The governance policy propagator is a controller that watches Policies
, PlacementBindings
, and PlacementRules
. It manages replicated Policies in cluster namespaces based on the PlacementBindings and PlacementRules, and it updates the status on Policies to show aggregated cluster compliance results. This controller is a part of the governance-policy-framework.
The operator watches for changes to trigger a reconcile:
- Changes to Policies in non-cluster namespaces trigger a self reconcile.
- Changes to Policies in cluster namespaces trigger a root Policy reconcile.
- Changes to PlacementBindings trigger reconciles on the subject Policies.
- Changes to PlacementRules trigger reconciles on subject Policies.
Every reconcile does the following:
- Creates/updates/deletes replicated policies in cluster namespaces based on PlacementBinding/PlacementRule results.
- Creates/updates/deletes the policy status to show aggregated cluster compliance results.
Go to the Contributing guide to learn how to get involved.
Check the Security guide if you need to report a security issue.
You will need kind installed.
make kind-bootstrap-cluster-dev
make build-images
make kind-deploy-controller-dev
make test-dependencies
make test
make e2e-dependencies
make e2e-test
make kind-delete-cluster
- The
governance-policy-propagator
is part of theopen-cluster-management
community. For more information, visit: open-cluster-management.io.