Define and implement specialized policies that govern your Kubernetes clusters.

For many aspects of cluster management, VMware Tanzu Mission Control provides specific policies that you can use to enforce rules on your fleet of Kubernetes clusters, such as access policies, image registry policies, and namespace quota policies. However, not all of the aspects that you might want to control are covered by these baseline policies. Custom policies are somewhat open-ended and provide the opportunity to address aspects of cluster management that specifically suit the needs of your organization.

To implement a custom policy, you must first have a template that declaratively defines the structure of the policy. The custom policy template can then be used to create and apply custom policies to your clusters.

Custom policies in Tanzu Mission Control are implemented using the Gatekeeper project from Open Policy Agent (OPA). To create a custom policy template, you use Rego, the policy language of OPA. For more information about Rego, see the OPA Policy Language documentation.