Policy Based Security versus Centralized Policy Management
In HPE Ezmeral Runtime Enterprise, policy-based security and Centralized Policy Management have similar names but separate functions and scopes. The policy-based security feature applies to HPE Ezmeral Data Fabric objects. The Centralized Policy Management feature applies to Kubernetes cluster objects and can manage security policies from a central repository.
The policy-based security feature is separate from the Centralized Policy Management feature of the HPE Ezmeral Runtime Enterprise.
The policy-based security feature applies to HPE Ezmeral Data Fabric objects. A
security-policy server in each of the security-policy Data Fabric clusters enforces the
policies and manages the security-policy metadata in an internal volume named
mapr.pbs.base
.
The Centralized Policy Management feature, in contrast, is the fine-grained control of objects in your Kubernetes cluster, in which you express policies as YAML files (Kubernetes manifests), and apply them on the Kubernetes cluster. These YAML files can then be stored in a repository such as GitHub and applied to cluster objects automatically.
For more information about Centralized Policy Management, see Centralized Policy Management.