Documentation

Policy Profiles

Profile uses OPA (Open Policy Agent) to centralize operational, security, and compliance.

Select organization for a better overview of Alerting Profiles.

Accessing the page you can see the overview of all created profiles with selected rules and associated projects.

Figure.1: Policy Profiles
Figure.1: Policy Profiles

Each profile can be:

lock/unlock Un/lock profile – if you lock the profiles, you can’t use them for new Project, edit or delete them

delete Delete – delete non-used and unlocked profiles

edit Update Profile – update policy profile

make default Make default – choose profile which will be then filled during project creation, lighter color indicates selected credentials

Add Policy Profile #

Figure.2: Add Policy Profile
Figure.2: Add Policy Profile

Name – choose name for the profile

Features:

Forbid NodePort

Forbid http ingresses

Require Probe

Add:

Allowed Repositories

Forbid Specific Tags

Ingress Whitelist

Add Profile to the Project #

You can add the profile during project creation – choosing from drop down selection.

Figure.3: Add Policy during Project creation
Figure.3: Add Policy during Project creation

Enforce Policies after the project is created. You can disable it the same way.

Figure.4: Add Policy after Project is created
Figure.4: Add Policy after Project is created
?
Warning

Please keep in mind that namespaces monitoring, velero and kube-system violate these policies.

What are your feelings