Skip to main content
New to Monokle? Streamline your Kubernetes deployments with Monokle. Get Started >

Policy Enforcement Points

PEPs ensure compliance and shorten feedback loops.

The Monokle Policy Enforcement Pipeline

Popular among enterprises is the XACML Architecture which comes with fine-grained access control. Monokle Policy Enforcement Points are software components which enforce policies synchronised from the centralized Policy Administration Point which is Monokle Cloud. You can use it in your clusters, before you commit, or before you deploy.

You might wonder why you should introduce multiple enforcement points? Most important, you need to guarantee compliance where it matters, but beyond that you'll also want to meet engineers where they work to reduce inner feedback loops and improve cycle times.


Monokle ❤️ OSS! Did you know our policy enforcement points are open-sourced?

In your clusters

The Monokle Admission Controller is a Kubernetes admission controller which enforces policies when Kubernetes resources are applied to the Kubernetes API server. This enforcement point is the last in line and most important. Once past this point, misconfigurations can start to cause problems.

Before you commit

The Monokle Visual Studio Code Extension brings policy enforcement closer to the front line. Developers can enjoy Monokle's IntelliSense within their favourite IDE. Getting real-time assistance while writing YAML reduces feedback loops and cycle times drastically.

The Monokle Desktop application is a dedicated tool to help you streamline Kubernetes deployments. It has advanced features like bootstrapping services from templates or connecting to your cluster to inspect deployment configuration and problems.

The Monokle Cloud Editor is a browser-based IDE. It provides an easy way to make last-mile changes and facilitates collaboration. For example, while reviewing pull requests you can see the output of Helm or Kustomize in the next tab.

Before you deploy

The Monokle GitHub Bot is an Auto DevOps solution that adds validation to your Pull Requests. It comes with automated Status Checks and Dry Run Review Tools to take the guesswork out of PR reviews.

The Monokle CLI is swiss-army knife to enforce compliance wherever needed. Use it within locally, within scripts or in your CI provider of choice - Monokle CLI is a catch-all to all these use cases.

The Monokle GitHub Action is a small wrapper around the CLI which makes it easier to use in GitHub Actions. Compared to our GitHub Bot it requires more configuration which in turn gives more configurability.