With cluster-managed policies, you can define the Container Security policies and
runtime
rulesets as custom resources in a yaml file. These custom resources can be managed
with version
control and deployed to the cluster with the CI/CD or GitOps workflow with other Kubernetes
manifest files.
Cluster-managed policies are defined in their source code as Container Security policy
and
ruleset custom resources and are read-only to users in the Vision One console after
being
created.
 |
NoteAllow policy drift enables you to modify the policy rules for your cluster-managed policies, which could
potentially lead to policy inconsistencies. This option can only be enabled in the
Trend Vision One console and should primarily be used in situations when an immediate
policy adjustment is required. Enable Allow policy drift in .
|
To use cluster-managed policies, create the cluster policy and runtime ruleset custom
resources
in your cluster. To disable cluster-managed policies, delete the cluster policy and
runtime
ruleset custom resources. Only the policy operator can create or disable cluster-managed
policies, which simplifies policy management and ruleset assignment. For more information,
see
Enabling cluster-managed policies.