Create and apply Policies
Create Policy Manually:¶
From two screens you can create/Add Policies.
Add Policy from Cluster Manager Dashboard.¶
-
Log in to Accuknox select
Cluster Manager Dashboard
from the left navigation bar. -
Right Click on any entity such as node and pod.
-
Select
Add Policy
Create Policy from Policy Manager¶
-
Log in to Accuknox and select
Policy Manager
->All Policies
-
On the All Policies page, select
Create Policy
Define basic policy parameters¶
Define the basic parameters of the policy before adding the rules.
-
Policy Name
- Name of the Policy
-
Description
- Description for the Policy
-
Policy Type
-
Policy Type can be Network-Ingress, Network-Egress, and System. Ingress-Policy will apply to all network packets which are entering the endpoint. Egress-Policy will apply to all network packets which are leaving the endpoint. System Policy will restrict behavior at the system level.
-
To set up the network security select policy type to be Network-ingress or Network-egress.
-
-
Namespace
- Namespace will tell in which namespace that policy is going to apply.
-
Default/Node
- This is used to differentiate between Endpoint Selector(default) and Node Selector(Node). It is called Endpoint Selector because it only applies to labels associated with an Endpoint. Node Selector applies to labels associated with a node in the cluster.
-
Labels
- Labels are used to select specified endpoints (in most cases it will be pods) and nodes.
Create/Add Network Policy¶
To set up the network security policies select policy type to be Network-ingress or Network-egress when you define policy type.
select Create/Add Policy
-> Policy type
-> Network-ingress/Network-egress
Create/Add Kubearmor(System) Policy¶
To set up the application security policies select the policy type to be System when you define policy type.
select Create/Add Policy
→ Policy type
-> System
Add Rules¶
Once the Policy has been created, You will be directed to the Add rules screen.
Another way is to select Policy Manager → All Policies. Selecting a policy from All Policies list page will expand the policy details and access +
icon to add rules.
The Add rule interface provides an easy way to add rules to or remove rules from a Policy; Rules will differ based on the policy type you chose.
See also: Policies and Rules