diff --git a/Makefile b/Makefile
index c1a7d04763..7c6bb234e0 100644
--- a/Makefile
+++ b/Makefile
@@ -58,7 +58,7 @@ OC := $(CONTAINER_ENGINE) run $(CONTAINER_RUN_FLAGS) quay.io/openshift/origin-cl
endif
.PHONY: default
-default: enforce-backplane-rules generate-oauth-templates generate-rosa-brand-logo generate-hive-templates
+default: enforce-backplane-rules generate-oauth-templates generate-hive-templates
.PHONY: generate-oauth-templates
generate-oauth-templates:
@@ -70,10 +70,6 @@ generate-oauth-templates:
$(OC) create secret generic rosa-oauth-templates-$$TYPE -n openshift-config --from-file=$$TYPE.html=source/html/rosa/$$TYPE.html -o yaml > deploy/rosa-oauth-templates-$$TYPE/rosa-oauth-templates-$$TYPE.secret.yaml; \
done
-.PHONY: generate-rosa-brand-logo
-generate-rosa-brand-logo:
- $(OC) create configmap rosa-brand-logo -n openshift-config --from-file source/html/rosa/rosa-brand-logo.svg -o yaml > deploy/rosa-console-branding-configmap/rosa-brand-logo.yaml
-
.PHONY: generate-hive-templates
generate-hive-templates: generate-oauth-templates
if [ -z ${IN_CONTAINER} ]; then \
diff --git a/deploy/acm-policies/50-GENERATED-.Policy.yaml b/deploy/acm-policies/50-GENERATED-.Policy.yaml
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/deploy/acm-policies/50-GENERATED-rosa-console-branding-configmap.Policy.yaml b/deploy/acm-policies/50-GENERATED-rosa-console-branding-configmap.Policy.yaml
deleted file mode 100644
index fbb364bd87..0000000000
--- a/deploy/acm-policies/50-GENERATED-rosa-console-branding-configmap.Policy.yaml
+++ /dev/null
@@ -1,163 +0,0 @@
----
-apiVersion: policy.open-cluster-management.io/v1
-kind: Policy
-metadata:
- annotations:
- policy.open-cluster-management.io/categories: CM Configuration Management
- policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
- policy.open-cluster-management.io/standards: NIST SP 800-53
- name: rosa-console-branding-configmap
- namespace: openshift-acm-policies
-spec:
- disabled: false
- policy-templates:
- - objectDefinition:
- apiVersion: policy.open-cluster-management.io/v1
- kind: ConfigurationPolicy
- metadata:
- name: rosa-console-branding-configmap
- spec:
- evaluationInterval:
- compliant: 2h
- noncompliant: 45s
- object-templates:
- - complianceType: mustonlyhave
- metadataComplianceType: musthave
- objectDefinition:
- apiVersion: v1
- data:
- rosa-brand-logo.svg: |
-
-
-
- kind: ConfigMap
- metadata:
- creationTimestamp: null
- name: rosa-brand-logo
- namespace: openshift-config
- pruneObjectBehavior: DeleteIfCreated
- remediationAction: enforce
- severity: low
- remediationAction: enforce
----
-apiVersion: apps.open-cluster-management.io/v1
-kind: PlacementRule
-metadata:
- name: placement-rosa-console-branding-configmap
- namespace: openshift-acm-policies
-spec:
- clusterSelector:
- matchExpressions:
- - key: hypershift.open-cluster-management.io/hosted-cluster
- operator: In
- values:
- - "true"
----
-apiVersion: policy.open-cluster-management.io/v1
-kind: PlacementBinding
-metadata:
- name: binding-rosa-console-branding-configmap
- namespace: openshift-acm-policies
-placementRef:
- apiGroup: apps.open-cluster-management.io
- kind: PlacementRule
- name: placement-rosa-console-branding-configmap
-subjects:
- - apiGroup: policy.open-cluster-management.io
- kind: Policy
- name: rosa-console-branding-configmap
diff --git a/deploy/acm-policies/50-GENERATED-rosa-console-branding.Policy.yaml b/deploy/acm-policies/50-GENERATED-rosa-console-branding.Policy.yaml
index 3eeae253a2..6b2197b304 100644
--- a/deploy/acm-policies/50-GENERATED-rosa-console-branding.Policy.yaml
+++ b/deploy/acm-policies/50-GENERATED-rosa-console-branding.Policy.yaml
@@ -30,11 +30,7 @@ spec:
name: cluster
spec:
customization:
- brand: null
- customLogoFile:
- key: rosa-brand-logo.svg
- name: rosa-brand-logo
- customProductName: Red Hat OpenShift Service on AWS
+ brand: ROSA
documentationBaseURL: https://docs.openshift.com/rosa/
managementState: Managed
route: null
diff --git a/deploy/acm-policies/50-GENERATED-rosa-ingress-certificate-check.Policy.yaml b/deploy/acm-policies/50-GENERATED-rosa-ingress-certificate-check.Policy.yaml
deleted file mode 100644
index bd7d2327f1..0000000000
--- a/deploy/acm-policies/50-GENERATED-rosa-ingress-certificate-check.Policy.yaml
+++ /dev/null
@@ -1,62 +0,0 @@
----
-apiVersion: policy.open-cluster-management.io/v1
-kind: Policy
-metadata:
- annotations:
- policy.open-cluster-management.io/categories: CM Configuration Management
- policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
- policy.open-cluster-management.io/standards: NIST SP 800-53
- name: rosa-ingress-certificate-check
- namespace: openshift-acm-policies
-spec:
- disabled: false
- policy-templates:
- - objectDefinition:
- apiVersion: policy.open-cluster-management.io/v1
- kind: ConfigurationPolicy
- metadata:
- name: rosa-ingress-controller-check
- spec:
- evaluationInterval:
- compliant: 2h
- noncompliant: 45s
- object-templates:
- - complianceType: musthave
- metadataComplianceType: musthave
- objectDefinition:
- apiVersion: operator.openshift.io/v1
- kind: IngressController
- metadata:
- name: default
- namespace: openshift-ingress-operator
- pruneObjectBehavior: None
- remediationAction: inform
- severity: low
- remediationAction: inform
----
-apiVersion: apps.open-cluster-management.io/v1
-kind: PlacementRule
-metadata:
- name: placement-rosa-ingress-certificate-check
- namespace: openshift-acm-policies
-spec:
- clusterSelector:
- matchExpressions:
- - key: hypershift.open-cluster-management.io/hosted-cluster
- operator: In
- values:
- - "true"
----
-apiVersion: policy.open-cluster-management.io/v1
-kind: PlacementBinding
-metadata:
- name: binding-rosa-ingress-certificate-check
- namespace: openshift-acm-policies
-placementRef:
- apiGroup: apps.open-cluster-management.io
- kind: PlacementRule
- name: placement-rosa-ingress-certificate-check
-subjects:
- - apiGroup: policy.open-cluster-management.io
- kind: Policy
- name: rosa-ingress-certificate-check
diff --git a/deploy/acm-policies/50-GENERATED-rosa-ingress-certificate-policies.Policy.yaml b/deploy/acm-policies/50-GENERATED-rosa-ingress-certificate-policies.Policy.yaml
deleted file mode 100644
index a531178097..0000000000
--- a/deploy/acm-policies/50-GENERATED-rosa-ingress-certificate-policies.Policy.yaml
+++ /dev/null
@@ -1,114 +0,0 @@
----
-apiVersion: policy.open-cluster-management.io/v1
-kind: Policy
-metadata:
- annotations:
- policy.open-cluster-management.io/categories: CM Configuration Management
- policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
- policy.open-cluster-management.io/standards: NIST SP 800-53
- name: rosa-ingress-certificate-policies
- namespace: openshift-acm-policies
-spec:
- disabled: false
- policy-templates:
- - extraDependencies:
- - apiVersion: policy.open-cluster-management.io/v1
- compliance: Compliant
- kind: Policy
- name: rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- objectDefinition:
- apiVersion: policy.open-cluster-management.io/v1
- kind: ConfigurationPolicy
- metadata:
- name: rosa-ingress-controller-policies
- spec:
- evaluationInterval:
- compliant: 2h
- noncompliant: 45s
- object-templates-raw: |
- - complianceType: musthave
- metadataComplianceType: musthave
- objectDefinition:
- apiVersion: operator.openshift.io/v1
- kind: IngressController
- metadata:
- name: default
- namespace: openshift-ingress-operator
- annotations:
- ingress.operator.openshift.io/auto-delete-load-balancer: 'true'
- spec:
- {{hub- if ne (fromConfigMap "openshift-acm-policies" .ManagedClusterName "disable-certificates") "true" hub}}
- defaultCertificate:
- name: '{{hub (printf "%s-primary-cert-bundle-secret" .ManagedClusterName) hub}}'
- {{hub- end hub}}
- {{hub- if ne (lookup "v1" "ConfigMap" "openshift-acm-policies" .ManagedClusterName).data nil hub}}
- endpointPublishingStrategy:
- type: LoadBalancerService
- loadBalancer:
- dnsManagementPolicy: 'Managed'
- scope: '{{hub- if eq (fromConfigMap "openshift-acm-policies" .ManagedClusterName "endpoint-publishing-strategy") "internal" -hub}} Internal {{hub- else -hub}} External {{hub- end -hub}}'
- {{hub- end hub}}
- pruneObjectBehavior: None
- remediationAction: enforce
- severity: low
- - extraDependencies:
- - apiVersion: policy.open-cluster-management.io/v1
- compliance: Compliant
- kind: Policy
- name: rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- objectDefinition:
- apiVersion: policy.open-cluster-management.io/v1
- kind: ConfigurationPolicy
- metadata:
- name: rosa-ingress-certificate-policies
- spec:
- evaluationInterval:
- compliant: 2h
- noncompliant: 45s
- object-templates-raw: |
- {{hub- if ne (fromConfigMap "openshift-acm-policies" .ManagedClusterName "disable-certificates") "true" hub}}
- - complianceType: musthave
- metadataComplianceType: musthave
- objectDefinition:
- apiVersion: v1
- data:
- tls.crt: '{{hub fromSecret "openshift-acm-policies" .ManagedClusterName "tls.crt" hub}}'
- tls.key: '{{hub fromSecret "openshift-acm-policies" .ManagedClusterName "tls.key" hub}}'
- kind: Secret
- metadata:
- name: '{{hub (printf "%s-primary-cert-bundle-secret" .ManagedClusterName) hub}}'
- namespace: openshift-ingress
- {{hub- end hub}}
- pruneObjectBehavior: DeleteIfCreated
- remediationAction: enforce
- severity: low
- remediationAction: enforce
----
-apiVersion: apps.open-cluster-management.io/v1
-kind: PlacementRule
-metadata:
- name: placement-rosa-ingress-certificate-policies
- namespace: openshift-acm-policies
-spec:
- clusterSelector:
- matchExpressions:
- - key: hypershift.open-cluster-management.io/hosted-cluster
- operator: In
- values:
- - "true"
----
-apiVersion: policy.open-cluster-management.io/v1
-kind: PlacementBinding
-metadata:
- name: binding-rosa-ingress-certificate-policies
- namespace: openshift-acm-policies
-placementRef:
- apiGroup: apps.open-cluster-management.io
- kind: PlacementRule
- name: placement-rosa-ingress-certificate-policies
-subjects:
- - apiGroup: policy.open-cluster-management.io
- kind: Policy
- name: rosa-ingress-certificate-policies
diff --git a/deploy/rosa-console-branding-configmap/OWNERS b/deploy/rosa-console-branding-configmap/OWNERS
deleted file mode 100644
index 80fad2f291..0000000000
--- a/deploy/rosa-console-branding-configmap/OWNERS
+++ /dev/null
@@ -1,3 +0,0 @@
-reviewers:
-- boranx
-- cblecker
diff --git a/deploy/rosa-console-branding-configmap/config.yaml b/deploy/rosa-console-branding-configmap/config.yaml
deleted file mode 100644
index 28715e82b7..0000000000
--- a/deploy/rosa-console-branding-configmap/config.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-deploymentMode: "SelectorSyncSet"
-selectorSyncSet:
- matchExpressions:
- - key: api.openshift.com/product
- operator: In
- values: ["rosa"]
- applyBehavior: "CreateOrUpdate"
-policy:
- destination: "acm-policies"
diff --git a/deploy/rosa-console-branding-configmap/rosa-brand-logo.yaml b/deploy/rosa-console-branding-configmap/rosa-brand-logo.yaml
deleted file mode 100644
index f28a3ad3ba..0000000000
--- a/deploy/rosa-console-branding-configmap/rosa-brand-logo.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-apiVersion: v1
-data:
- rosa-brand-logo.svg: "\n\n\n"
-kind: ConfigMap
-metadata:
- creationTimestamp: null
- name: rosa-brand-logo
- namespace: openshift-config
diff --git a/deploy/rosa-console-branding/rosa-branding.Console.yaml b/deploy/rosa-console-branding/rosa-branding.Console.yaml
index f0eb84d589..b6b3cfab05 100644
--- a/deploy/rosa-console-branding/rosa-branding.Console.yaml
+++ b/deploy/rosa-console-branding/rosa-branding.Console.yaml
@@ -6,9 +6,5 @@ spec:
managementState: Managed
route:
customization:
- brand:
+ brand: ROSA
documentationBaseURL: https://docs.openshift.com/rosa/
- customProductName: "Red Hat OpenShift Service on AWS"
- customLogoFile:
- name: rosa-brand-logo
- key: rosa-brand-logo.svg
diff --git a/hack/00-osd-managed-cluster-config-integration.yaml.tmpl b/hack/00-osd-managed-cluster-config-integration.yaml.tmpl
index 23d70cda41..121a3abf6a 100644
--- a/hack/00-osd-managed-cluster-config-integration.yaml.tmpl
+++ b/hack/00-osd-managed-cluster-config-integration.yaml.tmpl
@@ -9863,167 +9863,6 @@ objects:
- apiGroup: policy.open-cluster-management.io
kind: Policy
name: rbac-permissions-operator-config
- - apiVersion: policy.open-cluster-management.io/v1
- kind: Policy
- metadata:
- annotations:
- policy.open-cluster-management.io/categories: CM Configuration Management
- policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
- policy.open-cluster-management.io/standards: NIST SP 800-53
- name: rosa-console-branding-configmap
- namespace: openshift-acm-policies
- spec:
- disabled: false
- policy-templates:
- - objectDefinition:
- apiVersion: policy.open-cluster-management.io/v1
- kind: ConfigurationPolicy
- metadata:
- name: rosa-console-branding-configmap
- spec:
- evaluationInterval:
- compliant: 2h
- noncompliant: 45s
- object-templates:
- - complianceType: mustonlyhave
- metadataComplianceType: musthave
- objectDefinition:
- apiVersion: v1
- data:
- rosa-brand-logo.svg: "\n\n\n"
- kind: ConfigMap
- metadata:
- creationTimestamp: null
- name: rosa-brand-logo
- namespace: openshift-config
- pruneObjectBehavior: DeleteIfCreated
- remediationAction: enforce
- severity: low
- remediationAction: enforce
- - apiVersion: apps.open-cluster-management.io/v1
- kind: PlacementRule
- metadata:
- name: placement-rosa-console-branding-configmap
- namespace: openshift-acm-policies
- spec:
- clusterSelector:
- matchExpressions:
- - key: hypershift.open-cluster-management.io/hosted-cluster
- operator: In
- values:
- - 'true'
- - apiVersion: policy.open-cluster-management.io/v1
- kind: PlacementBinding
- metadata:
- name: binding-rosa-console-branding-configmap
- namespace: openshift-acm-policies
- placementRef:
- apiGroup: apps.open-cluster-management.io
- kind: PlacementRule
- name: placement-rosa-console-branding-configmap
- subjects:
- - apiGroup: policy.open-cluster-management.io
- kind: Policy
- name: rosa-console-branding-configmap
- apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
@@ -10055,11 +9894,7 @@ objects:
name: cluster
spec:
customization:
- brand: null
- customLogoFile:
- key: rosa-brand-logo.svg
- name: rosa-brand-logo
- customProductName: Red Hat OpenShift Service on AWS
+ brand: ROSA
documentationBaseURL: https://docs.openshift.com/rosa/
managementState: Managed
route: null
@@ -10092,164 +9927,6 @@ objects:
- apiGroup: policy.open-cluster-management.io
kind: Policy
name: rosa-console-branding
- - apiVersion: policy.open-cluster-management.io/v1
- kind: Policy
- metadata:
- annotations:
- policy.open-cluster-management.io/categories: CM Configuration Management
- policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
- policy.open-cluster-management.io/standards: NIST SP 800-53
- name: rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- spec:
- disabled: false
- policy-templates:
- - objectDefinition:
- apiVersion: policy.open-cluster-management.io/v1
- kind: ConfigurationPolicy
- metadata:
- name: rosa-ingress-controller-check
- spec:
- evaluationInterval:
- compliant: 2h
- noncompliant: 45s
- object-templates:
- - complianceType: musthave
- metadataComplianceType: musthave
- objectDefinition:
- apiVersion: operator.openshift.io/v1
- kind: IngressController
- metadata:
- name: default
- namespace: openshift-ingress-operator
- pruneObjectBehavior: None
- remediationAction: inform
- severity: low
- remediationAction: inform
- - apiVersion: apps.open-cluster-management.io/v1
- kind: PlacementRule
- metadata:
- name: placement-rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- spec:
- clusterSelector:
- matchExpressions:
- - key: hypershift.open-cluster-management.io/hosted-cluster
- operator: In
- values:
- - 'true'
- - apiVersion: policy.open-cluster-management.io/v1
- kind: PlacementBinding
- metadata:
- name: binding-rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- placementRef:
- apiGroup: apps.open-cluster-management.io
- kind: PlacementRule
- name: placement-rosa-ingress-certificate-check
- subjects:
- - apiGroup: policy.open-cluster-management.io
- kind: Policy
- name: rosa-ingress-certificate-check
- - apiVersion: policy.open-cluster-management.io/v1
- kind: Policy
- metadata:
- annotations:
- policy.open-cluster-management.io/categories: CM Configuration Management
- policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
- policy.open-cluster-management.io/standards: NIST SP 800-53
- name: rosa-ingress-certificate-policies
- namespace: openshift-acm-policies
- spec:
- disabled: false
- policy-templates:
- - extraDependencies:
- - apiVersion: policy.open-cluster-management.io/v1
- compliance: Compliant
- kind: Policy
- name: rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- objectDefinition:
- apiVersion: policy.open-cluster-management.io/v1
- kind: ConfigurationPolicy
- metadata:
- name: rosa-ingress-controller-policies
- spec:
- evaluationInterval:
- compliant: 2h
- noncompliant: 45s
- object-templates-raw: "- complianceType: musthave\n metadataComplianceType:\
- \ musthave\n objectDefinition:\n apiVersion: operator.openshift.io/v1\n\
- \ kind: IngressController\n metadata:\n name: default\n\
- \ namespace: openshift-ingress-operator\n annotations:\n\
- \ ingress.operator.openshift.io/auto-delete-load-balancer:\
- \ 'true'\n spec:\n {{hub- if ne (fromConfigMap \"openshift-acm-policies\"\
- \ .ManagedClusterName \"disable-certificates\") \"true\" hub}}\n \
- \ defaultCertificate:\n name: '{{hub (printf \"%s-primary-cert-bundle-secret\"\
- \ .ManagedClusterName) hub}}'\n {{hub- end hub}}\n {{hub-\
- \ if ne (lookup \"v1\" \"ConfigMap\" \"openshift-acm-policies\" .ManagedClusterName).data\
- \ nil hub}}\n endpointPublishingStrategy:\n type: LoadBalancerService\n\
- \ loadBalancer:\n dnsManagementPolicy: 'Managed'\n\
- \ scope: '{{hub- if eq (fromConfigMap \"openshift-acm-policies\"\
- \ .ManagedClusterName \"endpoint-publishing-strategy\") \"internal\"\
- \ -hub}} Internal {{hub- else -hub}} External {{hub- end -hub}}'\n\
- \ {{hub- end hub}}\n"
- pruneObjectBehavior: None
- remediationAction: enforce
- severity: low
- - extraDependencies:
- - apiVersion: policy.open-cluster-management.io/v1
- compliance: Compliant
- kind: Policy
- name: rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- objectDefinition:
- apiVersion: policy.open-cluster-management.io/v1
- kind: ConfigurationPolicy
- metadata:
- name: rosa-ingress-certificate-policies
- spec:
- evaluationInterval:
- compliant: 2h
- noncompliant: 45s
- object-templates-raw: "{{hub- if ne (fromConfigMap \"openshift-acm-policies\"\
- \ .ManagedClusterName \"disable-certificates\") \"true\" hub}}\n-\
- \ complianceType: musthave\n metadataComplianceType: musthave\n \
- \ objectDefinition:\n apiVersion: v1\n data:\n tls.crt:\
- \ '{{hub fromSecret \"openshift-acm-policies\" .ManagedClusterName\
- \ \"tls.crt\" hub}}'\n tls.key: '{{hub fromSecret \"openshift-acm-policies\"\
- \ .ManagedClusterName \"tls.key\" hub}}'\n kind: Secret\n metadata:\n\
- \ name: '{{hub (printf \"%s-primary-cert-bundle-secret\" .ManagedClusterName)\
- \ hub}}'\n namespace: openshift-ingress\n{{hub- end hub}}\n"
- pruneObjectBehavior: DeleteIfCreated
- remediationAction: enforce
- severity: low
- remediationAction: enforce
- - apiVersion: apps.open-cluster-management.io/v1
- kind: PlacementRule
- metadata:
- name: placement-rosa-ingress-certificate-policies
- namespace: openshift-acm-policies
- spec:
- clusterSelector:
- matchExpressions:
- - key: hypershift.open-cluster-management.io/hosted-cluster
- operator: In
- values:
- - 'true'
- - apiVersion: policy.open-cluster-management.io/v1
- kind: PlacementBinding
- metadata:
- name: binding-rosa-ingress-certificate-policies
- namespace: openshift-acm-policies
- placementRef:
- apiGroup: apps.open-cluster-management.io
- kind: PlacementRule
- name: placement-rosa-ingress-certificate-policies
- subjects:
- - apiGroup: policy.open-cluster-management.io
- kind: Policy
- name: rosa-ingress-certificate-policies
- apiVersion: hive.openshift.io/v1
kind: SelectorSyncSet
metadata:
@@ -39127,126 +38804,8 @@ objects:
managementState: Managed
route: null
customization:
- brand: null
+ brand: ROSA
documentationBaseURL: https://docs.openshift.com/rosa/
- customProductName: Red Hat OpenShift Service on AWS
- customLogoFile:
- name: rosa-brand-logo
- key: rosa-brand-logo.svg
-- apiVersion: hive.openshift.io/v1
- kind: SelectorSyncSet
- metadata:
- labels:
- managed.openshift.io/gitHash: ${IMAGE_TAG}
- managed.openshift.io/gitRepoName: ${REPO_NAME}
- managed.openshift.io/osd: 'true'
- name: rosa-console-branding-configmap
- spec:
- clusterDeploymentSelector:
- matchLabels:
- api.openshift.com/managed: 'true'
- matchExpressions:
- - key: api.openshift.com/product
- operator: In
- values:
- - rosa
- resourceApplyMode: Sync
- applyBehavior: CreateOrUpdate
- resources:
- - apiVersion: v1
- data:
- rosa-brand-logo.svg: "\n\n\n"
- kind: ConfigMap
- metadata:
- creationTimestamp: null
- name: rosa-brand-logo
- namespace: openshift-config
- apiVersion: hive.openshift.io/v1
kind: SelectorSyncSet
metadata:
diff --git a/hack/00-osd-managed-cluster-config-production.yaml.tmpl b/hack/00-osd-managed-cluster-config-production.yaml.tmpl
index 23d70cda41..121a3abf6a 100644
--- a/hack/00-osd-managed-cluster-config-production.yaml.tmpl
+++ b/hack/00-osd-managed-cluster-config-production.yaml.tmpl
@@ -9863,167 +9863,6 @@ objects:
- apiGroup: policy.open-cluster-management.io
kind: Policy
name: rbac-permissions-operator-config
- - apiVersion: policy.open-cluster-management.io/v1
- kind: Policy
- metadata:
- annotations:
- policy.open-cluster-management.io/categories: CM Configuration Management
- policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
- policy.open-cluster-management.io/standards: NIST SP 800-53
- name: rosa-console-branding-configmap
- namespace: openshift-acm-policies
- spec:
- disabled: false
- policy-templates:
- - objectDefinition:
- apiVersion: policy.open-cluster-management.io/v1
- kind: ConfigurationPolicy
- metadata:
- name: rosa-console-branding-configmap
- spec:
- evaluationInterval:
- compliant: 2h
- noncompliant: 45s
- object-templates:
- - complianceType: mustonlyhave
- metadataComplianceType: musthave
- objectDefinition:
- apiVersion: v1
- data:
- rosa-brand-logo.svg: "\n\n\n"
- kind: ConfigMap
- metadata:
- creationTimestamp: null
- name: rosa-brand-logo
- namespace: openshift-config
- pruneObjectBehavior: DeleteIfCreated
- remediationAction: enforce
- severity: low
- remediationAction: enforce
- - apiVersion: apps.open-cluster-management.io/v1
- kind: PlacementRule
- metadata:
- name: placement-rosa-console-branding-configmap
- namespace: openshift-acm-policies
- spec:
- clusterSelector:
- matchExpressions:
- - key: hypershift.open-cluster-management.io/hosted-cluster
- operator: In
- values:
- - 'true'
- - apiVersion: policy.open-cluster-management.io/v1
- kind: PlacementBinding
- metadata:
- name: binding-rosa-console-branding-configmap
- namespace: openshift-acm-policies
- placementRef:
- apiGroup: apps.open-cluster-management.io
- kind: PlacementRule
- name: placement-rosa-console-branding-configmap
- subjects:
- - apiGroup: policy.open-cluster-management.io
- kind: Policy
- name: rosa-console-branding-configmap
- apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
@@ -10055,11 +9894,7 @@ objects:
name: cluster
spec:
customization:
- brand: null
- customLogoFile:
- key: rosa-brand-logo.svg
- name: rosa-brand-logo
- customProductName: Red Hat OpenShift Service on AWS
+ brand: ROSA
documentationBaseURL: https://docs.openshift.com/rosa/
managementState: Managed
route: null
@@ -10092,164 +9927,6 @@ objects:
- apiGroup: policy.open-cluster-management.io
kind: Policy
name: rosa-console-branding
- - apiVersion: policy.open-cluster-management.io/v1
- kind: Policy
- metadata:
- annotations:
- policy.open-cluster-management.io/categories: CM Configuration Management
- policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
- policy.open-cluster-management.io/standards: NIST SP 800-53
- name: rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- spec:
- disabled: false
- policy-templates:
- - objectDefinition:
- apiVersion: policy.open-cluster-management.io/v1
- kind: ConfigurationPolicy
- metadata:
- name: rosa-ingress-controller-check
- spec:
- evaluationInterval:
- compliant: 2h
- noncompliant: 45s
- object-templates:
- - complianceType: musthave
- metadataComplianceType: musthave
- objectDefinition:
- apiVersion: operator.openshift.io/v1
- kind: IngressController
- metadata:
- name: default
- namespace: openshift-ingress-operator
- pruneObjectBehavior: None
- remediationAction: inform
- severity: low
- remediationAction: inform
- - apiVersion: apps.open-cluster-management.io/v1
- kind: PlacementRule
- metadata:
- name: placement-rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- spec:
- clusterSelector:
- matchExpressions:
- - key: hypershift.open-cluster-management.io/hosted-cluster
- operator: In
- values:
- - 'true'
- - apiVersion: policy.open-cluster-management.io/v1
- kind: PlacementBinding
- metadata:
- name: binding-rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- placementRef:
- apiGroup: apps.open-cluster-management.io
- kind: PlacementRule
- name: placement-rosa-ingress-certificate-check
- subjects:
- - apiGroup: policy.open-cluster-management.io
- kind: Policy
- name: rosa-ingress-certificate-check
- - apiVersion: policy.open-cluster-management.io/v1
- kind: Policy
- metadata:
- annotations:
- policy.open-cluster-management.io/categories: CM Configuration Management
- policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
- policy.open-cluster-management.io/standards: NIST SP 800-53
- name: rosa-ingress-certificate-policies
- namespace: openshift-acm-policies
- spec:
- disabled: false
- policy-templates:
- - extraDependencies:
- - apiVersion: policy.open-cluster-management.io/v1
- compliance: Compliant
- kind: Policy
- name: rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- objectDefinition:
- apiVersion: policy.open-cluster-management.io/v1
- kind: ConfigurationPolicy
- metadata:
- name: rosa-ingress-controller-policies
- spec:
- evaluationInterval:
- compliant: 2h
- noncompliant: 45s
- object-templates-raw: "- complianceType: musthave\n metadataComplianceType:\
- \ musthave\n objectDefinition:\n apiVersion: operator.openshift.io/v1\n\
- \ kind: IngressController\n metadata:\n name: default\n\
- \ namespace: openshift-ingress-operator\n annotations:\n\
- \ ingress.operator.openshift.io/auto-delete-load-balancer:\
- \ 'true'\n spec:\n {{hub- if ne (fromConfigMap \"openshift-acm-policies\"\
- \ .ManagedClusterName \"disable-certificates\") \"true\" hub}}\n \
- \ defaultCertificate:\n name: '{{hub (printf \"%s-primary-cert-bundle-secret\"\
- \ .ManagedClusterName) hub}}'\n {{hub- end hub}}\n {{hub-\
- \ if ne (lookup \"v1\" \"ConfigMap\" \"openshift-acm-policies\" .ManagedClusterName).data\
- \ nil hub}}\n endpointPublishingStrategy:\n type: LoadBalancerService\n\
- \ loadBalancer:\n dnsManagementPolicy: 'Managed'\n\
- \ scope: '{{hub- if eq (fromConfigMap \"openshift-acm-policies\"\
- \ .ManagedClusterName \"endpoint-publishing-strategy\") \"internal\"\
- \ -hub}} Internal {{hub- else -hub}} External {{hub- end -hub}}'\n\
- \ {{hub- end hub}}\n"
- pruneObjectBehavior: None
- remediationAction: enforce
- severity: low
- - extraDependencies:
- - apiVersion: policy.open-cluster-management.io/v1
- compliance: Compliant
- kind: Policy
- name: rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- objectDefinition:
- apiVersion: policy.open-cluster-management.io/v1
- kind: ConfigurationPolicy
- metadata:
- name: rosa-ingress-certificate-policies
- spec:
- evaluationInterval:
- compliant: 2h
- noncompliant: 45s
- object-templates-raw: "{{hub- if ne (fromConfigMap \"openshift-acm-policies\"\
- \ .ManagedClusterName \"disable-certificates\") \"true\" hub}}\n-\
- \ complianceType: musthave\n metadataComplianceType: musthave\n \
- \ objectDefinition:\n apiVersion: v1\n data:\n tls.crt:\
- \ '{{hub fromSecret \"openshift-acm-policies\" .ManagedClusterName\
- \ \"tls.crt\" hub}}'\n tls.key: '{{hub fromSecret \"openshift-acm-policies\"\
- \ .ManagedClusterName \"tls.key\" hub}}'\n kind: Secret\n metadata:\n\
- \ name: '{{hub (printf \"%s-primary-cert-bundle-secret\" .ManagedClusterName)\
- \ hub}}'\n namespace: openshift-ingress\n{{hub- end hub}}\n"
- pruneObjectBehavior: DeleteIfCreated
- remediationAction: enforce
- severity: low
- remediationAction: enforce
- - apiVersion: apps.open-cluster-management.io/v1
- kind: PlacementRule
- metadata:
- name: placement-rosa-ingress-certificate-policies
- namespace: openshift-acm-policies
- spec:
- clusterSelector:
- matchExpressions:
- - key: hypershift.open-cluster-management.io/hosted-cluster
- operator: In
- values:
- - 'true'
- - apiVersion: policy.open-cluster-management.io/v1
- kind: PlacementBinding
- metadata:
- name: binding-rosa-ingress-certificate-policies
- namespace: openshift-acm-policies
- placementRef:
- apiGroup: apps.open-cluster-management.io
- kind: PlacementRule
- name: placement-rosa-ingress-certificate-policies
- subjects:
- - apiGroup: policy.open-cluster-management.io
- kind: Policy
- name: rosa-ingress-certificate-policies
- apiVersion: hive.openshift.io/v1
kind: SelectorSyncSet
metadata:
@@ -39127,126 +38804,8 @@ objects:
managementState: Managed
route: null
customization:
- brand: null
+ brand: ROSA
documentationBaseURL: https://docs.openshift.com/rosa/
- customProductName: Red Hat OpenShift Service on AWS
- customLogoFile:
- name: rosa-brand-logo
- key: rosa-brand-logo.svg
-- apiVersion: hive.openshift.io/v1
- kind: SelectorSyncSet
- metadata:
- labels:
- managed.openshift.io/gitHash: ${IMAGE_TAG}
- managed.openshift.io/gitRepoName: ${REPO_NAME}
- managed.openshift.io/osd: 'true'
- name: rosa-console-branding-configmap
- spec:
- clusterDeploymentSelector:
- matchLabels:
- api.openshift.com/managed: 'true'
- matchExpressions:
- - key: api.openshift.com/product
- operator: In
- values:
- - rosa
- resourceApplyMode: Sync
- applyBehavior: CreateOrUpdate
- resources:
- - apiVersion: v1
- data:
- rosa-brand-logo.svg: "\n\n\n"
- kind: ConfigMap
- metadata:
- creationTimestamp: null
- name: rosa-brand-logo
- namespace: openshift-config
- apiVersion: hive.openshift.io/v1
kind: SelectorSyncSet
metadata:
diff --git a/hack/00-osd-managed-cluster-config-stage.yaml.tmpl b/hack/00-osd-managed-cluster-config-stage.yaml.tmpl
index 23d70cda41..121a3abf6a 100644
--- a/hack/00-osd-managed-cluster-config-stage.yaml.tmpl
+++ b/hack/00-osd-managed-cluster-config-stage.yaml.tmpl
@@ -9863,167 +9863,6 @@ objects:
- apiGroup: policy.open-cluster-management.io
kind: Policy
name: rbac-permissions-operator-config
- - apiVersion: policy.open-cluster-management.io/v1
- kind: Policy
- metadata:
- annotations:
- policy.open-cluster-management.io/categories: CM Configuration Management
- policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
- policy.open-cluster-management.io/standards: NIST SP 800-53
- name: rosa-console-branding-configmap
- namespace: openshift-acm-policies
- spec:
- disabled: false
- policy-templates:
- - objectDefinition:
- apiVersion: policy.open-cluster-management.io/v1
- kind: ConfigurationPolicy
- metadata:
- name: rosa-console-branding-configmap
- spec:
- evaluationInterval:
- compliant: 2h
- noncompliant: 45s
- object-templates:
- - complianceType: mustonlyhave
- metadataComplianceType: musthave
- objectDefinition:
- apiVersion: v1
- data:
- rosa-brand-logo.svg: "\n\n\n"
- kind: ConfigMap
- metadata:
- creationTimestamp: null
- name: rosa-brand-logo
- namespace: openshift-config
- pruneObjectBehavior: DeleteIfCreated
- remediationAction: enforce
- severity: low
- remediationAction: enforce
- - apiVersion: apps.open-cluster-management.io/v1
- kind: PlacementRule
- metadata:
- name: placement-rosa-console-branding-configmap
- namespace: openshift-acm-policies
- spec:
- clusterSelector:
- matchExpressions:
- - key: hypershift.open-cluster-management.io/hosted-cluster
- operator: In
- values:
- - 'true'
- - apiVersion: policy.open-cluster-management.io/v1
- kind: PlacementBinding
- metadata:
- name: binding-rosa-console-branding-configmap
- namespace: openshift-acm-policies
- placementRef:
- apiGroup: apps.open-cluster-management.io
- kind: PlacementRule
- name: placement-rosa-console-branding-configmap
- subjects:
- - apiGroup: policy.open-cluster-management.io
- kind: Policy
- name: rosa-console-branding-configmap
- apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
@@ -10055,11 +9894,7 @@ objects:
name: cluster
spec:
customization:
- brand: null
- customLogoFile:
- key: rosa-brand-logo.svg
- name: rosa-brand-logo
- customProductName: Red Hat OpenShift Service on AWS
+ brand: ROSA
documentationBaseURL: https://docs.openshift.com/rosa/
managementState: Managed
route: null
@@ -10092,164 +9927,6 @@ objects:
- apiGroup: policy.open-cluster-management.io
kind: Policy
name: rosa-console-branding
- - apiVersion: policy.open-cluster-management.io/v1
- kind: Policy
- metadata:
- annotations:
- policy.open-cluster-management.io/categories: CM Configuration Management
- policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
- policy.open-cluster-management.io/standards: NIST SP 800-53
- name: rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- spec:
- disabled: false
- policy-templates:
- - objectDefinition:
- apiVersion: policy.open-cluster-management.io/v1
- kind: ConfigurationPolicy
- metadata:
- name: rosa-ingress-controller-check
- spec:
- evaluationInterval:
- compliant: 2h
- noncompliant: 45s
- object-templates:
- - complianceType: musthave
- metadataComplianceType: musthave
- objectDefinition:
- apiVersion: operator.openshift.io/v1
- kind: IngressController
- metadata:
- name: default
- namespace: openshift-ingress-operator
- pruneObjectBehavior: None
- remediationAction: inform
- severity: low
- remediationAction: inform
- - apiVersion: apps.open-cluster-management.io/v1
- kind: PlacementRule
- metadata:
- name: placement-rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- spec:
- clusterSelector:
- matchExpressions:
- - key: hypershift.open-cluster-management.io/hosted-cluster
- operator: In
- values:
- - 'true'
- - apiVersion: policy.open-cluster-management.io/v1
- kind: PlacementBinding
- metadata:
- name: binding-rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- placementRef:
- apiGroup: apps.open-cluster-management.io
- kind: PlacementRule
- name: placement-rosa-ingress-certificate-check
- subjects:
- - apiGroup: policy.open-cluster-management.io
- kind: Policy
- name: rosa-ingress-certificate-check
- - apiVersion: policy.open-cluster-management.io/v1
- kind: Policy
- metadata:
- annotations:
- policy.open-cluster-management.io/categories: CM Configuration Management
- policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
- policy.open-cluster-management.io/standards: NIST SP 800-53
- name: rosa-ingress-certificate-policies
- namespace: openshift-acm-policies
- spec:
- disabled: false
- policy-templates:
- - extraDependencies:
- - apiVersion: policy.open-cluster-management.io/v1
- compliance: Compliant
- kind: Policy
- name: rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- objectDefinition:
- apiVersion: policy.open-cluster-management.io/v1
- kind: ConfigurationPolicy
- metadata:
- name: rosa-ingress-controller-policies
- spec:
- evaluationInterval:
- compliant: 2h
- noncompliant: 45s
- object-templates-raw: "- complianceType: musthave\n metadataComplianceType:\
- \ musthave\n objectDefinition:\n apiVersion: operator.openshift.io/v1\n\
- \ kind: IngressController\n metadata:\n name: default\n\
- \ namespace: openshift-ingress-operator\n annotations:\n\
- \ ingress.operator.openshift.io/auto-delete-load-balancer:\
- \ 'true'\n spec:\n {{hub- if ne (fromConfigMap \"openshift-acm-policies\"\
- \ .ManagedClusterName \"disable-certificates\") \"true\" hub}}\n \
- \ defaultCertificate:\n name: '{{hub (printf \"%s-primary-cert-bundle-secret\"\
- \ .ManagedClusterName) hub}}'\n {{hub- end hub}}\n {{hub-\
- \ if ne (lookup \"v1\" \"ConfigMap\" \"openshift-acm-policies\" .ManagedClusterName).data\
- \ nil hub}}\n endpointPublishingStrategy:\n type: LoadBalancerService\n\
- \ loadBalancer:\n dnsManagementPolicy: 'Managed'\n\
- \ scope: '{{hub- if eq (fromConfigMap \"openshift-acm-policies\"\
- \ .ManagedClusterName \"endpoint-publishing-strategy\") \"internal\"\
- \ -hub}} Internal {{hub- else -hub}} External {{hub- end -hub}}'\n\
- \ {{hub- end hub}}\n"
- pruneObjectBehavior: None
- remediationAction: enforce
- severity: low
- - extraDependencies:
- - apiVersion: policy.open-cluster-management.io/v1
- compliance: Compliant
- kind: Policy
- name: rosa-ingress-certificate-check
- namespace: openshift-acm-policies
- objectDefinition:
- apiVersion: policy.open-cluster-management.io/v1
- kind: ConfigurationPolicy
- metadata:
- name: rosa-ingress-certificate-policies
- spec:
- evaluationInterval:
- compliant: 2h
- noncompliant: 45s
- object-templates-raw: "{{hub- if ne (fromConfigMap \"openshift-acm-policies\"\
- \ .ManagedClusterName \"disable-certificates\") \"true\" hub}}\n-\
- \ complianceType: musthave\n metadataComplianceType: musthave\n \
- \ objectDefinition:\n apiVersion: v1\n data:\n tls.crt:\
- \ '{{hub fromSecret \"openshift-acm-policies\" .ManagedClusterName\
- \ \"tls.crt\" hub}}'\n tls.key: '{{hub fromSecret \"openshift-acm-policies\"\
- \ .ManagedClusterName \"tls.key\" hub}}'\n kind: Secret\n metadata:\n\
- \ name: '{{hub (printf \"%s-primary-cert-bundle-secret\" .ManagedClusterName)\
- \ hub}}'\n namespace: openshift-ingress\n{{hub- end hub}}\n"
- pruneObjectBehavior: DeleteIfCreated
- remediationAction: enforce
- severity: low
- remediationAction: enforce
- - apiVersion: apps.open-cluster-management.io/v1
- kind: PlacementRule
- metadata:
- name: placement-rosa-ingress-certificate-policies
- namespace: openshift-acm-policies
- spec:
- clusterSelector:
- matchExpressions:
- - key: hypershift.open-cluster-management.io/hosted-cluster
- operator: In
- values:
- - 'true'
- - apiVersion: policy.open-cluster-management.io/v1
- kind: PlacementBinding
- metadata:
- name: binding-rosa-ingress-certificate-policies
- namespace: openshift-acm-policies
- placementRef:
- apiGroup: apps.open-cluster-management.io
- kind: PlacementRule
- name: placement-rosa-ingress-certificate-policies
- subjects:
- - apiGroup: policy.open-cluster-management.io
- kind: Policy
- name: rosa-ingress-certificate-policies
- apiVersion: hive.openshift.io/v1
kind: SelectorSyncSet
metadata:
@@ -39127,126 +38804,8 @@ objects:
managementState: Managed
route: null
customization:
- brand: null
+ brand: ROSA
documentationBaseURL: https://docs.openshift.com/rosa/
- customProductName: Red Hat OpenShift Service on AWS
- customLogoFile:
- name: rosa-brand-logo
- key: rosa-brand-logo.svg
-- apiVersion: hive.openshift.io/v1
- kind: SelectorSyncSet
- metadata:
- labels:
- managed.openshift.io/gitHash: ${IMAGE_TAG}
- managed.openshift.io/gitRepoName: ${REPO_NAME}
- managed.openshift.io/osd: 'true'
- name: rosa-console-branding-configmap
- spec:
- clusterDeploymentSelector:
- matchLabels:
- api.openshift.com/managed: 'true'
- matchExpressions:
- - key: api.openshift.com/product
- operator: In
- values:
- - rosa
- resourceApplyMode: Sync
- applyBehavior: CreateOrUpdate
- resources:
- - apiVersion: v1
- data:
- rosa-brand-logo.svg: "\n\n\n"
- kind: ConfigMap
- metadata:
- creationTimestamp: null
- name: rosa-brand-logo
- namespace: openshift-config
- apiVersion: hive.openshift.io/v1
kind: SelectorSyncSet
metadata:
diff --git a/resources/managed/all-osd-resources.yaml b/resources/managed/all-osd-resources.yaml
index d37e112395..9097d62c3c 100644
--- a/resources/managed/all-osd-resources.yaml
+++ b/resources/managed/all-osd-resources.yaml
@@ -1,7 +1,5 @@
Resources:
ConfigMap:
- - namespace: openshift-config
- name: rosa-brand-logo
- namespace: openshift-console
name: custom-logo
- namespace: openshift-deployment-validation-operator
@@ -119,14 +117,14 @@ Resources:
name: osd-oauth-templates-login
- namespace: openshift-config
name: osd-oauth-templates-providers
- - namespace: openshift-config
+ - namespace: openshift-config
name: rosa-oauth-templates-errors
- namespace: openshift-config
name: rosa-oauth-templates-login
- namespace: openshift-config
name: rosa-oauth-templates-providers
- namespace: openshift-config
- name: support
+ name: support
- namespace: openshift-config
name: tony-devlab-primary-cert-bundle-secret
- namespace: openshift-ingress
diff --git a/source/html/rosa/rosa-brand-logo.svg b/source/html/rosa/rosa-brand-logo.svg
deleted file mode 100644
index cad63ecf88..0000000000
--- a/source/html/rosa/rosa-brand-logo.svg
+++ /dev/null
@@ -1,98 +0,0 @@
-
-
-