taikun.cloud

Taikun Logo

Documentation

Policy Profiles

Manager | Partner

Overview #

Policy Profile uses OPA (Open Policy Agent) to centralize operations, security, and compliance.

When accessing the page, you can see an overview of all created profiles with selected rules and associated Projects.

Figure.1: Policy Profiles

IconAction
/Lock/unlock – only unlocked profiles can be used in Projects
Delete – remove any unlocked profile
Update – edit Policy profile
 Make default – automatically use this profile during Project creation

Add Policy Profile #

Figure.2: Add Policy Profile

When adding a new Policy Profile, specify the following parameters:

  • Name – choose a name for the profile
  • Features
    • Forbid NodePort
    • Forbid HTTP ingresses
    • Require Probe
  • Add
    • Allowed Repositories
    • Forbid Specific Tags
    • Ingress Whitelist

Add Profile to a Project #

You can add the Profile during Project creation by checking “Add Policy Profile” from the drop-down selection.

Figure.3: Add Policy during Project creation

Enforce Policies after the Project is created. You can disable it the same way.

Figure.4: Add Policy after Project is created
?
Note #

Please keep in mind that namespaces Monitoring, Velero, and Kube-system violate these policies

Was this article helpful?
taikun-logo-icon

Explore Taikun CloudWorks in 2 Minutes!