karmada-io
/
karmada
mirror of https://github.com/karmada-io/karmada.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve document readability 

Signed-off-by: AllenZMC <zhongming.chang@daocloud.io>
This commit is contained in:
AllenZMC 2022-06-17 11:29:46 +08:00
parent 777ec88694
commit 8ac8e00bbb
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/working-with-kyverno.md
View File

@ -9,7 +9,7 @@ This document gives an example to demonstrate how to use the `Kyverno` to manage
You just need to clone Karmada repo, and run the following script in Karmada directory.
```
```console
hack/local-up-karmada.sh
```
@ -19,9 +19,9 @@ In this case, we will use Kyverno v1.6.2. Related deployment files are from [her
### Install Kyverno APIs on Karmada
1. Create resource objects of Kyverno in karmada controller plane, the content is as follows.
1. Create resource objects of Kyverno in Karmada controller plane, the content is as follows.
```console
```shell
kubectl config use-context karmada-apiserver
```
@ -35,7 +35,7 @@ In this case, we will use Kyverno v1.6.2. Related deployment files are from [her
1. Create resource objects of Kyverno in karmada-host context, the content is as follows.
```console
```shell
kubectl config use-context karmada-host
```
@ -269,16 +269,17 @@ In this case, we will use Kyverno v1.6.2. Related deployment files are from [her
namespace: kyverno
```
For multi-cluster deployment, We need to add the config of `--serverIP` which is the address of the webhook server. So you need to ensure that the network from node in karmada control plane to those in karmada-host cluster is connected and expose kyverno controller pods to control plane, for example, using `nodePort` above. Then, fill in the secret which represents kubeconfig pointing to karmada-apiserver, such as **ca_crt, client_cer and client_key** above.
For multi-cluster deployment, we need to add the config of `--serverIP` which is the address of the webhook server. So you need to ensure that the network from node in Karmada control plane to those in karmada-host cluster is connected and expose Kyverno controller pods to control plane, for example, using `nodePort` above. Then, fill in the secret which represents kubeconfig pointing to karmada-apiserver, such as **ca_crt, client_cer and client_key** above.
## Run demo
### Create require-labels ClusterPolicy
ClusterPolicy is a CRD which `kyverno` offers to support different kinds of rules. Here is an example ClusterPolicy which means that you must create pod with `app.kubernetes.io/name` label.
ClusterPolicy is a CRD which `Kyverno` offers to support different kinds of rules. Here is an example ClusterPolicy which means that you must create pod with `app.kubernetes.io/name` label.
```console
```shell
kubectl config use-context karmada-apiserver
```
```console
kubectl create -f- << EOF
apiVersion: kyverno.io/v1