Managing policies on Kubernetes
As administrators, you define what end-users can do on a cluster to comply with organization requirements. This section outlines the steps on how to manage policies in a Kubernetes environment.
Before you begin
About this task
You can manage your policies on Kubernetes by modifying copies of
policies.user.xml and
policies.server.xml files and adding an
overrideCommunityPolicy parameter to
values.yaml
.
To manage your policies on Kubernetes, follow these steps:
Procedure
-
Create a directory to store the extra community policy files. Move the copied
files to the new directory. In the example below, the directory is called
extra-community-policy.
extra-community-policy
- Switch to the extra-community-policy directory. Edit the policy files and save the changes.
-
Copy the following extra community policy files out of the container to a local
directory.
kubectl exec -it <podID> --container community -- cat /local/notesdata/policies.user.xml > ./policies.user.xml kubectl exec -it <podID> --container community -- cat /local/notesdata/policies.server.xml > ./policies.server.xml
Note: Both files are needed even if you are updating only one file.To find and identify the <podID>, run the command:kubectl get po
-
Create the extra-community-policy ConfigMap from the directory with the policy
files with the command:
kubectl create configmap extra-community-policy --from-file=./
-
Edit
values.yaml
and add:overrideCommunityPolicy: extra-community-policy
-
Run the command:
helm upgrade <sametime_deployment>
-
Scale the community pod.
kubectl scale deploy community --replicas=0 kubectl scale deploy community --replicas=1
Updating configuration values
Before you begin
Procedure
-
Delete the ConfigMap extra-community-policy:
kubectl delete cm extra-community-policy
- Locate and edit the policies as necessary.
-
Create the extra-community-policy ConfigMap:
kubectl create configmap extra-community-policy --from-file=./
-
Scale the community pod.
kubectl scale deploy community --replicas=0 kubectl scale deploy community --replicas=1