Version: 0.7

View Compliance Packages

note

There is only one default compliance package currently shipped with Kore. Additional compliance packages will be added to Kore in future releases.

Compliance packages address two main concerns:

  • The raw functionality of Kore's policy engine is powerful but comes with a learning curve. As a team administrator, you shouldn't have to make complex decisions about how to implement secure policies. Instead, best practice should be provided by default.
  • Compliance packages can bundle a host of additional features such as OPA policies around in-cluster resources, team behaviour, and roles.

A compliance package encompasses a collection of resources:

  • One or more team roles—an opinionated categorization of how team roles (developers, QA, viewers, etc.) should be laid out
  • A collection of policy plans (roles) that provide templates of policies to be assigned or assumed (see What are policy plans?)
  • A collection of direct policies allowing, for example, team members who have certain team roles to be able to assume certain assumable Policy Plans by default - such as allowing developers to assume namespace.admin on development clusters for their team's namespaces

The policies and policy plans can provide permissions to Kore itself or to the Kore-managed clusters the team owns.

View installed compliance packages#

To view the currently installed packages:

  1. Run kore get compliance.

    If no additional packages were installed, you should only see the default and system embedded ones:

    $ kore get compliance
    TYPE PACKAGE NAME ENABLED AGE
    PolicyPlan default cluster.admin true 12h
    PolicyPlan default clusters.defaults true 12h
    PolicyPlan default kore.admin true 12h
    PolicyPlan default kore.build true 12h
    PolicyPlan default kore.deployment true 12h
    PolicyPlan default kore.viewer true 12h
    PolicyPlan default member.defaults true 12h
    PolicyPlan default namespace.admin true 12h
    PolicyPlan default robot.defaults true 12h
    PolicyPlan default robots.network true 12h
    Policy default assignment.members true 12h
    Policy system assume.admin true 12h
    Policy default assume.members true 12h