Overview of Creating Cluster Policies
< overview | cluster policy create workflow
Creating a cluster policy involves several sections which you must follow in order. Key points for each section are described below:
Details
- Identification and Description: Use clear and concise names and descriptions to help your team quickly grasp the policy's purpose and configuration.
- Type: We use Kyverno as the policy engine. It enables the validation, mutation, and generation of Kubernetes resources based on your custom policies.
Scope
Scoping a cluster policy offers these benefits:
- Workspaces: Scope policies to specific developer workspaces to address their unique requirements.
- Stages: Ensure consistent security across clusters within a stage such as production and non-production.
- Labels: Use cluster labels for fine-grained policy application.
Policy Settings
Provide the YAML of your Kyverno policy, and it will be enforced based on the scope you specified. This enables the implementation of policies that validate, mutate, or generate Kubernetes resources according to your custom requirements. For more information and examples, see Kyverno.
Review Configuration Summary
Review a summary of the configuration you've specified and make any amendments as needed.
Apply the YAML
View and download the YAML and then apply it using Wayfinder's CLI or via your CI system. Alternatively, you can instruct Wayfinder to apply the YAML immediately.