To add an enforcement preset to a Kubernetes hardening policy, perform the following procedure.

Note: This procedure uses the Hardening Policies tab in the Enforce > K8s Policies page. You can alternatively assign an enforcement preset to a rule on the Rules tab.

Procedure

  1. On the left navigation pane, click Enforce > K8s Policies.
  2. Click the Hardening Policies tab.
  3. Click a policy name to edit it or add a new policy. See Create a Kubernetes Custom Rule for Container Images and Edit a Kubernetes Hardening Policy.
  4. Click Next.
  5. On the Add Rules page, locate a rule that has an Enforce option and select Enforce.
    The Enforcement preset dropdown menu displays if the rule requires user input.
  6. To assign a preset to the rule, do one of the following:
    • Select an existing preset from the Enforcement preset dropdown menu.
    • Click Add new preset to create a new preset.
  7. To create a new preset, click Add new preset.
    1. Enter a name for the preset and select the rule-specific fields from the Field dropdown menu.
    2. Select an action from the Action dropdown menu and enter the enforce value.
      To add more fields, click the plus + icon.

      Add enforcement preset to hardening policy

    3. Click Save.
      The newly defined preset displays in the Enforcement preset dropdown menu.
  8. To add the rule to the policy, click the caret Right carat icon to the right of the rule.
  9. Click Next.
    The modified rule appears in the Review Violations section and the rule enforcement preset name is available in the Action column.

    Review Violations page in the Hardening Policy edit/add wizard, showing the Enforce preset

    When a new resource deploys, the system uses the predefined fields for enforcement.

  10. Click Save.