Chapter 20. Policy and Governance for Kubernetes Clusters
Throughout this book we have introduced many different Kubernetes resource types, each with a specific purpose. It doesn’t take long before the resources on a Kubernetes cluster go from several, for a single microservice application, to hundreds and thousands, for a complete distributed application. In the context of a production cluster it isn’t hard to imagine the challenges associated with managing thousands of resources.
In this chapter, we introduce the concepts of policy and governance. Policy is a set of constraints and conditions for how Kubernetes resources can be configured. Governance provides the ability to verify and enforce organizational policies for all resources deployed to a Kubernetes cluster, such as ensuring all resources use current best practices, comply with security policy, or adhere to company conventions. Whatever your case may be, your tooling needs to be flexible and scalable so that all resources defined on a cluster comply with your organization’s defined policies.
Why Policy and Governance Matter
There are many different types of policies in Kubernetes. For example, NetworkPolicy allows you to specify what network services and endpoints a Pod can connect to. PodSecurityPolicy enables fine-grained control over the security elements of a Pod. Both can be used to configure network or container runtimes.
However, you might want to enforce a policy before Kubernetes resources are even created. ...
Get Kubernetes: Up and Running, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
