Skip to main content

Overview of Provisioning Policies

introduction to provisioning policies

What are provisioning policies?

A provisioning policy sets controls for self-service cluster configurations, including the permitted compute instance settings.


When should I create Provisioning Policies?

Add provisioning policies when you need to control the regions where users can self-serve clusters, limit the scale of clusters, specify which instance types they can use, and set a maximum estimated cost for clusters.


How do provisioning policies fit in with the rest of Wayfinder?

Provisioning policies are part of Wayfinder's broader process flow for creating Wayfinder-managed Kubernetes clusters as part of the developer self-service process. Below is a brief overview of the different process flow parts in Wayfinder that are used to create the cluster provisioning specification.

Wayfinder concepts for creating a cluster provisioning specification


Self-Service Cluster Creation Process

Administrators, workspace owners, or members initiate the self-service cluster creation process by specifying the cluster's provisioning specifications. These specifications can be used to provision the cluster directly via Wayfinder's CLI or User Interface, or indirectly through your CI pipeline.


Creating a Self-Service Cluster Provisioning Specification

Creating a cluster provisioning specification involves:

  • Specifying a Cloud Access: This specification enables Wayfinder to access the cloud provider with the necessary permissions to manage and provision clusters.
  • Specifying a Cluster Plan: A cluster plan includes:
  • Compute Templates (Optional): Pre-defined specifications for various compute instance (node pool) configurations, such as high-performance or low-cost options, to accelerate cluster creation in workspaces.
  • Provisioning Policies: Enforces limits on self-service clusters such as cost restrictions, regions or permitted instance types.

Configuring Additional Policies

Cluster Access Policies and Cluster Policies are key to managing security, compliance, and access control within Wayfinder-managed clusters. Although these policies are not part of the self-service provisioning process itself, they are fully visible and configurable by administrators, enabling tailored management of permissions and governance as part of your overall cluster management strategy.

  • Cluster Policies (Optional): Uses Kyverno to define and enforce security and compliance rules for cluster management and control.
  • Cluster Access Policies: Grants users the right to gain short-lived access to a cluster themselves, or to assign permanent access to an access token.

This section focuses on provisioning policies.


What comes next?