Adding policies to Base Template Repos

Overview

Base Template Repositories (BTRs) are an excellent way to systematise and enforce configuration standards for your application. You can add Skycap Validation Policy definitions to any BTR to ensure that configuration files (Stencils) generated from that BTR comply with your policies.

Learn about BTRs and Validation Policies

This guide assumes you have a working knowledge of both BTRs and Skycap Validation Policies. Please read our separate guides for both these topics if you're unsure about them.

How to add policies to a BTR

Policies are defined in a BTR via a central templates.json file that sits in the root of the repo.

This is an excerpt from a templates.json file that illustrates the structure of the policies section:

    "policies": [
             {
                "name": "No Port in Services",
                "filename": "no-port-num.cop",
                "description": "Block a port",
                "selector": "kind: Service",
                "tags": [],
                "preferred_sequence": 0
             },
          ],

The same templates.json file is also used to define the Kubernetes templates (Stencils) and any transformations applied to those templates. For more info, please read our guides to these features.

Components of the JSON definition

The Policy section of the templates.json has the following fields:

  • name is the name of the Policy as it will appear in the Skycap UI
  • filename is the name of the Copper policy file in the BTR
  • description is a short description of the policy to help you identify it
  • selector is the Kubernetes selector for the templates to which the policy will apply (e.g. kind: Service)
  • tags is an array of default tags that will be added to policy files generated by this template
  • preferred_sequence determines the default sequence in which this policy will be run, relative to any other policies in the Formation.

Directory structure for policies in BTRs

BTRs must be organized as follows:

  • The templates.json must be placed in the root directory
  • The (Copper) policy files for templates must be placed in a directory named policies
Next
Deploy your first app with Cloud 66