Here we can define and review policy definitions and see the compliance state of managed clusters.
Policy example 1
Let’s create a new policy
Identify what sort of Policy you want to create from the supplied templates. We will select
deny network request. This could be used to quarantine a namespace.
This policy stops all traffic to the
default namespace on any cluster with the
environment: Dev label. If you set this
enforce then this will stop you being able to login to the ICP console, so ONLY use
Policy example 2
And another policy where we need to have a namespace called
Prod defined on all clusters where
namespace: Dev is true.
Here is the YAML that this generates.
As we have set this policy to
enforce this will create a
prod namespace on our targeted clusters.
oc get namespace | grep -i prod
prod Active 5m
Create some more policies and then explore the console that is used to give a high level view of the cluster compliance with your defined Policies.
Start with a high level view of the cluster policy compliance.
category look at which clusters are found to be not compliant with named policies.
Finally, look at all of the policy compliance associated with you collection of
PCI compliance policies.