Taikun Documentation
Policy Profiles

Manager | Partner

Overview

Policy Profile uses OPA (Open Policy Agent) to centralize operations, security, and compliance.

When accessing the page, you can see an overview of all created profiles with selected rules and associated Projects.

Figure.1: Policy Profiles

IconAction
/Lock/unlock – only unlocked profiles can be used in Projects
Delete – remove any unlocked profile
Update – edit Policy profile
 Make default – automatically use this profile during Project creation

Add Policy Profile

Figure.2: Add Policy Profile

When adding a new Policy Profile, specify the following parameters:

  • Name – choose a name for the profile
  • Features
    • Forbid NodePort
    • Forbid HTTP ingresses
    • Require Probe
  • Add
    • Allowed Repositories
    • Forbid Specific Tags
    • Ingress Whitelist

Add Profile to a Project

You can add the Profile during Project creation by checking “Add Policy Profile” from the drop-down selection.

Figure.3: Add Policy during Project creation

Enforce Policies after the Project is created. You can disable it the same way.

Figure.4: Add Policy after Project is created
?
Note

Please keep in mind that namespaces Monitoring, Velero, and Kube-system violate these policies

Was it helpful?