Overview

UDS Core enforces secure workload behavior through Pepr admission policies. Every resource submitted to the cluster passes through Pepr before being persisted, where mutations auto-correct common misconfigurations and validations block non-compliant resources.

These guides help you resolve policy violations, create exemptions when needed, and audit your cluster’s security posture. For background on how policies and exemptions work, see the Policy & Compliance concepts.

Guides

Create UDS policy exemptions Create Exemption CRs to allow workloads to bypass specific UDS policies.

Allow exemptions in all namespaces Enable namespace-flexible exemptions with appropriate RBAC safeguards.

Configure infrastructure exemptions Set up exemptions for Istio gateway NodePorts and infrastructure workloads that require elevated privileges.

Audit security posture Review exemptions for scope and justification, and inspect Package CR network rules for overly permissive configurations.

Tip

New to UDS Core policies? Start with the Policy & Compliance concepts to understand how mutations, validations, and exemptions work before configuring them.