Documentation

Policy Profiles

Profile uses OPA (Open Policy Agent) to centralize operational, security, and compliance.

Accessing the page you can see the overview of all created profiles with selected rules and associated projects.

Policy Profiles
Figure.1: Policy Profiles

Each profile can be:

lock/unlock Un/lock profile – if you lock the profiles, you can’t use them for new Project, edit or delete them

delete Delete – delete non-used and unlocked profiles

edit Update Profile – update policy profile

make default Make default – choose profile which will be then filled during project creation, lighter color indicates selected credentials

Add Policy Profile #

Add Policy Profile
Figure.2: Add Policy Profile

Name – choose name for the profile

Features:

  • Forbid NodePort
  • Forbid http ingresses
  • Require Probe

Add:

  • Allowed Repositories
  • Forbid Specific Tags
  • Ingress Whitelist

Add Profile to the Project #

You can add the profile during project creation – choosing from drop down selection.

Add Policy during Project creation
Figure.3: Add Policy during Project creation

Enforce Policies after the project is created. You can disable it the same way.

Add Policy after Project is created
Figure.4: Add Policy after Project is created

Warning

Please keep in mind that namespaces monitoringvelero and kube-system violate these policies.

What are your feelings