Skip to main content

Define a Policy

For Kubernetes systems, you can start defining policies by selecting from built-in rules that you can configure and deploy.

The built-in rules enable you to implement common security recommendations with little or no configuration. If any configuration is required, the built-in rules provide simple parameters that you can customize to suit your organization and operational goals.

info

You can always write your own custom rules, if required. This tutorial, however, illustrates how to configure and deploy a built-in rule. In this case, the built-in rule prevents administrators, developers, and operators from deploying ingress that may cause a conflict.

To configure the built-in rule:

  1. Under Systems in the left navigation panel, expand the system you added in Add a System.

  2. Expand Validating or Mutating, then select Rules.

  3. Click Add rule in the top section of the right pane.

  4. Start typing ingress to display the list of rules related to Ingresses.

  5. Select the Ingresses: Restrict Hostnames rule.

    Now, you have created a draft policy that is placed in Not configured mode.When making changes to systems, it is generally considered a best practice to evaluate the impact of the change before enforcing it. Change your drafted policy to Monitor mode, but do not publish the change yet. This will allow you to evaluate the effect of the policy before enforcing it.

  6. Finally, add the hostPaths .foo.com hooli.com in parameters (allow text box under the rule).