Creating a Cluster Policy Using Policy Engine

Use Policy Engine for a smarter, rule-based approach to policy creation. Predefined templates make it quick and easy to create and manage policies.

Prerequisites:

Ensure CA integration is completed.
Ensure you configured organization PKI standards as CA Policy.
Ensure the Group is created.

To create a cluster policy:

Go to (Menu) > KUBE+ > GROUPS & POLICIES > Cluster Policy.
On the Cluster Policy page, the existing policies (if any) are listed.
Click +Create Policy in the command bar.
The Cluster Policy popup opens.
Under the Policy Engine section, click +Create Policy.
In the Welcome to Policy Engine popup, click Get Started.

In the Create Policy window:

Select Kube Cluster Policy from the Policy Type dropdown.

Fill in the policy details:

Table 1. Policy Details - Field and Description Table
Field	Description
*Policy Name	Enter a unique policy name to be associated with one or more clusters. Note: Enter a policy name that can include lowercase alphanumeric and the special characters -.
Description	Optionally, provide a brief description of the policy for clarity and reference.
*Select a Tag	Choose a tag to categorize and manage the policy.
*: Mandatory field

Click Configure Policy.
The Create a Kube Cluster Policy in 3 Simple Steps popup displayed:
- You may close it.
- To avoid seeing it again, check Don’t Show Again, then click Close.

Configuring the Policy as follows:

In the Cluster Rules page:
- A default template is displayed. You can:
  - Use the existing template.
  - Modify and save it.
  - Save it as a new template.
- Templates are listed under Cluster Rule Templates in the right panel.
- Select a template to apply it to your rule.

The field in the Cluster Rules are:

Table 2. Cluster Rules - Field and Description Table
Field	Description
Policy Application Scope	Cluster Wide - Cluster wide global policy. Namespace Specific - Policy to be applied for a specific namespace or a project within a cluster.
Policy Rules	Enable or disable the following rules as needed: Onboarding Rule - Automatically map the policy by evaluating the configured rules when new clusters or namespaces are detected. If not enabled, the policy will not be mapped automatically but still can be mapped manually in KUBE+. Namespace Exclusion for Certificate Discovery - Skip specified namespaces during the certificate discovery process. Off-boarding Rule - Execute defined actions when clusters are removed from KUBE+.

Click Next.
In the Issuance Template page:
- Select a certificate template from the right panel.
- In the Import Issuance Template popup, click Confirm.
- (Optional) Click + Add CA to add more CAs, and fill in the required fields.
Click Next.

(Optional) Configure Notifications as follows:

On the Notification (Optional) page, click + Add Notification.

In the Configure Notification panel, fill in the following:

Notification Settings Tab

Table 3. Notification Settings - Field and Description Table
Field	Description
Recipient	Select recipients. The options are: User Group - select this checkbox and add user groups from the dropdown list. User - select this checkbox and add users from the dropdown list. Email - enter the email address with comma separated.
Delivery Method	Select delivery methods. The options are: *Notify Via - Bydefault Email option is selected. Notify Me - Enable this toggle button to notify you when the policy is executed.

Message Template tab

Table 4. Message Template - Field and Description Table
Field	Description
Email Template	Select a emal template from the dropdown list.
Email Subject	Enter the email subject. You can include variable to replace the value. To know about the variables, click Variables.
Email Content	Enter the email content for the bosy of the email. You can also use variables.

Click Add.

Click Finish.
In the Submit Policy confirmation popup, click Confirm.
The cluster policy is added to the Cluster Policy inventory.

Related Information

Modifying Cluster Policy