apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
  generation: 2
  name: argo-example
  namespace: open-cluster-management-global-set
spec:
  disabled: false
  policy-templates:
    - objectDefinition:
        apiVersion: policy.open-cluster-management.io/v1
        kind: ConfigurationPolicy
        metadata:
          name: example-namespace
        spec:
          object-templates:
            - complianceType: musthave
              objectDefinition:
                apiVersion: v1
                kind: Namespace
                metadata:
                  name: example
          remediationAction: inform
          severity: low
    - objectDefinition:
        apiVersion: policy.open-cluster-management.io/v1
        kind: ConfigurationPolicy
        metadata:
          name: example-pod
        spec:
          namespaceSelector:
            exclude:
              - kube-*
            include:
              - default
          object-templates:
            - complianceType: musthave
              objectDefinition:
                apiVersion: v1
                kind: Pod
                metadata:
                  name: foobar
                spec:
                  containers:
                    - image: 'registry.redhat.io/rhel9/httpd-24:latest'
                      name: httpd
                      securityContext:
                        allowPrivilegeEscalation: false
                        capabilities:
                          drop:
                            - ALL
                        privileged: false
                        runAsNonRoot: true
          remediationAction: inform
          severity: low
  remediationAction: inform
status:
  compliant: NonCompliant
  placement:
    - placement: argo-example-placement
      placementBinding: argo-example-placement
  status:
    - clustername: local-cluster
      clusternamespace: local-cluster
      compliant: NonCompliant
    - clustername: managed
      clusternamespace: managed
      compliant: NonCompliant