Kubernetes Policy Management

Centrally Manage all the Policies for your Kubernetes Infrastructure

Centralize Governance including configuration of OPA (Open Policy Agent) policies through Blueprints to ensure that clusters are always in compliance with company policies — fleet-wide.

Manage Policies Across Your Kubernetes Fleet

With Rafay, built-in workflows automate, test, audit and reuse OPA policies at scale. Unify policy definition and enforcement across entire fleets including in data centers, public clouds and in remote/edge locations.

Easy to use workflows for creating and managing security policies for the entire fleet of clusters reducing significant operational complexity

Granular policy enforcement over the entire organization based on one or more projects or clusters

Leverage pre-existing policies covering best-practice enterprise compliance and security requirements

View all policy metrics, violations and audits in a central dashboard by clusters, environments and teams

Create and manage security policies, rules and templates

In a typical enterprise there will be a hierarchical structure and policy management is most effective when it gels well into the organization hierarchy. Rafay’s modeling of the OPA integrates into the RBAC offerings and facilitates creation of governance policies at organization level with enough flexibility to override at different levels, if the customer chooses so. Detailed audit logs are captured for both Admission requests and Audit Runs making it easier for customers to orchestrate new OPA policies.


Organize and apply policies at organization, project and cluster levels for enforcement

Supports multiple modes of policy enforcement to suit different security requirements suitable for each enterprise spanning from the highest level of central control to the most flexible local control. These policies are associated with Cluster Blueprints to manage the enforcement centrally across a fleet of clusters. Each of these policies are versioned and high-level controls are offered to enforce, report and audit at multiple levels like organization, team, cluster, and namespace.


Clone and change pre-canned policies to create custom policies

Rafay incorporates several useful pre-canned OPA constraints, templates and policies that can be easily customized. The pre-canned entities are based on open-source examples and best practices from customer scenarios. Customers can clone these and make changes to create more powerful rules to suit their requirements.

Download the White Paper
Simplifying Amazon EKS Deployments & Operations

Learn how to accelerate Kubernetes & streamline Amazon EKS ops

View all policy metrics, violations and audits in a central dashboard by clusters, environments and teams

Rafay presents policy violations in a user-friendly manner controlled by role-based access controls (RBAC). Audits are in near-real-time to our controller and can be used for multiple governance and monitoring activities. Also, Rafay enables customizable retention of audit logs to suit governance requirements.


"Easily operate and rapidly deploy applications anywhere across multi-cloud and edge environments."

Aamir Hussain

SVP Chief Product Officer, Verizon Business

"Rafay stood out from the crowd with their deep integration with Amazon EKS."

Jayant Thakre

VP Products

"The big draw was that you could centralize the lifecycle management & operations."

Beth Cohen

Cloud Technology Strategist, Verizon Business

"Rafay’s unified view for Kubernetes Operations & deep DevOps expertise has allowed us to significantly increase development velocity."

Alec Rooney


Read a Case Study
Rafay Accelerates SonicWall’s Adoption of K8s & Amazon EKS

Learn how SonicWall streamlined Amazon EKS