Policy Profiles
Automatically enforce, monitor, and remediate policies
Profile uses OPA (Open Policy Agent) to centralize operational, security, and compliance.
Select organization for a better overview of Alerting Profiles.
Accessing the page you can see the overview of all created profiles with selected rules and associated projects.

Each profile can be:
/
Un/lock profile - if you lock the profiles, you can't use them for new Project, edit or delete them
Delete - delete non-used and unlocked profiles
Update Profile - update policy profile
Make default - choose profile which will be then filled during project creation, lighter color indicates selected credentials
Add Policy Profile

Name - choose name for the profile
Features:
Forbid NodePort
Forbid http ingresses
Require Probe
Add:
Allowed Repositories
Forbid Specific Tags
Ingress Whitelist
Add Profile to the Project
You can add the profile during project creation - choosing from drop down selection.

Enforce Policies after the project is created. You can disable it the same way.

Please keep in mind that namespaces monitoring, velero and kube-system violate these policies.
Last updated
Was this helpful?