Enable Policy Management with fleet
In this tutorial we’ll cover the basics of how to use Fleet to manage policies on a group of clusters.
Architecture
Fleet’s multi cluster policy management is built on top Kyverno, the overall architecture is shown as below:
Prerequisites
-
Setup Fleet manager following the instructions in the installation guide.
-
Running the following command to create two secrets to access attached clusters.
Create a fleet with pod security policy enabled
Run following command to enable baseline
pod security check:
After a while, we can see the fleet is ready
:
Verify pod security policy
Run following command to create a invalid pod in the fleet:
After a while you can check policy report with following command:
you will see warning message like following:
check pod event:
Apply more policies with fleet application
You can find more policies from Kyverno, and sync to clusters with Fleet Application.
Cleanup
Delete the fleet created
Uninstall fleet manager:
IMPORTANT: In order to ensure a proper cleanup of your infrastructure you must always delete the cluster object. Deleting the entire cluster template with kubectl delete -f capi-quickstart.yaml might lead to pending resources to be cleaned up manually.
Uninstall cluster operator:
Optional, clean CRDs:
Optional, delete namespace:
Optional, unintall cert manager:
Optional, shutdown cluster:
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.