Policy framework

After the cluster manager and klusterlet are installed, you can install the policy framework components to the hub and the managed clusters.

You must meet the following prerequisites to install the policy framework:

• Ensure kubectl and kustomize are installed.

• Ensure Golang is installed, if you are planning to install from the source.

• Prepare one Kubernetes cluster to function as the hub cluster. For example, use kind to create a hub cluster. To use kind, you must install and run Docker.

• Ensure the open-cluster-management cluster manager is installed. See Cluster Manager for more information.

• Ensure the open-cluster-management klusterlet is installed. See Klusterlet for more information.

• Ensure the open-cluster-management application is installed. See Application management for more information.

Complete the following steps to install the policy framework from prebuild images on Quay.io:

1. Clone the governance-policy-framework repository:

   git clone https://github.com/open-cluster-management/governance-policy-framework.git
   

2. Deploy the policy framework components to the hub cluster with the following commands:

   kubectl config use-context <hub cluster context> # kubectl config use-context kind-hub
   cd governance-policy-framework
   make deploy-community-policy-framework-hub
   

   • The previous command deploys the policy-propagator.

3. Ensure the pods are running on hub with the following command:

   $ kubectl get pods -n open-cluster-management 
   NAME                                           READY   STATUS    RESTARTS   AGE
   governance-policy-propagator-8c77f7f5f-kthvh   1/1     Running   0          94s
   

4. Export the hub cluster kubeconfig with the following command:

   For kind cluster:

   kind get kubeconfig --name <cluster name> --internal > $PWD/kubeconfig_hub
   

   For non-kind clusters:

   kubectl config view --context=<hub cluster context> --minify --flatten > $PWD/kubeconfig_hub
   

5. Deploy the policy framework components to the managed cluster. Run the following commands:

   export MANAGED_CLUSTER_NAME=<managed cluster name> # export MANAGED_CLUSTER_NAME=cluster1
   kubectl config use-context <managed cluster context> # kubectl config use-context kind-$MANAGED_CLUSTER_NAME
   kubectl create ns open-cluster-management-agent-addon
   kubectl -n open-cluster-management-agent-addon create secret generic hub-kubeconfig --from-file=kubeconfig=$PWD/kubeconfig_hub
   make deploy-community-policy-framework-managed
   

   • The previous command deploy following components:
     • policy-spec-sync
     • policy-status-sync
     • policy-template-sync

6. Verify that the pods are running with the following command:

   $ kubectl get pods -n open-cluster-management-agent-addon 
   NAME                                               READY   STATUS    RESTARTS   AGE
   governance-policy-spec-sync-6474b6d898-tmkw6       1/1     Running   0          2m14s
   governance-policy-status-sync-84cbb795df-pgbgt     1/1     Running   0          2m14s
   governance-policy-template-sync-759b9b556f-mx46t   1/1     Running   0          2m14s