RHACM
Definition
Red Hat Advanced Cluster Management (RHACM) for Kubernetes is a tool that provides end-to-end visibility and control for managing Kubernetes clusters across multiple environments. It enables centralized management of cluster lifecycle, application deployment, and security policies, ensuring consistent governance and compliance across hybrid cloud infrastructures.
Secure Settings Example
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
name: enforce-pod-security-standards
spec:
remediationAction: enforce
policy-templates:
- objectDefinition:
apiVersion: policy/v1
kind: PodSecurityPolicy
metadata:
name: restricted-psp
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
runAsUser:
rule: 'MustRunAsNonRoot'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
Insecure Settings Example
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
name: allow-privileged-pods
spec:
remediationAction: inform
policy-templates:
- objectDefinition:
apiVersion: policy/v1
kind: PodSecurityPolicy
metadata:
name: permissive-psp
spec:
privileged: true
allowPrivilegeEscalation: true
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'RunAsAny'
fsGroup:
rule: 'RunAsAny'