A repository that aggregates policies from multiple OpenShift compliance products. The goal of the repository is to help achieve compliance with global OpenShift security standards, both in standalone OpenShift environments, and in multi cluster OpenShift environments.
The repository provides a framework for organization to build and use pre-configured policies. Using the provided policies, an organization is able to create a fine grained compliance standard in an environment based on OpenShift clusters.
The repository structure is based on security controls which are presented in the next OpenShift compliance document - OCP 4.x Platform &Infrastructure Security Best Practices.
The compliance to the standard is achieved by using the next tools -
The repository's structure devides policies into one of the three mentioned above products. Each product's policies are devided into multiple compliance controls:
- authentication-user-management
- authorization
- etcd-security
- infrastructure-general
- monitoring-observability
- networking
- resource-exhaustion
- storage
- trusted-image-sources
Each product has a different method of deploying policies. Make sure that you follow the product's guidelines regarding proper deployment of policies.
Not all compliance controls have a corresponding policy. The policy development status can be found at - Compliance Automation Sheets
If you would like to write a policy to the repository, make sure to fork the main repository, and commit your changes in your local repository. Afterwards, create a pull request according to the Contribution Document.