Policy Sets

Policy Sets are a collection of individual policies that allow a set of configuration standards to be applied to various objects within the Kubernetes clusters.

Creating a Policy Set

To create a new Policy Set:

1. Go to Policies>Policy Sets. The Policy Sets page is displayed with the details of the existing policy sets.

2. Click on the Add Policy Set button located on the top right-hand corner of the page. The How would you like to create a policy set form is displayed. The page displays two options to create a policy set:
   a. Git - Select this option to create a Policy Set from an existing git repository.
   b. YAML - Select this option to create a Policy Set by uploading YAML files directly.
   

Creating a Policy Set through Git

To create a Policy Set through Git, click on the Git option. The Policy Set form is displayed. In that form:

1. In the Name field, enter a unique name for the Policy Set.
2. Next, specify the time for sync interval in seconds under the Sync Interval (seconds) field. If nothing is specified, the default sync interval will be 300 seconds.
3. Automatically deploy policy changes to the clusters as soon as they are available by clicking on the checkbox beside Auto Deploy Changes?
4. After this, specify the cluster selectors under the Cluster Selector field by adding Match Labels and Match Expressions in the form of key-value pairs.
   a. Add Match Labels by entering the values within the key and value section.
   b. Click on Add item to add mutltiple Match Labels.
   c. Add Match Expressions by entering the values within the key and value section and specifying the operator within the operator section from the drop-down list. The available operator options are In, Not In, Exists, and Does Not Exist. Multiple values for Match Expressions must be comma-separated (e.g., “value1, value2”).
   d. Click on Add Selector to add multiple Match Expressions.
   

Note: In the case of multiple selectors being specified, all the cluster selectors must be satisfied for the Policy Set to be deployed to the cluster.

5. After specifying the cluster selectors, in the Repository field, enter the specific repository to be used.
6. In the Branch field, specify the branch name to be used.
7. In the Path field, enter the GitHub path containing the policy resources.
8. If the repository is private, click on the checkbox beside Private repository. The K8s secrets form will be displayed. In that form:
   a. Enter the name of the namespace under the Namespace field.
   b. Specify the secret under the Secret name field.
   c. Enter the Token Key under the Token Key field.
   
9. After that, determine the repository type by clicking on the radio button beside Policies, Kustomize, and HelmChart.
   a. If selected HelmChart as the repository type, an additional form will be displayed to specify the Helm Customizations in the form of key-value pair.
   b. Enter the values for customization within the key and value section.
   c. Click on Add item to add multiple customizations.
   
10. Finally, click Create. Upon clicking, the Policy Set gets created.

Creating a Policy Set through YAML

To create a Policy Set through YAML:

1. Click on the YAML option. The Policy Set form is displayed.
2. In the Name field, enter a unique name for the Policy Set.
3. Click Create. Upon clicking, the Policy Set gets created and the Upload Poilcies section opens.

4. Next, click on the section to upload the YAML policy.
5. After that, click on the Import and Validate Policies button. This will open the Add Policies section, where the policy added is validated and mentioned with a check mark if it passes the validation.

6. Click on the Add Valid Policies button. The Add Clusters section is displayed with the list of available clusters.
7. Choose the cluster/s by clicking the checkbox on which the Policy Set created needs to be deployed.
8. Afterwards, click on the Add Clusters button. A success message is displayed.

9. Finally, click Done.

Viewing a Policy Set

To view a newly created Policy Set:

1. Go to Policies>Policy Sets. The Policy Sets page the existing policy sets along with their details.
2. Click on the Policy Set card that is newly created. The created Policy Set page opens.
3. The Policy Set page contains information on the current policy version, the number of clusters subscribed with the policy set, the number of policies present in the policy set, and the last rollout status.

4. More clusters and policies can be added by clicking on the + button available within the cards. Alternatively, clicking on the Add Cluster button on the top right corner will do the same for adding clusters in the Policy Set.
5. The Policies tab opens by default. It contains information of the policies present in the Policy Set, including the Name of the policy, the Source of the policy, the Scope defined, any associated Namespace, and the Description of the policy.
6. Click on the Clusters and Settings tab to know more information about the subscribed clusters with the Policy Set and the settings of the overall Policy Set.