Context

From the ACM issue: "In order for OpenShift GitOps to have access to the policy generator when you run Kustomize, a custom container image must be used."

From the linked blog post: 

"You must also configure the OpenShift GitOps operator to allow Kustomize plugins with the following command:"

oc n openshift-gitops patch argocd openshift-gitops --type merge --patch '{"spec": {"kustomizeBuildOptions": "-enable_alpha_plugins"}}'

Description

We would like to provide support for the ACM policy generator so that users don't have to create a custom container image or patch the operator to allow Kustomize plugins.

Possible approaches from jfischer@redhat.com:

• Ship the policy generator kustomize plugin as part of our downstream image
• Implement a new config management plugin

Potential issues:

• Tying the policy generator plugin's releases to the GitOps release cycle rather than ACM's, increasing the support load on our team
• Losing first-class Kustomize features

Questions:

• Do we want to also provide GitOps access to create policies on the RHACM hub cluster? This is a step included in the workaround, but from a security standpoint perhaps should stay as a manual `oc apply`?

Acceptance criteria

• Users do not have to make changes to the base image to use the ACM policy generator
• Users can use Kustomize to access the policy generator