](./examples/policyGenerator.yaml) for an example):

```yaml
generators:
- path/to/generator/file.yaml
```

- To read more about the `PolicyGenerator` YAML structure, see the
[Policy Generator reference YAML](./docs/policygenerator-reference.yaml)

2. To use the plugin to generate policies, run the Kustomize build command from any directory with a
`kustomization.yaml` file pointing to `PolicyGenerator` manifests:
```bash
kustomize build --enable-alpha-plugins
```

**NOTE:** To enable Helm processing when passing a Kustomize directory into the generator, set
the environment variable `POLICY_GEN_ENABLE_HELM` to `"true"`. If the Helm directory is outside of the Kustomize path,
you may set the environment variable `POLICY_GEN_DISABLE_LOAD_RESTRICTORS` to `"true"`.

### As a standalone binary

In order to bypass Kustomize and run the generator binary directly, change to the directory of PolicyGenerator
manifest(s) and run the binary with the manifest(s) as the input arguments:

```bash
path/to/PolicyGenerator ...
```

For example:

```bash
make build-binary # This places the binary at the root of the repo, so this is optional if it was done previously
cd examples
../PolicyGenerator policyGenerator.yaml
```

**NOTE:**
- To print the trace in the case of an error, you can add the `--debug` flag to the arguments.
- To enable Helm processing when passing a Kustomize directory into the generator, set
the environment variable `POLICY_GEN_ENABLE_HELM` to `"true"`. If the Helm directory is outside of the Kustomize path,
you may set the environment variable `POLICY_GEN_DISABLE_LOAD_RESTRICTORS` to `"true"`.

## Additional Policy Generator references

- [Policy Generator reference YAML](./docs/policygenerator-reference.yaml)
- [Policy Generator technical documentation](./docs/policygenerator.md)