To create an advanced Kubernetes custom rule, use a YAML file to describe MAPL rules for Kubernetes resources and applicable conditions.

MAPL rules in YAML format give more specificity in how you can configure a custom rule for a Kubernetes environment.

Prerequisites

To successfully configure an advanced custom rule, you must have the YAML file written in MAPL language that is applicable for your Kubernetes environment.

Procedure

  1. On the left navigation pane, click Enforce > K8s Policies.
  2. Click the Rules tab.
  3. Click Add Rule.
  4. Define the rule.
    1. Enter a unique custom rule name and a description.
    2. Select Advanced - MAPL access control rule (YAML format) as the rule criteria.
    3. Click Next.
  5. Enter YAML code in the text area or click Import to import a YAML file.
    Note:
    • The YAML file must include one-attribute conditions, using logical operands, which are tested against the Kubernetes configuration data.
    • The attribute is a JSONpath.
    • The method is one of the following (the value is a fixed value):
      EQ - equal EX - exists GE - greater than or equal to
      GT - greater than IN - in list of values [val1,val2,val3,...] LE - lower than or equal to
      LT - lower than NE- not equal NEX - not exists
      NIN - not in list of values [val1,val2,val3,...] NRE - does not match a regular expression RE - matches a regular expression
    For example:

    YAML code example for configuring an Advanced Kubernetes rule

    See MAPL (Manageable Access-control Policy Language) (external link).

  6. Click Next.
  7. On the Confirm Rule page, review the summary of the rule criteria and the matching Kubernetes resources and click Save.