Use VMware Tanzu Mission Control to create and apply a custom policy from an existing policy template.
Log in to the Tanzu Mission Control console, go to the Policies page and view the custom policies for the object, as described in View the Policy Assignments for an Object.
- To add a custom policy, you must be associated with the .admin role on that object.
- On the Policies page, click the Custom tab, and then click the Clusters organization view.
- Use the tree control to navigate to and select the object to which you want to apply a custom policy.
- Click Create Custom Policy.
- On the custom policy create form, select the policy template you want to use, and then provide a name for the policy.
- Specify the target resources on which to enforce the policy, and then click Add Resource.
A target resource, identified by a kind and an API group, specifies the Kubernetes API resource on which the policy is enforced.
- Specify parameters for your policy, if defined by the schema of the selected template.
Not all custom policies require parameters. If the selected template does not accept parameters, the Parameters section is not displayed on the form.
- You can optionally provide label selectors to specify particular namespaces that you want to include or exclude for this policy.
For more information about how label selectors work, see Policy-Driven Cluster Management in VMware Tanzu Mission Control Concepts.
- You can optionally select Disable policy enforcement to perform a dry-run test of the policy before enforcing it.
If this option is selected, the policy is not enforce on the cluster, but you do receive alerts for policy violations. You can later edit this policy to re-enable policy enforcement.
- Click Create Policy.