Profile uses OPA (Open Policy Agent) to centralize operational, security, and compliance.
Accessing the page you can see the overview of all created profiles with selected rules and associated projects.
Each profile can be:
/
Un/lock profile – if you lock the profiles, you can’t use them for new Project, edit or delete them
Delete – delete non-used and unlocked profiles
Update Profile – update policy profile
Make default – choose profile which will be then filled during project creation, lighter color indicates selected credentials
Add Policy Profile #
Name – choose name for the profile
Features:
- Forbid NodePort
- Forbid http ingresses
- Require Probe
Add:
- Allowed Repositories
- Forbid Specific Tags
- Ingress Whitelist
Add Profile to the Project #
You can add the profile during project creation – choosing from drop down selection.
Enforce Policies after the project is created. You can disable it the same way.
Warning
Please keep in mind that namespaces monitoring, velero and kube-system violate these policies.
