Creating a Cluster Policy Using Legacy Policy Method

Create Policy enables the Infosec teams / PKI administrators to create, define, and enforce policies for one more cluster managed in the inventory.
Note: The certificate automations (creation, renewal, etc.) initiated from a specific cluster must adhere to the policy parameters outlined in this policy inventory. Any cluster that is not a part of or does not align with the Cluster Policy will be denied certificate automations.
Prerequisites:

To create a cluster policy:

  1. Go to menu > KUBE+ > GROUPS & POLICIES > Cluster Policy
    On the Cluster Policy page, the created policies are displayed, if any.
  2. Click +Create Policy in the command bar.
    The Cluster Policy popup window opens.
  3. Under the Legacy Policy section, click +Create Policy.
  4. Enter/select the policy information.
    Table 1. Policy Details - Field and Description Table
    Field Description
    Policy Name* Enter a unique policy name to be associated with one or more clusters.
    Description Optionally, provide a brief description of the policy for clarity and reference.
    *: Mandatory fields
    Table 2. CA Details - Field and Description Table
    Field Description
    Type* Select a type from the dropdown list. The options are:

    • Cluster Wide - Cluster wide global policy.

    • Namespace Wide - Policy to be applied for a specific namespace or a project within a cluster.
    Certificate Group* Select a certificate group from the dropdown list.
    Associate CA Policy* The CA Policy associated with the selected certificate group will be automatically populated in the dropdown. Please select the appropriate policy from this list.
    Certificate Authority Select a Certificate Authority from the dropdown list.
    CA Settings Select the CA Settings from the dropdown list.
    *: Mandatory fields
    Define the CA Issuer to be used for certificate issuance for the cluster as follows:
    1. Click +Add to add CA settings.
    2. In the Add CA Setting page, enter the CA setting details.
      Table 3. CA Setting - Field and Description Table
      Field Description
      General Information
      CA Setting Name Enter name for the CA Settings.
      Certificate Group* Select a certificate group from the dropdown list.
      Associate CA Policy* The CA Policy associated with the selected certificate group will be automatically populated in the dropdown. Please select the appropriate policy from this list.
      Certificate Authority Setting
      Certificate Authority Select a Certificate Authority from the dropdown list.
      CA Account* Select a CA account from the dropdown list.
      Connector Name Enter connector name.
      Category* Select a category from the dropdown list. The options are:
      • Server
      • Client
      *: Mandatory fields
    3. Click Add.

      The CA setting will be added into the table. After adding it cane be modified as needed.

    Table 4. Discovery Settings - Field and Description Table
    Field Description
    Namespace Exclusion

    Upon entering the namespace name or regex, and pressing Enter, the namespaces are added to the exclusion list and will be omitted from certificate discovery. The Server Certificate inventory will not display certificates from excluded namespaces.
    *: Mandatory fields
  5. Click Save.
    The cluster policy is added to the Cluster Policy inventory.
Related Information