- Configure
kubectl
to point to a kubernetes cluster - Run following command to apply
trustednodepolicies.policies.ibm.com
CRD
kubectl apply -f deploy/crds/deploy/crds/policies.ibm.com_samplepolicies_crd.yaml
- Run following command to update clusterrolebinding required by
Trusted Container Policy Controller
. Replace<namespace>
in the command with the namespace where the controller is going to be deployed.
sed -i "" 's|namespace: default|namespace: <namespace>|g' deploy/cluster_role_binding.yaml
- Run following command to deploy
Trusted Container Policy Controller
kubectl apply -f deploy/
- Run following command to create a sample trusted container policy
kubectl apply -f deploy/crds/policies.ibm.com_samplepolicies_cr.yaml
- Label a node with
trusted=false
or use intel secl k8s controller to do so. This will trigger an event.
- Repeat step 1 to 4 on the managed cluster. Make sure you deploy them to cluster namespace. The namespace name is usually your cluster name
- Run following command to create a MCM policy on hub cluster
kubectl -n <namespace> apply -f deploy/crds/mcm-trustednodepolicy.yaml
- Run step 6 on managed cluster to generate a violation
- Then you should be able to see the policy and violation status on MCM console