fix acm policies without clustergroup label#19
Merged
mbaldessari merged 2 commits intovalidatedpatterns:mainfrom Oct 1, 2025
Merged
Conversation
Contributor
mbaldessari
commented
Oct 1, 2025
mbaldessari
commented
- Use clustergroups on all policies
- Drop dependencies and make the configmaps non-optional
We don't want any policy that applies to just any cluster.
We need to make sure that every policy is tight to some
managedClusterGroup.
This way we avoid pushing stuff on clusters imported to ACM
that have nothing to do with the patterns.
We do this by creating a small template to support all the
existing ways to set labels.
Tested as follows:
1. Deployed one hub and 4 spokes. Three group-one spokes and one
group-two spokes via stock mcg -> All policies green and spokes
correctly deployed everywhere
2. Deployed one hub and 4 spokes via a private git repo.
Three group-one spokes and one group-two spokes via stock mcg ->
All policies green and spokes correctly deployed everywhere
Fixes: validatedpatterns#16
The dependencies were introduces so that the spoke cluster would have all the right CAs from the hub, before creating the argo instance. More often than not though these policy dependencies show up as yellow for no clear reason (the dependencies show Compliant but the main policy says it is not compliant due to the dependencies not being compliant) So let's drop the dependencies and make the volume mounts for the argo initcontainers non-optional. This way argo won't start until the configmaps with the hub CAs are in place and we avoid this more complex way of managing policies.
mhjacks
approved these changes
Oct 1, 2025
mhjacks
left a comment
mhjacks
left a comment
There was a problem hiding this comment.
This deployed cleanly on the ramendr-starter-kit pattern, which uses 2 clustergroups. LGTM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.