2018 Google cloud new Service launch — “Policy Manager”

*******************************************************************In Google Next 2018 show, Google cloud launched a new Service in Alpha : “Policy Manager”

As a Admin, we want to create Policies and set Policies in all Clusters, from single place.

Features of “Policy Manager”:

• Syncing of Namespaces

From Central dashboard, you can Create & Sync Policies on all Kube clusters (running on Cloud & on Prem) for Namespace level access (actions)

• Role-Based access control Policies
• Secure management of Clusters

******************************************************************

Demo scenario:

We have 3 Kube clusters (us-east, us-central, west)

All policies will be written in a yaml files and stored in Git Repo

Each Policy file will be used to create Policy resource in Kube cluster.

We will create 3 Namespaces in all Clusters.

Namespaces : “orders-dev”, “orders-staging” and “orders-prod”

Dev will have access to only “orders-dev” Namespace

Dev will have Pod-Creater role

Quota policy only for “orders-dev” Namespace

We can set Resource Quota in “orders-dev” NS

Resource Quota will set a limit on Max (CPU, RAM, number of Pods) ? max capacity of Resources in “orders-dev” Namespace.

SRE will have access to all Namespaces (Pod creation allowed) *******************************************************************

Pod Security policy will be set at Pod level. What API Server actions the Pod can call?

*******************************************************************