community/CM-Configuration-Management/policy-automation-operator.yaml

# This policy installs the Ansible Automation Platform operator.  Many
# new custom resources are defined that can be added to this policy to
# install additional components of the Ansible Automation Platform.
# This policy creates the Operator, a Controller Instance and an Automation Hub.
# For more details on setting up Ansible, see:
# https://access.redhat.com/documentation/en-us/red_hat_ansible_automation_platform/2.3/html/getting_started_with_automation_hub/index
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
  name: policy-ansible-automation-operator
  annotations:
    policy.open-cluster-management.io/standards: NIST 800-53
    policy.open-cluster-management.io/categories: CM Configuration Management
    policy.open-cluster-management.io/controls: CM-2 Baseline
spec:
  disabled: false
  policy-templates:
    - objectDefinition:
        apiVersion: policy.open-cluster-management.io/v1
        kind: ConfigurationPolicy
        metadata:
          name: ansible-automation-platform
        spec:
          remediationAction: enforce
          severity: high
          object-templates:
            - complianceType: musthave
              objectDefinition:
                apiVersion: v1
                kind: Namespace
                metadata:
                  name: ansible-automation-platform
            - complianceType: musthave
              objectDefinition:
                apiVersion: operators.coreos.com/v1
                kind: OperatorGroup
                metadata:
                  name: ansible-automation-operator-gp
                  namespace: ansible-automation-platform
            - complianceType: musthave
              objectDefinition:
                apiVersion: operators.coreos.com/v1alpha1
                kind: Subscription
                metadata:
                  name: ansible-automation-operator
                  namespace: ansible-automation-platform
                spec:
                  installPlanApproval: Automatic
                  name: ansible-automation-platform-operator
                  source: redhat-operators
                  sourceNamespace: openshift-marketplace
            - complianceType: musthave
              objectDefinition:
                apiVersion: automationhub.ansible.com/v1beta1
                kind: AutomationHub
                metadata:
                  name: automation-hub
                  namespace: ansible-automation-platform
                spec:
                  route_tls_termination_mechanism: Edge
                  ingress_type: Route
                  loadbalancer_port: 80
                  file_storage_size: 100Gi
                  image_pull_policy: IfNotPresent
                  web:
                    replicas: 1
                  file_storage_access_mode: ReadWriteOnce
                  content:
                    log_level: INFO
                    replicas: 2
                  postgres_storage_requirements:
                    limits:
                      storage: 50Gi
                    requests:
                      storage: 8Gi
                  api:
                    log_level: INFO
                    replicas: 1
                  postgres_resource_requirements:
                    limits:
                      cpu: 1000m
                      memory: 8Gi
                    requests:
                      cpu: 500m
                      memory: 2Gi
                  loadbalancer_protocol: http
                  resource_manager:
                    replicas: 1
                  storage_type: File
                  worker:
                    replicas: 2
            - complianceType: musthave
              objectDefinition:
                apiVersion: automationcontroller.ansible.com/v1beta1
                kind: AutomationController
                metadata:
                  name: automation
                  namespace: ansible-automation-platform
                spec:
                  admin_user: admin
                  create_preload_data: true
                  garbage_collect_secrets: false
                  image_pull_policy: IfNotPresent
                  loadbalancer_port: 80
                  loadbalancer_protocol: http
                  nodeport_port: 30080
                  projects_persistence: false
                  projects_storage_access_mode: ReadWriteMany
                  projects_storage_size: 8Gi
                  replicas: 1
                  route_tls_termination_mechanism: Edge
                  task_privileged: false
    - objectDefinition:
        apiVersion: policy.open-cluster-management.io/v1
        kind: ConfigurationPolicy
        metadata:
          name: ansible-automation-platform-status
        spec:
          remediationAction: inform 
          severity: high
          object-templates:
            - complianceType: musthave
              objectDefinition:
                apiVersion: operators.coreos.com/v1alpha1
                kind: ClusterServiceVersion
                metadata:
                  namespace: ansible-automation-platform
                spec:
                  displayName: Ansible Automation Platform
                status:
                  phase: Succeeded   # check the csv status to determine if operator is running or not
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
  name: binding-policy-ansible-automation-operator
placementRef:
  name: placement-policy-ansible-automation-operator
  kind: PlacementRule
  apiGroup: apps.open-cluster-management.io
subjects:
  - name: policy-ansible-automation-operator
    kind: Policy
    apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
  name: placement-policy-ansible-automation-operator
spec:
  clusterConditions:
    - status: 'True'
      type: ManagedClusterConditionAvailable
  clusterSelector:
    matchExpressions:
      - key: environment
        operator: In
        values:
          - dev