►
From YouTube: VMware Cloud PKS (Formerly VMware Kubernetes Engine, or VKE) demo with basics of policy framework
Description
VMware Cloud PKS (Formerly VMware Kubernetes Engine, or VKE) demo showing the basic steps on how to set up a policy framework for new users and clusters.
A
Vm
accompanies
engine,
has
a
resource,
centric
policy
model
that
is
hierarchical
in
nature
and
lets.
It
operators
provide
more
granular
access
to
resources.
It
has
a
global
governance
policy
that
can
be
applied
to
regional
resources.
Like
smart
clusters,
policies
applied
at
the
root
of
the
hierarchy
are
inherited
across
the
branches
hierarchy
you
have
folders
folders
can
be
a
logical
set
of
users
that
are
grouped
together
either
because
they
are
aligned
on
a
specific
business
unit
or
they
are.
You
know,
in
a
specific
geography.
Now
within
folders
you
have
another
level
of
hierarchy
causes
projects.
A
Again,
projects
can
be
assigned
to
specific
users
within
that
folder.
A
folder
can
have
multiple
projects
now
within
Acme
web
services,
I
have
different
set
of
users
working
on
different
projects.
For
example,
front-end
summers
are
working
on
databases
and
some
need
a
dev
test
environment
to
test
their
applications,
so
within
Acme
Web
Services
I
have
created
different
projects
and
I'm
going
to
allocate
these
projects
to
specific
users.
A
Now
it's
in
a
project,
let's
say
a
front
end
users
can
be
allocated
to
smart
clusters.
One
or
more
smart
clusters
can
be
a
part
of
that
project.
You
can
add
users,
specific
group
of
users,
access
to
a
specific
smart
cluster.
In
my
case,
I
have
a
smart
lastra
called
web
services,
and
web
services
is
going
to
host
all
the
front-end
projects
and
applications
needed
for
that
specific
development
group.
Smart
Lazarus
can
then
have
namespaces
that
further
provide
a
granular
level
of
access
control,
10
web
services.
A
I
can
have
namespaces
where
I
could
apply
policy
control
and
give
it
to
specific
users.
Let's
say
a
user
creates
a
name
space
within
kubernetes
cluster,
the
MPEG
abilities
engine
actually
monitors
actively
for
new
namespaces
created
and
binds
the
role,
mapping
that
were
created
within
that
namespace
back
to
the
users
within
VMware
kubernetes
engine.
So
the
policies
and
the
role
bindings
within
namespaces
and
psycho
binaries
cluster
are
always
consistent.
We
can
then
create
a
group
of
users
that
can
be
applied
to
these
different
resources
and
have
control
over
who
gets
access
to
what
specific
resource.
A
Access
to
a
specific
folder
now,
because
I
have
created
or
bound
this
policy
at
the
folder
structure,
everything
that
in
that
folder
all
the
projects
that
are
part
of
the
folder
and
all
the
smart
clusters
in
namespaces
that
are
part
of
the
projects
within
those
folders.
The
group
of
users,
Acme
front-end
dev-
will
have
access
to
those.
Now,
let's
take
a
look
at
the
project,
that's
actually
part
of
that
folder.
A
We
have
this
folder
front-end,
that's
part
of
Acme
web
services.
If
you
are,
if
we
look
at
the
policies
for
the
specific
full
project,
we
don't
have
any
direct
policies
defined.
But
if
you
look
at
our
inherited
policies
for
Acme
web
services,
we
actually
have
Acme
front
and
Dev
as
an
inherited
group
of
users
that
get
access
to
the
specific
folder.