You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: docs/resources/custom_policy.md
+34-31
Original file line number
Diff line number
Diff line change
@@ -1,17 +1,17 @@
1
1
---
2
2
Title: "Custom Policy Resource"
3
3
Description: |-
4
-
Creating the Tanzu Kubernetes custom policy resource.
4
+
Creating the Tanzu Kubernetes custom policy resource.
5
5
---
6
6
7
7
# Custom Policy
8
8
9
9
The `tanzu-mission-control_custom_policy` resource enables you to attach one of the pre-defined custom policy recipes to a particular scope for management through Tanzu Mission Control.
10
10
11
-
12
11
## Input Recipe
13
12
14
13
In the Tanzu Mission Control custom policy resource, there are six system defined types of custom templates that you can use:
14
+
15
15
-**tmc-block-nodeport-service**
16
16
-**tmc-block-resources**
17
17
-**tmc-block-rolebinding-subjects**
@@ -23,6 +23,7 @@ In the Tanzu Mission Control custom policy resource, there are six system define
23
23
## Policy Scope and Inheritance
24
24
25
25
In the Tanzu Mission Control resource hierarchy, there are three levels at which you can specify custom policy resources:
26
+
26
27
-**organization** - `organization` block under `scope` sub-resource
27
28
-**object groups** - `cluster_group` block under `scope` sub-resource
28
29
-**Kubernetes objects** - `cluster` block under `scope` sub-resource
-`scope` (Block List, Min: 1, Max: 1) Scope for the custom, security, image, network, namespace quota and mutation policy, having one of the valid scopes for custom, security, mutation, and namespace quota policy: cluster, cluster_group or organization and valid scopes for image and network policy: workspace or organization. (see [below for nested schema](#nestedblock--scope))
1302
+
-`scope` (Block List, Min: 1, Max: 1) Scope for the custom, security, image, network and namespace quota policy, having one of the valid scopes for custom, security and namespace quota policy: cluster, cluster_group or organization and valid scopes for image and network policy: workspace or organization. (see [below for nested schema](#nestedblock--scope))
1301
1303
-`spec` (Block List, Min: 1, Max: 1) Spec for the custom policy (see [below for nested schema](#nestedblock--spec))
-`workspace` (Block List, Max: 1) The schema for workspace policy full name (see [below for nested schema](#nestedblock--scope--workspace))
1320
1323
1321
1324
<aid="nestedblock--scope--cluster"></a>
1325
+
1322
1326
### Nested Schema for `scope.cluster`
1323
1327
1324
1328
Required:
@@ -1330,33 +1334,32 @@ Optional:
1330
1334
-`management_cluster_name` (String) Name of the management cluster
1331
1335
-`provisioner_name` (String) Provisioner of the cluster
1332
1336
1333
-
1334
1337
<aid="nestedblock--scope--cluster_group"></a>
1338
+
1335
1339
### Nested Schema for `scope.cluster_group`
1336
1340
1337
1341
Required:
1338
1342
1339
1343
-`cluster_group` (String) Name of this cluster group
1340
1344
1341
-
1342
1345
<aid="nestedblock--scope--organization"></a>
1346
+
1343
1347
### Nested Schema for `scope.organization`
1344
1348
1345
1349
Required:
1346
1350
1347
1351
-`organization` (String) ID of this organization
1348
1352
1349
-
1350
1353
<aid="nestedblock--scope--workspace"></a>
1354
+
1351
1355
### Nested Schema for `scope.workspace`
1352
1356
1353
1357
Required:
1354
1358
1355
1359
-`workspace` (String) Name of this workspace
1356
1360
1357
-
1358
-
1359
1361
<aid="nestedblock--spec"></a>
1362
+
1360
1363
### Nested Schema for `spec`
1361
1364
1362
1365
Required:
@@ -1368,6 +1371,7 @@ Optional:
1368
1371
-`namespace_selector` (Block List, Max: 1) Label based Namespace Selector for the policy (see [below for nested schema](#nestedblock--spec--namespace_selector))
1369
1372
1370
1373
<aid="nestedblock--spec--input"></a>
1374
+
1371
1375
### Nested Schema for `spec.input`
1372
1376
1373
1377
Optional:
@@ -1381,6 +1385,7 @@ Optional:
1381
1385
-`tmc_require_labels` (Block List, Max: 1) The input schema for custom policy tmc_require_labels recipe version v1 (see [below for nested schema](#nestedblock--spec--input--tmc_require_labels))
### Nested Schema for `spec.input.tmc_require_labels.target_kubernetes_resources`
1572
1578
1573
1579
Required:
1574
1580
1575
1581
-`api_groups` (List of String) APIGroup is a group containing the resource type.
1576
1582
-`kinds` (List of String) Kind is the name of the object schema (resource type).
1577
1583
1578
-
1579
-
1580
-
1581
1584
<aid="nestedblock--spec--namespace_selector"></a>
1585
+
1582
1586
### Nested Schema for `spec.namespace_selector`
1583
1587
1584
1588
Required:
1585
1589
1586
1590
-`match_expressions` (Block List, Min: 1) Match expressions is a list of label selector requirements, the requirements are ANDed (see [below for nested schema](#nestedblock--spec--namespace_selector--match_expressions))
0 commit comments