Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

open-cluster-management.io/policy-generator-plugin

Package Overview
Dependencies
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

open-cluster-management.io/policy-generator-plugin

Go
Version
v1.17.0
Version published
Created
Source

Policy Generator

Overview

The Policy Generator constructs Open Cluster Management policies from Kubernetes YAML files provided through a PolicyGenerator Custom Resource. The Policy Generator is a binary compiled for use as a kustomize exec plugin.

For more about Open Cluster Management and its Policy Framework:

Install the Policy Generator

Prerequisite

Create the plugin directory (optional if using the generator without Kustomize):

mkdir -p ${HOME}/.config/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator

NOTE: The default directory for Kustomize plugins is ${HOME}/.config/kustomize/plugin/, which is used directly in this readme. You can change this by exporting KUSTOMIZE_PLUGIN_HOME to a different path and updating the root of the paths used in this document.

Install the binary

Download a released version

  • Download the precompiled plugin binary from the release of your choice.

  • Make the binary executable and move the binary to the plugin directory:

    • Linux:

      chmod +x linux-amd64-PolicyGenerator
mv linux-amd64-PolicyGenerator ${HOME}/.config/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator/PolicyGenerator

    • MacOS:

      chmod +x darwin-amd64-PolicyGenerator
mv darwin-amd64-PolicyGenerator ${HOME}/.config/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator/PolicyGenerator

Use go install (available for v1.11.0 and higher)

Set the GOBIN to the plugin directory and specify the desired version (this command uses latest):

GOBIN=${HOME}/.config/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator \
go install open-cluster-management.io/policy-generator-plugin/cmd/PolicyGenerator@latest

Build from source

make build

NOTE:

  • This defaults to placing the binary in the Kustomize default plugin directory ${HOME}/.config/kustomize/plugin/. You can change this by exporting KUSTOMIZE_PLUGIN_HOME to a different path.
  • Alternatively, you can run make build-binary to place the binary at the root of the repository and either use it directly from there or move it to the plugin directory to use with Kustomize.

Using the Policy Generator

As a Kustomize plugin

  • Create a kustomization.yaml file that points to PolicyGenerator manifest(s), with any additional desired patches or customizations (see examples/policyGenerator.yaml for an example):

    generators:
  - path/to/generator/file.yaml

  • To use the plugin to generate policies, run the Kustomize build command from any directory with a kustomization.yaml file pointing to PolicyGenerator manifests:

    kustomize build --enable-alpha-plugins

NOTE: To enable Helm processing when passing a Kustomize directory into the generator, set the environment variable POLICY_GEN_ENABLE_HELM to "true". If the Helm directory is outside of the Kustomize path, you may set the environment variable POLICY_GEN_DISABLE_LOAD_RESTRICTORS to "true".

As a standalone binary

In order to bypass Kustomize and run the generator binary directly, change to the directory of PolicyGenerator manifest(s) and run the binary with the manifest(s) as the input arguments:

path/to/PolicyGenerator <path/to/file/1> ... <path/to/file/n>

For example:

make build-binary # This places the binary at the root of the repo, so this is optional if it was done previously
cd examples
../PolicyGenerator policyGenerator.yaml

NOTE:

  • To print the trace in the case of an error, you can add the --debug flag to the arguments.
  • To enable Helm processing when passing a Kustomize directory into the generator, set the environment variable POLICY_GEN_ENABLE_HELM to "true". If the Helm directory is outside of the Kustomize path, you may set the environment variable POLICY_GEN_DISABLE_LOAD_RESTRICTORS to "true".

Additional Policy Generator references

FAQs

Package last updated on 28 Feb 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm

Security News

Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm

Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.

By Philipp Burckhardt  -  Nov 14, 2025
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover

Research

/

Security News

Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover

A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.

By Kirill Boychenko  -  Nov 12, 2025