Kubernetes policy templates are groups of predefined or custom rules that do not include exceptions.
Predefined rule sets cover the following categories:
Category | Purpose |
---|---|
Command | Limits Kubernetes command-line commands |
Container Images | Identifies vulnerabilities in container images |
CRD | Limits usage of custom resources |
Custom | All custom rules that exist in the system |
Network | Ensures that service types are not exposed outside of Kubernetes |
Quota | Establishes CPU and memory quotas |
RBAC | Limits new roles with extensive privileges |
Volume | Limits access to data |
Workload Security | Rules based on the Kubernetes security configuration. See Pod Security Standards (external link). |