Policy Controller enables the enforcement of fully programmable policies for your clusters. These policies act as "guardrails" and prevent any changes to the configuration of the Kubernetes API from violating security, operational, or compliance controls.
Take advantage of a Git repository to create a common configuration that can be applied to the Kubernetes clusters in your fleet. You can manage configuration for any Kubernetes API, including policies for the Istio service mesh, resource quotas, and access control policies.
Roll out configs to clusters all over the globe, ensuring that your desired state is quickly reflected and actively maintained. Policy Controller comes with a full library of pre-built policies for common security and compliance controls.
Prevent pushing bad configurations with built-in validators that review every line of code for valid syntax and conformance with custom policies—before it gets to your repository.
Common configuration formats
Easily migrate existing definitions with native Kubernetes configuration formats, such as YAML or JSON, to store your multi-cluster policies.
Bring the power of source control to config management
Stage your configuration changes in separate branches, collaborate on code reviews, and easily revert clusters to their last healthy state.
Flexibly configure different policies for groups of clusters or namespaces. For example, you can apply different quota levels to staging versus production resources.
Apply custom rules
Write and apply custom rules not covered by native Kubernetes configuration objects to meet your organization’s unique security and compliance requirements. Custom rules allow you to inspect updates to your Anthos infrastructure and reject changes that don’t comply with your policies.
Active monitoring and auditing
Prevent configuration drift with continuous monitoring of your cluster state, using the declarative model to apply policies that enforce compliance. Continuously audit your Anthos environment to identify clusters that don’t follow your organization’s custom rules.
A single place for resource configuration
Manage the configuration of Google Cloud resources and services, like Cloud Storage or Identity and Access Management, from within Anthos Config Management through its Config Connector integration.
Policy Controller brings a ready-to-use library of pre-built policies for the most common security and compliance controls. You can establish a secure baseline easily without deep expertise and Anthos Config Management applies these policies across platforms.