community/CM-Configuration-Management/policy-vsphere-machine-set.yaml

# This policy creates 1 OpenShift MachineSet that are intended for infrastructure workloads.
# 
# The following information is required to create the machine set:
#   infrastructureID: the infrastructure ID label that is based on the cluster ID that is set when provisioning the cluster.
#   networkName: Specify the vSphere VM network to deploy the machine set to. This VM network must be where other compute machines reside in the cluster.
#   datacenterName: Specify the vCenter Datacenter to deploy the machine set on.
#   datastoreName: Specify the vCenter Datastore to deploy the machine set on.
#   vSphereFolderName: Specify the path to the vSphere VM folder in vCenter.
#   resourcePoolName: Specify the vSphere resource pool for your VMs.
#   vCenterServer: Specify the vCenter server IP or fully qualified domain name.
#   
# For more information on creating a machine set on vSphere, consult the OpenShift documentation: 
# https://docs.openshift.com/container-platform/4.10/machine_management/creating_machinesets/creating-machineset-vsphere.html
#
# More details on Infrastructure Nodes in OpenShift 4 here:
# https://access.redhat.com/solutions/5034771
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
  name: policy-vsphere-machineset-infra
  annotations:
    policy.open-cluster-management.io/standards: NIST SP 800-53
    policy.open-cluster-management.io/categories: CM Configuration Management
    policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
spec:
  remediationAction: inform
  disabled: false
  policy-templates:
    - objectDefinition:
        apiVersion: policy.open-cluster-management.io/v1
        kind: ConfigurationPolicy
        metadata:
          name: <infrastructureID>-infra
        spec:
          severity: high
          object-templates:
            - complianceType: mustonlyhave
              objectDefinition:
                apiVersion: machine.openshift.io/v1beta1
                kind: MachineSet
                metadata:
                  name: <infrastructureID>-infra
                  namespace: openshift-machine-api
                  labels:
                    machine.openshift.io/cluster-api-cluster: <infrastructureID>
                spec:
                  replicas: 2
                  selector:
                    matchLabels:
                      machine.openshift.io/cluster-api-cluster: <infrastructureID>
                      machine.openshift.io/cluster-api-machineset: <infrastructureID>-infra
                  template:
                    metadata:
                      labels:
                        machine.openshift.io/cluster-api-cluster: <infrastructureID>
                        machine.openshift.io/cluster-api-machine-role: infra
                        machine.openshift.io/cluster-api-machine-type: infra
                        machine.openshift.io/cluster-api-machineset: <infrastructureID>-infra
                    spec:
                      metadata:
                        labels:
                          node-role.kubernetes.io/infra: ""
                      providerSpec:
                        value:
                          apiVersion: machine.openshift.io/v1beta1
                          credentialsSecret:
                            name: vsphere-cloud-credentials
                          diskGiB: 100
                          kind: VSphereMachineProviderSpec
                          memoryMiB: 16384
                          network:
                            devices:
                              - networkName: <networkName>
                          numCPUs: 4
                          numCoresPerSocket: 2
                          snapshot: ""
                          template: <infrastructureID>-rhcos
                          userDataSecret:
                            name: worker-user-data
                          workspace:
                            datacenter: <datacenterName>
                            datastore: <datastoreName>
                            folder: <vSphereFolderName>
                            resourcePool: <resourcePoolName>
                            server: <vCenterServer>
          pruneObjectBehavior: DeleteIfCreated
          remediationAction: inform
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
  name: policy-vsphere-machineset-infra-placement
placementRef:
  name: policy-vsphere-machineset-infra-placement
  apiGroup: apps.open-cluster-management.io
  kind: PlacementRule
subjects:
  - name: policy-vsphere-machineset-infra
    apiGroup: policy.open-cluster-management.io
    kind: Policy
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
  name: policy-vsphere-machineset-infra-placement
spec:
  clusterSelector:
    matchExpressions:
      - key: environment
        operator: In
        values:
          - dev
  clusterConditions:
  - status: "True"
    type: ManagedClusterConditionAvailable