Magalix KubeAdvisor framework supports Open Policy Agent (OPA) based advisors to check and report best practices of their Kubernetes clusters. You can take the full benefits of OPA without getting into the complexities of OPA setup, deploying policies, and the laborious job of integrating it with their tools.
In KubeAdvisor, each advisor is a logical group for your policies to help you organize them. For example, you can have a group of policies related to network specs, so you will have a “Network Advisor”.
Policies are written in Rego language, and once run against a workload, it either passes as a compliant or violated and will generate an issue and you and your team get to see them in the Issues section under your cluster.
Create new advisor
To create a new advisor, in the left bottom corner, you can click on “KubeAdvisor” to open its page. Once the page load, you can click on “Create New”, then you can enter your Advisor Name, and some description in markdown and click “Create”.
Create new policy
Once you create the advisor, you need to create at least one policy to get the advisor working. You can click on “New New Issue” and fill in the following fields:
- Name for the violation once the policy is violated.
- Description, to help your team members understand what is this policy about.
- Policy Code, which is written in Rego language. That’s where you define what is it that you are validating against, it’s important to notice that you will need to have a violation rule in your code to get any violations.
If you are struggling with policy ideas or their own Rego, please contact us and we sure can help you out and build these policies for you.
- How to solve, which is a markdown text to help your team members solve the violation and have their workloads compliant again.
Once you create a policy, you will start getting recommendations on each workload in your cluster and which ones are violating this policy. Check here to understand KubeAdvisor recommendations.