aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
  • Tools
  • About
  • Multi-Cloud
  • Public Cloud
  • Software Engineering

Policy Controller Dashboard: Now Available For All Anthos And GKE Environments

  • aster_cloud
  • May 18, 2023
  • 3 minute read

Customers using Kubernetes at scale need consistent guardrails for how resources are used across all their environments to improve their security, resource management and flexibility, and to achieve faster time-to-market and better operational efficiency. 

At the same time, customers tell us they need an easy way to apply and view those policy guardrails, including enforcement status, violations and remediation recommendations for their fleet of clusters. In January 2023, we launched the Policy Controller dashboard along with out-of-the-box policy bundles. And now, the Policy Controller dashboard is available for all Google Kubernetes Engine (GKE) and Anthos environments (i.e., on-premises, multi-cloud and attached clusters) and includes a powerful flow to help remediate violations.


Partner with aster.cloud
for your next big idea.
Let us know here.


cyberpogo

Policy Controller lets you enforce fully programmable policies for your cluster resources that act as “guardrails” and prevent any changes from violating security, operational, or compliance controls. Policy Controller can help accelerate your application modernization efforts by helping developers release code quickly and safely. Here are some examples of policies that you can audit or enforce with Policy Controller: 

  • All container images must be from approved repositories
  • All ingress hostnames must be globally unique
  • All pods must have resource limits
  • All namespaces must have a label that lists a point-of-contact
  • Resources running on my fleet of clusters should be CIS-K8s benchmark-compliant
  • Resources running on my fleet of clusters should be PCI-DSS benchmark-compliant

The Policy Controller dashboard

With the Policy Controller dashboard, meanwhile, platform and security admins can:

  • Get an at-a-glance view for the state of all the policies applied to the cluster fleet, including enforcement status (dryrun, warn, or enforced)
  • Easily troubleshoot and resolve policy violations by referring to opinionated recommendations for each violation
  • Get visibility into the compliance status of cluster resources
Read More  Discover Why Leaders Need To Upskill Teams In ML, AI And Data

The Policy Controller dashboard is designed to be user-friendly and intuitive, making it easy for users of all skill levels to manage and monitor violations for their fleet of clusters, with a centralized view of policy violations that they can act on if necessary.

https://storage.googleapis.com/gweb-cloudblog-publish/images/blog-image-1_S9Uu51u.max-1500x1500.png

The circular “donuts” on the dashboard above show you the state of policies across all environments, including Policy Controller’s overall install status, any clusters that are in violation, and the total policies applied across the fleet of clusters. Enforcement action shows if you are just auditing your resources against policies or enforcing the policies at admission time on your clusters. 

The bottom part of the Policy Controller dashboard page shows the coverage for each policy bundle for your fleet, breaking it down into percentage of resources that are compliant or in violation with this bundle:

  • A fully grayed-out bar implies that the bundle is not applied to this fleet of clusters. If the bar is partially grayed-out, it means that the bundle has not been applied to one or more clusters in the fleet.
  • If one or more bundles are applied, overall compliance for your resources is calculated against the bundle. The blue portion of the bar shows the resources that are in compliance with the policy, while orange represents the violations. 

For each bundle, you can click on the violations link, which will take you to the detailed Violations tab depicted in the image below.

https://storage.googleapis.com/gweb-cloudblog-publish/images/blog-image-2.max-1700x1700.png
The new Violations tab makes it easy to view and understand policy violations in your environment.

The Violations tab lets you filter violations based on things like cluster, bundle, or resource type. Furthermore, you can now group violations by constraint and namespace to help different user personas do their jobs more efficiently. From either one of the groupings, users can click on the constraint link which will show the Constraint view as shown below.

https://storage.googleapis.com/gweb-cloudblog-publish/images/blog-image-3.max-1500x1500.png
The Constraint details tab shows the remediation action and constraint yaml.

The Constraint details tab describes the constraint, and shows the recommended action to fix the violations against the constraint and affected resources. You can also view the constraint’s YAML as it exists on your clusters. The affected resources tab lists all the resources that are in violation of the constraint with a detailed error message as shown in the image below.

https://storage.googleapis.com/gweb-cloudblog-publish/images/blog-image-4.max-1600x1600.png
The Affected Resources tab showing the resources in violation.

Get started today

We continue to invest in building out fully managed Policy features for GKE and Anthos, focusing on ease-of-use, out-of-the-box content, and a more integrated Google Cloud experience. To get started with Policy Controller, simply install Policy Controller and try applying a policy bundle to audit your fleet of clusters against a standard such as the CIS Kubernetes benchmark. You can also try Policy Controller to audit your cluster against the Policy Essentials bundle. Stay tuned to learn more about the latest features in Policy Controller in our next blog post, and we hope you join us at Next ’23 to learn more.

Read More  Principles For Designing And Deploying Scalable Applications On Kubernetes

By Poonam Lamba Product Manager, Google Cloud
Originally published at Google Cloud

Source: Cyberpogo


Our humans need coffee too! Your support is highly appreciated, thank you!

aster_cloud

Related Topics
  • Anthos
  • GKE
  • Google Cloud
  • Kubernetes
  • Policy Controller
You May Also Like
View Post
  • Computing
  • Design
  • Engineering
  • Multi-Cloud

Amazing Federated Multicloud Apps

  • June 2, 2023
View Post
  • Programming
  • Software Engineering
  • Technology

Build a Python App to Alert You When Asteroids Are Close to Earth

  • May 22, 2023
View Post
  • Data
  • Public Cloud

Cloud Data Loss Prevention’s Sensitive Data Intelligence Service Is Now Available In Security Command Center

  • May 18, 2023
View Post
  • Containers
  • Public Cloud
  • Software
  • Software Engineering

How To Easily Migrate Your Apps To Containers — Free Deep Dive And Workshop

  • May 18, 2023
View Post
  • Design
  • Engineering
  • Public Cloud

Kubernetes Costs Less, But Less Than What?

  • May 18, 2023
View Post
  • Public Cloud
  • Software

Best Practices For Monetizing Cloud-based Technology And 5G Networks

  • May 15, 2023
View Post
  • Public Cloud
  • Software

New Cloud Deploy Features Make Application Deployment Even More Efficient

  • May 15, 2023
View Post
  • Public Cloud
  • Software
  • Tech

Accelerate Smart Transformation To SAP S/4 HANA With Tata Consultancy Services Precast, Now For Google Cloud

  • May 15, 2023

Stay Connected!
LATEST
  • 1
    Building A Kubernetes Platform: How And Why To Apply Governance And Policy
    • June 4, 2023
  • 2
    Leave, This “United” “Kingdom”, This “Great” “Britain”
    • June 4, 2023
  • 3
    Amazing Federated Multicloud Apps
    • June 2, 2023
  • 4
    What’s The Future Of DevOps? You Tell Us. Take The 2023 Accelerate State Of DevOps Survey
    • June 2, 2023
  • 5
    Resolving Deployment Issues With Ts-node And Azure Development Pipelines
    • June 1, 2023
  • 6
    What To Expect From Apple’s WWDC 2023
    • June 1, 2023
  • 7
    What Is Platform Engineering And Why Adopt It In Your Company?
    • June 1, 2023
  • 8
    Four Steps To Managing Your Cloud Logging Costs On A Budget
    • May 31, 2023
  • 9
    Red Hat Puts Podman Container Management On The Desktop
    • May 30, 2023
  • 10
    The Agile Mindset: A Path to Personal Fulfillment and Growth
    • May 30, 2023
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • 1
    Huawei ICT Competition 2022-2023 Global Final Held In Shenzhen — 146 Teams From 36 Countries And Regions Win Awards
    • May 27, 2023
  • 2
    Huawei OceanStor Pacific Scale-Out Storage Tops IO500 Rankings
    • May 26, 2023
  • 3
    MongoDB And Alibaba Cloud Extend Global Partnership
    • May 25, 2023
  • 4
    Tricentis Launches Quality Engineering Community ShiftSync
    • May 23, 2023
  • 5
    G7 2023: The Real Threat To The World Order Is Hypocrisy.
    • May 27, 2023
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.