apiVersion: v1 items: - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-kdump-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-kdump-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"machineconfiguration.openshift.io/v1","kind":"MachineConfig","metadata":{"labels":{"machineconfiguration.openshift.io/role":"master"},"name":"06-kdump-enable-master"},"spec":{"config":{"ignition":{"version":"3.2.0"},"systemd":{"units":[{"enabled":true,"name":"kdump.service"}]}},"kernelArguments":["crashkernel=256M"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site1 policy.open-cluster-management.io/cluster-namespace: cloudransno-site1 policy.open-cluster-management.io/root-policy: ztp-common.common-kdump-policy name: ztp-common.common-kdump-policy namespace: cloudransno-site1 resourceVersion: "3277115" uid: 37de9795-cc7a-46bc-9ad6-d7aff1069609 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-kdump-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: 06-kdump-enable-master spec: config: ignition: version: 3.2.0 systemd: units: - enabled: true name: kdump.service kernelArguments: - crashkernel=256M remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-kdump-policy.172a3839064cc0e7 lastTimestamp: "2022-11-23T13:00:29Z" message: Compliant; notification - machineconfigs [06-kdump-enable-master] found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-kdump-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"1"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-mon-offload-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-mon-offload-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","data":{"config.yaml":"grafana:\n enabled: false\nalertmanagerMain:\n enabled: false\nprometheusK8s:\n retention: 24h\n"},"kind":"ConfigMap","metadata":{"name":"cluster-monitoring-config","namespace":"openshift-monitoring"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "1" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site1 policy.open-cluster-management.io/cluster-namespace: cloudransno-site1 policy.open-cluster-management.io/root-policy: ztp-common.common-mon-offload-policy name: ztp-common.common-mon-offload-policy namespace: cloudransno-site1 resourceVersion: "3277118" uid: 4ebcee4f-1981-4d51-ab46-7593cf6a7ee8 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-mon-offload-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 data: config.yaml: | grafana: enabled: false alertmanagerMain: enabled: false prometheusK8s: retention: 24h kind: ConfigMap metadata: name: cluster-monitoring-config namespace: openshift-monitoring remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-mon-offload-policy.172a383907ebc508 lastTimestamp: "2022-11-23T13:00:29Z" message: Compliant; notification - configmaps [cluster-monitoring-config] in namespace openshift-monitoring found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-mon-offload-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-pao-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-pao-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"performance-addon-operator","namespace":"openshift-performance-addon-operator"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"performance-addon-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/cluster-monitoring":"true"},"name":"openshift-performance-addon-operator"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"performance-addon-operator","namespace":"openshift-performance-addon-operator"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site1 policy.open-cluster-management.io/cluster-namespace: cloudransno-site1 policy.open-cluster-management.io/root-policy: ztp-common.common-pao-sub-policy name: ztp-common.common-pao-sub-policy namespace: cloudransno-site1 resourceVersion: "3276471" uid: 5afff26a-2d0a-49a8-ba7a-952109abd4c6 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-pao-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: performance-addon-operator namespace: openshift-performance-addon-operator spec: channel: "4.10" installPlanApproval: Automatic name: performance-addon-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/cluster-monitoring: "true" name: openshift-performance-addon-operator - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: performance-addon-operator namespace: openshift-performance-addon-operator remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-pao-sub-policy.172a3836ae526154 lastTimestamp: "2022-11-23T13:00:19Z" message: Compliant; notification - subscriptions [performance-addon-operator] in namespace openshift-performance-addon-operator found as specified, therefore this Object template is compliant; notification - namespaces [openshift-performance-addon-operator] found as specified, therefore this Object template is compliant; notification - operatorgroups [performance-addon-operator] in namespace openshift-performance-addon-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-pao-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-ptp-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-ptp-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"ptp-operator-subscription","namespace":"openshift-ptp"},"spec":{"channel":"stable","installPlanApproval":"Automatic","name":"ptp-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/cluster-monitoring":"true"},"name":"openshift-ptp"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"ptp-operators","namespace":"openshift-ptp"},"spec":{"targetNamespaces":["openshift-ptp"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site1 policy.open-cluster-management.io/cluster-namespace: cloudransno-site1 policy.open-cluster-management.io/root-policy: ztp-common.common-ptp-sub-policy name: ztp-common.common-ptp-sub-policy namespace: cloudransno-site1 resourceVersion: "33971976" uid: 0cb4bbcb-c2ce-4658-9ab4-0fb7ac33c14b spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-ptp-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ptp-operator-subscription namespace: openshift-ptp spec: channel: stable installPlanApproval: Automatic name: ptp-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/cluster-monitoring: "true" name: openshift-ptp - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: ptp-operators namespace: openshift-ptp spec: targetNamespaces: - openshift-ptp remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-ptp-sub-policy.172c09c543cf97a3 lastTimestamp: "2022-11-29T11:11:44Z" message: Compliant; notification - subscriptions [ptp-operator-subscription] in namespace openshift-ptp found as specified, therefore this Object template is compliant; notification - namespaces [openshift-ptp] found as specified, therefore this Object template is compliant; notification - operatorgroups [ptp-operators] in namespace openshift-ptp found as specified, therefore this Object template is compliant - eventName: ztp-common.common-ptp-sub-policy.172c099e57906f57 lastTimestamp: "2022-11-29T11:08:57Z" message: 'NonCompliant; violation - subscriptions not found: [ptp-operator-subscription] in namespace openshift-ptp found but not as specified; notification - namespaces [openshift-ptp] found as specified, therefore this Object template is compliant; notification - operatorgroups [ptp-operators] in namespace openshift-ptp found as specified, therefore this Object template is compliant' - eventName: ztp-common.common-ptp-sub-policy.172a38390c95bf54 lastTimestamp: "2022-11-23T13:00:29Z" message: Compliant; notification - subscriptions [ptp-operator-subscription] in namespace openshift-ptp found as specified, therefore this Object template is compliant; notification - namespaces [openshift-ptp] found as specified, therefore this Object template is compliant; notification - operatorgroups [ptp-operators] in namespace openshift-ptp found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-ptp-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-sriov-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-sriov-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"sriov-network-operator-subscription","namespace":"openshift-sriov-network-operator"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"sriov-network-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/run-level":"1"},"name":"openshift-sriov-network-operator"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"sriov-network-operators","namespace":"openshift-sriov-network-operator"},"spec":{"targetNamespaces":["openshift-sriov-network-operator"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site1 policy.open-cluster-management.io/cluster-namespace: cloudransno-site1 policy.open-cluster-management.io/root-policy: ztp-common.common-sriov-sub-policy name: ztp-common.common-sriov-sub-policy namespace: cloudransno-site1 resourceVersion: "33972294" uid: bf991a86-cb23-40e8-bb8b-fa4d10c4766a spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-sriov-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: sriov-network-operator-subscription namespace: openshift-sriov-network-operator spec: channel: "4.10" installPlanApproval: Automatic name: sriov-network-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/run-level: "1" name: openshift-sriov-network-operator - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: sriov-network-operators namespace: openshift-sriov-network-operator spec: targetNamespaces: - openshift-sriov-network-operator remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-sriov-sub-policy.172c09c686c0a285 lastTimestamp: "2022-11-29T11:11:50Z" message: Compliant; notification - subscriptions [sriov-network-operator-subscription] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant; notification - namespaces [openshift-sriov-network-operator] found as specified, therefore this Object template is compliant; notification - operatorgroups [sriov-network-operators] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant - eventName: ztp-common.common-sriov-sub-policy.172c099ba1a37819 lastTimestamp: "2022-11-29T11:08:45Z" message: 'NonCompliant; violation - subscriptions not found: [sriov-network-operator-subscription] in namespace openshift-sriov-network-operator found but not as specified; notification - namespaces [openshift-sriov-network-operator] found as specified, therefore this Object template is compliant; notification - operatorgroups [sriov-network-operators] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant' - eventName: ztp-common.common-sriov-sub-policy.172a38390a455e8e lastTimestamp: "2022-11-23T13:00:29Z" message: Compliant; notification - subscriptions [sriov-network-operator-subscription] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant; notification - namespaces [openshift-sriov-network-operator] found as specified, therefore this Object template is compliant; notification - operatorgroups [sriov-network-operators] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-sriov-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-storage-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-storage-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"name":"openshift-local-storage"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"openshift-local-storage","namespace":"openshift-local-storage"},"spec":{"targetNamespaces":["openshift-local-storage"]}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"local-storage-operator","namespace":"openshift-local-storage"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"local-storage-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site1 policy.open-cluster-management.io/cluster-namespace: cloudransno-site1 policy.open-cluster-management.io/root-policy: ztp-common.common-storage-sub-policy name: ztp-common.common-storage-sub-policy namespace: cloudransno-site1 resourceVersion: "3277794" uid: aad25c90-cdec-49a9-9c00-da5b320260df spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-storage-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management name: openshift-local-storage - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: openshift-local-storage namespace: openshift-local-storage spec: targetNamespaces: - openshift-local-storage - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: local-storage-operator namespace: openshift-local-storage spec: channel: "4.10" installPlanApproval: Automatic name: local-storage-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-storage-sub-policy.172a383b7d398d35 lastTimestamp: "2022-11-23T13:00:40Z" message: Compliant; notification - namespaces [openshift-local-storage] found as specified, therefore this Object template is compliant; notification - operatorgroups [openshift-local-storage] in namespace openshift-local-storage found as specified, therefore this Object template is compliant; notification - subscriptions [local-storage-operator] in namespace openshift-local-storage found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-storage-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-subscriptions-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-subscriptions-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"name":"vran-acceleration-operators"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"vran-operators","namespace":"vran-acceleration-operators"},"spec":{"targetNamespaces":["vran-acceleration-operators"]}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"sriov-fec-subscription","namespace":"vran-acceleration-operators"},"spec":{"channel":"stable","installPlanApproval":"Manual","name":"sriov-fec","source":"certified-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site1 policy.open-cluster-management.io/cluster-namespace: cloudransno-site1 policy.open-cluster-management.io/root-policy: ztp-common.common-subscriptions-policy name: ztp-common.common-subscriptions-policy namespace: cloudransno-site1 resourceVersion: "3277801" uid: 926a1c27-657d-4ff5-9cde-5c329608163c spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-subscriptions-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: name: vran-acceleration-operators - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: vran-operators namespace: vran-acceleration-operators spec: targetNamespaces: - vran-acceleration-operators - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: sriov-fec-subscription namespace: vran-acceleration-operators spec: channel: stable installPlanApproval: Manual name: sriov-fec source: certified-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-subscriptions-policy.172a383b7fae1f45 lastTimestamp: "2022-11-23T13:00:40Z" message: Compliant; notification - namespaces [vran-acceleration-operators] found as specified, therefore this Object template is compliant; notification - operatorgroups [vran-operators] in namespace vran-acceleration-operators found as specified, therefore this Object template is compliant; notification - subscriptions [sriov-fec-subscription] in namespace vran-acceleration-operators found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-subscriptions-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"group-du-sno-mc-sctp-policy","namespace":"ztp-group-du-sno"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"group-du-sno-mc-sctp-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"machineconfiguration.openshift.io/v1","kind":"MachineConfig","metadata":{"labels":{"machineconfiguration.openshift.io/role":"master"},"name":"load-sctp-module-master"},"spec":{"config":{"ignition":{"version":"2.2.0"},"storage":{"files":[{"contents":{"source":"data:,","verification":{}},"filesystem":"root","mode":420,"path":"/etc/modprobe.d/sctp-blacklist.conf"},{"contents":{"source":"data:text/plain;charset=utf-8,sctp"},"filesystem":"root","mode":420,"path":"/etc/modules-load.d/sctp-load.conf"}]}}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site1 policy.open-cluster-management.io/cluster-namespace: cloudransno-site1 policy.open-cluster-management.io/root-policy: ztp-group-du-sno.group-du-sno-mc-sctp-policy name: ztp-group-du-sno.group-du-sno-mc-sctp-policy namespace: cloudransno-site1 resourceVersion: "3277806" uid: dfa645b0-f1d7-4d82-80d9-78f9574f9769 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: group-du-sno-mc-sctp-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: load-sctp-module-master spec: config: ignition: version: 2.2.0 storage: files: - contents: source: data:, verification: {} filesystem: root mode: 420 path: /etc/modprobe.d/sctp-blacklist.conf - contents: source: data:text/plain;charset=utf-8,sctp filesystem: root mode: 420 path: /etc/modules-load.d/sctp-load.conf remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-group-du-sno.group-du-sno-mc-sctp-policy.172a383b81680be2 lastTimestamp: "2022-11-23T13:00:40Z" message: Compliant; notification - machineconfigs [load-sctp-module-master] found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: group-du-sno-mc-sctp-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site1-perfprofile-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site1-perfprofile-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"performance.openshift.io/v2","kind":"PerformanceProfile","metadata":{"annotations":{"kubeletconfig.experimental":"{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n"},"name":"sno-perfprofile"},"spec":{"additionalKernelArgs":["firmware_class.path=/var/lib/firmware/","idle=poll","nohz_full=2-27,30-55","rcupdate.rcu_normal_after_boot=0","efi=runtime","intel_idle.max_cstate=0","intel_pstate=disable","numa_balancing=disable"],"cpu":{"isolated":"2-27,30-55","reserved":"0-1,28-29"},"hugepages":{"defaultHugepagesSize":"1G","pages":[{"count":8,"node":0,"size":"1G"}]},"machineConfigPoolSelector":{"pools.operator.machineconfiguration.openshift.io/master":""},"net":{"userLevelNetworking":true},"nodeSelector":{"node-role.kubernetes.io/master":""},"numa":{"topologyPolicy":"restricted"},"realTimeKernel":{"enabled":true}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site1 policy.open-cluster-management.io/cluster-namespace: cloudransno-site1 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site1-perfprofile-policy name: ztp-policies.cloudransno-site1-perfprofile-policy namespace: cloudransno-site1 resourceVersion: "3276457" uid: d9f810f7-8a01-45d7-a674-757051706a04 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site1-perfprofile-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: performance.openshift.io/v2 kind: PerformanceProfile metadata: annotations: kubeletconfig.experimental: "{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n" name: sno-perfprofile spec: additionalKernelArgs: - firmware_class.path=/var/lib/firmware/ - idle=poll - nohz_full=2-27,30-55 - rcupdate.rcu_normal_after_boot=0 - efi=runtime - intel_idle.max_cstate=0 - intel_pstate=disable - numa_balancing=disable cpu: isolated: 2-27,30-55 reserved: 0-1,28-29 hugepages: defaultHugepagesSize: 1G pages: - count: 8 node: 0 size: 1G machineConfigPoolSelector: pools.operator.machineconfiguration.openshift.io/master: "" net: userLevelNetworking: true nodeSelector: node-role.kubernetes.io/master: "" numa: topologyPolicy: restricted realTimeKernel: enabled: true remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site1-perfprofile-policy.172a3836a564f320 lastTimestamp: "2022-11-23T13:00:19Z" message: Compliant; notification - performanceprofiles [sno-perfprofile] found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site1-perfprofile-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site1-ptp-config-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site1-ptp-config-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"ptp.openshift.io/v1","kind":"PtpConfig","metadata":{"name":"du-slave","namespace":"openshift-ptp"},"spec":{"profile":[{"interface":"eno12409","name":"slave","phc2sysOpts":"-a -r -n 24 -u 2","ptp4lConf":"[global]\n#\n# Default Data Set\n#\ntwoStepFlag 1\nslaveOnly 0\npriority1 128\npriority2 128\ndomainNumber 24\n#utc_offset 37\nclockClass 248\nclockAccuracy 0xFE\noffsetScaledLogVariance 0xFFFF\nfree_running 0\nfreq_est_interval 1\ndscp_event 0\ndscp_general 0\ndataset_comparison ieee1588\nG.8275.defaultDS.localPriority 128\n#\n# Port Data Set\n#\nlogAnnounceInterval -3\nlogSyncInterval -4\nlogMinDelayReqInterval -4\nlogMinPdelayReqInterval -4\nannounceReceiptTimeout 3\nsyncReceiptTimeout 0\ndelayAsymmetry 0\nfault_reset_interval -128\nneighborPropDelayThresh 20000000\nmasterOnly 0\nG.8275.portDS.localPriority 128\n#\n# Run time options\n#\nassume_two_step 0\nlogging_level 6\npath_trace_enabled 0\nfollow_up_info 0\nhybrid_e2e 0\ninhibit_multicast_service 0\nnet_sync_monitor 0\ntc_spanning_tree 0\ntx_timestamp_timeout 10\nunicast_listen 0\nunicast_master_table 0\nunicast_req_duration 3600\nuse_syslog 1\nverbose 0\nsummary_interval 0\nkernel_leap 1\ncheck_fup_sync 0\n#\n# Servo Options\n#\npi_proportional_const 0.0\npi_integral_const 0.0\npi_proportional_scale 0.0\npi_proportional_exponent -0.3\npi_proportional_norm_max 0.7\npi_integral_scale 0.0\npi_integral_exponent 0.4\npi_integral_norm_max 0.3\nstep_threshold 0.0\nfirst_step_threshold 0.00002\nmax_frequency 900000000\nclock_servo pi\nsanity_freq_limit 200000000\nntpshm_segment 0\n#\n# Transport options\n#\ntransportSpecific 0x0\nptp_dst_mac 01:1B:19:00:00:00\np2p_dst_mac 01:80:C2:00:00:0E\nudp_ttl 1\nudp6_scope 0x0E\nuds_address /var/run/ptp4l\n#\n# Default interface options\n#\nclock_type OC\nnetwork_transport UDPv4\ndelay_mechanism E2E\ntime_stamping hardware\ntsproc_mode filter\ndelay_filter moving_median\ndelay_filter_length 10\negressLatency 0\ningressLatency 0\nboundary_clock_jbod 0\n#\n# Clock description\n#\nproductDescription ;;\nrevisionData ;;\nmanufacturerIdentity 00:00:00\nuserDescription ;\ntimeSource 0xA0\n","ptp4lOpts":"-2 -s"}],"recommend":[{"match":[{"nodeLabel":"node-role.kubernetes.io/master"}],"priority":4,"profile":"slave"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site1 policy.open-cluster-management.io/cluster-namespace: cloudransno-site1 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site1-ptp-config-policy name: ztp-policies.cloudransno-site1-ptp-config-policy namespace: cloudransno-site1 resourceVersion: "3275816" uid: f2d4f819-ffde-4460-b72d-5313c2c403cc spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site1-ptp-config-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: ptp.openshift.io/v1 kind: PtpConfig metadata: name: du-slave namespace: openshift-ptp spec: profile: - interface: eno12409 name: slave phc2sysOpts: -a -r -n 24 -u 2 ptp4lConf: | [global] # # Default Data Set # twoStepFlag 1 slaveOnly 0 priority1 128 priority2 128 domainNumber 24 #utc_offset 37 clockClass 248 clockAccuracy 0xFE offsetScaledLogVariance 0xFFFF free_running 0 freq_est_interval 1 dscp_event 0 dscp_general 0 dataset_comparison ieee1588 G.8275.defaultDS.localPriority 128 # # Port Data Set # logAnnounceInterval -3 logSyncInterval -4 logMinDelayReqInterval -4 logMinPdelayReqInterval -4 announceReceiptTimeout 3 syncReceiptTimeout 0 delayAsymmetry 0 fault_reset_interval -128 neighborPropDelayThresh 20000000 masterOnly 0 G.8275.portDS.localPriority 128 # # Run time options # assume_two_step 0 logging_level 6 path_trace_enabled 0 follow_up_info 0 hybrid_e2e 0 inhibit_multicast_service 0 net_sync_monitor 0 tc_spanning_tree 0 tx_timestamp_timeout 10 unicast_listen 0 unicast_master_table 0 unicast_req_duration 3600 use_syslog 1 verbose 0 summary_interval 0 kernel_leap 1 check_fup_sync 0 # # Servo Options # pi_proportional_const 0.0 pi_integral_const 0.0 pi_proportional_scale 0.0 pi_proportional_exponent -0.3 pi_proportional_norm_max 0.7 pi_integral_scale 0.0 pi_integral_exponent 0.4 pi_integral_norm_max 0.3 step_threshold 0.0 first_step_threshold 0.00002 max_frequency 900000000 clock_servo pi sanity_freq_limit 200000000 ntpshm_segment 0 # # Transport options # transportSpecific 0x0 ptp_dst_mac 01:1B:19:00:00:00 p2p_dst_mac 01:80:C2:00:00:0E udp_ttl 1 udp6_scope 0x0E uds_address /var/run/ptp4l # # Default interface options # clock_type OC network_transport UDPv4 delay_mechanism E2E time_stamping hardware tsproc_mode filter delay_filter moving_median delay_filter_length 10 egressLatency 0 ingressLatency 0 boundary_clock_jbod 0 # # Clock description # productDescription ;; revisionData ;; manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 ptp4lOpts: -2 -s recommend: - match: - nodeLabel: node-role.kubernetes.io/master priority: 4 profile: slave remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site1-ptp-config-policy.172a38344fe5850b lastTimestamp: "2022-11-23T13:00:09Z" message: Compliant; notification - ptpconfigs [du-slave] in namespace openshift-ptp found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site1-ptp-config-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site1-sriov-dpdk-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site1-sriov-dpdk-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetworkNodePolicy","metadata":{"name":"xxvda4","namespace":"openshift-sriov-network-operator"},"spec":{"deviceType":"vfio-pci","isRdma":false,"mtu":1500,"nicSelector":{"deviceID":"159b","pfNames":["eno12399#0-1"],"vendor":"8086"},"nodeSelector":{"node-role.kubernetes.io/master":""},"numVfs":2,"priority":98,"resourceName":"xxvda4"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 2 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site1 policy.open-cluster-management.io/cluster-namespace: cloudransno-site1 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site1-sriov-dpdk-policy name: ztp-policies.cloudransno-site1-sriov-dpdk-policy namespace: cloudransno-site1 resourceVersion: "30835391" uid: ae2411ae-e790-4e77-b1aa-7850bccb777b spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site1-sriov-dpdk-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetworkNodePolicy metadata: name: xxvda4 namespace: openshift-sriov-network-operator spec: deviceType: vfio-pci isRdma: false mtu: 1500 nicSelector: deviceID: 159b pfNames: - eno12399#0-1 vendor: "8086" nodeSelector: node-role.kubernetes.io/master: "" numVfs: 2 priority: 98 resourceName: xxvda4 remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site1-sriov-dpdk-policy.172bda9790319c88 lastTimestamp: "2022-11-28T20:47:11Z" message: Compliant; notification - sriovnetworknodepolicies [xxvda4] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant - eventName: ztp-policies.cloudransno-site1-sriov-dpdk-policy.172bd6c612f0702c lastTimestamp: "2022-11-28T19:37:13Z" message: 'NonCompliant; violation - sriovnetworknodepolicies not found: [xxvda4] in namespace openshift-sriov-network-operator found but not as specified' - eventName: ztp-policies.cloudransno-site1-sriov-dpdk-policy.172a3836a71b6228 lastTimestamp: "2022-11-23T13:00:19Z" message: Compliant; notification - sriovnetworknodepolicies [xxvda4] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site1-sriov-dpdk-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site1-sriov-nw-dpdk-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site1-sriov-nw-dpdk-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetwork","metadata":{"name":"intel-netdevice-e810","namespace":"openshift-sriov-network-operator"},"spec":{"ipam":"{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \"address\": \"10.10.131.2/24\",\n \"gateway\": \"10.10.131.1\"\n }\n ]\n}","networkNamespace":"vdu","resourceName":"xxvda4","spoofChk":"off","trust":"on","vlan":131}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site1 policy.open-cluster-management.io/cluster-namespace: cloudransno-site1 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site1-sriov-nw-dpdk-policy name: ztp-policies.cloudransno-site1-sriov-nw-dpdk-policy namespace: cloudransno-site1 resourceVersion: "3275812" uid: 362857e5-74fe-4791-b28b-0cc3863aaa2f spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site1-sriov-nw-dpdk-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetwork metadata: name: intel-netdevice-e810 namespace: openshift-sriov-network-operator spec: ipam: "{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \ \"address\": \"10.10.131.2/24\",\n \"gateway\": \"10.10.131.1\"\n }\n ]\n}" networkNamespace: vdu resourceName: xxvda4 spoofChk: "off" trust: "on" vlan: 131 remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site1-sriov-nw-dpdk-policy.172a38344ddc49dc lastTimestamp: "2022-11-23T13:00:09Z" message: Compliant; notification - sriovnetworks [intel-netdevice-e810] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site1-sriov-nw-dpdk-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site1-tuned-perf-patch-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site1-tuned-perf-patch-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"tuned.openshift.io/v1","kind":"Tuned","metadata":{"name":"performance-patch","namespace":"openshift-cluster-node-tuning-operator"},"spec":{"profile":[{"data":"[main]\nsummary=Configuration changes profile inherited from performance created tuned\ninclude=openshift-node-performance-sno-perfprofile\n[bootloader]\ncmdline_crash=nohz_full=2-27,30-55\n[sysctl]\nkernel.timer_migration=1\n[scheduler]\ngroup.ice-ptp=0:f:10:*:ice-ptp.*\n[service]\nservice.stalld=start,enable\nservice.chronyd=stop,disable\n","name":"performance-patch"}],"recommend":[{"machineConfigLabels":{"machineconfiguration.openshift.io/role":"master"},"priority":19,"profile":"performance-patch"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site1 policy.open-cluster-management.io/cluster-namespace: cloudransno-site1 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site1-tuned-perf-patch-policy name: ztp-policies.cloudransno-site1-tuned-perf-patch-policy namespace: cloudransno-site1 resourceVersion: "3275809" uid: abdb9f43-85b4-4110-9fac-419ea4365cf0 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site1-tuned-perf-patch-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: tuned.openshift.io/v1 kind: Tuned metadata: name: performance-patch namespace: openshift-cluster-node-tuning-operator spec: profile: - data: | [main] summary=Configuration changes profile inherited from performance created tuned include=openshift-node-performance-sno-perfprofile [bootloader] cmdline_crash=nohz_full=2-27,30-55 [sysctl] kernel.timer_migration=1 [scheduler] group.ice-ptp=0:f:10:*:ice-ptp.* [service] service.stalld=start,enable service.chronyd=stop,disable name: performance-patch recommend: - machineConfigLabels: machineconfiguration.openshift.io/role: master priority: 19 profile: performance-patch remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site1-tuned-perf-patch-policy.172a38344b77c333 lastTimestamp: "2022-11-23T13:00:09Z" message: Compliant; notification - tuneds [performance-patch] in namespace openshift-cluster-node-tuning-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site1-tuned-perf-patch-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-kdump-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-kdump-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"machineconfiguration.openshift.io/v1","kind":"MachineConfig","metadata":{"labels":{"machineconfiguration.openshift.io/role":"master"},"name":"06-kdump-enable-master"},"spec":{"config":{"ignition":{"version":"3.2.0"},"systemd":{"units":[{"enabled":true,"name":"kdump.service"}]}},"kernelArguments":["crashkernel=256M"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site2 policy.open-cluster-management.io/cluster-namespace: cloudransno-site2 policy.open-cluster-management.io/root-policy: ztp-common.common-kdump-policy name: ztp-common.common-kdump-policy namespace: cloudransno-site2 resourceVersion: "3276949" uid: 2ed86a32-1861-4b14-a111-4c28ffa8b72a spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-kdump-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: 06-kdump-enable-master spec: config: ignition: version: 3.2.0 systemd: units: - enabled: true name: kdump.service kernelArguments: - crashkernel=256M remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-kdump-policy.172a38387ceca2c1 lastTimestamp: "2022-11-23T13:00:27Z" message: Compliant; notification - machineconfigs [06-kdump-enable-master] found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-kdump-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"1"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-mon-offload-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-mon-offload-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","data":{"config.yaml":"grafana:\n enabled: false\nalertmanagerMain:\n enabled: false\nprometheusK8s:\n retention: 24h\n"},"kind":"ConfigMap","metadata":{"name":"cluster-monitoring-config","namespace":"openshift-monitoring"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "1" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site2 policy.open-cluster-management.io/cluster-namespace: cloudransno-site2 policy.open-cluster-management.io/root-policy: ztp-common.common-mon-offload-policy name: ztp-common.common-mon-offload-policy namespace: cloudransno-site2 resourceVersion: "3276952" uid: 5bb80533-019a-4b9f-8a23-82f218988284 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-mon-offload-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 data: config.yaml: | grafana: enabled: false alertmanagerMain: enabled: false prometheusK8s: retention: 24h kind: ConfigMap metadata: name: cluster-monitoring-config namespace: openshift-monitoring remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-mon-offload-policy.172a38387efb3393 lastTimestamp: "2022-11-23T13:00:27Z" message: Compliant; notification - configmaps [cluster-monitoring-config] in namespace openshift-monitoring found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-mon-offload-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-pao-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-pao-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"performance-addon-operator","namespace":"openshift-performance-addon-operator"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"performance-addon-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/cluster-monitoring":"true"},"name":"openshift-performance-addon-operator"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"performance-addon-operator","namespace":"openshift-performance-addon-operator"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site2 policy.open-cluster-management.io/cluster-namespace: cloudransno-site2 policy.open-cluster-management.io/root-policy: ztp-common.common-pao-sub-policy name: ztp-common.common-pao-sub-policy namespace: cloudransno-site2 resourceVersion: "3276982" uid: bf47a021-1a49-4e2b-8671-d0d90cf048a0 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-pao-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: performance-addon-operator namespace: openshift-performance-addon-operator spec: channel: "4.10" installPlanApproval: Automatic name: performance-addon-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/cluster-monitoring: "true" name: openshift-performance-addon-operator - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: performance-addon-operator namespace: openshift-performance-addon-operator remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-pao-sub-policy.172a3838890680b2 lastTimestamp: "2022-11-23T13:00:27Z" message: Compliant; notification - subscriptions [performance-addon-operator] in namespace openshift-performance-addon-operator found as specified, therefore this Object template is compliant; notification - namespaces [openshift-performance-addon-operator] found as specified, therefore this Object template is compliant; notification - operatorgroups [performance-addon-operator] in namespace openshift-performance-addon-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-pao-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-ptp-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-ptp-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"ptp-operator-subscription","namespace":"openshift-ptp"},"spec":{"channel":"stable","installPlanApproval":"Automatic","name":"ptp-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/cluster-monitoring":"true"},"name":"openshift-ptp"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"ptp-operators","namespace":"openshift-ptp"},"spec":{"targetNamespaces":["openshift-ptp"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site2 policy.open-cluster-management.io/cluster-namespace: cloudransno-site2 policy.open-cluster-management.io/root-policy: ztp-common.common-ptp-sub-policy name: ztp-common.common-ptp-sub-policy namespace: cloudransno-site2 resourceVersion: "33946499" uid: b547368d-60e6-40b2-b493-d63ed330b909 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-ptp-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ptp-operator-subscription namespace: openshift-ptp spec: channel: stable installPlanApproval: Automatic name: ptp-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/cluster-monitoring: "true" name: openshift-ptp - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: ptp-operators namespace: openshift-ptp spec: targetNamespaces: - openshift-ptp remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-ptp-sub-policy.172c09641e06e0a3 lastTimestamp: "2022-11-29T11:04:47Z" message: Compliant; notification - subscriptions [ptp-operator-subscription] in namespace openshift-ptp found as specified, therefore this Object template is compliant; notification - namespaces [openshift-ptp] found as specified, therefore this Object template is compliant; notification - operatorgroups [ptp-operators] in namespace openshift-ptp found as specified, therefore this Object template is compliant - eventName: ztp-common.common-ptp-sub-policy.172c095fd0b80907 lastTimestamp: "2022-11-29T11:04:28Z" message: 'NonCompliant; violation - subscriptions not found: [ptp-operator-subscription] in namespace openshift-ptp found but not as specified; notification - namespaces [openshift-ptp] found as specified, therefore this Object template is compliant; notification - operatorgroups [ptp-operators] in namespace openshift-ptp found as specified, therefore this Object template is compliant' - eventName: ztp-common.common-ptp-sub-policy.172a383ae3fb82d8 lastTimestamp: "2022-11-23T13:00:37Z" message: Compliant; notification - subscriptions [ptp-operator-subscription] in namespace openshift-ptp found as specified, therefore this Object template is compliant; notification - namespaces [openshift-ptp] found as specified, therefore this Object template is compliant; notification - operatorgroups [ptp-operators] in namespace openshift-ptp found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-ptp-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-sriov-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-sriov-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"sriov-network-operator-subscription","namespace":"openshift-sriov-network-operator"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"sriov-network-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/run-level":"1"},"name":"openshift-sriov-network-operator"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"sriov-network-operators","namespace":"openshift-sriov-network-operator"},"spec":{"targetNamespaces":["openshift-sriov-network-operator"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site2 policy.open-cluster-management.io/cluster-namespace: cloudransno-site2 policy.open-cluster-management.io/root-policy: ztp-common.common-sriov-sub-policy name: ztp-common.common-sriov-sub-policy namespace: cloudransno-site2 resourceVersion: "33946476" uid: 8fe7e8be-8689-4a84-bc80-5cea591037b7 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-sriov-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: sriov-network-operator-subscription namespace: openshift-sriov-network-operator spec: channel: "4.10" installPlanApproval: Automatic name: sriov-network-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/run-level: "1" name: openshift-sriov-network-operator - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: sriov-network-operators namespace: openshift-sriov-network-operator spec: targetNamespaces: - openshift-sriov-network-operator remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-sriov-sub-policy.172c0964118e1184 lastTimestamp: "2022-11-29T11:04:47Z" message: Compliant; notification - subscriptions [sriov-network-operator-subscription] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant; notification - namespaces [openshift-sriov-network-operator] found as specified, therefore this Object template is compliant; notification - operatorgroups [sriov-network-operators] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant - eventName: ztp-common.common-sriov-sub-policy.172c095f6c0b45a3 lastTimestamp: "2022-11-29T11:04:27Z" message: 'NonCompliant; violation - subscriptions not found: [sriov-network-operator-subscription] in namespace openshift-sriov-network-operator found but not as specified; notification - namespaces [openshift-sriov-network-operator] found as specified, therefore this Object template is compliant; notification - operatorgroups [sriov-network-operators] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant' - eventName: ztp-common.common-sriov-sub-policy.172a383881fd99e3 lastTimestamp: "2022-11-23T13:00:27Z" message: Compliant; notification - subscriptions [sriov-network-operator-subscription] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant; notification - namespaces [openshift-sriov-network-operator] found as specified, therefore this Object template is compliant; notification - operatorgroups [sriov-network-operators] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-sriov-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-storage-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-storage-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"name":"openshift-local-storage"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"openshift-local-storage","namespace":"openshift-local-storage"},"spec":{"targetNamespaces":["openshift-local-storage"]}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"local-storage-operator","namespace":"openshift-local-storage"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"local-storage-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site2 policy.open-cluster-management.io/cluster-namespace: cloudransno-site2 policy.open-cluster-management.io/root-policy: ztp-common.common-storage-sub-policy name: ztp-common.common-storage-sub-policy namespace: cloudransno-site2 resourceVersion: "3277651" uid: fe9f7caf-a083-4365-bc81-51df8950da54 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-storage-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management name: openshift-local-storage - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: openshift-local-storage namespace: openshift-local-storage spec: targetNamespaces: - openshift-local-storage - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: local-storage-operator namespace: openshift-local-storage spec: channel: "4.10" installPlanApproval: Automatic name: local-storage-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-storage-sub-policy.172a383af031bcb2 lastTimestamp: "2022-11-23T13:00:37Z" message: Compliant; notification - namespaces [openshift-local-storage] found as specified, therefore this Object template is compliant; notification - operatorgroups [openshift-local-storage] in namespace openshift-local-storage found as specified, therefore this Object template is compliant; notification - subscriptions [local-storage-operator] in namespace openshift-local-storage found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-storage-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-subscriptions-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-subscriptions-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"name":"vran-acceleration-operators"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"vran-operators","namespace":"vran-acceleration-operators"},"spec":{"targetNamespaces":["vran-acceleration-operators"]}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"sriov-fec-subscription","namespace":"vran-acceleration-operators"},"spec":{"channel":"stable","installPlanApproval":"Manual","name":"sriov-fec","source":"certified-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site2 policy.open-cluster-management.io/cluster-namespace: cloudransno-site2 policy.open-cluster-management.io/root-policy: ztp-common.common-subscriptions-policy name: ztp-common.common-subscriptions-policy namespace: cloudransno-site2 resourceVersion: "3277634" uid: f3c93d80-3005-4f5b-80aa-ad29f7706850 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-subscriptions-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: name: vran-acceleration-operators - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: vran-operators namespace: vran-acceleration-operators spec: targetNamespaces: - vran-acceleration-operators - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: sriov-fec-subscription namespace: vran-acceleration-operators spec: channel: stable installPlanApproval: Manual name: sriov-fec source: certified-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-subscriptions-policy.172a383ae1ddadf1 lastTimestamp: "2022-11-23T13:00:37Z" message: Compliant; notification - namespaces [vran-acceleration-operators] found as specified, therefore this Object template is compliant; notification - operatorgroups [vran-operators] in namespace vran-acceleration-operators found as specified, therefore this Object template is compliant; notification - subscriptions [sriov-fec-subscription] in namespace vran-acceleration-operators found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-subscriptions-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"group-du-sno-mc-sctp-policy","namespace":"ztp-group-du-sno"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"group-du-sno-mc-sctp-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"machineconfiguration.openshift.io/v1","kind":"MachineConfig","metadata":{"labels":{"machineconfiguration.openshift.io/role":"master"},"name":"load-sctp-module-master"},"spec":{"config":{"ignition":{"version":"2.2.0"},"storage":{"files":[{"contents":{"source":"data:,","verification":{}},"filesystem":"root","mode":420,"path":"/etc/modprobe.d/sctp-blacklist.conf"},{"contents":{"source":"data:text/plain;charset=utf-8,sctp"},"filesystem":"root","mode":420,"path":"/etc/modules-load.d/sctp-load.conf"}]}}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site2 policy.open-cluster-management.io/cluster-namespace: cloudransno-site2 policy.open-cluster-management.io/root-policy: ztp-group-du-sno.group-du-sno-mc-sctp-policy name: ztp-group-du-sno.group-du-sno-mc-sctp-policy namespace: cloudransno-site2 resourceVersion: "3278292" uid: 4eaf3f68-cdba-4d79-978c-b7e24faf6de6 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: group-du-sno-mc-sctp-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: load-sctp-module-master spec: config: ignition: version: 2.2.0 storage: files: - contents: source: data:, verification: {} filesystem: root mode: 420 path: /etc/modprobe.d/sctp-blacklist.conf - contents: source: data:text/plain;charset=utf-8,sctp filesystem: root mode: 420 path: /etc/modules-load.d/sctp-load.conf remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-group-du-sno.group-du-sno-mc-sctp-policy.172a383d49e2b00a lastTimestamp: "2022-11-23T13:00:47Z" message: Compliant; notification - machineconfigs [load-sctp-module-master] found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: group-du-sno-mc-sctp-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site2-perfprofile-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site2-perfprofile-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"performance.openshift.io/v2","kind":"PerformanceProfile","metadata":{"annotations":{"kubeletconfig.experimental":"{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n"},"name":"sno-perfprofile"},"spec":{"additionalKernelArgs":["firmware_class.path=/var/lib/firmware/","idle=poll","nohz_full=2-27,30-55","rcupdate.rcu_normal_after_boot=0","efi=runtime","intel_idle.max_cstate=0","intel_pstate=disable","numa_balancing=disable"],"cpu":{"isolated":"2-27,30-55","reserved":"0-1,28-29"},"hugepages":{"defaultHugepagesSize":"1G","pages":[{"count":8,"node":0,"size":"1G"}]},"machineConfigPoolSelector":{"pools.operator.machineconfiguration.openshift.io/master":""},"net":{"userLevelNetworking":true},"nodeSelector":{"node-role.kubernetes.io/master":""},"numa":{"topologyPolicy":"restricted"},"realTimeKernel":{"enabled":true}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site2 policy.open-cluster-management.io/cluster-namespace: cloudransno-site2 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site2-perfprofile-policy name: ztp-policies.cloudransno-site2-perfprofile-policy namespace: cloudransno-site2 resourceVersion: "3275660" uid: dac8f87f-635e-482e-b54d-973cffc641c4 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site2-perfprofile-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: performance.openshift.io/v2 kind: PerformanceProfile metadata: annotations: kubeletconfig.experimental: "{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n" name: sno-perfprofile spec: additionalKernelArgs: - firmware_class.path=/var/lib/firmware/ - idle=poll - nohz_full=2-27,30-55 - rcupdate.rcu_normal_after_boot=0 - efi=runtime - intel_idle.max_cstate=0 - intel_pstate=disable - numa_balancing=disable cpu: isolated: 2-27,30-55 reserved: 0-1,28-29 hugepages: defaultHugepagesSize: 1G pages: - count: 8 node: 0 size: 1G machineConfigPoolSelector: pools.operator.machineconfiguration.openshift.io/master: "" net: userLevelNetworking: true nodeSelector: node-role.kubernetes.io/master: "" numa: topologyPolicy: restricted realTimeKernel: enabled: true remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site2-perfprofile-policy.172a3833ca23e414 lastTimestamp: "2022-11-23T13:00:06Z" message: Compliant; notification - performanceprofiles [sno-perfprofile] found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site2-perfprofile-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site2-ptp-config-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site2-ptp-config-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"ptp.openshift.io/v1","kind":"PtpConfig","metadata":{"name":"du-slave","namespace":"openshift-ptp"},"spec":{"profile":[{"interface":"eno12409","name":"slave","phc2sysOpts":"-a -r -n 24 -u 2","ptp4lConf":"[global]\n#\n# Default Data Set\n#\ntwoStepFlag 1\nslaveOnly 0\npriority1 128\npriority2 128\ndomainNumber 24\n#utc_offset 37\nclockClass 248\nclockAccuracy 0xFE\noffsetScaledLogVariance 0xFFFF\nfree_running 0\nfreq_est_interval 1\ndscp_event 0\ndscp_general 0\ndataset_comparison ieee1588\nG.8275.defaultDS.localPriority 128\n#\n# Port Data Set\n#\nlogAnnounceInterval -3\nlogSyncInterval -4\nlogMinDelayReqInterval -4\nlogMinPdelayReqInterval -4\nannounceReceiptTimeout 3\nsyncReceiptTimeout 0\ndelayAsymmetry 0\nfault_reset_interval -128\nneighborPropDelayThresh 20000000\nmasterOnly 0\nG.8275.portDS.localPriority 128\n#\n# Run time options\n#\nassume_two_step 0\nlogging_level 6\npath_trace_enabled 0\nfollow_up_info 0\nhybrid_e2e 0\ninhibit_multicast_service 0\nnet_sync_monitor 0\ntc_spanning_tree 0\ntx_timestamp_timeout 10\nunicast_listen 0\nunicast_master_table 0\nunicast_req_duration 3600\nuse_syslog 1\nverbose 0\nsummary_interval 0\nkernel_leap 1\ncheck_fup_sync 0\n#\n# Servo Options\n#\npi_proportional_const 0.0\npi_integral_const 0.0\npi_proportional_scale 0.0\npi_proportional_exponent -0.3\npi_proportional_norm_max 0.7\npi_integral_scale 0.0\npi_integral_exponent 0.4\npi_integral_norm_max 0.3\nstep_threshold 0.0\nfirst_step_threshold 0.00002\nmax_frequency 900000000\nclock_servo pi\nsanity_freq_limit 200000000\nntpshm_segment 0\n#\n# Transport options\n#\ntransportSpecific 0x0\nptp_dst_mac 01:1B:19:00:00:00\np2p_dst_mac 01:80:C2:00:00:0E\nudp_ttl 1\nudp6_scope 0x0E\nuds_address /var/run/ptp4l\n#\n# Default interface options\n#\nclock_type OC\nnetwork_transport UDPv4\ndelay_mechanism E2E\ntime_stamping hardware\ntsproc_mode filter\ndelay_filter moving_median\ndelay_filter_length 10\negressLatency 0\ningressLatency 0\nboundary_clock_jbod 0\n#\n# Clock description\n#\nproductDescription ;;\nrevisionData ;;\nmanufacturerIdentity 00:00:00\nuserDescription ;\ntimeSource 0xA0\n","ptp4lOpts":"-2 -s"}],"recommend":[{"match":[{"nodeLabel":"node-role.kubernetes.io/master"}],"priority":4,"profile":"slave"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site2 policy.open-cluster-management.io/cluster-namespace: cloudransno-site2 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site2-ptp-config-policy name: ztp-policies.cloudransno-site2-ptp-config-policy namespace: cloudransno-site2 resourceVersion: "3276303" uid: c3d2730b-6261-4543-bd7b-0e1c806c8e36 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site2-ptp-config-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: ptp.openshift.io/v1 kind: PtpConfig metadata: name: du-slave namespace: openshift-ptp spec: profile: - interface: eno12409 name: slave phc2sysOpts: -a -r -n 24 -u 2 ptp4lConf: | [global] # # Default Data Set # twoStepFlag 1 slaveOnly 0 priority1 128 priority2 128 domainNumber 24 #utc_offset 37 clockClass 248 clockAccuracy 0xFE offsetScaledLogVariance 0xFFFF free_running 0 freq_est_interval 1 dscp_event 0 dscp_general 0 dataset_comparison ieee1588 G.8275.defaultDS.localPriority 128 # # Port Data Set # logAnnounceInterval -3 logSyncInterval -4 logMinDelayReqInterval -4 logMinPdelayReqInterval -4 announceReceiptTimeout 3 syncReceiptTimeout 0 delayAsymmetry 0 fault_reset_interval -128 neighborPropDelayThresh 20000000 masterOnly 0 G.8275.portDS.localPriority 128 # # Run time options # assume_two_step 0 logging_level 6 path_trace_enabled 0 follow_up_info 0 hybrid_e2e 0 inhibit_multicast_service 0 net_sync_monitor 0 tc_spanning_tree 0 tx_timestamp_timeout 10 unicast_listen 0 unicast_master_table 0 unicast_req_duration 3600 use_syslog 1 verbose 0 summary_interval 0 kernel_leap 1 check_fup_sync 0 # # Servo Options # pi_proportional_const 0.0 pi_integral_const 0.0 pi_proportional_scale 0.0 pi_proportional_exponent -0.3 pi_proportional_norm_max 0.7 pi_integral_scale 0.0 pi_integral_exponent 0.4 pi_integral_norm_max 0.3 step_threshold 0.0 first_step_threshold 0.00002 max_frequency 900000000 clock_servo pi sanity_freq_limit 200000000 ntpshm_segment 0 # # Transport options # transportSpecific 0x0 ptp_dst_mac 01:1B:19:00:00:00 p2p_dst_mac 01:80:C2:00:00:0E udp_ttl 1 udp6_scope 0x0E uds_address /var/run/ptp4l # # Default interface options # clock_type OC network_transport UDPv4 delay_mechanism E2E time_stamping hardware tsproc_mode filter delay_filter moving_median delay_filter_length 10 egressLatency 0 ingressLatency 0 boundary_clock_jbod 0 # # Clock description # productDescription ;; revisionData ;; manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 ptp4lOpts: -2 -s recommend: - match: - nodeLabel: node-role.kubernetes.io/master priority: 4 profile: slave remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site2-ptp-config-policy.172a3836230688da lastTimestamp: "2022-11-23T13:00:17Z" message: Compliant; notification - ptpconfigs [du-slave] in namespace openshift-ptp found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site2-ptp-config-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site2-sriov-nw-ping-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site2-sriov-nw-ping-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetwork","metadata":{"name":"intel-netdevice-e810","namespace":"openshift-sriov-network-operator"},"spec":{"ipam":"{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \"address\": \"10.10.141.2/24\",\n \"gateway\": \"10.10.141.1\"\n }\n ]\n}","networkNamespace":"test","resourceName":"xxvda4","spoofChk":"off","trust":"on","vlan":141}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site2 policy.open-cluster-management.io/cluster-namespace: cloudransno-site2 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site2-sriov-nw-ping-policy name: ztp-policies.cloudransno-site2-sriov-nw-ping-policy namespace: cloudransno-site2 resourceVersion: "3276300" uid: f3c5644b-b69d-413d-ab1e-ef259a337a48 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site2-sriov-nw-ping-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetwork metadata: name: intel-netdevice-e810 namespace: openshift-sriov-network-operator spec: ipam: "{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \ \"address\": \"10.10.141.2/24\",\n \"gateway\": \"10.10.141.1\"\n }\n ]\n}" networkNamespace: test resourceName: xxvda4 spoofChk: "off" trust: "on" vlan: 141 remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site2-sriov-nw-ping-policy.172a383620ecf4d2 lastTimestamp: "2022-11-23T13:00:17Z" message: Compliant; notification - sriovnetworks [intel-netdevice-e810] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site2-sriov-nw-ping-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site2-sriov-ping-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site2-sriov-ping-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetworkNodePolicy","metadata":{"name":"xxvda4","namespace":"openshift-sriov-network-operator"},"spec":{"deviceType":"netdevice","isRdma":false,"mtu":1500,"nicSelector":{"deviceID":"159b","pfNames":["eno12399#0-7"],"vendor":"8086"},"nodeSelector":{"node-role.kubernetes.io/master":""},"numVfs":8,"priority":98,"resourceName":"xxvda4"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site2 policy.open-cluster-management.io/cluster-namespace: cloudransno-site2 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site2-sriov-ping-policy name: ztp-policies.cloudransno-site2-sriov-ping-policy namespace: cloudransno-site2 resourceVersion: "3275652" uid: fc5853ee-d0cd-4142-a8f8-c802d0b6dbcd spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site2-sriov-ping-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetworkNodePolicy metadata: name: xxvda4 namespace: openshift-sriov-network-operator spec: deviceType: netdevice isRdma: false mtu: 1500 nicSelector: deviceID: 159b pfNames: - eno12399#0-7 vendor: "8086" nodeSelector: node-role.kubernetes.io/master: "" numVfs: 8 priority: 98 resourceName: xxvda4 remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site2-sriov-ping-policy.172a3833c82f80dc lastTimestamp: "2022-11-23T13:00:06Z" message: Compliant; notification - sriovnetworknodepolicies [xxvda4] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site2-sriov-ping-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site2-tuned-perf-patch-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site2-tuned-perf-patch-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"tuned.openshift.io/v1","kind":"Tuned","metadata":{"name":"performance-patch","namespace":"openshift-cluster-node-tuning-operator"},"spec":{"profile":[{"data":"[main]\nsummary=Configuration changes profile inherited from performance created tuned\ninclude=openshift-node-performance-sno-perfprofile\n[bootloader]\ncmdline_crash=nohz_full=2-27,30-55\n[sysctl]\nkernel.timer_migration=1\n[scheduler]\ngroup.ice-ptp=0:f:10:*:ice-ptp.*\n[service]\nservice.stalld=start,enable\nservice.chronyd=stop,disable\n","name":"performance-patch"}],"recommend":[{"machineConfigLabels":{"machineconfiguration.openshift.io/role":"master"},"priority":19,"profile":"performance-patch"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site2 policy.open-cluster-management.io/cluster-namespace: cloudransno-site2 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site2-tuned-perf-patch-policy name: ztp-policies.cloudransno-site2-tuned-perf-patch-policy namespace: cloudransno-site2 resourceVersion: "3276307" uid: ae8da51e-1dfa-4186-8a17-085219738e9d spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site2-tuned-perf-patch-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: tuned.openshift.io/v1 kind: Tuned metadata: name: performance-patch namespace: openshift-cluster-node-tuning-operator spec: profile: - data: | [main] summary=Configuration changes profile inherited from performance created tuned include=openshift-node-performance-sno-perfprofile [bootloader] cmdline_crash=nohz_full=2-27,30-55 [sysctl] kernel.timer_migration=1 [scheduler] group.ice-ptp=0:f:10:*:ice-ptp.* [service] service.stalld=start,enable service.chronyd=stop,disable name: performance-patch recommend: - machineConfigLabels: machineconfiguration.openshift.io/role: master priority: 19 profile: performance-patch remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site2-tuned-perf-patch-policy.172a38362474a256 lastTimestamp: "2022-11-23T13:00:17Z" message: Compliant; notification - tuneds [performance-patch] in namespace openshift-cluster-node-tuning-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site2-tuned-perf-patch-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-kdump-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-kdump-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"machineconfiguration.openshift.io/v1","kind":"MachineConfig","metadata":{"labels":{"machineconfiguration.openshift.io/role":"master"},"name":"06-kdump-enable-master"},"spec":{"config":{"ignition":{"version":"3.2.0"},"systemd":{"units":[{"enabled":true,"name":"kdump.service"}]}},"kernelArguments":["crashkernel=256M"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site3 policy.open-cluster-management.io/cluster-namespace: cloudransno-site3 policy.open-cluster-management.io/root-policy: ztp-common.common-kdump-policy name: ztp-common.common-kdump-policy namespace: cloudransno-site3 resourceVersion: "3277151" uid: 93e8a519-7e74-43da-beee-149548be4bd7 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-kdump-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: 06-kdump-enable-master spec: config: ignition: version: 3.2.0 systemd: units: - enabled: true name: kdump.service kernelArguments: - crashkernel=256M remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-kdump-policy.172a3839162323c2 lastTimestamp: "2022-11-23T13:00:29Z" message: Compliant; notification - machineconfigs [06-kdump-enable-master] found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-kdump-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"1"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-mon-offload-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-mon-offload-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","data":{"config.yaml":"grafana:\n enabled: false\nalertmanagerMain:\n enabled: false\nprometheusK8s:\n retention: 24h\n"},"kind":"ConfigMap","metadata":{"name":"cluster-monitoring-config","namespace":"openshift-monitoring"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "1" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site3 policy.open-cluster-management.io/cluster-namespace: cloudransno-site3 policy.open-cluster-management.io/root-policy: ztp-common.common-mon-offload-policy name: ztp-common.common-mon-offload-policy namespace: cloudransno-site3 resourceVersion: "3277136" uid: e2a2bb0d-131d-43e1-a779-2a3b52d27f2a spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-mon-offload-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 data: config.yaml: | grafana: enabled: false alertmanagerMain: enabled: false prometheusK8s: retention: 24h kind: ConfigMap metadata: name: cluster-monitoring-config namespace: openshift-monitoring remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-mon-offload-policy.172a38391350f84c lastTimestamp: "2022-11-23T13:00:29Z" message: Compliant; notification - configmaps [cluster-monitoring-config] in namespace openshift-monitoring found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-mon-offload-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-pao-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-pao-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"performance-addon-operator","namespace":"openshift-performance-addon-operator"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"performance-addon-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/cluster-monitoring":"true"},"name":"openshift-performance-addon-operator"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"performance-addon-operator","namespace":"openshift-performance-addon-operator"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site3 policy.open-cluster-management.io/cluster-namespace: cloudransno-site3 policy.open-cluster-management.io/root-policy: ztp-common.common-pao-sub-policy name: ztp-common.common-pao-sub-policy namespace: cloudransno-site3 resourceVersion: "3277127" uid: 6b3b2a64-34fd-48d9-a10b-c881ff3bbf6e spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-pao-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: performance-addon-operator namespace: openshift-performance-addon-operator spec: channel: "4.10" installPlanApproval: Automatic name: performance-addon-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/cluster-monitoring: "true" name: openshift-performance-addon-operator - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: performance-addon-operator namespace: openshift-performance-addon-operator remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-pao-sub-policy.172a3839101f57cc lastTimestamp: "2022-11-23T13:00:29Z" message: Compliant; notification - subscriptions [performance-addon-operator] in namespace openshift-performance-addon-operator found as specified, therefore this Object template is compliant; notification - namespaces [openshift-performance-addon-operator] found as specified, therefore this Object template is compliant; notification - operatorgroups [performance-addon-operator] in namespace openshift-performance-addon-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-pao-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-ptp-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-ptp-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"ptp-operator-subscription","namespace":"openshift-ptp"},"spec":{"channel":"stable","installPlanApproval":"Automatic","name":"ptp-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/cluster-monitoring":"true"},"name":"openshift-ptp"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"ptp-operators","namespace":"openshift-ptp"},"spec":{"targetNamespaces":["openshift-ptp"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site3 policy.open-cluster-management.io/cluster-namespace: cloudransno-site3 policy.open-cluster-management.io/root-policy: ztp-common.common-ptp-sub-policy name: ztp-common.common-ptp-sub-policy namespace: cloudransno-site3 resourceVersion: "33971251" uid: ef808848-6373-4822-a5fa-63b98b8b8760 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-ptp-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ptp-operator-subscription namespace: openshift-ptp spec: channel: stable installPlanApproval: Automatic name: ptp-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/cluster-monitoring: "true" name: openshift-ptp - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: ptp-operators namespace: openshift-ptp spec: targetNamespaces: - openshift-ptp remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-ptp-sub-policy.172c09c277104da8 lastTimestamp: "2022-11-29T11:11:32Z" message: Compliant; notification - subscriptions [ptp-operator-subscription] in namespace openshift-ptp found as specified, therefore this Object template is compliant; notification - namespaces [openshift-ptp] found as specified, therefore this Object template is compliant; notification - operatorgroups [ptp-operators] in namespace openshift-ptp found as specified, therefore this Object template is compliant - eventName: ztp-common.common-ptp-sub-policy.172c09bfb916448a lastTimestamp: "2022-11-29T11:11:20Z" message: 'NonCompliant; violation - subscriptions not found: [ptp-operator-subscription] in namespace openshift-ptp found but not as specified; notification - namespaces [openshift-ptp] found as specified, therefore this Object template is compliant; notification - operatorgroups [ptp-operators] in namespace openshift-ptp found as specified, therefore this Object template is compliant' - eventName: ztp-common.common-ptp-sub-policy.172a383b7525122a lastTimestamp: "2022-11-23T13:00:39Z" message: Compliant; notification - subscriptions [ptp-operator-subscription] in namespace openshift-ptp found as specified, therefore this Object template is compliant; notification - namespaces [openshift-ptp] found as specified, therefore this Object template is compliant; notification - operatorgroups [ptp-operators] in namespace openshift-ptp found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-ptp-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-sriov-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-sriov-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"sriov-network-operator-subscription","namespace":"openshift-sriov-network-operator"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"sriov-network-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/run-level":"1"},"name":"openshift-sriov-network-operator"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"sriov-network-operators","namespace":"openshift-sriov-network-operator"},"spec":{"targetNamespaces":["openshift-sriov-network-operator"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site3 policy.open-cluster-management.io/cluster-namespace: cloudransno-site3 policy.open-cluster-management.io/root-policy: ztp-common.common-sriov-sub-policy name: ztp-common.common-sriov-sub-policy namespace: cloudransno-site3 resourceVersion: "33971823" uid: 4eb14ed4-ed90-4c3d-b3be-331fa877e863 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-sriov-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: sriov-network-operator-subscription namespace: openshift-sriov-network-operator spec: channel: "4.10" installPlanApproval: Automatic name: sriov-network-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/run-level: "1" name: openshift-sriov-network-operator - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: sriov-network-operators namespace: openshift-sriov-network-operator spec: targetNamespaces: - openshift-sriov-network-operator remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-sriov-sub-policy.172c09c4c2e8f059 lastTimestamp: "2022-11-29T11:11:42Z" message: Compliant; notification - subscriptions [sriov-network-operator-subscription] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant; notification - namespaces [openshift-sriov-network-operator] found as specified, therefore this Object template is compliant; notification - operatorgroups [sriov-network-operators] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant - eventName: ztp-common.common-sriov-sub-policy.172c09bfd1d1982e lastTimestamp: "2022-11-29T11:11:21Z" message: 'NonCompliant; violation - subscriptions not found: [sriov-network-operator-subscription] in namespace openshift-sriov-network-operator found but not as specified; notification - namespaces [openshift-sriov-network-operator] found as specified, therefore this Object template is compliant; notification - operatorgroups [sriov-network-operators] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant' - eventName: ztp-common.common-sriov-sub-policy.172a3838fed8069b lastTimestamp: "2022-11-23T13:00:29Z" message: Compliant; notification - subscriptions [sriov-network-operator-subscription] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant; notification - namespaces [openshift-sriov-network-operator] found as specified, therefore this Object template is compliant; notification - operatorgroups [sriov-network-operators] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-sriov-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-storage-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-storage-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"name":"openshift-local-storage"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"openshift-local-storage","namespace":"openshift-local-storage"},"spec":{"targetNamespaces":["openshift-local-storage"]}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"local-storage-operator","namespace":"openshift-local-storage"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"local-storage-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site3 policy.open-cluster-management.io/cluster-namespace: cloudransno-site3 policy.open-cluster-management.io/root-policy: ztp-common.common-storage-sub-policy name: ztp-common.common-storage-sub-policy namespace: cloudransno-site3 resourceVersion: "3277787" uid: a5af5ac7-618a-4a67-b67a-91e2cffd895e spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-storage-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management name: openshift-local-storage - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: openshift-local-storage namespace: openshift-local-storage spec: targetNamespaces: - openshift-local-storage - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: local-storage-operator namespace: openshift-local-storage spec: channel: "4.10" installPlanApproval: Automatic name: local-storage-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-storage-sub-policy.172a383b79dade45 lastTimestamp: "2022-11-23T13:00:39Z" message: Compliant; notification - namespaces [openshift-local-storage] found as specified, therefore this Object template is compliant; notification - operatorgroups [openshift-local-storage] in namespace openshift-local-storage found as specified, therefore this Object template is compliant; notification - subscriptions [local-storage-operator] in namespace openshift-local-storage found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-storage-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-subscriptions-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-subscriptions-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"name":"vran-acceleration-operators"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"vran-operators","namespace":"vran-acceleration-operators"},"spec":{"targetNamespaces":["vran-acceleration-operators"]}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"sriov-fec-subscription","namespace":"vran-acceleration-operators"},"spec":{"channel":"stable","installPlanApproval":"Manual","name":"sriov-fec","source":"certified-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site3 policy.open-cluster-management.io/cluster-namespace: cloudransno-site3 policy.open-cluster-management.io/root-policy: ztp-common.common-subscriptions-policy name: ztp-common.common-subscriptions-policy namespace: cloudransno-site3 resourceVersion: "3277779" uid: 422fc964-66fb-4512-8008-a593b3aaaf1c spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-subscriptions-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: name: vran-acceleration-operators - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: vran-operators namespace: vran-acceleration-operators spec: targetNamespaces: - vran-acceleration-operators - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: sriov-fec-subscription namespace: vran-acceleration-operators spec: channel: stable installPlanApproval: Manual name: sriov-fec source: certified-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-subscriptions-policy.172a383b6e3e8818 lastTimestamp: "2022-11-23T13:00:39Z" message: Compliant; notification - namespaces [vran-acceleration-operators] found as specified, therefore this Object template is compliant; notification - operatorgroups [vran-operators] in namespace vran-acceleration-operators found as specified, therefore this Object template is compliant; notification - subscriptions [sriov-fec-subscription] in namespace vran-acceleration-operators found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-subscriptions-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"group-du-sno-mc-sctp-policy","namespace":"ztp-group-du-sno"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"group-du-sno-mc-sctp-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"machineconfiguration.openshift.io/v1","kind":"MachineConfig","metadata":{"labels":{"machineconfiguration.openshift.io/role":"master"},"name":"load-sctp-module-master"},"spec":{"config":{"ignition":{"version":"2.2.0"},"storage":{"files":[{"contents":{"source":"data:,","verification":{}},"filesystem":"root","mode":420,"path":"/etc/modprobe.d/sctp-blacklist.conf"},{"contents":{"source":"data:text/plain;charset=utf-8,sctp"},"filesystem":"root","mode":420,"path":"/etc/modules-load.d/sctp-load.conf"}]}}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site3 policy.open-cluster-management.io/cluster-namespace: cloudransno-site3 policy.open-cluster-management.io/root-policy: ztp-group-du-sno.group-du-sno-mc-sctp-policy name: ztp-group-du-sno.group-du-sno-mc-sctp-policy namespace: cloudransno-site3 resourceVersion: "3278444" uid: 4cbca481-8a37-49b7-bbc5-e9f350988d7c spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: group-du-sno-mc-sctp-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: load-sctp-module-master spec: config: ignition: version: 2.2.0 storage: files: - contents: source: data:, verification: {} filesystem: root mode: 420 path: /etc/modprobe.d/sctp-blacklist.conf - contents: source: data:text/plain;charset=utf-8,sctp filesystem: root mode: 420 path: /etc/modules-load.d/sctp-load.conf remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-group-du-sno.group-du-sno-mc-sctp-policy.172a383ddac70f23 lastTimestamp: "2022-11-23T13:00:50Z" message: Compliant; notification - machineconfigs [load-sctp-module-master] found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: group-du-sno-mc-sctp-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site3-console-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site3-console-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operator.openshift.io/v1","kind":"Console","metadata":{"annotations":{"include.release.openshift.io/ibm-cloud-managed":"false","include.release.openshift.io/self-managed-high-availability":"false","include.release.openshift.io/single-node-developer":"false","release.openshift.io/create-only":"true"},"name":"cluster"},"spec":{"logLevel":"Normal","managementState":"Removed","operatorLogLevel":"Normal"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site3 policy.open-cluster-management.io/cluster-namespace: cloudransno-site3 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site3-console-policy name: ztp-policies.cloudransno-site3-console-policy namespace: cloudransno-site3 resourceVersion: "3275797" uid: 8796d2d6-7126-41a5-b026-201c5b8f2eb5 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site3-console-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operator.openshift.io/v1 kind: Console metadata: annotations: include.release.openshift.io/ibm-cloud-managed: "false" include.release.openshift.io/self-managed-high-availability: "false" include.release.openshift.io/single-node-developer: "false" release.openshift.io/create-only: "true" name: cluster spec: logLevel: Normal managementState: Removed operatorLogLevel: Normal remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site3-console-policy.172a383447363097 lastTimestamp: "2022-11-23T13:00:09Z" message: Compliant; notification - consoles [cluster] found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site3-console-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site3-perfprofile-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site3-perfprofile-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"performance.openshift.io/v2","kind":"PerformanceProfile","metadata":{"annotations":{"kubeletconfig.experimental":"{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n"},"name":"sno-perfprofile"},"spec":{"additionalKernelArgs":["firmware_class.path=/var/lib/firmware/","idle=poll","nohz_full=2-27,30-55","rcupdate.rcu_normal_after_boot=0","efi=runtime","intel_idle.max_cstate=0","intel_pstate=disable","numa_balancing=disable"],"cpu":{"isolated":"2-27,30-55","reserved":"0-1,28-29"},"hugepages":{"defaultHugepagesSize":"1G","pages":[{"count":8,"node":0,"size":"1G"}]},"machineConfigPoolSelector":{"pools.operator.machineconfiguration.openshift.io/master":""},"net":{"userLevelNetworking":true},"nodeSelector":{"node-role.kubernetes.io/master":""},"numa":{"topologyPolicy":"restricted"},"realTimeKernel":{"enabled":true}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site3 policy.open-cluster-management.io/cluster-namespace: cloudransno-site3 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site3-perfprofile-policy name: ztp-policies.cloudransno-site3-perfprofile-policy namespace: cloudransno-site3 resourceVersion: "3275790" uid: f2cb47bf-5aa5-47c6-a7ef-83b8ae42b68d spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site3-perfprofile-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: performance.openshift.io/v2 kind: PerformanceProfile metadata: annotations: kubeletconfig.experimental: "{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n" name: sno-perfprofile spec: additionalKernelArgs: - firmware_class.path=/var/lib/firmware/ - idle=poll - nohz_full=2-27,30-55 - rcupdate.rcu_normal_after_boot=0 - efi=runtime - intel_idle.max_cstate=0 - intel_pstate=disable - numa_balancing=disable cpu: isolated: 2-27,30-55 reserved: 0-1,28-29 hugepages: defaultHugepagesSize: 1G pages: - count: 8 node: 0 size: 1G machineConfigPoolSelector: pools.operator.machineconfiguration.openshift.io/master: "" net: userLevelNetworking: true nodeSelector: node-role.kubernetes.io/master: "" numa: topologyPolicy: restricted realTimeKernel: enabled: true remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site3-perfprofile-policy.172a383444273cd0 lastTimestamp: "2022-11-23T13:00:09Z" message: Compliant; notification - performanceprofiles [sno-perfprofile] found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site3-perfprofile-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site3-ptp-config-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site3-ptp-config-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"ptp.openshift.io/v1","kind":"PtpConfig","metadata":{"name":"du-slave","namespace":"openshift-ptp"},"spec":{"profile":[{"interface":"eno12409","name":"slave","phc2sysOpts":"-a -r -n 24 -u 2","ptp4lConf":"[global]\n#\n# Default Data Set\n#\ntwoStepFlag 1\nslaveOnly 0\npriority1 128\npriority2 128\ndomainNumber 24\n#utc_offset 37\nclockClass 248\nclockAccuracy 0xFE\noffsetScaledLogVariance 0xFFFF\nfree_running 0\nfreq_est_interval 1\ndscp_event 0\ndscp_general 0\ndataset_comparison ieee1588\nG.8275.defaultDS.localPriority 128\n#\n# Port Data Set\n#\nlogAnnounceInterval -3\nlogSyncInterval -4\nlogMinDelayReqInterval -4\nlogMinPdelayReqInterval -4\nannounceReceiptTimeout 3\nsyncReceiptTimeout 0\ndelayAsymmetry 0\nfault_reset_interval -128\nneighborPropDelayThresh 20000000\nmasterOnly 0\nG.8275.portDS.localPriority 128\n#\n# Run time options\n#\nassume_two_step 0\nlogging_level 6\npath_trace_enabled 0\nfollow_up_info 0\nhybrid_e2e 0\ninhibit_multicast_service 0\nnet_sync_monitor 0\ntc_spanning_tree 0\ntx_timestamp_timeout 10\nunicast_listen 0\nunicast_master_table 0\nunicast_req_duration 3600\nuse_syslog 1\nverbose 0\nsummary_interval 0\nkernel_leap 1\ncheck_fup_sync 0\n#\n# Servo Options\n#\npi_proportional_const 0.0\npi_integral_const 0.0\npi_proportional_scale 0.0\npi_proportional_exponent -0.3\npi_proportional_norm_max 0.7\npi_integral_scale 0.0\npi_integral_exponent 0.4\npi_integral_norm_max 0.3\nstep_threshold 0.0\nfirst_step_threshold 0.00002\nmax_frequency 900000000\nclock_servo pi\nsanity_freq_limit 200000000\nntpshm_segment 0\n#\n# Transport options\n#\ntransportSpecific 0x0\nptp_dst_mac 01:1B:19:00:00:00\np2p_dst_mac 01:80:C2:00:00:0E\nudp_ttl 1\nudp6_scope 0x0E\nuds_address /var/run/ptp4l\n#\n# Default interface options\n#\nclock_type OC\nnetwork_transport UDPv4\ndelay_mechanism E2E\ntime_stamping hardware\ntsproc_mode filter\ndelay_filter moving_median\ndelay_filter_length 10\negressLatency 0\ningressLatency 0\nboundary_clock_jbod 0\n#\n# Clock description\n#\nproductDescription ;;\nrevisionData ;;\nmanufacturerIdentity 00:00:00\nuserDescription ;\ntimeSource 0xA0\n","ptp4lOpts":"-2 -s"}],"recommend":[{"match":[{"nodeLabel":"node-role.kubernetes.io/master"}],"priority":4,"profile":"slave"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site3 policy.open-cluster-management.io/cluster-namespace: cloudransno-site3 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site3-ptp-config-policy name: ztp-policies.cloudransno-site3-ptp-config-policy namespace: cloudransno-site3 resourceVersion: "3276465" uid: bfa5c99b-3500-45d7-9a89-cc4ae7f1c5e3 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site3-ptp-config-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: ptp.openshift.io/v1 kind: PtpConfig metadata: name: du-slave namespace: openshift-ptp spec: profile: - interface: eno12409 name: slave phc2sysOpts: -a -r -n 24 -u 2 ptp4lConf: | [global] # # Default Data Set # twoStepFlag 1 slaveOnly 0 priority1 128 priority2 128 domainNumber 24 #utc_offset 37 clockClass 248 clockAccuracy 0xFE offsetScaledLogVariance 0xFFFF free_running 0 freq_est_interval 1 dscp_event 0 dscp_general 0 dataset_comparison ieee1588 G.8275.defaultDS.localPriority 128 # # Port Data Set # logAnnounceInterval -3 logSyncInterval -4 logMinDelayReqInterval -4 logMinPdelayReqInterval -4 announceReceiptTimeout 3 syncReceiptTimeout 0 delayAsymmetry 0 fault_reset_interval -128 neighborPropDelayThresh 20000000 masterOnly 0 G.8275.portDS.localPriority 128 # # Run time options # assume_two_step 0 logging_level 6 path_trace_enabled 0 follow_up_info 0 hybrid_e2e 0 inhibit_multicast_service 0 net_sync_monitor 0 tc_spanning_tree 0 tx_timestamp_timeout 10 unicast_listen 0 unicast_master_table 0 unicast_req_duration 3600 use_syslog 1 verbose 0 summary_interval 0 kernel_leap 1 check_fup_sync 0 # # Servo Options # pi_proportional_const 0.0 pi_integral_const 0.0 pi_proportional_scale 0.0 pi_proportional_exponent -0.3 pi_proportional_norm_max 0.7 pi_integral_scale 0.0 pi_integral_exponent 0.4 pi_integral_norm_max 0.3 step_threshold 0.0 first_step_threshold 0.00002 max_frequency 900000000 clock_servo pi sanity_freq_limit 200000000 ntpshm_segment 0 # # Transport options # transportSpecific 0x0 ptp_dst_mac 01:1B:19:00:00:00 p2p_dst_mac 01:80:C2:00:00:0E udp_ttl 1 udp6_scope 0x0E uds_address /var/run/ptp4l # # Default interface options # clock_type OC network_transport UDPv4 delay_mechanism E2E time_stamping hardware tsproc_mode filter delay_filter moving_median delay_filter_length 10 egressLatency 0 ingressLatency 0 boundary_clock_jbod 0 # # Clock description # productDescription ;; revisionData ;; manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 ptp4lOpts: -2 -s recommend: - match: - nodeLabel: node-role.kubernetes.io/master priority: 4 profile: slave remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site3-ptp-config-policy.172a3836a786195c lastTimestamp: "2022-11-23T13:00:19Z" message: Compliant; notification - ptpconfigs [du-slave] in namespace openshift-ptp found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site3-ptp-config-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site3-sriov-nw-ping-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site3-sriov-nw-ping-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetwork","metadata":{"name":"intel-netdevice-e810","namespace":"openshift-sriov-network-operator"},"spec":{"ipam":"{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \"address\": \"10.10.151.2/24\",\n \"gateway\": \"10.10.151.1\"\n }\n ]\n}","networkNamespace":"test","resourceName":"xxvda4","spoofChk":"off","trust":"on","vlan":151}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 3 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site3 policy.open-cluster-management.io/cluster-namespace: cloudransno-site3 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site3-sriov-nw-ping-policy name: ztp-policies.cloudransno-site3-sriov-nw-ping-policy namespace: cloudransno-site3 resourceVersion: "3344122" uid: a590919a-0131-43ba-bc62-954398f6c4ac spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site3-sriov-nw-ping-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetwork metadata: name: intel-netdevice-e810 namespace: openshift-sriov-network-operator spec: ipam: "{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \ \"address\": \"10.10.151.2/24\",\n \"gateway\": \"10.10.151.1\"\n }\n ]\n}" networkNamespace: test resourceName: xxvda4 spoofChk: "off" trust: "on" vlan: 151 remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site3-sriov-nw-ping-policy.172a3836a5846871 lastTimestamp: "2022-11-23T13:18:49Z" message: Compliant; notification - sriovnetworks [intel-netdevice-e810] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant - eventName: ztp-policies.cloudransno-site3-sriov-nw-ping-policy.172a386260276e52 lastTimestamp: "2022-11-23T13:18:27Z" message: 'NonCompliant; violation - sriovnetworks not found: [intel-netdevice-e810] in namespace openshift-sriov-network-operator found but not as specified' - eventName: ztp-policies.cloudransno-site3-sriov-nw-ping-policy.172a3836a5846871 lastTimestamp: "2022-11-23T13:04:11Z" message: Compliant; notification - sriovnetworks [intel-netdevice-e810] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant - eventName: ztp-policies.cloudransno-site3-sriov-nw-ping-policy.172a386260276e52 lastTimestamp: "2022-11-23T13:03:27Z" message: 'NonCompliant; violation - sriovnetworks not found: [intel-netdevice-e810] in namespace openshift-sriov-network-operator found but not as specified' - eventName: ztp-policies.cloudransno-site3-sriov-nw-ping-policy.172a3836a5846871 lastTimestamp: "2022-11-23T13:00:19Z" message: Compliant; notification - sriovnetworks [intel-netdevice-e810] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant - eventName: ztp-policies.cloudransno-site3-sriov-nw-ping-policy.172a32682bb1e380 lastTimestamp: "2022-11-23T11:30:50Z" message: Compliant; notification - sriovnetworks [intel-netdevice-e810] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant - eventName: ztp-policies.cloudransno-site3-sriov-nw-ping-policy.172a31c40371c170 lastTimestamp: "2022-11-23T11:30:29Z" message: 'NonCompliant; violation - sriovnetworks not found: [intel-netdevice-e810] in namespace openshift-sriov-network-operator found but not as specified' templateMeta: creationTimestamp: null name: cloudransno-site3-sriov-nw-ping-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site3-sriov-ping-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site3-sriov-ping-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetworkNodePolicy","metadata":{"name":"xxvda4","namespace":"openshift-sriov-network-operator"},"spec":{"deviceType":"netdevice","isRdma":false,"mtu":1500,"nicSelector":{"deviceID":"159b","pfNames":["eno12399#0-7"],"vendor":"8086"},"nodeSelector":{"node-role.kubernetes.io/master":""},"numVfs":8,"priority":98,"resourceName":"xxvda4"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 3 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site3 policy.open-cluster-management.io/cluster-namespace: cloudransno-site3 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site3-sriov-ping-policy name: ztp-policies.cloudransno-site3-sriov-ping-policy namespace: cloudransno-site3 resourceVersion: "3363314" uid: db3f1146-342e-48f3-a99a-efdfa0afc127 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site3-sriov-ping-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetworkNodePolicy metadata: name: xxvda4 namespace: openshift-sriov-network-operator spec: deviceType: netdevice isRdma: false mtu: 1500 nicSelector: deviceID: 159b pfNames: - eno12399#0-7 vendor: "8086" nodeSelector: node-role.kubernetes.io/master: "" numVfs: 8 priority: 98 resourceName: xxvda4 remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site3-sriov-ping-policy.172a38344178c857 lastTimestamp: "2022-11-23T13:24:05Z" message: Compliant; notification - sriovnetworknodepolicies [xxvda4] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant - eventName: ztp-policies.cloudransno-site3-sriov-ping-policy.172a3862ea0a7f03 lastTimestamp: "2022-11-23T13:18:38Z" message: 'NonCompliant; violation - sriovnetworknodepolicies not found: [xxvda4] in namespace openshift-sriov-network-operator found but not as specified' - eventName: ztp-policies.cloudransno-site3-sriov-ping-policy.172a38344178c857 lastTimestamp: "2022-11-23T13:08:58Z" message: Compliant; notification - sriovnetworknodepolicies [xxvda4] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant - eventName: ztp-policies.cloudransno-site3-sriov-ping-policy.172a3862ea0a7f03 lastTimestamp: "2022-11-23T13:03:29Z" message: 'NonCompliant; violation - sriovnetworknodepolicies not found: [xxvda4] in namespace openshift-sriov-network-operator found but not as specified' - eventName: ztp-policies.cloudransno-site3-sriov-ping-policy.172a38344178c857 lastTimestamp: "2022-11-23T13:00:08Z" message: Compliant; notification - sriovnetworknodepolicies [xxvda4] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant - eventName: ztp-policies.cloudransno-site3-sriov-ping-policy.172a34162a324350 lastTimestamp: "2022-11-23T11:44:41Z" message: Compliant; notification - sriovnetworknodepolicies [xxvda4] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant - eventName: ztp-policies.cloudransno-site3-sriov-ping-policy.172a31c19447fada lastTimestamp: "2022-11-23T11:30:18Z" message: 'NonCompliant; violation - sriovnetworknodepolicies not found: [xxvda4] in namespace openshift-sriov-network-operator found but not as specified' - eventName: ztp-policies.cloudransno-site3-sriov-ping-policy.172a32ad0bb9dd47 lastTimestamp: "2022-11-23T11:18:50Z" message: Compliant; notification - sriovnetworknodepolicies [xxvda4] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site3-sriov-ping-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site3-tuned-perf-patch-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site3-tuned-perf-patch-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"tuned.openshift.io/v1","kind":"Tuned","metadata":{"name":"performance-patch","namespace":"openshift-cluster-node-tuning-operator"},"spec":{"profile":[{"data":"[main]\nsummary=Configuration changes profile inherited from performance created tuned\ninclude=openshift-node-performance-sno-perfprofile\n[bootloader]\ncmdline_crash=nohz_full=2-27,30-55\n[sysctl]\nkernel.timer_migration=1\n[scheduler]\ngroup.ice-ptp=0:f:10:*:ice-ptp.*\n[service]\nservice.stalld=start,enable\nservice.chronyd=stop,disable\n","name":"performance-patch"}],"recommend":[{"machineConfigLabels":{"machineconfiguration.openshift.io/role":"master"},"priority":19,"profile":"performance-patch"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site3 policy.open-cluster-management.io/cluster-namespace: cloudransno-site3 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site3-tuned-perf-patch-policy name: ztp-policies.cloudransno-site3-tuned-perf-patch-policy namespace: cloudransno-site3 resourceVersion: "3276453" uid: 9dcc550e-75f2-410c-a1c2-b021d4b3e3ed spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site3-tuned-perf-patch-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: tuned.openshift.io/v1 kind: Tuned metadata: name: performance-patch namespace: openshift-cluster-node-tuning-operator spec: profile: - data: | [main] summary=Configuration changes profile inherited from performance created tuned include=openshift-node-performance-sno-perfprofile [bootloader] cmdline_crash=nohz_full=2-27,30-55 [sysctl] kernel.timer_migration=1 [scheduler] group.ice-ptp=0:f:10:*:ice-ptp.* [service] service.stalld=start,enable service.chronyd=stop,disable name: performance-patch recommend: - machineConfigLabels: machineconfiguration.openshift.io/role: master priority: 19 profile: performance-patch remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site3-tuned-perf-patch-policy.172a3836a33c2fd4 lastTimestamp: "2022-11-23T13:00:19Z" message: Compliant; notification - tuneds [performance-patch] in namespace openshift-cluster-node-tuning-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site3-tuned-perf-patch-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-kdump-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-kdump-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"machineconfiguration.openshift.io/v1","kind":"MachineConfig","metadata":{"labels":{"machineconfiguration.openshift.io/role":"master"},"name":"06-kdump-enable-master"},"spec":{"config":{"ignition":{"version":"3.2.0"},"systemd":{"units":[{"enabled":true,"name":"kdump.service"}]}},"kernelArguments":["crashkernel=256M"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site4 policy.open-cluster-management.io/cluster-namespace: cloudransno-site4 policy.open-cluster-management.io/root-policy: ztp-common.common-kdump-policy name: ztp-common.common-kdump-policy namespace: cloudransno-site4 resourceVersion: "3277398" uid: 912b1717-6b27-4c78-9cae-33c5d8980b1b spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-kdump-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: 06-kdump-enable-master spec: config: ignition: version: 3.2.0 systemd: units: - enabled: true name: kdump.service kernelArguments: - crashkernel=256M remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-kdump-policy.172a383a13a908d4 lastTimestamp: "2022-11-23T13:00:33Z" message: Compliant; notification - machineconfigs [06-kdump-enable-master] found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-kdump-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"1"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-mon-offload-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-mon-offload-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","data":{"config.yaml":"grafana:\n enabled: false\nalertmanagerMain:\n enabled: false\nprometheusK8s:\n retention: 24h\n"},"kind":"ConfigMap","metadata":{"name":"cluster-monitoring-config","namespace":"openshift-monitoring"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "1" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site4 policy.open-cluster-management.io/cluster-namespace: cloudransno-site4 policy.open-cluster-management.io/root-policy: ztp-common.common-mon-offload-policy name: ztp-common.common-mon-offload-policy namespace: cloudransno-site4 resourceVersion: "3277404" uid: dcc0760d-948a-4a8f-9f1e-a33aededecea spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-mon-offload-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 data: config.yaml: | grafana: enabled: false alertmanagerMain: enabled: false prometheusK8s: retention: 24h kind: ConfigMap metadata: name: cluster-monitoring-config namespace: openshift-monitoring remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-common.common-mon-offload-policy.172a383a16138fa4 lastTimestamp: "2022-11-23T13:00:34Z" message: 'NonCompliant; violation - configmaps not found: [cluster-monitoring-config] in namespace openshift-monitoring missing' templateMeta: creationTimestamp: null name: common-mon-offload-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-pao-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-pao-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"performance-addon-operator","namespace":"openshift-performance-addon-operator"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"performance-addon-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/cluster-monitoring":"true"},"name":"openshift-performance-addon-operator"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"performance-addon-operator","namespace":"openshift-performance-addon-operator"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site4 policy.open-cluster-management.io/cluster-namespace: cloudransno-site4 policy.open-cluster-management.io/root-policy: ztp-common.common-pao-sub-policy name: ztp-common.common-pao-sub-policy namespace: cloudransno-site4 resourceVersion: "3278455" uid: 95472617-1403-4314-85ae-af57d1b31cec spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-pao-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: performance-addon-operator namespace: openshift-performance-addon-operator spec: channel: "4.10" installPlanApproval: Automatic name: performance-addon-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/cluster-monitoring: "true" name: openshift-performance-addon-operator - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: performance-addon-operator namespace: openshift-performance-addon-operator remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-common.common-pao-sub-policy.172a383deadc61ce lastTimestamp: "2022-11-23T13:00:50Z" message: 'NonCompliant; violation - subscriptions not found: [performance-addon-operator] in namespace openshift-performance-addon-operator missing; violation - namespaces not found: [openshift-performance-addon-operator] missing; violation - operatorgroups not found: [performance-addon-operator] in namespace openshift-performance-addon-operator missing' templateMeta: creationTimestamp: null name: common-pao-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-ptp-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-ptp-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"ptp-operator-subscription","namespace":"openshift-ptp"},"spec":{"channel":"stable","installPlanApproval":"Automatic","name":"ptp-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/cluster-monitoring":"true"},"name":"openshift-ptp"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"ptp-operators","namespace":"openshift-ptp"},"spec":{"targetNamespaces":["openshift-ptp"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site4 policy.open-cluster-management.io/cluster-namespace: cloudransno-site4 policy.open-cluster-management.io/root-policy: ztp-common.common-ptp-sub-policy name: ztp-common.common-ptp-sub-policy namespace: cloudransno-site4 resourceVersion: "3277482" uid: 50d9de4b-7a6c-46b2-9c19-00addeb167dd spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-ptp-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ptp-operator-subscription namespace: openshift-ptp spec: channel: stable installPlanApproval: Automatic name: ptp-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/cluster-monitoring: "true" name: openshift-ptp - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: ptp-operators namespace: openshift-ptp spec: targetNamespaces: - openshift-ptp remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-common.common-ptp-sub-policy.172a383a1de4a76b lastTimestamp: "2022-11-23T13:00:34Z" message: 'NonCompliant; violation - subscriptions not found: [ptp-operator-subscription] in namespace openshift-ptp missing; violation - namespaces not found: [openshift-ptp] missing; violation - operatorgroups not found: [ptp-operators] in namespace openshift-ptp missing' templateMeta: creationTimestamp: null name: common-ptp-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-sriov-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-sriov-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"sriov-network-operator-subscription","namespace":"openshift-sriov-network-operator"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"sriov-network-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/run-level":"1"},"name":"openshift-sriov-network-operator"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"sriov-network-operators","namespace":"openshift-sriov-network-operator"},"spec":{"targetNamespaces":["openshift-sriov-network-operator"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site4 policy.open-cluster-management.io/cluster-namespace: cloudransno-site4 policy.open-cluster-management.io/root-policy: ztp-common.common-sriov-sub-policy name: ztp-common.common-sriov-sub-policy namespace: cloudransno-site4 resourceVersion: "3277457" uid: ad78a446-bec8-4b1f-93ff-6f311a65efe5 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-sriov-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: sriov-network-operator-subscription namespace: openshift-sriov-network-operator spec: channel: "4.10" installPlanApproval: Automatic name: sriov-network-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/run-level: "1" name: openshift-sriov-network-operator - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: sriov-network-operators namespace: openshift-sriov-network-operator spec: targetNamespaces: - openshift-sriov-network-operator remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-common.common-sriov-sub-policy.172a383a1cb0ab62 lastTimestamp: "2022-11-23T13:00:34Z" message: 'NonCompliant; violation - subscriptions not found: [sriov-network-operator-subscription] in namespace openshift-sriov-network-operator missing; violation - namespaces not found: [openshift-sriov-network-operator] missing; violation - operatorgroups not found: [sriov-network-operators] in namespace openshift-sriov-network-operator missing' templateMeta: creationTimestamp: null name: common-sriov-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-storage-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-storage-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"name":"openshift-local-storage"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"openshift-local-storage","namespace":"openshift-local-storage"},"spec":{"targetNamespaces":["openshift-local-storage"]}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"local-storage-operator","namespace":"openshift-local-storage"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"local-storage-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site4 policy.open-cluster-management.io/cluster-namespace: cloudransno-site4 policy.open-cluster-management.io/root-policy: ztp-common.common-storage-sub-policy name: ztp-common.common-storage-sub-policy namespace: cloudransno-site4 resourceVersion: "3278464" uid: 62aa4a17-7dff-40f3-ac9d-3bbba32f0c74 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-storage-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management name: openshift-local-storage - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: openshift-local-storage namespace: openshift-local-storage spec: targetNamespaces: - openshift-local-storage - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: local-storage-operator namespace: openshift-local-storage spec: channel: "4.10" installPlanApproval: Automatic name: local-storage-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-common.common-storage-sub-policy.172a383df3b3a743 lastTimestamp: "2022-11-23T13:00:50Z" message: 'NonCompliant; violation - namespaces not found: [openshift-local-storage] missing; violation - operatorgroups not found: [openshift-local-storage] in namespace openshift-local-storage missing; violation - subscriptions not found: [local-storage-operator] in namespace openshift-local-storage missing' templateMeta: creationTimestamp: null name: common-storage-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-subscriptions-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-subscriptions-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"name":"vran-acceleration-operators"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"vran-operators","namespace":"vran-acceleration-operators"},"spec":{"targetNamespaces":["vran-acceleration-operators"]}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"sriov-fec-subscription","namespace":"vran-acceleration-operators"},"spec":{"channel":"stable","installPlanApproval":"Manual","name":"sriov-fec","source":"certified-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site4 policy.open-cluster-management.io/cluster-namespace: cloudransno-site4 policy.open-cluster-management.io/root-policy: ztp-common.common-subscriptions-policy name: ztp-common.common-subscriptions-policy namespace: cloudransno-site4 resourceVersion: "3278458" uid: c4652369-fd23-46c6-bb74-2b25f8a16a75 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-subscriptions-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: name: vran-acceleration-operators - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: vran-operators namespace: vran-acceleration-operators spec: targetNamespaces: - vran-acceleration-operators - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: sriov-fec-subscription namespace: vran-acceleration-operators spec: channel: stable installPlanApproval: Manual name: sriov-fec source: certified-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-common.common-subscriptions-policy.172a383deddfcd38 lastTimestamp: "2022-11-23T13:00:50Z" message: 'NonCompliant; violation - namespaces not found: [vran-acceleration-operators] missing; violation - operatorgroups not found: [vran-operators] in namespace vran-acceleration-operators missing; violation - subscriptions not found: [sriov-fec-subscription] in namespace vran-acceleration-operators missing' templateMeta: creationTimestamp: null name: common-subscriptions-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"group-du-sno-mc-sctp-policy","namespace":"ztp-group-du-sno"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"group-du-sno-mc-sctp-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"machineconfiguration.openshift.io/v1","kind":"MachineConfig","metadata":{"labels":{"machineconfiguration.openshift.io/role":"master"},"name":"load-sctp-module-master"},"spec":{"config":{"ignition":{"version":"2.2.0"},"storage":{"files":[{"contents":{"source":"data:,","verification":{}},"filesystem":"root","mode":420,"path":"/etc/modprobe.d/sctp-blacklist.conf"},{"contents":{"source":"data:text/plain;charset=utf-8,sctp"},"filesystem":"root","mode":420,"path":"/etc/modules-load.d/sctp-load.conf"}]}}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site4 policy.open-cluster-management.io/cluster-namespace: cloudransno-site4 policy.open-cluster-management.io/root-policy: ztp-group-du-sno.group-du-sno-mc-sctp-policy name: ztp-group-du-sno.group-du-sno-mc-sctp-policy namespace: cloudransno-site4 resourceVersion: "3278470" uid: 9631f71b-add0-4a8f-8f3c-0e0a3b7a7d06 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: group-du-sno-mc-sctp-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: load-sctp-module-master spec: config: ignition: version: 2.2.0 storage: files: - contents: source: data:, verification: {} filesystem: root mode: 420 path: /etc/modprobe.d/sctp-blacklist.conf - contents: source: data:text/plain;charset=utf-8,sctp filesystem: root mode: 420 path: /etc/modules-load.d/sctp-load.conf remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-group-du-sno.group-du-sno-mc-sctp-policy.172a383df6a47b3b lastTimestamp: "2022-11-23T13:00:50Z" message: Compliant; notification - machineconfigs [load-sctp-module-master] found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: group-du-sno-mc-sctp-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site4-perf-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site4-perf-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"tuned.openshift.io/v1","kind":"Tuned","metadata":{"name":"performance-patch","namespace":"openshift-cluster-node-tuning-operator"},"spec":{"profile":[{"data":"[main]\nsummary=Configuration changes profile inherited from performance created tuned\ninclude=openshift-node-performance-performance-sno\n[bootloader]\ncmdline_crash=nohz_full=2-23,26-55\n[sysctl]\nkernel.timer_migration=1\n[scheduler]\n#group.ice-ptp=0:f:10:*:ice-ptp.*\n[service]\nservice.stalld=start,enable\n#service.chronyd=stop,disable\n","name":"performance-patch"}],"recommend":[{"machineConfigLabels":{"machineconfiguration.openshift.io/role":"master"},"priority":19,"profile":"performance-patch"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site4 policy.open-cluster-management.io/cluster-namespace: cloudransno-site4 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site4-perf-policy name: ztp-policies.cloudransno-site4-perf-policy namespace: cloudransno-site4 resourceVersion: "3277395" uid: cb7a4e69-260d-4e4b-9bf7-5b192e66ec2c spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site4-perf-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: tuned.openshift.io/v1 kind: Tuned metadata: name: performance-patch namespace: openshift-cluster-node-tuning-operator spec: profile: - data: | [main] summary=Configuration changes profile inherited from performance created tuned include=openshift-node-performance-performance-sno [bootloader] cmdline_crash=nohz_full=2-23,26-55 [sysctl] kernel.timer_migration=1 [scheduler] #group.ice-ptp=0:f:10:*:ice-ptp.* [service] service.stalld=start,enable #service.chronyd=stop,disable name: performance-patch recommend: - machineConfigLabels: machineconfiguration.openshift.io/role: master priority: 19 profile: performance-patch remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-policies.cloudransno-site4-perf-policy.172a383a1037ecf8 lastTimestamp: "2022-11-23T13:00:33Z" message: 'NonCompliant; violation - tuneds not found: [performance-patch] in namespace openshift-cluster-node-tuning-operator missing' templateMeta: creationTimestamp: null name: cloudransno-site4-perf-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site4-perfprofile-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site4-perfprofile-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"performance.openshift.io/v2","kind":"PerformanceProfile","metadata":{"annotations":{"kubeletconfig.experimental":"{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n"},"name":"performance-sno"},"spec":{"additionalKernelArgs":["firmware_class.path=/var/lib/firmware/","idle=poll","rcupdate.rcu_normal_after_boot=0","nohz_full=4-39,44-79"],"cpu":{"isolated":"4,6,8,10,12,14,16,18,20,22,24,26,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110","reserved":"0,2,28,30"},"globallyDisableIrqLoadBalancing":false,"hugepages":{"defaultHugepagesSize":"1G","pages":[{"count":8,"node":0,"size":"1G"}]},"machineConfigPoolSelector":{"pools.operator.machineconfiguration.openshift.io/master":""},"net":{"userLevelNetworking":true},"nodeSelector":{"node-role.kubernetes.io/master":""},"numa":{"topologyPolicy":"restricted"},"realTimeKernel":{"enabled":true}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site4 policy.open-cluster-management.io/cluster-namespace: cloudransno-site4 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site4-perfprofile-policy name: ztp-policies.cloudransno-site4-perfprofile-policy namespace: cloudransno-site4 resourceVersion: "3277392" uid: 02e54a81-a1c7-423d-98ad-dad1f4a39f89 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site4-perfprofile-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: performance.openshift.io/v2 kind: PerformanceProfile metadata: annotations: kubeletconfig.experimental: "{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n" name: performance-sno spec: additionalKernelArgs: - firmware_class.path=/var/lib/firmware/ - idle=poll - rcupdate.rcu_normal_after_boot=0 - nohz_full=4-39,44-79 cpu: isolated: 4,6,8,10,12,14,16,18,20,22,24,26,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110 reserved: 0,2,28,30 globallyDisableIrqLoadBalancing: false hugepages: defaultHugepagesSize: 1G pages: - count: 8 node: 0 size: 1G machineConfigPoolSelector: pools.operator.machineconfiguration.openshift.io/master: "" net: userLevelNetworking: true nodeSelector: node-role.kubernetes.io/master: "" numa: topologyPolicy: restricted realTimeKernel: enabled: true remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-policies.cloudransno-site4-perfprofile-policy.172a383a0cf23a6f lastTimestamp: "2022-11-23T13:00:33Z" message: NonCompliant; violation - couldn't find mapping resource with kind PerformanceProfile, please check if you have CRD deployed templateMeta: creationTimestamp: null name: cloudransno-site4-perfprofile-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site4-sriov-dpdk-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site4-sriov-dpdk-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetworkNodePolicy","metadata":{"name":"xxvda4","namespace":"openshift-sriov-network-operator"},"spec":{"deviceType":"vfio-pci","isRdma":false,"mtu":1500,"nicSelector":{"deviceID":"159b","pfNames":["eno12399#0-7"],"vendor":"8086"},"nodeSelector":{"node-role.kubernetes.io/master":""},"numVfs":8,"priority":98,"resourceName":"xxvda4"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site4 policy.open-cluster-management.io/cluster-namespace: cloudransno-site4 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site4-sriov-dpdk-policy name: ztp-policies.cloudransno-site4-sriov-dpdk-policy namespace: cloudransno-site4 resourceVersion: "3276335" uid: a47e1cd5-99ba-48cc-85eb-aa93da3f15cf spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site4-sriov-dpdk-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetworkNodePolicy metadata: name: xxvda4 namespace: openshift-sriov-network-operator spec: deviceType: vfio-pci isRdma: false mtu: 1500 nicSelector: deviceID: 159b pfNames: - eno12399#0-7 vendor: "8086" nodeSelector: node-role.kubernetes.io/master: "" numVfs: 8 priority: 98 resourceName: xxvda4 remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-policies.cloudransno-site4-sriov-dpdk-policy.172a3836414b0402 lastTimestamp: "2022-11-23T13:00:17Z" message: NonCompliant; violation - couldn't find mapping resource with kind SriovNetworkNodePolicy, please check if you have CRD deployed templateMeta: creationTimestamp: null name: cloudransno-site4-sriov-dpdk-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site4-sriov-nw-dpdk-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site4-sriov-nw-dpdk-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetwork","metadata":{"name":"intel-netdevice-e810","namespace":"openshift-sriov-network-operator"},"spec":{"ipam":"{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \"address\": \"10.10.141.2/24\",\n \"gateway\": \"10.10.141.1\"\n }\n ]\n}","networkNamespace":"vdu","resourceName":"xxvda4","spoofChk":"off","trust":"on","vlan":0}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site4 policy.open-cluster-management.io/cluster-namespace: cloudransno-site4 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site4-sriov-nw-dpdk-policy name: ztp-policies.cloudransno-site4-sriov-nw-dpdk-policy namespace: cloudransno-site4 resourceVersion: "3276852" uid: 2924f7e8-e46a-4639-a154-24f852c7aa7d spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site4-sriov-nw-dpdk-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetwork metadata: name: intel-netdevice-e810 namespace: openshift-sriov-network-operator spec: ipam: "{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \ \"address\": \"10.10.141.2/24\",\n \"gateway\": \"10.10.141.1\"\n }\n ]\n}" networkNamespace: vdu resourceName: xxvda4 spoofChk: "off" trust: "on" vlan: 0 remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-policies.cloudransno-site4-sriov-nw-dpdk-policy.172a38382736697c lastTimestamp: "2022-11-23T13:00:25Z" message: NonCompliant; violation - couldn't find mapping resource with kind SriovNetwork, please check if you have CRD deployed templateMeta: creationTimestamp: null name: cloudransno-site4-sriov-nw-dpdk-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-kdump-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-kdump-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"machineconfiguration.openshift.io/v1","kind":"MachineConfig","metadata":{"labels":{"machineconfiguration.openshift.io/role":"master"},"name":"06-kdump-enable-master"},"spec":{"config":{"ignition":{"version":"3.2.0"},"systemd":{"units":[{"enabled":true,"name":"kdump.service"}]}},"kernelArguments":["crashkernel=256M"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site5 policy.open-cluster-management.io/cluster-namespace: cloudransno-site5 policy.open-cluster-management.io/root-policy: ztp-common.common-kdump-policy name: ztp-common.common-kdump-policy namespace: cloudransno-site5 resourceVersion: "3277356" uid: 89747b77-6c37-4605-9500-f132031ac843 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-kdump-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: 06-kdump-enable-master spec: config: ignition: version: 3.2.0 systemd: units: - enabled: true name: kdump.service kernelArguments: - crashkernel=256M remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-kdump-policy.172a3839dffb95ea lastTimestamp: "2022-11-23T13:00:33Z" message: Compliant; notification - machineconfigs [06-kdump-enable-master] found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-kdump-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"1"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-mon-offload-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-mon-offload-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","data":{"config.yaml":"grafana:\n enabled: false\nalertmanagerMain:\n enabled: false\nprometheusK8s:\n retention: 24h\n"},"kind":"ConfigMap","metadata":{"name":"cluster-monitoring-config","namespace":"openshift-monitoring"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "1" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site5 policy.open-cluster-management.io/cluster-namespace: cloudransno-site5 policy.open-cluster-management.io/root-policy: ztp-common.common-mon-offload-policy name: ztp-common.common-mon-offload-policy namespace: cloudransno-site5 resourceVersion: "3277380" uid: 446a5cd4-65e1-4ba4-b3fd-3ac34127546f spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-mon-offload-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 data: config.yaml: | grafana: enabled: false alertmanagerMain: enabled: false prometheusK8s: retention: 24h kind: ConfigMap metadata: name: cluster-monitoring-config namespace: openshift-monitoring remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-common.common-mon-offload-policy.172a3839e301ad4f lastTimestamp: "2022-11-23T13:00:33Z" message: 'NonCompliant; violation - configmaps not found: [cluster-monitoring-config] in namespace openshift-monitoring missing' templateMeta: creationTimestamp: null name: common-mon-offload-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-pao-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-pao-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"performance-addon-operator","namespace":"openshift-performance-addon-operator"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"performance-addon-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/cluster-monitoring":"true"},"name":"openshift-performance-addon-operator"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"performance-addon-operator","namespace":"openshift-performance-addon-operator"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site5 policy.open-cluster-management.io/cluster-namespace: cloudransno-site5 policy.open-cluster-management.io/root-policy: ztp-common.common-pao-sub-policy name: ztp-common.common-pao-sub-policy namespace: cloudransno-site5 resourceVersion: "3277345" uid: f6af213b-e9c7-4eae-b4ff-4a1e54e2028e spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-pao-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: performance-addon-operator namespace: openshift-performance-addon-operator spec: channel: "4.10" installPlanApproval: Automatic name: performance-addon-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/cluster-monitoring: "true" name: openshift-performance-addon-operator - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: performance-addon-operator namespace: openshift-performance-addon-operator remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-common.common-pao-sub-policy.172a3839dd44adcf lastTimestamp: "2022-11-23T13:00:33Z" message: 'NonCompliant; violation - subscriptions not found: [performance-addon-operator] in namespace openshift-performance-addon-operator missing; violation - namespaces not found: [openshift-performance-addon-operator] missing; violation - operatorgroups not found: [performance-addon-operator] in namespace openshift-performance-addon-operator missing' templateMeta: creationTimestamp: null name: common-pao-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-ptp-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-ptp-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"ptp-operator-subscription","namespace":"openshift-ptp"},"spec":{"channel":"stable","installPlanApproval":"Automatic","name":"ptp-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/cluster-monitoring":"true"},"name":"openshift-ptp"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"ptp-operators","namespace":"openshift-ptp"},"spec":{"targetNamespaces":["openshift-ptp"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site5 policy.open-cluster-management.io/cluster-namespace: cloudransno-site5 policy.open-cluster-management.io/root-policy: ztp-common.common-ptp-sub-policy name: ztp-common.common-ptp-sub-policy namespace: cloudransno-site5 resourceVersion: "3277401" uid: 3fcd6388-af99-44d7-8a61-48c72930eb13 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-ptp-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ptp-operator-subscription namespace: openshift-ptp spec: channel: stable installPlanApproval: Automatic name: ptp-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/cluster-monitoring: "true" name: openshift-ptp - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: ptp-operators namespace: openshift-ptp spec: targetNamespaces: - openshift-ptp remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-common.common-ptp-sub-policy.172a3839e634b52d lastTimestamp: "2022-11-23T13:00:33Z" message: 'NonCompliant; violation - subscriptions not found: [ptp-operator-subscription] in namespace openshift-ptp missing; violation - namespaces not found: [openshift-ptp] missing; violation - operatorgroups not found: [ptp-operators] in namespace openshift-ptp missing' templateMeta: creationTimestamp: null name: common-ptp-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-sriov-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-sriov-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"sriov-network-operator-subscription","namespace":"openshift-sriov-network-operator"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"sriov-network-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/run-level":"1"},"name":"openshift-sriov-network-operator"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"sriov-network-operators","namespace":"openshift-sriov-network-operator"},"spec":{"targetNamespaces":["openshift-sriov-network-operator"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site5 policy.open-cluster-management.io/cluster-namespace: cloudransno-site5 policy.open-cluster-management.io/root-policy: ztp-common.common-sriov-sub-policy name: ztp-common.common-sriov-sub-policy namespace: cloudransno-site5 resourceVersion: "3278407" uid: e8779f77-53ca-425d-9dce-58218978693c spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-sriov-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: sriov-network-operator-subscription namespace: openshift-sriov-network-operator spec: channel: "4.10" installPlanApproval: Automatic name: sriov-network-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/run-level: "1" name: openshift-sriov-network-operator - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: sriov-network-operators namespace: openshift-sriov-network-operator spec: targetNamespaces: - openshift-sriov-network-operator remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-common.common-sriov-sub-policy.172a383dbb7fdd7b lastTimestamp: "2022-11-23T13:00:49Z" message: 'NonCompliant; violation - subscriptions not found: [sriov-network-operator-subscription] in namespace openshift-sriov-network-operator missing; violation - namespaces not found: [openshift-sriov-network-operator] missing; violation - operatorgroups not found: [sriov-network-operators] in namespace openshift-sriov-network-operator missing' templateMeta: creationTimestamp: null name: common-sriov-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-storage-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-storage-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"name":"openshift-local-storage"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"openshift-local-storage","namespace":"openshift-local-storage"},"spec":{"targetNamespaces":["openshift-local-storage"]}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"local-storage-operator","namespace":"openshift-local-storage"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"local-storage-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site5 policy.open-cluster-management.io/cluster-namespace: cloudransno-site5 policy.open-cluster-management.io/root-policy: ztp-common.common-storage-sub-policy name: ztp-common.common-storage-sub-policy namespace: cloudransno-site5 resourceVersion: "3277453" uid: 0ca23a54-35df-4a9e-b51f-9638518ad0e1 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-storage-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management name: openshift-local-storage - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: openshift-local-storage namespace: openshift-local-storage spec: targetNamespaces: - openshift-local-storage - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: local-storage-operator namespace: openshift-local-storage spec: channel: "4.10" installPlanApproval: Automatic name: local-storage-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-common.common-storage-sub-policy.172a3839e931a1a5 lastTimestamp: "2022-11-23T13:00:33Z" message: 'NonCompliant; violation - namespaces not found: [openshift-local-storage] missing; violation - operatorgroups not found: [openshift-local-storage] in namespace openshift-local-storage missing; violation - subscriptions not found: [local-storage-operator] in namespace openshift-local-storage missing' templateMeta: creationTimestamp: null name: common-storage-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-subscriptions-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-subscriptions-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"name":"vran-acceleration-operators"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"vran-operators","namespace":"vran-acceleration-operators"},"spec":{"targetNamespaces":["vran-acceleration-operators"]}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"sriov-fec-subscription","namespace":"vran-acceleration-operators"},"spec":{"channel":"stable","installPlanApproval":"Manual","name":"sriov-fec","source":"certified-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site5 policy.open-cluster-management.io/cluster-namespace: cloudransno-site5 policy.open-cluster-management.io/root-policy: ztp-common.common-subscriptions-policy name: ztp-common.common-subscriptions-policy namespace: cloudransno-site5 resourceVersion: "3277338" uid: 079c6868-63a4-4d6c-8be2-582964c549e1 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-subscriptions-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: name: vran-acceleration-operators - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: vran-operators namespace: vran-acceleration-operators spec: targetNamespaces: - vran-acceleration-operators - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: sriov-fec-subscription namespace: vran-acceleration-operators spec: channel: stable installPlanApproval: Manual name: sriov-fec source: certified-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-common.common-subscriptions-policy.172a3839da4ae185 lastTimestamp: "2022-11-23T13:00:33Z" message: 'NonCompliant; violation - namespaces not found: [vran-acceleration-operators] missing; violation - operatorgroups not found: [vran-operators] in namespace vran-acceleration-operators missing; violation - subscriptions not found: [sriov-fec-subscription] in namespace vran-acceleration-operators missing' templateMeta: creationTimestamp: null name: common-subscriptions-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"group-du-sno-mc-sctp-policy","namespace":"ztp-group-du-sno"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"group-du-sno-mc-sctp-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"machineconfiguration.openshift.io/v1","kind":"MachineConfig","metadata":{"labels":{"machineconfiguration.openshift.io/role":"master"},"name":"load-sctp-module-master"},"spec":{"config":{"ignition":{"version":"2.2.0"},"storage":{"files":[{"contents":{"source":"data:,","verification":{}},"filesystem":"root","mode":420,"path":"/etc/modprobe.d/sctp-blacklist.conf"},{"contents":{"source":"data:text/plain;charset=utf-8,sctp"},"filesystem":"root","mode":420,"path":"/etc/modules-load.d/sctp-load.conf"}]}}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site5 policy.open-cluster-management.io/cluster-namespace: cloudransno-site5 policy.open-cluster-management.io/root-policy: ztp-group-du-sno.group-du-sno-mc-sctp-policy name: ztp-group-du-sno.group-du-sno-mc-sctp-policy namespace: cloudransno-site5 resourceVersion: "3278411" uid: 391dfd6d-5ece-4223-b75f-f8e45db77bfe spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: group-du-sno-mc-sctp-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: load-sctp-module-master spec: config: ignition: version: 2.2.0 storage: files: - contents: source: data:, verification: {} filesystem: root mode: 420 path: /etc/modprobe.d/sctp-blacklist.conf - contents: source: data:text/plain;charset=utf-8,sctp filesystem: root mode: 420 path: /etc/modules-load.d/sctp-load.conf remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-group-du-sno.group-du-sno-mc-sctp-policy.172a383dbdbb9d32 lastTimestamp: "2022-11-23T13:00:49Z" message: Compliant; notification - machineconfigs [load-sctp-module-master] found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: group-du-sno-mc-sctp-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site5-perf-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site5-perf-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"tuned.openshift.io/v1","kind":"Tuned","metadata":{"name":"performance-patch","namespace":"openshift-cluster-node-tuning-operator"},"spec":{"profile":[{"data":"[main]\nsummary=Configuration changes profile inherited from performance created tuned\ninclude=openshift-node-performance-performance-sno\n[bootloader]\ncmdline_crash=nohz_full=2-23,26-55\n[sysctl]\nkernel.timer_migration=1\n[scheduler]\n#group.ice-ptp=0:f:10:*:ice-ptp.*\n[service]\nservice.stalld=start,enable\n#service.chronyd=stop,disable\n","name":"performance-patch"}],"recommend":[{"machineConfigLabels":{"machineconfiguration.openshift.io/role":"master"},"priority":19,"profile":"performance-patch"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site5 policy.open-cluster-management.io/cluster-namespace: cloudransno-site5 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site5-perf-policy name: ztp-policies.cloudransno-site5-perf-policy namespace: cloudransno-site5 resourceVersion: "3276263" uid: 75ee6288-2bc9-442c-bc8b-e6038359d4f3 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site5-perf-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: tuned.openshift.io/v1 kind: Tuned metadata: name: performance-patch namespace: openshift-cluster-node-tuning-operator spec: profile: - data: | [main] summary=Configuration changes profile inherited from performance created tuned include=openshift-node-performance-performance-sno [bootloader] cmdline_crash=nohz_full=2-23,26-55 [sysctl] kernel.timer_migration=1 [scheduler] #group.ice-ptp=0:f:10:*:ice-ptp.* [service] service.stalld=start,enable #service.chronyd=stop,disable name: performance-patch recommend: - machineConfigLabels: machineconfiguration.openshift.io/role: master priority: 19 profile: performance-patch remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-policies.cloudransno-site5-perf-policy.172a38360b8eb709 lastTimestamp: "2022-11-23T13:00:16Z" message: 'NonCompliant; violation - tuneds not found: [performance-patch] in namespace openshift-cluster-node-tuning-operator missing' templateMeta: creationTimestamp: null name: cloudransno-site5-perf-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site5-perfprofile-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site5-perfprofile-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"performance.openshift.io/v2","kind":"PerformanceProfile","metadata":{"annotations":{"kubeletconfig.experimental":"{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n"},"name":"performance-sno"},"spec":{"additionalKernelArgs":["firmware_class.path=/var/lib/firmware/","idle=poll","rcupdate.rcu_normal_after_boot=0","nohz_full=4-39,44-79"],"cpu":{"isolated":"4,6,8,10,12,14,16,18,20,22,24,26,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110","reserved":"0,2,28,30"},"globallyDisableIrqLoadBalancing":false,"hugepages":{"defaultHugepagesSize":"1G","pages":[{"count":8,"node":0,"size":"1G"}]},"machineConfigPoolSelector":{"pools.operator.machineconfiguration.openshift.io/master":""},"net":{"userLevelNetworking":true},"nodeSelector":{"node-role.kubernetes.io/master":""},"numa":{"topologyPolicy":"restricted"},"realTimeKernel":{"enabled":true}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site5 policy.open-cluster-management.io/cluster-namespace: cloudransno-site5 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site5-perfprofile-policy name: ztp-policies.cloudransno-site5-perfprofile-policy namespace: cloudransno-site5 resourceVersion: "3276797" uid: cc3472f3-677e-41eb-90cd-68c9ae1d8171 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site5-perfprofile-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: performance.openshift.io/v2 kind: PerformanceProfile metadata: annotations: kubeletconfig.experimental: "{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n" name: performance-sno spec: additionalKernelArgs: - firmware_class.path=/var/lib/firmware/ - idle=poll - rcupdate.rcu_normal_after_boot=0 - nohz_full=4-39,44-79 cpu: isolated: 4,6,8,10,12,14,16,18,20,22,24,26,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110 reserved: 0,2,28,30 globallyDisableIrqLoadBalancing: false hugepages: defaultHugepagesSize: 1G pages: - count: 8 node: 0 size: 1G machineConfigPoolSelector: pools.operator.machineconfiguration.openshift.io/master: "" net: userLevelNetworking: true nodeSelector: node-role.kubernetes.io/master: "" numa: topologyPolicy: restricted realTimeKernel: enabled: true remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-policies.cloudransno-site5-perfprofile-policy.172a3837f106ce01 lastTimestamp: "2022-11-23T13:00:24Z" message: NonCompliant; violation - couldn't find mapping resource with kind PerformanceProfile, please check if you have CRD deployed templateMeta: creationTimestamp: null name: cloudransno-site5-perfprofile-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site5-sriov-nw-ping-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site5-sriov-nw-ping-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetwork","metadata":{"name":"intel-netdevice-e810","namespace":"openshift-sriov-network-operator"},"spec":{"ipam":"{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \"address\": \"10.10.151.2/24\",\n \"gateway\": \"10.10.151.1\"\n }\n ]\n}","networkNamespace":"test","resourceName":"xxvda4","spoofChk":"off","trust":"on","vlan":0}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site5 policy.open-cluster-management.io/cluster-namespace: cloudransno-site5 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site5-sriov-nw-ping-policy name: ztp-policies.cloudransno-site5-sriov-nw-ping-policy namespace: cloudransno-site5 resourceVersion: "3276260" uid: f6dcc203-4326-48cf-947c-f984eca66e0d spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site5-sriov-nw-ping-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetwork metadata: name: intel-netdevice-e810 namespace: openshift-sriov-network-operator spec: ipam: "{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \ \"address\": \"10.10.151.2/24\",\n \"gateway\": \"10.10.151.1\"\n }\n ]\n}" networkNamespace: test resourceName: xxvda4 spoofChk: "off" trust: "on" vlan: 0 remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-policies.cloudransno-site5-sriov-nw-ping-policy.172a383608367bee lastTimestamp: "2022-11-23T13:00:16Z" message: NonCompliant; violation - couldn't find mapping resource with kind SriovNetwork, please check if you have CRD deployed templateMeta: creationTimestamp: null name: cloudransno-site5-sriov-nw-ping-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site5-sriov-ping-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site5-sriov-ping-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetworkNodePolicy","metadata":{"name":"xxvda4","namespace":"openshift-sriov-network-operator"},"spec":{"deviceType":"netdevice","isRdma":false,"mtu":1500,"nicSelector":{"deviceID":"159b","pfNames":["eno12399#0-7"],"vendor":"8086"},"nodeSelector":{"node-role.kubernetes.io/master":""},"numVfs":8,"priority":98,"resourceName":"xxvda4"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site5 policy.open-cluster-management.io/cluster-namespace: cloudransno-site5 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site5-sriov-ping-policy name: ztp-policies.cloudransno-site5-sriov-ping-policy namespace: cloudransno-site5 resourceVersion: "3277323" uid: 06f3af55-b09c-454d-967f-89c9903572ba spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site5-sriov-ping-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetworkNodePolicy metadata: name: xxvda4 namespace: openshift-sriov-network-operator spec: deviceType: netdevice isRdma: false mtu: 1500 nicSelector: deviceID: 159b pfNames: - eno12399#0-7 vendor: "8086" nodeSelector: node-role.kubernetes.io/master: "" numVfs: 8 priority: 98 resourceName: xxvda4 remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-policies.cloudransno-site5-sriov-ping-policy.172a3839d6adf135 lastTimestamp: "2022-11-23T13:00:32Z" message: NonCompliant; violation - couldn't find mapping resource with kind SriovNetworkNodePolicy, please check if you have CRD deployed templateMeta: creationTimestamp: null name: cloudransno-site5-sriov-ping-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-kdump-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-kdump-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"machineconfiguration.openshift.io/v1","kind":"MachineConfig","metadata":{"labels":{"machineconfiguration.openshift.io/role":"master"},"name":"06-kdump-enable-master"},"spec":{"config":{"ignition":{"version":"3.2.0"},"systemd":{"units":[{"enabled":true,"name":"kdump.service"}]}},"kernelArguments":["crashkernel=256M"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site6 policy.open-cluster-management.io/cluster-namespace: cloudransno-site6 policy.open-cluster-management.io/root-policy: ztp-common.common-kdump-policy name: ztp-common.common-kdump-policy namespace: cloudransno-site6 resourceVersion: "3276768" uid: 87d50288-2623-4046-9f5d-33a72314c9d8 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-kdump-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: 06-kdump-enable-master spec: config: ignition: version: 3.2.0 systemd: units: - enabled: true name: kdump.service kernelArguments: - crashkernel=256M remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-kdump-policy.172a3837d22d4eb7 lastTimestamp: "2022-11-23T13:00:24Z" message: Compliant; notification - machineconfigs [06-kdump-enable-master] found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-kdump-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"1"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-mon-offload-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-mon-offload-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","data":{"config.yaml":"grafana:\n enabled: false\nalertmanagerMain:\n enabled: false\nprometheusK8s:\n retention: 24h\n"},"kind":"ConfigMap","metadata":{"name":"cluster-monitoring-config","namespace":"openshift-monitoring"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "1" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site6 policy.open-cluster-management.io/cluster-namespace: cloudransno-site6 policy.open-cluster-management.io/root-policy: ztp-common.common-mon-offload-policy name: ztp-common.common-mon-offload-policy namespace: cloudransno-site6 resourceVersion: "3276771" uid: d4313402-7747-45a5-91c1-01f484f16aa4 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-mon-offload-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 data: config.yaml: | grafana: enabled: false alertmanagerMain: enabled: false prometheusK8s: retention: 24h kind: ConfigMap metadata: name: cluster-monitoring-config namespace: openshift-monitoring remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-mon-offload-policy.172a3837d2d1fbe6 lastTimestamp: "2022-11-23T13:00:24Z" message: Compliant; notification - configmaps [cluster-monitoring-config] in namespace openshift-monitoring found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-mon-offload-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-pao-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-pao-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"performance-addon-operator","namespace":"openshift-performance-addon-operator"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"performance-addon-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/cluster-monitoring":"true"},"name":"openshift-performance-addon-operator"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"performance-addon-operator","namespace":"openshift-performance-addon-operator"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site6 policy.open-cluster-management.io/cluster-namespace: cloudransno-site6 policy.open-cluster-management.io/root-policy: ztp-common.common-pao-sub-policy name: ztp-common.common-pao-sub-policy namespace: cloudransno-site6 resourceVersion: "3276761" uid: aeffe762-d793-4603-be2c-5c8df979cb17 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-pao-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: performance-addon-operator namespace: openshift-performance-addon-operator spec: channel: "4.10" installPlanApproval: Automatic name: performance-addon-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/cluster-monitoring: "true" name: openshift-performance-addon-operator - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: performance-addon-operator namespace: openshift-performance-addon-operator remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-pao-sub-policy.172a3837cd69c324 lastTimestamp: "2022-11-23T13:00:24Z" message: Compliant; notification - subscriptions [performance-addon-operator] in namespace openshift-performance-addon-operator found as specified, therefore this Object template is compliant; notification - namespaces [openshift-performance-addon-operator] found as specified, therefore this Object template is compliant; notification - operatorgroups [performance-addon-operator] in namespace openshift-performance-addon-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-pao-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-ptp-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-ptp-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"ptp-operator-subscription","namespace":"openshift-ptp"},"spec":{"channel":"stable","installPlanApproval":"Automatic","name":"ptp-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/cluster-monitoring":"true"},"name":"openshift-ptp"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"ptp-operators","namespace":"openshift-ptp"},"spec":{"targetNamespaces":["openshift-ptp"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site6 policy.open-cluster-management.io/cluster-namespace: cloudransno-site6 policy.open-cluster-management.io/root-policy: ztp-common.common-ptp-sub-policy name: ztp-common.common-ptp-sub-policy namespace: cloudransno-site6 resourceVersion: "33974103" uid: 91e720c1-4d14-470a-8872-797979c7ba0c spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-ptp-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ptp-operator-subscription namespace: openshift-ptp spec: channel: stable installPlanApproval: Automatic name: ptp-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/cluster-monitoring: "true" name: openshift-ptp - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: ptp-operators namespace: openshift-ptp spec: targetNamespaces: - openshift-ptp remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-ptp-sub-policy.172c09cd795e7082 lastTimestamp: "2022-11-29T11:12:19Z" message: Compliant; notification - subscriptions [ptp-operator-subscription] in namespace openshift-ptp found as specified, therefore this Object template is compliant; notification - namespaces [openshift-ptp] found as specified, therefore this Object template is compliant; notification - operatorgroups [ptp-operators] in namespace openshift-ptp found as specified, therefore this Object template is compliant - eventName: ztp-common.common-ptp-sub-policy.172c09c8a214819c lastTimestamp: "2022-11-29T11:11:59Z" message: 'NonCompliant; violation - subscriptions not found: [ptp-operator-subscription] in namespace openshift-ptp found but not as specified; notification - namespaces [openshift-ptp] found as specified, therefore this Object template is compliant; notification - operatorgroups [ptp-operators] in namespace openshift-ptp found as specified, therefore this Object template is compliant' - eventName: ztp-common.common-ptp-sub-policy.172a383a2e9b370e lastTimestamp: "2022-11-23T13:00:34Z" message: Compliant; notification - subscriptions [ptp-operator-subscription] in namespace openshift-ptp found as specified, therefore this Object template is compliant; notification - namespaces [openshift-ptp] found as specified, therefore this Object template is compliant; notification - operatorgroups [ptp-operators] in namespace openshift-ptp found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-ptp-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-sriov-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-sriov-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"sriov-network-operator-subscription","namespace":"openshift-sriov-network-operator"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"sriov-network-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/run-level":"1"},"name":"openshift-sriov-network-operator"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"sriov-network-operators","namespace":"openshift-sriov-network-operator"},"spec":{"targetNamespaces":["openshift-sriov-network-operator"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site6 policy.open-cluster-management.io/cluster-namespace: cloudransno-site6 policy.open-cluster-management.io/root-policy: ztp-common.common-sriov-sub-policy name: ztp-common.common-sriov-sub-policy namespace: cloudransno-site6 resourceVersion: "33974107" uid: 592bdb79-2fae-430a-8626-aaefbf5d09af spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-sriov-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: sriov-network-operator-subscription namespace: openshift-sriov-network-operator spec: channel: "4.10" installPlanApproval: Automatic name: sriov-network-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/run-level: "1" name: openshift-sriov-network-operator - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: sriov-network-operators namespace: openshift-sriov-network-operator spec: targetNamespaces: - openshift-sriov-network-operator remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-sriov-sub-policy.172c09cd7aa301f1 lastTimestamp: "2022-11-29T11:12:19Z" message: Compliant; notification - subscriptions [sriov-network-operator-subscription] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant; notification - namespaces [openshift-sriov-network-operator] found as specified, therefore this Object template is compliant; notification - operatorgroups [sriov-network-operators] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant - eventName: ztp-common.common-sriov-sub-policy.172c09c8a34de97d lastTimestamp: "2022-11-29T11:11:59Z" message: 'NonCompliant; violation - subscriptions not found: [sriov-network-operator-subscription] in namespace openshift-sriov-network-operator found but not as specified; notification - namespaces [openshift-sriov-network-operator] found as specified, therefore this Object template is compliant; notification - operatorgroups [sriov-network-operators] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant' - eventName: ztp-common.common-sriov-sub-policy.172a383a2aa31e3a lastTimestamp: "2022-11-23T13:00:34Z" message: Compliant; notification - subscriptions [sriov-network-operator-subscription] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant; notification - namespaces [openshift-sriov-network-operator] found as specified, therefore this Object template is compliant; notification - operatorgroups [sriov-network-operators] in namespace openshift-sriov-network-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-sriov-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-storage-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-storage-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"name":"openshift-local-storage"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"openshift-local-storage","namespace":"openshift-local-storage"},"spec":{"targetNamespaces":["openshift-local-storage"]}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"local-storage-operator","namespace":"openshift-local-storage"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"local-storage-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site6 policy.open-cluster-management.io/cluster-namespace: cloudransno-site6 policy.open-cluster-management.io/root-policy: ztp-common.common-storage-sub-policy name: ztp-common.common-storage-sub-policy namespace: cloudransno-site6 resourceVersion: "3277440" uid: a4810aec-ddec-4714-8478-7a4c9f12fde5 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-storage-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management name: openshift-local-storage - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: openshift-local-storage namespace: openshift-local-storage spec: targetNamespaces: - openshift-local-storage - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: local-storage-operator namespace: openshift-local-storage spec: channel: "4.10" installPlanApproval: Automatic name: local-storage-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-storage-sub-policy.172a383a2fcaafda lastTimestamp: "2022-11-23T13:00:34Z" message: Compliant; notification - namespaces [openshift-local-storage] found as specified, therefore this Object template is compliant; notification - operatorgroups [openshift-local-storage] in namespace openshift-local-storage found as specified, therefore this Object template is compliant; notification - subscriptions [local-storage-operator] in namespace openshift-local-storage found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-storage-sub-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-subscriptions-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-subscriptions-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"name":"vran-acceleration-operators"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"vran-operators","namespace":"vran-acceleration-operators"},"spec":{"targetNamespaces":["vran-acceleration-operators"]}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"sriov-fec-subscription","namespace":"vran-acceleration-operators"},"spec":{"channel":"stable","installPlanApproval":"Manual","name":"sriov-fec","source":"certified-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site6 policy.open-cluster-management.io/cluster-namespace: cloudransno-site6 policy.open-cluster-management.io/root-policy: ztp-common.common-subscriptions-policy name: ztp-common.common-subscriptions-policy namespace: cloudransno-site6 resourceVersion: "3278087" uid: 12fc181a-ee57-450e-acbf-c3b7f1d46c16 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-subscriptions-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: name: vran-acceleration-operators - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: vran-operators namespace: vran-acceleration-operators spec: targetNamespaces: - vran-acceleration-operators - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: sriov-fec-subscription namespace: vran-acceleration-operators spec: channel: stable installPlanApproval: Manual name: sriov-fec source: certified-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-common.common-subscriptions-policy.172a383c8ea2dfe5 lastTimestamp: "2022-11-23T13:00:44Z" message: Compliant; notification - namespaces [vran-acceleration-operators] found as specified, therefore this Object template is compliant; notification - operatorgroups [vran-operators] in namespace vran-acceleration-operators found as specified, therefore this Object template is compliant; notification - subscriptions [sriov-fec-subscription] in namespace vran-acceleration-operators found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: common-subscriptions-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"group-du-sno-mc-sctp-policy","namespace":"ztp-group-du-sno"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"group-du-sno-mc-sctp-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"machineconfiguration.openshift.io/v1","kind":"MachineConfig","metadata":{"labels":{"machineconfiguration.openshift.io/role":"master"},"name":"load-sctp-module-master"},"spec":{"config":{"ignition":{"version":"2.2.0"},"storage":{"files":[{"contents":{"source":"data:,","verification":{}},"filesystem":"root","mode":420,"path":"/etc/modprobe.d/sctp-blacklist.conf"},{"contents":{"source":"data:text/plain;charset=utf-8,sctp"},"filesystem":"root","mode":420,"path":"/etc/modules-load.d/sctp-load.conf"}]}}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site6 policy.open-cluster-management.io/cluster-namespace: cloudransno-site6 policy.open-cluster-management.io/root-policy: ztp-group-du-sno.group-du-sno-mc-sctp-policy name: ztp-group-du-sno.group-du-sno-mc-sctp-policy namespace: cloudransno-site6 resourceVersion: "3278080" uid: 519fb618-c33a-4a5e-bee9-b0788828933d spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: group-du-sno-mc-sctp-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: load-sctp-module-master spec: config: ignition: version: 2.2.0 storage: files: - contents: source: data:, verification: {} filesystem: root mode: 420 path: /etc/modprobe.d/sctp-blacklist.conf - contents: source: data:text/plain;charset=utf-8,sctp filesystem: root mode: 420 path: /etc/modules-load.d/sctp-load.conf remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-group-du-sno.group-du-sno-mc-sctp-policy.172a383c870f87e1 lastTimestamp: "2022-11-23T13:00:44Z" message: Compliant; notification - machineconfigs [load-sctp-module-master] found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: group-du-sno-mc-sctp-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site6-fec-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site6-fec-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"sriovfec.intel.com/v2","kind":"SriovFecClusterConfig","metadata":{"name":"config","namespace":"vran-acceleration-operators"},"spec":{"acceleratorSelector":{"pciAddress":"0000:4b:00.0"},"drainSkip":true,"nodeSelector":{"node-role.kubernetes.io/master":""},"physicalFunction":{"bbDevConfig":{"acc100":{"downlink4G":{"aqDepthLog2":4,"numAqsPerGroups":16,"numQueueGroups":0},"downlink5G":{"aqDepthLog2":4,"numAqsPerGroups":16,"numQueueGroups":4},"maxQueueSize":1024,"numVfBundles":16,"pfMode":false,"uplink4G":{"aqDepthLog2":4,"numAqsPerGroups":16,"numQueueGroups":0},"uplink5G":{"aqDepthLog2":4,"numAqsPerGroups":16,"numQueueGroups":4}}},"pfDriver":"pci-pf-stub","vfAmount":16,"vfDriver":"vfio-pci"},"priority":1}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site6 policy.open-cluster-management.io/cluster-namespace: cloudransno-site6 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site6-fec-policy name: ztp-policies.cloudransno-site6-fec-policy namespace: cloudransno-site6 resourceVersion: "3276108" uid: 1ccd2661-825a-41c9-aae2-9b07e567466f spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site6-fec-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: sriovfec.intel.com/v2 kind: SriovFecClusterConfig metadata: name: config namespace: vran-acceleration-operators spec: acceleratorSelector: pciAddress: 0000:4b:00.0 drainSkip: true nodeSelector: node-role.kubernetes.io/master: "" physicalFunction: bbDevConfig: acc100: downlink4G: aqDepthLog2: 4 numAqsPerGroups: 16 numQueueGroups: 0 downlink5G: aqDepthLog2: 4 numAqsPerGroups: 16 numQueueGroups: 4 maxQueueSize: 1024 numVfBundles: 16 pfMode: false uplink4G: aqDepthLog2: 4 numAqsPerGroups: 16 numQueueGroups: 0 uplink5G: aqDepthLog2: 4 numAqsPerGroups: 16 numQueueGroups: 4 pfDriver: pci-pf-stub vfAmount: 16 vfDriver: vfio-pci priority: 1 remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site6-fec-policy.172a383576a4ef35 lastTimestamp: "2022-11-23T13:00:14Z" message: Compliant; notification - sriovfecclusterconfigs [config] in namespace vran-acceleration-operators found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site6-fec-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site6-perf-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site6-perf-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"tuned.openshift.io/v1","kind":"Tuned","metadata":{"name":"performance-patch","namespace":"openshift-cluster-node-tuning-operator"},"spec":{"profile":[{"data":"[main]\nsummary=Configuration changes profile inherited from performance created tuned\ninclude=openshift-node-performance-performance-sno\n[bootloader]\ncmdline_crash=nohz_full=2-23,26-55\n[sysctl]\nkernel.timer_migration=1\n[scheduler]\n#group.ice-ptp=0:f:10:*:ice-ptp.*\n[service]\nservice.stalld=start,enable\n#service.chronyd=stop,disable\n","name":"performance-patch"}],"recommend":[{"machineConfigLabels":{"machineconfiguration.openshift.io/role":"master"},"priority":19,"profile":"performance-patch"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site6 policy.open-cluster-management.io/cluster-namespace: cloudransno-site6 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site6-perf-policy name: ztp-policies.cloudransno-site6-perf-policy namespace: cloudransno-site6 resourceVersion: "3275550" uid: f462f2c7-9124-4e21-a399-2c4432a21fca spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site6-perf-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: tuned.openshift.io/v1 kind: Tuned metadata: name: performance-patch namespace: openshift-cluster-node-tuning-operator spec: profile: - data: | [main] summary=Configuration changes profile inherited from performance created tuned include=openshift-node-performance-performance-sno [bootloader] cmdline_crash=nohz_full=2-23,26-55 [sysctl] kernel.timer_migration=1 [scheduler] #group.ice-ptp=0:f:10:*:ice-ptp.* [service] service.stalld=start,enable #service.chronyd=stop,disable name: performance-patch recommend: - machineConfigLabels: machineconfiguration.openshift.io/role: master priority: 19 profile: performance-patch remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant details: - compliant: Compliant history: - eventName: ztp-policies.cloudransno-site6-perf-policy.172a383320886b37 lastTimestamp: "2022-11-23T13:00:04Z" message: Compliant; notification - tuneds [performance-patch] in namespace openshift-cluster-node-tuning-operator found as specified, therefore this Object template is compliant templateMeta: creationTimestamp: null name: cloudransno-site6-perf-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site6-perfprofile-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site6-perfprofile-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"performance.openshift.io/v2","kind":"PerformanceProfile","metadata":{"annotations":{"kubeletconfig.experimental":"{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n"},"name":"performance-sno"},"spec":{"additionalKernelArgs":["firmware_class.path=/var/lib/firmware/","idle=poll","rcupdate.rcu_normal_after_boot=0","nohz_full=4-39,44-79","intel_iommu=on"],"cpu":{"isolated":"4,6,8,10,12,14,16,18,20,22,24,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110","reserved":"0,2,28,30"},"globallyDisableIrqLoadBalancing":false,"hugepages":{"defaultHugepagesSize":"1G","pages":[{"count":8,"node":0,"size":"1G"}]},"machineConfigPoolSelector":{"pools.operator.machineconfiguration.openshift.io/master":""},"net":{"userLevelNetworking":true},"nodeSelector":{"node-role.kubernetes.io/master":""},"numa":{"topologyPolicy":"restricted"},"realTimeKernel":{"enabled":true}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site6 policy.open-cluster-management.io/cluster-namespace: cloudransno-site6 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site6-perfprofile-policy name: ztp-policies.cloudransno-site6-perfprofile-policy namespace: cloudransno-site6 resourceVersion: "3276115" uid: 4f833485-93fe-4329-8786-cfe290650019 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site6-perfprofile-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: performance.openshift.io/v2 kind: PerformanceProfile metadata: annotations: kubeletconfig.experimental: "{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n" name: performance-sno spec: additionalKernelArgs: - firmware_class.path=/var/lib/firmware/ - idle=poll - rcupdate.rcu_normal_after_boot=0 - nohz_full=4-39,44-79 - intel_iommu=on cpu: isolated: 4,6,8,10,12,14,16,18,20,22,24,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110 reserved: 0,2,28,30 globallyDisableIrqLoadBalancing: false hugepages: defaultHugepagesSize: 1G pages: - count: 8 node: 0 size: 1G machineConfigPoolSelector: pools.operator.machineconfiguration.openshift.io/master: "" net: userLevelNetworking: true nodeSelector: node-role.kubernetes.io/master: "" numa: topologyPolicy: restricted realTimeKernel: enabled: true remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-policies.cloudransno-site6-perfprofile-policy.172a3835785f612e lastTimestamp: "2022-11-23T13:00:14Z" message: 'NonCompliant; violation - performanceprofiles not found: [performance-sno] missing' templateMeta: creationTimestamp: null name: cloudransno-site6-perfprofile-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site6-sriov-nw-ping-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site6-sriov-nw-ping-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetwork","metadata":{"name":"intel-netdevice-e810","namespace":"openshift-sriov-network-operator"},"spec":{"ipam":"{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \"address\": \"10.10.151.2/24\",\n \"gateway\": \"10.10.151.1\"\n }\n ]\n}","networkNamespace":"test","resourceName":"xxvda4","spoofChk":"off","trust":"on","vlan":0}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site6 policy.open-cluster-management.io/cluster-namespace: cloudransno-site6 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site6-sriov-nw-ping-policy name: ztp-policies.cloudransno-site6-sriov-nw-ping-policy namespace: cloudransno-site6 resourceVersion: "3276766" uid: 150864b3-374c-46a5-9bf7-53c5d89ec2cb spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site6-sriov-nw-ping-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetwork metadata: name: intel-netdevice-e810 namespace: openshift-sriov-network-operator spec: ipam: "{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \ \"address\": \"10.10.151.2/24\",\n \"gateway\": \"10.10.151.1\"\n }\n ]\n}" networkNamespace: test resourceName: xxvda4 spoofChk: "off" trust: "on" vlan: 0 remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-policies.cloudransno-site6-sriov-nw-ping-policy.172a3837d05ea45e lastTimestamp: "2022-11-23T13:00:24Z" message: 'NonCompliant; violation - sriovnetworks not found: [intel-netdevice-e810] in namespace openshift-sriov-network-operator missing' templateMeta: creationTimestamp: null name: cloudransno-site6-sriov-nw-ping-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site6-sriov-ping-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site6-sriov-ping-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetworkNodePolicy","metadata":{"name":"xxvda4","namespace":"openshift-sriov-network-operator"},"spec":{"deviceType":"netdevice","isRdma":false,"mtu":1500,"nicSelector":{"deviceID":"159b","pfNames":["eno12399#0-7"],"vendor":"8086"},"nodeSelector":{"node-role.kubernetes.io/master":""},"numVfs":8,"priority":98,"resourceName":"xxvda4"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies policy.open-cluster-management.io/cluster-name: cloudransno-site6 policy.open-cluster-management.io/cluster-namespace: cloudransno-site6 policy.open-cluster-management.io/root-policy: ztp-policies.cloudransno-site6-sriov-ping-policy name: ztp-policies.cloudransno-site6-sriov-ping-policy namespace: cloudransno-site6 resourceVersion: "3276111" uid: e7b4ad93-8b41-484c-a4a6-900f1968f5ee spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site6-sriov-ping-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetworkNodePolicy metadata: name: xxvda4 namespace: openshift-sriov-network-operator spec: deviceType: netdevice isRdma: false mtu: 1500 nicSelector: deviceID: 159b pfNames: - eno12399#0-7 vendor: "8086" nodeSelector: node-role.kubernetes.io/master: "" numVfs: 8 priority: 98 resourceName: xxvda4 remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant details: - compliant: NonCompliant history: - eventName: ztp-policies.cloudransno-site6-sriov-ping-policy.172a3835779e5e80 lastTimestamp: "2022-11-23T13:00:14Z" message: 'NonCompliant; violation - sriovnetworknodepolicies not found: [xxvda4] in namespace openshift-sriov-network-operator missing' templateMeta: creationTimestamp: null name: cloudransno-site6-sriov-ping-policy-config - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-kdump-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-kdump-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"machineconfiguration.openshift.io/v1","kind":"MachineConfig","metadata":{"labels":{"machineconfiguration.openshift.io/role":"master"},"name":"06-kdump-enable-master"},"spec":{"config":{"ignition":{"version":"3.2.0"},"systemd":{"units":[{"enabled":true,"name":"kdump.service"}]}},"kernelArguments":["crashkernel=256M"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: common-kdump-policy namespace: ztp-common resourceVersion: "3277399" uid: e62298dc-0756-458a-8f74-d257d181baf6 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-kdump-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: 06-kdump-enable-master spec: config: ignition: version: 3.2.0 systemd: units: - enabled: true name: kdump.service kernelArguments: - crashkernel=256M remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: common-placementbinding placementRule: common-placementrules status: - clustername: cloudransno-site1 clusternamespace: cloudransno-site1 compliant: Compliant - clustername: cloudransno-site2 clusternamespace: cloudransno-site2 compliant: Compliant - clustername: cloudransno-site3 clusternamespace: cloudransno-site3 compliant: Compliant - clustername: cloudransno-site4 clusternamespace: cloudransno-site4 compliant: Compliant - clustername: cloudransno-site5 clusternamespace: cloudransno-site5 compliant: Compliant - clustername: cloudransno-site6 clusternamespace: cloudransno-site6 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"1"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-mon-offload-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-mon-offload-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","data":{"config.yaml":"grafana:\n enabled: false\nalertmanagerMain:\n enabled: false\nprometheusK8s:\n retention: 24h\n"},"kind":"ConfigMap","metadata":{"name":"cluster-monitoring-config","namespace":"openshift-monitoring"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "1" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: common-mon-offload-policy namespace: ztp-common resourceVersion: "3277406" uid: d35d4a69-788f-4df4-8dc9-641b9d893909 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-mon-offload-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 data: config.yaml: | grafana: enabled: false alertmanagerMain: enabled: false prometheusK8s: retention: 24h kind: ConfigMap metadata: name: cluster-monitoring-config namespace: openshift-monitoring remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: common-placementbinding placementRule: common-placementrules status: - clustername: cloudransno-site1 clusternamespace: cloudransno-site1 compliant: Compliant - clustername: cloudransno-site2 clusternamespace: cloudransno-site2 compliant: Compliant - clustername: cloudransno-site3 clusternamespace: cloudransno-site3 compliant: Compliant - clustername: cloudransno-site4 clusternamespace: cloudransno-site4 compliant: NonCompliant - clustername: cloudransno-site5 clusternamespace: cloudransno-site5 compliant: NonCompliant - clustername: cloudransno-site6 clusternamespace: cloudransno-site6 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-pao-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-pao-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"performance-addon-operator","namespace":"openshift-performance-addon-operator"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"performance-addon-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/cluster-monitoring":"true"},"name":"openshift-performance-addon-operator"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"performance-addon-operator","namespace":"openshift-performance-addon-operator"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: common-pao-sub-policy namespace: ztp-common resourceVersion: "3278456" uid: 132634aa-e6dc-40a5-8b9f-8564f861c534 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-pao-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: performance-addon-operator namespace: openshift-performance-addon-operator spec: channel: "4.10" installPlanApproval: Automatic name: performance-addon-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/cluster-monitoring: "true" name: openshift-performance-addon-operator - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: performance-addon-operator namespace: openshift-performance-addon-operator remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: common-placementbinding placementRule: common-placementrules status: - clustername: cloudransno-site1 clusternamespace: cloudransno-site1 compliant: Compliant - clustername: cloudransno-site2 clusternamespace: cloudransno-site2 compliant: Compliant - clustername: cloudransno-site3 clusternamespace: cloudransno-site3 compliant: Compliant - clustername: cloudransno-site4 clusternamespace: cloudransno-site4 compliant: NonCompliant - clustername: cloudransno-site5 clusternamespace: cloudransno-site5 compliant: NonCompliant - clustername: cloudransno-site6 clusternamespace: cloudransno-site6 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-ptp-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-ptp-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"ptp-operator-subscription","namespace":"openshift-ptp"},"spec":{"channel":"stable","installPlanApproval":"Automatic","name":"ptp-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/cluster-monitoring":"true"},"name":"openshift-ptp"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"ptp-operators","namespace":"openshift-ptp"},"spec":{"targetNamespaces":["openshift-ptp"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: common-ptp-sub-policy namespace: ztp-common resourceVersion: "33974106" uid: 1615965f-15cf-4e7c-bf96-8cc1849f2fc5 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-ptp-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ptp-operator-subscription namespace: openshift-ptp spec: channel: stable installPlanApproval: Automatic name: ptp-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/cluster-monitoring: "true" name: openshift-ptp - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: ptp-operators namespace: openshift-ptp spec: targetNamespaces: - openshift-ptp remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: common-placementbinding placementRule: common-placementrules status: - clustername: cloudransno-site1 clusternamespace: cloudransno-site1 compliant: Compliant - clustername: cloudransno-site2 clusternamespace: cloudransno-site2 compliant: Compliant - clustername: cloudransno-site3 clusternamespace: cloudransno-site3 compliant: Compliant - clustername: cloudransno-site4 clusternamespace: cloudransno-site4 compliant: NonCompliant - clustername: cloudransno-site5 clusternamespace: cloudransno-site5 compliant: NonCompliant - clustername: cloudransno-site6 clusternamespace: cloudransno-site6 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-sriov-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-sriov-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"sriov-network-operator-subscription","namespace":"openshift-sriov-network-operator"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"sriov-network-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"labels":{"openshift.io/run-level":"1"},"name":"openshift-sriov-network-operator"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"sriov-network-operators","namespace":"openshift-sriov-network-operator"},"spec":{"targetNamespaces":["openshift-sriov-network-operator"]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: common-sriov-sub-policy namespace: ztp-common resourceVersion: "33974109" uid: 84fb323e-09fc-4b10-aee2-b5a81794f638 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-sriov-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: sriov-network-operator-subscription namespace: openshift-sriov-network-operator spec: channel: "4.10" installPlanApproval: Automatic name: sriov-network-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management labels: openshift.io/run-level: "1" name: openshift-sriov-network-operator - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: sriov-network-operators namespace: openshift-sriov-network-operator spec: targetNamespaces: - openshift-sriov-network-operator remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: common-placementbinding placementRule: common-placementrules status: - clustername: cloudransno-site1 clusternamespace: cloudransno-site1 compliant: Compliant - clustername: cloudransno-site2 clusternamespace: cloudransno-site2 compliant: Compliant - clustername: cloudransno-site3 clusternamespace: cloudransno-site3 compliant: Compliant - clustername: cloudransno-site4 clusternamespace: cloudransno-site4 compliant: NonCompliant - clustername: cloudransno-site5 clusternamespace: cloudransno-site5 compliant: NonCompliant - clustername: cloudransno-site6 clusternamespace: cloudransno-site6 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-storage-sub-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-storage-sub-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"workload.openshift.io/allowed":"management"},"name":"openshift-local-storage"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"openshift-local-storage","namespace":"openshift-local-storage"},"spec":{"targetNamespaces":["openshift-local-storage"]}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"local-storage-operator","namespace":"openshift-local-storage"},"spec":{"channel":"4.10","installPlanApproval":"Automatic","name":"local-storage-operator","source":"redhat-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: common-storage-sub-policy namespace: ztp-common resourceVersion: "3278465" uid: 67170202-b2aa-4a62-b443-ade222adf73b spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-storage-sub-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: annotations: workload.openshift.io/allowed: management name: openshift-local-storage - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: openshift-local-storage namespace: openshift-local-storage spec: targetNamespaces: - openshift-local-storage - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: local-storage-operator namespace: openshift-local-storage spec: channel: "4.10" installPlanApproval: Automatic name: local-storage-operator source: redhat-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: common-placementbinding placementRule: common-placementrules status: - clustername: cloudransno-site1 clusternamespace: cloudransno-site1 compliant: Compliant - clustername: cloudransno-site2 clusternamespace: cloudransno-site2 compliant: Compliant - clustername: cloudransno-site3 clusternamespace: cloudransno-site3 compliant: Compliant - clustername: cloudransno-site4 clusternamespace: cloudransno-site4 compliant: NonCompliant - clustername: cloudransno-site5 clusternamespace: cloudransno-site5 compliant: NonCompliant - clustername: cloudransno-site6 clusternamespace: cloudransno-site6 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"2"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"common-subscriptions-policy","namespace":"ztp-common"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"common-subscriptions-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","kind":"Namespace","metadata":{"name":"vran-acceleration-operators"}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1","kind":"OperatorGroup","metadata":{"name":"vran-operators","namespace":"vran-acceleration-operators"},"spec":{"targetNamespaces":["vran-acceleration-operators"]}}},{"complianceType":"musthave","objectDefinition":{"apiVersion":"operators.coreos.com/v1alpha1","kind":"Subscription","metadata":{"name":"sriov-fec-subscription","namespace":"vran-acceleration-operators"},"spec":{"channel":"stable","installPlanApproval":"Manual","name":"sriov-fec","source":"certified-operators","sourceNamespace":"openshift-marketplace"},"status":{"state":"AtLatestKnown"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "2" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: common-subscriptions-policy namespace: ztp-common resourceVersion: "3278459" uid: abfba89b-d59b-4189-be51-4688f70848ac spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: common-subscriptions-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Namespace metadata: name: vran-acceleration-operators - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: vran-operators namespace: vran-acceleration-operators spec: targetNamespaces: - vran-acceleration-operators - complianceType: musthave objectDefinition: apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: sriov-fec-subscription namespace: vran-acceleration-operators spec: channel: stable installPlanApproval: Manual name: sriov-fec source: certified-operators sourceNamespace: openshift-marketplace status: state: AtLatestKnown remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: common-placementbinding placementRule: common-placementrules status: - clustername: cloudransno-site1 clusternamespace: cloudransno-site1 compliant: Compliant - clustername: cloudransno-site2 clusternamespace: cloudransno-site2 compliant: Compliant - clustername: cloudransno-site3 clusternamespace: cloudransno-site3 compliant: Compliant - clustername: cloudransno-site4 clusternamespace: cloudransno-site4 compliant: NonCompliant - clustername: cloudransno-site5 clusternamespace: cloudransno-site5 compliant: NonCompliant - clustername: cloudransno-site6 clusternamespace: cloudransno-site6 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"group-du-sno-mc-sctp-policy","namespace":"ztp-group-du-sno"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"group-du-sno-mc-sctp-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"machineconfiguration.openshift.io/v1","kind":"MachineConfig","metadata":{"labels":{"machineconfiguration.openshift.io/role":"master"},"name":"load-sctp-module-master"},"spec":{"config":{"ignition":{"version":"2.2.0"},"storage":{"files":[{"contents":{"source":"data:,","verification":{}},"filesystem":"root","mode":420,"path":"/etc/modprobe.d/sctp-blacklist.conf"},{"contents":{"source":"data:text/plain;charset=utf-8,sctp"},"filesystem":"root","mode":420,"path":"/etc/modules-load.d/sctp-load.conf"}]}}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: group-du-sno-mc-sctp-policy namespace: ztp-group-du-sno resourceVersion: "3278471" uid: f201e500-6320-4c06-99e8-321e3a69bb7c spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: group-du-sno-mc-sctp-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: load-sctp-module-master spec: config: ignition: version: 2.2.0 storage: files: - contents: source: data:, verification: {} filesystem: root mode: 420 path: /etc/modprobe.d/sctp-blacklist.conf - contents: source: data:text/plain;charset=utf-8,sctp filesystem: root mode: 420 path: /etc/modules-load.d/sctp-load.conf remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: group-du-sno-placementbinding placementRule: group-du-sno-placementrules status: - clustername: cloudransno-site1 clusternamespace: cloudransno-site1 compliant: Compliant - clustername: cloudransno-site2 clusternamespace: cloudransno-site2 compliant: Compliant - clustername: cloudransno-site3 clusternamespace: cloudransno-site3 compliant: Compliant - clustername: cloudransno-site4 clusternamespace: cloudransno-site4 compliant: Compliant - clustername: cloudransno-site5 clusternamespace: cloudransno-site5 compliant: Compliant - clustername: cloudransno-site6 clusternamespace: cloudransno-site6 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site1-perfprofile-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site1-perfprofile-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"performance.openshift.io/v2","kind":"PerformanceProfile","metadata":{"annotations":{"kubeletconfig.experimental":"{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n"},"name":"sno-perfprofile"},"spec":{"additionalKernelArgs":["firmware_class.path=/var/lib/firmware/","idle=poll","nohz_full=2-27,30-55","rcupdate.rcu_normal_after_boot=0","efi=runtime","intel_idle.max_cstate=0","intel_pstate=disable","numa_balancing=disable"],"cpu":{"isolated":"2-27,30-55","reserved":"0-1,28-29"},"hugepages":{"defaultHugepagesSize":"1G","pages":[{"count":8,"node":0,"size":"1G"}]},"machineConfigPoolSelector":{"pools.operator.machineconfiguration.openshift.io/master":""},"net":{"userLevelNetworking":true},"nodeSelector":{"node-role.kubernetes.io/master":""},"numa":{"topologyPolicy":"restricted"},"realTimeKernel":{"enabled":true}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site1-perfprofile-policy namespace: ztp-policies resourceVersion: "3276459" uid: e9d1b5ac-7903-4043-a049-85dd485ccce0 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site1-perfprofile-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: performance.openshift.io/v2 kind: PerformanceProfile metadata: annotations: kubeletconfig.experimental: "{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n" name: sno-perfprofile spec: additionalKernelArgs: - firmware_class.path=/var/lib/firmware/ - idle=poll - nohz_full=2-27,30-55 - rcupdate.rcu_normal_after_boot=0 - efi=runtime - intel_idle.max_cstate=0 - intel_pstate=disable - numa_balancing=disable cpu: isolated: 2-27,30-55 reserved: 0-1,28-29 hugepages: defaultHugepagesSize: 1G pages: - count: 8 node: 0 size: 1G machineConfigPoolSelector: pools.operator.machineconfiguration.openshift.io/master: "" net: userLevelNetworking: true nodeSelector: node-role.kubernetes.io/master: "" numa: topologyPolicy: restricted realTimeKernel: enabled: true remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site1-placementbinding placementRule: cloudransno-site1-placementrules status: - clustername: cloudransno-site1 clusternamespace: cloudransno-site1 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site1-ptp-config-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site1-ptp-config-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"ptp.openshift.io/v1","kind":"PtpConfig","metadata":{"name":"du-slave","namespace":"openshift-ptp"},"spec":{"profile":[{"interface":"eno12409","name":"slave","phc2sysOpts":"-a -r -n 24 -u 2","ptp4lConf":"[global]\n#\n# Default Data Set\n#\ntwoStepFlag 1\nslaveOnly 0\npriority1 128\npriority2 128\ndomainNumber 24\n#utc_offset 37\nclockClass 248\nclockAccuracy 0xFE\noffsetScaledLogVariance 0xFFFF\nfree_running 0\nfreq_est_interval 1\ndscp_event 0\ndscp_general 0\ndataset_comparison ieee1588\nG.8275.defaultDS.localPriority 128\n#\n# Port Data Set\n#\nlogAnnounceInterval -3\nlogSyncInterval -4\nlogMinDelayReqInterval -4\nlogMinPdelayReqInterval -4\nannounceReceiptTimeout 3\nsyncReceiptTimeout 0\ndelayAsymmetry 0\nfault_reset_interval -128\nneighborPropDelayThresh 20000000\nmasterOnly 0\nG.8275.portDS.localPriority 128\n#\n# Run time options\n#\nassume_two_step 0\nlogging_level 6\npath_trace_enabled 0\nfollow_up_info 0\nhybrid_e2e 0\ninhibit_multicast_service 0\nnet_sync_monitor 0\ntc_spanning_tree 0\ntx_timestamp_timeout 10\nunicast_listen 0\nunicast_master_table 0\nunicast_req_duration 3600\nuse_syslog 1\nverbose 0\nsummary_interval 0\nkernel_leap 1\ncheck_fup_sync 0\n#\n# Servo Options\n#\npi_proportional_const 0.0\npi_integral_const 0.0\npi_proportional_scale 0.0\npi_proportional_exponent -0.3\npi_proportional_norm_max 0.7\npi_integral_scale 0.0\npi_integral_exponent 0.4\npi_integral_norm_max 0.3\nstep_threshold 0.0\nfirst_step_threshold 0.00002\nmax_frequency 900000000\nclock_servo pi\nsanity_freq_limit 200000000\nntpshm_segment 0\n#\n# Transport options\n#\ntransportSpecific 0x0\nptp_dst_mac 01:1B:19:00:00:00\np2p_dst_mac 01:80:C2:00:00:0E\nudp_ttl 1\nudp6_scope 0x0E\nuds_address /var/run/ptp4l\n#\n# Default interface options\n#\nclock_type OC\nnetwork_transport UDPv4\ndelay_mechanism E2E\ntime_stamping hardware\ntsproc_mode filter\ndelay_filter moving_median\ndelay_filter_length 10\negressLatency 0\ningressLatency 0\nboundary_clock_jbod 0\n#\n# Clock description\n#\nproductDescription ;;\nrevisionData ;;\nmanufacturerIdentity 00:00:00\nuserDescription ;\ntimeSource 0xA0\n","ptp4lOpts":"-2 -s"}],"recommend":[{"match":[{"nodeLabel":"node-role.kubernetes.io/master"}],"priority":4,"profile":"slave"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site1-ptp-config-policy namespace: ztp-policies resourceVersion: "3275817" uid: ddf9ce3e-b4c7-4d2a-b6c8-c21b9bec28eb spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site1-ptp-config-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: ptp.openshift.io/v1 kind: PtpConfig metadata: name: du-slave namespace: openshift-ptp spec: profile: - interface: eno12409 name: slave phc2sysOpts: -a -r -n 24 -u 2 ptp4lConf: | [global] # # Default Data Set # twoStepFlag 1 slaveOnly 0 priority1 128 priority2 128 domainNumber 24 #utc_offset 37 clockClass 248 clockAccuracy 0xFE offsetScaledLogVariance 0xFFFF free_running 0 freq_est_interval 1 dscp_event 0 dscp_general 0 dataset_comparison ieee1588 G.8275.defaultDS.localPriority 128 # # Port Data Set # logAnnounceInterval -3 logSyncInterval -4 logMinDelayReqInterval -4 logMinPdelayReqInterval -4 announceReceiptTimeout 3 syncReceiptTimeout 0 delayAsymmetry 0 fault_reset_interval -128 neighborPropDelayThresh 20000000 masterOnly 0 G.8275.portDS.localPriority 128 # # Run time options # assume_two_step 0 logging_level 6 path_trace_enabled 0 follow_up_info 0 hybrid_e2e 0 inhibit_multicast_service 0 net_sync_monitor 0 tc_spanning_tree 0 tx_timestamp_timeout 10 unicast_listen 0 unicast_master_table 0 unicast_req_duration 3600 use_syslog 1 verbose 0 summary_interval 0 kernel_leap 1 check_fup_sync 0 # # Servo Options # pi_proportional_const 0.0 pi_integral_const 0.0 pi_proportional_scale 0.0 pi_proportional_exponent -0.3 pi_proportional_norm_max 0.7 pi_integral_scale 0.0 pi_integral_exponent 0.4 pi_integral_norm_max 0.3 step_threshold 0.0 first_step_threshold 0.00002 max_frequency 900000000 clock_servo pi sanity_freq_limit 200000000 ntpshm_segment 0 # # Transport options # transportSpecific 0x0 ptp_dst_mac 01:1B:19:00:00:00 p2p_dst_mac 01:80:C2:00:00:0E udp_ttl 1 udp6_scope 0x0E uds_address /var/run/ptp4l # # Default interface options # clock_type OC network_transport UDPv4 delay_mechanism E2E time_stamping hardware tsproc_mode filter delay_filter moving_median delay_filter_length 10 egressLatency 0 ingressLatency 0 boundary_clock_jbod 0 # # Clock description # productDescription ;; revisionData ;; manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 ptp4lOpts: -2 -s recommend: - match: - nodeLabel: node-role.kubernetes.io/master priority: 4 profile: slave remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site1-placementbinding placementRule: cloudransno-site1-placementrules status: - clustername: cloudransno-site1 clusternamespace: cloudransno-site1 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site1-sriov-dpdk-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site1-sriov-dpdk-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetworkNodePolicy","metadata":{"name":"xxvda4","namespace":"openshift-sriov-network-operator"},"spec":{"deviceType":"vfio-pci","isRdma":false,"mtu":1500,"nicSelector":{"deviceID":"159b","pfNames":["eno12399#0-1"],"vendor":"8086"},"nodeSelector":{"node-role.kubernetes.io/master":""},"numVfs":2,"priority":98,"resourceName":"xxvda4"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 2 labels: app.kubernetes.io/instance: policies name: cloudransno-site1-sriov-dpdk-policy namespace: ztp-policies resourceVersion: "30835392" uid: 02f8f37c-6abd-4a08-a4e4-63dd84ae2932 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site1-sriov-dpdk-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetworkNodePolicy metadata: name: xxvda4 namespace: openshift-sriov-network-operator spec: deviceType: vfio-pci isRdma: false mtu: 1500 nicSelector: deviceID: 159b pfNames: - eno12399#0-1 vendor: "8086" nodeSelector: node-role.kubernetes.io/master: "" numVfs: 2 priority: 98 resourceName: xxvda4 remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site1-placementbinding placementRule: cloudransno-site1-placementrules status: - clustername: cloudransno-site1 clusternamespace: cloudransno-site1 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site1-sriov-nw-dpdk-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site1-sriov-nw-dpdk-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetwork","metadata":{"name":"intel-netdevice-e810","namespace":"openshift-sriov-network-operator"},"spec":{"ipam":"{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \"address\": \"10.10.131.2/24\",\n \"gateway\": \"10.10.131.1\"\n }\n ]\n}","networkNamespace":"vdu","resourceName":"xxvda4","spoofChk":"off","trust":"on","vlan":131}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site1-sriov-nw-dpdk-policy namespace: ztp-policies resourceVersion: "3275814" uid: 4c0402fa-2385-4292-8a57-642ba3277d82 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site1-sriov-nw-dpdk-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetwork metadata: name: intel-netdevice-e810 namespace: openshift-sriov-network-operator spec: ipam: "{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \ \"address\": \"10.10.131.2/24\",\n \"gateway\": \"10.10.131.1\"\n }\n ]\n}" networkNamespace: vdu resourceName: xxvda4 spoofChk: "off" trust: "on" vlan: 131 remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site1-placementbinding placementRule: cloudransno-site1-placementrules status: - clustername: cloudransno-site1 clusternamespace: cloudransno-site1 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site1-tuned-perf-patch-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site1-tuned-perf-patch-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"tuned.openshift.io/v1","kind":"Tuned","metadata":{"name":"performance-patch","namespace":"openshift-cluster-node-tuning-operator"},"spec":{"profile":[{"data":"[main]\nsummary=Configuration changes profile inherited from performance created tuned\ninclude=openshift-node-performance-sno-perfprofile\n[bootloader]\ncmdline_crash=nohz_full=2-27,30-55\n[sysctl]\nkernel.timer_migration=1\n[scheduler]\ngroup.ice-ptp=0:f:10:*:ice-ptp.*\n[service]\nservice.stalld=start,enable\nservice.chronyd=stop,disable\n","name":"performance-patch"}],"recommend":[{"machineConfigLabels":{"machineconfiguration.openshift.io/role":"master"},"priority":19,"profile":"performance-patch"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site1-tuned-perf-patch-policy namespace: ztp-policies resourceVersion: "3275811" uid: af7f359e-744f-4afd-b0da-023ff04e13d4 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site1-tuned-perf-patch-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: tuned.openshift.io/v1 kind: Tuned metadata: name: performance-patch namespace: openshift-cluster-node-tuning-operator spec: profile: - data: | [main] summary=Configuration changes profile inherited from performance created tuned include=openshift-node-performance-sno-perfprofile [bootloader] cmdline_crash=nohz_full=2-27,30-55 [sysctl] kernel.timer_migration=1 [scheduler] group.ice-ptp=0:f:10:*:ice-ptp.* [service] service.stalld=start,enable service.chronyd=stop,disable name: performance-patch recommend: - machineConfigLabels: machineconfiguration.openshift.io/role: master priority: 19 profile: performance-patch remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site1-placementbinding placementRule: cloudransno-site1-placementrules status: - clustername: cloudransno-site1 clusternamespace: cloudransno-site1 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site2-perfprofile-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site2-perfprofile-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"performance.openshift.io/v2","kind":"PerformanceProfile","metadata":{"annotations":{"kubeletconfig.experimental":"{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n"},"name":"sno-perfprofile"},"spec":{"additionalKernelArgs":["firmware_class.path=/var/lib/firmware/","idle=poll","nohz_full=2-27,30-55","rcupdate.rcu_normal_after_boot=0","efi=runtime","intel_idle.max_cstate=0","intel_pstate=disable","numa_balancing=disable"],"cpu":{"isolated":"2-27,30-55","reserved":"0-1,28-29"},"hugepages":{"defaultHugepagesSize":"1G","pages":[{"count":8,"node":0,"size":"1G"}]},"machineConfigPoolSelector":{"pools.operator.machineconfiguration.openshift.io/master":""},"net":{"userLevelNetworking":true},"nodeSelector":{"node-role.kubernetes.io/master":""},"numa":{"topologyPolicy":"restricted"},"realTimeKernel":{"enabled":true}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site2-perfprofile-policy namespace: ztp-policies resourceVersion: "3275661" uid: 89826fa4-339d-4f5f-bdff-afe0178f10dd spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site2-perfprofile-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: performance.openshift.io/v2 kind: PerformanceProfile metadata: annotations: kubeletconfig.experimental: "{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n" name: sno-perfprofile spec: additionalKernelArgs: - firmware_class.path=/var/lib/firmware/ - idle=poll - nohz_full=2-27,30-55 - rcupdate.rcu_normal_after_boot=0 - efi=runtime - intel_idle.max_cstate=0 - intel_pstate=disable - numa_balancing=disable cpu: isolated: 2-27,30-55 reserved: 0-1,28-29 hugepages: defaultHugepagesSize: 1G pages: - count: 8 node: 0 size: 1G machineConfigPoolSelector: pools.operator.machineconfiguration.openshift.io/master: "" net: userLevelNetworking: true nodeSelector: node-role.kubernetes.io/master: "" numa: topologyPolicy: restricted realTimeKernel: enabled: true remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site2-placementbinding placementRule: cloudransno-site2-placementrules status: - clustername: cloudransno-site2 clusternamespace: cloudransno-site2 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site2-ptp-config-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site2-ptp-config-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"ptp.openshift.io/v1","kind":"PtpConfig","metadata":{"name":"du-slave","namespace":"openshift-ptp"},"spec":{"profile":[{"interface":"eno12409","name":"slave","phc2sysOpts":"-a -r -n 24 -u 2","ptp4lConf":"[global]\n#\n# Default Data Set\n#\ntwoStepFlag 1\nslaveOnly 0\npriority1 128\npriority2 128\ndomainNumber 24\n#utc_offset 37\nclockClass 248\nclockAccuracy 0xFE\noffsetScaledLogVariance 0xFFFF\nfree_running 0\nfreq_est_interval 1\ndscp_event 0\ndscp_general 0\ndataset_comparison ieee1588\nG.8275.defaultDS.localPriority 128\n#\n# Port Data Set\n#\nlogAnnounceInterval -3\nlogSyncInterval -4\nlogMinDelayReqInterval -4\nlogMinPdelayReqInterval -4\nannounceReceiptTimeout 3\nsyncReceiptTimeout 0\ndelayAsymmetry 0\nfault_reset_interval -128\nneighborPropDelayThresh 20000000\nmasterOnly 0\nG.8275.portDS.localPriority 128\n#\n# Run time options\n#\nassume_two_step 0\nlogging_level 6\npath_trace_enabled 0\nfollow_up_info 0\nhybrid_e2e 0\ninhibit_multicast_service 0\nnet_sync_monitor 0\ntc_spanning_tree 0\ntx_timestamp_timeout 10\nunicast_listen 0\nunicast_master_table 0\nunicast_req_duration 3600\nuse_syslog 1\nverbose 0\nsummary_interval 0\nkernel_leap 1\ncheck_fup_sync 0\n#\n# Servo Options\n#\npi_proportional_const 0.0\npi_integral_const 0.0\npi_proportional_scale 0.0\npi_proportional_exponent -0.3\npi_proportional_norm_max 0.7\npi_integral_scale 0.0\npi_integral_exponent 0.4\npi_integral_norm_max 0.3\nstep_threshold 0.0\nfirst_step_threshold 0.00002\nmax_frequency 900000000\nclock_servo pi\nsanity_freq_limit 200000000\nntpshm_segment 0\n#\n# Transport options\n#\ntransportSpecific 0x0\nptp_dst_mac 01:1B:19:00:00:00\np2p_dst_mac 01:80:C2:00:00:0E\nudp_ttl 1\nudp6_scope 0x0E\nuds_address /var/run/ptp4l\n#\n# Default interface options\n#\nclock_type OC\nnetwork_transport UDPv4\ndelay_mechanism E2E\ntime_stamping hardware\ntsproc_mode filter\ndelay_filter moving_median\ndelay_filter_length 10\negressLatency 0\ningressLatency 0\nboundary_clock_jbod 0\n#\n# Clock description\n#\nproductDescription ;;\nrevisionData ;;\nmanufacturerIdentity 00:00:00\nuserDescription ;\ntimeSource 0xA0\n","ptp4lOpts":"-2 -s"}],"recommend":[{"match":[{"nodeLabel":"node-role.kubernetes.io/master"}],"priority":4,"profile":"slave"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site2-ptp-config-policy namespace: ztp-policies resourceVersion: "3276305" uid: f283aff1-bd25-4ca2-ac45-d5630ecd4453 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site2-ptp-config-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: ptp.openshift.io/v1 kind: PtpConfig metadata: name: du-slave namespace: openshift-ptp spec: profile: - interface: eno12409 name: slave phc2sysOpts: -a -r -n 24 -u 2 ptp4lConf: | [global] # # Default Data Set # twoStepFlag 1 slaveOnly 0 priority1 128 priority2 128 domainNumber 24 #utc_offset 37 clockClass 248 clockAccuracy 0xFE offsetScaledLogVariance 0xFFFF free_running 0 freq_est_interval 1 dscp_event 0 dscp_general 0 dataset_comparison ieee1588 G.8275.defaultDS.localPriority 128 # # Port Data Set # logAnnounceInterval -3 logSyncInterval -4 logMinDelayReqInterval -4 logMinPdelayReqInterval -4 announceReceiptTimeout 3 syncReceiptTimeout 0 delayAsymmetry 0 fault_reset_interval -128 neighborPropDelayThresh 20000000 masterOnly 0 G.8275.portDS.localPriority 128 # # Run time options # assume_two_step 0 logging_level 6 path_trace_enabled 0 follow_up_info 0 hybrid_e2e 0 inhibit_multicast_service 0 net_sync_monitor 0 tc_spanning_tree 0 tx_timestamp_timeout 10 unicast_listen 0 unicast_master_table 0 unicast_req_duration 3600 use_syslog 1 verbose 0 summary_interval 0 kernel_leap 1 check_fup_sync 0 # # Servo Options # pi_proportional_const 0.0 pi_integral_const 0.0 pi_proportional_scale 0.0 pi_proportional_exponent -0.3 pi_proportional_norm_max 0.7 pi_integral_scale 0.0 pi_integral_exponent 0.4 pi_integral_norm_max 0.3 step_threshold 0.0 first_step_threshold 0.00002 max_frequency 900000000 clock_servo pi sanity_freq_limit 200000000 ntpshm_segment 0 # # Transport options # transportSpecific 0x0 ptp_dst_mac 01:1B:19:00:00:00 p2p_dst_mac 01:80:C2:00:00:0E udp_ttl 1 udp6_scope 0x0E uds_address /var/run/ptp4l # # Default interface options # clock_type OC network_transport UDPv4 delay_mechanism E2E time_stamping hardware tsproc_mode filter delay_filter moving_median delay_filter_length 10 egressLatency 0 ingressLatency 0 boundary_clock_jbod 0 # # Clock description # productDescription ;; revisionData ;; manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 ptp4lOpts: -2 -s recommend: - match: - nodeLabel: node-role.kubernetes.io/master priority: 4 profile: slave remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site2-placementbinding placementRule: cloudransno-site2-placementrules status: - clustername: cloudransno-site2 clusternamespace: cloudransno-site2 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site2-sriov-nw-ping-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site2-sriov-nw-ping-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetwork","metadata":{"name":"intel-netdevice-e810","namespace":"openshift-sriov-network-operator"},"spec":{"ipam":"{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \"address\": \"10.10.141.2/24\",\n \"gateway\": \"10.10.141.1\"\n }\n ]\n}","networkNamespace":"test","resourceName":"xxvda4","spoofChk":"off","trust":"on","vlan":141}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site2-sriov-nw-ping-policy namespace: ztp-policies resourceVersion: "3276302" uid: 9ebfafde-b88d-4549-a0e5-625e8fe443f8 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site2-sriov-nw-ping-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetwork metadata: name: intel-netdevice-e810 namespace: openshift-sriov-network-operator spec: ipam: "{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \ \"address\": \"10.10.141.2/24\",\n \"gateway\": \"10.10.141.1\"\n }\n ]\n}" networkNamespace: test resourceName: xxvda4 spoofChk: "off" trust: "on" vlan: 141 remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site2-placementbinding placementRule: cloudransno-site2-placementrules status: - clustername: cloudransno-site2 clusternamespace: cloudransno-site2 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site2-sriov-ping-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site2-sriov-ping-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetworkNodePolicy","metadata":{"name":"xxvda4","namespace":"openshift-sriov-network-operator"},"spec":{"deviceType":"netdevice","isRdma":false,"mtu":1500,"nicSelector":{"deviceID":"159b","pfNames":["eno12399#0-7"],"vendor":"8086"},"nodeSelector":{"node-role.kubernetes.io/master":""},"numVfs":8,"priority":98,"resourceName":"xxvda4"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site2-sriov-ping-policy namespace: ztp-policies resourceVersion: "3275654" uid: 6e6b3d56-cca9-4559-ae16-989d575df60c spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site2-sriov-ping-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetworkNodePolicy metadata: name: xxvda4 namespace: openshift-sriov-network-operator spec: deviceType: netdevice isRdma: false mtu: 1500 nicSelector: deviceID: 159b pfNames: - eno12399#0-7 vendor: "8086" nodeSelector: node-role.kubernetes.io/master: "" numVfs: 8 priority: 98 resourceName: xxvda4 remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site2-placementbinding placementRule: cloudransno-site2-placementrules status: - clustername: cloudransno-site2 clusternamespace: cloudransno-site2 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site2-tuned-perf-patch-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site2-tuned-perf-patch-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"tuned.openshift.io/v1","kind":"Tuned","metadata":{"name":"performance-patch","namespace":"openshift-cluster-node-tuning-operator"},"spec":{"profile":[{"data":"[main]\nsummary=Configuration changes profile inherited from performance created tuned\ninclude=openshift-node-performance-sno-perfprofile\n[bootloader]\ncmdline_crash=nohz_full=2-27,30-55\n[sysctl]\nkernel.timer_migration=1\n[scheduler]\ngroup.ice-ptp=0:f:10:*:ice-ptp.*\n[service]\nservice.stalld=start,enable\nservice.chronyd=stop,disable\n","name":"performance-patch"}],"recommend":[{"machineConfigLabels":{"machineconfiguration.openshift.io/role":"master"},"priority":19,"profile":"performance-patch"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site2-tuned-perf-patch-policy namespace: ztp-policies resourceVersion: "3276308" uid: b577e707-5074-4974-91ee-305a60a101dd spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site2-tuned-perf-patch-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: tuned.openshift.io/v1 kind: Tuned metadata: name: performance-patch namespace: openshift-cluster-node-tuning-operator spec: profile: - data: | [main] summary=Configuration changes profile inherited from performance created tuned include=openshift-node-performance-sno-perfprofile [bootloader] cmdline_crash=nohz_full=2-27,30-55 [sysctl] kernel.timer_migration=1 [scheduler] group.ice-ptp=0:f:10:*:ice-ptp.* [service] service.stalld=start,enable service.chronyd=stop,disable name: performance-patch recommend: - machineConfigLabels: machineconfiguration.openshift.io/role: master priority: 19 profile: performance-patch remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site2-placementbinding placementRule: cloudransno-site2-placementrules status: - clustername: cloudransno-site2 clusternamespace: cloudransno-site2 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site3-console-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site3-console-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"operator.openshift.io/v1","kind":"Console","metadata":{"annotations":{"include.release.openshift.io/ibm-cloud-managed":"false","include.release.openshift.io/self-managed-high-availability":"false","include.release.openshift.io/single-node-developer":"false","release.openshift.io/create-only":"true"},"name":"cluster"},"spec":{"logLevel":"Normal","managementState":"Removed","operatorLogLevel":"Normal"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site3-console-policy namespace: ztp-policies resourceVersion: "3275801" uid: b8971331-0b6a-4d54-bb02-f2d9f2f57d34 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site3-console-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: operator.openshift.io/v1 kind: Console metadata: annotations: include.release.openshift.io/ibm-cloud-managed: "false" include.release.openshift.io/self-managed-high-availability: "false" include.release.openshift.io/single-node-developer: "false" release.openshift.io/create-only: "true" name: cluster spec: logLevel: Normal managementState: Removed operatorLogLevel: Normal remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site3-placementbinding placementRule: cloudransno-site3-placementrules status: - clustername: cloudransno-site3 clusternamespace: cloudransno-site3 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site3-perfprofile-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site3-perfprofile-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"performance.openshift.io/v2","kind":"PerformanceProfile","metadata":{"annotations":{"kubeletconfig.experimental":"{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n"},"name":"sno-perfprofile"},"spec":{"additionalKernelArgs":["firmware_class.path=/var/lib/firmware/","idle=poll","nohz_full=2-27,30-55","rcupdate.rcu_normal_after_boot=0","efi=runtime","intel_idle.max_cstate=0","intel_pstate=disable","numa_balancing=disable"],"cpu":{"isolated":"2-27,30-55","reserved":"0-1,28-29"},"hugepages":{"defaultHugepagesSize":"1G","pages":[{"count":8,"node":0,"size":"1G"}]},"machineConfigPoolSelector":{"pools.operator.machineconfiguration.openshift.io/master":""},"net":{"userLevelNetworking":true},"nodeSelector":{"node-role.kubernetes.io/master":""},"numa":{"topologyPolicy":"restricted"},"realTimeKernel":{"enabled":true}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site3-perfprofile-policy namespace: ztp-policies resourceVersion: "3275792" uid: 273abc3a-f87c-466b-abb4-5fbfea603a33 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site3-perfprofile-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: performance.openshift.io/v2 kind: PerformanceProfile metadata: annotations: kubeletconfig.experimental: "{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n" name: sno-perfprofile spec: additionalKernelArgs: - firmware_class.path=/var/lib/firmware/ - idle=poll - nohz_full=2-27,30-55 - rcupdate.rcu_normal_after_boot=0 - efi=runtime - intel_idle.max_cstate=0 - intel_pstate=disable - numa_balancing=disable cpu: isolated: 2-27,30-55 reserved: 0-1,28-29 hugepages: defaultHugepagesSize: 1G pages: - count: 8 node: 0 size: 1G machineConfigPoolSelector: pools.operator.machineconfiguration.openshift.io/master: "" net: userLevelNetworking: true nodeSelector: node-role.kubernetes.io/master: "" numa: topologyPolicy: restricted realTimeKernel: enabled: true remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site3-placementbinding placementRule: cloudransno-site3-placementrules status: - clustername: cloudransno-site3 clusternamespace: cloudransno-site3 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site3-ptp-config-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site3-ptp-config-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"ptp.openshift.io/v1","kind":"PtpConfig","metadata":{"name":"du-slave","namespace":"openshift-ptp"},"spec":{"profile":[{"interface":"eno12409","name":"slave","phc2sysOpts":"-a -r -n 24 -u 2","ptp4lConf":"[global]\n#\n# Default Data Set\n#\ntwoStepFlag 1\nslaveOnly 0\npriority1 128\npriority2 128\ndomainNumber 24\n#utc_offset 37\nclockClass 248\nclockAccuracy 0xFE\noffsetScaledLogVariance 0xFFFF\nfree_running 0\nfreq_est_interval 1\ndscp_event 0\ndscp_general 0\ndataset_comparison ieee1588\nG.8275.defaultDS.localPriority 128\n#\n# Port Data Set\n#\nlogAnnounceInterval -3\nlogSyncInterval -4\nlogMinDelayReqInterval -4\nlogMinPdelayReqInterval -4\nannounceReceiptTimeout 3\nsyncReceiptTimeout 0\ndelayAsymmetry 0\nfault_reset_interval -128\nneighborPropDelayThresh 20000000\nmasterOnly 0\nG.8275.portDS.localPriority 128\n#\n# Run time options\n#\nassume_two_step 0\nlogging_level 6\npath_trace_enabled 0\nfollow_up_info 0\nhybrid_e2e 0\ninhibit_multicast_service 0\nnet_sync_monitor 0\ntc_spanning_tree 0\ntx_timestamp_timeout 10\nunicast_listen 0\nunicast_master_table 0\nunicast_req_duration 3600\nuse_syslog 1\nverbose 0\nsummary_interval 0\nkernel_leap 1\ncheck_fup_sync 0\n#\n# Servo Options\n#\npi_proportional_const 0.0\npi_integral_const 0.0\npi_proportional_scale 0.0\npi_proportional_exponent -0.3\npi_proportional_norm_max 0.7\npi_integral_scale 0.0\npi_integral_exponent 0.4\npi_integral_norm_max 0.3\nstep_threshold 0.0\nfirst_step_threshold 0.00002\nmax_frequency 900000000\nclock_servo pi\nsanity_freq_limit 200000000\nntpshm_segment 0\n#\n# Transport options\n#\ntransportSpecific 0x0\nptp_dst_mac 01:1B:19:00:00:00\np2p_dst_mac 01:80:C2:00:00:0E\nudp_ttl 1\nudp6_scope 0x0E\nuds_address /var/run/ptp4l\n#\n# Default interface options\n#\nclock_type OC\nnetwork_transport UDPv4\ndelay_mechanism E2E\ntime_stamping hardware\ntsproc_mode filter\ndelay_filter moving_median\ndelay_filter_length 10\negressLatency 0\ningressLatency 0\nboundary_clock_jbod 0\n#\n# Clock description\n#\nproductDescription ;;\nrevisionData ;;\nmanufacturerIdentity 00:00:00\nuserDescription ;\ntimeSource 0xA0\n","ptp4lOpts":"-2 -s"}],"recommend":[{"match":[{"nodeLabel":"node-role.kubernetes.io/master"}],"priority":4,"profile":"slave"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site3-ptp-config-policy namespace: ztp-policies resourceVersion: "3276469" uid: a8e474fe-9158-477a-8d6e-22342a504ee2 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site3-ptp-config-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: ptp.openshift.io/v1 kind: PtpConfig metadata: name: du-slave namespace: openshift-ptp spec: profile: - interface: eno12409 name: slave phc2sysOpts: -a -r -n 24 -u 2 ptp4lConf: | [global] # # Default Data Set # twoStepFlag 1 slaveOnly 0 priority1 128 priority2 128 domainNumber 24 #utc_offset 37 clockClass 248 clockAccuracy 0xFE offsetScaledLogVariance 0xFFFF free_running 0 freq_est_interval 1 dscp_event 0 dscp_general 0 dataset_comparison ieee1588 G.8275.defaultDS.localPriority 128 # # Port Data Set # logAnnounceInterval -3 logSyncInterval -4 logMinDelayReqInterval -4 logMinPdelayReqInterval -4 announceReceiptTimeout 3 syncReceiptTimeout 0 delayAsymmetry 0 fault_reset_interval -128 neighborPropDelayThresh 20000000 masterOnly 0 G.8275.portDS.localPriority 128 # # Run time options # assume_two_step 0 logging_level 6 path_trace_enabled 0 follow_up_info 0 hybrid_e2e 0 inhibit_multicast_service 0 net_sync_monitor 0 tc_spanning_tree 0 tx_timestamp_timeout 10 unicast_listen 0 unicast_master_table 0 unicast_req_duration 3600 use_syslog 1 verbose 0 summary_interval 0 kernel_leap 1 check_fup_sync 0 # # Servo Options # pi_proportional_const 0.0 pi_integral_const 0.0 pi_proportional_scale 0.0 pi_proportional_exponent -0.3 pi_proportional_norm_max 0.7 pi_integral_scale 0.0 pi_integral_exponent 0.4 pi_integral_norm_max 0.3 step_threshold 0.0 first_step_threshold 0.00002 max_frequency 900000000 clock_servo pi sanity_freq_limit 200000000 ntpshm_segment 0 # # Transport options # transportSpecific 0x0 ptp_dst_mac 01:1B:19:00:00:00 p2p_dst_mac 01:80:C2:00:00:0E udp_ttl 1 udp6_scope 0x0E uds_address /var/run/ptp4l # # Default interface options # clock_type OC network_transport UDPv4 delay_mechanism E2E time_stamping hardware tsproc_mode filter delay_filter moving_median delay_filter_length 10 egressLatency 0 ingressLatency 0 boundary_clock_jbod 0 # # Clock description # productDescription ;; revisionData ;; manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 ptp4lOpts: -2 -s recommend: - match: - nodeLabel: node-role.kubernetes.io/master priority: 4 profile: slave remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site3-placementbinding placementRule: cloudransno-site3-placementrules status: - clustername: cloudransno-site3 clusternamespace: cloudransno-site3 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site3-sriov-nw-ping-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site3-sriov-nw-ping-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetwork","metadata":{"name":"intel-netdevice-e810","namespace":"openshift-sriov-network-operator"},"spec":{"ipam":"{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \"address\": \"10.10.151.2/24\",\n \"gateway\": \"10.10.151.1\"\n }\n ]\n}","networkNamespace":"test","resourceName":"xxvda4","spoofChk":"off","trust":"on","vlan":151}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 3 labels: app.kubernetes.io/instance: policies name: cloudransno-site3-sriov-nw-ping-policy namespace: ztp-policies resourceVersion: "3344125" uid: 70cee403-4e11-4bc2-b844-e412e604dda7 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site3-sriov-nw-ping-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetwork metadata: name: intel-netdevice-e810 namespace: openshift-sriov-network-operator spec: ipam: "{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \ \"address\": \"10.10.151.2/24\",\n \"gateway\": \"10.10.151.1\"\n }\n ]\n}" networkNamespace: test resourceName: xxvda4 spoofChk: "off" trust: "on" vlan: 151 remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site3-placementbinding placementRule: cloudransno-site3-placementrules status: - clustername: cloudransno-site3 clusternamespace: cloudransno-site3 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site3-sriov-ping-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site3-sriov-ping-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetworkNodePolicy","metadata":{"name":"xxvda4","namespace":"openshift-sriov-network-operator"},"spec":{"deviceType":"netdevice","isRdma":false,"mtu":1500,"nicSelector":{"deviceID":"159b","pfNames":["eno12399#0-7"],"vendor":"8086"},"nodeSelector":{"node-role.kubernetes.io/master":""},"numVfs":8,"priority":98,"resourceName":"xxvda4"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 3 labels: app.kubernetes.io/instance: policies name: cloudransno-site3-sriov-ping-policy namespace: ztp-policies resourceVersion: "3363315" uid: 54caa84d-f80c-4d0b-9356-6d3439f3f069 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site3-sriov-ping-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetworkNodePolicy metadata: name: xxvda4 namespace: openshift-sriov-network-operator spec: deviceType: netdevice isRdma: false mtu: 1500 nicSelector: deviceID: 159b pfNames: - eno12399#0-7 vendor: "8086" nodeSelector: node-role.kubernetes.io/master: "" numVfs: 8 priority: 98 resourceName: xxvda4 remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site3-placementbinding placementRule: cloudransno-site3-placementrules status: - clustername: cloudransno-site3 clusternamespace: cloudransno-site3 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site3-tuned-perf-patch-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site3-tuned-perf-patch-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"tuned.openshift.io/v1","kind":"Tuned","metadata":{"name":"performance-patch","namespace":"openshift-cluster-node-tuning-operator"},"spec":{"profile":[{"data":"[main]\nsummary=Configuration changes profile inherited from performance created tuned\ninclude=openshift-node-performance-sno-perfprofile\n[bootloader]\ncmdline_crash=nohz_full=2-27,30-55\n[sysctl]\nkernel.timer_migration=1\n[scheduler]\ngroup.ice-ptp=0:f:10:*:ice-ptp.*\n[service]\nservice.stalld=start,enable\nservice.chronyd=stop,disable\n","name":"performance-patch"}],"recommend":[{"machineConfigLabels":{"machineconfiguration.openshift.io/role":"master"},"priority":19,"profile":"performance-patch"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site3-tuned-perf-patch-policy namespace: ztp-policies resourceVersion: "3276454" uid: f5db8097-d63a-429e-9540-292e1592ad55 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site3-tuned-perf-patch-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: tuned.openshift.io/v1 kind: Tuned metadata: name: performance-patch namespace: openshift-cluster-node-tuning-operator spec: profile: - data: | [main] summary=Configuration changes profile inherited from performance created tuned include=openshift-node-performance-sno-perfprofile [bootloader] cmdline_crash=nohz_full=2-27,30-55 [sysctl] kernel.timer_migration=1 [scheduler] group.ice-ptp=0:f:10:*:ice-ptp.* [service] service.stalld=start,enable service.chronyd=stop,disable name: performance-patch recommend: - machineConfigLabels: machineconfiguration.openshift.io/role: master priority: 19 profile: performance-patch remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site3-placementbinding placementRule: cloudransno-site3-placementrules status: - clustername: cloudransno-site3 clusternamespace: cloudransno-site3 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site4-perf-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site4-perf-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"tuned.openshift.io/v1","kind":"Tuned","metadata":{"name":"performance-patch","namespace":"openshift-cluster-node-tuning-operator"},"spec":{"profile":[{"data":"[main]\nsummary=Configuration changes profile inherited from performance created tuned\ninclude=openshift-node-performance-performance-sno\n[bootloader]\ncmdline_crash=nohz_full=2-23,26-55\n[sysctl]\nkernel.timer_migration=1\n[scheduler]\n#group.ice-ptp=0:f:10:*:ice-ptp.*\n[service]\nservice.stalld=start,enable\n#service.chronyd=stop,disable\n","name":"performance-patch"}],"recommend":[{"machineConfigLabels":{"machineconfiguration.openshift.io/role":"master"},"priority":19,"profile":"performance-patch"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site4-perf-policy namespace: ztp-policies resourceVersion: "3277396" uid: 859aed8b-315b-40fa-84cf-dcbf5493de52 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site4-perf-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: tuned.openshift.io/v1 kind: Tuned metadata: name: performance-patch namespace: openshift-cluster-node-tuning-operator spec: profile: - data: | [main] summary=Configuration changes profile inherited from performance created tuned include=openshift-node-performance-performance-sno [bootloader] cmdline_crash=nohz_full=2-23,26-55 [sysctl] kernel.timer_migration=1 [scheduler] #group.ice-ptp=0:f:10:*:ice-ptp.* [service] service.stalld=start,enable #service.chronyd=stop,disable name: performance-patch recommend: - machineConfigLabels: machineconfiguration.openshift.io/role: master priority: 19 profile: performance-patch remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: cloudransno-site4-placementbinding placementRule: cloudransno-site4-placementrules status: - clustername: cloudransno-site4 clusternamespace: cloudransno-site4 compliant: NonCompliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site4-perfprofile-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site4-perfprofile-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"performance.openshift.io/v2","kind":"PerformanceProfile","metadata":{"annotations":{"kubeletconfig.experimental":"{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n"},"name":"performance-sno"},"spec":{"additionalKernelArgs":["firmware_class.path=/var/lib/firmware/","idle=poll","rcupdate.rcu_normal_after_boot=0","nohz_full=4-39,44-79"],"cpu":{"isolated":"4,6,8,10,12,14,16,18,20,22,24,26,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110","reserved":"0,2,28,30"},"globallyDisableIrqLoadBalancing":false,"hugepages":{"defaultHugepagesSize":"1G","pages":[{"count":8,"node":0,"size":"1G"}]},"machineConfigPoolSelector":{"pools.operator.machineconfiguration.openshift.io/master":""},"net":{"userLevelNetworking":true},"nodeSelector":{"node-role.kubernetes.io/master":""},"numa":{"topologyPolicy":"restricted"},"realTimeKernel":{"enabled":true}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site4-perfprofile-policy namespace: ztp-policies resourceVersion: "3277393" uid: ee0e58a2-8cf6-484c-8f74-e616fab8f8a0 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site4-perfprofile-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: performance.openshift.io/v2 kind: PerformanceProfile metadata: annotations: kubeletconfig.experimental: "{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n" name: performance-sno spec: additionalKernelArgs: - firmware_class.path=/var/lib/firmware/ - idle=poll - rcupdate.rcu_normal_after_boot=0 - nohz_full=4-39,44-79 cpu: isolated: 4,6,8,10,12,14,16,18,20,22,24,26,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110 reserved: 0,2,28,30 globallyDisableIrqLoadBalancing: false hugepages: defaultHugepagesSize: 1G pages: - count: 8 node: 0 size: 1G machineConfigPoolSelector: pools.operator.machineconfiguration.openshift.io/master: "" net: userLevelNetworking: true nodeSelector: node-role.kubernetes.io/master: "" numa: topologyPolicy: restricted realTimeKernel: enabled: true remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: cloudransno-site4-placementbinding placementRule: cloudransno-site4-placementrules status: - clustername: cloudransno-site4 clusternamespace: cloudransno-site4 compliant: NonCompliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site4-sriov-dpdk-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site4-sriov-dpdk-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetworkNodePolicy","metadata":{"name":"xxvda4","namespace":"openshift-sriov-network-operator"},"spec":{"deviceType":"vfio-pci","isRdma":false,"mtu":1500,"nicSelector":{"deviceID":"159b","pfNames":["eno12399#0-7"],"vendor":"8086"},"nodeSelector":{"node-role.kubernetes.io/master":""},"numVfs":8,"priority":98,"resourceName":"xxvda4"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site4-sriov-dpdk-policy namespace: ztp-policies resourceVersion: "3276336" uid: c15e5304-b2a6-46f2-9926-f0f7e3759436 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site4-sriov-dpdk-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetworkNodePolicy metadata: name: xxvda4 namespace: openshift-sriov-network-operator spec: deviceType: vfio-pci isRdma: false mtu: 1500 nicSelector: deviceID: 159b pfNames: - eno12399#0-7 vendor: "8086" nodeSelector: node-role.kubernetes.io/master: "" numVfs: 8 priority: 98 resourceName: xxvda4 remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: cloudransno-site4-placementbinding placementRule: cloudransno-site4-placementrules status: - clustername: cloudransno-site4 clusternamespace: cloudransno-site4 compliant: NonCompliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site4-sriov-nw-dpdk-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site4-sriov-nw-dpdk-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetwork","metadata":{"name":"intel-netdevice-e810","namespace":"openshift-sriov-network-operator"},"spec":{"ipam":"{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \"address\": \"10.10.141.2/24\",\n \"gateway\": \"10.10.141.1\"\n }\n ]\n}","networkNamespace":"vdu","resourceName":"xxvda4","spoofChk":"off","trust":"on","vlan":0}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site4-sriov-nw-dpdk-policy namespace: ztp-policies resourceVersion: "3276853" uid: 7d0d1b6a-df44-4e16-a409-e51b8b263a05 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site4-sriov-nw-dpdk-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetwork metadata: name: intel-netdevice-e810 namespace: openshift-sriov-network-operator spec: ipam: "{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \ \"address\": \"10.10.141.2/24\",\n \"gateway\": \"10.10.141.1\"\n }\n ]\n}" networkNamespace: vdu resourceName: xxvda4 spoofChk: "off" trust: "on" vlan: 0 remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: cloudransno-site4-placementbinding placementRule: cloudransno-site4-placementrules status: - clustername: cloudransno-site4 clusternamespace: cloudransno-site4 compliant: NonCompliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site5-perf-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site5-perf-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"tuned.openshift.io/v1","kind":"Tuned","metadata":{"name":"performance-patch","namespace":"openshift-cluster-node-tuning-operator"},"spec":{"profile":[{"data":"[main]\nsummary=Configuration changes profile inherited from performance created tuned\ninclude=openshift-node-performance-performance-sno\n[bootloader]\ncmdline_crash=nohz_full=2-23,26-55\n[sysctl]\nkernel.timer_migration=1\n[scheduler]\n#group.ice-ptp=0:f:10:*:ice-ptp.*\n[service]\nservice.stalld=start,enable\n#service.chronyd=stop,disable\n","name":"performance-patch"}],"recommend":[{"machineConfigLabels":{"machineconfiguration.openshift.io/role":"master"},"priority":19,"profile":"performance-patch"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site5-perf-policy namespace: ztp-policies resourceVersion: "3276264" uid: 0d68f4e5-24c9-4559-a68b-21d4047110af spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site5-perf-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: tuned.openshift.io/v1 kind: Tuned metadata: name: performance-patch namespace: openshift-cluster-node-tuning-operator spec: profile: - data: | [main] summary=Configuration changes profile inherited from performance created tuned include=openshift-node-performance-performance-sno [bootloader] cmdline_crash=nohz_full=2-23,26-55 [sysctl] kernel.timer_migration=1 [scheduler] #group.ice-ptp=0:f:10:*:ice-ptp.* [service] service.stalld=start,enable #service.chronyd=stop,disable name: performance-patch recommend: - machineConfigLabels: machineconfiguration.openshift.io/role: master priority: 19 profile: performance-patch remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: cloudransno-site5-placementbinding placementRule: cloudransno-site5-placementrules status: - clustername: cloudransno-site5 clusternamespace: cloudransno-site5 compliant: NonCompliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site5-perfprofile-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site5-perfprofile-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"performance.openshift.io/v2","kind":"PerformanceProfile","metadata":{"annotations":{"kubeletconfig.experimental":"{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n"},"name":"performance-sno"},"spec":{"additionalKernelArgs":["firmware_class.path=/var/lib/firmware/","idle=poll","rcupdate.rcu_normal_after_boot=0","nohz_full=4-39,44-79"],"cpu":{"isolated":"4,6,8,10,12,14,16,18,20,22,24,26,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110","reserved":"0,2,28,30"},"globallyDisableIrqLoadBalancing":false,"hugepages":{"defaultHugepagesSize":"1G","pages":[{"count":8,"node":0,"size":"1G"}]},"machineConfigPoolSelector":{"pools.operator.machineconfiguration.openshift.io/master":""},"net":{"userLevelNetworking":true},"nodeSelector":{"node-role.kubernetes.io/master":""},"numa":{"topologyPolicy":"restricted"},"realTimeKernel":{"enabled":true}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site5-perfprofile-policy namespace: ztp-policies resourceVersion: "3276798" uid: f45ac43b-9490-4b71-8036-e3732253d07d spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site5-perfprofile-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: performance.openshift.io/v2 kind: PerformanceProfile metadata: annotations: kubeletconfig.experimental: "{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n" name: performance-sno spec: additionalKernelArgs: - firmware_class.path=/var/lib/firmware/ - idle=poll - rcupdate.rcu_normal_after_boot=0 - nohz_full=4-39,44-79 cpu: isolated: 4,6,8,10,12,14,16,18,20,22,24,26,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110 reserved: 0,2,28,30 globallyDisableIrqLoadBalancing: false hugepages: defaultHugepagesSize: 1G pages: - count: 8 node: 0 size: 1G machineConfigPoolSelector: pools.operator.machineconfiguration.openshift.io/master: "" net: userLevelNetworking: true nodeSelector: node-role.kubernetes.io/master: "" numa: topologyPolicy: restricted realTimeKernel: enabled: true remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: cloudransno-site5-placementbinding placementRule: cloudransno-site5-placementrules status: - clustername: cloudransno-site5 clusternamespace: cloudransno-site5 compliant: NonCompliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site5-sriov-nw-ping-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site5-sriov-nw-ping-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetwork","metadata":{"name":"intel-netdevice-e810","namespace":"openshift-sriov-network-operator"},"spec":{"ipam":"{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \"address\": \"10.10.151.2/24\",\n \"gateway\": \"10.10.151.1\"\n }\n ]\n}","networkNamespace":"test","resourceName":"xxvda4","spoofChk":"off","trust":"on","vlan":0}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site5-sriov-nw-ping-policy namespace: ztp-policies resourceVersion: "3276261" uid: 71a4434c-2f81-4248-ab69-d211502d151b spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site5-sriov-nw-ping-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetwork metadata: name: intel-netdevice-e810 namespace: openshift-sriov-network-operator spec: ipam: "{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \ \"address\": \"10.10.151.2/24\",\n \"gateway\": \"10.10.151.1\"\n }\n ]\n}" networkNamespace: test resourceName: xxvda4 spoofChk: "off" trust: "on" vlan: 0 remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: cloudransno-site5-placementbinding placementRule: cloudransno-site5-placementrules status: - clustername: cloudransno-site5 clusternamespace: cloudransno-site5 compliant: NonCompliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site5-sriov-ping-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site5-sriov-ping-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetworkNodePolicy","metadata":{"name":"xxvda4","namespace":"openshift-sriov-network-operator"},"spec":{"deviceType":"netdevice","isRdma":false,"mtu":1500,"nicSelector":{"deviceID":"159b","pfNames":["eno12399#0-7"],"vendor":"8086"},"nodeSelector":{"node-role.kubernetes.io/master":""},"numVfs":8,"priority":98,"resourceName":"xxvda4"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site5-sriov-ping-policy namespace: ztp-policies resourceVersion: "3277324" uid: 064a0149-c3a8-4182-9ff0-d1059b557bcf spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site5-sriov-ping-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetworkNodePolicy metadata: name: xxvda4 namespace: openshift-sriov-network-operator spec: deviceType: netdevice isRdma: false mtu: 1500 nicSelector: deviceID: 159b pfNames: - eno12399#0-7 vendor: "8086" nodeSelector: node-role.kubernetes.io/master: "" numVfs: 8 priority: 98 resourceName: xxvda4 remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: cloudransno-site5-placementbinding placementRule: cloudransno-site5-placementrules status: - clustername: cloudransno-site5 clusternamespace: cloudransno-site5 compliant: NonCompliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site6-fec-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site6-fec-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"sriovfec.intel.com/v2","kind":"SriovFecClusterConfig","metadata":{"name":"config","namespace":"vran-acceleration-operators"},"spec":{"acceleratorSelector":{"pciAddress":"0000:4b:00.0"},"drainSkip":true,"nodeSelector":{"node-role.kubernetes.io/master":""},"physicalFunction":{"bbDevConfig":{"acc100":{"downlink4G":{"aqDepthLog2":4,"numAqsPerGroups":16,"numQueueGroups":0},"downlink5G":{"aqDepthLog2":4,"numAqsPerGroups":16,"numQueueGroups":4},"maxQueueSize":1024,"numVfBundles":16,"pfMode":false,"uplink4G":{"aqDepthLog2":4,"numAqsPerGroups":16,"numQueueGroups":0},"uplink5G":{"aqDepthLog2":4,"numAqsPerGroups":16,"numQueueGroups":4}}},"pfDriver":"pci-pf-stub","vfAmount":16,"vfDriver":"vfio-pci"},"priority":1}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site6-fec-policy namespace: ztp-policies resourceVersion: "3276109" uid: ba4174ac-4b88-4788-903e-d17c2827c6d4 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site6-fec-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: sriovfec.intel.com/v2 kind: SriovFecClusterConfig metadata: name: config namespace: vran-acceleration-operators spec: acceleratorSelector: pciAddress: 0000:4b:00.0 drainSkip: true nodeSelector: node-role.kubernetes.io/master: "" physicalFunction: bbDevConfig: acc100: downlink4G: aqDepthLog2: 4 numAqsPerGroups: 16 numQueueGroups: 0 downlink5G: aqDepthLog2: 4 numAqsPerGroups: 16 numQueueGroups: 4 maxQueueSize: 1024 numVfBundles: 16 pfMode: false uplink4G: aqDepthLog2: 4 numAqsPerGroups: 16 numQueueGroups: 0 uplink5G: aqDepthLog2: 4 numAqsPerGroups: 16 numQueueGroups: 4 pfDriver: pci-pf-stub vfAmount: 16 vfDriver: vfio-pci priority: 1 remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site6-placementbinding placementRule: cloudransno-site6-placementrules status: - clustername: cloudransno-site6 clusternamespace: cloudransno-site6 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site6-perf-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site6-perf-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"tuned.openshift.io/v1","kind":"Tuned","metadata":{"name":"performance-patch","namespace":"openshift-cluster-node-tuning-operator"},"spec":{"profile":[{"data":"[main]\nsummary=Configuration changes profile inherited from performance created tuned\ninclude=openshift-node-performance-performance-sno\n[bootloader]\ncmdline_crash=nohz_full=2-23,26-55\n[sysctl]\nkernel.timer_migration=1\n[scheduler]\n#group.ice-ptp=0:f:10:*:ice-ptp.*\n[service]\nservice.stalld=start,enable\n#service.chronyd=stop,disable\n","name":"performance-patch"}],"recommend":[{"machineConfigLabels":{"machineconfiguration.openshift.io/role":"master"},"priority":19,"profile":"performance-patch"}]}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site6-perf-policy namespace: ztp-policies resourceVersion: "3275552" uid: 48d29351-885e-4c67-a6d7-ce734dba434b spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site6-perf-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: tuned.openshift.io/v1 kind: Tuned metadata: name: performance-patch namespace: openshift-cluster-node-tuning-operator spec: profile: - data: | [main] summary=Configuration changes profile inherited from performance created tuned include=openshift-node-performance-performance-sno [bootloader] cmdline_crash=nohz_full=2-23,26-55 [sysctl] kernel.timer_migration=1 [scheduler] #group.ice-ptp=0:f:10:*:ice-ptp.* [service] service.stalld=start,enable #service.chronyd=stop,disable name: performance-patch recommend: - machineConfigLabels: machineconfiguration.openshift.io/role: master priority: 19 profile: performance-patch remediationAction: inform severity: low remediationAction: inform status: compliant: Compliant placement: - placementBinding: cloudransno-site6-placementbinding placementRule: cloudransno-site6-placementrules status: - clustername: cloudransno-site6 clusternamespace: cloudransno-site6 compliant: Compliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"10"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site6-perfprofile-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site6-perfprofile-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"performance.openshift.io/v2","kind":"PerformanceProfile","metadata":{"annotations":{"kubeletconfig.experimental":"{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n"},"name":"performance-sno"},"spec":{"additionalKernelArgs":["firmware_class.path=/var/lib/firmware/","idle=poll","rcupdate.rcu_normal_after_boot=0","nohz_full=4-39,44-79","intel_iommu=on"],"cpu":{"isolated":"4,6,8,10,12,14,16,18,20,22,24,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110","reserved":"0,2,28,30"},"globallyDisableIrqLoadBalancing":false,"hugepages":{"defaultHugepagesSize":"1G","pages":[{"count":8,"node":0,"size":"1G"}]},"machineConfigPoolSelector":{"pools.operator.machineconfiguration.openshift.io/master":""},"net":{"userLevelNetworking":true},"nodeSelector":{"node-role.kubernetes.io/master":""},"numa":{"topologyPolicy":"restricted"},"realTimeKernel":{"enabled":true}}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "10" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site6-perfprofile-policy namespace: ztp-policies resourceVersion: "3276116" uid: 543c7175-5a86-45a6-9274-7aa003fcfd76 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site6-perfprofile-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: musthave objectDefinition: apiVersion: performance.openshift.io/v2 kind: PerformanceProfile metadata: annotations: kubeletconfig.experimental: "{\"topologyManagerScope\": \"pod\", \n \"systemReserved\": {\"memory\": \"10.5Gi\"}\n}\n" name: performance-sno spec: additionalKernelArgs: - firmware_class.path=/var/lib/firmware/ - idle=poll - rcupdate.rcu_normal_after_boot=0 - nohz_full=4-39,44-79 - intel_iommu=on cpu: isolated: 4,6,8,10,12,14,16,18,20,22,24,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110 reserved: 0,2,28,30 globallyDisableIrqLoadBalancing: false hugepages: defaultHugepagesSize: 1G pages: - count: 8 node: 0 size: 1G machineConfigPoolSelector: pools.operator.machineconfiguration.openshift.io/master: "" net: userLevelNetworking: true nodeSelector: node-role.kubernetes.io/master: "" numa: topologyPolicy: restricted realTimeKernel: enabled: true remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: cloudransno-site6-placementbinding placementRule: cloudransno-site6-placementrules status: - clustername: cloudransno-site6 clusternamespace: cloudransno-site6 compliant: NonCompliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site6-sriov-nw-ping-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site6-sriov-nw-ping-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetwork","metadata":{"name":"intel-netdevice-e810","namespace":"openshift-sriov-network-operator"},"spec":{"ipam":"{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \"address\": \"10.10.151.2/24\",\n \"gateway\": \"10.10.151.1\"\n }\n ]\n}","networkNamespace":"test","resourceName":"xxvda4","spoofChk":"off","trust":"on","vlan":0}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site6-sriov-nw-ping-policy namespace: ztp-policies resourceVersion: "3276767" uid: a481b242-5ebf-4966-957f-debb96b7e858 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site6-sriov-nw-ping-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetwork metadata: name: intel-netdevice-e810 namespace: openshift-sriov-network-operator spec: ipam: "{\n \"type\": \"static\",\n \"addresses\": [ \n {\n \ \"address\": \"10.10.151.2/24\",\n \"gateway\": \"10.10.151.1\"\n }\n ]\n}" networkNamespace: test resourceName: xxvda4 spoofChk: "off" trust: "on" vlan: 0 remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: cloudransno-site6-placementbinding placementRule: cloudransno-site6-placementrules status: - clustername: cloudransno-site6 clusternamespace: cloudransno-site6 compliant: NonCompliant - apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"policy.open-cluster-management.io/v1","kind":"Policy","metadata":{"annotations":{"policy.open-cluster-management.io/categories":"CM Configuration Management","policy.open-cluster-management.io/controls":"CM-2 Baseline Configuration","policy.open-cluster-management.io/standards":"NIST SP 800-53","ran.openshift.io/ztp-deploy-wave":"100"},"labels":{"app.kubernetes.io/instance":"policies"},"name":"cloudransno-site6-sriov-ping-policy","namespace":"ztp-policies"},"spec":{"disabled":false,"policy-templates":[{"objectDefinition":{"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"cloudransno-site6-sriov-ping-policy-config"},"spec":{"namespaceselector":{"exclude":["kube-*"],"include":["*"]},"object-templates":[{"complianceType":"mustonlyhave","objectDefinition":{"apiVersion":"sriovnetwork.openshift.io/v1","kind":"SriovNetworkNodePolicy","metadata":{"name":"xxvda4","namespace":"openshift-sriov-network-operator"},"spec":{"deviceType":"netdevice","isRdma":false,"mtu":1500,"nicSelector":{"deviceID":"159b","pfNames":["eno12399#0-7"],"vendor":"8086"},"nodeSelector":{"node-role.kubernetes.io/master":""},"numVfs":8,"priority":98,"resourceName":"xxvda4"}}}],"remediationAction":"inform","severity":"low"}}}],"remediationAction":"inform"}} policy.open-cluster-management.io/categories: CM Configuration Management policy.open-cluster-management.io/controls: CM-2 Baseline Configuration policy.open-cluster-management.io/standards: NIST SP 800-53 ran.openshift.io/ztp-deploy-wave: "100" creationTimestamp: "2022-11-23T12:59:59Z" generation: 1 labels: app.kubernetes.io/instance: policies name: cloudransno-site6-sriov-ping-policy namespace: ztp-policies resourceVersion: "3276112" uid: 51f89392-e652-453c-983b-47306fd08577 spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: cloudransno-site6-sriov-ping-policy-config spec: namespaceselector: exclude: - kube-* include: - '*' object-templates: - complianceType: mustonlyhave objectDefinition: apiVersion: sriovnetwork.openshift.io/v1 kind: SriovNetworkNodePolicy metadata: name: xxvda4 namespace: openshift-sriov-network-operator spec: deviceType: netdevice isRdma: false mtu: 1500 nicSelector: deviceID: 159b pfNames: - eno12399#0-7 vendor: "8086" nodeSelector: node-role.kubernetes.io/master: "" numVfs: 8 priority: 98 resourceName: xxvda4 remediationAction: inform severity: low remediationAction: inform status: compliant: NonCompliant placement: - placementBinding: cloudransno-site6-placementbinding placementRule: cloudransno-site6-placementrules status: - clustername: cloudransno-site6 clusternamespace: cloudransno-site6 compliant: NonCompliant kind: List metadata: resourceVersion: "" selfLink: ""