policy-controller
Definition
A policy-controller is a component within a cloud-native environment, such as Kubernetes, that enforces security and compliance policies across resources. It operates by evaluating resource configurations against predefined rules and either allowing or denying changes based on compliance with these rules. Policy-controllers help maintain security posture by ensuring that only compliant configurations are deployed in the environment.
Secure Settings Example
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: restrict-image-registries
spec:
rules:
- name: only-allow-trusted-registries
match:
resources:
kinds:
- Pod
validate:
message: "Images must be pulled from trusted registries."
pattern:
spec:
containers:
- image: "trusted.registry.com/*"
Insecure Settings Example
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: allow-any-image
spec:
rules:
- name: allow-all-registries
match:
resources:
kinds:
- Pod
validate:
message: "Allow any image registry."
pattern:
spec:
containers:
- image: "*"