Policy Profiles

Automatically enforce, monitor, and remediate policies

Profile uses OPA (Open Policy Agent) to centralize operational, security, and compliance.

Accessing the page you can see the overview of all created profiles with selected rules and associated projects.

Fig. 1: Policy Profiles

Each profile can be:

/ Un/lock profile - if you lock the profiles, you can't use them for new Project, edit or delete them

Delete - delete non-used and unlocked profiles

Update Profile - update policy profile

Make default - choose profile which will be then filled during project creation, lighter color indicates selected credentials

Add Policy Profile

Fig. 2: Add Policy Profile

Name - choose name for the profile

Features:

Forbid NodePort

Forbid http ingresses

Require Probe

Add:

Allowed Repositories

Forbid Specific Tags

Ingress Whitelist

Add Profile to the Project

You can add the profile during project creation - choosing from drop down selection.

Fig. 3: Add Policy during Project creation

Enforce Policies after the project is created. You can disable it the same way.

Fig. 4: Add Policy after Project is created

Please keep in mind that namespaces monitoring, velero and kube-system violate these policies.