What is a Policy?
A policy represents a rule or a standard that needs to be applied to specific entities on certain occasions or triggers. For example, an organization needs to enforce having a billing label on all workloads running on Kubernetes clusters and to prevent any workloads that don’t have that label from being deployed to the clusters. In Magalix, once a policy is evaluated against a specific entity it results in either Compliance or Violation Events.
A policy template is a re-usable form of the policy that can be used with different parameters under different conditions. Policy templates consist of the following:
- Template information like name, description, how to resolve, severity, category
- Standards, like PCI DSS, CIS, .etc.
- Parameters definition
- Template Policy Code
There are 2 types of policy templates, Magalix Policy Templates or User Policy Templates.
Magalix Policy Templates
User Policy Templates
These are templates developed and maintained by Magalix internal team and offered through Magalix Policy Library for the users to use with their own policy constraints. The users won’t be able to change or modify these templates.
These are the templates created by the users and will be visible to this user account only. The users should be able to create, modify, or delete their policy templates.
In Magalix, users create policies out of a policy template to enforce specific rules at certain entities under which conditions. A policy definition consists of the following
- Policy template
- Policy name
- Parameters assignment
- Targeted entities
Parameters are how policy templates act as a re-useable policy. These parameters can be used to pass values or keys to the policy template, so they can be customized for different scenarios. Parameters can be in the form of integer, string, boolean, array.
Here we define what entities should we apply the policy on. A policy can target entities within certain clusters, or namespaces, kinds, or labels.