Version: 0.17.0

Policy CRD

This is the main resource and it is used to define policies which will be evaluated by the policy agent.

It uses OPA Rego Language to evaluate the entities.

Policy Library

Here is the Weaveworks Policy Library

Tenant Policy

It is used in Multi Tenancy feature in Weave GitOps Enterprise

Tenant policies has a special tag tenancy.

Mutating Resources

Starting from version v2.2.0, the policy agent will support mutating resources.

To enable mutating resources policies must have field mutate set to true and the rego code should return the violating_key and the recommended_value in the violation response. The mutation webhook will use the violating_key and recommended_value to mutate the resource and return the new mutated resource.

Example

result = {
    "issue_detected": true,
    "msg": sprintf("Replica count must be greater than or equal to '%v'; found '%v'.", [min_replica_count, replicas]),
    "violating_key": "spec.replicas",
    "recommended_value": min_replica_count
}

Policy CRD

Policy Library​

Tenant Policy​

Mutating Resources​

Policy Library

Tenant Policy

Mutating Resources