Create a template in the Tanzu Mission Control console that you can use to apply custom policies.
ConstraintTemplate
object, which contains the schema of the constraint and the Rego code that defines how it is enforced.
Tanzu Mission Control provides some sample preconfigured policy templates that you can use as a starting place.
- You can use the
tmc-require-labels
template to enforce labels with a key and optional value on specified Kubernetes resources (for example, ensuring that all pods and namespaces in a cluster have a label with the keyowner
). - You can use
tmc-https-ingress
the template to enforce that all ingress objects created on a cluster havetls
configuration and that theallow-http
annotation set tofalse
.
For more information about defining a ConstraintTemplate
object, see Constraint Templates in the OPA Gatekeeper documentation on GitHub.
Prerequisites
Make sure you have the appropriate permissions to create policy templates.
- To create a policy template, you must be associated with the .admin role or the organization.policytemplate.edit role on the organization.