Policy Controller, part of Anthos Config Management, is a Kubernetes dynamic admission controller that checks, audits, and enforces your clusters' compliance with policies related to security, regulations, or arbitrary business rules.
Policy Controller is based on the open source Open Policy Agent Gatekeeper project. Gatekeeper policies are defined using two separate resource types: Constraints and ConstraintTemplates. Having two distinct resource types allows for separation of policy definition (ConstraintTemplate) from policy enforcement (Constraint).
Policy Controller comes with a library of ConstraintTemplates for common security and compliance controls.
This repository contains sample Constraints which make use of Policy Controller's ConstraintTemplates to demonstrate how you might configure policy enforcement on your own cluster.