Policy Controller, part of Anthos Config Management, is a Kubernetes dynamic admission controller that checks, audits, and enforces your clusters' compliance with policies related to security, regulations, or arbitrary business rules.
Policy Controller is based on the open source Open Policy Agent Gatekeeper project. Gatekeeper policies are defined using two separate resource types: Constraint
s and ConstraintTemplate
s. Having two distinct resource types allows for separation of policy definition (ConstraintTemplate
) from policy enforcement (Constraint
).
Policy Controller comes with a library of ConstraintTemplate
s for common security and compliance controls.
This repository contains sample Constraint
s which make use of Policy Controller's ConstraintTemplates
to demonstrate how you might configure policy enforcement on your own cluster.
- ASM Policy v0.0.1
- CIS Kubernetes v1.5.1
- Pod Security Policy v2022
- Pod Security Standards Baseline v2022
- Policy Essentials v2022
Anthos Policy Bundles may only be used on an Anthos cluster, including any associated ci/cd use. “Anthos cluster” is defined as “A Cluster (of any kind) registered to a fleet project where the Anthos API is enabled”.