Skip to main content

Overview of Cluster Policies

introduction to cluster policies

What are cluster policies?

A cluster policy enforces security and configuration standards across Kubernetes clusters managed by Wayfinder. These policies ensure that your clusters remain secure, efficient, and aligned with best practices.


How are Cluster Policies implemented?

Cluster policies are implemented using Kyverno, a Kubernetes policy engine that validates, mutates, and generates Kubernetes resources according to custom policies.


When should I create custom cluster policies?

You can create custom cluster policies when Wayfinder's default cluster policies do not meet your specific needs.


How do cluster policies fit in with the rest of Wayfinder?

Cluster policies are an essential part of Wayfinder's security management framework. While they are not part of the self-service cluster provisioning process itself, they ensure that Wayfinder-managed clusters remain secure and compliant across all operations.

For more information, use the diagram below to explore each step of the self-service cluster provisioning process.

Wayfinder concepts for creating a cluster provisioning specification


Self-Service Cluster Creation Process

Administrators, workspace owners, or members initiate the self-service cluster creation process by specifying the cluster's provisioning specifications. These specifications can be used to provision the cluster directly via Wayfinder's CLI or User Interface, or indirectly through your CI pipeline.


Creating a Self-Service Cluster Provisioning Specification

Creating a cluster provisioning specification involves:

  • Specifying a Cloud Access: This specification enables Wayfinder to access the cloud provider with the necessary permissions to manage and provision clusters.
  • Specifying a Cluster Plan: A cluster plan includes:
  • Compute Templates (Optional): Pre-defined specifications for various compute instance (node pool) configurations, such as high-performance or low-cost options, to accelerate cluster creation in workspaces.
  • Provisioning Policies: Enforces limits on self-service clusters such as cost restrictions, regions or permitted instance types.

Configuring Additional Policies

Cluster Access Policies and Cluster Policies are key to managing security, compliance, and access control within Wayfinder-managed clusters. Although these policies are not part of the self-service provisioning process itself, they are fully visible and configurable by administrators, enabling tailored management of permissions and governance as part of your overall cluster management strategy.

  • Cluster Policies (Optional): Uses Kyverno to define and enforce security and compliance rules for cluster management and control.
  • Cluster Access Policies: Grants users the right to gain short-lived access to a cluster themselves, or to assign permanent access to an access token.

This section focuses on cluster policies.


What comes next?