Guide

Security policies

Suggest Edits

Prerequisites

The Kyverno app must be activated to use security policies. If it is not activated, contact a platform administrator user so that they can install it.

About Security Policies

When Security Policies are enabled for the Team, then know that:

  • Team's can only modify policies if the Platform administrator allowed the Team to edit policies (see the Team permissions in the Team Settings)

  • Teams can ask the Platform administrator to adjust the default list of policies for the Team.

  • Some of the policies can be adjusted using Custom Values.

View security policies

To view a list of security policies accessible to your team, click on Security policies in the main menu of the App Platform Console while in the Team view. The resulting table lists each policy alongside the following details:

PropertyDescription
NameThe name of the Security Policy
SeverityThe Severity of the policy. Can be low, medium or high
ActionThe action to take when a policy gets violated. Can be Audit (which is the default) or Enforce

Adjust security policies

  1. Select the Security Policy you like to adjust.

  2. Set the action to Enforce to block Pods from being deployed if the don't comply to the policy.

  3. Change the severity from medium (default) to low or high.

View policy reports

  1. Go to Workloads.

  2. Click on the ArgoCD application for the Workload you want to see the policy report.

  3. In the Application Details Tree you will see a policyreport attached to the ReplicaSet and an admissionreport attached to each Pod.

Updated 3 days ago