Profile Engine Overview

Profile Engine

The Platform9 Profile Engine is a new cluster governance and policy management feature that leverages the SaaS Management Plane to ensure cluster conformance. The Profile Engine has been designed to support three types of cluster profiles, or 'templates': Cluster Configuration Profiles, Cluster Add-on Profiles and Cluster Policy Profiles. Each Profile type enables clusters to be either built or updated during runtime, to conform to the configuration and polices that are captured within the Profile. Ultimately, enabling edge ready GitOps operations with zero human interaction, which ensures that clusters are built to conform to the requisite enterprise standards, and that – once running – the Platform9 Managed Add-ons are configured correctly and that any policies are maintained in an approved and compliant state.

Platform9 Managed Kubernetes 5.3 is the first release to include the Profile Engine and introduces RBAC Profiles. The Profile Engine for RBAC simplifies RBAC governance and compliance across multiple clusters. It allows clients to create RBAC profiles based on existing clusters, edit profiles to ensure they contain the exact policies required, and then deploy the profile to managed clusters. Once deployed to a cluster, you can analyze the cluster for non-conformance using the built-in Drift Analytics.

Cluster RBAC Profiles

Cluster RBAC Profiles are a new feature that is launching as part of the Profile Engine. A RBAC Profile is a collection of Roles, Cluster Roles, Cluster Bindings and Cluster Role Bindings that are stored on the Platform9 SaaS Management Plane, and act as a form of 'template' for clusters managed by Platform9. RBAC Profiles are created from existing clusters, which can be customized and then deployed to any attached Platform9 cluster. The deployment process will update the target cluster's RBAC policies to ensure it conforms to the profile. Any policies that are outside the profile will be left unchanged.

Drift Analytics

The Profile Engine can compare any managed clusters RBAC configuration to any RBAC Profile, including automatically detecting drift for clusters that have a profile applied. Drift Analytics enable you to quickly identify and resolve any RBAC Policy changes that have been made on a cluster that are not compliant with the profile.