Policy Profiles

Automatically enforce, monitor, and remediate policies

Profile uses OPA (Open Policy Agent) to centralize operational, security, and compliance.

Select organization for a better overview of Alerting Profiles.

Accessing the page you can see the overview of all created profiles with selected rules and associated projects.

Fig. 1: Policy Profiles

Each profile can be:

/ Un/lock profile - if you lock the profiles, you can't use them for new Project, edit or delete them

Delete - delete non-used and unlocked profiles

Update Profile - update policy profile

Make default - choose profile which will be then filled during project creation, lighter color indicates selected credentials

Add Policy Profile

Fig. 2: Add Policy Profile

Name - choose name for the profile

Features:

Forbid NodePort

Forbid http ingresses

Require Probe

Add:

Allowed Repositories

Forbid Specific Tags

Ingress Whitelist

Add Profile to the Project

You can add the profile during project creation - choosing from drop down selection.

Fig. 3: Add Policy during Project creation

Enforce Policies after the project is created. You can disable it the same way.

Fig. 4: Add Policy after Project is created

Please keep in mind that namespaces monitoring, velero and kube-system violate these policies.