With cluster-managed policies, you can define the Container Security policies and
runtime
rulesets as custom resources in a yaml file. These custom resources can be managed
with version
control and deployed to the cluster with the CI/CD or GitOps workflow with other Kubernetes
manifest files.
Use cluster-manged policies as part of you policy as code workflow. Cluster-managed
policies are defined in their source code as Container Security policy and ruleset
custom resources and are read-only to users in the TrendAI Vision One™ console after being created.
 |
NoteAllow policy drift enables you to modify the policy rules for your cluster-managed policies, which could
potentially lead to policy inconsistencies. This option can only be enabled in the
TrendAI Vision One™ console and should primarily be used in situations when an immediate policy adjustment
is required. Enable Allow policy drift in .
|
To use cluster-managed policies, create the cluster policy and runtime ruleset custom
resources in your cluster. To disable cluster-managed policies, delete the cluster
policy and runtime ruleset custom resources. Only the helm chart policy operator can
create or disable cluster-managed policies, which simplifies policy management and
ruleset assignment. For more information, see Enabling cluster-managed policies.