Overview of Provisioning Policies
What are provisioning policies?
A provisioning policy sets controls for self-service cluster configurations, including the permitted compute instance settings.
When should I create Provisioning Policies?
Add provisioning policies when you need to control the regions where users can self-serve clusters, limit the scale of clusters, specify which instance types they can use, and set a maximum estimated cost for clusters.
How do provisioning policies fit in with the rest of Wayfinder?
Provisioning policies are part of Wayfinder's broader process flow for creating Wayfinder-managed Kubernetes clusters as part of the developer self-service process. Below is a brief overview of the different process flow parts in Wayfinder that are used to create the cluster provisioning specification.
Self-Service Cluster Creation Process
Administrators, workspace owners, or members initiate the self-service cluster creation process by specifying the cluster's provisioning specifications. These specifications can be used to provision the cluster directly via Wayfinder's CLI or User Interface, or indirectly through your CI pipeline.
Creating a Self-Service Cluster Provisioning Specification
Creating a cluster provisioning specification involves:
- Specifying a Cloud Access: This specification enables Wayfinder to access the cloud provider with the necessary permissions to manage and provision clusters.
- Specifying a Cluster Plan: A cluster plan includes:
- Cluster Network Plan: Outlines the network specification for cluster provisioning.
- Wayfinder Packages (Optional): Outlines the specification for each software/service that you want to use for bootstrapping the cluster during provisioning.
- Compute Templates (Optional): Pre-defined specifications for various compute instance (node pool) configurations, such as high-performance or low-cost options, to accelerate cluster creation in workspaces.
- Provisioning Policies: Enforces limits on self-service clusters such as cost restrictions, regions or permitted instance types.
Configuring Additional Policies
Cluster Access Policies and Cluster Policies are key to managing security, compliance, and access control within Wayfinder-managed clusters. Although these policies are not part of the self-service provisioning process itself, they are fully visible and configurable by administrators, enabling tailored management of permissions and governance as part of your overall cluster management strategy.
- Cluster Policies (Optional): Uses Kyverno to define and enforce security and compliance rules for cluster management and control.
- Cluster Access Policies: Grants users the right to gain short-lived access to a cluster themselves, or to assign permanent access to an access token.
This section focuses on provisioning policies.