2.3.3.3. IAM 策略示例
apiVersion: policy.open-cluster-management.io/v1
kind: IamPolicy # limit clusteradminrole and report violation
metadata:
name: {{name}}-example
spec:
severity: medium
namespaceSelector:
include: ["*"]
exclude: ["kube-*", "openshift-*"]
remediationAction: inform # will be overridden by remediationAction in parent policy
maxClusterRoleBindingUsers: 5